示例#1
0
 public X509Certificate[] getCertificateChain(String alias) {
   X509Certificate[] certArray = keyManager.getCertificateChain(alias);
   if (Debug.verboseOn())
     Debug.logVerbose(
         "getCertificateChain for alias [" + alias + "] got " + certArray.length + " results",
         module);
   return certArray;
 }
示例#2
0
 public PrivateKey getPrivateKey(String alias) {
   PrivateKey pk = keyManager.getPrivateKey(alias);
   if (Debug.verboseOn())
     Debug.logVerbose(
         "getPrivateKey for alias ["
             + alias
             + "] got "
             + (pk == null
                 ? "[Not Found!]"
                 : "[alg:" + pk.getAlgorithm() + ";format:" + pk.getFormat() + "]"),
         module);
   // Debug.logInfo(new Exception(), "Location where getPrivateKey is called", module);
   return pk;
 }
示例#3
0
 // this is where the customization comes in
 public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket) {
   for (String keyType : keyTypes) {
     String[] aliases = keyManager.getClientAliases(keyType, null); // ignoring the issuers
     if (aliases != null && aliases.length > 0) {
       for (String alias : aliases) {
         if (this.alias.equals(alias)) {
           if (Debug.verboseOn())
             Debug.logVerbose(
                 "chooseClientAlias for keyType [" + keyType + "] got alias " + this.alias,
                 module);
           // Debug.logInfo(new Exception(), "Location where chooseClientAlias is called", module);
           return this.alias;
         }
       }
     }
   }
   return null;
 }
 /**
  * Choose an alias to authenticate the client side of a secure socket, given the public key type
  * and the list of certificate issuer authorities recognized by the peer (if any).
  *
  * @param keyType The key algorithm type name(s), ordered with the most-preferred key type first
  * @param issuers The list of acceptable CA issuer subject names, or null if it does not matter
  *     which issuers are used
  * @param socket The socket to be used for this connection. This parameter can be null, in which
  *     case this method will return the most generic alias to use
  * @return The alias name for the desired key, or null if there are no matches
  */
 public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
   return delegate.chooseClientAlias(keyType, issuers, socket);
 }
示例#5
0
 public PrivateKey getPrivateKey(String s) {
   return wrapped.getPrivateKey(s);
 }
  /**
   * Processes ServerHelloDone: makes verification of the server messages; sends client messages,
   * computers masterSecret, sends ChangeCipherSpec
   */
  @DSComment("Package priviledge")
  @DSBan(DSCat.DEFAULT_MODIFIER)
  @DSGenerator(
      tool_name = "Doppelganger",
      tool_version = "2.0",
      generated_on = "2013-12-30 13:01:10.434 -0500",
      hash_original_method = "2DDF37E22088D1FE8BC73EB3CA83F3A0",
      hash_generated_method = "D2F899ECF0C8F0AF7307958FBF03F0A2")
  void processServerHelloDone() {
    PrivateKey clientKey = null;

    if (serverCert != null) {
      if (session.cipherSuite.isAnonymous()) {
        unexpectedMessage();
        return;
      }
      verifyServerCert();
    } else {
      if (!session.cipherSuite.isAnonymous()) {
        unexpectedMessage();
        return;
      }
    }

    // Client certificate
    if (certificateRequest != null) {
      X509Certificate[] certs = null;
      // obtain certificates from key manager
      String alias = null;
      String[] certTypes = certificateRequest.getTypesAsString();
      X500Principal[] issuers = certificateRequest.certificate_authorities;
      X509KeyManager km = parameters.getKeyManager();
      if (km instanceof X509ExtendedKeyManager) {
        X509ExtendedKeyManager ekm = (X509ExtendedKeyManager) km;
        if (this.socketOwner != null) {
          alias = ekm.chooseClientAlias(certTypes, issuers, this.socketOwner);
        } else {
          alias = ekm.chooseEngineClientAlias(certTypes, issuers, this.engineOwner);
        }
        if (alias != null) {
          certs = ekm.getCertificateChain(alias);
        }
      } else {
        alias = km.chooseClientAlias(certTypes, issuers, this.socketOwner);
        if (alias != null) {
          certs = km.getCertificateChain(alias);
        }
      }

      session.localCertificates = certs;
      clientCert = new CertificateMessage(certs);
      clientKey = km.getPrivateKey(alias);
      send(clientCert);
    }
    // Client key exchange
    if (session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA
        || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
      // RSA encrypted premaster secret message
      Cipher c;
      try {
        c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        if (serverKeyExchange != null) {
          c.init(Cipher.ENCRYPT_MODE, serverKeyExchange.getRSAPublicKey());
        } else {
          c.init(Cipher.ENCRYPT_MODE, serverCert.certs[0]);
        }
      } catch (Exception e) {
        fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e);
        return;
      }
      preMasterSecret = new byte[48];
      parameters.getSecureRandom().nextBytes(preMasterSecret);
      System.arraycopy(clientHello.client_version, 0, preMasterSecret, 0, 2);
      try {
        clientKeyExchange =
            new ClientKeyExchange(c.doFinal(preMasterSecret), serverHello.server_version[1] == 1);
      } catch (Exception e) {
        fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e);
        return;
      }
    } else {
      try {
        KeyFactory kf = KeyFactory.getInstance("DH");
        KeyAgreement agreement = KeyAgreement.getInstance("DH");
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH");
        PublicKey serverPublic;
        DHParameterSpec spec;
        if (serverKeyExchange != null) {
          serverPublic =
              kf.generatePublic(
                  new DHPublicKeySpec(
                      serverKeyExchange.par3, serverKeyExchange.par1, serverKeyExchange.par2));
          spec = new DHParameterSpec(serverKeyExchange.par1, serverKeyExchange.par2);
        } else {
          serverPublic = serverCert.certs[0].getPublicKey();
          spec = ((DHPublicKey) serverPublic).getParams();
        }
        kpg.initialize(spec);

        KeyPair kp = kpg.generateKeyPair();
        Key key = kp.getPublic();
        if (clientCert != null
            && serverCert != null
            && (session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_RSA
                || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_DSS)) {
          PublicKey client_pk = clientCert.certs[0].getPublicKey();
          PublicKey server_pk = serverCert.certs[0].getPublicKey();
          if (client_pk instanceof DHKey && server_pk instanceof DHKey) {
            if (((DHKey) client_pk)
                    .getParams()
                    .getG()
                    .equals(((DHKey) server_pk).getParams().getG())
                && ((DHKey) client_pk)
                    .getParams()
                    .getP()
                    .equals(((DHKey) server_pk).getParams().getG())) {
              // client cert message DH public key parameters
              // matched those specified by the
              //   server in its certificate,
              clientKeyExchange = new ClientKeyExchange(); // empty
            }
          }
        } else {
          clientKeyExchange = new ClientKeyExchange(((DHPublicKey) key).getY());
        }
        key = kp.getPrivate();
        agreement.init(key);
        agreement.doPhase(serverPublic, true);
        preMasterSecret = agreement.generateSecret();
      } catch (Exception e) {
        fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e);
        return;
      }
    }
    if (clientKeyExchange != null) {
      send(clientKeyExchange);
    }

    computerMasterSecret();

    // send certificate verify for all certificates except those containing
    // fixed DH parameters
    if (clientCert != null && !clientKeyExchange.isEmpty()) {
      // Certificate verify
      String authType = clientKey.getAlgorithm();
      DigitalSignature ds = new DigitalSignature(authType);
      ds.init(clientKey);

      if ("RSA".equals(authType)) {
        ds.setMD5(io_stream.getDigestMD5());
        ds.setSHA(io_stream.getDigestSHA());
      } else if ("DSA".equals(authType)) {
        ds.setSHA(io_stream.getDigestSHA());
        // The Signature should be empty in case of anonymous signature algorithm:
        // } else if ("DH".equals(authType)) {
      }
      certificateVerify = new CertificateVerify(ds.sign());
      send(certificateVerify);
    }

    sendChangeCipherSpec();
  }
示例#7
0
 public String[] getServerAliases(String s, Principal[] principals) {
   return wrapped.getServerAliases(s, principals);
 }
示例#8
0
 public X509Certificate[] getCertificateChain(String s) {
   return wrapped.getCertificateChain(s);
 }
 /**
  * Returns the key associated with the given alias.
  *
  * @param alias The alias name
  * @return The requested key, or null if the alias can't be found
  */
 public PrivateKey getPrivateKey(String alias) {
   return delegate.getPrivateKey(alias);
 }
示例#10
0
 public String[] getServerAliases(String keyType, Principal[] issuers) {
   System.out.println("Calling from X509KeyManager");
   return km.getServerAliases(keyType, issuers);
 }
 /** @see javax.net.ssl.X509KeyManager#getCertificateChain(java.lang.String) */
 public X509Certificate[] getCertificateChain(String alias) {
   return _keyManager.getCertificateChain(alias);
 }
示例#12
0
 // these just pass through the keyManager
 public String chooseServerAlias(String keyType, Socket socket, Principal... issuers) {
   return keyManager.chooseServerAlias(keyType, issuers, socket);
 }
 /**
  * @see javax.net.ssl.X509KeyManager#chooseServerAlias(java.lang.String,
  *     java.security.Principal[], java.net.Socket)
  */
 public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
   return _keyAlias == null ? _keyManager.chooseServerAlias(keyType, issuers, socket) : _keyAlias;
 }
 /**
  * @see javax.net.ssl.X509KeyManager#getClientAliases(java.lang.String, java.security.Principal[])
  */
 public String[] getClientAliases(String keyType, Principal[] issuers) {
   return _keyManager.getClientAliases(keyType, issuers);
 }
示例#15
0
 public PrivateKey getPrivateKey(String alias) {
   System.out.println("Calling from X509KeyManager");
   return km.getPrivateKey(alias);
 }
示例#16
0
 public X509Certificate[] getCertificateChain(String alias) {
   System.out.println("Calling from X509KeyManager");
   return km.getCertificateChain(alias);
 }
示例#17
0
 public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
   System.out.println("Calling from X509KeyManager");
   return km.chooseServerAlias(keyType, issuers, socket);
 }
示例#18
0
 /**
  * Returns the certificate chain associated with the given alias.
  *
  * @param alias The alias name
  * @return Certificate chain (ordered with the user's certificate first and the root certificate
  *     authority last), or null if the alias can't be found
  */
 public X509Certificate[] getCertificateChain(String alias) {
   return delegate.getCertificateChain(alias);
 }
示例#19
0
 public String[] getServerAliases(String arg0, Principal[] arg1) {
   return pkixKeyManager.getServerAliases(arg0, arg1);
 }
示例#20
0
 /**
  * Get the matching aliases for authenticating the server side of a secure socket, given the
  * public key type and the list of certificate issuer authorities recognized by the peer (if any).
  *
  * @param keyType The key algorithm type name
  * @param issuers The list of acceptable CA issuer subject names, or null if it does not matter
  *     which issuers are used
  * @return Array of the matching alias names, or null if there were no matches
  */
 public String[] getServerAliases(String keyType, Principal[] issuers) {
   return delegate.getServerAliases(keyType, issuers);
 }
示例#21
0
 public X509Certificate[] getCertificateChain(String arg0) {
   return pkixKeyManager.getCertificateChain(arg0);
 }
 /** @see javax.net.ssl.X509KeyManager#getPrivateKey(java.lang.String) */
 public PrivateKey getPrivateKey(String alias) {
   return _keyManager.getPrivateKey(alias);
 }
示例#23
0
 public String chooseServerAlias(String arg0, Principal[] arg1, Socket arg2) {
   return pkixKeyManager.chooseServerAlias(arg0, arg1, arg2);
 }
示例#24
0
 public String[] getClientAliases(String s, Principal[] principals) {
   return wrapped.getClientAliases(s, principals);
 }
示例#25
0
 public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) {
   return wrapped.chooseClientAlias(strings, principals, socket);
 }
示例#26
0
 public String[] getServerAliases(String keyType, Principal[] issuers) {
   return keyManager.getServerAliases(keyType, issuers);
 }
示例#27
0
 public PrivateKey getPrivateKey(String arg0) {
   return pkixKeyManager.getPrivateKey(arg0);
 }