{"payload":{"allShortcutsEnabled":false,"fileTree":{"src/main/java/net/eckenfels/test/ssl":{"items":[{"name":"AlertType.java","path":"src/main/java/net/eckenfels/test/ssl/AlertType.java","contentType":"file"},{"name":"HandshakeType.java","path":"src/main/java/net/eckenfels/test/ssl/HandshakeType.java","contentType":"file"},{"name":"HttpsConnection.java","path":"src/main/java/net/eckenfels/test/ssl/HttpsConnection.java","contentType":"file"},{"name":"JSSESocketServer.java","path":"src/main/java/net/eckenfels/test/ssl/JSSESocketServer.java","contentType":"file"},{"name":"SimpleBIOSSLClient.java","path":"src/main/java/net/eckenfels/test/ssl/SimpleBIOSSLClient.java","contentType":"file"},{"name":"UrlInspect.java","path":"src/main/java/net/eckenfels/test/ssl/UrlInspect.java","contentType":"file"}],"totalCount":6},"src/main/java/net/eckenfels/test":{"items":[{"name":"certpath","path":"src/main/java/net/eckenfels/test/certpath","contentType":"directory"},{"name":"howsmyssl","path":"src/main/java/net/eckenfels/test/howsmyssl","contentType":"directory"},{"name":"jce","path":"src/main/java/net/eckenfels/test/jce","contentType":"directory"},{"name":"ssl","path":"src/main/java/net/eckenfels/test/ssl","contentType":"directory"},{"name":"weakdh","path":"src/main/java/net/eckenfels/test/weakdh","contentType":"directory"}],"totalCount":5},"src/main/java/net/eckenfels":{"items":[{"name":"test","path":"src/main/java/net/eckenfels/test","contentType":"directory"}],"totalCount":1},"src/main/java/net":{"items":[{"name":"eckenfels","path":"src/main/java/net/eckenfels","contentType":"directory"}],"totalCount":1},"src/main/java":{"items":[{"name":"net","path":"src/main/java/net","contentType":"directory"}],"totalCount":1},"src/main":{"items":[{"name":"java","path":"src/main/java","contentType":"directory"}],"totalCount":1},"src":{"items":[{"name":"main","path":"src/main","contentType":"directory"}],"totalCount":1},"":{"items":[{"name":"src","path":"src","contentType":"directory"},{"name":".gitignore","path":".gitignore","contentType":"file"},{"name":".travis.yml","path":".travis.yml","contentType":"file"},{"name":"README.md","path":"README.md","contentType":"file"},{"name":"pom.xml","path":"pom.xml","contentType":"file"}],"totalCount":5}},"fileTreeProcessingTime":32.819426,"foldersToFetch":[],"repo":{"id":6999285,"defaultBranch":"main","name":"JavaCryptoTest","ownerLogin":"ecki","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2012-12-04T12:00:07.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/361432?v=4","public":true,"private":false,"isOrgOwned":false},"symbolsExpanded":false,"treeExpanded":true,"refInfo":{"name":"main","listCacheKey":"v0:1710771213.0","canEdit":false,"refType":"branch","currentOid":"6509785de8453f8f55bd58916d6503bf7af590db"},"path":"src/main/java/net/eckenfels/test/ssl/JSSESocketServer.java","currentUser":null,"blob":{"rawLines":["package net.eckenfels.test.ssl;","","import java.io.IOException;","import java.io.InputStream;","import java.io.OutputStream;","import java.math.BigInteger;","import java.security.InvalidKeyException;","import java.security.Key;","import java.security.KeyManagementException;","import java.security.KeyPair;","import java.security.KeyPairGenerator;","import java.security.KeyStore;","import java.security.KeyStoreException;","import java.security.NoSuchAlgorithmException;","import java.security.NoSuchProviderException;","import java.security.PrivateKey;","import java.security.PublicKey;","import java.security.SecureRandom;","import java.security.SignatureException;","import java.security.UnrecoverableKeyException;","import java.security.cert.Certificate;","import java.security.cert.CertificateException;","import java.security.cert.X509Certificate;","import java.util.Date;","import java.util.Enumeration;","","import javax.net.ssl.HandshakeCompletedEvent;","import javax.net.ssl.HandshakeCompletedListener;","import javax.net.ssl.KeyManager;","import javax.net.ssl.KeyManagerFactory;","import javax.net.ssl.SSLServerSocket;","import javax.net.ssl.SSLServerSocketFactory;","import javax.net.ssl.SSLSocket;","import javax.net.ssl.TrustManager;","import javax.net.ssl.TrustManagerFactory;","import javax.net.ssl.X509KeyManager;","import javax.net.ssl.X509TrustManager;","","import sun.security.x509.AlgorithmId;","import sun.security.x509.CertificateAlgorithmId;","import sun.security.x509.CertificateIssuerName;","import sun.security.x509.CertificateSerialNumber;","import sun.security.x509.CertificateSubjectName;","import sun.security.x509.CertificateValidity;","import sun.security.x509.CertificateVersion;","import sun.security.x509.CertificateX509Key;","import sun.security.x509.X500Name;","import sun.security.x509.X509CertImpl;","import sun.security.x509.X509CertInfo;","","","/**"," * Simple SSL Socket Server (single threaded) for experimenting with JSSE SSL sessions."," *"," * @author Bernd Eckenfels"," */","public class JSSESocketServer","{"," private final static String PASS = \"changeit\";",""," /**"," * Main method to start socket server."," *
"," * Does not use any parameters, but yo ucan use the system property to debug the"," * various JCE and JSSE layers: "," * This is needed to allow multiple SSL Handshakes (renegotiation after initial handshake)."," *"," * @param sock"," */"," private static void readBackground(final SSLSocket sock)"," {"," Runnable run = new Runnable() {"," SSLSocket s = sock;"," @Override"," public void run()"," {"," InputStream in;"," try {"," in = s.getInputStream();",""," int c;"," while((c = in.read()) >= 0)"," {"," System.out.println(\" read \" + c);"," }"," } catch (IOException e) {"," e.printStackTrace();"," }"," }"," };"," new Thread(run, \"Reader \" + sock).start();"," }",""," /** Print String Array. */"," private static String dump(String[] strings) {"," StringBuilder sb = new StringBuilder(100);"," for(String s : strings)"," {"," sb.append(s).append(',');"," }"," return sb.substring(0,sb.length()-1);"," }","",""," /** Generate KeyStore with temporary self signed certificate in memory. */"," private static KeyStore genKeyStore() throws NoSuchAlgorithmException, IOException, CertificateException, InvalidKeyException, NoSuchProviderException, SignatureException, KeyStoreException, UnrecoverableKeyException"," {"," // http://www.mayrhofer.eu.org/create-x509-certs-in-java"," KeyPairGenerator keyGen = KeyPairGenerator.getInstance(\"RSA\");"," keyGen.initialize(1024, new SecureRandom());"," KeyPair keypair = keyGen.generateKeyPair();"," PrivateKey privKey = keypair.getPrivate();"," PublicKey pubKey = keypair.getPublic();",""," // http://stackoverflow.com/questions/1615871/creating-an-x509-certificate-in-java-without-bouncycastle"," X509CertInfo info = new X509CertInfo();"," Date from = new Date();"," Date to = new Date(from.getTime() + 7 * 86400000l);"," CertificateValidity interval = new CertificateValidity(from, to);"," BigInteger sn = new BigInteger(64, new SecureRandom());"," X500Name owner = new X500Name(\"cn=test\");",""," info.set(X509CertInfo.VALIDITY, interval);"," info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));"," try {"," // java 8"," info.set(X509CertInfo.SUBJECT, owner);"," info.set(X509CertInfo.ISSUER, owner);"," } catch (Exception e) {"," info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));"," info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));"," }"," info.set(X509CertInfo.KEY, new CertificateX509Key(pubKey));"," info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));"," AlgorithmId algo = new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid);"," info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));",""," // Sign the cert to identify the algorithm that's used."," X509CertImpl cert = new X509CertImpl(info);"," cert.sign(privKey, \"SHA1withRSA\");",""," // Update the algorith, and resign."," algo = (AlgorithmId)cert.get(X509CertImpl.SIG_ALG);"," info.set(CertificateAlgorithmId.NAME + \".\" + CertificateAlgorithmId.ALGORITHM, algo);"," cert = new X509CertImpl(info);"," cert.sign(privKey, \"SHA1withRSA\");"," Certificate[] certs = new X509CertImpl[1];"," certs[0] = cert;",""," // http://www.coderanch.com/t/133048/Security/programmatically-create-keystore-import-certificate"," KeyStore ks = emptyKeystore();"," ks.setKeyEntry(\"sslkey\", privKey, PASS.toCharArray(), certs);",""," printKeys(ks);",""," return ks;"," }","",""," /**"," * Print out all keys aliases in a KeyStore according"," * to the algorithm of SunX509KeyManagerImpl."," *"," * @param ks keystore to list"," */"," private static void printKeys(KeyStore ks)"," throws KeyStoreException, NoSuchAlgorithmException,"," UnrecoverableKeyException"," {"," for (Enumeration-Djavax.net.debug=ssl,keymanager
"," */"," public static void main(String[] args) throws IOException, InterruptedException, NoSuchAlgorithmException, KeyManagementException, UnrecoverableKeyException, InvalidKeyException, KeyStoreException, CertificateException, NoSuchProviderException, SignatureException"," {"," System.out.println(\"Setting up Test-SSL Server with JSSE\");","",""," System.out.println(\"o Creating Key Manager with temporary self signed cert.\");",""," KeyManagerFactory kmf = KeyManagerFactory.getInstance(\"SunX509\", \"SunJSSE\");"," kmf.init(genKeyStore(), PASS.toCharArray());"," KeyManager[] keyManagers = kmf.getKeyManagers();"," X509KeyManager km = (X509KeyManager) keyManagers[0];"," System.out.println(\" keymanager.length=\" + keyManagers.length + \" keyManager[0]=\" + km.toString());",""," System.out.println(\"o Creating empty trust manager.\");"," // empty trust manager"," TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());"," tmf.init(emptyKeystore());"," TrustManager[] trustManagers = tmf.getTrustManagers();"," X509TrustManager tm = (X509TrustManager)trustManagers[0];"," System.out.println(\" trustManager.length=\" + trustManagers.length + \" trustManager[0]=\" + tm.toString());",""," System.out.println(\"o Creating SSL Context.\");"," // get a new uninitialized context"," javax.net.ssl.SSLContext ctx = javax.net.ssl.SSLContext.getInstance(\"SSL\");"," ctx.init(keyManagers, trustManagers, new SecureRandom());",""," System.out.println(\"o Creating SSLServerSocketFactory\");"," SSLServerSocketFactory ssf = (SSLServerSocketFactory)ctx.getServerSocketFactory();",""," System.out.println(\" ssf default=\" + dump(ssf.getDefaultCipherSuites()));",""," System.out.println(\"o Creating SSLServerSocket. (port=1234)\");"," SSLServerSocket server = (SSLServerSocket) ssf.createServerSocket(1234);",""," System.out.println(\" Listening on \" + server.getLocalSocketAddress());"," // the following list unfortunately contains more ciphers than will be accepted (for example if no server key is present)."," System.out.println(\" Enabled: ciphers=\" + dump(server.getEnabledCipherSuites()) + \" protos=\" + dump(server.getEnabledProtocols()));",""," SSLSocket sock = (SSLSocket) server.accept();",""," HandshakeCompletedListener listener = new HandshakeCompletedListener() {"," @Override"," public void handshakeCompleted(HandshakeCompletedEvent event)"," {"," System.out.println(\"[\" + Thread.currentThread().getName() + \"] Completed socket=\" + event.getSocket() + \" session=\" + event.getSession());"," }"," };"," sock.addHandshakeCompletedListener(listener);",""," System.out.println(\"o Accepted client \" + sock.getRemoteSocketAddress());",""," System.out.println(\"o Starting initial handshake.\");"," sock.startHandshake();"," System.out.println(\" After handshake, usedCipher=\" + sock.getSession().getCipherSuite());"," System.out.println(\" enabled=\" + dump(sock.getEnabledCipherSuites()));",""," OutputStream out = sock.getOutputStream();"," out.write(\"200 OK\\n\\rLength: 5\\n\\rConnection: close\\n\\r\\n\\rABCDE\".getBytes());"," out.close();","",""," System.out.println(\"o Reading for 30s\");"," readBackground(sock);"," Thread.sleep(30*1000);",""," System.out.println(\"o Disabling ciphers... \");"," sock.setEnabledCipherSuites(new String[0]); // null not possible in sun.security.ssl.CipherSuiteList.