summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Palfrader <peter@palfrader.org>2003-10-15 16:22:36 +0000
committerPeter Palfrader <peter@palfrader.org>2003-10-15 16:22:36 +0000
commit36655a8f9b45442647b01adbdc1f4fc2c4e4b66d (patch)
tree7e86195f3d24b1ba20a9382d9ef3c72a555974d8
parent3401c72bcfa2f4c5faaa8b0772cfb75f9d045390 (diff)
Add a first go at MMTP. Still lacks verification of peer, but it should not be too hard to add that since all the info is already there
-rw-r--r--src/Main.java6
-rw-r--r--src/org/noreply/fancydress/type3/mmtp/MMTP.java66
-rw-r--r--src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java85
3 files changed, 156 insertions, 1 deletions
diff --git a/src/Main.java b/src/Main.java
index bea5710..b86a8b4 100644
--- a/src/Main.java
+++ b/src/Main.java
@@ -6,6 +6,7 @@ import org.noreply.fancydress.directory.*;
import org.noreply.fancydress.type3.*;
import org.noreply.fancydress.misc.*;
import org.noreply.fancydress.type3.routing.*;
+import org.noreply.fancydress.type3.mmtp.*;
public class Main {
static public void main(String argv[]) {
@@ -14,12 +15,15 @@ public class Main {
DirectoryParser parser = new DirectoryParser(new DirectoryLexer(new FileReader(argv[0])));
DirectoryMessage m = (DirectoryMessage)parser.parse().value;
Directory dir = new Directory(m, false);
- Path path = new Path(dir,"test1 , rot26 : cf , aarg");
+ Path path = new Path(dir,"test1 : tonga");
RoutingDestination address = new RoutingSMTP("peter@palfrader.org");
Payload payload = new Payload();
Packet packet = new Packet(path, address, payload);
+ MMTP.send(packet);
+ /*
FileOutputStream w = new FileOutputStream("out");
w.write(packet.asOctets());
+ */
} catch (Exception e) {
e.printStackTrace();
diff --git a/src/org/noreply/fancydress/type3/mmtp/MMTP.java b/src/org/noreply/fancydress/type3/mmtp/MMTP.java
new file mode 100644
index 0000000..1d03eed
--- /dev/null
+++ b/src/org/noreply/fancydress/type3/mmtp/MMTP.java
@@ -0,0 +1,66 @@
+/* $Id$ */
+package org.noreply.fancydress.type3.mmtp;
+
+import org.noreply.fancydress.type3.routing.*;
+import org.noreply.fancydress.type3.*;
+import org.noreply.fancydress.crypto.*;
+import org.noreply.fancydress.misc.*;
+import javax.net.ssl.*;
+import java.net.*;
+import java.io.*;
+import java.security.*;
+
+public class MMTP {
+ private static final String[] acceptableCipherSuits = {"TLS_DHE_RSA_WITH_AES_128_CBC_SHA"};
+ private static final String[] acceptableProtocols = {"TLSv1"};
+ //private static final String[] acceptableCipherSuits = {"SSL3_RSA_DES_192_CBC3_SHA"};
+
+ public static void send(Packet packet) throws Exception {
+ byte[] hash = CryptoPrimitives.hash(packet.asOctets(), Util.toOctets("SEND"));
+ byte[] ackExpected = Util.concat( Util.toOctets("RECEIVED\r\n"),
+ CryptoPrimitives.hash(packet.asOctets(), Util.toOctets("RECEIVED")));
+ byte[] ackRead = new byte[30];
+ MMTPTrustManager trustManager = new MMTPTrustManager();
+ TrustManager[] trustManagers = { trustManager };
+ SSLContext context = SSLContext.getInstance("TLS");
+ context.init(null, trustManagers, null);
+
+ SSLSocketFactory socketFactory = context.getSocketFactory();
+ //SSLSocketFactory socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
+ SSLSocket socket = (SSLSocket) socketFactory.createSocket("127.0.0.1", 48099);
+ socket.setEnabledCipherSuites(acceptableCipherSuits);
+ socket.setEnabledProtocols(acceptableProtocols);
+ try {
+ socket.startHandshake();
+ } catch (Exception e) {};
+ OutputStream out = socket.getOutputStream();
+ InputStream in = socket.getInputStream();
+
+
+
+ out.write(Util.toOctets("MMTP 0.3\r\n"));
+ out.flush();
+ byte[] foo = new byte[10];
+ int got = in.read(foo, 0, foo.length);
+ if ((got != 10) || (!Util.equal(foo, Util.toOctets("MMTP 0.3\r\n")))) {
+ in.close();
+ socket.close();
+ throw new IOException("Do not agree on MMTP version.");
+ }
+ out.write(Util.toOctets("SEND\r\n"));
+ out.write(packet.asOctets());
+ out.write(hash);
+ out.flush();
+ got = in.read(ackRead, 0, ackRead.length);
+ if ((got != ackExpected.length) ||
+ (!Util.equal(ackRead, ackExpected))) {
+ System.out.println("Got NAK");
+ } else {
+ System.out.println("Got ACK");
+ };
+ System.out.println(Util.asHex(packet.getRoute().getKeyID()));
+ in.close();
+ out.close();
+ socket.close();
+ }
+}
diff --git a/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java
new file mode 100644
index 0000000..e39f5f9
--- /dev/null
+++ b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java
@@ -0,0 +1,85 @@
+/* $Id$ */
+package org.noreply.fancydress.type3.mmtp;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.X509TrustManager;
+import java.security.AlgorithmParameters;
+import java.math.*;
+import org.bouncycastle.util.encoders.Base64;
+import org.noreply.fancydress.misc.*;
+import org.noreply.fancydress.crypto.*;
+
+public class MMTPTrustManager implements X509TrustManager {
+ public MMTPTrustManager() {
+ }
+
+ /**
+ * Given the partial or complete certificate chain provided by the
+ * peer, build a certificate path to a trusted root and return if it
+ * can be validated and is trusted for client SSL authentication based
+ * on the authentication type.
+ *
+ * @param chain the peer certificate chain
+ * @param authType the authentication type based on the client certificate
+ * @throws IllegalArgumentException if null or zero-length chain is
+ * passed in for the chain parameter
+ * or if null or zero-length string is
+ * passed in for the authType
+ * parameter
+ * @throws CertificateException if the certificate chain is not
+ * trusted by this TrustManager.
+ */
+ public void checkClientTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException
+ {
+ throw new Error("Not needed\n");
+ }
+
+ /**
+ * Given the partial or complete certificate chain provided by the
+ * peer, build a certificate path to a trusted root and return if it
+ * can be validated and is trusted for server SSL authentication based
+ * on the authentication type.
+ *
+ * @param chain the peer certificate chain
+ * @param authType the key exchange algorithm used
+ * @throws IllegalArgumentException if null or zero-length chain is
+ * passed in for the chain parameter
+ * or if null or zero-length string is
+ * passed in for the authType
+ * parameter
+ * @throws CertificateException if the certificate chain is not
+ * trusted by this TrustManager.
+ */
+ public void checkServerTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException
+ {
+ System.out.println("call to checkServerTrusted()\n");
+ System.out.println("certs: " + chain.length);
+ for (int i=0; i<chain.length; i++) {
+ System.out.println("cert "+i+"\n" + chain[i]);
+ System.out.println("alg name: " + chain[i].getSigAlgName() );
+ java.security.interfaces.RSAPublicKey pk = (java.security.interfaces.RSAPublicKey) chain[i].getPublicKey();
+ BigInteger modulus = pk.getModulus();
+ BigInteger exp = pk.getPublicExponent();
+ RSAPublicKey rsa = new RSAPublicKey(modulus,exp);
+ System.out.println("fpr: " + Util.asHex( rsa.getFingerprint() ));
+ //System.out.println("fpr: " + chain[i].getSigAlgParams() == null ? "null" : Util.asHex( CryptoPrimitives.hash( chain[i].getSigAlgParams() )));
+ }
+ System.out.println("authtype: " + authType);
+
+ }
+
+ /**
+ * Return an array of certificate authority certificates which are
+ * trusted for authenticating peers.
+ *
+ * @return a non-null (possibly empty) array of acceptable CA issuer
+ * certificates.
+ */
+ public X509Certificate[] getAcceptedIssuers() {
+ System.out.println("call to getAcceptedIssuers()\n");
+ return new X509Certificate[0];
+ }
+}