summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPeter Palfrader <peter@palfrader.org>2003-10-17 17:32:39 +0000
committerPeter Palfrader <peter@palfrader.org>2003-10-17 17:32:39 +0000
commitf5d3577a642e961ff247abef37e05c2399b26736 (patch)
treebf7700094dd7f04e2fd4019550a546996bf44407 /src
parentee95f67b1b918c3791e02e75b8d9bebbb845c299 (diff)
Use SSL3_RSA_DES_192_CBC3_SHA if TLS_DHE_RSA_WITH_AES_128_CBC_SHA is not
available. Throw Mix3Exception if we don't get an ACK.
Diffstat (limited to 'src')
-rw-r--r--src/org/noreply/fancydress/type3/mmtp/MMTP.java61
1 files changed, 43 insertions, 18 deletions
diff --git a/src/org/noreply/fancydress/type3/mmtp/MMTP.java b/src/org/noreply/fancydress/type3/mmtp/MMTP.java
index bc19e8e..63f1f6f 100644
--- a/src/org/noreply/fancydress/type3/mmtp/MMTP.java
+++ b/src/org/noreply/fancydress/type3/mmtp/MMTP.java
@@ -5,15 +5,18 @@ import org.noreply.fancydress.type3.routing.*;
import org.noreply.fancydress.type3.*;
import org.noreply.fancydress.crypto.*;
import org.noreply.fancydress.misc.*;
+import org.noreply.fancydress.status.*;
import javax.net.ssl.*;
import java.net.*;
import java.io.*;
+import java.util.*;
import java.security.*;
public class MMTP {
- private static final String[] acceptableCipherSuits = {"TLS_DHE_RSA_WITH_AES_128_CBC_SHA"};
- private static final String[] acceptableProtocols = {"TLSv1"};
- //private static final String[] acceptableCipherSuits = {"SSL3_RSA_DES_192_CBC3_SHA"};
+ static final String TLS_PROTO = "TLSv1";
+ static final String SSL_PROTO = "SSLv3";
+ static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
+ static final String SSL3_RSA_DES_192_CBC3_SHA = "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
public static void send(Packet packet) throws Exception {
byte[] hash = CryptoPrimitives.hash(packet.asOctets(), Util.toOctets("SEND"));
@@ -26,23 +29,47 @@ public class MMTP {
context.init(null, trustManagers, null);
SSLSocketFactory socketFactory = context.getSocketFactory();
- //SSLSocketFactory socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) socketFactory.createSocket("127.0.0.1", 48099);
- socket.setEnabledCipherSuites(acceptableCipherSuits);
- socket.setEnabledProtocols(acceptableProtocols);
- try {
- socket.startHandshake();
- } catch (Exception e) {};
- OutputStream out = socket.getOutputStream();
- InputStream in = socket.getInputStream();
+ String[] supportedProtocols = socket.getSupportedProtocols();
+ boolean haveTLSv1 = false;
+ boolean haveSSLv3 = false;
+ for (int i=0; i<supportedProtocols.length; i++) {
+ if (supportedProtocols[i].equals(TLS_PROTO))
+ haveTLSv1 = true;
+ else if (supportedProtocols[i].equals(SSL_PROTO))
+ haveSSLv3 = true;
+ }
+
+ String[] supportedCipherSuits = socket.getSupportedCipherSuites();
+ boolean acceptableFound = false;
+ for (int i=0; i<supportedCipherSuits.length; i++) {
+ if (haveTLSv1 && supportedCipherSuits[i].equals(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)) {
+ socket.setEnabledProtocols( new String[] { TLS_PROTO } );
+ socket.setEnabledCipherSuites( new String[] { TLS_DHE_RSA_WITH_AES_128_CBC_SHA } );
+ acceptableFound = true;
+ break;
+ } else if (haveSSLv3 && supportedCipherSuits[i].equals(SSL3_RSA_DES_192_CBC3_SHA)) {
+ socket.setEnabledProtocols( new String[] { SSL_PROTO } );
+ socket.setEnabledCipherSuites( new String[] { SSL3_RSA_DES_192_CBC3_SHA } );
+ acceptableFound = true;
+ break;
+ }
+ }
+
+ if (!acceptableFound)
+ throw new Mix3Exception("Did not found an acceptable Cipher Suit.");
+
+ socket.startHandshake();
+ OutputStream out = socket.getOutputStream();
+ InputStream in = socket.getInputStream();
out.write(Util.toOctets("MMTP 0.3\r\n"));
out.flush();
byte[] foo = new byte[10];
int got = in.read(foo, 0, foo.length);
- if ((got != 10) || (!Util.equal(foo, Util.toOctets("MMTP 0.3\r\n")))) {
+ if ((got != 10) || (!Util.equal(foo, Util.toOctets("MMTP 0.3\r\n")))) { // FIXME
in.close();
socket.close();
throw new IOException("Do not agree on MMTP version.");
@@ -52,14 +79,12 @@ public class MMTP {
out.write(hash);
out.flush();
got = in.read(ackRead, 0, ackRead.length);
- if ((got != ackExpected.length) ||
- (!Util.equal(ackRead, ackExpected))) {
- System.out.println("Got NAK");
- } else {
- System.out.println("Got ACK");
- };
in.close();
out.close();
socket.close();
+
+ if ((got != ackExpected.length) ||
+ (!Util.equal(ackRead, ackExpected)))
+ throw new Mix3Exception("got no valid ACK from server.");
}
}