diff options
Diffstat (limited to 'src/org')
-rw-r--r-- | src/org/noreply/fancydress/type3/mmtp/MMTP.java | 66 | ||||
-rw-r--r-- | src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java | 85 |
2 files changed, 151 insertions, 0 deletions
diff --git a/src/org/noreply/fancydress/type3/mmtp/MMTP.java b/src/org/noreply/fancydress/type3/mmtp/MMTP.java new file mode 100644 index 0000000..1d03eed --- /dev/null +++ b/src/org/noreply/fancydress/type3/mmtp/MMTP.java @@ -0,0 +1,66 @@ +/* $Id$ */ +package org.noreply.fancydress.type3.mmtp; + +import org.noreply.fancydress.type3.routing.*; +import org.noreply.fancydress.type3.*; +import org.noreply.fancydress.crypto.*; +import org.noreply.fancydress.misc.*; +import javax.net.ssl.*; +import java.net.*; +import java.io.*; +import java.security.*; + +public class MMTP { + private static final String[] acceptableCipherSuits = {"TLS_DHE_RSA_WITH_AES_128_CBC_SHA"}; + private static final String[] acceptableProtocols = {"TLSv1"}; + //private static final String[] acceptableCipherSuits = {"SSL3_RSA_DES_192_CBC3_SHA"}; + + public static void send(Packet packet) throws Exception { + byte[] hash = CryptoPrimitives.hash(packet.asOctets(), Util.toOctets("SEND")); + byte[] ackExpected = Util.concat( Util.toOctets("RECEIVED\r\n"), + CryptoPrimitives.hash(packet.asOctets(), Util.toOctets("RECEIVED"))); + byte[] ackRead = new byte[30]; + MMTPTrustManager trustManager = new MMTPTrustManager(); + TrustManager[] trustManagers = { trustManager }; + SSLContext context = SSLContext.getInstance("TLS"); + context.init(null, trustManagers, null); + + SSLSocketFactory socketFactory = context.getSocketFactory(); + //SSLSocketFactory socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); + SSLSocket socket = (SSLSocket) socketFactory.createSocket("127.0.0.1", 48099); + socket.setEnabledCipherSuites(acceptableCipherSuits); + socket.setEnabledProtocols(acceptableProtocols); + try { + socket.startHandshake(); + } catch (Exception e) {}; + OutputStream out = socket.getOutputStream(); + InputStream in = socket.getInputStream(); + + + + out.write(Util.toOctets("MMTP 0.3\r\n")); + out.flush(); + byte[] foo = new byte[10]; + int got = in.read(foo, 0, foo.length); + if ((got != 10) || (!Util.equal(foo, Util.toOctets("MMTP 0.3\r\n")))) { + in.close(); + socket.close(); + throw new IOException("Do not agree on MMTP version."); + } + out.write(Util.toOctets("SEND\r\n")); + out.write(packet.asOctets()); + out.write(hash); + out.flush(); + got = in.read(ackRead, 0, ackRead.length); + if ((got != ackExpected.length) || + (!Util.equal(ackRead, ackExpected))) { + System.out.println("Got NAK"); + } else { + System.out.println("Got ACK"); + }; + System.out.println(Util.asHex(packet.getRoute().getKeyID())); + in.close(); + out.close(); + socket.close(); + } +} diff --git a/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java new file mode 100644 index 0000000..e39f5f9 --- /dev/null +++ b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java @@ -0,0 +1,85 @@ +/* $Id$ */ +package org.noreply.fancydress.type3.mmtp; + +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import javax.net.ssl.X509TrustManager; +import java.security.AlgorithmParameters; +import java.math.*; +import org.bouncycastle.util.encoders.Base64; +import org.noreply.fancydress.misc.*; +import org.noreply.fancydress.crypto.*; + +public class MMTPTrustManager implements X509TrustManager { + public MMTPTrustManager() { + } + + /** + * Given the partial or complete certificate chain provided by the + * peer, build a certificate path to a trusted root and return if it + * can be validated and is trusted for client SSL authentication based + * on the authentication type. + * + * @param chain the peer certificate chain + * @param authType the authentication type based on the client certificate + * @throws IllegalArgumentException if null or zero-length chain is + * passed in for the chain parameter + * or if null or zero-length string is + * passed in for the authType + * parameter + * @throws CertificateException if the certificate chain is not + * trusted by this TrustManager. + */ + public void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException + { + throw new Error("Not needed\n"); + } + + /** + * Given the partial or complete certificate chain provided by the + * peer, build a certificate path to a trusted root and return if it + * can be validated and is trusted for server SSL authentication based + * on the authentication type. + * + * @param chain the peer certificate chain + * @param authType the key exchange algorithm used + * @throws IllegalArgumentException if null or zero-length chain is + * passed in for the chain parameter + * or if null or zero-length string is + * passed in for the authType + * parameter + * @throws CertificateException if the certificate chain is not + * trusted by this TrustManager. + */ + public void checkServerTrusted(X509Certificate[] chain, String authType) + throws CertificateException + { + System.out.println("call to checkServerTrusted()\n"); + System.out.println("certs: " + chain.length); + for (int i=0; i<chain.length; i++) { + System.out.println("cert "+i+"\n" + chain[i]); + System.out.println("alg name: " + chain[i].getSigAlgName() ); + java.security.interfaces.RSAPublicKey pk = (java.security.interfaces.RSAPublicKey) chain[i].getPublicKey(); + BigInteger modulus = pk.getModulus(); + BigInteger exp = pk.getPublicExponent(); + RSAPublicKey rsa = new RSAPublicKey(modulus,exp); + System.out.println("fpr: " + Util.asHex( rsa.getFingerprint() )); + //System.out.println("fpr: " + chain[i].getSigAlgParams() == null ? "null" : Util.asHex( CryptoPrimitives.hash( chain[i].getSigAlgParams() ))); + } + System.out.println("authtype: " + authType); + + } + + /** + * Return an array of certificate authority certificates which are + * trusted for authenticating peers. + * + * @return a non-null (possibly empty) array of acceptable CA issuer + * certificates. + */ + public X509Certificate[] getAcceptedIssuers() { + System.out.println("call to getAcceptedIssuers()\n"); + return new X509Certificate[0]; + } +} |