From f5d3577a642e961ff247abef37e05c2399b26736 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 17 Oct 2003 17:32:39 +0000
Subject: Use SSL3_RSA_DES_192_CBC3_SHA if TLS_DHE_RSA_WITH_AES_128_CBC_SHA is
 not available. Throw Mix3Exception if we don't get an ACK.

---
 src/org/noreply/fancydress/type3/mmtp/MMTP.java | 61 +++++++++++++++++--------
 1 file changed, 43 insertions(+), 18 deletions(-)

diff --git a/src/org/noreply/fancydress/type3/mmtp/MMTP.java b/src/org/noreply/fancydress/type3/mmtp/MMTP.java
index bc19e8e..63f1f6f 100644
--- a/src/org/noreply/fancydress/type3/mmtp/MMTP.java
+++ b/src/org/noreply/fancydress/type3/mmtp/MMTP.java
@@ -5,15 +5,18 @@ import org.noreply.fancydress.type3.routing.*;
 import org.noreply.fancydress.type3.*;
 import org.noreply.fancydress.crypto.*;
 import org.noreply.fancydress.misc.*;
+import org.noreply.fancydress.status.*;
 import javax.net.ssl.*;
 import java.net.*;
 import java.io.*;
+import java.util.*;
 import java.security.*;
 
 public class MMTP {
-	private static final String[] acceptableCipherSuits = {"TLS_DHE_RSA_WITH_AES_128_CBC_SHA"};
-	private static final String[] acceptableProtocols = {"TLSv1"};
-	//private static final String[] acceptableCipherSuits = {"SSL3_RSA_DES_192_CBC3_SHA"};
+	static final String TLS_PROTO = "TLSv1";
+	static final String SSL_PROTO = "SSLv3";
+	static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
+	static final String SSL3_RSA_DES_192_CBC3_SHA = "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
 
 	public static void send(Packet packet) throws Exception {
 		byte[] hash = CryptoPrimitives.hash(packet.asOctets(), Util.toOctets("SEND"));
@@ -26,23 +29,47 @@ public class MMTP {
 		context.init(null, trustManagers, null);
 
 		SSLSocketFactory socketFactory = context.getSocketFactory();
-		//SSLSocketFactory socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
 		SSLSocket socket = (SSLSocket) socketFactory.createSocket("127.0.0.1", 48099);
-		socket.setEnabledCipherSuites(acceptableCipherSuits);
-		socket.setEnabledProtocols(acceptableProtocols);
-		try {
-			socket.startHandshake();
-		} catch (Exception e) {};
-		OutputStream out = socket.getOutputStream();
-		InputStream in = socket.getInputStream();
 
 
+		String[] supportedProtocols = socket.getSupportedProtocols();
+		boolean haveTLSv1 = false;
+		boolean haveSSLv3 = false;
+		for (int i=0; i<supportedProtocols.length; i++) {
+			if (supportedProtocols[i].equals(TLS_PROTO))
+				haveTLSv1 = true;
+			else if (supportedProtocols[i].equals(SSL_PROTO))
+				haveSSLv3 = true;
+		}
+
+		String[] supportedCipherSuits = socket.getSupportedCipherSuites();
+		boolean acceptableFound = false;
+		for (int i=0; i<supportedCipherSuits.length; i++) {
+			if (haveTLSv1 && supportedCipherSuits[i].equals(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)) {
+				socket.setEnabledProtocols( new String[] { TLS_PROTO } );
+				socket.setEnabledCipherSuites( new String[] { TLS_DHE_RSA_WITH_AES_128_CBC_SHA } );
+				acceptableFound = true;
+				break;
+			} else if (haveSSLv3 && supportedCipherSuits[i].equals(SSL3_RSA_DES_192_CBC3_SHA)) {
+				socket.setEnabledProtocols( new String[] { SSL_PROTO } );
+				socket.setEnabledCipherSuites( new String[] { SSL3_RSA_DES_192_CBC3_SHA } );
+				acceptableFound = true;
+				break;
+			}
+		}
+
+		if (!acceptableFound)
+			throw new Mix3Exception("Did not found an acceptable Cipher Suit.");
+
+		socket.startHandshake();
+		OutputStream out = socket.getOutputStream();
+		InputStream in = socket.getInputStream();
 
 		out.write(Util.toOctets("MMTP 0.3\r\n"));
 		out.flush();
 		byte[] foo = new byte[10];
 		int got = in.read(foo, 0, foo.length);
-		if ((got != 10) || (!Util.equal(foo, Util.toOctets("MMTP 0.3\r\n")))) {
+		if ((got != 10) || (!Util.equal(foo, Util.toOctets("MMTP 0.3\r\n")))) { // FIXME
 			in.close();
 			socket.close();
 			throw new IOException("Do not agree on MMTP version.");
@@ -52,14 +79,12 @@ public class MMTP {
 		out.write(hash);
 		out.flush();
 		got = in.read(ackRead, 0, ackRead.length);
-		if ((got != ackExpected.length) ||
-		    (!Util.equal(ackRead, ackExpected))) {
-			System.out.println("Got NAK");
-		} else {
-			System.out.println("Got ACK");
-		};
 		in.close();
 		out.close();
 		socket.close();
+
+		if ((got != ackExpected.length) ||
+		    (!Util.equal(ackRead, ackExpected)))
+			throw new Mix3Exception("got no valid ACK from server.");
 	}
 }
-- 
cgit v1.2.3