From 36655a8f9b45442647b01adbdc1f4fc2c4e4b66d Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Wed, 15 Oct 2003 16:22:36 +0000 Subject: Add a first go at MMTP. Still lacks verification of peer, but it should not be too hard to add that since all the info is already there --- src/org/noreply/fancydress/type3/mmtp/MMTP.java | 66 +++++++++++++++++ .../fancydress/type3/mmtp/MMTPTrustManager.java | 85 ++++++++++++++++++++++ 2 files changed, 151 insertions(+) create mode 100644 src/org/noreply/fancydress/type3/mmtp/MMTP.java create mode 100644 src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java (limited to 'src/org') diff --git a/src/org/noreply/fancydress/type3/mmtp/MMTP.java b/src/org/noreply/fancydress/type3/mmtp/MMTP.java new file mode 100644 index 0000000..1d03eed --- /dev/null +++ b/src/org/noreply/fancydress/type3/mmtp/MMTP.java @@ -0,0 +1,66 @@ +/* $Id$ */ +package org.noreply.fancydress.type3.mmtp; + +import org.noreply.fancydress.type3.routing.*; +import org.noreply.fancydress.type3.*; +import org.noreply.fancydress.crypto.*; +import org.noreply.fancydress.misc.*; +import javax.net.ssl.*; +import java.net.*; +import java.io.*; +import java.security.*; + +public class MMTP { + private static final String[] acceptableCipherSuits = {"TLS_DHE_RSA_WITH_AES_128_CBC_SHA"}; + private static final String[] acceptableProtocols = {"TLSv1"}; + //private static final String[] acceptableCipherSuits = {"SSL3_RSA_DES_192_CBC3_SHA"}; + + public static void send(Packet packet) throws Exception { + byte[] hash = CryptoPrimitives.hash(packet.asOctets(), Util.toOctets("SEND")); + byte[] ackExpected = Util.concat( Util.toOctets("RECEIVED\r\n"), + CryptoPrimitives.hash(packet.asOctets(), Util.toOctets("RECEIVED"))); + byte[] ackRead = new byte[30]; + MMTPTrustManager trustManager = new MMTPTrustManager(); + TrustManager[] trustManagers = { trustManager }; + SSLContext context = SSLContext.getInstance("TLS"); + context.init(null, trustManagers, null); + + SSLSocketFactory socketFactory = context.getSocketFactory(); + //SSLSocketFactory socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); + SSLSocket socket = (SSLSocket) socketFactory.createSocket("127.0.0.1", 48099); + socket.setEnabledCipherSuites(acceptableCipherSuits); + socket.setEnabledProtocols(acceptableProtocols); + try { + socket.startHandshake(); + } catch (Exception e) {}; + OutputStream out = socket.getOutputStream(); + InputStream in = socket.getInputStream(); + + + + out.write(Util.toOctets("MMTP 0.3\r\n")); + out.flush(); + byte[] foo = new byte[10]; + int got = in.read(foo, 0, foo.length); + if ((got != 10) || (!Util.equal(foo, Util.toOctets("MMTP 0.3\r\n")))) { + in.close(); + socket.close(); + throw new IOException("Do not agree on MMTP version."); + } + out.write(Util.toOctets("SEND\r\n")); + out.write(packet.asOctets()); + out.write(hash); + out.flush(); + got = in.read(ackRead, 0, ackRead.length); + if ((got != ackExpected.length) || + (!Util.equal(ackRead, ackExpected))) { + System.out.println("Got NAK"); + } else { + System.out.println("Got ACK"); + }; + System.out.println(Util.asHex(packet.getRoute().getKeyID())); + in.close(); + out.close(); + socket.close(); + } +} diff --git a/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java new file mode 100644 index 0000000..e39f5f9 --- /dev/null +++ b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java @@ -0,0 +1,85 @@ +/* $Id$ */ +package org.noreply.fancydress.type3.mmtp; + +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import javax.net.ssl.X509TrustManager; +import java.security.AlgorithmParameters; +import java.math.*; +import org.bouncycastle.util.encoders.Base64; +import org.noreply.fancydress.misc.*; +import org.noreply.fancydress.crypto.*; + +public class MMTPTrustManager implements X509TrustManager { + public MMTPTrustManager() { + } + + /** + * Given the partial or complete certificate chain provided by the + * peer, build a certificate path to a trusted root and return if it + * can be validated and is trusted for client SSL authentication based + * on the authentication type. + * + * @param chain the peer certificate chain + * @param authType the authentication type based on the client certificate + * @throws IllegalArgumentException if null or zero-length chain is + * passed in for the chain parameter + * or if null or zero-length string is + * passed in for the authType + * parameter + * @throws CertificateException if the certificate chain is not + * trusted by this TrustManager. + */ + public void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException + { + throw new Error("Not needed\n"); + } + + /** + * Given the partial or complete certificate chain provided by the + * peer, build a certificate path to a trusted root and return if it + * can be validated and is trusted for server SSL authentication based + * on the authentication type. + * + * @param chain the peer certificate chain + * @param authType the key exchange algorithm used + * @throws IllegalArgumentException if null or zero-length chain is + * passed in for the chain parameter + * or if null or zero-length string is + * passed in for the authType + * parameter + * @throws CertificateException if the certificate chain is not + * trusted by this TrustManager. + */ + public void checkServerTrusted(X509Certificate[] chain, String authType) + throws CertificateException + { + System.out.println("call to checkServerTrusted()\n"); + System.out.println("certs: " + chain.length); + for (int i=0; i