diff options
Diffstat (limited to 'libs/nixio/axTLS/samples/java/axssl.java')
| -rw-r--r-- | libs/nixio/axTLS/samples/java/axssl.java | 760 |
1 files changed, 0 insertions, 760 deletions
diff --git a/libs/nixio/axTLS/samples/java/axssl.java b/libs/nixio/axTLS/samples/java/axssl.java deleted file mode 100644 index 2057f29662..0000000000 --- a/libs/nixio/axTLS/samples/java/axssl.java +++ /dev/null @@ -1,760 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Demonstrate the use of the axTLS library in Java with a set of - * command-line parameters similar to openssl. In fact, openssl clients - * should be able to communicate with axTLS servers and visa-versa. * - * This code has various bits enabled depending on the configuration. To enable - * the most interesting version, compile with the 'full mode' enabled. - * - * To see what options you have, run the following: - * > java -jar axtls.jar s_server -? - * > java -jar axtls.jar s_client -? - * - * The axtls/axtlsj shared libraries must be in the same directory or be found - * by the OS. - */ - -import java.io.*; -import java.util.*; -import java.net.*; -import axTLSj.*; - -public class axssl -{ - /* - * Main() - */ - public static void main(String[] args) - { - if (args.length == 1 && args[0].equals("version")) - { - System.out.println("axtls.jar " + SSLUtil.version()); - System.exit(0); - } - - axssl runner = new axssl(); - - try - { - if (args.length < 1 || - (!args[0].equals("s_server") && - !args[0].equals("s_client"))) - { - runner.print_options(args.length > 0 ? args[0] : ""); - } - - int build_mode = SSLUtil.buildMode(); - - if (args[0].equals("s_server")) - runner.do_server(build_mode, args); - else - runner.do_client(build_mode, args); - } - catch (Exception e) - { - System.out.println(e); - } - } - - /* - * do_server() - */ - private void do_server(int build_mode, String[] args) - throws Exception - { - int i = 1; - int port = 4433; - int options = axtlsj.SSL_DISPLAY_CERTS; - boolean quiet = false; - String password = null; - String private_key_file = null; - - /* organise the cert/ca_cert lists */ - int cert_size = SSLUtil.maxCerts(); - int ca_cert_size = SSLUtil.maxCACerts(); - String[] cert = new String[cert_size]; - String[] ca_cert = new String[ca_cert_size]; - int cert_index = 0; - int ca_cert_index = 0; - - while (i < args.length) - { - if (args[i].equals("-accept")) - { - if (i >= args.length-1) - { - print_server_options(build_mode, args[i]); - } - - port = Integer.parseInt(args[++i]); - } - else if (args[i].equals("-quiet")) - { - quiet = true; - options &= ~(int)axtlsj.SSL_DISPLAY_CERTS; - } - else if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY) - { - if (args[i].equals("-cert")) - { - if (i >= args.length-1 || cert_index >= cert_size) - { - print_server_options(build_mode, args[i]); - } - - cert[cert_index++] = args[++i]; - } - else if (args[i].equals("-key")) - { - if (i >= args.length-1) - { - print_server_options(build_mode, args[i]); - } - - private_key_file = args[++i]; - options |= axtlsj.SSL_NO_DEFAULT_KEY; - } - else if (args[i].equals("-pass")) - { - if (i >= args.length-1) - { - print_server_options(build_mode, args[i]); - } - - password = args[++i]; - } - else if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION) - { - if (args[i].equals("-verify")) - { - options |= axtlsj.SSL_CLIENT_AUTHENTICATION; - } - else if (args[i].equals("-CAfile")) - { - if (i >= args.length-1 || ca_cert_index >= ca_cert_size) - { - print_server_options(build_mode, args[i]); - } - - ca_cert[ca_cert_index++] = args[++i]; - } - else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE) - { - if (args[i].equals("-debug")) - { - options |= axtlsj.SSL_DISPLAY_BYTES; - } - else if (args[i].equals("-state")) - { - options |= axtlsj.SSL_DISPLAY_STATES; - } - else if (args[i].equals("-show-rsa")) - { - options |= axtlsj.SSL_DISPLAY_RSA; - } - else - print_server_options(build_mode, args[i]); - } - else - print_server_options(build_mode, args[i]); - } - else - print_server_options(build_mode, args[i]); - } - else - print_server_options(build_mode, args[i]); - - i++; - } - - /* Create socket for incoming connections */ - ServerSocket server_sock = new ServerSocket(port); - - /********************************************************************** - * This is where the interesting stuff happens. Up until now we've - * just been setting up sockets etc. Now we do the SSL handshake. - **********************************************************************/ - SSLServer ssl_ctx = new SSLServer(options, - axtlsj.SSL_DEFAULT_SVR_SESS); - - if (ssl_ctx == null) - throw new Exception("Error: Server context is invalid"); - - if (private_key_file != null) - { - int obj_type = axtlsj.SSL_OBJ_RSA_KEY; - - if (private_key_file.endsWith(".p8")) - obj_type = axtlsj.SSL_OBJ_PKCS8; - else if (private_key_file.endsWith(".p12")) - obj_type = axtlsj.SSL_OBJ_PKCS12; - - if (ssl_ctx.objLoad(obj_type, - private_key_file, password) != axtlsj.SSL_OK) - { - throw new Exception("Error: Private key '" + private_key_file + - "' is undefined."); - } - } - - for (i = 0; i < cert_index; i++) - { - if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, - cert[i], null) != axtlsj.SSL_OK) - { - throw new Exception("Certificate '" + cert[i] + - "' is undefined."); - } - } - - for (i = 0; i < ca_cert_index; i++) - { - if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, - ca_cert[i], null) != axtlsj.SSL_OK) - { - throw new Exception("Certificate '" + ca_cert[i] + - "' is undefined."); - } - } - - int res; - SSLReadHolder rh = new SSLReadHolder(); - - for (;;) - { - if (!quiet) - { - System.out.println("ACCEPT"); - } - - Socket client_sock = server_sock.accept(); - - SSL ssl = ssl_ctx.connect(client_sock); - - while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK) - { - /* check when the connection has been established */ - if (ssl.handshakeStatus() == axtlsj.SSL_OK) - break; - - /* could do something else here */ - } - - if (res == axtlsj.SSL_OK) /* connection established and ok */ - { - if (!quiet) - { - display_session_id(ssl); - display_cipher(ssl); - } - - /* now read (and display) whatever the client sends us */ - for (;;) - { - /* keep reading until we get something interesting */ - while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK) - { - /* could do something else here */ - } - - if (res < axtlsj.SSL_OK) - { - if (!quiet) - { - System.out.println("CONNECTION CLOSED"); - } - - break; - } - - /* convert to String */ - byte[] buf = rh.getData(); - char[] str = new char[res]; - - for (i = 0; i < res; i++) - { - str[i] = (char)buf[i]; - } - - System.out.print(str); - } - } - else if (!quiet) - { - SSLUtil.displayError(res); - } - - /* client was disconnected or the handshake failed. */ - ssl.dispose(); - client_sock.close(); - } - - /* ssl_ctx.dispose(); */ - } - - /* - * do_client() - */ - private void do_client(int build_mode, String[] args) - throws Exception - { - if (build_mode < axtlsj.SSL_BUILD_ENABLE_CLIENT) - print_client_options(build_mode, args[1]); - - int i = 1, res; - int port = 4433; - boolean quiet = false; - String password = null; - int reconnect = 0; - String private_key_file = null; - String hostname = "127.0.0.1"; - - /* organise the cert/ca_cert lists */ - int cert_index = 0; - int ca_cert_index = 0; - int cert_size = SSLUtil.maxCerts(); - int ca_cert_size = SSLUtil.maxCACerts(); - String[] cert = new String[cert_size]; - String[] ca_cert = new String[ca_cert_size]; - - int options = axtlsj.SSL_SERVER_VERIFY_LATER|axtlsj.SSL_DISPLAY_CERTS; - byte[] session_id = null; - - while (i < args.length) - { - if (args[i].equals("-connect")) - { - String host_port; - - if (i >= args.length-1) - { - print_client_options(build_mode, args[i]); - } - - host_port = args[++i]; - int index_colon; - - if ((index_colon = host_port.indexOf(':')) < 0) - print_client_options(build_mode, args[i]); - - hostname = new String(host_port.toCharArray(), - 0, index_colon); - port = Integer.parseInt(new String(host_port.toCharArray(), - index_colon+1, host_port.length()-index_colon-1)); - } - else if (args[i].equals("-cert")) - { - if (i >= args.length-1 || cert_index >= cert_size) - { - print_client_options(build_mode, args[i]); - } - - cert[cert_index++] = args[++i]; - } - else if (args[i].equals("-CAfile")) - { - if (i >= args.length-1 || ca_cert_index >= ca_cert_size) - { - print_client_options(build_mode, args[i]); - } - - ca_cert[ca_cert_index++] = args[++i]; - } - else if (args[i].equals("-key")) - { - if (i >= args.length-1) - { - print_client_options(build_mode, args[i]); - } - - private_key_file = args[++i]; - options |= axtlsj.SSL_NO_DEFAULT_KEY; - } - else if (args[i].equals("-verify")) - { - options &= ~(int)axtlsj.SSL_SERVER_VERIFY_LATER; - } - else if (args[i].equals("-reconnect")) - { - reconnect = 4; - } - else if (args[i].equals("-quiet")) - { - quiet = true; - options &= ~(int)axtlsj.SSL_DISPLAY_CERTS; - } - else if (args[i].equals("-pass")) - { - if (i >= args.length-1) - { - print_server_options(build_mode, args[i]); - } - - password = args[++i]; - } - else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE) - { - if (args[i].equals("-debug")) - { - options |= axtlsj.SSL_DISPLAY_BYTES; - } - else if (args[i].equals("-state")) - { - options |= axtlsj.SSL_DISPLAY_STATES; - } - else if (args[i].equals("-show-rsa")) - { - options |= axtlsj.SSL_DISPLAY_RSA; - } - else - print_client_options(build_mode, args[i]); - } - else /* don't know what this is */ - print_client_options(build_mode, args[i]); - - i++; - } - - Socket client_sock = new Socket(hostname, port); - - if (!client_sock.isConnected()) - { - System.out.println("could not connect"); - throw new Exception(); - } - - if (!quiet) - { - System.out.println("CONNECTED"); - } - - /********************************************************************** - * This is where the interesting stuff happens. Up until now we've - * just been setting up sockets etc. Now we do the SSL handshake. - **********************************************************************/ - SSLClient ssl_ctx = new SSLClient(options, - axtlsj.SSL_DEFAULT_CLNT_SESS); - - if (ssl_ctx == null) - { - throw new Exception("Error: Client context is invalid"); - } - - if (private_key_file != null) - { - int obj_type = axtlsj.SSL_OBJ_RSA_KEY; - - if (private_key_file.endsWith(".p8")) - obj_type = axtlsj.SSL_OBJ_PKCS8; - else if (private_key_file.endsWith(".p12")) - obj_type = axtlsj.SSL_OBJ_PKCS12; - - if (ssl_ctx.objLoad(obj_type, - private_key_file, password) != axtlsj.SSL_OK) - { - throw new Exception("Error: Private key '" + private_key_file + - "' is undefined."); - } - } - - for (i = 0; i < cert_index; i++) - { - if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, - cert[i], null) != axtlsj.SSL_OK) - { - throw new Exception("Certificate '" + cert[i] + - "' is undefined."); - } - } - - for (i = 0; i < ca_cert_index; i++) - { - if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, - ca_cert[i], null) != axtlsj.SSL_OK) - { - throw new Exception("Certificate '" + ca_cert[i] + - "' is undefined."); - } - } - - SSL ssl = null; - - /* Try session resumption? */ - if (reconnect > 0) - { - while (reconnect-- > 0) - { - ssl = ssl_ctx.connect(client_sock, session_id); - - if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK) - { - if (!quiet) - { - SSLUtil.displayError(res); - } - - ssl.dispose(); - throw new Exception(); - } - - display_session_id(ssl); - session_id = ssl.getSessionId(); - - if (reconnect > 0) - { - ssl.dispose(); - client_sock.close(); - - /* and reconnect */ - client_sock = new Socket(hostname, port); - } - } - } - else - { - ssl = ssl_ctx.connect(client_sock, null); - } - - /* check the return status */ - if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK) - { - if (!quiet) - { - SSLUtil.displayError(res); - } - - throw new Exception(); - } - - if (!quiet) - { - String common_name = - ssl.getCertificateDN(axtlsj.SSL_X509_CERT_COMMON_NAME); - - if (common_name != null) - { - System.out.println("Common Name:\t\t\t" + common_name); - } - - display_session_id(ssl); - display_cipher(ssl); - } - - BufferedReader in = new BufferedReader( - new InputStreamReader(System.in)); - - for (;;) - { - String user_input = in.readLine(); - - if (user_input == null) - break; - - byte[] buf = new byte[user_input.length()+2]; - buf[buf.length-2] = (byte)'\n'; /* add the carriage return */ - buf[buf.length-1] = 0; /* null terminate */ - - for (i = 0; i < buf.length-2; i++) - { - buf[i] = (byte)user_input.charAt(i); - } - - if ((res = ssl_ctx.write(ssl, buf)) < axtlsj.SSL_OK) - { - if (!quiet) - { - SSLUtil.displayError(res); - } - - break; - } - } - - ssl_ctx.dispose(); - } - - /** - * We've had some sort of command-line error. Print out the basic options. - */ - private void print_options(String option) - { - System.out.println("axssl: Error: '" + option + - "' is an invalid command."); - System.out.println("usage: axtlsj.jar [s_server|s_client|version] " + - "[args ...]"); - System.exit(1); - } - - /** - * We've had some sort of command-line error. Print out the server options. - */ - private void print_server_options(int build_mode, String option) - { - int cert_size = SSLUtil.maxCerts(); - int ca_cert_size = SSLUtil.maxCACerts(); - - System.out.println("unknown option " + option); - System.out.println("usage: s_server [args ...]"); - System.out.println(" -accept arg\t- port to accept on (default " + - "is 4433)"); - System.out.println(" -quiet\t\t- No server output"); - - if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY) - { - System.out.println(" -cert arg\t- certificate file to add (in " + - "addition to default) to chain -"); - System.out.println("\t\t Can repeat up to " + cert_size + " times"); - System.out.println(" -key arg\t- Private key file to use"); - System.out.println(" -pass\t\t- private key file pass phrase source"); - } - - if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION) - { - System.out.println(" -verify\t- turn on peer certificate " + - "verification"); - System.out.println(" -CAfile arg\t- Certificate authority. "); - System.out.println("\t\t Can repeat up to " + - ca_cert_size + " times"); - } - - if (build_mode == axtlsj.SSL_BUILD_FULL_MODE) - { - System.out.println(" -debug\t\t- Print more output"); - System.out.println(" -state\t\t- Show state messages"); - System.out.println(" -show-rsa\t- Show RSA state"); - } - - System.exit(1); - } - - /** - * We've had some sort of command-line error. Print out the client options. - */ - private void print_client_options(int build_mode, String option) - { - int cert_size = SSLUtil.maxCerts(); - int ca_cert_size = SSLUtil.maxCACerts(); - - System.out.println("unknown option " + option); - - if (build_mode >= axtlsj.SSL_BUILD_ENABLE_CLIENT) - { - System.out.println("usage: s_client [args ...]"); - System.out.println(" -connect host:port - who to connect to " + - "(default is localhost:4433)"); - System.out.println(" -verify\t- turn on peer certificate " + - "verification"); - System.out.println(" -cert arg\t- certificate file to use"); - System.out.println(" -key arg\t- Private key file to use"); - System.out.println("\t\t Can repeat up to " + cert_size + - " times"); - System.out.println(" -CAfile arg\t- Certificate authority."); - System.out.println("\t\t Can repeat up to " + ca_cert_size + - " times"); - System.out.println(" -quiet\t\t- No client output"); - System.out.println(" -pass\t\t- private key file pass " + - "phrase source"); - System.out.println(" -reconnect\t- Drop and re-make the " + - "connection with the same Session-ID"); - - if (build_mode == axtlsj.SSL_BUILD_FULL_MODE) - { - System.out.println(" -debug\t\t- Print more output"); - System.out.println(" -state\t\t- Show state messages"); - System.out.println(" -show-rsa\t- Show RSA state"); - } - } - else - { - System.out.println("Change configuration to allow this feature"); - } - - System.exit(1); - } - - /** - * Display what cipher we are using - */ - private void display_cipher(SSL ssl) - { - System.out.print("CIPHER is "); - - byte ciph_id = ssl.getCipherId(); - - if (ciph_id == axtlsj.SSL_AES128_SHA) - System.out.println("AES128-SHA"); - else if (ciph_id == axtlsj.SSL_AES256_SHA) - System.out.println("AES256-SHA"); - else if (ciph_id == axtlsj.SSL_RC4_128_SHA) - System.out.println("RC4-SHA"); - else if (ciph_id == axtlsj.SSL_RC4_128_MD5) - System.out.println("RC4-MD5"); - else - System.out.println("Unknown - " + ssl.getCipherId()); - } - - public char toHexChar(int i) - { - if ((0 <= i) && (i <= 9 )) - return (char)('0' + i); - else - return (char)('a' + (i-10)); - } - - public void bytesToHex(byte[] data) - { - StringBuffer buf = new StringBuffer(); - for (int i = 0; i < data.length; i++ ) - { - buf.append(toHexChar((data[i]>>>4)&0x0F)); - buf.append(toHexChar(data[i]&0x0F)); - } - - System.out.println(buf); - } - - - /** - * Display what session id we have. - */ - private void display_session_id(SSL ssl) - { - byte[] session_id = ssl.getSessionId(); - - if (session_id.length > 0) - { - System.out.println("-----BEGIN SSL SESSION PARAMETERS-----"); - bytesToHex(session_id); - System.out.println("-----END SSL SESSION PARAMETERS-----"); - } - } -} |