Merge pull request #155 from cconlon/clientExampleNoVerify
Fix JSSE example client -d option, add -g for HTTP GETpull/151/head
JacobBarthelmeh
GitHub
commit
48293f962e
|
|
@ -34,6 +34,8 @@ import javax.net.ssl.SSLContext;
|
||||||
import javax.net.ssl.SSLEngine;
|
import javax.net.ssl.SSLEngine;
|
||||||
import javax.net.ssl.SSLSession;
|
import javax.net.ssl.SSLSession;
|
||||||
import javax.net.ssl.SSLSocket;
|
import javax.net.ssl.SSLSocket;
|
||||||
|
import javax.net.ssl.TrustManager;
|
||||||
|
import javax.net.ssl.X509TrustManager;
|
||||||
|
|
||||||
import java.security.Provider;
|
import java.security.Provider;
|
||||||
import java.security.UnrecoverableKeyException;
|
import java.security.UnrecoverableKeyException;
|
||||||
|
|
@ -64,6 +66,7 @@ public class ClientJSSE {
|
||||||
int ret = 0, input;
|
int ret = 0, input;
|
||||||
byte[] back = new byte[80];
|
byte[] back = new byte[80];
|
||||||
String msg = "Too legit to quit";
|
String msg = "Too legit to quit";
|
||||||
|
String httpGetMsg = "GET /index.html HTTP/1.0\r\n\r\n";
|
||||||
String provider = "wolfJSSE";
|
String provider = "wolfJSSE";
|
||||||
|
|
||||||
KeyStore pKey, cert;
|
KeyStore pKey, cert;
|
||||||
|
|
@ -82,6 +85,7 @@ public class ClientJSSE {
|
||||||
boolean listSuites = false; /* list all supported cipher suites */
|
boolean listSuites = false; /* list all supported cipher suites */
|
||||||
boolean listEnabledProtocols = false; /* show enabled protocols */
|
boolean listEnabledProtocols = false; /* show enabled protocols */
|
||||||
boolean putEnabledProtocols = false; /* set enabled protocols */
|
boolean putEnabledProtocols = false; /* set enabled protocols */
|
||||||
|
boolean sendGET = false; /* send HTTP GET */
|
||||||
|
|
||||||
boolean resumeSession = false; /* try one session resumption */
|
boolean resumeSession = false; /* try one session resumption */
|
||||||
byte[] firstSessionId = null; /* sess ID of first session */
|
byte[] firstSessionId = null; /* sess ID of first session */
|
||||||
|
|
@ -156,6 +160,9 @@ public class ClientJSSE {
|
||||||
} else if (arg.equals("-d")) {
|
} else if (arg.equals("-d")) {
|
||||||
verifyPeer = false;
|
verifyPeer = false;
|
||||||
|
|
||||||
|
} else if (arg.equals("-g")) {
|
||||||
|
sendGET = true;
|
||||||
|
|
||||||
} else if (arg.equals("-e")) {
|
} else if (arg.equals("-e")) {
|
||||||
listSuites = true;
|
listSuites = true;
|
||||||
|
|
||||||
|
|
@ -190,11 +197,31 @@ public class ClientJSSE {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* X509TrustManager that trusts all peer certificates. Used if peer
|
||||||
|
* authentication (-d) has been passed in */
|
||||||
|
TrustManager[] trustAllCerts = new TrustManager[] {
|
||||||
|
new X509TrustManager() {
|
||||||
|
public void checkClientTrusted(
|
||||||
|
X509Certificate[] chain, String authType) {
|
||||||
|
}
|
||||||
|
|
||||||
|
public void checkServerTrusted(
|
||||||
|
X509Certificate[] chain, String authType) {
|
||||||
|
}
|
||||||
|
|
||||||
|
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
/* trust manager (certificates) */
|
/* trust manager (certificates) */
|
||||||
cert = KeyStore.getInstance("JKS");
|
if (verifyPeer) {
|
||||||
cert.load(new FileInputStream(caJKS), caPswd.toCharArray());
|
cert = KeyStore.getInstance("JKS");
|
||||||
tm = TrustManagerFactory.getInstance("SunX509", provider);
|
cert.load(new FileInputStream(caJKS), caPswd.toCharArray());
|
||||||
tm.init(cert);
|
tm = TrustManagerFactory.getInstance("SunX509", provider);
|
||||||
|
tm.init(cert);
|
||||||
|
}
|
||||||
|
|
||||||
/* load private key */
|
/* load private key */
|
||||||
pKey = KeyStore.getInstance("JKS");
|
pKey = KeyStore.getInstance("JKS");
|
||||||
|
|
@ -204,7 +231,13 @@ public class ClientJSSE {
|
||||||
|
|
||||||
/* setup context with certificate and private key */
|
/* setup context with certificate and private key */
|
||||||
ctx = SSLContext.getInstance(version, provider);
|
ctx = SSLContext.getInstance(version, provider);
|
||||||
ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null);
|
|
||||||
|
if (verifyPeer) {
|
||||||
|
ctx.init(km.getKeyManagers(), tm.getTrustManagers(), null);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
ctx.init(km.getKeyManagers(), trustAllCerts, null);
|
||||||
|
}
|
||||||
|
|
||||||
if (listSuites) {
|
if (listSuites) {
|
||||||
String[] suites = ctx.getDefaultSSLParameters().getCipherSuites();
|
String[] suites = ctx.getDefaultSSLParameters().getCipherSuites();
|
||||||
|
|
@ -237,10 +270,6 @@ public class ClientJSSE {
|
||||||
System.out.printf("Using SSLContext provider %s\n", ctx.getProvider().
|
System.out.printf("Using SSLContext provider %s\n", ctx.getProvider().
|
||||||
getName());
|
getName());
|
||||||
|
|
||||||
if (!verifyPeer) {
|
|
||||||
sock.setNeedClientAuth(false);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (cipherList != null) {
|
if (cipherList != null) {
|
||||||
sock.setEnabledCipherSuites(cipherList.split(":"));
|
sock.setEnabledCipherSuites(cipherList.split(":"));
|
||||||
}
|
}
|
||||||
|
|
@ -248,7 +277,12 @@ public class ClientJSSE {
|
||||||
sock.startHandshake();
|
sock.startHandshake();
|
||||||
firstSessionId = sock.getSession().getId();
|
firstSessionId = sock.getSession().getId();
|
||||||
showPeer(sock);
|
showPeer(sock);
|
||||||
sock.getOutputStream().write(msg.getBytes());
|
if (sendGET) {
|
||||||
|
sock.getOutputStream().write(httpGetMsg.getBytes());
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
sock.getOutputStream().write(msg.getBytes());
|
||||||
|
}
|
||||||
sock.getInputStream().read(back);
|
sock.getInputStream().read(back);
|
||||||
System.out.println("Server message : " + new String(back));
|
System.out.println("Server message : " + new String(back));
|
||||||
sock.close();
|
sock.close();
|
||||||
|
|
@ -264,10 +298,6 @@ public class ClientJSSE {
|
||||||
System.out.printf("Using SSLContext provider %s\n", ctx.getProvider().
|
System.out.printf("Using SSLContext provider %s\n", ctx.getProvider().
|
||||||
getName());
|
getName());
|
||||||
|
|
||||||
if (!verifyPeer) {
|
|
||||||
sock.setNeedClientAuth(false);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (cipherList != null) {
|
if (cipherList != null) {
|
||||||
sock.setEnabledCipherSuites(cipherList.split(":"));
|
sock.setEnabledCipherSuites(cipherList.split(":"));
|
||||||
}
|
}
|
||||||
|
|
@ -339,6 +369,7 @@ public class ClientJSSE {
|
||||||
"TLS1.3(4)), default 3 : use 'd' for downgrade");
|
"TLS1.3(4)), default 3 : use 'd' for downgrade");
|
||||||
System.out.println("-l <str>\tCipher list");
|
System.out.println("-l <str>\tCipher list");
|
||||||
System.out.println("-d\t\tDisable peer checks");
|
System.out.println("-d\t\tDisable peer checks");
|
||||||
|
System.out.println("-g\t\tSend server HTTP GET");
|
||||||
System.out.println("-e\t\tGet all supported cipher suites");
|
System.out.println("-e\t\tGet all supported cipher suites");
|
||||||
System.out.println("-getp\t\tGet enabled protocols");
|
System.out.println("-getp\t\tGet enabled protocols");
|
||||||
System.out.println("-setp <protocols> \tSet enabled protocols " +
|
System.out.println("-setp <protocols> \tSet enabled protocols " +
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue