static void Main()
{
// Path to models extracted from `stanford-parser-3.6.0-models.jar`
var jarRoot = @"..\..\..\..\paket-files\nlp.stanford.edu\stanford-parser-full-2016-10-31\models\";
var modelsDirectory = jarRoot + @"\edu\stanford\nlp\models";
// Loading english PCFG parser from file
var lp = LexicalizedParser.loadModel(modelsDirectory + @"\lexparser\englishPCFG.ser.gz");
// This sample shows parsing a list of correctly tokenized words
var sent = new[] { "This", "is", "an", "easy", "sentence", "." };
var rawWords = SentenceUtils.toCoreLabelList(sent);
var tree = lp.apply(rawWords);
tree.pennPrint();
// This option shows loading and using an explicit tokenizer
var sent2 = "This is another sentence.";
var tokenizerFactory = PTBTokenizer.factory(new CoreLabelTokenFactory(), "");
var sent2Reader = new StringReader(sent2);
var rawWords2 = tokenizerFactory.getTokenizer(sent2Reader).tokenize();
sent2Reader.close();
var tree2 = lp.apply(rawWords2);
// Extract dependencies from lexical tree
var tlp = new PennTreebankLanguagePack();
var gsf = tlp.grammaticalStructureFactory();
var gs = gsf.newGrammaticalStructure(tree2);
var tdl = gs.typedDependenciesCCprocessed();
Console.WriteLine("\n{0}\n", tdl);
// Extract collapsed dependencies from parsed tree
var tp = new TreePrint("penn,typedDependenciesCollapsed");
tp.printTree(tree2);
}
public static void Main(string[] args)
{
// http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
// https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/
// https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010
try
{
// first lets print into console the aliases we could be choosing from
// it should show the CA and the host alias on windows.
// once this works. lets do an example that works with JVM keystore
#region Certificates
Func<string, IEnumerable<System.Security.Cryptography.X509Certificates.X509Certificate2>> Certificates = keyStoreType =>
{
var a = new List<System.Security.Cryptography.X509Certificates.X509Certificate2> { };
try
{
// http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/sun/security/mscapi/SunMSCAPI.java
// https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
// https://social.msdn.microsoft.com/Forums/expression/en-US/52dca221-1e05-44c1-8c45-9e0d4a807853/java-keystoreload-for-windowsmy-pops-up-insert-smart-card-window?forum=windowssecurity
// I removed some personal certificaties at key manager (certmgr.msc) and wala!
//Client Authentication (1.3.6.1.5.5.7.3.2)
//Secure Email (1.3.6.1.5.5.7.3.4)
// https://www.chilkatsoft.com/p/p_280.asp
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider
// http://stackoverflow.com/questions/27692904/how-to-avoid-smart-card-selection-popup-when-accessing-windows-my-using-java
// http://stackoverflow.com/questions/4552100/how-to-prevent-popups-when-loading-a-keystore
// http://stackoverflow.com/questions/15220976/how-to-obtain-a-users-identity-from-a-smartcard-on-windows-mscapi-with-java
KeyStore xKeyStore = KeyStore.getInstance(keyStoreType);
//Console.WriteLine(new { xKeyStore });
//Console.WriteLine("load... " + new { keyStoreType });
xKeyStore.load(null, null);
//Console.WriteLine("load... done");
//Console.WriteLine("aliases...");
java.util.Enumeration en = xKeyStore.aliases();
//Console.WriteLine("aliases... done");
while (en.hasMoreElements())
{
var aliasKey = (string)en.nextElement();
//Console.WriteLine(new { aliasKey });
// PCSC?
var c509 = xKeyStore.getCertificate(aliasKey) as java.security.cert.X509Certificate;
if (c509 != null)
{
System.Security.Cryptography.X509Certificates.X509Certificate2 crt = new __X509Certificate2 { FriendlyName = aliasKey, InternalElement = c509 };
//Console.WriteLine(new { crt.Subject, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false) });
//Console.WriteLine(new { aliasKey, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false), crt.Issuer });
a.Add(crt);
}
//if (aliasKey.equals("myKey") ) {
// PrivateKey key = (PrivateKey)ks.getKey(aliasKey, "monPassword".toCharArray());
// Certificate[] chain = ks.getCertificateChain(aliasKey);
//}
}
}
catch //(Exception closure)
{
throw;
}
return a;
};
#endregion
Certificates("Windows-ROOT").WithEach(
crt =>
{
// aliasKey = peer integrity authority for cpu BFEBFBFF000306A9
// SimpleName = peer integrity authority for cpu BFEBFBFF000306A9
var SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
if (SimpleName.StartsWith("peer integrity authority for cpu"))
Console.WriteLine(new { crt.FriendlyName, SimpleName, crt.SerialNumber, crt.Issuer });
}
);
Certificates("Windows-MY").GroupBy(x => x.FriendlyName).WithEach(
crt =>
{
//{ FriendlyName = 192.168.1.12 }
//{ FriendlyName = 192.168.43.12 }
//{ FriendlyName = 192.168.173.12 }
//{ FriendlyName = 192.168.42.46 }
//{ FriendlyName = Administrator }
// hide non ip certs..
if (!crt.Key.Contains("."))
return;
Console.WriteLine(new { FriendlyName = crt.Key });
//Console.WriteLine(new { crt.FriendlyName, crt.SerialNumber });
}
);
Console.WriteLine("-");
// now lets start a ssl server and convince jvm to use the first friendly name we found..
var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2");
Console.WriteLine(new { xSSLContext });
var xTrustEveryoneManager = new[] { new TrustEveryoneManager() };
var xKeyManager = new[] { new localKeyManager() };
xSSLContext.init(
// SunMSCAPI ?
xKeyManager,
xTrustEveryoneManager,
new java.security.SecureRandom()
);
var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory();
var ss443 = xSSLServerSocketFactory.createServerSocket(8443);
Console.WriteLine(new { ss443 });
// http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html
var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket;
xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" });
var ok = true;
while (ok)
{
//Console.WriteLine("accept...");
var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket;
//Console.WriteLine(new { xSSLSocket });
// http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit
// java u suck.
//Console.WriteLine("startHandshake...");
try
{
// http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html
Func<string> getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>";
// can we await for it?
xSSLSocket.addHandshakeCompletedListener(
new xHandshakeCompletedListener
{
yield = e =>
{
try
{
Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length });
var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate;
var x509 = new __X509Certificate2 { InternalElement = c };
if (c != null)
{
getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>"
+ new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString()
);
}
}
catch (Exception fault)
{
//Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
// at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
// at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source)
//throw;
Console.WriteLine("getPeerCertificates " + new { fault.Message });
}
}
}
);
xSSLSocket.startHandshake();
//Cipher Suites: [
// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
// TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
// Unknown 0xcc:0x14,
//Unknown 0xcc:0x13,
//TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_RSA_WITH_AES_128_GCM_SHA256,
//TLS_RSA_WITH_AES_256_CBC_SHA,
//TLS_RSA_WITH_AES_128_CBC_SHA,
//SSL_RSA_WITH_3DES_EDE_CBC_SHA]
// http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html
// Error 573 The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'. Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs 68 17 JVMCLRSSLServerSocket
var xNetworkStream = new __NetworkStream
{
InternalInputStream = xSSLSocket.getInputStream(),
InternalOutputStream = xSSLSocket.getOutputStream()
};
Console.WriteLine(new { xNetworkStream });
// http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java
// http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm
// http://192.168.1.12:8443/
// chrome does a download of NAK EXT SOH NUL STX STX ??
// { byte0 = 71 }
//var byte0 = xNetworkStream.ReadByte();
//{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f }
//{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 }
//{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] }
//{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] }
//{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 }
//{ byte0 = -1 }
//Console.WriteLine(new { byte0 });
//Console.WriteLine(new { byte0 });
//{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51)
// at JVMCLRSSLServerSocket.Program.main(Program.java:145)
var xStreamReader = new StreamReader(xNetworkStream);
var line0 = xStreamReader.ReadLine();
Console.WriteLine(new { line0 });
// { line0 = GET / HTTP/1.1 }
// http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve
// http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common
//Implementation not found for type import :
//type: System.IO.StreamWriter
//method: Void .ctor(System.IO.Stream)
//var xStreamWriter = new StreamWriter(xNetworkStream);
var data =
getdata();
var bytes = Encoding.UTF8.GetBytes(data);
xNetworkStream.Write(bytes, 0, bytes.Length);
xNetworkStream.Close();
}
catch (Exception fault)
{
reportHansshakeFault(fault);
}
//Thread.Sleep(5000);
}
}
catch (Exception err)
{
Console.WriteLine(
new
{
err.Message,
err.StackTrace
}
);
}
Console.WriteLine("done");
Console.ReadLine();
}
public static void Main(string[] args)
{
// http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
// https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/
// https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010
try
{
Console.WriteLine(
new
{
typeof(object).AssemblyQualifiedName,
Environment.CurrentDirectory,
// "X:\Program Files (x86)\Java\jre7\lib\security\local_policy.jar"
// Location = X:\Program Files (x86)\Java\jre7\lib\rt.jar }
typeof(object).Assembly.Location,
}
);
#region useless
// You can't do it with the system properties. You would have to write and load your own X509KeyManager and create your own SSLContext with it.
var keyStore = java.lang.System.getProperty("javax.net.ssl.keyStore");
Console.WriteLine(new { keyStore });
var keyStorePassword = java.lang.System.getProperty("javax.net.ssl.keyStorePassword");
Console.WriteLine(new { keyStorePassword });
#endregion
// ok lets do a server.
// http://developer.android.com/reference/android/net/SSLCertificateSocketFactory.html
// http://stackoverflow.com/questions/11832672/how-can-a-java-client-use-the-native-windows-my-store-to-provide-its-client-cert
// http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html
//java.lang.System.setProperty("javax.net.debug", "all");
// http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0
java.lang.System.setProperty("jsse.enableSNIExtension", "false");
// http://www.angelfire.com/or/abhilash/site/articles/jsse-km/customKeyManager.html
// the reason for the SSLEngine’s complaint is that you enabled only the RSA cipher, but your certificate uses DSA keys.
//CLRProgram.makecert(host: "192.168.1.12", port: 8443);
// ERR_SSL_VERSION_OR_CIPHER_MISMATCH
//var xSSLContext = javax.net.ssl.SSLContext.getInstance("SSL");
// For 256 bit security you need to install Oracle's unlimited strength policy files.
// http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
//var xSSLContext = javax.net.ssl.SSLContext.getInstance("SSLv3");
// { Message = TLSv1.3 SSLContext not available, StackTrace = java.security.NoSuchAlgorithmException: TLSv1.3 SSLContext not available
//var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.3");
//var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2");
//var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.1");
// { Message = TLS_RSA_WITH_AES_256_CBC_SHA256 SSLContext not available, StackTrace = java.security.NoSuchAlgorithmException: TLS_RSA_WITH_AES_256_CBC_SHA256 SSLContext not available
var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2");
Console.WriteLine(new { xSSLContext });
// https://android.googlesource.com/platform/libcore/+/jb-mr2-release/luni/src/main/java/javax/net/ssl/KeyManagerFactory.java
//var localKeyManager = new[] { new localKeyManager() };
var myTrustManagerArray = new[] { new TrustEveryoneManager() };
// null?
xSSLContext.init(
// SunMSCAPI ?
localKeyManager.WindowsMYKeyManagers(),
myTrustManagerArray, new java.security.SecureRandom());
//var cf = javax.net.ssl.SSLSocketFactory.getDefault() as javax.net.ssl.SSLSocketFactory;
var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory();
//{ cf = sun.security.ssl.SSLSocketFactoryImpl@1fd10fa }
//{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@7b4ed7 }
Console.WriteLine(new { xSSLServerSocketFactory });
//f.
// http://www.javased.com/?api=javax.net.ssl.SSLSocketFactory
// http://www.java2s.com/Code/JavaAPI/javax.net.ssl/SSLSocketFactorycreateSocketStringarg0intarg1.htm
// http://saltnlight5.blogspot.com.ee/2014/10/how-to-setup-custom-sslsocketfactorys.html
//f.createSocket(
// http://www.herongyang.com/JDK/SSL-Socket-Server-Example-SslReverseEchoer.html
//javax.net.ssl.SSLServerSocket.
// http://www.javaworld.com/article/2075291/learn-java/build-secure-network-applications-with-ssl-and-the-jsse-api.html
// -Djavax.net.ssl.keyStore
// -Djavax.net.ssl.keyStorePassword
// http://stackoverflow.com/questions/20798652/java-sslserversocket-presents-wrong-certificate
// https://searchcode.com/codesearch/view/171073/
// http://stackoverflow.com/questions/12370351/setting-the-certificate-used-by-a-java-ssl-serversocket
// http://stackoverflow.com/questions/22230815/java-server-ssl-with-different-storepass-and-keypass
// http://stackoverflow.com/questions/9921548/sslsocketfactory-in-java
// https://code.google.com/p/vellum/wiki/LocalCa
// hg https://bitbucket.org/mfichman/mitm
//var ssf = javax.net.ssl.SSLServerSocketFactory.getDefault() as javax.net.ssl.SSLServerSocketFactory;
//// http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java
//Console.WriteLine(new { ssf });
//{ Message = Address already in use: JVM_Bind, StackTrace = java.net.BindException: Address already in use: JVM_Bind
// at java.net.DualStackPlainSocketImpl.bind0(Native Method)
// at java.net.DualStackPlainSocketImpl.socketBind(Unknown Source)
// at java.net.AbstractPlainSocketImpl.bind(Unknown Source)
// at java.net.PlainSocketImpl.bind(Unknown Source)
// at java.net.ServerSocket.bind(Unknown Source)
// at java.net.ServerSocket.<init>(Unknown Source)
// at java.net.ServerSocket.<init>(Unknown Source)
// at javax.net.ssl.SSLServerSocket.<init>(Unknown Source)
// at sun.security.ssl.SSLServerSocketImpl.<init>(Unknown Source)
// at sun.security.ssl.SSLServerSocketFactoryImpl.createServerSocket(Unknown Source)
// at JVMCLRSSLServerSocket.Program.main(Program.java:53)
//C:\Windows\system32>netstat -ab
//Active Connections
// Proto Local Address Foreign Address State
// TCP 0.0.0.0:80 red:0 LISTENING
// Can not obtain ownership information
// TCP 0.0.0.0:135 red:0 LISTENING
// RpcSs
// [svchost.exe]
// TCP 0.0.0.0:443 red:0 LISTENING
// http://stackoverflow.com/questions/22225414/create-an-ssl-channel-same-pwd-for-keystore-and-trustore
var ss443 = xSSLServerSocketFactory.createServerSocket(8443);
Console.WriteLine(new { ss443 });
// http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html
var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket;
// https://www.chromium.org/Home/chromium-security/education/tls
// http://stackoverflow.com/questions/21289293/java-7-support-of-aes-gcm-in-ssl-tls
// http://superuser.com/questions/747377/enable-tls-1-1-and-1-2-for-clients-on-java-7
// https://blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls
xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" });
// Cipher suites with SHA384 and SHA256 are available only for TLS 1.2 or later.
// http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites
// http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites
var SystemSupportedCipherSuites = xSSLServerSocket.getSupportedCipherSuites();
SystemSupportedCipherSuites.WithEach(
SupportedCipherSuite =>
{
Console.WriteLine(new { SupportedCipherSuite });
}
);
//if (SystemSupportedCipherSuites.Contains())
// https://googleonlinesecurity.blogspot.com.ee/2013/11/a-roster-of-tls-cipher-suites-weaknesses.html
// http://stackoverflow.com/questions/21289293/java-7-support-of-aes-gcm-in-ssl-tls
// need java 8?
//xSSLServerSocket.setEnabledCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA");
// https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https
// https://community.oracle.com/thread/2382681?tstart=0
//Cipher Suites: [
// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
// TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
// Unknown 0xcc:0x14,
// Unknown 0xcc:0x13,
// TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
// TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
// TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
// TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
// TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
// TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
// TLS_RSA_WITH_AES_128_GCM_SHA256,
// TLS_RSA_WITH_AES_256_CBC_SHA,
// TLS_RSA_WITH_AES_128_CBC_SHA,
// SSL_RSA_WITH_3DES_EDE_CBC_SHA]
// Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
// TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
// Unknown 0xcc:0x14, Unknown 0xcc:0x13,
//TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_RSA_WITH_AES_128_GCM_SHA256,
//TLS_RSA_WITH_AES_256_CBC_SHA,
//TLS_RSA_WITH_AES_128_CBC_SHA,
//SSL_RSA_WITH_3DES_EDE_CBC_SHA
//]
var enabledCipherSuites = new[] {
//"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
// { Message = Unsupported ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256
//"TLS_RSA_WITH_AES_128_GCM_SHA256"
//"TLS_RSA_WITH_AES_256_CBC_SHA"
"TLS_RSA_WITH_AES_128_CBC_SHA"
//"SSL_RSA_WITH_3DES_EDE_CBC_SHA"
// { Message = Unsupported ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
//"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
// { Message = Unsupported ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
//"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
// { Message = Unsupported ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
//"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
};
// need id?
//xSSLServerSocket.setNeedClientAuth(true);
////xSSLServerSocket.setWantClientAuth(true);
//xSSLServerSocket.setEnabledCipherSuites(enabledCipherSuites);
var ok = true;
while (ok)
{
//Console.WriteLine("accept...");
var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket;
//Console.WriteLine(new { xSSLSocket });
// http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit
// java u suck.
//Console.WriteLine("startHandshake...");
try
{
// http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html
Func<string> getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>";
// can we await for it?
xSSLSocket.addHandshakeCompletedListener(
new xHandshakeCompletedListener
{
yield = e =>
{
try
{
Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length });
var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate;
var x509 = new __X509Certificate2 { InternalElement = c };
if (c != null)
{
getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>"
+ new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString()
);
}
}
catch (Exception fault)
{
//Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
// at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
// at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source)
//throw;
Console.WriteLine("getPeerCertificates " + new { fault.Message });
}
}
}
);
xSSLSocket.startHandshake();
//Cipher Suites: [
// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
// TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
// Unknown 0xcc:0x14,
//Unknown 0xcc:0x13,
//TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_RSA_WITH_AES_128_GCM_SHA256,
//TLS_RSA_WITH_AES_256_CBC_SHA,
//TLS_RSA_WITH_AES_128_CBC_SHA,
//SSL_RSA_WITH_3DES_EDE_CBC_SHA]
// http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html
// Error 573 The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'. Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs 68 17 JVMCLRSSLServerSocket
var xNetworkStream = new __NetworkStream
{
InternalInputStream = xSSLSocket.getInputStream(),
InternalOutputStream = xSSLSocket.getOutputStream()
};
Console.WriteLine(new { xNetworkStream });
// http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java
// http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm
// http://192.168.1.12:8443/
// chrome does a download of NAK EXT SOH NUL STX STX ??
// { byte0 = 71 }
//var byte0 = xNetworkStream.ReadByte();
//{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f }
//{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 }
//{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] }
//{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] }
//{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 }
//{ byte0 = -1 }
//Console.WriteLine(new { byte0 });
//Console.WriteLine(new { byte0 });
//{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51)
// at JVMCLRSSLServerSocket.Program.main(Program.java:145)
var xStreamReader = new StreamReader(xNetworkStream);
var line0 = xStreamReader.ReadLine();
Console.WriteLine(new { line0 });
// { line0 = GET / HTTP/1.1 }
// http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve
// http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common
//Implementation not found for type import :
//type: System.IO.StreamWriter
//method: Void .ctor(System.IO.Stream)
//var xStreamWriter = new StreamWriter(xNetworkStream);
var data =
getdata();
var bytes = Encoding.UTF8.GetBytes(data);
xNetworkStream.Write(bytes, 0, bytes.Length);
xNetworkStream.Close();
}
catch (Exception fault)
{
reportHansshakeFault(fault);
}
//Thread.Sleep(5000);
}
}
catch (Exception err)
{
Console.WriteLine(
new
{
err.Message,
err.StackTrace
}
);
}
//CLRProgram.CLRMain();
Console.WriteLine("done");
Console.ReadLine();
}
public static void Main(string[] args)
{
// http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
// https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/
// https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010
try
{
// first lets print into console the aliases we could be choosing from
// it should show the CA and the host alias on windows.
// once this works. lets do an example that works with JVM keystore
var keystore = new FileInfo(typeof(Program).Assembly.Location.TakeUntilIfAny(".") + ".keystore");
var portpath = new FileInfo(typeof(Program).Assembly.Location.TakeUntilIfAny(".") + ".port");
if (!portpath.Exists)
System.IO.File.WriteAllText(portpath.FullName, "" + 8443);
var port = Convert.ToInt32(
System.IO.File.ReadAllText(portpath.FullName).Trim()
);
Console.WriteLine(new { keystore, port });
// now lets start a ssl server and convince jvm to use the first friendly name we found..
var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2");
Console.WriteLine(new { xSSLContext });
var xTrustEveryoneManager = new[] { new TrustEveryoneManager() };
var xKeyManager = new[] { new localKeyManager(keystorepath: keystore.FullName) };
xSSLContext.init(
// SunMSCAPI ?
xKeyManager,
xTrustEveryoneManager,
new java.security.SecureRandom()
);
var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory();
//var ss443 = xSSLServerSocketFactory.createServerSocket(8443);
// { Message = Address already in use: JVM_Bind, StackTrace = java.net.BindException: Address already in use: JVM_Bind
// stop AppHostSvc
//[svchost.exe]
// TCP 0.0.0.0:443 red:0 LISTENING 4
//var ss443 = xSSLServerSocketFactory.createServerSocket(443);
//var ss443 = xSSLServerSocketFactory.createServerSocket(8443);
var ss443 = xSSLServerSocketFactory.createServerSocket(port);
Console.WriteLine(new { ss443 });
// http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html
var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket;
xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" });
var ok = true;
while (ok)
{
//Console.WriteLine("accept...");
var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket;
//Console.WriteLine(new { xSSLSocket });
// http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit
// java u suck.
//Console.WriteLine("startHandshake...");
try
{
// http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html
Func<string> getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>";
// can we await for it?
#region getPeerCertificates
xSSLSocket.addHandshakeCompletedListener(
new xHandshakeCompletedListener
{
yield = e =>
{
try
{
Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length });
var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate;
var x509 = new ScriptCoreLibJava.BCLImplementation.System.Security.Cryptography.X509Certificates.__X509Certificate2 { InternalElement = c };
if (c != null)
{
getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>"
+ new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString()
);
}
}
catch (Exception fault)
{
//Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
// at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
// at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source)
//throw;
Console.WriteLine("getPeerCertificates " + new { fault.Message });
}
}
}
);
#endregion
xSSLSocket.startHandshake();
//Cipher Suites: [
// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
// TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
// Unknown 0xcc:0x14,
//Unknown 0xcc:0x13,
//TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_RSA_WITH_AES_128_GCM_SHA256,
//TLS_RSA_WITH_AES_256_CBC_SHA,
//TLS_RSA_WITH_AES_128_CBC_SHA,
//SSL_RSA_WITH_3DES_EDE_CBC_SHA]
// http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html
// Error 573 The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'. Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs 68 17 JVMCLRSSLServerSocket
var xNetworkStream = new ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream
{
InternalInputStream = xSSLSocket.getInputStream(),
InternalOutputStream = xSSLSocket.getOutputStream()
};
//Console.WriteLine(new { xNetworkStream });
// http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java
// http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm
// http://192.168.1.12:8443/
// chrome does a download of NAK EXT SOH NUL STX STX ??
// { byte0 = 71 }
//var byte0 = xNetworkStream.ReadByte();
//{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f }
//{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 }
//{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] }
//{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] }
//{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 }
//{ byte0 = -1 }
//Console.WriteLine(new { byte0 });
//Console.WriteLine(new { byte0 });
//{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51)
// at JVMCLRSSLServerSocket.Program.main(Program.java:145)
var xStreamReader = new StreamReader(xNetworkStream);
var line0 = xStreamReader.ReadLine();
//Console.WriteLine(new { line0 });
// { line0 = GET / HTTP/1.1 }
// http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve
// http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common
//Implementation not found for type import :
//type: System.IO.StreamWriter
//method: Void .ctor(System.IO.Stream)
//var xStreamWriter = new StreamWriter(xNetworkStream);
var data =
getdata();
var bytes = Encoding.UTF8.GetBytes(data);
xNetworkStream.Write(bytes, 0, bytes.Length);
xNetworkStream.Close();
}
catch (Exception fault)
{
reportHansshakeFault(fault);
}
//Thread.Sleep(5000);
}
}
catch (Exception err)
{
Console.WriteLine(
new
{
err.Message,
err.StackTrace
}
);
}
Console.WriteLine("done");
Console.ReadLine();
}
