public static void Main(string[] args)
{
// http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
// https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/
// https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010
try
{
// first lets print into console the aliases we could be choosing from
// it should show the CA and the host alias on windows.
// once this works. lets do an example that works with JVM keystore
#region Certificates
Func<string, IEnumerable<System.Security.Cryptography.X509Certificates.X509Certificate2>> Certificates = keyStoreType =>
{
var a = new List<System.Security.Cryptography.X509Certificates.X509Certificate2> { };
try
{
// http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/sun/security/mscapi/SunMSCAPI.java
// https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
// https://social.msdn.microsoft.com/Forums/expression/en-US/52dca221-1e05-44c1-8c45-9e0d4a807853/java-keystoreload-for-windowsmy-pops-up-insert-smart-card-window?forum=windowssecurity
// I removed some personal certificaties at key manager (certmgr.msc) and wala!
//Client Authentication (1.3.6.1.5.5.7.3.2)
//Secure Email (1.3.6.1.5.5.7.3.4)
// https://www.chilkatsoft.com/p/p_280.asp
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider
// http://stackoverflow.com/questions/27692904/how-to-avoid-smart-card-selection-popup-when-accessing-windows-my-using-java
// http://stackoverflow.com/questions/4552100/how-to-prevent-popups-when-loading-a-keystore
// http://stackoverflow.com/questions/15220976/how-to-obtain-a-users-identity-from-a-smartcard-on-windows-mscapi-with-java
KeyStore xKeyStore = KeyStore.getInstance(keyStoreType);
//Console.WriteLine(new { xKeyStore });
//Console.WriteLine("load... " + new { keyStoreType });
xKeyStore.load(null, null);
//Console.WriteLine("load... done");
//Console.WriteLine("aliases...");
java.util.Enumeration en = xKeyStore.aliases();
//Console.WriteLine("aliases... done");
while (en.hasMoreElements())
{
var aliasKey = (string)en.nextElement();
//Console.WriteLine(new { aliasKey });
// PCSC?
var c509 = xKeyStore.getCertificate(aliasKey) as java.security.cert.X509Certificate;
if (c509 != null)
{
System.Security.Cryptography.X509Certificates.X509Certificate2 crt = new __X509Certificate2 { FriendlyName = aliasKey, InternalElement = c509 };
//Console.WriteLine(new { crt.Subject, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false) });
//Console.WriteLine(new { aliasKey, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false), crt.Issuer });
a.Add(crt);
}
//if (aliasKey.equals("myKey") ) {
// PrivateKey key = (PrivateKey)ks.getKey(aliasKey, "monPassword".toCharArray());
// Certificate[] chain = ks.getCertificateChain(aliasKey);
//}
}
}
catch //(Exception closure)
{
throw;
}
return a;
};
#endregion
Certificates("Windows-ROOT").WithEach(
crt =>
{
// aliasKey = peer integrity authority for cpu BFEBFBFF000306A9
// SimpleName = peer integrity authority for cpu BFEBFBFF000306A9
var SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
if (SimpleName.StartsWith("peer integrity authority for cpu"))
Console.WriteLine(new { crt.FriendlyName, SimpleName, crt.SerialNumber, crt.Issuer });
}
);
Certificates("Windows-MY").GroupBy(x => x.FriendlyName).WithEach(
crt =>
{
//{ FriendlyName = 192.168.1.12 }
//{ FriendlyName = 192.168.43.12 }
//{ FriendlyName = 192.168.173.12 }
//{ FriendlyName = 192.168.42.46 }
//{ FriendlyName = Administrator }
// hide non ip certs..
if (!crt.Key.Contains("."))
return;
Console.WriteLine(new { FriendlyName = crt.Key });
//Console.WriteLine(new { crt.FriendlyName, crt.SerialNumber });
}
);
Console.WriteLine("-");
// now lets start a ssl server and convince jvm to use the first friendly name we found..
var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2");
Console.WriteLine(new { xSSLContext });
var xTrustEveryoneManager = new[] { new TrustEveryoneManager() };
var xKeyManager = new[] { new localKeyManager() };
xSSLContext.init(
// SunMSCAPI ?
xKeyManager,
xTrustEveryoneManager,
new java.security.SecureRandom()
);
var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory();
var ss443 = xSSLServerSocketFactory.createServerSocket(8443);
Console.WriteLine(new { ss443 });
// http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html
var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket;
xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" });
var ok = true;
while (ok)
{
//Console.WriteLine("accept...");
var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket;
//Console.WriteLine(new { xSSLSocket });
// http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit
// java u suck.
//Console.WriteLine("startHandshake...");
try
{
// http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html
Func<string> getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>";
// can we await for it?
xSSLSocket.addHandshakeCompletedListener(
new xHandshakeCompletedListener
{
yield = e =>
{
try
{
Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length });
var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate;
var x509 = new __X509Certificate2 { InternalElement = c };
if (c != null)
{
getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>"
+ new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString()
);
}
}
catch (Exception fault)
{
//Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
// at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
// at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source)
//throw;
Console.WriteLine("getPeerCertificates " + new { fault.Message });
}
}
}
);
xSSLSocket.startHandshake();
//Cipher Suites: [
// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
// TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
// Unknown 0xcc:0x14,
//Unknown 0xcc:0x13,
//TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_RSA_WITH_AES_128_GCM_SHA256,
//TLS_RSA_WITH_AES_256_CBC_SHA,
//TLS_RSA_WITH_AES_128_CBC_SHA,
//SSL_RSA_WITH_3DES_EDE_CBC_SHA]
// http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html
// Error 573 The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'. Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs 68 17 JVMCLRSSLServerSocket
var xNetworkStream = new __NetworkStream
{
InternalInputStream = xSSLSocket.getInputStream(),
InternalOutputStream = xSSLSocket.getOutputStream()
};
Console.WriteLine(new { xNetworkStream });
// http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java
// http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm
// http://192.168.1.12:8443/
// chrome does a download of NAK EXT SOH NUL STX STX ??
// { byte0 = 71 }
//var byte0 = xNetworkStream.ReadByte();
//{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f }
//{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 }
//{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] }
//{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] }
//{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 }
//{ byte0 = -1 }
//Console.WriteLine(new { byte0 });
//Console.WriteLine(new { byte0 });
//{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51)
// at JVMCLRSSLServerSocket.Program.main(Program.java:145)
var xStreamReader = new StreamReader(xNetworkStream);
var line0 = xStreamReader.ReadLine();
Console.WriteLine(new { line0 });
// { line0 = GET / HTTP/1.1 }
// http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve
// http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common
//Implementation not found for type import :
//type: System.IO.StreamWriter
//method: Void .ctor(System.IO.Stream)
//var xStreamWriter = new StreamWriter(xNetworkStream);
var data =
getdata();
var bytes = Encoding.UTF8.GetBytes(data);
xNetworkStream.Write(bytes, 0, bytes.Length);
xNetworkStream.Close();
}
catch (Exception fault)
{
reportHansshakeFault(fault);
}
//Thread.Sleep(5000);
}
}
catch (Exception err)
{
Console.WriteLine(
new
{
err.Message,
err.StackTrace
}
);
}
Console.WriteLine("done");
Console.ReadLine();
}
// "x:\util\android-sdk-windows\platform-tools\adb.exe" tcpip 5555
// restarting in TCP mode port: 5555
// "x:\util\android-sdk-windows\platform-tools\adb.exe" connect 192.168.1.126:5555
// connected to 192.168.1.126:5555
// https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201505/20150513
// lets verify this thing . deploy over wifi.
//C:\Windows\system32> "x:\util\android-sdk-windows\platform-tools\adb.exe" shell netcfg
//wlan0 UP 192.168.1.126/24 0x00001043 e8:50:8b:7d:27:7c
protected override void onCreate(Bundle savedInstanceState)
{
base.onCreate(savedInstanceState);
var sv = new ScrollView(this);
var ll = new LinearLayout(this);
//ll.setOrientation(LinearLayout.VERTICAL);
sv.addView(ll);
//var b = new Button(this).AttachTo(ll);
//b.WithText("before AtClick");
//b.AtClick(
// v =>
// {
// b.setText("AtClick");
// }
//);
this.setContentView(sv);
// http://www.java2s.com/Tutorial/Java/0490__Security/KeyStoreExample.htm
//I/System.Console( 5182): 143e:0001 ... { xKeyStoreDefaultType = BKS }
//I/System.Console( 5182): 143e:0001 { xKeyStore = java.security.KeyStore@274cc17e }
//I/System.Console( 5182): 143e:0001 load... { keyStoreType = BKS }
//I/System.Console( 5182): 143e:0001 aliases...
var xKeyStoreDefaultType = java.security.KeyStore.getDefaultType();
Console.WriteLine("... " + new { xKeyStoreDefaultType });
// are we running in GUI or TTY?
// can we enumerate keystores?
// ... { xKeyStoreDefaultType = jks }
Action<string> f = keyStoreType =>
{
// jsc should do implicit try catch for closures? while asking for explicit catch for non closures?
//{ ks = java.security.KeyStore@d3ade7 }
//{ aliasKey = peer integrity authority for cpu BFEBFBFF000306A9, SerialNumber = 03729f49acf3e79d4cc40da08149433d, SimpleName = peer integrity authority for cpu BFEBFBFF000306A9 }
//{ aliasKey = peer integrity authority for cpu BFEBFBFF000306C3, SerialNumber = c4761e1ea779bc9546151afce47c7c26, SimpleName = peer integrity authority for cpu BFEBFBFF000306C3 }
try
{
// http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/sun/security/mscapi/SunMSCAPI.java
// https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
// https://social.msdn.microsoft.com/Forums/expression/en-US/52dca221-1e05-44c1-8c45-9e0d4a807853/java-keystoreload-for-windowsmy-pops-up-insert-smart-card-window?forum=windowssecurity
// I removed some personal certificaties at key manager (certmgr.msc) and wala!
//Client Authentication (1.3.6.1.5.5.7.3.2)
//Secure Email (1.3.6.1.5.5.7.3.4)
// https://www.chilkatsoft.com/p/p_280.asp
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider
// http://stackoverflow.com/questions/27692904/how-to-avoid-smart-card-selection-popup-when-accessing-windows-my-using-java
// http://stackoverflow.com/questions/4552100/how-to-prevent-popups-when-loading-a-keystore
// http://stackoverflow.com/questions/15220976/how-to-obtain-a-users-identity-from-a-smartcard-on-windows-mscapi-with-java
KeyStore xKeyStore = KeyStore.getInstance(keyStoreType);
Console.WriteLine(new { xKeyStore });
Console.WriteLine("load... " + new { keyStoreType });
xKeyStore.load(null, null);
//Console.WriteLine("load... done");
Console.WriteLine("aliases...");
java.util.Enumeration en = xKeyStore.aliases();
//Console.WriteLine("aliases... done");
while (en.hasMoreElements())
{
var aliasKey = (string)en.nextElement();
Console.WriteLine(new { aliasKey });
// PCSC?
var c509 = xKeyStore.getCertificate(aliasKey) as java.security.cert.X509Certificate;
if (c509 != null)
{
X509Certificate2 crt = new __X509Certificate2 { InternalElement = c509 };
//Console.WriteLine(new { crt.Subject, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false) });
Console.WriteLine(new { aliasKey, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false), crt.Issuer });
}
//if (aliasKey.equals("myKey") ) {
// PrivateKey key = (PrivateKey)ks.getKey(aliasKey, "monPassword".toCharArray());
// Certificate[] chain = ks.getCertificateChain(aliasKey);
//}
}
}
catch (Exception err)
{
Console.WriteLine(new { err.Message, err.StackTrace });
}
};
//hello ubuntu! { AssemblyQualifiedName = java.lang.Object, rt }
//... { xKeyStoreDefaultType = jks }
//{ xKeyStore = java.security.KeyStore@9980d5 }
//load... { keyStoreType = jks }
//aliases...
//done
new Button(this).AttachTo(ll).WithText(xKeyStoreDefaultType).AtClick(
delegate
{
// on RED there are no entries?
// what about ubuntu?
f(xKeyStoreDefaultType);
}
);
//I/System.Console( 7167): 1bff:0001 load... { keyStoreType = AndroidKeyStore }
//I/System.Console( 7167): 1bff:0001 aliases...
new Button(this).AttachTo(ll).WithText("AndroidKeyStore").AtClick(
delegate
{
// on RED there are no entries?
// what about ubuntu?
f("AndroidKeyStore");
}
);
}
public static void Main(string[] args)
{
// http://stackoverflow.com/questions/1666052/java-https-client-certificate-authentication
// http://www.berthou.com/us/2007/12/05/ms-capi-and-java-jce-sunmscapi/
try
{
java.lang.System.setProperty("javax.net.debug", "all");
#region Certificates
Func<string, IEnumerable<X509Certificate2>> Certificates = keyStoreType =>
{
var a = new List<X509Certificate2> { };
try
{
// http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/sun/security/mscapi/SunMSCAPI.java
// https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
// https://social.msdn.microsoft.com/Forums/expression/en-US/52dca221-1e05-44c1-8c45-9e0d4a807853/java-keystoreload-for-windowsmy-pops-up-insert-smart-card-window?forum=windowssecurity
// I removed some personal certificaties at key manager (certmgr.msc) and wala!
//Client Authentication (1.3.6.1.5.5.7.3.2)
//Secure Email (1.3.6.1.5.5.7.3.4)
// https://www.chilkatsoft.com/p/p_280.asp
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider
// http://stackoverflow.com/questions/27692904/how-to-avoid-smart-card-selection-popup-when-accessing-windows-my-using-java
// http://stackoverflow.com/questions/4552100/how-to-prevent-popups-when-loading-a-keystore
// http://stackoverflow.com/questions/15220976/how-to-obtain-a-users-identity-from-a-smartcard-on-windows-mscapi-with-java
KeyStore xKeyStore = KeyStore.getInstance(keyStoreType);
//Console.WriteLine(new { xKeyStore });
//Console.WriteLine("load... " + new { keyStoreType });
xKeyStore.load(null, null);
//Console.WriteLine("load... done");
//Console.WriteLine("aliases...");
java.util.Enumeration en = xKeyStore.aliases();
//Console.WriteLine("aliases... done");
while (en.hasMoreElements())
{
var aliasKey = (string)en.nextElement();
//Console.WriteLine(new { aliasKey });
// PCSC?
var c509 = xKeyStore.getCertificate(aliasKey) as java.security.cert.X509Certificate;
if (c509 != null)
{
X509Certificate2 crt = new __X509Certificate2 { InternalElement = c509 };
//Console.WriteLine(new { crt.Subject, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false) });
//Console.WriteLine(new { aliasKey, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false), crt.Issuer });
a.Add(crt);
}
//if (aliasKey.equals("myKey") ) {
// PrivateKey key = (PrivateKey)ks.getKey(aliasKey, "monPassword".toCharArray());
// Certificate[] chain = ks.getCertificateChain(aliasKey);
//}
}
}
catch //(Exception closure)
{
throw;
}
return a;
};
#endregion
Action<string> f = keyStoreType =>
{
// jsc should do implicit try catch for closures? while asking for explicit catch for non closures?
//{ ks = java.security.KeyStore@d3ade7 }
//{ aliasKey = peer integrity authority for cpu BFEBFBFF000306A9, SerialNumber = 03729f49acf3e79d4cc40da08149433d, SimpleName = peer integrity authority for cpu BFEBFBFF000306A9 }
//{ aliasKey = peer integrity authority for cpu BFEBFBFF000306C3, SerialNumber = c4761e1ea779bc9546151afce47c7c26, SimpleName = peer integrity authority for cpu BFEBFBFF000306C3 }
try
{
// http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/sun/security/mscapi/SunMSCAPI.java
// https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
// https://social.msdn.microsoft.com/Forums/expression/en-US/52dca221-1e05-44c1-8c45-9e0d4a807853/java-keystoreload-for-windowsmy-pops-up-insert-smart-card-window?forum=windowssecurity
// I removed some personal certificaties at key manager (certmgr.msc) and wala!
//Client Authentication (1.3.6.1.5.5.7.3.2)
//Secure Email (1.3.6.1.5.5.7.3.4)
// https://www.chilkatsoft.com/p/p_280.asp
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider
// http://stackoverflow.com/questions/27692904/how-to-avoid-smart-card-selection-popup-when-accessing-windows-my-using-java
// http://stackoverflow.com/questions/4552100/how-to-prevent-popups-when-loading-a-keystore
// http://stackoverflow.com/questions/15220976/how-to-obtain-a-users-identity-from-a-smartcard-on-windows-mscapi-with-java
KeyStore xKeyStore = KeyStore.getInstance(keyStoreType);
Console.WriteLine(new { xKeyStore });
Console.WriteLine("load... " + new { keyStoreType });
xKeyStore.load(null, null);
//Console.WriteLine("load... done");
Console.WriteLine("aliases...");
java.util.Enumeration en = xKeyStore.aliases();
//Console.WriteLine("aliases... done");
while (en.hasMoreElements())
{
var aliasKey = (string)en.nextElement();
//Console.WriteLine(new { aliasKey });
// PCSC?
var c509 = xKeyStore.getCertificate(aliasKey) as java.security.cert.X509Certificate;
if (c509 != null)
{
X509Certificate2 crt = new __X509Certificate2 { InternalElement = c509 };
//Console.WriteLine(new { crt.Subject, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false) });
Console.WriteLine(new { aliasKey, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false), crt.Issuer });
}
//if (aliasKey.equals("myKey") ) {
// PrivateKey key = (PrivateKey)ks.getKey(aliasKey, "monPassword".toCharArray());
// Certificate[] chain = ks.getCertificateChain(aliasKey);
//}
}
}
catch //(Exception closure)
{
throw;
}
};
Certificates("Windows-ROOT").WithEach(
crt =>
{
// aliasKey = peer integrity authority for cpu BFEBFBFF000306A9
// SimpleName = peer integrity authority for cpu BFEBFBFF000306A9
var SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
//{ SerialNumber = 01 }
//{ SerialNumber = 4a19d2388c82591ca55d735f155ddca3 }
//{ SerialNumber = 35def4cf }
//{ SerialNumber = 00 }
//{ SerialNumber = 7dd9fe07cfa81eb7107967fba78934c6 }
//{ SerialNumber = 70bae41d10d92934b638ca7b03ccbabf }
//{ SerialNumber = 7dd9fe07cfa81eb7107967fba78934c6 }
//{ SerialNumber = 35def4cf }
//{ SerialNumber = 00 }
//{ SerialNumber = 7dd9fe07cfa81eb7107967fba78934c6 }
// if (SimpleName == null)
// Console.WriteLine(new { crt.SerialNumber });
// else
if (SimpleName.StartsWith("peer integrity authority for cpu"))
Console.WriteLine(new { SimpleName, crt.SerialNumber, crt.Issuer });
}
);
//f("Windows-MY");
Console.WriteLine("-");
//Caused by: java.lang.NullPointerException
// at TestKeyStoreWindowsROOT.Program._Main_b__4(Program.java:214)
// https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.friendlyname(v=vs.110).aspx
f("Windows-MY");
//Certificates("Windows-MY").WithEach(
// crt =>
// {
// // aliasKey = peer integrity authority for cpu BFEBFBFF000306A9
// // SimpleName = peer integrity authority for cpu BFEBFBFF000306A9
// var SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);
// //if (SimpleName.StartsWith("peer integrity authority for cpu"))
// Console.WriteLine(new { SimpleName, crt.SerialNumber, crt.Issuer });
// }
//);
}
catch (Exception err)
{
Console.WriteLine(new { err.Message, err.StackTrace });
}
CLRProgram.CLRMain();
}
public static void Main(string[] args)
{
// http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
// https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/
// https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010
try
{
Console.WriteLine(
new
{
typeof(object).AssemblyQualifiedName,
Environment.CurrentDirectory,
// "X:\Program Files (x86)\Java\jre7\lib\security\local_policy.jar"
// Location = X:\Program Files (x86)\Java\jre7\lib\rt.jar }
typeof(object).Assembly.Location,
}
);
#region useless
// You can't do it with the system properties. You would have to write and load your own X509KeyManager and create your own SSLContext with it.
var keyStore = java.lang.System.getProperty("javax.net.ssl.keyStore");
Console.WriteLine(new { keyStore });
var keyStorePassword = java.lang.System.getProperty("javax.net.ssl.keyStorePassword");
Console.WriteLine(new { keyStorePassword });
#endregion
// ok lets do a server.
// http://developer.android.com/reference/android/net/SSLCertificateSocketFactory.html
// http://stackoverflow.com/questions/11832672/how-can-a-java-client-use-the-native-windows-my-store-to-provide-its-client-cert
// http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html
//java.lang.System.setProperty("javax.net.debug", "all");
// http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0
java.lang.System.setProperty("jsse.enableSNIExtension", "false");
// http://www.angelfire.com/or/abhilash/site/articles/jsse-km/customKeyManager.html
// the reason for the SSLEngine’s complaint is that you enabled only the RSA cipher, but your certificate uses DSA keys.
//CLRProgram.makecert(host: "192.168.1.12", port: 8443);
// ERR_SSL_VERSION_OR_CIPHER_MISMATCH
//var xSSLContext = javax.net.ssl.SSLContext.getInstance("SSL");
// For 256 bit security you need to install Oracle's unlimited strength policy files.
// http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
//var xSSLContext = javax.net.ssl.SSLContext.getInstance("SSLv3");
// { Message = TLSv1.3 SSLContext not available, StackTrace = java.security.NoSuchAlgorithmException: TLSv1.3 SSLContext not available
//var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.3");
//var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2");
//var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.1");
// { Message = TLS_RSA_WITH_AES_256_CBC_SHA256 SSLContext not available, StackTrace = java.security.NoSuchAlgorithmException: TLS_RSA_WITH_AES_256_CBC_SHA256 SSLContext not available
var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2");
Console.WriteLine(new { xSSLContext });
// https://android.googlesource.com/platform/libcore/+/jb-mr2-release/luni/src/main/java/javax/net/ssl/KeyManagerFactory.java
//var localKeyManager = new[] { new localKeyManager() };
var myTrustManagerArray = new[] { new TrustEveryoneManager() };
// null?
xSSLContext.init(
// SunMSCAPI ?
localKeyManager.WindowsMYKeyManagers(),
myTrustManagerArray, new java.security.SecureRandom());
//var cf = javax.net.ssl.SSLSocketFactory.getDefault() as javax.net.ssl.SSLSocketFactory;
var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory();
//{ cf = sun.security.ssl.SSLSocketFactoryImpl@1fd10fa }
//{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@7b4ed7 }
Console.WriteLine(new { xSSLServerSocketFactory });
//f.
// http://www.javased.com/?api=javax.net.ssl.SSLSocketFactory
// http://www.java2s.com/Code/JavaAPI/javax.net.ssl/SSLSocketFactorycreateSocketStringarg0intarg1.htm
// http://saltnlight5.blogspot.com.ee/2014/10/how-to-setup-custom-sslsocketfactorys.html
//f.createSocket(
// http://www.herongyang.com/JDK/SSL-Socket-Server-Example-SslReverseEchoer.html
//javax.net.ssl.SSLServerSocket.
// http://www.javaworld.com/article/2075291/learn-java/build-secure-network-applications-with-ssl-and-the-jsse-api.html
// -Djavax.net.ssl.keyStore
// -Djavax.net.ssl.keyStorePassword
// http://stackoverflow.com/questions/20798652/java-sslserversocket-presents-wrong-certificate
// https://searchcode.com/codesearch/view/171073/
// http://stackoverflow.com/questions/12370351/setting-the-certificate-used-by-a-java-ssl-serversocket
// http://stackoverflow.com/questions/22230815/java-server-ssl-with-different-storepass-and-keypass
// http://stackoverflow.com/questions/9921548/sslsocketfactory-in-java
// https://code.google.com/p/vellum/wiki/LocalCa
// hg https://bitbucket.org/mfichman/mitm
//var ssf = javax.net.ssl.SSLServerSocketFactory.getDefault() as javax.net.ssl.SSLServerSocketFactory;
//// http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java
//Console.WriteLine(new { ssf });
//{ Message = Address already in use: JVM_Bind, StackTrace = java.net.BindException: Address already in use: JVM_Bind
// at java.net.DualStackPlainSocketImpl.bind0(Native Method)
// at java.net.DualStackPlainSocketImpl.socketBind(Unknown Source)
// at java.net.AbstractPlainSocketImpl.bind(Unknown Source)
// at java.net.PlainSocketImpl.bind(Unknown Source)
// at java.net.ServerSocket.bind(Unknown Source)
// at java.net.ServerSocket.<init>(Unknown Source)
// at java.net.ServerSocket.<init>(Unknown Source)
// at javax.net.ssl.SSLServerSocket.<init>(Unknown Source)
// at sun.security.ssl.SSLServerSocketImpl.<init>(Unknown Source)
// at sun.security.ssl.SSLServerSocketFactoryImpl.createServerSocket(Unknown Source)
// at JVMCLRSSLServerSocket.Program.main(Program.java:53)
//C:\Windows\system32>netstat -ab
//Active Connections
// Proto Local Address Foreign Address State
// TCP 0.0.0.0:80 red:0 LISTENING
// Can not obtain ownership information
// TCP 0.0.0.0:135 red:0 LISTENING
// RpcSs
// [svchost.exe]
// TCP 0.0.0.0:443 red:0 LISTENING
// http://stackoverflow.com/questions/22225414/create-an-ssl-channel-same-pwd-for-keystore-and-trustore
var ss443 = xSSLServerSocketFactory.createServerSocket(8443);
Console.WriteLine(new { ss443 });
// http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html
var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket;
// https://www.chromium.org/Home/chromium-security/education/tls
// http://stackoverflow.com/questions/21289293/java-7-support-of-aes-gcm-in-ssl-tls
// http://superuser.com/questions/747377/enable-tls-1-1-and-1-2-for-clients-on-java-7
// https://blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls
xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" });
// Cipher suites with SHA384 and SHA256 are available only for TLS 1.2 or later.
// http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites
// http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites
var SystemSupportedCipherSuites = xSSLServerSocket.getSupportedCipherSuites();
SystemSupportedCipherSuites.WithEach(
SupportedCipherSuite =>
{
Console.WriteLine(new { SupportedCipherSuite });
}
);
//if (SystemSupportedCipherSuites.Contains())
// https://googleonlinesecurity.blogspot.com.ee/2013/11/a-roster-of-tls-cipher-suites-weaknesses.html
// http://stackoverflow.com/questions/21289293/java-7-support-of-aes-gcm-in-ssl-tls
// need java 8?
//xSSLServerSocket.setEnabledCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA");
// https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https
// https://community.oracle.com/thread/2382681?tstart=0
//Cipher Suites: [
// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
// TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
// Unknown 0xcc:0x14,
// Unknown 0xcc:0x13,
// TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
// TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
// TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
// TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
// TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
// TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
// TLS_RSA_WITH_AES_128_GCM_SHA256,
// TLS_RSA_WITH_AES_256_CBC_SHA,
// TLS_RSA_WITH_AES_128_CBC_SHA,
// SSL_RSA_WITH_3DES_EDE_CBC_SHA]
// Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
// TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
// Unknown 0xcc:0x14, Unknown 0xcc:0x13,
//TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_RSA_WITH_AES_128_GCM_SHA256,
//TLS_RSA_WITH_AES_256_CBC_SHA,
//TLS_RSA_WITH_AES_128_CBC_SHA,
//SSL_RSA_WITH_3DES_EDE_CBC_SHA
//]
var enabledCipherSuites = new[] {
//"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
// { Message = Unsupported ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256
//"TLS_RSA_WITH_AES_128_GCM_SHA256"
//"TLS_RSA_WITH_AES_256_CBC_SHA"
"TLS_RSA_WITH_AES_128_CBC_SHA"
//"SSL_RSA_WITH_3DES_EDE_CBC_SHA"
// { Message = Unsupported ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
//"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
// { Message = Unsupported ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
//"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
// { Message = Unsupported ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
//"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
};
// need id?
//xSSLServerSocket.setNeedClientAuth(true);
////xSSLServerSocket.setWantClientAuth(true);
//xSSLServerSocket.setEnabledCipherSuites(enabledCipherSuites);
var ok = true;
while (ok)
{
//Console.WriteLine("accept...");
var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket;
//Console.WriteLine(new { xSSLSocket });
// http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit
// java u suck.
//Console.WriteLine("startHandshake...");
try
{
// http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html
Func<string> getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>";
// can we await for it?
xSSLSocket.addHandshakeCompletedListener(
new xHandshakeCompletedListener
{
yield = e =>
{
try
{
Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length });
var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate;
var x509 = new __X509Certificate2 { InternalElement = c };
if (c != null)
{
getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>"
+ new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString()
);
}
}
catch (Exception fault)
{
//Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
// at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
// at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source)
//throw;
Console.WriteLine("getPeerCertificates " + new { fault.Message });
}
}
}
);
xSSLSocket.startHandshake();
//Cipher Suites: [
// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
// TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
// Unknown 0xcc:0x14,
//Unknown 0xcc:0x13,
//TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_RSA_WITH_AES_128_GCM_SHA256,
//TLS_RSA_WITH_AES_256_CBC_SHA,
//TLS_RSA_WITH_AES_128_CBC_SHA,
//SSL_RSA_WITH_3DES_EDE_CBC_SHA]
// http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html
// Error 573 The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'. Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs 68 17 JVMCLRSSLServerSocket
var xNetworkStream = new __NetworkStream
{
InternalInputStream = xSSLSocket.getInputStream(),
InternalOutputStream = xSSLSocket.getOutputStream()
};
Console.WriteLine(new { xNetworkStream });
// http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java
// http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm
// http://192.168.1.12:8443/
// chrome does a download of NAK EXT SOH NUL STX STX ??
// { byte0 = 71 }
//var byte0 = xNetworkStream.ReadByte();
//{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f }
//{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 }
//{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] }
//{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] }
//{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 }
//{ byte0 = -1 }
//Console.WriteLine(new { byte0 });
//Console.WriteLine(new { byte0 });
//{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51)
// at JVMCLRSSLServerSocket.Program.main(Program.java:145)
var xStreamReader = new StreamReader(xNetworkStream);
var line0 = xStreamReader.ReadLine();
Console.WriteLine(new { line0 });
// { line0 = GET / HTTP/1.1 }
// http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve
// http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common
//Implementation not found for type import :
//type: System.IO.StreamWriter
//method: Void .ctor(System.IO.Stream)
//var xStreamWriter = new StreamWriter(xNetworkStream);
var data =
getdata();
var bytes = Encoding.UTF8.GetBytes(data);
xNetworkStream.Write(bytes, 0, bytes.Length);
xNetworkStream.Close();
}
catch (Exception fault)
{
reportHansshakeFault(fault);
}
//Thread.Sleep(5000);
}
}
catch (Exception err)
{
Console.WriteLine(
new
{
err.Message,
err.StackTrace
}
);
}
//CLRProgram.CLRMain();
Console.WriteLine("done");
Console.ReadLine();
}
public static void Main(string[] args)
{
// http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
// https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/
// https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010
try
{
// first lets print into console the aliases we could be choosing from
// it should show the CA and the host alias on windows.
// once this works. lets do an example that works with JVM keystore
Console.WriteLine("-");
// now lets start a ssl server and convince jvm to use the first friendly name we found..
var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2");
Console.WriteLine(new { xSSLContext });
var xTrustEveryoneManager = new[] { new TrustEveryoneManager() };
var xKeyManager = new[] { new localKeyManager() };
xSSLContext.init(
// SunMSCAPI ?
xKeyManager,
xTrustEveryoneManager,
new java.security.SecureRandom()
);
var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory();
//var ss443 = xSSLServerSocketFactory.createServerSocket(8443);
// { Message = Address already in use: JVM_Bind, StackTrace = java.net.BindException: Address already in use: JVM_Bind
// stop AppHostSvc
//[svchost.exe]
// TCP 0.0.0.0:443 red:0 LISTENING 4
//var ss443 = xSSLServerSocketFactory.createServerSocket(443);
var ss443 = xSSLServerSocketFactory.createServerSocket(8443);
Console.WriteLine(new { ss443 });
// http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html
var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket;
xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" });
var ok = true;
while (ok)
{
//Console.WriteLine("accept...");
var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket;
//Console.WriteLine(new { xSSLSocket });
// http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit
// java u suck.
//Console.WriteLine("startHandshake...");
try
{
// http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html
Func<string> getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>";
// can we await for it?
xSSLSocket.addHandshakeCompletedListener(
new xHandshakeCompletedListener
{
yield = e =>
{
try
{
Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length });
var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate;
var x509 = new __X509Certificate2 { InternalElement = c };
if (c != null)
{
getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>"
+ new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString()
);
}
}
catch (Exception fault)
{
//Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
// at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
// at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source)
//throw;
Console.WriteLine("getPeerCertificates " + new { fault.Message });
}
}
}
);
xSSLSocket.startHandshake();
//Cipher Suites: [
// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
// TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
// Unknown 0xcc:0x14,
//Unknown 0xcc:0x13,
//TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_RSA_WITH_AES_128_GCM_SHA256,
//TLS_RSA_WITH_AES_256_CBC_SHA,
//TLS_RSA_WITH_AES_128_CBC_SHA,
//SSL_RSA_WITH_3DES_EDE_CBC_SHA]
// http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html
// Error 573 The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'. Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs 68 17 JVMCLRSSLServerSocket
var xNetworkStream = new __NetworkStream
{
InternalInputStream = xSSLSocket.getInputStream(),
InternalOutputStream = xSSLSocket.getOutputStream()
};
Console.WriteLine(new { xNetworkStream });
// http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java
// http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm
// http://192.168.1.12:8443/
// chrome does a download of NAK EXT SOH NUL STX STX ??
// { byte0 = 71 }
//var byte0 = xNetworkStream.ReadByte();
//{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f }
//{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 }
//{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] }
//{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] }
//{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 }
//{ byte0 = -1 }
//Console.WriteLine(new { byte0 });
//Console.WriteLine(new { byte0 });
//{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51)
// at JVMCLRSSLServerSocket.Program.main(Program.java:145)
var xStreamReader = new StreamReader(xNetworkStream);
var line0 = xStreamReader.ReadLine();
//Console.WriteLine(new { line0 });
// { line0 = GET / HTTP/1.1 }
// http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve
// http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common
//Implementation not found for type import :
//type: System.IO.StreamWriter
//method: Void .ctor(System.IO.Stream)
//var xStreamWriter = new StreamWriter(xNetworkStream);
var data =
getdata();
var bytes = Encoding.UTF8.GetBytes(data);
xNetworkStream.Write(bytes, 0, bytes.Length);
xNetworkStream.Close();
}
catch (Exception fault)
{
reportHansshakeFault(fault);
}
//Thread.Sleep(5000);
}
}
catch (Exception err)
{
Console.WriteLine(
new
{
err.Message,
err.StackTrace
}
);
}
Console.WriteLine("done");
Console.ReadLine();
}
public static void Main(string[] args)
{
// http://stackoverflow.com/questions/11203483/run-a-java-application-as-a-service-on-linux
// http://askubuntu.com/questions/99232/how-to-make-a-jar-file-run-on-startup-and-when-you-log-out
// "X:\torrent\ubuntu-14.04.3-server-amd64.iso"
// http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html
try
{
System.Console.WriteLine("hello ubuntu! " + new
{
typeof(object).AssemblyQualifiedName
}
);
// http://www.java2s.com/Tutorial/Java/0490__Security/KeyStoreExample.htm
var xKeyStoreDefaultType = java.security.KeyStore.getDefaultType();
//xKeyStoreDefaultType = "/usr/lib/jvm/default-java/jre/lib/security/cacerts";
//xKeyStoreDefaultType = "cacerts.jks";
Console.WriteLine("... " + new { xKeyStoreDefaultType });
#region useless
// You can't do it with the system properties. You would have to write and load your own X509KeyManager and create your own SSLContext with it.
// https://docs.oracle.com/cd/E19830-01/819-4712/ablqw/index.html
var keyStore = java.lang.System.getProperty("javax.net.ssl.keyStore");
Console.WriteLine(new { keyStore });
var trustStore = java.lang.System.getProperty("javax.net.ssl.trustStore");
Console.WriteLine(new { trustStore });
#endregion
// are we running in GUI or TTY?
// can we enumerate keystores?
// ... { xKeyStoreDefaultType = jks }
Action<string> f = keyStoreType =>
{
// jsc should do implicit try catch for closures? while asking for explicit catch for non closures?
//{ ks = java.security.KeyStore@d3ade7 }
//{ aliasKey = peer integrity authority for cpu BFEBFBFF000306A9, SerialNumber = 03729f49acf3e79d4cc40da08149433d, SimpleName = peer integrity authority for cpu BFEBFBFF000306A9 }
//{ aliasKey = peer integrity authority for cpu BFEBFBFF000306C3, SerialNumber = c4761e1ea779bc9546151afce47c7c26, SimpleName = peer integrity authority for cpu BFEBFBFF000306C3 }
try
{
// http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/sun/security/mscapi/SunMSCAPI.java
// https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
// https://social.msdn.microsoft.com/Forums/expression/en-US/52dca221-1e05-44c1-8c45-9e0d4a807853/java-keystoreload-for-windowsmy-pops-up-insert-smart-card-window?forum=windowssecurity
// I removed some personal certificaties at key manager (certmgr.msc) and wala!
//Client Authentication (1.3.6.1.5.5.7.3.2)
//Secure Email (1.3.6.1.5.5.7.3.4)
// https://www.chilkatsoft.com/p/p_280.asp
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider
// http://stackoverflow.com/questions/27692904/how-to-avoid-smart-card-selection-popup-when-accessing-windows-my-using-java
// http://stackoverflow.com/questions/4552100/how-to-prevent-popups-when-loading-a-keystore
// http://stackoverflow.com/questions/15220976/how-to-obtain-a-users-identity-from-a-smartcard-on-windows-mscapi-with-java
KeyStore xKeyStore = KeyStore.getInstance(keyStoreType);
Console.WriteLine(new { xKeyStore });
Console.WriteLine("load... " + new { keyStoreType });
xKeyStore.load(null, null);
//Console.WriteLine("load... done");
Console.WriteLine("aliases...");
java.util.Enumeration en = xKeyStore.aliases();
//Console.WriteLine("aliases... done");
while (en.hasMoreElements())
{
var aliasKey = (string)en.nextElement();
Console.WriteLine(new { aliasKey });
// PCSC?hhhhhhhhhhhh
var c509 = xKeyStore.getCertificate(aliasKey) as java.security.cert.X509Certificate;
if (c509 != null)
{
X509Certificate2 crt = new __X509Certificate2 { InternalElement = c509 };
//Console.WriteLine(new { crt.Subject, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false) });
Console.WriteLine(new { aliasKey, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false), crt.Issuer });
}
//if (aliasKey.equals("myKey") ) {
// PrivateKey key = (PrivateKey)ks.getKey(aliasKey, "monPassword".toCharArray());
// Certificate[] chain = ks.getCertificateChain(aliasKey);
//}
}
}
catch //(Exception closure)
{
throw;
}
};
//hello ubuntu! { AssemblyQualifiedName = java.lang.Object, rt }
//... { xKeyStoreDefaultType = jks }
//{ xKeyStore = java.security.KeyStore@9980d5 }
//load... { keyStoreType = jks }
//aliases...
//done
// on RED there are no entries?
// what about ubuntu?
f(xKeyStoreDefaultType);
//C:\Windows\system32>net use u: \\192.168.1.189\staging
//The command completed successfully.
// ubuntu is also empty it seems.
// what about android?
}
catch (Exception err)
{
Console.WriteLine(new { err.Message, err.StackTrace });
}
Console.WriteLine("done");
//Thread.Sleep(10000);
Console.ReadLine();
// CLR not available? unless there was mono?
//CLRProgram.CLRMain();
}
public static void Main(string[] args)
{
// https://javacruft.wordpress.com/2014/06/18/168k-instances/
// http://www.ubuntu.com/cloud
//File.WriteAllText(f, w.ToString());
try
{
// https://lists.ubuntu.com/archives/upstart-devel/2014-August/003360.html
Console.WriteLine("ready!");
// http://stackoverflow.com/questions/11203483/run-a-java-application-as-a-service-on-linux
// http://askubuntu.com/questions/99232/how-to-make-a-jar-file-run-on-startup-and-when-you-log-out
// "X:\torrent\ubuntu-14.04.3-server-amd64.iso"
// http://standards.freedesktop.org/desktop-entry-spec/desktop-entry-spec-latest.html
// http://www.markhneedham.com/blog/2012/09/29/upstart-job-getting-stuck-in-the-startkilled-state/
System.Console.WriteLine("hello ubuntu!! " + new
{
//typeof(object).AssemblyQualifiedName,
// rt location.
//typeof(object).Assembly.Location,
typeof(Program).Assembly.Location,
// /home/xuser
//Environment.CurrentDirectory
}
);
//Implementation not found for type import :
//type: System.Environment
//method: Void set_CurrentDirectory(System.String)
//Environment.CurrentDirectory =;
var fa = new FileInfo(typeof(Program).Assembly.Location);
var keystorepath = fa.Directory.FullName + "/domain.keystore";
//var fadir = new DirectoryInfo(Path.GetDirectoryName(fa.FullName));
Console.WriteLine(new { fa.Directory });
#region truststore/keystore
{
var xKeyStoreDefaultType = java.security.KeyStore.getDefaultType();
//xKeyStoreDefaultType = "/usr/lib/jvm/default-java/jre/lib/security/cacerts";
//xKeyStoreDefaultType = "cacerts.jks";
Console.WriteLine("... " + new { xKeyStoreDefaultType });
// You can't do it with the system properties. You would have to write and load your own X509KeyManager and create your own SSLContext with it.
// https://docs.oracle.com/cd/E19830-01/819-4712/ablqw/index.html
var keyStore = java.lang.System.getProperty("javax.net.ssl.keyStore");
Console.WriteLine(new { keyStore });
var trustStore = java.lang.System.getProperty("javax.net.ssl.trustStore");
Console.WriteLine(new { trustStore });
// are we running in GUI or TTY?
// can we enumerate keystores?
// ... { xKeyStoreDefaultType = jks }
Action<string, Func<InputStream>> f = (keyStoreType, loadstream) =>
{
// jsc should do implicit try catch for closures? while asking for explicit catch for non closures?
//{ ks = java.security.KeyStore@d3ade7 }
//{ aliasKey = peer integrity authority for cpu BFEBFBFF000306A9, SerialNumber = 03729f49acf3e79d4cc40da08149433d, SimpleName = peer integrity authority for cpu BFEBFBFF000306A9 }
//{ aliasKey = peer integrity authority for cpu BFEBFBFF000306C3, SerialNumber = c4761e1ea779bc9546151afce47c7c26, SimpleName = peer integrity authority for cpu BFEBFBFF000306C3 }
try
{
// http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/sun/security/mscapi/SunMSCAPI.java
// https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
// https://social.msdn.microsoft.com/Forums/expression/en-US/52dca221-1e05-44c1-8c45-9e0d4a807853/java-keystoreload-for-windowsmy-pops-up-insert-smart-card-window?forum=windowssecurity
// I removed some personal certificaties at key manager (certmgr.msc) and wala!
//Client Authentication (1.3.6.1.5.5.7.3.2)
//Secure Email (1.3.6.1.5.5.7.3.4)
// https://www.chilkatsoft.com/p/p_280.asp
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider
// http://stackoverflow.com/questions/27692904/how-to-avoid-smart-card-selection-popup-when-accessing-windows-my-using-java
// http://stackoverflow.com/questions/4552100/how-to-prevent-popups-when-loading-a-keystore
// http://stackoverflow.com/questions/15220976/how-to-obtain-a-users-identity-from-a-smartcard-on-windows-mscapi-with-java
KeyStore xKeyStore = KeyStore.getInstance(keyStoreType);
Console.WriteLine(new { xKeyStore });
Console.WriteLine("load... " + new { keyStoreType });
xKeyStore.load(loadstream(), null);
//Console.WriteLine("load... done");
Console.WriteLine("aliases...");
java.util.Enumeration en = xKeyStore.aliases();
//Console.WriteLine("aliases... done");
while (en.hasMoreElements())
{
var aliasKey = (string)en.nextElement();
Console.WriteLine(new { aliasKey });
// PCSC?hhhhhhhhhhhh
var c509 = xKeyStore.getCertificate(aliasKey) as java.security.cert.X509Certificate;
if (c509 != null)
{
X509Certificate2 crt = new __X509Certificate2 { InternalElement = c509 };
//Console.WriteLine(new { crt.Subject, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false) });
Console.WriteLine(new { aliasKey, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false), crt.Issuer });
}
//if (aliasKey.equals("myKey") ) {
// PrivateKey key = (PrivateKey)ks.getKey(aliasKey, "monPassword".toCharArray());
// Certificate[] chain = ks.getCertificateChain(aliasKey);
//}
}
}
catch //(Exception closure)
{
throw;
}
};
//hello ubuntu! { AssemblyQualifiedName = java.lang.Object, rt }
//... { xKeyStoreDefaultType = jks }
//{ xKeyStore = java.security.KeyStore@9980d5 }
//load... { keyStoreType = jks }
//aliases...
//done
// on RED there are no entries?
// what about ubuntu?
f(xKeyStoreDefaultType, () =>
{
var xx = default(FileInputStream);
try
{
xx = new FileInputStream(keystorepath);
}
catch { throw; }
return xx;
}
);
}
#endregion
var w = new StringBuilder { };
w.AppendLine(new { DateTime.Now }.ToString());
// https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1387241
// https://www.digitalocean.com/community/tutorials/how-to-use-systemctl-to-manage-systemd-services-and-units
// http://unix.stackexchange.com/questions/196166/how-to-find-out-if-a-system-uses-sysv-upstart-or-systemd-initsystem
// https://lists.ubuntu.com/archives/upstart-devel/2011-January/001370.html
// http://askubuntu.com/questions/62790/upstart-service-never-starts-or-stops-completely
// http://askubuntu.com/questions/19320/how-to-enable-or-disable-services
// http://serverfault.com/questions/251982/ubuntu-upstart-script-hangs-on-start-and-stop
//var servicesdir = new DirectoryInfo("/lib/systemd/system/");
// https://www.centos.org/forums/viewtopic.php?t=4300
// http://upstart.ubuntu.com/getting-started.html
// initctl reload-configuration
// https://www.centos.org/forums/viewtopic.php?t=4300
// initctl show-config
// http://unix.stackexchange.com/questions/84252/how-to-start-a-service-automatically-when-ubuntu-starts
// https://serversforhackers.com/video/process-monitoring-with-upstart
// http://upstart.ubuntu.com/cookbook/
// http://www.yyosifov.com/2014/04/upstart-syntax-error-bad-fd-number.html
// /var/log/upstart/ubuntubootexperiment.log
// http://serverfault.com/questions/453136/understanding-upstart-script-stanza
// https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582745
// http://askubuntu.com/questions/162768/starting-java-processes-with-upstart
// https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582745
// ps aux
// http://askubuntu.com/questions/397502/reboot-a-server-from-command-line
var servicesdir = new DirectoryInfo("/etc/init/");
w.AppendLine(new { servicesdir }.ToString());
foreach (var service in servicesdir.GetFiles())
{
w.AppendLine(
new { service.FullName }.ToString()
);
}
var ff = fa.Directory.FullName + "/hello.txt";
Console.WriteLine(new { ff });
//File.WriteAllText(fadir + "/hello.txt", "hi");
System.IO.File.WriteAllText(ff, w.ToString());
// are we running in GUI or TTY?
// can we enumerate keystores?
//var sw = Stopwatch.StartNew();
//while (sw.ElapsedMilliseconds < 20000)
//{
// Console.WriteLine(new { sw.ElapsedMilliseconds });
// Thread.Sleep(500);
//}
Console.WriteLine("boot into tcp server...");
// haha. jsc cannot use a release build version of the ref
// nor can it call the Main again.
// why cant main call main?
// cuz the type name is the same?
JVMCLRTCPServerAsync.Program2.Main2(args);
//Thread.Sleep(30000);
// tail -f .log
}
catch (Exception err)
{
Console.WriteLine(new { err.Message, err.StackTrace });
Console.ReadLine();
}
// CLR not available? unless there was mono?
//CLRProgram.CLRMain();
}