public static void Main(string[] args)
{
// http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
// https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/
// https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010
try
{
// first lets print into console the aliases we could be choosing from
// it should show the CA and the host alias on windows.
// once this works. lets do an example that works with JVM keystore
var keystore = new FileInfo(typeof(Program).Assembly.Location.TakeUntilIfAny(".") + ".keystore");
var portpath = new FileInfo(typeof(Program).Assembly.Location.TakeUntilIfAny(".") + ".port");
if (!portpath.Exists)
{
System.IO.File.WriteAllText(portpath.FullName, "" + 8443);
}
var port = Convert.ToInt32(
System.IO.File.ReadAllText(portpath.FullName).Trim()
);
Console.WriteLine(new { keystore, port });
// now lets start a ssl server and convince jvm to use the first friendly name we found..
var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2");
Console.WriteLine(new { xSSLContext });
var xTrustEveryoneManager = new[] { new TrustEveryoneManager() };
var xKeyManager = new[] { new localKeyManager(keystorepath: keystore.FullName) };
xSSLContext.init(
// SunMSCAPI ?
xKeyManager,
xTrustEveryoneManager,
new java.security.SecureRandom()
);
var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory();
//var ss443 = xSSLServerSocketFactory.createServerSocket(8443);
// { Message = Address already in use: JVM_Bind, StackTrace = java.net.BindException: Address already in use: JVM_Bind
// stop AppHostSvc
//[svchost.exe]
// TCP 0.0.0.0:443 red:0 LISTENING 4
//var ss443 = xSSLServerSocketFactory.createServerSocket(443);
//var ss443 = xSSLServerSocketFactory.createServerSocket(8443);
var ss443 = xSSLServerSocketFactory.createServerSocket(port);
Console.WriteLine(new { ss443 });
// http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html
var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket;
xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" });
var ok = true;
while (ok)
{
//Console.WriteLine("accept...");
var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket;
//Console.WriteLine(new { xSSLSocket });
// http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit
// java u suck.
//Console.WriteLine("startHandshake...");
try
{
// http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html
Func <string> getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>";
// can we await for it?
#region getPeerCertificates
xSSLSocket.addHandshakeCompletedListener(
new xHandshakeCompletedListener
{
yield = e =>
{
try
{
Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length });
var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate;
var x509 = new ScriptCoreLibJava.BCLImplementation.System.Security.Cryptography.X509Certificates.__X509Certificate2 {
InternalElement = c
};
if (c != null)
{
getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>"
+ new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString()
);
}
}
catch (Exception fault)
{
//Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
// at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
// at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source)
//throw;
Console.WriteLine("getPeerCertificates " + new { fault.Message });
}
}
}
);
#endregion
xSSLSocket.startHandshake();
//Cipher Suites: [
// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
// TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
// Unknown 0xcc:0x14,
//Unknown 0xcc:0x13,
//TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_RSA_WITH_AES_128_GCM_SHA256,
//TLS_RSA_WITH_AES_256_CBC_SHA,
//TLS_RSA_WITH_AES_128_CBC_SHA,
//SSL_RSA_WITH_3DES_EDE_CBC_SHA]
// http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html
// Error 573 The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'. Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs 68 17 JVMCLRSSLServerSocket
var xNetworkStream = new ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream
{
InternalInputStream = xSSLSocket.getInputStream(),
InternalOutputStream = xSSLSocket.getOutputStream()
};
//Console.WriteLine(new { xNetworkStream });
// http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java
// http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm
// http://192.168.1.12:8443/
// chrome does a download of NAK EXT SOH NUL STX STX ??
// { byte0 = 71 }
//var byte0 = xNetworkStream.ReadByte();
//{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f }
//{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 }
//{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] }
//{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] }
//{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 }
//{ byte0 = -1 }
//Console.WriteLine(new { byte0 });
//Console.WriteLine(new { byte0 });
//{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51)
// at JVMCLRSSLServerSocket.Program.main(Program.java:145)
var xStreamReader = new StreamReader(xNetworkStream);
var line0 = xStreamReader.ReadLine();
//Console.WriteLine(new { line0 });
// { line0 = GET / HTTP/1.1 }
// http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve
// http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common
//Implementation not found for type import :
//type: System.IO.StreamWriter
//method: Void .ctor(System.IO.Stream)
//var xStreamWriter = new StreamWriter(xNetworkStream);
var data =
getdata();
var bytes = Encoding.UTF8.GetBytes(data);
xNetworkStream.Write(bytes, 0, bytes.Length);
xNetworkStream.Close();
}
catch (Exception fault)
{
reportHansshakeFault(fault);
}
//Thread.Sleep(5000);
}
}
catch (Exception err)
{
Console.WriteLine(
new
{
err.Message,
err.StackTrace
}
);
}
Console.WriteLine("done");
Console.ReadLine();
}
public static void Main(string[] args)
{
// http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
// https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/
// https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010
try
{
// first lets print into console the aliases we could be choosing from
// it should show the CA and the host alias on windows.
// once this works. lets do an example that works with JVM keystore
var keystore = new FileInfo(typeof(Program).Assembly.Location.TakeUntilIfAny(".") + ".keystore");
var portpath = new FileInfo(typeof(Program).Assembly.Location.TakeUntilIfAny(".") + ".port");
if (!portpath.Exists)
System.IO.File.WriteAllText(portpath.FullName, "" + 8443);
var port = Convert.ToInt32(
System.IO.File.ReadAllText(portpath.FullName).Trim()
);
Console.WriteLine(new { keystore, port });
// now lets start a ssl server and convince jvm to use the first friendly name we found..
var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2");
Console.WriteLine(new { xSSLContext });
var xTrustEveryoneManager = new[] { new TrustEveryoneManager() };
var xKeyManager = new[] { new localKeyManager(keystorepath: keystore.FullName) };
xSSLContext.init(
// SunMSCAPI ?
xKeyManager,
xTrustEveryoneManager,
new java.security.SecureRandom()
);
var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory();
//var ss443 = xSSLServerSocketFactory.createServerSocket(8443);
// { Message = Address already in use: JVM_Bind, StackTrace = java.net.BindException: Address already in use: JVM_Bind
// stop AppHostSvc
//[svchost.exe]
// TCP 0.0.0.0:443 red:0 LISTENING 4
//var ss443 = xSSLServerSocketFactory.createServerSocket(443);
//var ss443 = xSSLServerSocketFactory.createServerSocket(8443);
var ss443 = xSSLServerSocketFactory.createServerSocket(port);
Console.WriteLine(new { ss443 });
// http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html
var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket;
xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" });
var ok = true;
while (ok)
{
//Console.WriteLine("accept...");
var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket;
//Console.WriteLine(new { xSSLSocket });
// http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit
// java u suck.
//Console.WriteLine("startHandshake...");
try
{
// http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html
Func<string> getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>";
// can we await for it?
#region getPeerCertificates
xSSLSocket.addHandshakeCompletedListener(
new xHandshakeCompletedListener
{
yield = e =>
{
try
{
Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length });
var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate;
var x509 = new ScriptCoreLibJava.BCLImplementation.System.Security.Cryptography.X509Certificates.__X509Certificate2 { InternalElement = c };
if (c != null)
{
getdata = () =>
"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>"
+ new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString()
);
}
}
catch (Exception fault)
{
//Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
// at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
// at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source)
//throw;
Console.WriteLine("getPeerCertificates " + new { fault.Message });
}
}
}
);
#endregion
xSSLSocket.startHandshake();
//Cipher Suites: [
// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
// TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
// Unknown 0xcc:0x14,
//Unknown 0xcc:0x13,
//TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
//TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
//TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
//TLS_RSA_WITH_AES_128_GCM_SHA256,
//TLS_RSA_WITH_AES_256_CBC_SHA,
//TLS_RSA_WITH_AES_128_CBC_SHA,
//SSL_RSA_WITH_3DES_EDE_CBC_SHA]
// http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html
// Error 573 The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'. Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs 68 17 JVMCLRSSLServerSocket
var xNetworkStream = new ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream
{
InternalInputStream = xSSLSocket.getInputStream(),
InternalOutputStream = xSSLSocket.getOutputStream()
};
//Console.WriteLine(new { xNetworkStream });
// http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java
// http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm
// http://192.168.1.12:8443/
// chrome does a download of NAK EXT SOH NUL STX STX ??
// { byte0 = 71 }
//var byte0 = xNetworkStream.ReadByte();
//{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f }
//{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 }
//{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] }
//{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] }
//{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 }
//{ byte0 = -1 }
//Console.WriteLine(new { byte0 });
//Console.WriteLine(new { byte0 });
//{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140)
// at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51)
// at JVMCLRSSLServerSocket.Program.main(Program.java:145)
var xStreamReader = new StreamReader(xNetworkStream);
var line0 = xStreamReader.ReadLine();
//Console.WriteLine(new { line0 });
// { line0 = GET / HTTP/1.1 }
// http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve
// http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common
//Implementation not found for type import :
//type: System.IO.StreamWriter
//method: Void .ctor(System.IO.Stream)
//var xStreamWriter = new StreamWriter(xNetworkStream);
var data =
getdata();
var bytes = Encoding.UTF8.GetBytes(data);
xNetworkStream.Write(bytes, 0, bytes.Length);
xNetworkStream.Close();
}
catch (Exception fault)
{
reportHansshakeFault(fault);
}
//Thread.Sleep(5000);
}
}
catch (Exception err)
{
Console.WriteLine(
new
{
err.Message,
err.StackTrace
}
);
}
Console.WriteLine("done");
Console.ReadLine();
}