Esempio n. 1
0
        public static void Main(string[] args)
        {
            // http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

            // https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/

            // https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010

            try
            {

                Console.WriteLine(
                              new
                              {
                                  typeof(object).AssemblyQualifiedName,
                                  Environment.CurrentDirectory,

                                  // "X:\Program Files (x86)\Java\jre7\lib\security\local_policy.jar"
                                  // Location = X:\Program Files (x86)\Java\jre7\lib\rt.jar }
                                  typeof(object).Assembly.Location,

                              }
                          );


                #region useless
                // You can't do it with the system properties. You would have to write and load your own X509KeyManager and create your own SSLContext with it.

                var keyStore = java.lang.System.getProperty("javax.net.ssl.keyStore");
                Console.WriteLine(new { keyStore });
                var keyStorePassword = java.lang.System.getProperty("javax.net.ssl.keyStorePassword");
                Console.WriteLine(new { keyStorePassword });
                #endregion

                // ok lets do a server.


                // http://developer.android.com/reference/android/net/SSLCertificateSocketFactory.html

                // http://stackoverflow.com/questions/11832672/how-can-a-java-client-use-the-native-windows-my-store-to-provide-its-client-cert
                // http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html

                //java.lang.System.setProperty("javax.net.debug", "all");

                // http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0
                java.lang.System.setProperty("jsse.enableSNIExtension", "false");


                // http://www.angelfire.com/or/abhilash/site/articles/jsse-km/customKeyManager.html


                // the reason for the SSLEngine’s complaint is that you enabled only the RSA cipher, but your certificate uses DSA keys. 
                //CLRProgram.makecert(host: "192.168.1.12", port: 8443);

                // ERR_SSL_VERSION_OR_CIPHER_MISMATCH

                //var xSSLContext = javax.net.ssl.SSLContext.getInstance("SSL");

                // For 256 bit security you need to install Oracle's unlimited strength policy files.
                // http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

                //var xSSLContext = javax.net.ssl.SSLContext.getInstance("SSLv3");

                // { Message = TLSv1.3 SSLContext not available, StackTrace = java.security.NoSuchAlgorithmException: TLSv1.3 SSLContext not available
                //var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.3");
                //var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2");
                //var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.1");


                // { Message = TLS_RSA_WITH_AES_256_CBC_SHA256 SSLContext not available, StackTrace = java.security.NoSuchAlgorithmException: TLS_RSA_WITH_AES_256_CBC_SHA256 SSLContext not available

                var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2");


                Console.WriteLine(new { xSSLContext });




                // https://android.googlesource.com/platform/libcore/+/jb-mr2-release/luni/src/main/java/javax/net/ssl/KeyManagerFactory.java
                //var localKeyManager = new[] { new localKeyManager() };
                var myTrustManagerArray = new[] { new TrustEveryoneManager() };

                // null?
                xSSLContext.init(
                    // SunMSCAPI ?
                    localKeyManager.WindowsMYKeyManagers(),

                    myTrustManagerArray, new java.security.SecureRandom());




                //var cf = javax.net.ssl.SSLSocketFactory.getDefault() as javax.net.ssl.SSLSocketFactory;
                var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory();

                //{ cf = sun.security.ssl.SSLSocketFactoryImpl@1fd10fa }
                //{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@7b4ed7 }
                Console.WriteLine(new { xSSLServerSocketFactory });

                //f.

                // http://www.javased.com/?api=javax.net.ssl.SSLSocketFactory
                // http://www.java2s.com/Code/JavaAPI/javax.net.ssl/SSLSocketFactorycreateSocketStringarg0intarg1.htm
                // http://saltnlight5.blogspot.com.ee/2014/10/how-to-setup-custom-sslsocketfactorys.html

                //f.createSocket(

                // http://www.herongyang.com/JDK/SSL-Socket-Server-Example-SslReverseEchoer.html
                //javax.net.ssl.SSLServerSocket.




                // http://www.javaworld.com/article/2075291/learn-java/build-secure-network-applications-with-ssl-and-the-jsse-api.html
                // -Djavax.net.ssl.keyStore
                // -Djavax.net.ssl.keyStorePassword


                // http://stackoverflow.com/questions/20798652/java-sslserversocket-presents-wrong-certificate

                // https://searchcode.com/codesearch/view/171073/

                // http://stackoverflow.com/questions/12370351/setting-the-certificate-used-by-a-java-ssl-serversocket
                // http://stackoverflow.com/questions/22230815/java-server-ssl-with-different-storepass-and-keypass

                // http://stackoverflow.com/questions/9921548/sslsocketfactory-in-java
                // https://code.google.com/p/vellum/wiki/LocalCa

                //  hg https://bitbucket.org/mfichman/mitm



                //var ssf = javax.net.ssl.SSLServerSocketFactory.getDefault() as javax.net.ssl.SSLServerSocketFactory;

                //// http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java
                //Console.WriteLine(new { ssf });


                //{ Message = Address already in use: JVM_Bind, StackTrace = java.net.BindException: Address already in use: JVM_Bind
                //        at java.net.DualStackPlainSocketImpl.bind0(Native Method)
                //        at java.net.DualStackPlainSocketImpl.socketBind(Unknown Source)
                //        at java.net.AbstractPlainSocketImpl.bind(Unknown Source)
                //        at java.net.PlainSocketImpl.bind(Unknown Source)
                //        at java.net.ServerSocket.bind(Unknown Source)
                //        at java.net.ServerSocket.<init>(Unknown Source)
                //        at java.net.ServerSocket.<init>(Unknown Source)
                //        at javax.net.ssl.SSLServerSocket.<init>(Unknown Source)
                //        at sun.security.ssl.SSLServerSocketImpl.<init>(Unknown Source)
                //        at sun.security.ssl.SSLServerSocketFactoryImpl.createServerSocket(Unknown Source)
                //        at JVMCLRSSLServerSocket.Program.main(Program.java:53)

                //C:\Windows\system32>netstat -ab

                //Active Connections

                //  Proto  Local Address          Foreign Address        State
                //  TCP    0.0.0.0:80             red:0                  LISTENING
                // Can not obtain ownership information
                //  TCP    0.0.0.0:135            red:0                  LISTENING
                //  RpcSs
                // [svchost.exe]
                //  TCP    0.0.0.0:443            red:0                  LISTENING



                // http://stackoverflow.com/questions/22225414/create-an-ssl-channel-same-pwd-for-keystore-and-trustore

                var ss443 = xSSLServerSocketFactory.createServerSocket(8443);


                Console.WriteLine(new { ss443 });


                // http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html
                var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket;


                // https://www.chromium.org/Home/chromium-security/education/tls
                // http://stackoverflow.com/questions/21289293/java-7-support-of-aes-gcm-in-ssl-tls
                // http://superuser.com/questions/747377/enable-tls-1-1-and-1-2-for-clients-on-java-7
                // https://blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls





                xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" });


                //  Cipher suites with SHA384 and SHA256 are available only for TLS 1.2 or later.


                // http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites
                // http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites


                var SystemSupportedCipherSuites = xSSLServerSocket.getSupportedCipherSuites();

                SystemSupportedCipherSuites.WithEach(
                    SupportedCipherSuite =>
                    {
                        Console.WriteLine(new { SupportedCipherSuite });
                    }
                );

                //if (SystemSupportedCipherSuites.Contains())

                // https://googleonlinesecurity.blogspot.com.ee/2013/11/a-roster-of-tls-cipher-suites-weaknesses.html
                // http://stackoverflow.com/questions/21289293/java-7-support-of-aes-gcm-in-ssl-tls

                // need java 8?


                //xSSLServerSocket.setEnabledCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA");


                // https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https
                // https://community.oracle.com/thread/2382681?tstart=0

                //Cipher Suites: [
                //    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 
                //    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 
                //    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 
                //    Unknown 0xcc:0x14, 
                //                Unknown 0xcc:0x13, 
                //                TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 
                //                TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 
                //                TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 
                //                TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 
                //                TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
                //                TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
                //                TLS_RSA_WITH_AES_128_GCM_SHA256, 
                //                TLS_RSA_WITH_AES_256_CBC_SHA, 
                //                TLS_RSA_WITH_AES_128_CBC_SHA, 
                //                SSL_RSA_WITH_3DES_EDE_CBC_SHA]



                // Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 
                // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 
                // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 
                // Unknown 0xcc:0x14, Unknown 0xcc:0x13, 
                //TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 
                //TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 
                //TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 
                //TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 
                //TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
                //TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
                //TLS_RSA_WITH_AES_128_GCM_SHA256, 
                //TLS_RSA_WITH_AES_256_CBC_SHA, 
                //TLS_RSA_WITH_AES_128_CBC_SHA, 
                //SSL_RSA_WITH_3DES_EDE_CBC_SHA
                //]

                var enabledCipherSuites = new[] {
                    //"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" 

                    // { Message = Unsupported ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256
                    //"TLS_RSA_WITH_AES_128_GCM_SHA256" 

                    //"TLS_RSA_WITH_AES_256_CBC_SHA" 
                    "TLS_RSA_WITH_AES_128_CBC_SHA"

                    //"SSL_RSA_WITH_3DES_EDE_CBC_SHA" 

                    // { Message = Unsupported ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
                    //"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" 

                    // { Message = Unsupported ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
                    //"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"

                    // { Message = Unsupported ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
                    //"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
                };

                // need id?
                //xSSLServerSocket.setNeedClientAuth(true);

                ////xSSLServerSocket.setWantClientAuth(true);

                //xSSLServerSocket.setEnabledCipherSuites(enabledCipherSuites);

                var ok = true;
                while (ok)
                {
                    //Console.WriteLine("accept...");
                    var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket;




                    //Console.WriteLine(new { xSSLSocket });

                    // http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit
                    // java u suck.

                    //Console.WriteLine("startHandshake...");
                    try
                    {
                        // http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html

                        Func<string> getdata = () =>
                             "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>";

                        // can we await for it?
                        xSSLSocket.addHandshakeCompletedListener(
                            new xHandshakeCompletedListener
                            {
                                yield = e =>
                                {
                                    try
                                    {
                                        Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length });

                                        var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate;

                                        var x509 = new __X509Certificate2 { InternalElement = c };


                                        if (c != null)
                                        {

                                            getdata = () =>
                                                "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>"
                                                + new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString()
                                                    );
                                        }
                                    }
                                    catch (Exception fault)
                                    {
                                        //Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
                                        //        at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
                                        //        at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source)

                                        //throw;

                                        Console.WriteLine("getPeerCertificates " + new { fault.Message });
                                    }
                                }
                            }
                        );

                        xSSLSocket.startHandshake();



                        //Cipher Suites: [
                        //    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 
                        //    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 
                        //    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 
                        //    Unknown 0xcc:0x14, 
                        //Unknown 0xcc:0x13, 
                        //TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 
                        //TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 
                        //TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 
                        //TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 
                        //TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
                        //TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
                        //TLS_RSA_WITH_AES_128_GCM_SHA256, 
                        //TLS_RSA_WITH_AES_256_CBC_SHA, 
                        //TLS_RSA_WITH_AES_128_CBC_SHA, 
                        //SSL_RSA_WITH_3DES_EDE_CBC_SHA]

                        // http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html






                        // Error	573	The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'.	Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs	68	17	JVMCLRSSLServerSocket

                        var xNetworkStream = new __NetworkStream
                        {
                            InternalInputStream = xSSLSocket.getInputStream(),
                            InternalOutputStream = xSSLSocket.getOutputStream()
                        };

                        Console.WriteLine(new { xNetworkStream });

                        // http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java

                        // http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm
                        // http://192.168.1.12:8443/
                        // chrome does a download of NAK EXT SOH NUL STX STX ??

                        // { byte0 = 71 }
                        //var byte0 = xNetworkStream.ReadByte();

                        //{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f }
                        //{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 }
                        //{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] }
                        //{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] }
                        //{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 }
                        //{ byte0 = -1 }

                        //Console.WriteLine(new { byte0 });
                        //Console.WriteLine(new { byte0 });




                        //{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space
                        //        at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110)
                        //        at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156)
                        //        at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140)
                        //        at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51)
                        //        at JVMCLRSSLServerSocket.Program.main(Program.java:145)

                        var xStreamReader = new StreamReader(xNetworkStream);
                        var line0 = xStreamReader.ReadLine();
                        Console.WriteLine(new { line0 });

                        // { line0 = GET / HTTP/1.1 }


                        // http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve
                        // http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common


                        //Implementation not found for type import :
                        //type: System.IO.StreamWriter
                        //method: Void .ctor(System.IO.Stream)
                        //var xStreamWriter = new StreamWriter(xNetworkStream);

                        var data =
                           getdata();

                        var bytes = Encoding.UTF8.GetBytes(data);

                        xNetworkStream.Write(bytes, 0, bytes.Length);


                        xNetworkStream.Close();

                    }
                    catch (Exception fault)
                    {
                        reportHansshakeFault(fault);


                    }

                    //Thread.Sleep(5000);
                }
            }
            catch (Exception err)
            {
                Console.WriteLine(
                    new
                    {
                        err.Message,
                        err.StackTrace
                    }
                    );

            }

            //CLRProgram.CLRMain();

            Console.WriteLine("done");
            Console.ReadLine();
        }
Esempio n. 2
0
        public static void Main(string[] args)
        {
            // http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

            // https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/

            // https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010

            try
            {
                // first lets print into console the aliases we could be choosing from
                // it should show the CA and the host alias on windows.
                // once this works. lets do an example that works with JVM keystore



                #region Certificates
                Func<string, IEnumerable<System.Security.Cryptography.X509Certificates.X509Certificate2>> Certificates = keyStoreType =>
                {
                    var a = new List<System.Security.Cryptography.X509Certificates.X509Certificate2> { };

                    try
                    {
                        // http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/sun/security/mscapi/SunMSCAPI.java

                        // https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html

                        // https://social.msdn.microsoft.com/Forums/expression/en-US/52dca221-1e05-44c1-8c45-9e0d4a807853/java-keystoreload-for-windowsmy-pops-up-insert-smart-card-window?forum=windowssecurity
                        // I removed some personal certificaties at key manager (certmgr.msc) and wala!

                        //Client Authentication (1.3.6.1.5.5.7.3.2)
                        //Secure Email (1.3.6.1.5.5.7.3.4)


                        // https://www.chilkatsoft.com/p/p_280.asp
                        // HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider

                        // http://stackoverflow.com/questions/27692904/how-to-avoid-smart-card-selection-popup-when-accessing-windows-my-using-java

                        // http://stackoverflow.com/questions/4552100/how-to-prevent-popups-when-loading-a-keystore
                        // http://stackoverflow.com/questions/15220976/how-to-obtain-a-users-identity-from-a-smartcard-on-windows-mscapi-with-java

                        KeyStore xKeyStore = KeyStore.getInstance(keyStoreType);
                        //Console.WriteLine(new { xKeyStore });
                        //Console.WriteLine("load... " + new { keyStoreType });
                        xKeyStore.load(null, null);
                        //Console.WriteLine("load... done");
                        //Console.WriteLine("aliases...");
                        java.util.Enumeration en = xKeyStore.aliases();
                        //Console.WriteLine("aliases... done");

                        while (en.hasMoreElements())
                        {
                            var aliasKey = (string)en.nextElement();

                            //Console.WriteLine(new { aliasKey });

                            // PCSC?
                            var c509 = xKeyStore.getCertificate(aliasKey) as java.security.cert.X509Certificate;
                            if (c509 != null)
                            {
                                System.Security.Cryptography.X509Certificates.X509Certificate2 crt = new __X509Certificate2 { FriendlyName = aliasKey, InternalElement = c509 };

                                //Console.WriteLine(new { crt.Subject, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false) });
                                //Console.WriteLine(new { aliasKey, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false), crt.Issuer });

                                a.Add(crt);

                            }
                            //if (aliasKey.equals("myKey") ) {
                            //      PrivateKey key = (PrivateKey)ks.getKey(aliasKey, "monPassword".toCharArray());
                            //      Certificate[] chain = ks.getCertificateChain(aliasKey);
                            //}
                        }

                    }
                    catch //(Exception closure)
                    {
                        throw;
                    }

                    return a;
                };
                #endregion




                Certificates("Windows-ROOT").WithEach(
                    crt =>
                    {
                        // aliasKey = peer integrity authority for cpu BFEBFBFF000306A9
                        // SimpleName = peer integrity authority for cpu BFEBFBFF000306A9
                        var SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false);

                        if (SimpleName.StartsWith("peer integrity authority for cpu"))
                            Console.WriteLine(new { crt.FriendlyName, SimpleName, crt.SerialNumber, crt.Issuer });
                    }
                );




                Certificates("Windows-MY").GroupBy(x => x.FriendlyName).WithEach(
                    crt =>
                    {
                        //{ FriendlyName = 192.168.1.12 }

                        //{ FriendlyName = 192.168.43.12 }
                        //{ FriendlyName = 192.168.173.12 }
                        //{ FriendlyName = 192.168.42.46 }
                        //{ FriendlyName = Administrator }


                        // hide non ip certs..
                        if (!crt.Key.Contains("."))
                            return;

                        Console.WriteLine(new { FriendlyName = crt.Key });

                        //Console.WriteLine(new { crt.FriendlyName, crt.SerialNumber });
                    }
                );

                Console.WriteLine("-");

                // now lets start a ssl server and convince jvm to use the first friendly name we found..

                var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2");
                Console.WriteLine(new { xSSLContext });
                var xTrustEveryoneManager = new[] { new TrustEveryoneManager() };
                var xKeyManager = new[] { new localKeyManager() };

                xSSLContext.init(
                    // SunMSCAPI ?
                    xKeyManager,
                    xTrustEveryoneManager,
                    new java.security.SecureRandom()
                );

                var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory();
                var ss443 = xSSLServerSocketFactory.createServerSocket(8443);
                Console.WriteLine(new { ss443 });

                // http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html
                var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket;
                xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" });


                var ok = true;
                while (ok)
                {
                    //Console.WriteLine("accept...");
                    var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket;




                    //Console.WriteLine(new { xSSLSocket });

                    // http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit
                    // java u suck.

                    //Console.WriteLine("startHandshake...");
                    try
                    {
                        // http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html

                        Func<string> getdata = () =>
                             "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>";

                        // can we await for it?
                        xSSLSocket.addHandshakeCompletedListener(
                            new xHandshakeCompletedListener
                            {
                                yield = e =>
                                {
                                    try
                                    {
                                        Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length });

                                        var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate;

                                        var x509 = new __X509Certificate2 { InternalElement = c };


                                        if (c != null)
                                        {

                                            getdata = () =>
                                                "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>"
                                                + new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString()
                                                    );
                                        }
                                    }
                                    catch (Exception fault)
                                    {
                                        //Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
                                        //        at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
                                        //        at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source)

                                        //throw;

                                        Console.WriteLine("getPeerCertificates " + new { fault.Message });
                                    }
                                }
                            }
                        );

                        xSSLSocket.startHandshake();



                        //Cipher Suites: [
                        //    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 
                        //    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 
                        //    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 
                        //    Unknown 0xcc:0x14, 
                        //Unknown 0xcc:0x13, 
                        //TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 
                        //TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 
                        //TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 
                        //TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 
                        //TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
                        //TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
                        //TLS_RSA_WITH_AES_128_GCM_SHA256, 
                        //TLS_RSA_WITH_AES_256_CBC_SHA, 
                        //TLS_RSA_WITH_AES_128_CBC_SHA, 
                        //SSL_RSA_WITH_3DES_EDE_CBC_SHA]

                        // http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html






                        // Error	573	The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'.	Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs	68	17	JVMCLRSSLServerSocket

                        var xNetworkStream = new __NetworkStream
                        {
                            InternalInputStream = xSSLSocket.getInputStream(),
                            InternalOutputStream = xSSLSocket.getOutputStream()
                        };

                        Console.WriteLine(new { xNetworkStream });

                        // http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java

                        // http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm
                        // http://192.168.1.12:8443/
                        // chrome does a download of NAK EXT SOH NUL STX STX ??

                        // { byte0 = 71 }
                        //var byte0 = xNetworkStream.ReadByte();

                        //{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f }
                        //{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 }
                        //{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] }
                        //{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] }
                        //{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 }
                        //{ byte0 = -1 }

                        //Console.WriteLine(new { byte0 });
                        //Console.WriteLine(new { byte0 });




                        //{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space
                        //        at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110)
                        //        at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156)
                        //        at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140)
                        //        at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51)
                        //        at JVMCLRSSLServerSocket.Program.main(Program.java:145)

                        var xStreamReader = new StreamReader(xNetworkStream);
                        var line0 = xStreamReader.ReadLine();
                        Console.WriteLine(new { line0 });

                        // { line0 = GET / HTTP/1.1 }


                        // http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve
                        // http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common


                        //Implementation not found for type import :
                        //type: System.IO.StreamWriter
                        //method: Void .ctor(System.IO.Stream)
                        //var xStreamWriter = new StreamWriter(xNetworkStream);

                        var data =
                           getdata();

                        var bytes = Encoding.UTF8.GetBytes(data);

                        xNetworkStream.Write(bytes, 0, bytes.Length);


                        xNetworkStream.Close();

                    }
                    catch (Exception fault)
                    {
                        reportHansshakeFault(fault);


                    }

                    //Thread.Sleep(5000);
                }


            }
            catch (Exception err)
            {
                Console.WriteLine(
                    new
                    {
                        err.Message,
                        err.StackTrace
                    }
                );

            }

            Console.WriteLine("done");
            Console.ReadLine();
        }
Esempio n. 3
0
        public static void Main(string[] args)
        {
            // http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

            // https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/

            // https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010

            try
            {
                // first lets print into console the aliases we could be choosing from
                // it should show the CA and the host alias on windows.
                // once this works. lets do an example that works with JVM keystore



                Console.WriteLine("-");

                // now lets start a ssl server and convince jvm to use the first friendly name we found..

                var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2");
                Console.WriteLine(new { xSSLContext });
                var xTrustEveryoneManager = new[] { new TrustEveryoneManager() };
                var xKeyManager = new[] { new localKeyManager() };

                xSSLContext.init(
                    // SunMSCAPI ?
                    xKeyManager,
                    xTrustEveryoneManager,
                    new java.security.SecureRandom()
                );

                var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory();
                //var ss443 = xSSLServerSocketFactory.createServerSocket(8443);

                // { Message = Address already in use: JVM_Bind, StackTrace = java.net.BindException: Address already in use: JVM_Bind
                // stop AppHostSvc

                //[svchost.exe]
                // TCP    0.0.0.0:443            red:0                  LISTENING       4

                //var ss443 = xSSLServerSocketFactory.createServerSocket(443);
                var ss443 = xSSLServerSocketFactory.createServerSocket(8443);
                Console.WriteLine(new { ss443 });

                // http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html
                var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket;
                xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" });


                var ok = true;
                while (ok)
                {
                    //Console.WriteLine("accept...");
                    var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket;




                    //Console.WriteLine(new { xSSLSocket });

                    // http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit
                    // java u suck.

                    //Console.WriteLine("startHandshake...");
                    try
                    {
                        // http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html

                        Func<string> getdata = () =>
                             "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>";

                        // can we await for it?
                        xSSLSocket.addHandshakeCompletedListener(
                            new xHandshakeCompletedListener
                            {
                                yield = e =>
                                {
                                    try
                                    {
                                        Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length });

                                        var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate;

                                        var x509 = new __X509Certificate2 { InternalElement = c };


                                        if (c != null)
                                        {

                                            getdata = () =>
                                                "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>"
                                                + new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString()
                                                    );
                                        }
                                    }
                                    catch (Exception fault)
                                    {
                                        //Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
                                        //        at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
                                        //        at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source)

                                        //throw;

                                        Console.WriteLine("getPeerCertificates " + new { fault.Message });
                                    }
                                }
                            }
                        );

                        xSSLSocket.startHandshake();



                        //Cipher Suites: [
                        //    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 
                        //    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 
                        //    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 
                        //    Unknown 0xcc:0x14, 
                        //Unknown 0xcc:0x13, 
                        //TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 
                        //TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 
                        //TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 
                        //TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 
                        //TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
                        //TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
                        //TLS_RSA_WITH_AES_128_GCM_SHA256, 
                        //TLS_RSA_WITH_AES_256_CBC_SHA, 
                        //TLS_RSA_WITH_AES_128_CBC_SHA, 
                        //SSL_RSA_WITH_3DES_EDE_CBC_SHA]

                        // http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html






                        // Error	573	The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'.	Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs	68	17	JVMCLRSSLServerSocket

                        var xNetworkStream = new __NetworkStream
                        {
                            InternalInputStream = xSSLSocket.getInputStream(),
                            InternalOutputStream = xSSLSocket.getOutputStream()
                        };

                        Console.WriteLine(new { xNetworkStream });

                        // http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java

                        // http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm
                        // http://192.168.1.12:8443/
                        // chrome does a download of NAK EXT SOH NUL STX STX ??

                        // { byte0 = 71 }
                        //var byte0 = xNetworkStream.ReadByte();

                        //{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f }
                        //{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 }
                        //{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] }
                        //{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] }
                        //{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 }
                        //{ byte0 = -1 }

                        //Console.WriteLine(new { byte0 });
                        //Console.WriteLine(new { byte0 });




                        //{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space
                        //        at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110)
                        //        at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156)
                        //        at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140)
                        //        at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51)
                        //        at JVMCLRSSLServerSocket.Program.main(Program.java:145)

                        var xStreamReader = new StreamReader(xNetworkStream);
                        var line0 = xStreamReader.ReadLine();
                        //Console.WriteLine(new { line0 });

                        // { line0 = GET / HTTP/1.1 }


                        // http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve
                        // http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common


                        //Implementation not found for type import :
                        //type: System.IO.StreamWriter
                        //method: Void .ctor(System.IO.Stream)
                        //var xStreamWriter = new StreamWriter(xNetworkStream);

                        var data =
                           getdata();

                        var bytes = Encoding.UTF8.GetBytes(data);

                        xNetworkStream.Write(bytes, 0, bytes.Length);


                        xNetworkStream.Close();

                    }
                    catch (Exception fault)
                    {
                        reportHansshakeFault(fault);


                    }

                    //Thread.Sleep(5000);
                }


            }
            catch (Exception err)
            {
                Console.WriteLine(
                    new
                    {
                        err.Message,
                        err.StackTrace
                    }
                );

            }

            Console.WriteLine("done");
            Console.ReadLine();
        }