public static void Main(string[] args) { // http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html // https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/ // https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010 try { // first lets print into console the aliases we could be choosing from // it should show the CA and the host alias on windows. // once this works. lets do an example that works with JVM keystore var keystore = new FileInfo(typeof(Program).Assembly.Location.TakeUntilIfAny(".") + ".keystore"); var portpath = new FileInfo(typeof(Program).Assembly.Location.TakeUntilIfAny(".") + ".port"); if (!portpath.Exists) { System.IO.File.WriteAllText(portpath.FullName, "" + 8443); } var port = Convert.ToInt32( System.IO.File.ReadAllText(portpath.FullName).Trim() ); Console.WriteLine(new { keystore, port }); // now lets start a ssl server and convince jvm to use the first friendly name we found.. var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2"); Console.WriteLine(new { xSSLContext }); var xTrustEveryoneManager = new[] { new TrustEveryoneManager() }; var xKeyManager = new[] { new localKeyManager(keystorepath: keystore.FullName) }; xSSLContext.init( // SunMSCAPI ? xKeyManager, xTrustEveryoneManager, new java.security.SecureRandom() ); var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory(); //var ss443 = xSSLServerSocketFactory.createServerSocket(8443); // { Message = Address already in use: JVM_Bind, StackTrace = java.net.BindException: Address already in use: JVM_Bind // stop AppHostSvc //[svchost.exe] // TCP 0.0.0.0:443 red:0 LISTENING 4 //var ss443 = xSSLServerSocketFactory.createServerSocket(443); //var ss443 = xSSLServerSocketFactory.createServerSocket(8443); var ss443 = xSSLServerSocketFactory.createServerSocket(port); Console.WriteLine(new { ss443 }); // http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket; xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" }); var ok = true; while (ok) { //Console.WriteLine("accept..."); var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket; //Console.WriteLine(new { xSSLSocket }); // http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit // java u suck. //Console.WriteLine("startHandshake..."); try { // http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html Func <string> getdata = () => "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>"; // can we await for it? #region getPeerCertificates xSSLSocket.addHandshakeCompletedListener( new xHandshakeCompletedListener { yield = e => { try { Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length }); var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate; var x509 = new ScriptCoreLibJava.BCLImplementation.System.Security.Cryptography.X509Certificates.__X509Certificate2 { InternalElement = c }; if (c != null) { getdata = () => "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>" + new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString() ); } } catch (Exception fault) { //Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated // at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source) // at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source) //throw; Console.WriteLine("getPeerCertificates " + new { fault.Message }); } } } ); #endregion xSSLSocket.startHandshake(); //Cipher Suites: [ // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, // Unknown 0xcc:0x14, //Unknown 0xcc:0x13, //TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, //TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, //TLS_DHE_RSA_WITH_AES_256_CBC_SHA, //TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, //TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, //TLS_DHE_RSA_WITH_AES_128_CBC_SHA, //TLS_RSA_WITH_AES_128_GCM_SHA256, //TLS_RSA_WITH_AES_256_CBC_SHA, //TLS_RSA_WITH_AES_128_CBC_SHA, //SSL_RSA_WITH_3DES_EDE_CBC_SHA] // http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html // Error 573 The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'. Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs 68 17 JVMCLRSSLServerSocket var xNetworkStream = new ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream { InternalInputStream = xSSLSocket.getInputStream(), InternalOutputStream = xSSLSocket.getOutputStream() }; //Console.WriteLine(new { xNetworkStream }); // http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java // http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm // http://192.168.1.12:8443/ // chrome does a download of NAK EXT SOH NUL STX STX ?? // { byte0 = 71 } //var byte0 = xNetworkStream.ReadByte(); //{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f } //{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 } //{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] } //{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] } //{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 } //{ byte0 = -1 } //Console.WriteLine(new { byte0 }); //Console.WriteLine(new { byte0 }); //{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space // at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110) // at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156) // at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140) // at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51) // at JVMCLRSSLServerSocket.Program.main(Program.java:145) var xStreamReader = new StreamReader(xNetworkStream); var line0 = xStreamReader.ReadLine(); //Console.WriteLine(new { line0 }); // { line0 = GET / HTTP/1.1 } // http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve // http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common //Implementation not found for type import : //type: System.IO.StreamWriter //method: Void .ctor(System.IO.Stream) //var xStreamWriter = new StreamWriter(xNetworkStream); var data = getdata(); var bytes = Encoding.UTF8.GetBytes(data); xNetworkStream.Write(bytes, 0, bytes.Length); xNetworkStream.Close(); } catch (Exception fault) { reportHansshakeFault(fault); } //Thread.Sleep(5000); } } catch (Exception err) { Console.WriteLine( new { err.Message, err.StackTrace } ); } Console.WriteLine("done"); Console.ReadLine(); }
public static void Main(string[] args) { // http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html // https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/ // https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010 try { // first lets print into console the aliases we could be choosing from // it should show the CA and the host alias on windows. // once this works. lets do an example that works with JVM keystore var keystore = new FileInfo(typeof(Program).Assembly.Location.TakeUntilIfAny(".") + ".keystore"); var portpath = new FileInfo(typeof(Program).Assembly.Location.TakeUntilIfAny(".") + ".port"); if (!portpath.Exists) System.IO.File.WriteAllText(portpath.FullName, "" + 8443); var port = Convert.ToInt32( System.IO.File.ReadAllText(portpath.FullName).Trim() ); Console.WriteLine(new { keystore, port }); // now lets start a ssl server and convince jvm to use the first friendly name we found.. var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2"); Console.WriteLine(new { xSSLContext }); var xTrustEveryoneManager = new[] { new TrustEveryoneManager() }; var xKeyManager = new[] { new localKeyManager(keystorepath: keystore.FullName) }; xSSLContext.init( // SunMSCAPI ? xKeyManager, xTrustEveryoneManager, new java.security.SecureRandom() ); var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory(); //var ss443 = xSSLServerSocketFactory.createServerSocket(8443); // { Message = Address already in use: JVM_Bind, StackTrace = java.net.BindException: Address already in use: JVM_Bind // stop AppHostSvc //[svchost.exe] // TCP 0.0.0.0:443 red:0 LISTENING 4 //var ss443 = xSSLServerSocketFactory.createServerSocket(443); //var ss443 = xSSLServerSocketFactory.createServerSocket(8443); var ss443 = xSSLServerSocketFactory.createServerSocket(port); Console.WriteLine(new { ss443 }); // http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket; xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" }); var ok = true; while (ok) { //Console.WriteLine("accept..."); var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket; //Console.WriteLine(new { xSSLSocket }); // http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit // java u suck. //Console.WriteLine("startHandshake..."); try { // http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html Func<string> getdata = () => "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>"; // can we await for it? #region getPeerCertificates xSSLSocket.addHandshakeCompletedListener( new xHandshakeCompletedListener { yield = e => { try { Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length }); var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate; var x509 = new ScriptCoreLibJava.BCLImplementation.System.Security.Cryptography.X509Certificates.__X509Certificate2 { InternalElement = c }; if (c != null) { getdata = () => "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>" + new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString() ); } } catch (Exception fault) { //Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated // at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source) // at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source) //throw; Console.WriteLine("getPeerCertificates " + new { fault.Message }); } } } ); #endregion xSSLSocket.startHandshake(); //Cipher Suites: [ // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, // Unknown 0xcc:0x14, //Unknown 0xcc:0x13, //TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, //TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, //TLS_DHE_RSA_WITH_AES_256_CBC_SHA, //TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, //TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, //TLS_DHE_RSA_WITH_AES_128_CBC_SHA, //TLS_RSA_WITH_AES_128_GCM_SHA256, //TLS_RSA_WITH_AES_256_CBC_SHA, //TLS_RSA_WITH_AES_128_CBC_SHA, //SSL_RSA_WITH_3DES_EDE_CBC_SHA] // http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html // Error 573 The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'. Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs 68 17 JVMCLRSSLServerSocket var xNetworkStream = new ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream { InternalInputStream = xSSLSocket.getInputStream(), InternalOutputStream = xSSLSocket.getOutputStream() }; //Console.WriteLine(new { xNetworkStream }); // http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java // http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm // http://192.168.1.12:8443/ // chrome does a download of NAK EXT SOH NUL STX STX ?? // { byte0 = 71 } //var byte0 = xNetworkStream.ReadByte(); //{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f } //{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 } //{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] } //{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] } //{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 } //{ byte0 = -1 } //Console.WriteLine(new { byte0 }); //Console.WriteLine(new { byte0 }); //{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space // at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110) // at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156) // at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140) // at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51) // at JVMCLRSSLServerSocket.Program.main(Program.java:145) var xStreamReader = new StreamReader(xNetworkStream); var line0 = xStreamReader.ReadLine(); //Console.WriteLine(new { line0 }); // { line0 = GET / HTTP/1.1 } // http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve // http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common //Implementation not found for type import : //type: System.IO.StreamWriter //method: Void .ctor(System.IO.Stream) //var xStreamWriter = new StreamWriter(xNetworkStream); var data = getdata(); var bytes = Encoding.UTF8.GetBytes(data); xNetworkStream.Write(bytes, 0, bytes.Length); xNetworkStream.Close(); } catch (Exception fault) { reportHansshakeFault(fault); } //Thread.Sleep(5000); } } catch (Exception err) { Console.WriteLine( new { err.Message, err.StackTrace } ); } Console.WriteLine("done"); Console.ReadLine(); }