public static void Main(string[] args) { // http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html // https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/ // https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010 try { Console.WriteLine( new { typeof(object).AssemblyQualifiedName, Environment.CurrentDirectory, // "X:\Program Files (x86)\Java\jre7\lib\security\local_policy.jar" // Location = X:\Program Files (x86)\Java\jre7\lib\rt.jar } typeof(object).Assembly.Location, } ); #region useless // You can't do it with the system properties. You would have to write and load your own X509KeyManager and create your own SSLContext with it. var keyStore = java.lang.System.getProperty("javax.net.ssl.keyStore"); Console.WriteLine(new { keyStore }); var keyStorePassword = java.lang.System.getProperty("javax.net.ssl.keyStorePassword"); Console.WriteLine(new { keyStorePassword }); #endregion // ok lets do a server. // http://developer.android.com/reference/android/net/SSLCertificateSocketFactory.html // http://stackoverflow.com/questions/11832672/how-can-a-java-client-use-the-native-windows-my-store-to-provide-its-client-cert // http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html //java.lang.System.setProperty("javax.net.debug", "all"); // http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0 java.lang.System.setProperty("jsse.enableSNIExtension", "false"); // http://www.angelfire.com/or/abhilash/site/articles/jsse-km/customKeyManager.html // the reason for the SSLEngine’s complaint is that you enabled only the RSA cipher, but your certificate uses DSA keys. //CLRProgram.makecert(host: "192.168.1.12", port: 8443); // ERR_SSL_VERSION_OR_CIPHER_MISMATCH //var xSSLContext = javax.net.ssl.SSLContext.getInstance("SSL"); // For 256 bit security you need to install Oracle's unlimited strength policy files. // http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html //var xSSLContext = javax.net.ssl.SSLContext.getInstance("SSLv3"); // { Message = TLSv1.3 SSLContext not available, StackTrace = java.security.NoSuchAlgorithmException: TLSv1.3 SSLContext not available //var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.3"); //var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2"); //var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.1"); // { Message = TLS_RSA_WITH_AES_256_CBC_SHA256 SSLContext not available, StackTrace = java.security.NoSuchAlgorithmException: TLS_RSA_WITH_AES_256_CBC_SHA256 SSLContext not available var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2"); Console.WriteLine(new { xSSLContext }); // https://android.googlesource.com/platform/libcore/+/jb-mr2-release/luni/src/main/java/javax/net/ssl/KeyManagerFactory.java //var localKeyManager = new[] { new localKeyManager() }; var myTrustManagerArray = new[] { new TrustEveryoneManager() }; // null? xSSLContext.init( // SunMSCAPI ? localKeyManager.WindowsMYKeyManagers(), myTrustManagerArray, new java.security.SecureRandom()); //var cf = javax.net.ssl.SSLSocketFactory.getDefault() as javax.net.ssl.SSLSocketFactory; var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory(); //{ cf = sun.security.ssl.SSLSocketFactoryImpl@1fd10fa } //{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@7b4ed7 } Console.WriteLine(new { xSSLServerSocketFactory }); //f. // http://www.javased.com/?api=javax.net.ssl.SSLSocketFactory // http://www.java2s.com/Code/JavaAPI/javax.net.ssl/SSLSocketFactorycreateSocketStringarg0intarg1.htm // http://saltnlight5.blogspot.com.ee/2014/10/how-to-setup-custom-sslsocketfactorys.html //f.createSocket( // http://www.herongyang.com/JDK/SSL-Socket-Server-Example-SslReverseEchoer.html //javax.net.ssl.SSLServerSocket. // http://www.javaworld.com/article/2075291/learn-java/build-secure-network-applications-with-ssl-and-the-jsse-api.html // -Djavax.net.ssl.keyStore // -Djavax.net.ssl.keyStorePassword // http://stackoverflow.com/questions/20798652/java-sslserversocket-presents-wrong-certificate // https://searchcode.com/codesearch/view/171073/ // http://stackoverflow.com/questions/12370351/setting-the-certificate-used-by-a-java-ssl-serversocket // http://stackoverflow.com/questions/22230815/java-server-ssl-with-different-storepass-and-keypass // http://stackoverflow.com/questions/9921548/sslsocketfactory-in-java // https://code.google.com/p/vellum/wiki/LocalCa // hg https://bitbucket.org/mfichman/mitm //var ssf = javax.net.ssl.SSLServerSocketFactory.getDefault() as javax.net.ssl.SSLServerSocketFactory; //// http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java //Console.WriteLine(new { ssf }); //{ Message = Address already in use: JVM_Bind, StackTrace = java.net.BindException: Address already in use: JVM_Bind // at java.net.DualStackPlainSocketImpl.bind0(Native Method) // at java.net.DualStackPlainSocketImpl.socketBind(Unknown Source) // at java.net.AbstractPlainSocketImpl.bind(Unknown Source) // at java.net.PlainSocketImpl.bind(Unknown Source) // at java.net.ServerSocket.bind(Unknown Source) // at java.net.ServerSocket.<init>(Unknown Source) // at java.net.ServerSocket.<init>(Unknown Source) // at javax.net.ssl.SSLServerSocket.<init>(Unknown Source) // at sun.security.ssl.SSLServerSocketImpl.<init>(Unknown Source) // at sun.security.ssl.SSLServerSocketFactoryImpl.createServerSocket(Unknown Source) // at JVMCLRSSLServerSocket.Program.main(Program.java:53) //C:\Windows\system32>netstat -ab //Active Connections // Proto Local Address Foreign Address State // TCP 0.0.0.0:80 red:0 LISTENING // Can not obtain ownership information // TCP 0.0.0.0:135 red:0 LISTENING // RpcSs // [svchost.exe] // TCP 0.0.0.0:443 red:0 LISTENING // http://stackoverflow.com/questions/22225414/create-an-ssl-channel-same-pwd-for-keystore-and-trustore var ss443 = xSSLServerSocketFactory.createServerSocket(8443); Console.WriteLine(new { ss443 }); // http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket; // https://www.chromium.org/Home/chromium-security/education/tls // http://stackoverflow.com/questions/21289293/java-7-support-of-aes-gcm-in-ssl-tls // http://superuser.com/questions/747377/enable-tls-1-1-and-1-2-for-clients-on-java-7 // https://blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" }); // Cipher suites with SHA384 and SHA256 are available only for TLS 1.2 or later. // http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites // http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites var SystemSupportedCipherSuites = xSSLServerSocket.getSupportedCipherSuites(); SystemSupportedCipherSuites.WithEach( SupportedCipherSuite => { Console.WriteLine(new { SupportedCipherSuite }); } ); //if (SystemSupportedCipherSuites.Contains()) // https://googleonlinesecurity.blogspot.com.ee/2013/11/a-roster-of-tls-cipher-suites-weaknesses.html // http://stackoverflow.com/questions/21289293/java-7-support-of-aes-gcm-in-ssl-tls // need java 8? //xSSLServerSocket.setEnabledCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA"); // https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https // https://community.oracle.com/thread/2382681?tstart=0 //Cipher Suites: [ // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, // Unknown 0xcc:0x14, // Unknown 0xcc:0x13, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, // TLS_DHE_RSA_WITH_AES_256_CBC_SHA, // TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, // TLS_DHE_RSA_WITH_AES_128_CBC_SHA, // TLS_RSA_WITH_AES_128_GCM_SHA256, // TLS_RSA_WITH_AES_256_CBC_SHA, // TLS_RSA_WITH_AES_128_CBC_SHA, // SSL_RSA_WITH_3DES_EDE_CBC_SHA] // Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, // Unknown 0xcc:0x14, Unknown 0xcc:0x13, //TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, //TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, //TLS_DHE_RSA_WITH_AES_256_CBC_SHA, //TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, //TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, //TLS_DHE_RSA_WITH_AES_128_CBC_SHA, //TLS_RSA_WITH_AES_128_GCM_SHA256, //TLS_RSA_WITH_AES_256_CBC_SHA, //TLS_RSA_WITH_AES_128_CBC_SHA, //SSL_RSA_WITH_3DES_EDE_CBC_SHA //] var enabledCipherSuites = new[] { //"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" // { Message = Unsupported ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 //"TLS_RSA_WITH_AES_128_GCM_SHA256" //"TLS_RSA_WITH_AES_256_CBC_SHA" "TLS_RSA_WITH_AES_128_CBC_SHA" //"SSL_RSA_WITH_3DES_EDE_CBC_SHA" // { Message = Unsupported ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 //"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" // { Message = Unsupported ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 //"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" // { Message = Unsupported ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, StackTrace = java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 //"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" }; // need id? //xSSLServerSocket.setNeedClientAuth(true); ////xSSLServerSocket.setWantClientAuth(true); //xSSLServerSocket.setEnabledCipherSuites(enabledCipherSuites); var ok = true; while (ok) { //Console.WriteLine("accept..."); var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket; //Console.WriteLine(new { xSSLSocket }); // http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit // java u suck. //Console.WriteLine("startHandshake..."); try { // http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html Func<string> getdata = () => "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>"; // can we await for it? xSSLSocket.addHandshakeCompletedListener( new xHandshakeCompletedListener { yield = e => { try { Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length }); var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate; var x509 = new __X509Certificate2 { InternalElement = c }; if (c != null) { getdata = () => "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>" + new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString() ); } } catch (Exception fault) { //Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated // at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source) // at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source) //throw; Console.WriteLine("getPeerCertificates " + new { fault.Message }); } } } ); xSSLSocket.startHandshake(); //Cipher Suites: [ // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, // Unknown 0xcc:0x14, //Unknown 0xcc:0x13, //TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, //TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, //TLS_DHE_RSA_WITH_AES_256_CBC_SHA, //TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, //TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, //TLS_DHE_RSA_WITH_AES_128_CBC_SHA, //TLS_RSA_WITH_AES_128_GCM_SHA256, //TLS_RSA_WITH_AES_256_CBC_SHA, //TLS_RSA_WITH_AES_128_CBC_SHA, //SSL_RSA_WITH_3DES_EDE_CBC_SHA] // http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html // Error 573 The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'. Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs 68 17 JVMCLRSSLServerSocket var xNetworkStream = new __NetworkStream { InternalInputStream = xSSLSocket.getInputStream(), InternalOutputStream = xSSLSocket.getOutputStream() }; Console.WriteLine(new { xNetworkStream }); // http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java // http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm // http://192.168.1.12:8443/ // chrome does a download of NAK EXT SOH NUL STX STX ?? // { byte0 = 71 } //var byte0 = xNetworkStream.ReadByte(); //{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f } //{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 } //{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] } //{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] } //{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 } //{ byte0 = -1 } //Console.WriteLine(new { byte0 }); //Console.WriteLine(new { byte0 }); //{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space // at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110) // at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156) // at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140) // at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51) // at JVMCLRSSLServerSocket.Program.main(Program.java:145) var xStreamReader = new StreamReader(xNetworkStream); var line0 = xStreamReader.ReadLine(); Console.WriteLine(new { line0 }); // { line0 = GET / HTTP/1.1 } // http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve // http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common //Implementation not found for type import : //type: System.IO.StreamWriter //method: Void .ctor(System.IO.Stream) //var xStreamWriter = new StreamWriter(xNetworkStream); var data = getdata(); var bytes = Encoding.UTF8.GetBytes(data); xNetworkStream.Write(bytes, 0, bytes.Length); xNetworkStream.Close(); } catch (Exception fault) { reportHansshakeFault(fault); } //Thread.Sleep(5000); } } catch (Exception err) { Console.WriteLine( new { err.Message, err.StackTrace } ); } //CLRProgram.CLRMain(); Console.WriteLine("done"); Console.ReadLine(); }
public static void Main(string[] args) { // http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html // https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/ // https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010 try { // first lets print into console the aliases we could be choosing from // it should show the CA and the host alias on windows. // once this works. lets do an example that works with JVM keystore #region Certificates Func<string, IEnumerable<System.Security.Cryptography.X509Certificates.X509Certificate2>> Certificates = keyStoreType => { var a = new List<System.Security.Cryptography.X509Certificates.X509Certificate2> { }; try { // http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b27/sun/security/mscapi/SunMSCAPI.java // https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html // https://social.msdn.microsoft.com/Forums/expression/en-US/52dca221-1e05-44c1-8c45-9e0d4a807853/java-keystoreload-for-windowsmy-pops-up-insert-smart-card-window?forum=windowssecurity // I removed some personal certificaties at key manager (certmgr.msc) and wala! //Client Authentication (1.3.6.1.5.5.7.3.2) //Secure Email (1.3.6.1.5.5.7.3.4) // https://www.chilkatsoft.com/p/p_280.asp // HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider // http://stackoverflow.com/questions/27692904/how-to-avoid-smart-card-selection-popup-when-accessing-windows-my-using-java // http://stackoverflow.com/questions/4552100/how-to-prevent-popups-when-loading-a-keystore // http://stackoverflow.com/questions/15220976/how-to-obtain-a-users-identity-from-a-smartcard-on-windows-mscapi-with-java KeyStore xKeyStore = KeyStore.getInstance(keyStoreType); //Console.WriteLine(new { xKeyStore }); //Console.WriteLine("load... " + new { keyStoreType }); xKeyStore.load(null, null); //Console.WriteLine("load... done"); //Console.WriteLine("aliases..."); java.util.Enumeration en = xKeyStore.aliases(); //Console.WriteLine("aliases... done"); while (en.hasMoreElements()) { var aliasKey = (string)en.nextElement(); //Console.WriteLine(new { aliasKey }); // PCSC? var c509 = xKeyStore.getCertificate(aliasKey) as java.security.cert.X509Certificate; if (c509 != null) { System.Security.Cryptography.X509Certificates.X509Certificate2 crt = new __X509Certificate2 { FriendlyName = aliasKey, InternalElement = c509 }; //Console.WriteLine(new { crt.Subject, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false) }); //Console.WriteLine(new { aliasKey, crt.SerialNumber, SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false), crt.Issuer }); a.Add(crt); } //if (aliasKey.equals("myKey") ) { // PrivateKey key = (PrivateKey)ks.getKey(aliasKey, "monPassword".toCharArray()); // Certificate[] chain = ks.getCertificateChain(aliasKey); //} } } catch //(Exception closure) { throw; } return a; }; #endregion Certificates("Windows-ROOT").WithEach( crt => { // aliasKey = peer integrity authority for cpu BFEBFBFF000306A9 // SimpleName = peer integrity authority for cpu BFEBFBFF000306A9 var SimpleName = crt.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.SimpleName, false); if (SimpleName.StartsWith("peer integrity authority for cpu")) Console.WriteLine(new { crt.FriendlyName, SimpleName, crt.SerialNumber, crt.Issuer }); } ); Certificates("Windows-MY").GroupBy(x => x.FriendlyName).WithEach( crt => { //{ FriendlyName = 192.168.1.12 } //{ FriendlyName = 192.168.43.12 } //{ FriendlyName = 192.168.173.12 } //{ FriendlyName = 192.168.42.46 } //{ FriendlyName = Administrator } // hide non ip certs.. if (!crt.Key.Contains(".")) return; Console.WriteLine(new { FriendlyName = crt.Key }); //Console.WriteLine(new { crt.FriendlyName, crt.SerialNumber }); } ); Console.WriteLine("-"); // now lets start a ssl server and convince jvm to use the first friendly name we found.. var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2"); Console.WriteLine(new { xSSLContext }); var xTrustEveryoneManager = new[] { new TrustEveryoneManager() }; var xKeyManager = new[] { new localKeyManager() }; xSSLContext.init( // SunMSCAPI ? xKeyManager, xTrustEveryoneManager, new java.security.SecureRandom() ); var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory(); var ss443 = xSSLServerSocketFactory.createServerSocket(8443); Console.WriteLine(new { ss443 }); // http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket; xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" }); var ok = true; while (ok) { //Console.WriteLine("accept..."); var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket; //Console.WriteLine(new { xSSLSocket }); // http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit // java u suck. //Console.WriteLine("startHandshake..."); try { // http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html Func<string> getdata = () => "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>"; // can we await for it? xSSLSocket.addHandshakeCompletedListener( new xHandshakeCompletedListener { yield = e => { try { Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length }); var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate; var x509 = new __X509Certificate2 { InternalElement = c }; if (c != null) { getdata = () => "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>" + new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString() ); } } catch (Exception fault) { //Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated // at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source) // at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source) //throw; Console.WriteLine("getPeerCertificates " + new { fault.Message }); } } } ); xSSLSocket.startHandshake(); //Cipher Suites: [ // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, // Unknown 0xcc:0x14, //Unknown 0xcc:0x13, //TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, //TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, //TLS_DHE_RSA_WITH_AES_256_CBC_SHA, //TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, //TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, //TLS_DHE_RSA_WITH_AES_128_CBC_SHA, //TLS_RSA_WITH_AES_128_GCM_SHA256, //TLS_RSA_WITH_AES_256_CBC_SHA, //TLS_RSA_WITH_AES_128_CBC_SHA, //SSL_RSA_WITH_3DES_EDE_CBC_SHA] // http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html // Error 573 The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'. Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs 68 17 JVMCLRSSLServerSocket var xNetworkStream = new __NetworkStream { InternalInputStream = xSSLSocket.getInputStream(), InternalOutputStream = xSSLSocket.getOutputStream() }; Console.WriteLine(new { xNetworkStream }); // http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java // http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm // http://192.168.1.12:8443/ // chrome does a download of NAK EXT SOH NUL STX STX ?? // { byte0 = 71 } //var byte0 = xNetworkStream.ReadByte(); //{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f } //{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 } //{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] } //{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] } //{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 } //{ byte0 = -1 } //Console.WriteLine(new { byte0 }); //Console.WriteLine(new { byte0 }); //{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space // at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110) // at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156) // at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140) // at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51) // at JVMCLRSSLServerSocket.Program.main(Program.java:145) var xStreamReader = new StreamReader(xNetworkStream); var line0 = xStreamReader.ReadLine(); Console.WriteLine(new { line0 }); // { line0 = GET / HTTP/1.1 } // http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve // http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common //Implementation not found for type import : //type: System.IO.StreamWriter //method: Void .ctor(System.IO.Stream) //var xStreamWriter = new StreamWriter(xNetworkStream); var data = getdata(); var bytes = Encoding.UTF8.GetBytes(data); xNetworkStream.Write(bytes, 0, bytes.Length); xNetworkStream.Close(); } catch (Exception fault) { reportHansshakeFault(fault); } //Thread.Sleep(5000); } } catch (Exception err) { Console.WriteLine( new { err.Message, err.StackTrace } ); } Console.WriteLine("done"); Console.ReadLine(); }
public static void Main(string[] args) { // http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html // https://alesaudate.wordpress.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/ // https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201510/20151010 try { // first lets print into console the aliases we could be choosing from // it should show the CA and the host alias on windows. // once this works. lets do an example that works with JVM keystore Console.WriteLine("-"); // now lets start a ssl server and convince jvm to use the first friendly name we found.. var xSSLContext = javax.net.ssl.SSLContext.getInstance("TLSv1.2"); Console.WriteLine(new { xSSLContext }); var xTrustEveryoneManager = new[] { new TrustEveryoneManager() }; var xKeyManager = new[] { new localKeyManager() }; xSSLContext.init( // SunMSCAPI ? xKeyManager, xTrustEveryoneManager, new java.security.SecureRandom() ); var xSSLServerSocketFactory = xSSLContext.getServerSocketFactory(); //var ss443 = xSSLServerSocketFactory.createServerSocket(8443); // { Message = Address already in use: JVM_Bind, StackTrace = java.net.BindException: Address already in use: JVM_Bind // stop AppHostSvc //[svchost.exe] // TCP 0.0.0.0:443 red:0 LISTENING 4 //var ss443 = xSSLServerSocketFactory.createServerSocket(443); var ss443 = xSSLServerSocketFactory.createServerSocket(8443); Console.WriteLine(new { ss443 }); // http://developer.android.com/reference/javax/net/ssl/SSLServerSocket.html var xSSLServerSocket = ss443 as javax.net.ssl.SSLServerSocket; xSSLServerSocket.setEnabledProtocols(new[] { "TLSv1.2", "SSLv2Hello" }); var ok = true; while (ok) { //Console.WriteLine("accept..."); var xSSLSocket = ss443.accept() as javax.net.ssl.SSLSocket; //Console.WriteLine(new { xSSLSocket }); // http://security.stackexchange.com/questions/76993/now-that-it-is-2015-what-ssl-tls-cipher-suites-should-be-used-in-a-high-securit // java u suck. //Console.WriteLine("startHandshake..."); try { // http://developer.android.com/reference/javax/net/ssl/HandshakeCompletedEvent.html Func<string> getdata = () => "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>hello world</h1>"; // can we await for it? xSSLSocket.addHandshakeCompletedListener( new xHandshakeCompletedListener { yield = e => { try { Console.WriteLine("xHandshakeCompletedListener " + new { e.getPeerCertificates().Length }); var c = e.getPeerCertificates().FirstOrDefault() as X509Certificate; var x509 = new __X509Certificate2 { InternalElement = c }; if (c != null) { getdata = () => "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n<h1>authenticated!</h1>" + new XElement("pre", new { x509.Subject, x509.SerialNumber }.ToString() ); } } catch (Exception fault) { //Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated // at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source) // at javax.net.ssl.HandshakeCompletedEvent.getPeerCertificates(Unknown Source) //throw; Console.WriteLine("getPeerCertificates " + new { fault.Message }); } } } ); xSSLSocket.startHandshake(); //Cipher Suites: [ // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, // Unknown 0xcc:0x14, //Unknown 0xcc:0x13, //TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, //TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, //TLS_DHE_RSA_WITH_AES_256_CBC_SHA, //TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, //TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, //TLS_DHE_RSA_WITH_AES_128_CBC_SHA, //TLS_RSA_WITH_AES_128_GCM_SHA256, //TLS_RSA_WITH_AES_256_CBC_SHA, //TLS_RSA_WITH_AES_128_CBC_SHA, //SSL_RSA_WITH_3DES_EDE_CBC_SHA] // http://www.e2college.com/blogs/java_security/ssl_handshake_failure_due_to_unsupported_cipher_su.html // Error 573 The type 'ScriptCoreLib.Shared.BCLImplementation.System.IO.__Stream' is defined in an assembly that is not referenced. You must add a reference to assembly 'ScriptCoreLib, Version=4.6.0.0, Culture=neutral, PublicKeyToken=null'. Z:\jsc.svn\examples\java\hybrid\Test\JVMCLRSSLServerSocket\JVMCLRSSLServerSocket\Program.cs 68 17 JVMCLRSSLServerSocket var xNetworkStream = new __NetworkStream { InternalInputStream = xSSLSocket.getInputStream(), InternalOutputStream = xSSLSocket.getOutputStream() }; Console.WriteLine(new { xNetworkStream }); // http://stackoverflow.com/questions/13874387/create-app-with-sslsocket-java // http://www.java2s.com/Tutorial/Java/0320__Network/CreatinganSSLServerSocket.htm // http://192.168.1.12:8443/ // chrome does a download of NAK EXT SOH NUL STX STX ?? // { byte0 = 71 } //var byte0 = xNetworkStream.ReadByte(); //{ cf = sun.security.ssl.SSLSocketFactoryImpl@93f13f } //{ ssf = sun.security.ssl.SSLServerSocketFactoryImpl@15dc721 } //{ ss443 = [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,localport=8443]] } //{ xSSLSocket = 1747f59[SSL_NULL_WITH_NULL_NULL: Socket[addr=/192.168.1.196,port=55953,localport=8443]] } //{ xNetworkStream = ScriptCoreLibJava.BCLImplementation.System.Net.Sockets.__NetworkStream@538cc2 } //{ byte0 = -1 } //Console.WriteLine(new { byte0 }); //Console.WriteLine(new { byte0 }); //{ Message = Java heap space, StackTrace = java.lang.OutOfMemoryError: Java heap space // at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.set_Capacity(__MemoryStream.java:110) // at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.InternalEnsureCapacity(__MemoryStream.java:156) // at ScriptCoreLibJava.BCLImplementation.System.IO.__MemoryStream.WriteByte(__MemoryStream.java:140) // at ScriptCoreLibJava.BCLImplementation.System.IO.__StreamReader.ReadLine(__StreamReader.java:51) // at JVMCLRSSLServerSocket.Program.main(Program.java:145) var xStreamReader = new StreamReader(xNetworkStream); var line0 = xStreamReader.ReadLine(); //Console.WriteLine(new { line0 }); // { line0 = GET / HTTP/1.1 } // http://stackoverflow.com/questions/3662837/java-no-cipher-suites-in-common-issue-when-trying-to-securely-connect-to-serve // http://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common //Implementation not found for type import : //type: System.IO.StreamWriter //method: Void .ctor(System.IO.Stream) //var xStreamWriter = new StreamWriter(xNetworkStream); var data = getdata(); var bytes = Encoding.UTF8.GetBytes(data); xNetworkStream.Write(bytes, 0, bytes.Length); xNetworkStream.Close(); } catch (Exception fault) { reportHansshakeFault(fault); } //Thread.Sleep(5000); } } catch (Exception err) { Console.WriteLine( new { err.Message, err.StackTrace } ); } Console.WriteLine("done"); Console.ReadLine(); }