org.xwt
Class TinySSL

java.lang.Object
  extended byjava.net.Socket
      extended byorg.xwt.TinySSL

public class TinySSL
extends java.net.Socket

TinySSL: a tiny SSL implementation in Java, built on the bouncycastle.org lightweight crypto library. This class implements an SSLv3 client-side socket, with the SSL_RSA_EXPORT_WITH_RC4_40_MD5 and SSL_RSA_WITH_RC4_128_MD5 cipher suites, as well as certificate chain verification against a collection of 93 built-in Trusted Root CA public keys (the same 93 included with Microsoft Internet Explorer 5.5 SP2). As of 07-Dec-01, the zipped bytecode for this class is 43k, and the subset of bouncycastle it requires is 82k. This class should work correctly on any Java 1.1 compliant platform. The java.security.* classes are not used. The main design goal for this class was the smallest possible body of code capable of connecting to 99% of all active HTTPS servers. Although this class is useful in many other situations (IMAPS, Secure SMTP, etc), the author will refuse all feature requests and submitted patches which go beyond this scope. Because of the limited goals of this class, certain abstractions have been avoided, and certain parameters have been hard-coded. "Magic numbers" are often used instead of "static final int"'s, although they are usually accompanied by a descriptive comment. Numeric offsets into byte arrays are also favored over DataInputStream(ByteArrayInputStream(foo))'s. Much thanks and credit go to the BouncyCastle team for producing such a first-class library, and for helping me out on the dev-crypto mailing list while I was writing this. Revision History: 1.0 07-Dec-01 Initial Release 1.01 15-Mar-02 Added PKCS1 class to avoid dependancy on java.security.SecureRandom 1.02 27-Mar-02 Fixed a bug which would hang the connection when more than one Handshake message appeared in the same TLS Record 1.03 10-Aug-02 Fixed a vulnerability outlined at http://online.securityfocus.com/archive/1/286290


Nested Class Summary
static class TinySSL.SSLException
           
 
Field Summary
static boolean alwaysFalse
           
 boolean cert_requested
          true iff the server asked for a certificate
 byte[] client_random
           
 byte[] client_write_key
           
 byte[] client_write_MAC_secret
           
 byte[] handshakes
          the concatenation of all the bytes of all handshake messages sent or recieved
 org.xwt.TinySSL.SSLInputStream is
           
 byte[] master_secret
           
 org.xwt.TinySSL.SSLOutputStream os
           
static byte[] pad1
           
static byte[] pad1_sha
           
static byte[] pad2
           
static byte[] pad2_sha
           
 X509CertificateStructure server_cert
           
 byte[] server_random
           
 byte[] server_write_key
           
 byte[] server_write_MAC_secret
           
 byte[] serverKeyExchange
          the bytes of the ServerKeyExchangeMessage, null if none recieved
 
Constructor Summary
TinySSL(java.lang.String host, int port)
           
TinySSL(java.lang.String host, int port, boolean negotiateImmediately)
           
TinySSL(java.lang.String host, int port, boolean negotiateImmediately, boolean ignoreUntrustedCert)
           
 
Method Summary
static byte[] computeMAC(byte type, byte[] payload, int off, int len, byte[] MAC_secret, long seq_num)
           
static byte[] concat(byte[][] inputs)
           
 java.io.InputStream getInputStream()
           
 java.io.OutputStream getOutputStream()
           
static void getRandomBytes(byte[] b, int offset, int len)
          fills b with random bytes
static void intToBytes(long val, byte[] b, int offset, int num)
          copy the least significant num bytes of val into byte array b, startint at offset
static boolean isSignedBy(X509CertificateStructure signee, SubjectPublicKeyInfo signer)
          returns true iff certificate "signee" is signed by public key "signer"
static void main(java.lang.String[] args)
           
 byte[] md5(byte[][] inputs)
           
 void negotiate()
          negotiates the SSL connection
 byte[] sha(byte[][] inputs)
           
 
Methods inherited from class java.net.Socket
bind, close, connect, connect, getChannel, getInetAddress, getKeepAlive, getLocalAddress, getLocalPort, getLocalSocketAddress, getOOBInline, getPort, getReceiveBufferSize, getRemoteSocketAddress, getReuseAddress, getSendBufferSize, getSoLinger, getSoTimeout, getTcpNoDelay, getTrafficClass, isBound, isClosed, isConnected, isInputShutdown, isOutputShutdown, sendUrgentData, setKeepAlive, setOOBInline, setReceiveBufferSize, setReuseAddress, setSendBufferSize, setSocketImplFactory, setSoLinger, setSoTimeout, setTcpNoDelay, setTrafficClass, shutdownInput, shutdownOutput, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

pad1

public static byte[] pad1

pad2

public static byte[] pad2

pad1_sha

public static byte[] pad1_sha

pad2_sha

public static byte[] pad2_sha

server_random

public byte[] server_random

client_random

public byte[] client_random

client_write_MAC_secret

public byte[] client_write_MAC_secret

server_write_MAC_secret

public byte[] server_write_MAC_secret

client_write_key

public byte[] client_write_key

server_write_key

public byte[] server_write_key

master_secret

public byte[] master_secret

serverKeyExchange

public byte[] serverKeyExchange
the bytes of the ServerKeyExchangeMessage, null if none recieved


cert_requested

public boolean cert_requested
true iff the server asked for a certificate


server_cert

public X509CertificateStructure server_cert

os

public org.xwt.TinySSL.SSLOutputStream os

is

public org.xwt.TinySSL.SSLInputStream is

handshakes

public byte[] handshakes
the concatenation of all the bytes of all handshake messages sent or recieved


alwaysFalse

public static boolean alwaysFalse
Constructor Detail

TinySSL

public TinySSL(java.lang.String host,
               int port)
        throws java.io.IOException

TinySSL

public TinySSL(java.lang.String host,
               int port,
               boolean negotiateImmediately)
        throws java.io.IOException

TinySSL

public TinySSL(java.lang.String host,
               int port,
               boolean negotiateImmediately,
               boolean ignoreUntrustedCert)
        throws java.io.IOException
Method Detail

main

public static void main(java.lang.String[] args)

getInputStream

public java.io.InputStream getInputStream()
                                   throws java.io.IOException
Throws:
java.io.IOException

getOutputStream

public java.io.OutputStream getOutputStream()
                                     throws java.io.IOException
Throws:
java.io.IOException

negotiate

public void negotiate()
               throws java.io.IOException
negotiates the SSL connection

Throws:
java.io.IOException

intToBytes

public static void intToBytes(long val,
                              byte[] b,
                              int offset,
                              int num)
copy the least significant num bytes of val into byte array b, startint at offset


getRandomBytes

public static void getRandomBytes(byte[] b,
                                  int offset,
                                  int len)
fills b with random bytes


computeMAC

public static byte[] computeMAC(byte type,
                                byte[] payload,
                                int off,
                                int len,
                                byte[] MAC_secret,
                                long seq_num)

concat

public static byte[] concat(byte[][] inputs)

sha

public byte[] sha(byte[][] inputs)

md5

public byte[] md5(byte[][] inputs)

isSignedBy

public static boolean isSignedBy(X509CertificateStructure signee,
                                 SubjectPublicKeyInfo signer)
                          throws TinySSL.SSLException
returns true iff certificate "signee" is signed by public key "signer"

Throws:
TinySSL.SSLException