|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object java.net.Socket org.xwt.TinySSL
TinySSL: a tiny SSL implementation in Java, built on the bouncycastle.org lightweight crypto library. This class implements an SSLv3 client-side socket, with the SSL_RSA_EXPORT_WITH_RC4_40_MD5 and SSL_RSA_WITH_RC4_128_MD5 cipher suites, as well as certificate chain verification against a collection of 93 built-in Trusted Root CA public keys (the same 93 included with Microsoft Internet Explorer 5.5 SP2). As of 07-Dec-01, the zipped bytecode for this class is 43k, and the subset of bouncycastle it requires is 82k. This class should work correctly on any Java 1.1 compliant platform. The java.security.* classes are not used. The main design goal for this class was the smallest possible body of code capable of connecting to 99% of all active HTTPS servers. Although this class is useful in many other situations (IMAPS, Secure SMTP, etc), the author will refuse all feature requests and submitted patches which go beyond this scope. Because of the limited goals of this class, certain abstractions have been avoided, and certain parameters have been hard-coded. "Magic numbers" are often used instead of "static final int"'s, although they are usually accompanied by a descriptive comment. Numeric offsets into byte arrays are also favored over DataInputStream(ByteArrayInputStream(foo))'s. Much thanks and credit go to the BouncyCastle team for producing such a first-class library, and for helping me out on the dev-crypto mailing list while I was writing this. Revision History: 1.0 07-Dec-01 Initial Release 1.01 15-Mar-02 Added PKCS1 class to avoid dependancy on java.security.SecureRandom 1.02 27-Mar-02 Fixed a bug which would hang the connection when more than one Handshake message appeared in the same TLS Record 1.03 10-Aug-02 Fixed a vulnerability outlined at http://online.securityfocus.com/archive/1/286290
Nested Class Summary | |
static class |
TinySSL.SSLException
|
Field Summary | |
static boolean |
alwaysFalse
|
boolean |
cert_requested
true iff the server asked for a certificate |
byte[] |
client_random
|
byte[] |
client_write_key
|
byte[] |
client_write_MAC_secret
|
byte[] |
handshakes
the concatenation of all the bytes of all handshake messages sent or recieved |
org.xwt.TinySSL.SSLInputStream |
is
|
byte[] |
master_secret
|
org.xwt.TinySSL.SSLOutputStream |
os
|
static byte[] |
pad1
|
static byte[] |
pad1_sha
|
static byte[] |
pad2
|
static byte[] |
pad2_sha
|
X509CertificateStructure |
server_cert
|
byte[] |
server_random
|
byte[] |
server_write_key
|
byte[] |
server_write_MAC_secret
|
byte[] |
serverKeyExchange
the bytes of the ServerKeyExchangeMessage, null if none recieved |
Constructor Summary | |
TinySSL(java.lang.String host,
int port)
|
|
TinySSL(java.lang.String host,
int port,
boolean negotiateImmediately)
|
|
TinySSL(java.lang.String host,
int port,
boolean negotiateImmediately,
boolean ignoreUntrustedCert)
|
Method Summary | |
static byte[] |
computeMAC(byte type,
byte[] payload,
int off,
int len,
byte[] MAC_secret,
long seq_num)
|
static byte[] |
concat(byte[][] inputs)
|
java.io.InputStream |
getInputStream()
|
java.io.OutputStream |
getOutputStream()
|
static void |
getRandomBytes(byte[] b,
int offset,
int len)
fills b with random bytes |
static void |
intToBytes(long val,
byte[] b,
int offset,
int num)
copy the least significant num bytes of val into byte array b, startint at offset |
static boolean |
isSignedBy(X509CertificateStructure signee,
SubjectPublicKeyInfo signer)
returns true iff certificate "signee" is signed by public key "signer" |
static void |
main(java.lang.String[] args)
|
byte[] |
md5(byte[][] inputs)
|
void |
negotiate()
negotiates the SSL connection |
byte[] |
sha(byte[][] inputs)
|
Methods inherited from class java.net.Socket |
bind, close, connect, connect, getChannel, getInetAddress, getKeepAlive, getLocalAddress, getLocalPort, getLocalSocketAddress, getOOBInline, getPort, getReceiveBufferSize, getRemoteSocketAddress, getReuseAddress, getSendBufferSize, getSoLinger, getSoTimeout, getTcpNoDelay, getTrafficClass, isBound, isClosed, isConnected, isInputShutdown, isOutputShutdown, sendUrgentData, setKeepAlive, setOOBInline, setReceiveBufferSize, setReuseAddress, setSendBufferSize, setSocketImplFactory, setSoLinger, setSoTimeout, setTcpNoDelay, setTrafficClass, shutdownInput, shutdownOutput, toString |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
public static byte[] pad1
public static byte[] pad2
public static byte[] pad1_sha
public static byte[] pad2_sha
public byte[] server_random
public byte[] client_random
public byte[] client_write_MAC_secret
public byte[] server_write_MAC_secret
public byte[] client_write_key
public byte[] server_write_key
public byte[] master_secret
public byte[] serverKeyExchange
public boolean cert_requested
public X509CertificateStructure server_cert
public org.xwt.TinySSL.SSLOutputStream os
public org.xwt.TinySSL.SSLInputStream is
public byte[] handshakes
public static boolean alwaysFalse
Constructor Detail |
public TinySSL(java.lang.String host, int port) throws java.io.IOException
public TinySSL(java.lang.String host, int port, boolean negotiateImmediately) throws java.io.IOException
public TinySSL(java.lang.String host, int port, boolean negotiateImmediately, boolean ignoreUntrustedCert) throws java.io.IOException
Method Detail |
public static void main(java.lang.String[] args)
public java.io.InputStream getInputStream() throws java.io.IOException
java.io.IOException
public java.io.OutputStream getOutputStream() throws java.io.IOException
java.io.IOException
public void negotiate() throws java.io.IOException
java.io.IOException
public static void intToBytes(long val, byte[] b, int offset, int num)
public static void getRandomBytes(byte[] b, int offset, int len)
public static byte[] computeMAC(byte type, byte[] payload, int off, int len, byte[] MAC_secret, long seq_num)
public static byte[] concat(byte[][] inputs)
public byte[] sha(byte[][] inputs)
public byte[] md5(byte[][] inputs)
public static boolean isSignedBy(X509CertificateStructure signee, SubjectPublicKeyInfo signer) throws TinySSL.SSLException
TinySSL.SSLException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |