LP_DevOps/Java_TP
Archived
1
0
Fork 0
Code Activity

Setup SSL for WebSocket connection

Browse source
This commit is contained in:
Ethanell 2022-01-05 10:00:07 +01:00
parent 7caec71de3
commit 38b86b16de
4 changed files with 93 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
src/fr/univ/lyon1/client/Client.java
View file

@ -1,12 +1,17 @@
package fr.univ.lyon1.client; package fr.univ.lyon1.client;
import fr.univ.lyon1.common.Channel; import fr.univ.lyon1.common.Channel;
import fr.univ.lyon1.common.ChatSSL;
import fr.univ.lyon1.common.Message; import fr.univ.lyon1.common.Message;
import fr.univ.lyon1.common.command.Command; import fr.univ.lyon1.common.command.Command;
import fr.univ.lyon1.common.command.CommandType; import fr.univ.lyon1.common.command.CommandType;
import fr.univ.lyon1.common.exception.ChatException; import fr.univ.lyon1.common.exception.ChatException;
import fr.univ.lyon1.common.exception.UnknownCommand; import fr.univ.lyon1.common.exception.UnknownCommand;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import java.io.IOException; import java.io.IOException;
import java.io.ObjectInputStream; import java.io.ObjectInputStream;
import java.io.ObjectOutputStream; import java.io.ObjectOutputStream;
@ -31,11 +36,24 @@ public class Client {
this.port = port; this.port = port;
this.username = username; this.username = username;
this.password = password; this.password = password;
socket = new Socket(address, port); socket = initSSL();
out = new ObjectOutputStream(socket.getOutputStream()); out = new ObjectOutputStream(socket.getOutputStream());
getIn(); getIn();
} }
private Socket initSSL() throws IOException {
SSLContext ctx = ChatSSL.getSSLContext();
SocketFactory factory = ctx.getSocketFactory();
Socket connection = factory.createSocket(address, port);
((SSLSocket) connection).setEnabledProtocols(new String[] {ChatSSL.tlsVersion});
SSLParameters sslParams = new SSLParameters();
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
((SSLSocket) connection).setSSLParameters(sslParams);
return connection;
}
public void disconnectedServer() throws IOException { public void disconnectedServer() throws IOException {
socket.close(); socket.close();
out.close(); out.close();

57
src/fr/univ/lyon1/common/ChatSSL.java Normal file
View file

@ -0,0 +1,57 @@
package fr.univ.lyon1.common;
import fr.univ.lyon1.server.Connection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import java.io.IOException;
import java.io.InputStream;
import java.security.*;
import java.security.cert.CertificateException;
/*
keytool -genkeypair -alias server -keyalg EC \
-sigalg SHA384withECDSA -keysize 256 -keystore servercert.p12 \
-storetype pkcs12 -v -storepass abc123 -validity 10000 -ext san=ip:127.0.0.1
*/
public class ChatSSL {
public static String trustStoreName = "servercert.p12";
public static String keyStoreName = "servercert.p12";
public static String tlsVersion = "TLSv1.2";
private static char[] trustStorePassword = "abc123".toCharArray();
private static char[] keyStorePassword = "abc123".toCharArray();
public static SSLContext getSSLContext() {
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream tstore = Connection.class
.getResourceAsStream("/" + trustStoreName);
trustStore.load(tstore, trustStorePassword);
tstore.close();
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream kstore = Connection.class
.getResourceAsStream("/" + keyStoreName);
keyStore.load(kstore, keyStorePassword);
KeyManagerFactory kmf = KeyManagerFactory
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, keyStorePassword);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(),
SecureRandom.getInstanceStrong());
return ctx;
} catch (KeyStoreException | IOException | NoSuchAlgorithmException | KeyManagementException | CertificateException | UnrecoverableKeyException e) {
e.printStackTrace();
System.exit(1);
}
return null;
}
}

18
src/fr/univ/lyon1/server/Connection.java
View file

@ -1,5 +1,8 @@
package fr.univ.lyon1.server; package fr.univ.lyon1.server;
import fr.univ.lyon1.common.ChatSSL;
import javax.net.ssl.*;
import java.io.IOException; import java.io.IOException;
import java.net.ServerSocket; import java.net.ServerSocket;
import java.net.Socket; import java.net.Socket;
@ -10,7 +13,20 @@ public class Connection implements Runnable {
Connection(Server server) throws IOException { Connection(Server server) throws IOException {
this.server = server; this.server = server;
this.serverSocket = new ServerSocket(server.getPort()); this.serverSocket = initSSL();
}
private SSLServerSocket initSSL() throws IOException {
SSLContext ctx = ChatSSL.getSSLContext();
SSLServerSocketFactory factory = ctx.getServerSocketFactory();
ServerSocket listener = factory.createServerSocket(server.getPort());
SSLServerSocket sslListener = (SSLServerSocket) listener;
sslListener.setNeedClientAuth(true);
sslListener.setEnabledProtocols(new String[]{ChatSSL.tlsVersion});
return sslListener;
} }
public void run() { public void run() {

BIN
src/main/resources/servercert.p12 Normal file
View file

Binary file not shown.