org.xwt
Class TinySSL

java.lang.Object
  java.net.Socket
      org.xwt.TinySSL

public class TinySSL

extends java.net.Socket

TinySSL: a tiny SSL implementation in Java, built on the bouncycastle.org lightweight crypto library. This class implements an SSLv3 client-side socket, with the SSL_RSA_EXPORT_WITH_RC4_40_MD5 and SSL_RSA_WITH_RC4_128_MD5 cipher suites, as well as certificate chain verification against a collection of 93 built-in Trusted Root CA public keys (the same 93 included with Microsoft Internet Explorer 5.5 SP2). As of 07-Dec-01, the zipped bytecode for this class is 43k, and the subset of bouncycastle it requires is 82k. This class should work correctly on any Java 1.1 compliant platform. The java.security.* classes are not used. The main design goal for this class was the smallest possible body of code capable of connecting to 99% of all active HTTPS servers. Although this class is useful in many other situations (IMAPS, Secure SMTP, etc), the author will refuse all feature requests and submitted patches which go beyond this scope. Because of the limited goals of this class, certain abstractions have been avoided, and certain parameters have been hard-coded. "Magic numbers" are often used instead of "static final int"'s, although they are usually accompanied by a descriptive comment. Numeric offsets into byte arrays are also favored over DataInputStream(ByteArrayInputStream(foo))'s. Much thanks and credit go to the BouncyCastle team for producing such a first-class library, and for helping me out on the dev-crypto mailing list while I was writing this. Revision History: 1.0 07-Dec-01 Initial Release 1.01 15-Mar-02 Added PKCS1 class to avoid dependancy on java.security.SecureRandom 1.02 27-Mar-02 Fixed a bug which would hang the connection when more than one Handshake message appeared in the same TLS Record 1.03 10-Aug-02 Fixed a vulnerability outlined at http://online.securityfocus.com/archive/1/286290

Nested Class Summary

static class

TinySSL.SSLException

Field Summary

static boolean	alwaysFalse
boolean	cert_requested true iff the server asked for a certificate
byte[]	client_random
byte[]	client_write_key
byte[]	client_write_MAC_secret
byte[]	handshakes the concatenation of all the bytes of all handshake messages sent or recieved
org.xwt.TinySSL.SSLInputStream	is
byte[]	master_secret
org.xwt.TinySSL.SSLOutputStream	os
static byte[]	pad1
static byte[]	pad1_sha
static byte[]	pad2
static byte[]	pad2_sha
X509CertificateStructure	server_cert
byte[]	server_random
byte[]	server_write_key
byte[]	server_write_MAC_secret
byte[]	serverKeyExchange the bytes of the ServerKeyExchangeMessage, null if none recieved

Constructor Summary

TinySSL(java.lang.String host, int port)

TinySSL(java.lang.String host, int port, boolean negotiateImmediately)

TinySSL(java.lang.String host, int port, boolean negotiateImmediately, boolean ignoreUntrustedCert)

Method Summary

static byte[]	computeMAC(byte type, byte[] payload, int off, int len, byte[] MAC_secret, long seq_num)
static byte[]	concat(byte[][] inputs)
java.io.InputStream	getInputStream()
java.io.OutputStream	getOutputStream()
static void	getRandomBytes(byte[] b, int offset, int len) fills b with random bytes
static void	intToBytes(long val, byte[] b, int offset, int num) copy the least significant num bytes of val into byte array b, startint at offset
static boolean	isSignedBy(X509CertificateStructure signee, SubjectPublicKeyInfo signer) returns true iff certificate "signee" is signed by public key "signer"
static void	main(java.lang.String[] args)
byte[]	md5(byte[][] inputs)
void	negotiate() negotiates the SSL connection
byte[]	sha(byte[][] inputs)

Methods inherited from class java.net.Socket

bind, close, connect, connect, getChannel, getInetAddress, getKeepAlive, getLocalAddress, getLocalPort, getLocalSocketAddress, getOOBInline, getPort, getReceiveBufferSize, getRemoteSocketAddress, getReuseAddress, getSendBufferSize, getSoLinger, getSoTimeout, getTcpNoDelay, getTrafficClass, isBound, isClosed, isConnected, isInputShutdown, isOutputShutdown, sendUrgentData, setKeepAlive, setOOBInline, setReceiveBufferSize, setReuseAddress, setSendBufferSize, setSocketImplFactory, setSoLinger, setSoTimeout, setTcpNoDelay, setTrafficClass, shutdownInput, shutdownOutput, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

pad1

public static byte[] pad1

pad2

public static byte[] pad2

pad1_sha

public static byte[] pad1_sha

pad2_sha

public static byte[] pad2_sha

server_random

public byte[] server_random

client_random

public byte[] client_random

client_write_MAC_secret

public byte[] client_write_MAC_secret

server_write_MAC_secret

public byte[] server_write_MAC_secret

client_write_key

public byte[] client_write_key

server_write_key

public byte[] server_write_key

master_secret

public byte[] master_secret

serverKeyExchange

public byte[] serverKeyExchange

the bytes of the ServerKeyExchangeMessage, null if none recieved

cert_requested

public boolean cert_requested

true iff the server asked for a certificate

server_cert

public X509CertificateStructure server_cert

os

public org.xwt.TinySSL.SSLOutputStream os

is

public org.xwt.TinySSL.SSLInputStream is

handshakes

public byte[] handshakes

the concatenation of all the bytes of all handshake messages sent or recieved

alwaysFalse

public static boolean alwaysFalse

Constructor Detail

TinySSL

public TinySSL(java.lang.String host,
               int port)
        throws java.io.IOException

TinySSL

public TinySSL(java.lang.String host,
               int port,
               boolean negotiateImmediately)
        throws java.io.IOException

TinySSL

public TinySSL(java.lang.String host,
               int port,
               boolean negotiateImmediately,
               boolean ignoreUntrustedCert)
        throws java.io.IOException

Method Detail

main

public static void main(java.lang.String[] args)

getInputStream

public java.io.InputStream getInputStream()
                                   throws java.io.IOException

Throws:

java.io.IOException

getOutputStream

public java.io.OutputStream getOutputStream()
                                     throws java.io.IOException

Throws:

java.io.IOException

negotiate

public void negotiate()
               throws java.io.IOException

negotiates the SSL connection

Throws:

java.io.IOException

intToBytes

public static void intToBytes(long val,
                              byte[] b,
                              int offset,
                              int num)

copy the least significant num bytes of val into byte array b, startint at offset

getRandomBytes

public static void getRandomBytes(byte[] b,
                                  int offset,
                                  int len)

fills b with random bytes

computeMAC

public static byte[] computeMAC(byte type,
                                byte[] payload,
                                int off,
                                int len,
                                byte[] MAC_secret,
                                long seq_num)

concat

public static byte[] concat(byte[][] inputs)

sha

public byte[] sha(byte[][] inputs)

md5

public byte[] md5(byte[][] inputs)

isSignedBy

public static boolean isSignedBy(X509CertificateStructure signee,
                                 SubjectPublicKeyInfo signer)
                          throws TinySSL.SSLException

returns true iff certificate "signee" is signed by public key "signer"

Throws:

TinySSL.SSLException