Работа над расшифровкой RSA TLS
This commit is contained in:
serega6531
@@ -2,19 +2,26 @@ package ru.serega6531.packmate.service.optimization;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.SneakyThrows;
|
||||
import org.springframework.security.crypto.codec.Hex;
|
||||
import ru.serega6531.packmate.model.Packet;
|
||||
import ru.serega6531.packmate.utils.PacketUtils;
|
||||
import ru.serega6531.packmate.utils.SSLUtils;
|
||||
import ru.serega6531.packmate.service.optimization.tls.TlsPacket;
|
||||
import ru.serega6531.packmate.service.optimization.tls.keys.TlsKeyUtils;
|
||||
import ru.serega6531.packmate.service.optimization.tls.numbers.CipherSuite;
|
||||
import ru.serega6531.packmate.service.optimization.tls.numbers.ContentType;
|
||||
import ru.serega6531.packmate.service.optimization.tls.numbers.HandshakeType;
|
||||
import ru.serega6531.packmate.service.optimization.tls.records.HandshakeRecord;
|
||||
import ru.serega6531.packmate.service.optimization.tls.records.handshakes.BasicRecordContent;
|
||||
import ru.serega6531.packmate.service.optimization.tls.records.handshakes.ClientHelloHandshakeRecordContent;
|
||||
import ru.serega6531.packmate.service.optimization.tls.records.handshakes.HandshakeRecordContent;
|
||||
import ru.serega6531.packmate.service.optimization.tls.records.handshakes.ServerHelloHandshakeRecordContent;
|
||||
import ru.serega6531.packmate.utils.TlsUtils;
|
||||
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import javax.net.ssl.SSLEngineResult;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.net.ssl.X509KeyManager;
|
||||
import java.io.File;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.interfaces.RSAPrivateKey;
|
||||
import java.util.*;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
@RequiredArgsConstructor
|
||||
public class TlsDecryptor {
|
||||
@@ -23,86 +30,65 @@ public class TlsDecryptor {
|
||||
|
||||
@SneakyThrows
|
||||
public void decryptTls() {
|
||||
List<List<Packet>> sides = PacketUtils.sliceToSides(packets);
|
||||
|
||||
File pemFile = new File(getClass().getClassLoader().getResource("tls.pem").getFile());
|
||||
File keyFile = new File(getClass().getClassLoader().getResource("tls.key").getFile());
|
||||
SSLContext context = SSLUtils.createContext(pemFile, keyFile, new TlsFakeSecureRandom());
|
||||
SSLEngine serverEngine = context.createSSLEngine();
|
||||
serverEngine.setUseClientMode(false);
|
||||
serverEngine.setNeedClientAuth(true);
|
||||
X509KeyManager keyManager = TlsUtils.createKeyManager(pemFile, keyFile);
|
||||
|
||||
ByteBuffer decodedServerBuf = ByteBuffer.allocate(1000);
|
||||
ByteBuffer tmp = ByteBuffer.allocate(50);
|
||||
ByteBuffer tmp2 = ByteBuffer.allocate(50000);
|
||||
// tmp.put((byte)1);
|
||||
X509Certificate[] certificateChain = keyManager.getCertificateChain("1");
|
||||
RSAPrivateKey privateKey = ((RSAPrivateKey) keyManager.getPrivateKey("1"));
|
||||
|
||||
unwrap(serverEngine, packets.get(0).getContent(), decodedServerBuf);
|
||||
wrap(serverEngine, tmp, tmp2);
|
||||
wrap(serverEngine, tmp, tmp2);
|
||||
wrap(serverEngine, tmp, tmp2);
|
||||
unwrap(serverEngine, packets.get(2).getContent(), decodedServerBuf);
|
||||
unwrap(serverEngine, packets.get(3).getContent(), decodedServerBuf);
|
||||
unwrap(serverEngine, packets.get(4).getContent(), decodedServerBuf);
|
||||
unwrap(serverEngine, packets.get(5).getContent(), decodedServerBuf);
|
||||
Map<Packet, List<TlsPacket.TlsHeader>> tlsPackets = packets.stream()
|
||||
.collect(Collectors.toMap(p -> p, this::createTlsHeaders));
|
||||
|
||||
ClientHelloHandshakeRecordContent clientHello = (ClientHelloHandshakeRecordContent)
|
||||
getHandshake(tlsPackets.values(), HandshakeType.CLIENT_HELLO).orElseThrow();
|
||||
ServerHelloHandshakeRecordContent serverHello = (ServerHelloHandshakeRecordContent)
|
||||
getHandshake(tlsPackets.values(), HandshakeType.SERVER_HELLO).orElseThrow();
|
||||
|
||||
byte[] clientRandom = clientHello.getRandom();
|
||||
byte[] serverRandom = serverHello.getRandom();
|
||||
|
||||
CipherSuite cipherSuite = serverHello.getCipherSuite();
|
||||
|
||||
if(cipherSuite.name().startsWith("TLS_RSA_")) {
|
||||
BasicRecordContent clientKeyExchange = (BasicRecordContent)
|
||||
getHandshake(tlsPackets.values(), HandshakeType.CLIENT_KEY_EXCHANGE).orElseThrow();
|
||||
|
||||
byte[] encryptedPreMaster = TlsKeyUtils.getClientRsaPreMaster(clientKeyExchange.getContent(), 0);
|
||||
|
||||
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
|
||||
cipher.init(Cipher.DECRYPT_MODE, privateKey);
|
||||
byte[] preMaster = cipher.doFinal(encryptedPreMaster);
|
||||
|
||||
System.out.println();
|
||||
}
|
||||
|
||||
@SneakyThrows
|
||||
private void unwrap(SSLEngine serverEngine, byte[] content, ByteBuffer buf) {
|
||||
SSLEngineResult unwrap = serverEngine.unwrap(ByteBuffer.wrap(content), buf);
|
||||
System.out.println("UNWRAP " + unwrap);
|
||||
Runnable delegatedTask = serverEngine.getDelegatedTask();
|
||||
if(delegatedTask != null) {
|
||||
delegatedTask.run();
|
||||
}
|
||||
|
||||
private Optional<HandshakeRecordContent> getHandshake(Collection<List<TlsPacket.TlsHeader>> packets,
|
||||
HandshakeType handshakeType) {
|
||||
return packets.stream()
|
||||
.flatMap(Collection::stream)
|
||||
.filter(p -> p.getContentType() == ContentType.HANDSHAKE)
|
||||
.map(p -> ((HandshakeRecord) p.getRecord()))
|
||||
.filter(r -> r.getHandshakeType() == handshakeType)
|
||||
.map(HandshakeRecord::getContent)
|
||||
.findFirst();
|
||||
}
|
||||
|
||||
@SneakyThrows
|
||||
private void wrap(SSLEngine serverEngine, ByteBuffer src, ByteBuffer dest) {
|
||||
SSLEngineResult wrap = serverEngine.wrap(src, dest);
|
||||
System.out.println("WRAP " + wrap);
|
||||
Runnable delegatedTask = serverEngine.getDelegatedTask();
|
||||
if(delegatedTask != null) {
|
||||
delegatedTask.run();
|
||||
}
|
||||
}
|
||||
|
||||
private static class TlsFakeSecureRandom extends SecureRandom {
|
||||
|
||||
/*
|
||||
state 0 - engineInit(SSLContextImpl.java:117)
|
||||
stage 1 - SessionId.<init> -> RandomCookie
|
||||
stage 2 - server random (ServerHello.java:575)
|
||||
stage 3 - XDHKeyPairGenerator.generateKeyPair -> XECOperations.generatePrivate
|
||||
*/
|
||||
|
||||
private int state = 0;
|
||||
|
||||
@Override
|
||||
public void nextBytes(byte[] bytes) {
|
||||
System.out.println("STATE " + state);
|
||||
StackWalker.getInstance().forEach(System.out::println);
|
||||
System.out.println("-----------------");
|
||||
|
||||
switch (state) {
|
||||
case 0 -> Arrays.fill(bytes, (byte) 0);
|
||||
case 1, 2, 3 -> System.arraycopy(getFakeBytes(), 0, bytes, 0, bytes.length);
|
||||
}
|
||||
|
||||
state++;
|
||||
}
|
||||
|
||||
private byte[] getFakeBytes() {
|
||||
return switch (state) {
|
||||
case 1 -> Hex.decode("0ab8b3409555d3d658b1844f52dfc0116467c4b9088d1deb504f3935c10de893");
|
||||
case 2 -> Hex.decode("b5474b785c5e9bbadf2b0cd136e9aaf8bc2d89583ef96c479b531b94808349cc");
|
||||
case 3 -> Hex.decode("801d96be72cbbd2f4e33b5ec7e5e0b073636269e42c17d1d8996fdd28c9f7230");
|
||||
default -> throw new IllegalStateException("Unexpected value: " + state);
|
||||
};
|
||||
private List<TlsPacket.TlsHeader> createTlsHeaders(Packet p) {
|
||||
List<TlsPacket.TlsHeader> headers = new ArrayList<>();
|
||||
TlsPacket tlsPacket = TlsPacket.newPacket(p.getContent(), 0, p.getContent().length);
|
||||
|
||||
headers.add(tlsPacket.getHeader());
|
||||
|
||||
while (tlsPacket.getPayload() != null) {
|
||||
tlsPacket = (TlsPacket) tlsPacket.getPayload();
|
||||
headers.add(tlsPacket.getHeader());
|
||||
}
|
||||
|
||||
return headers;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -120,6 +120,18 @@ public class TlsPacket extends AbstractPacket {
|
||||
}
|
||||
}
|
||||
|
||||
public ContentType getContentType() {
|
||||
return contentType;
|
||||
}
|
||||
|
||||
public TlsVersion getVersion() {
|
||||
return version;
|
||||
}
|
||||
|
||||
public TlsRecord getRecord() {
|
||||
return record;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected List<byte[]> getRawFields() {
|
||||
List<byte[]> rawFields = new ArrayList<>();
|
||||
|
||||
@@ -1,26 +1,22 @@
|
||||
package ru.serega6531.packmate.service.optimization.tls.keys;
|
||||
|
||||
import ru.serega6531.packmate.service.optimization.tls.keys.enums.SignatureHashAlgorithmHash;
|
||||
import ru.serega6531.packmate.service.optimization.tls.keys.enums.SignatureHashAlgorithmSignature;
|
||||
import ru.serega6531.packmate.service.optimization.tls.keys.enums.SignatureScheme;
|
||||
|
||||
public class DhClientParams {
|
||||
|
||||
private final byte[] p;
|
||||
private final byte[] g;
|
||||
private final byte[] pubkey;
|
||||
private final SignatureHashAlgorithmHash signatureHashAlgorithmHash;
|
||||
private final SignatureHashAlgorithmSignature signatureHashAlgorithmSignature;
|
||||
private final SignatureScheme signatureScheme;
|
||||
private final byte[] signature;
|
||||
|
||||
public DhClientParams(byte[] p, byte[] g, byte[] pubkey,
|
||||
SignatureHashAlgorithmHash signatureHashAlgorithmHash,
|
||||
SignatureHashAlgorithmSignature signatureHashAlgorithmSignature,
|
||||
SignatureScheme signatureScheme,
|
||||
byte[] signature) {
|
||||
this.p = p;
|
||||
this.g = g;
|
||||
this.pubkey = pubkey;
|
||||
this.signatureHashAlgorithmHash = signatureHashAlgorithmHash;
|
||||
this.signatureHashAlgorithmSignature = signatureHashAlgorithmSignature;
|
||||
this.signatureScheme = signatureScheme;
|
||||
this.signature = signature;
|
||||
}
|
||||
|
||||
@@ -36,12 +32,8 @@ public class DhClientParams {
|
||||
return pubkey;
|
||||
}
|
||||
|
||||
public SignatureHashAlgorithmHash getSignatureHashAlgorithmHash() {
|
||||
return signatureHashAlgorithmHash;
|
||||
}
|
||||
|
||||
public SignatureHashAlgorithmSignature getSignatureHashAlgorithmSignature() {
|
||||
return signatureHashAlgorithmSignature;
|
||||
public SignatureScheme getSignatureScheme() {
|
||||
return signatureScheme;
|
||||
}
|
||||
|
||||
public byte[] getSignature() {
|
||||
|
||||
@@ -2,27 +2,23 @@ package ru.serega6531.packmate.service.optimization.tls.keys;
|
||||
|
||||
import ru.serega6531.packmate.service.optimization.tls.keys.enums.CurveType;
|
||||
import ru.serega6531.packmate.service.optimization.tls.keys.enums.NamedCurve;
|
||||
import ru.serega6531.packmate.service.optimization.tls.keys.enums.SignatureHashAlgorithmHash;
|
||||
import ru.serega6531.packmate.service.optimization.tls.keys.enums.SignatureHashAlgorithmSignature;
|
||||
import ru.serega6531.packmate.service.optimization.tls.keys.enums.SignatureScheme;
|
||||
|
||||
public class EcdheServerParams {
|
||||
|
||||
private final CurveType curveType;
|
||||
private final NamedCurve namedCurve;
|
||||
private final byte[] pubkey;
|
||||
private final SignatureHashAlgorithmHash signatureHashAlgorithmHash;
|
||||
private final SignatureHashAlgorithmSignature signatureHashAlgorithmSignature;
|
||||
private final SignatureScheme signatureScheme;
|
||||
private final byte[] signature;
|
||||
|
||||
public EcdheServerParams(CurveType curveType, NamedCurve namedCurve, byte[] pubkey,
|
||||
SignatureHashAlgorithmHash signatureHashAlgorithmHash,
|
||||
SignatureHashAlgorithmSignature signatureHashAlgorithmSignature,
|
||||
SignatureScheme signatureScheme,
|
||||
byte[] signature) {
|
||||
this.curveType = curveType;
|
||||
this.namedCurve = namedCurve;
|
||||
this.pubkey = pubkey;
|
||||
this.signatureHashAlgorithmHash = signatureHashAlgorithmHash;
|
||||
this.signatureHashAlgorithmSignature = signatureHashAlgorithmSignature;
|
||||
this.signatureScheme = signatureScheme;
|
||||
this.signature = signature;
|
||||
}
|
||||
|
||||
@@ -38,12 +34,8 @@ public class EcdheServerParams {
|
||||
return pubkey;
|
||||
}
|
||||
|
||||
public SignatureHashAlgorithmHash getSignatureHashAlgorithmHash() {
|
||||
return signatureHashAlgorithmHash;
|
||||
}
|
||||
|
||||
public SignatureHashAlgorithmSignature getSignatureHashAlgorithmSignature() {
|
||||
return signatureHashAlgorithmSignature;
|
||||
public SignatureScheme getSignatureScheme() {
|
||||
return signatureScheme;
|
||||
}
|
||||
|
||||
public byte[] getSignature() {
|
||||
|
||||
@@ -1,22 +0,0 @@
|
||||
package ru.serega6531.packmate.service.optimization.tls.keys;
|
||||
|
||||
import ru.serega6531.packmate.service.optimization.tls.numbers.TlsVersion;
|
||||
|
||||
public class RsaServerParams {
|
||||
|
||||
private final TlsVersion version;
|
||||
private final byte[] encryptedPreMasterSecret;
|
||||
|
||||
public RsaServerParams(TlsVersion version, byte[] encryptedPreMasterSecret) {
|
||||
this.version = version;
|
||||
this.encryptedPreMasterSecret = encryptedPreMasterSecret;
|
||||
}
|
||||
|
||||
public TlsVersion getVersion() {
|
||||
return version;
|
||||
}
|
||||
|
||||
public byte[] getEncryptedPreMasterSecret() {
|
||||
return encryptedPreMasterSecret;
|
||||
}
|
||||
}
|
||||
@@ -2,9 +2,7 @@ package ru.serega6531.packmate.service.optimization.tls.keys;
|
||||
|
||||
import ru.serega6531.packmate.service.optimization.tls.keys.enums.CurveType;
|
||||
import ru.serega6531.packmate.service.optimization.tls.keys.enums.NamedCurve;
|
||||
import ru.serega6531.packmate.service.optimization.tls.keys.enums.SignatureHashAlgorithmHash;
|
||||
import ru.serega6531.packmate.service.optimization.tls.keys.enums.SignatureHashAlgorithmSignature;
|
||||
import ru.serega6531.packmate.service.optimization.tls.numbers.TlsVersion;
|
||||
import ru.serega6531.packmate.service.optimization.tls.keys.enums.SignatureScheme;
|
||||
|
||||
import java.nio.ByteBuffer;
|
||||
|
||||
@@ -31,13 +29,10 @@ public final class TlsKeyUtils {
|
||||
byte[] pubKey = new byte[pubKeyLength]; // aka Ys
|
||||
bb.get(pubKey);
|
||||
|
||||
SignatureHashAlgorithmHash signatureHashAlgorithmHash =
|
||||
SignatureHashAlgorithmHash.findByValue(bb.getShort());
|
||||
SignatureHashAlgorithmSignature signatureHashAlgorithmSignature =
|
||||
SignatureHashAlgorithmSignature.findByValue(bb.getShort());
|
||||
SignatureScheme signatureScheme = SignatureScheme.findByValue(bb.getShort());
|
||||
|
||||
if (signatureHashAlgorithmHash == null || signatureHashAlgorithmSignature == null) {
|
||||
throw new IllegalArgumentException("Unknown signature data");
|
||||
if (signatureScheme == null) {
|
||||
throw new IllegalArgumentException("Unknown signature scheme");
|
||||
}
|
||||
|
||||
short signatureLength = bb.getShort();
|
||||
@@ -45,7 +40,7 @@ public final class TlsKeyUtils {
|
||||
|
||||
bb.get(signature);
|
||||
|
||||
return new DhClientParams(p, g, pubKey, signatureHashAlgorithmHash, signatureHashAlgorithmSignature, signature);
|
||||
return new DhClientParams(p, g, pubKey, signatureScheme, signature);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -70,13 +65,10 @@ public final class TlsKeyUtils {
|
||||
byte[] pubkey = new byte[pubkeyLength];
|
||||
bb.get(pubkey);
|
||||
|
||||
SignatureHashAlgorithmHash signatureHashAlgorithmHash =
|
||||
SignatureHashAlgorithmHash.findByValue(bb.getShort());
|
||||
SignatureHashAlgorithmSignature signatureHashAlgorithmSignature =
|
||||
SignatureHashAlgorithmSignature.findByValue(bb.getShort());
|
||||
SignatureScheme signatureScheme = SignatureScheme.findByValue(bb.getShort());
|
||||
|
||||
if (signatureHashAlgorithmHash == null || signatureHashAlgorithmSignature == null) {
|
||||
throw new IllegalArgumentException("Unknown signature data");
|
||||
if (signatureScheme == null) {
|
||||
throw new IllegalArgumentException("Unknown signature scheme");
|
||||
}
|
||||
|
||||
short signatureLength = bb.getShort();
|
||||
@@ -84,8 +76,7 @@ public final class TlsKeyUtils {
|
||||
|
||||
bb.get(signature);
|
||||
|
||||
return new EcdheServerParams(curveType, namedCurve, pubkey,
|
||||
signatureHashAlgorithmHash, signatureHashAlgorithmSignature, signature);
|
||||
return new EcdheServerParams(curveType, namedCurve, pubkey, signatureScheme, signature);
|
||||
}
|
||||
|
||||
// https://ldapwiki.com/wiki/ClientKeyExchange
|
||||
@@ -104,14 +95,14 @@ public final class TlsKeyUtils {
|
||||
return pubkey;
|
||||
}
|
||||
|
||||
public static RsaServerParams parseClientRsa(byte[] rawData, int offset) {
|
||||
public static byte[] getClientRsaPreMaster(byte[] rawData, int offset) {
|
||||
ByteBuffer bb = ByteBuffer.wrap(rawData).position(offset);
|
||||
|
||||
TlsVersion version = TlsVersion.getInstance(bb.getShort());
|
||||
byte[] encryptedPreMasterSecret = new byte[46];
|
||||
bb.get(encryptedPreMasterSecret);
|
||||
int length = bb.getShort();
|
||||
byte[] encryptedPreMaster = new byte[length];
|
||||
bb.get(encryptedPreMaster);
|
||||
|
||||
return new RsaServerParams(version, encryptedPreMasterSecret);
|
||||
return encryptedPreMaster;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -5,7 +5,33 @@ import java.util.Map;
|
||||
|
||||
public enum NamedCurve {
|
||||
|
||||
SECP256R1((short) 0x0017);
|
||||
SECT163K1((short) 1),
|
||||
SECT163R1((short) 2),
|
||||
SECT163R2((short) 3),
|
||||
SECT193R1((short) 4),
|
||||
SECT193R2((short) 5),
|
||||
SECT233K1((short) 6),
|
||||
SECT233R1((short) 7),
|
||||
SECT239K1((short) 8),
|
||||
SECT283K1((short) 9),
|
||||
SECT283R1((short) 10),
|
||||
SECT409K1((short) 11),
|
||||
SECT409R1((short) 12),
|
||||
SECT571K1((short) 13),
|
||||
SECT571R1((short) 14),
|
||||
SECP160K1((short) 15),
|
||||
SECP160R1((short) 16),
|
||||
SECP160R2((short) 17),
|
||||
SECP192K1((short) 18),
|
||||
SECP192R1((short) 19),
|
||||
SECP224K1((short) 20),
|
||||
SECP224R1((short) 21),
|
||||
SECP256K1((short) 22),
|
||||
SECP256R1((short) 23),
|
||||
SECP384R1((short) 24),
|
||||
SECP521R1((short) 25),
|
||||
X25519((short) 29),
|
||||
X448((short) 30);
|
||||
|
||||
private final short value;
|
||||
|
||||
|
||||
@@ -1,33 +0,0 @@
|
||||
package ru.serega6531.packmate.service.optimization.tls.keys.enums;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
public enum SignatureHashAlgorithmHash {
|
||||
|
||||
SHA256((byte) 4),
|
||||
SHA512((byte) 6);
|
||||
|
||||
private final byte value;
|
||||
|
||||
private static final Map<Byte, SignatureHashAlgorithmHash> map = new HashMap<>();
|
||||
|
||||
SignatureHashAlgorithmHash(byte value) {
|
||||
this.value = value;
|
||||
}
|
||||
|
||||
static {
|
||||
for (SignatureHashAlgorithmHash curve : values()) {
|
||||
map.put(curve.getValue(), curve);
|
||||
}
|
||||
}
|
||||
|
||||
public byte getValue() {
|
||||
return value;
|
||||
}
|
||||
|
||||
public static SignatureHashAlgorithmHash findByValue(short value) {
|
||||
return map.get(value);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,33 +0,0 @@
|
||||
package ru.serega6531.packmate.service.optimization.tls.keys.enums;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
public enum SignatureHashAlgorithmSignature {
|
||||
|
||||
RSA((byte) 1),
|
||||
ECDSA((byte) 3);
|
||||
|
||||
private final byte value;
|
||||
|
||||
private static final Map<Byte, SignatureHashAlgorithmSignature> map = new HashMap<>();
|
||||
|
||||
SignatureHashAlgorithmSignature(byte value) {
|
||||
this.value = value;
|
||||
}
|
||||
|
||||
static {
|
||||
for (SignatureHashAlgorithmSignature curve : values()) {
|
||||
map.put(curve.getValue(), curve);
|
||||
}
|
||||
}
|
||||
|
||||
public byte getValue() {
|
||||
return value;
|
||||
}
|
||||
|
||||
public static SignatureHashAlgorithmSignature findByValue(short value) {
|
||||
return map.get(value);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,58 @@
|
||||
package ru.serega6531.packmate.service.optimization.tls.keys.enums;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
public enum SignatureScheme {
|
||||
|
||||
/* RSASSA-PKCS1-v1_5 algorithms */
|
||||
RSA_PKCS1_SHA256((short) 0x0401),
|
||||
RSA_PKCS1_SHA384((short) 0x0501),
|
||||
RSA_PKCS1_SHA512((short) 0x0601),
|
||||
|
||||
/* ECDSA algorithms */
|
||||
ECDSA_SECP256R1_SHA256((short) 0x0403),
|
||||
ECDSA_SECP384R1_SHA384((short) 0x0503),
|
||||
ECDSA_SECP521R1_SHA512((short) 0x0603),
|
||||
|
||||
/* RSASSA-PSS algorithms with public key OID RSAEncryption */
|
||||
RSA_PSS_RSAE_SHA256((short) 0x0804),
|
||||
RSA_PSS_RSAE_SHA384((short) 0x0805),
|
||||
RSA_PSS_RSAE_SHA512((short) 0x0806),
|
||||
|
||||
/* EDDSA algorithms */
|
||||
ED25519((short) 0x0807),
|
||||
ED448((short) 0x0808),
|
||||
|
||||
/* RSASSA-PSS algorithms with public key OID RSASSA-PSS */
|
||||
RSA_PSS_PSS_SHA256((short) 0x0809),
|
||||
RSA_PSS_PSS_SHA384((short) 0x080a),
|
||||
RSA_PSS_PSS_SHA512((short) 0x080b),
|
||||
|
||||
/* Legacy algorithms */
|
||||
RSA_PKCS1_SHA1((short) 0x0201),
|
||||
ECDSA_SHA1((short) 0x0203);
|
||||
|
||||
private final short value;
|
||||
|
||||
private static final Map<Short, SignatureScheme> map = new HashMap<>();
|
||||
|
||||
SignatureScheme(short value) {
|
||||
this.value = value;
|
||||
}
|
||||
|
||||
static {
|
||||
for (SignatureScheme curve : values()) {
|
||||
map.put(curve.getValue(), curve);
|
||||
}
|
||||
}
|
||||
|
||||
public short getValue() {
|
||||
return value;
|
||||
}
|
||||
|
||||
public static SignatureScheme findByValue(short value) {
|
||||
return map.get(value);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -56,6 +56,14 @@ public class HandshakeRecord implements TlsRecord {
|
||||
}
|
||||
}
|
||||
|
||||
public HandshakeType getHandshakeType() {
|
||||
return handshakeType;
|
||||
}
|
||||
|
||||
public HandshakeRecordContent getContent() {
|
||||
return content;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return " Handshake length: " + handshakeLength + "\n" +
|
||||
|
||||
@@ -25,6 +25,10 @@ public class BasicRecordContent implements HandshakeRecordContent {
|
||||
}
|
||||
}
|
||||
|
||||
public byte[] getContent() {
|
||||
return content;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return " [" + content.length + " bytes]";
|
||||
|
||||
@@ -55,6 +55,22 @@ public abstract class HelloHandshakeRecordContent implements HandshakeRecordCont
|
||||
}
|
||||
}
|
||||
|
||||
public TlsVersion getVersion() {
|
||||
return version;
|
||||
}
|
||||
|
||||
public byte[] getRandom() {
|
||||
return random;
|
||||
}
|
||||
|
||||
public byte[] getSessionId() {
|
||||
return sessionId;
|
||||
}
|
||||
|
||||
public List<TlsExtension> getExtensions() {
|
||||
return extensions;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return " TLS version: " + version + "\n" +
|
||||
|
||||
@@ -46,6 +46,14 @@ public class ServerHelloHandshakeRecordContent extends HelloHandshakeRecordConte
|
||||
readExtensions(rawData, EXTENSIONS_OFFSET + sessionIdLength + offset, false);
|
||||
}
|
||||
|
||||
public CipherSuite getCipherSuite() {
|
||||
return cipherSuite;
|
||||
}
|
||||
|
||||
public CompressionMethod getCompressionMethod() {
|
||||
return compressionMethod;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return super.toString() + "\n" +
|
||||
|
||||
@@ -4,19 +4,17 @@ import com.google.common.base.Splitter;
|
||||
import lombok.SneakyThrows;
|
||||
|
||||
import javax.net.ssl.KeyManagerFactory;
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.TrustManagerFactory;
|
||||
import javax.net.ssl.X509KeyManager;
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.security.KeyStore;
|
||||
import java.security.SecureRandom;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkState;
|
||||
|
||||
public class SSLUtils {
|
||||
public class TlsUtils {
|
||||
|
||||
@SneakyThrows
|
||||
public static SSLContext createContext(File pemFile, File keyFile, SecureRandom random) {
|
||||
public static X509KeyManager createKeyManager(File pemFile, File keyFile) {
|
||||
final String pass = "abcdef";
|
||||
|
||||
File jksKeystoreFile = File.createTempFile("packmate_", ".jks");
|
||||
@@ -43,13 +41,7 @@ public class SSLUtils {
|
||||
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
||||
keyManagerFactory.init(keystore, pass.toCharArray());
|
||||
|
||||
SSLContext ret = SSLContext.getInstance("TLSv1.2");
|
||||
TrustManagerFactory factory = TrustManagerFactory.getInstance(
|
||||
TrustManagerFactory.getDefaultAlgorithm());
|
||||
factory.init(keystore);
|
||||
ret.init(keyManagerFactory.getKeyManagers(), factory.getTrustManagers(), random);
|
||||
|
||||
return ret;
|
||||
return (X509KeyManager) keyManagerFactory.getKeyManagers()[0];
|
||||
}
|
||||
|
||||
}
|
||||
File diff suppressed because one or more lines are too long
@@ -1,9 +1,12 @@
|
||||
in
|
||||
1603010200010001fc030363f4cc940241c2f8f5d873219ed7e87479e6e95da93b58f49b35256108c7eaa4200ab8b3409555d3d658b1844f52dfc0116467c4b9088d1deb504f3935c10de8930022dada130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001913a3a00000000000e000c0000096c6f63616c686f737400170000ff01000100000a000a00081a1a001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b00291a1a000100001d0020db6ec7b4c7e221efbefc2c50c9ff9f18196f64c455b90e1b64fe942f17628c39002d00020101002b000b0a0a0a0304030303020301001b00030200021a1a000100001500cf000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
|
||||
1603010200010001fc030390914f68516b81cac71084c9a782b26b48a6237b667a92f5eabf9f2ea57b72ce208e5729c1c73a88705ecb7fdac15b44afa2065bd5808f2c0cc727bbf6c94f388c00223a3a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001919a9a00000000000e000c0000096c6f63616c686f737400170000ff01000100000a000a0008dada001d00170018000b0002010000230078c01c25e4ccf646a429350378d91d86de0e68260e93144ba9806ba444d93c924bfb737394e915d1ffa572e28a7c5228776ca37e35127cde3970a4b0af3ed434fef7b4a625b109ab2e277654f0a1b1d79e2460556a328f110d59a44f5fa62226272a85939e58c46438c12484e96724d464397c51db52e1bd560010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029dada000100001d00205a7c204c5b777a37aa4508c900aa828e60840583dd7d737af1c21857d9bcf258002d00020101002b000b0a9a9a0304030303020301001b0003020002fafa00010000150057000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
|
||||
out
|
||||
160303007a020000760303b5474b785c5e9bbadf2b0cd136e9aaf8bc2d89583ef96c479b531b94808349cc200ab8b3409555d3d658b1844f52dfc0116467c4b9088d1deb504f3935c10de893130100002e002b0002030400330024001d0020801d96be72cbbd2f4e33b5ec7e5e0b073636269e42c17d1d8996fdd28c9f72301403030001011703030020ec3ee8fb17f72e280f8da426abe1a33d9f90a55fbf5a661350fbd1c1c1a0f632170303032b42eeddcbe378e531fe3ff17eb4a2f0479180650ee48380836211dc2972807094d9d966759a4e222ea65976179d4f35e56fa1f2784694dd3a20066c1629f0021066c3c16dcff4e0eb374daffc765bb762dce06b21661b9869aef570b33ca6feb5ae10c6f3b8d7fef7d23cc3639dc09c6f5a6bdb21c724104b781f202f16210f26cc3ffb35012191ac6da0d0dc2d6c97a825aef658143c165d0621d6e2cf1238edf1a10dd75591b52fa74b38f91fc3c6fb0d011336aa092781c4abe3c53b55e5d103dd291a17fd7ca06516faea3f0b76bc3144616ffcc1d3615752c3b12819eff9830fec7c44948d17cab2e692a020285f4a89c8b397646016559fd8b028c8875970421b9b0340eb2531fdbf471e1a788ea73bb42a1a63e3279e7cf2940297aa2a51daf49a7c451ced900f928092c8fac75c772d0951be31a7143b44db651332e7ba8e8c0d0ac0172705bed8de0a48f71f5345a5c98910416266e2bf96c66ad8ab79a252dc89172c00bbb66f22f74c32127138f56e94c573c07561b4db5fe12af62820aa0c6dd3dd8c62fd55dba30f317152f9a8238f5114373a8f233992c25a4e16612014b50ec59b81c2957eb0fd44beddcc036873d9193b0daa518de00c506a46c76499700fe6c8175c9ba56b4c42d390c3415e74bf3b04a762c004e9549571670f0a226e77d2a73b60f7302ca69065ab5e2e4c972f96f596ccb1e734fa2c1a15076c2536a84c8394d7bb3c9b9db44b342be05e93301499611078095b4c5da6171b211ceb6ecc4889a9d0af97936bc2a135a8aff5b7851b874b74210b0ebb2e25f9f780d2d868b68113f96daeaee0cf3dba9ca9416c80d37d00498895a9bf700153c30efc838b36040f2a5ba3c518af7ea50479975d61863de8ec29aaabda9f62c087b59219d63eda1f54bec28ae34dfcfd19e45166c097c419215c2d836101b0cd4ee06dfc4f42c9d7fadbb59af33d59041ef18df9670eb1472fe67fdcc712812ff874ca9c921b5a1a7daba389669c5d916ee5409d392faf6af03c36c42120fa0d37e418ab9e50f19aa141e6809b36b77e0b92660edeee2086fb72e6e79e47ceca17fb98f137a1b20d75b76dd640b5f3a13fef7069c6d3d58f2c26bdf5800e4e3ab5a9553224257fcee7170303011998f724838a24b8c7c785228a59d9de487f121ea2546c9e328f6af05497a6534a5d899ffa33931a19718b0f13f0d69d1cc46ee6b4a46555637a1fd7fc1626ba247869f3ff0afc65ef9dd2c111f0605ac15950d8c0a55604d1b4acea04d288f01c5baa1ee4211a5ad5f28e007b9607f7d1f7894fb367a47b5ac776f6ab146046d5f187dc521253536a23885c6919bd0650613f0d9b35c9a45fde3cd81c86c88ccdbc42beb36e666d726f55f16a293295dd3c9ea91ce93ad69248c0488ea1946022f52184ef31fc8ad55ac5bde1add744c1c03d0361d636c929b3c6e84d9fbf027647cee28e3a1db2870ab7fdb4b059745b677aec66e8798dfdb9790231562b46ceec478ec9e1cb1d22c6a038a4e9ce295a9f77a3bb0803cec3a91703030035d288fffb76adea324fe965bbab064300e1f1ef39512a1627029c5d2d2dff890d73f8b1d751b813f6a4d6220123323d173a8c2a3de31703030093f3fdf993d25b149eb103c99d4f1556fbe55127ff8f5c9846f181c180033ffa063235e2b77a951a80ab10866c756cd575f7fad5fefb281585730832983ddd76d55a15f9e67d592ca90372df949afa715bd5d8d941bef2ddc9640dd296a4056b9d26d6fe51c587bdf6a3997f492d37a7664f5ecf299fd2eac21de93cfc38318cb0473d7a0b37680158b0e85bd1954da27ab51f62
|
||||
160303003b0200003703035df3f3659516e0a7a76a6035ebd0382abac1680d30bf46fb84d8e896763bc76c00003500000f00230000ff01000100000b0002010016030303170b00031300031000030d30820309308201f1a00302010202143fc1b471b9156b97b95cc7e19b47b08bd14a9958300d06092a864886f70d01010b050030143112301006035504030c096c6f63616c686f7374301e170d3230303431373133323132355a170d3231303431373133323132355a30143112301006035504030c096c6f63616c686f737430820122300d06092a864886f70d01010105000382010f003082010a0282010100d624eeb9a26ff92cc034f30f54937ea1e2e910ed0b7c9dba5b787cf1a2b978946c1604048400498360d51c18ed02c6094e13ddc5f413cd1a7eaa563f18a69de471318ecec5dc16b774c11a576d2c1bca79e6a930988a088bcc889d6ac7d4ac6ba5e2cd5f55915d910652a76639a44531ab518a7008025708ccc960b57611aabd3700e69b34268491a00f8dcecfc17931e54e6f14bd3f5e0fd111f1199854e8b579d709fdeced8f5095c9dab95f6ed0366c0bbaab00c2adfc236ee796ad4d5394a1a83435e9b83c218fdc2e5e10241ed255bacb7f7749eca6398bb0cd128614889191c03259b7ec1c64bb454b38f4727d01b8453a3343d8825508b904dea2c5190203010001a3533051301d0603551d0e04160414da78a59601d5fd5c44d117f9b1594d6c4a20b3c7301f0603551d23041830168014da78a59601d5fd5c44d117f9b1594d6c4a20b3c7300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100836f3b5cbedc0644f75a5478331a1c83693b92105f85419353963d1db65cb15f37be48d8e90db3461b41d64c0d04efca3ce13ef9350f80ef5c2fac01935419212c54cc497502f37164ea94a9952e6d128ccde033a1517e22d911c625eb41ef3445563722312975a8ea04a39e120ea7dffe423a1dd49ef71d1da16c9db0aca527c051850ef49d2cea12cf1c825549aa847cef69796d88f6f52eec79f333c6ef6b0c33722155d2fe43aceebfd936db7e218261db1e6ec643d50033b16bb62931668c65a8a435d671dfa1ee878a4c662f46d48453f83f20cb6d1fa1eb4ff375b69069bfd186ec52d1b080a01337298009af7d1edab60e55519c1bc405cbc4a4a38f16030300040e000000
|
||||
in
|
||||
140303000101170303003522332775a6617895c810ddad7f99ecc7d16ce79eec84cfaf1ff96933e7c9d50a2c44cb430f4483e77df7c62e3167e5936b5e8fae34
|
||||
1703030057a6cbca0de9d81daa74309ed33a8d7b739f90adf1fd434d9115f162bac1ba6ba1ddafc6e5ef4d1f5dbb531d6d0f160e77205e3a73a5a174318180e4c5595cdffe7dab9d01f3f559d08f2c1f04ff6e9e214078df21fecb17
|
||||
17030301ade0ee7e00d876bfdc3b1af18e83fd12edfb00bb8913544269212ffdfec774a3738b975da716351ccc311aec12deef57c327bc7b05b4c64cb471f117a3a0c672e48ad36ca79c689580a7e039d9b6d38a4fa9c6812fb3439d6815edc4fb3d9819f7a8a4ccccfffefddd7168fd436f9a0181420157563230f9e66cce28373c467abba43b286bff548d9e100cead7bc6dd3e3c1d9054dc32016705c64bece7f14bfc34d710ba133ca430b3119437892950ac24151b3d27485db401c9d7ddeca1d22a37c3938de2e5e63ebda1203a2c7ddefaff7103e6fce89f0ef6c4a372733def21ca525fa2812792b8f61d6f72301a7c333092a54bdea527cf3e9cdf1a1659b6c687502fb975d37e58238f2f1e5b5deaadde43dd7ce5af14b5a86271c1a2ccd66d434a03f6f81c1bfaa0ae78359d1d105fe03899a94c3f40484d0d3c8f18221434dad2a6547c012f3e36eb0006d631bceba4e0e6b088a96f0e8dbc4b6adced3e50b24515f977fe92665ae9b1cf3b119174f8ecbc3499d8bb3501e9a494d4deb16f503444132350f0ed4a6568b4dc85b9a548dd3072a7af501390f68bccffab2839918038c648e8420d4d73d3ec8e0
|
||||
170303001ab26d3805e7ecc6915b08c0dd1118021eda932dea1a38d7cfcbfc
|
||||
16030301061000010201000ffb67c0fefca6b44b535dad72c4c965c0fc2655979f67a304fd98ef726f59fb87819cf2709088ce1a799e1c1f87ddb20b12cc14d8a8aedec951d8edba0e808353bfde5f4bac74f74882126579837dee3d70e133270cf7ea241084ce346345d70e182acdeca51cb410cfe79d2e67f276718f5c03a86e2d0cfd6277eb1a89b2ee3307d63f24ea8c1f5755f7af0e0e3fefd970ff43fcdec757e0105385cfc87ad2db84337c7d4b709d21c63aea8d885b633a059069dd2189ceb9034eb9d4f50e01edc875795df4d2556457efdf8fc0c0442cd9d89644b1293cc0ec3b1d24f70679d85d15842c03f3c75ab87b5625d3ab8bdf1f2664de38f5f2dc4c5471b0cc386c14030300010116030300401a929cecb3d0a62e0923885c7cea8441b708953e76ff1238d576264a88920be543d83254acb9e61412e3e94b911c77f5ef4488235fd8a7bcbc16f3dc43f7a5ad
|
||||
out
|
||||
16030300820400007e000000000078a83cd59dc5514c4efe5904a808c9d6ff4fcd94c1d8378aeb4bb93bb7edd96bfc96c2a595ad2f57c0cf8ffeb46a13da593c54796dec82340ae9ab854565c13237c689fe3fa7d66d9989c2bcb1375b48cc68f2129cb781ab211356170a0b99c7751d3a658a5a5b35900ebb52ac19460c19ed03196c78d15c9814030300010116030300407e8b678bb57f29ef50352e831c7af45cf963359347e3be4fc8caae3066495edef04af59d1958ca66b9c255b71fd3c2efb0e5b24c290be1baec3880aacde08671
|
||||
in
|
||||
17030302b00ac07f953e2f4e10a46082de38b31b9a45e70f008e545d48da877ce854238fe9b5f32dfde15b51c1e0c92410a169bb015287d92771ca2f8e64bcaec6da2ee03e793298a8f67ff5892e228dcac6d0d5c7e76e2ee98aaf394bd728a8d791b082bd05b6f4dce8d9d78e29fcf201c54d1cc721e7cfeeb3d9e0ee1d09acf03f6cd39a4a9581fa2cc01e81482daf39988f6ac451eaec4556827d8e928ddb5e761f5b005bacde9c129db4d0ae068063ae6cf24775a57c37438275a6dfab4621436617b3a197a958d01c60c6db21fec6f0ffd19a66bba730f3f91da0dd99407d17a03a9a0dcc6cac6bd89e1ad3e47b0e52f4c6e21b603d7843ef852526e597ef07a045b7c5ec9b2468e11a465e32b4349b17d2ac90c683d0fd510f81c53879679da22355eb4fae89574843941e3993e530ce956efc3b50807fa687912a4c3b5a087a926a41c49993c8da60f7873a41186eae562e8a9ec7367e6808f4cc83f5e67b0fc79e2efc4e5b734a519f2aa7b3dfb89dd848c0da255d3f20f6d169e8566788c38ef54b543ae41073123d44474e514b883f956ee1330792cab686db3e95363123dfa0b4246e139a365784d56c5bbd6db9a8099c5117487b8b1c313741921784c4b399be18a59bd98d729f9d048ecf2f0dae6c782a2d6ed8b45dfe5f47388d8da99b213e26a6a284ff1758ada6bdddbb991b62b410415bd38f823f57f83dafaa177ac86e68bfc17de4d7cf4333bf5098947913072491e9c3341ae1b95c8710b90a3dafc55f0643e8d240dd79259958c115b15520a98cdf7a43b3a7c6647aadf417bdacb2e7560763cdfa827ad5ce6846d267af4730dd221c9ac1e4adb6f47648af732bd88ecc6da2c13e0bd6881ee16fcc34830928737a52614fc80b6ceb7dd5dfffe95c377a999eb3505a9b82c13ae4da71d21bbb33583b12663364a3538c77df683adc78936ba525dd7c0e2fa662e505a2df
|
||||
out
|
||||
170303011072181c58ad94344f833a3c6517232928ff5614ef47044478a71d54c4de8a6e9edc2d0808128d6b6440230c6cfecc653e3e02536f9bd7bcae8cb0668627147ba3b548725a3549dc31a5b69cb15654e692610d8472be09c083d47a7ef0dd4ea464845e62c9fd2b88def3c3feb2367309c4d2440d7bd3d89b26ae67c947c9887257462bc7f5e5088bbe15b132fe01e5eabc8cd60ae31db08046d5b0dbc4ac1705c93b7c74ce741d4e52a5c8591e214877f38bc0b9216a4bd8527ff10878b5f8cec4d37427c021fad6de75f643e6b83466a5833493e6bab8e07e5b6e73ad3b8a3171ddd1dc91a709476eb90d40e1994c3b7d2d8ddde97c23fff4fbb34435d90bd68f8f6b645c80e9bd5d0dba6d36ecf2d420
|
||||
Reference in New Issue
Block a user