From 9395c1c9a24e1ed8b2de219e17fc7d6eac4a5864 Mon Sep 17 00:00:00 2001 From: serega6531 Date: Fri, 17 Apr 2020 20:46:28 +0300 Subject: [PATCH] =?UTF-8?q?=D0=A0=D0=B0=D0=B1=D0=BE=D1=82=D0=B0=20=D0=BD?= =?UTF-8?q?=D0=B0=D0=B4=20=D1=80=D0=B0=D1=81=D1=88=D0=B8=D1=84=D1=80=D0=BE?= =?UTF-8?q?=D0=B2=D0=BA=D0=BE=D0=B9=20TLS?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../service/optimization/TlsDecryptor.java | 38 +++++++++++++ .../optimization/WebSocketsParser.java | 27 +--------- .../packmate/utils/PacketUtils.java | 26 +++++++++ .../serega6531/packmate/utils/SSLUtils.java | 54 +++++++++++++++++++ .../packmate/PackmateDumpFileLoader.java | 38 +++++++++++++ .../serega6531/packmate/TlsDecryptorTest.java | 20 +++++++ src/test/resources/tls.key | 28 ++++++++++ src/test/resources/tls.pem | 19 +++++++ src/test/resources/tls.pkmt | 7 +++ 9 files changed, 231 insertions(+), 26 deletions(-) create mode 100644 src/main/java/ru/serega6531/packmate/service/optimization/TlsDecryptor.java create mode 100644 src/main/java/ru/serega6531/packmate/utils/SSLUtils.java create mode 100644 src/test/java/ru/serega6531/packmate/PackmateDumpFileLoader.java create mode 100644 src/test/java/ru/serega6531/packmate/TlsDecryptorTest.java create mode 100644 src/test/resources/tls.key create mode 100644 src/test/resources/tls.pem create mode 100644 src/test/resources/tls.pkmt diff --git a/src/main/java/ru/serega6531/packmate/service/optimization/TlsDecryptor.java b/src/main/java/ru/serega6531/packmate/service/optimization/TlsDecryptor.java new file mode 100644 index 0000000..62fdb43 --- /dev/null +++ b/src/main/java/ru/serega6531/packmate/service/optimization/TlsDecryptor.java @@ -0,0 +1,38 @@ +package ru.serega6531.packmate.service.optimization; + +import lombok.RequiredArgsConstructor; +import lombok.SneakyThrows; +import ru.serega6531.packmate.model.Packet; +import ru.serega6531.packmate.utils.PacketUtils; +import ru.serega6531.packmate.utils.SSLUtils; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLEngineResult; +import java.io.File; +import java.nio.ByteBuffer; +import java.util.List; + +@RequiredArgsConstructor +public class TlsDecryptor { + + private final List packets; + + @SneakyThrows + public void decryptTls() { + List> sides = PacketUtils.sliceToSides(packets); + + File pemFile = new File(getClass().getClassLoader().getResource("tls.pem").getFile()); + File keyFile = new File(getClass().getClassLoader().getResource("tls.key").getFile()); + SSLContext context = SSLUtils.createContext(pemFile, keyFile); + SSLEngine serverEngine = context.createSSLEngine(); + serverEngine.setUseClientMode(false); + serverEngine.setNeedClientAuth(true); + + ByteBuffer decodedServerBuf = ByteBuffer.allocate(1000); + + SSLEngineResult unwrap = serverEngine.unwrap(ByteBuffer.wrap(packets.get(0).getContent()), decodedServerBuf); + System.out.println(); + } + +} diff --git a/src/main/java/ru/serega6531/packmate/service/optimization/WebSocketsParser.java b/src/main/java/ru/serega6531/packmate/service/optimization/WebSocketsParser.java index de38248..96f118b 100644 --- a/src/main/java/ru/serega6531/packmate/service/optimization/WebSocketsParser.java +++ b/src/main/java/ru/serega6531/packmate/service/optimization/WebSocketsParser.java @@ -104,7 +104,7 @@ public class WebSocketsParser { } private void parse(final List wsPackets, final List handshakes, Draft_6455 draft) { - List> sides = sliceToSides(wsPackets); + List> sides = PacketUtils.sliceToSides(wsPackets); parsedPackets = new ArrayList<>(handshakes); for (List side : sides) { @@ -149,31 +149,6 @@ public class WebSocketsParser { return parsedPackets; } - private List> sliceToSides(List packets) { - List> result = new ArrayList<>(); - List side = new ArrayList<>(); - boolean incoming = true; - - for (Packet packet : packets) { - if(packet.isIncoming() != incoming) { - incoming = packet.isIncoming(); - - if(!side.isEmpty()) { - result.add(side); - side = new ArrayList<>(); - } - } - - side.add(packet); - } - - if(!side.isEmpty()) { - result.add(side); - } - - return result; - } - private String getHandshake(final List packets) { final String handshake = PacketUtils.mergePackets(packets) .map(String::new) diff --git a/src/main/java/ru/serega6531/packmate/utils/PacketUtils.java b/src/main/java/ru/serega6531/packmate/utils/PacketUtils.java index 459e427..cd4a057 100644 --- a/src/main/java/ru/serega6531/packmate/utils/PacketUtils.java +++ b/src/main/java/ru/serega6531/packmate/utils/PacketUtils.java @@ -4,6 +4,7 @@ import lombok.experimental.UtilityClass; import org.apache.commons.lang3.ArrayUtils; import ru.serega6531.packmate.model.Packet; +import java.util.ArrayList; import java.util.List; import java.util.Optional; @@ -16,4 +17,29 @@ public class PacketUtils { .reduce(ArrayUtils::addAll); } + public List> sliceToSides(List packets) { + List> result = new ArrayList<>(); + List side = new ArrayList<>(); + boolean incoming = true; + + for (Packet packet : packets) { + if(packet.isIncoming() != incoming) { + incoming = packet.isIncoming(); + + if(!side.isEmpty()) { + result.add(side); + side = new ArrayList<>(); + } + } + + side.add(packet); + } + + if(!side.isEmpty()) { + result.add(side); + } + + return result; + } + } diff --git a/src/main/java/ru/serega6531/packmate/utils/SSLUtils.java b/src/main/java/ru/serega6531/packmate/utils/SSLUtils.java new file mode 100644 index 0000000..152f424 --- /dev/null +++ b/src/main/java/ru/serega6531/packmate/utils/SSLUtils.java @@ -0,0 +1,54 @@ +package ru.serega6531.packmate.utils; + +import com.google.common.base.Splitter; +import lombok.SneakyThrows; + +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManagerFactory; +import java.io.File; +import java.io.FileInputStream; +import java.security.KeyStore; + +import static com.google.common.base.Preconditions.checkState; + +public class SSLUtils { + + @SneakyThrows + public static SSLContext createContext(File pemFile, File keyFile) { + final String pass = "abcdef"; + + File jksKeystoreFile = File.createTempFile("packmate_", ".jks"); + File pkcsKeystoreFile = File.createTempFile("packmate_", ".pkcs12"); + Splitter splitter = Splitter.on(' '); + + jksKeystoreFile.delete(); + + String command = "openssl pkcs12 -export -out " + pkcsKeystoreFile.getAbsolutePath() + " -in " + pemFile.getAbsolutePath() + + " -inkey " + keyFile.getAbsolutePath() + " -passout pass:" + pass; + + Process process = new ProcessBuilder(splitter.splitToList(command)).inheritIO().start(); + checkState(process.waitFor() == 0); + + command = "keytool -importkeystore -srckeystore " + pkcsKeystoreFile.getAbsolutePath() + " -srcstoretype PKCS12 -destkeystore " + + jksKeystoreFile.getAbsolutePath() + " -srcstorepass " + pass + " -deststorepass " + pass; + + process = new ProcessBuilder(splitter.splitToList(command)).inheritIO().start(); + checkState(process.waitFor() == 0); + + KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); + keystore.load(new FileInputStream(jksKeystoreFile), pass.toCharArray()); + + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + keyManagerFactory.init(keystore, pass.toCharArray()); + + SSLContext ret = SSLContext.getInstance("TLSv1.2"); + TrustManagerFactory factory = TrustManagerFactory.getInstance( + TrustManagerFactory.getDefaultAlgorithm()); + factory.init(keystore); + ret.init(keyManagerFactory.getKeyManagers(), factory.getTrustManagers(), null); + + return ret; + } + +} diff --git a/src/test/java/ru/serega6531/packmate/PackmateDumpFileLoader.java b/src/test/java/ru/serega6531/packmate/PackmateDumpFileLoader.java new file mode 100644 index 0000000..8edcb6a --- /dev/null +++ b/src/test/java/ru/serega6531/packmate/PackmateDumpFileLoader.java @@ -0,0 +1,38 @@ +package ru.serega6531.packmate; + +import org.springframework.security.crypto.codec.Hex; +import ru.serega6531.packmate.model.Packet; + +import java.io.File; +import java.io.IOException; +import java.nio.file.Files; +import java.util.ArrayList; +import java.util.List; + +public class PackmateDumpFileLoader { + + private final File file; + + public PackmateDumpFileLoader(String path) { + this.file = new File(getClass().getClassLoader().getResource(path).getFile()); + } + + public List getPackets() throws IOException { + boolean in = true; + List packets = new ArrayList<>(); + + for (String line : Files.readAllLines(file.toPath())) { + switch (line) { + case "in" -> in = true; + case "out" -> in = false; + default -> packets.add(Packet.builder() + .content(Hex.decode(line)) + .incoming(in) + .build()); + } + } + + return packets; + } + +} diff --git a/src/test/java/ru/serega6531/packmate/TlsDecryptorTest.java b/src/test/java/ru/serega6531/packmate/TlsDecryptorTest.java new file mode 100644 index 0000000..7c49cdf --- /dev/null +++ b/src/test/java/ru/serega6531/packmate/TlsDecryptorTest.java @@ -0,0 +1,20 @@ +package ru.serega6531.packmate; + +import org.junit.jupiter.api.Test; +import ru.serega6531.packmate.model.Packet; +import ru.serega6531.packmate.service.optimization.TlsDecryptor; + +import java.io.IOException; +import java.util.List; + +public class TlsDecryptorTest { + + @Test + public void testDecryptTls() throws IOException { + List packets = new PackmateDumpFileLoader("tls.pkmt").getPackets(); + + TlsDecryptor decryptor = new TlsDecryptor(packets); + decryptor.decryptTls(); + } + +} diff --git a/src/test/resources/tls.key b/src/test/resources/tls.key new file mode 100644 index 0000000..3b9801a --- /dev/null +++ b/src/test/resources/tls.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDWJO65om/5LMA0 +8w9Uk36h4ukQ7Qt8nbpbeHzxorl4lGwWBASEAEmDYNUcGO0CxglOE93F9BPNGn6q +Vj8Ypp3kcTGOzsXcFrd0wRpXbSwbynnmqTCYigiLzIidasfUrGul4s1fVZFdkQZS +p2Y5pEUxq1GKcAgCVwjMyWC1dhGqvTcA5ps0JoSRoA+Nzs/BeTHlTm8UvT9eD9ER +8RmYVOi1edcJ/eztj1CVydq5X27QNmwLuqsAwq38I27nlq1NU5ShqDQ16bg8IY/c +Ll4QJB7SVbrLf3dJ7KY5i7DNEoYUiJGRwDJZt+wcZLtFSzj0cn0BuEU6M0PYglUI +uQTeosUZAgMBAAECggEAehq7CJyHzoPm4QpLDoW/qh1RmfYgG6FwVqHgVIPdz9SJ +wQ/vZzkmscPwIEJSOsejHKMVTL983vGhkgz1k1/GHjEw+eYLShCl8Ov+0iUNBpew +ZIbKj9/9OYGZ0HDHmwvpocAuLJME/V4pRc3v6yQw1D6EkzSITJVGDkcxXqcBMeIA +uNVr+pwLH9vO7ybva+e3T4ROWxlecHrcB94THops4fy5+SGVILwvKaP4cRhjLfD4 +2XV4O5N0imdPAYsNNHyHbAzjvZPoCOsuH3B/tWmRHq3oOa4ZcFUNTDmO9GgfbtY/ +PHEFV34XxMjy3bK0vLxHqS9CEj1cvfq8e1NqkDTugQKBgQD6CEezGf9OFb3byBui +X3OzXWdWQ5jnodOTPb/P+y9DrORJPy1/0BcXh/cHF58kNDZvzVwTFcAjfx6bxS41 +JAddFRZjNuHXEOtFRkD3Wp4W7Atrv/yeKbpE9PCaNYtUDasL8RKcdJiHNFpN4xRl +jpQtIiQ9pikrjUXLgW0S88zzyQKBgQDbQV+DMxGS2Cee6nfMmUcGjgQd8D0cXLjk +OZSmEnk4FCvV8ZdysjirqmuitFTE+PYmOJzhlQl8lubEs4Kc7L9CfEwbK9mNN0ZG +BNdT21nFuJp7YoZzZDTHuwF0nBjQFYcdaWDW+qFqrqs9mKbmCQ5vSzql6al+pzdX +X/YS0QTO0QKBgDUMprHQdUPLByJnnb1gxTqsOa2q3/ldc3eNJXJqWAfi2fjUh8HT +k+KxPW9qyqAy1832429FMSQW55ajSn+J6moMfFiGn3ozI8fp9QTGXD5+zJmK/X1N +WzEgSyBc9ffago0hFBLQBkDBkdtur7gwfS3qTYgrBhcwfTuFdXAM/FJJAoGABIQ2 +OXel1waI2mcuDJLjuajXQN6gA6ONU3Y0L6+Vu6f+tyuA2SX+sNqT2Qgp7tzKBUOJ +R8RQK7bYDhk8iYr+7Zmt36lpk9Udp3eWD+4mzUHePMhsyJe51pttjj9g63hmDh8L +laIYDSCH+n7YgUiSeYxtKtnDWg6Lv0sEwKJ5nOECgYBsF5PoHRE4Q/Vs18qbI4t/ +zPwWWNP0sb3PYRlWLTKMBowQdDOxnXAF12txoLNhpOn9DjZdNEb2EMsqlzdNjphN +uUWZq89d5kDwKfj4ji087elcjsW79R5oqwrN8a0NimftZ4eBPbcn8Y0r5psPcSzE +36iKGM2euQYD8Ub+aDOSLQ== +-----END PRIVATE KEY----- diff --git a/src/test/resources/tls.pem b/src/test/resources/tls.pem new file mode 100644 index 0000000..14661f8 --- /dev/null +++ b/src/test/resources/tls.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCTCCAfGgAwIBAgIUP8G0cbkVa5e5XMfhm0ewi9FKmVgwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIwMDQxNzEzMjEyNVoXDTIxMDQx +NzEzMjEyNVowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA1iTuuaJv+SzANPMPVJN+oeLpEO0LfJ26W3h88aK5eJRs +FgQEhABJg2DVHBjtAsYJThPdxfQTzRp+qlY/GKad5HExjs7F3Ba3dMEaV20sG8p5 +5qkwmIoIi8yInWrH1KxrpeLNX1WRXZEGUqdmOaRFMatRinAIAlcIzMlgtXYRqr03 +AOabNCaEkaAPjc7PwXkx5U5vFL0/Xg/REfEZmFTotXnXCf3s7Y9QlcnauV9u0DZs +C7qrAMKt/CNu55atTVOUoag0Nem4PCGP3C5eECQe0lW6y393SeymOYuwzRKGFIiR +kcAyWbfsHGS7RUs49HJ9AbhFOjND2IJVCLkE3qLFGQIDAQABo1MwUTAdBgNVHQ4E +FgQU2nillgHV/VxE0Rf5sVlNbEogs8cwHwYDVR0jBBgwFoAU2nillgHV/VxE0Rf5 +sVlNbEogs8cwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAg287 +XL7cBkT3WlR4Mxocg2k7khBfhUGTU5Y9HbZcsV83vkjY6Q2zRhtB1kwNBO/KPOE+ ++TUPgO9cL6wBk1QZISxUzEl1AvNxZOqUqZUubRKMzeAzoVF+ItkRxiXrQe80RVY3 +IjEpdajqBKOeEg6n3/5COh3UnvcdHaFsnbCspSfAUYUO9J0s6hLPHIJVSaqEfO9p +eW2I9vUu7HnzM8bvawwzciFV0v5DrO6/2TbbfiGCYdsebsZD1QAzsWu2KTFmjGWo +pDXWcd+h7oeKTGYvRtSEU/g/IMttH6HrT/N1tpBpv9GG7FLRsICgEzcpgAmvfR7a +tg5VUZwbxAXLxKSjjw== +-----END CERTIFICATE----- diff --git a/src/test/resources/tls.pkmt b/src/test/resources/tls.pkmt new file mode 100644 index 0000000..aad70bc --- /dev/null +++ b/src/test/resources/tls.pkmt @@ -0,0 +1,7 @@ +in +1603010200010001fc030363f4cc940241c2f8f5d873219ed7e87479e6e95da93b58f49b35256108c7eaa4200ab8b3409555d3d658b1844f52dfc0116467c4b9088d1deb504f3935c10de8930022dada130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001913a3a00000000000e000c0000096c6f63616c686f737400170000ff01000100000a000a00081a1a001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b00291a1a000100001d0020db6ec7b4c7e221efbefc2c50c9ff9f18196f64c455b90e1b64fe942f17628c39002d00020101002b000b0a0a0a0304030303020301001b00030200021a1a000100001500cf000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +out +160303007a020000760303b5474b785c5e9bbadf2b0cd136e9aaf8bc2d89583ef96c479b531b94808349cc200ab8b3409555d3d658b1844f52dfc0116467c4b9088d1deb504f3935c10de893130100002e002b0002030400330024001d0020801d96be72cbbd2f4e33b5ec7e5e0b073636269e42c17d1d8996fdd28c9f72301403030001011703030020ec3ee8fb17f72e280f8da426abe1a33d9f90a55fbf5a661350fbd1c1c1a0f632170303032b42eeddcbe378e531fe3ff17eb4a2f0479180650ee48380836211dc2972807094d9d966759a4e222ea65976179d4f35e56fa1f2784694dd3a20066c1629f0021066c3c16dcff4e0eb374daffc765bb762dce06b21661b9869aef570b33ca6feb5ae10c6f3b8d7fef7d23cc3639dc09c6f5a6bdb21c724104b781f202f16210f26cc3ffb35012191ac6da0d0dc2d6c97a825aef658143c165d0621d6e2cf1238edf1a10dd75591b52fa74b38f91fc3c6fb0d011336aa092781c4abe3c53b55e5d103dd291a17fd7ca06516faea3f0b76bc3144616ffcc1d3615752c3b12819eff9830fec7c44948d17cab2e692a020285f4a89c8b397646016559fd8b028c8875970421b9b0340eb2531fdbf471e1a788ea73bb42a1a63e3279e7cf2940297aa2a51daf49a7c451ced900f928092c8fac75c772d0951be31a7143b44db651332e7ba8e8c0d0ac0172705bed8de0a48f71f5345a5c98910416266e2bf96c66ad8ab79a252dc89172c00bbb66f22f74c32127138f56e94c573c07561b4db5fe12af62820aa0c6dd3dd8c62fd55dba30f317152f9a8238f5114373a8f233992c25a4e16612014b50ec59b81c2957eb0fd44beddcc036873d9193b0daa518de00c506a46c76499700fe6c8175c9ba56b4c42d390c3415e74bf3b04a762c004e9549571670f0a226e77d2a73b60f7302ca69065ab5e2e4c972f96f596ccb1e734fa2c1a15076c2536a84c8394d7bb3c9b9db44b342be05e93301499611078095b4c5da6171b211ceb6ecc4889a9d0af97936bc2a135a8aff5b7851b874b74210b0ebb2e25f9f780d2d868b68113f96daeaee0cf3dba9ca9416c80d37d00498895a9bf700153c30efc838b36040f2a5ba3c518af7ea50479975d61863de8ec29aaabda9f62c087b59219d63eda1f54bec28ae34dfcfd19e45166c097c419215c2d836101b0cd4ee06dfc4f42c9d7fadbb59af33d59041ef18df9670eb1472fe67fdcc712812ff874ca9c921b5a1a7daba389669c5d916ee5409d392faf6af03c36c42120fa0d37e418ab9e50f19aa141e6809b36b77e0b92660edeee2086fb72e6e79e47ceca17fb98f137a1b20d75b76dd640b5f3a13fef7069c6d3d58f2c26bdf5800e4e3ab5a9553224257fcee7170303011998f724838a24b8c7c785228a59d9de487f121ea2546c9e328f6af05497a6534a5d899ffa33931a19718b0f13f0d69d1cc46ee6b4a46555637a1fd7fc1626ba247869f3ff0afc65ef9dd2c111f0605ac15950d8c0a55604d1b4acea04d288f01c5baa1ee4211a5ad5f28e007b9607f7d1f7894fb367a47b5ac776f6ab146046d5f187dc521253536a23885c6919bd0650613f0d9b35c9a45fde3cd81c86c88ccdbc42beb36e666d726f55f16a293295dd3c9ea91ce93ad69248c0488ea1946022f52184ef31fc8ad55ac5bde1add744c1c03d0361d636c929b3c6e84d9fbf027647cee28e3a1db2870ab7fdb4b059745b677aec66e8798dfdb9790231562b46ceec478ec9e1cb1d22c6a038a4e9ce295a9f77a3bb0803cec3a91703030035d288fffb76adea324fe965bbab064300e1f1ef39512a1627029c5d2d2dff890d73f8b1d751b813f6a4d6220123323d173a8c2a3de31703030093f3fdf993d25b149eb103c99d4f1556fbe55127ff8f5c9846f181c180033ffa063235e2b77a951a80ab10866c756cd575f7fad5fefb281585730832983ddd76d55a15f9e67d592ca90372df949afa715bd5d8d941bef2ddc9640dd296a4056b9d26d6fe51c587bdf6a3997f492d37a7664f5ecf299fd2eac21de93cfc38318cb0473d7a0b37680158b0e85bd1954da27ab51f62 +in +140303000101170303003522332775a6617895c810ddad7f99ecc7d16ce79eec84cfaf1ff96933e7c9d50a2c44cb430f4483e77df7c62e3167e5936b5e8fae34 +1703030057a6cbca0de9d81daa74309ed33a8d7b739f90adf1fd434d9115f162bac1ba6ba1ddafc6e5ef4d1f5dbb531d6d0f160e77205e3a73a5a174318180e4c5595cdffe7dab9d01f3f559d08f2c1f04ff6e9e214078df21fecb17 \ No newline at end of file