summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristoph Schulthess2017-02-23 14:33:33 +0100
committerChristoph Schulthess2017-02-23 14:33:33 +0100
commit310a08e818ee8ac7fd2998de1478fdf1205441be (patch)
tree6b1f5899c26a709cc59b8b888c4bee9d31205f35
parentDispatchSSLRelay added (diff)
downloadtmlite-bwlp-310a08e818ee8ac7fd2998de1478fdf1205441be.tar.gz
tmlite-bwlp-310a08e818ee8ac7fd2998de1478fdf1205441be.tar.xz
tmlite-bwlp-310a08e818ee8ac7fd2998de1478fdf1205441be.zip
Decluttered tasks, SSL is now Default Relay mode
-rw-r--r--src/main/java/org/openslx/taskmanager/tasks/DispatchRelay.java33
-rw-r--r--src/main/java/org/openslx/taskmanager/tasks/DispatchSSLRelay.java40
-rw-r--r--src/main/java/org/openslx/taskmanager/tasks/SSLRelayTask.java242
3 files changed, 27 insertions, 288 deletions
diff --git a/src/main/java/org/openslx/taskmanager/tasks/DispatchRelay.java b/src/main/java/org/openslx/taskmanager/tasks/DispatchRelay.java
index 6f16ab5..5bd1823 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/DispatchRelay.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/DispatchRelay.java
@@ -1,8 +1,14 @@
package org.openslx.taskmanager.tasks;
import java.net.Socket;
+import java.security.cert.X509Certificate;
import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.io.InputStream;
@@ -74,7 +80,7 @@ public class DispatchRelay extends AbstractTask {
return false;
}
- this.status.addMessage( "Initiated relay task." );
+ this.status.addMessage( "Initiated relay task: " + this.getClass().getName() );
this.status.addMessage( this.descs[0] + " is " + this.hosts[0] + ":" + this.ports[0] );
this.status.addMessage( this.descs[1] + " is " + this.hosts[1] + ":" + this.ports[1] );
return true;
@@ -91,17 +97,32 @@ public class DispatchRelay extends AbstractTask {
return t;
}
- protected SocketFactory getSocketFactory () throws Exception {
- return SocketFactory.getDefault();
+ protected SSLSocketFactory getSocketFactory () throws Exception {
+ status.addMessage( "Using TLS/SSL encryption." );
+ return trustAll().getSocketFactory();
}
- protected Socket[] createSockets ( SocketFactory sf ) throws IOException
+ protected SSLContext trustAll () throws Exception {
+ TrustManager[] trustAllMan = new TrustManager[] { new X509TrustManager() {
+ public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
+ public void checkClientTrusted( X509Certificate[] certs, String authType ) {}
+ public void checkServerTrusted( X509Certificate[] certs, String authType ) {}
+ }
+ };
+ SSLContext ctx = SSLContext.getInstance( "SSL" );
+ ctx.init( null, trustAllMan, new java.security.SecureRandom() );
+ return ctx;
+ }
+
+ protected SSLSocket[] createSockets ( SocketFactory sf ) throws IOException
{
- Socket[] s = new Socket[2];
+ SSLSocket[] s = new SSLSocket[2];
for ( int i = 0; i < 2; i++ ) {
InetSocketAddress addr = new InetSocketAddress( hosts[i], ports[i] );
- s[i] = sf.createSocket();
+ s[i] = (SSLSocket) sf.createSocket();
this.status.addMessage( "trying to connect socket to " + addr.toString() );
s[i].connect( addr, 1200 );
this.status.addMessage( "connected." );
diff --git a/src/main/java/org/openslx/taskmanager/tasks/DispatchSSLRelay.java b/src/main/java/org/openslx/taskmanager/tasks/DispatchSSLRelay.java
deleted file mode 100644
index fc1382e..0000000
--- a/src/main/java/org/openslx/taskmanager/tasks/DispatchSSLRelay.java
+++ /dev/null
@@ -1,40 +0,0 @@
-package org.openslx.taskmanager.tasks;
-
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-import javax.net.ssl.SSLSocket;
-
-import org.openslx.taskmanager.tasks.DispatchRelay;
-
-public class DispatchSSLRelay extends DispatchRelay {
-
- @Override
- protected SSLSocket[] createSockets ( SocketFactory sf ) throws IOException {
- return ( SSLSocket[] ) super.createSockets( sf );
- }
-
- @Override
- protected SSLSocketFactory getSocketFactory () throws Exception {
- return trustAll().getSocketFactory();
- }
-
- protected SSLContext trustAll () throws Exception {
- TrustManager[] trustAllMan = new TrustManager[] { new X509TrustManager() {
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return null;
- }
- public void checkClientTrusted( X509Certificate[] certs, String authType ) {}
- public void checkServerTrusted( X509Certificate[] certs, String authType ) {}
- }
- };
- SSLContext ctx = SSLContext.getInstance( "SSL" );
- ctx.init( null, trustAllMan, new java.security.SecureRandom() );
- return ctx;
- }
-}
diff --git a/src/main/java/org/openslx/taskmanager/tasks/SSLRelayTask.java b/src/main/java/org/openslx/taskmanager/tasks/SSLRelayTask.java
deleted file mode 100644
index 0109925..0000000
--- a/src/main/java/org/openslx/taskmanager/tasks/SSLRelayTask.java
+++ /dev/null
@@ -1,242 +0,0 @@
-package org.openslx.taskmanager.tasks;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.net.UnknownHostException;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
-
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-
-import org.openslx.taskmanager.api.AbstractTask;
-
-import com.google.gson.annotations.Expose;
-
-public class SSLRelayTask extends AbstractTask {
-
- @Expose
- private String clientAIp;
- @Expose
- private int clientAPort;
-
- @Expose
- private String clientBIp;
- @Expose
- private int clientBPort;
-
- @Expose
- private boolean auth;
-
- private SSLSocket sockA;
- private SSLSocket sockB;
-
- private Relay aToB;
- private Relay bToA;
-
- private boolean enabled;
-
- private Output status;
-
- @Override
- protected boolean initTask() {
-
- this.setStatusObject(status);
- return true;
- }
-
- @Override
- protected boolean execute() {
- SSLSocketFactory ssf = initSSLSocketFactory();
- if (ssf==null) {
- status.error = "Could not initialize SSLSocketFactory";
- return false;
- }
- try {
- initSockets(ssf);
- initRelays();
- } catch (UnknownHostException uhx) {
- status.error = "One of the hosts to relay to/from is unknown: " + uhx.getMessage();
- return close();
- } catch (IOException iox) {
- status.error = iox.getMessage();
- return close();
- }
-
- Thread aToBThread = initThread('a');
- Thread bToAThread = initThread('b');
-
- if (aToBThread == null || bToAThread == null) {
- status.error = "Could not initialize Threads.";
- return close();
- }
-
- while(enabled) {
- aToBThread.start();
- bToAThread.start();
- }
- return close();
- }
-
- /**
- * During testing phase there is the option to disable SSL/TLS authentication.
- * THIS SHOULD BE REMOVED FOR ROLLOUT
- * If auth == true, set system properties for key- and truststore and return default.
- * Else, return SocketFactory from all-trusting SSLContext (returned by trustAll().
- * @return
- */
- private SSLSocketFactory initSSLSocketFactory () {
- if (auth) {
- System.setProperty("javax.net.ssl.keyStore", "keystore.jks");
- System.setProperty("javax.net.ssl.trustStore", "cacerts.jks");
-
- return (SSLSocketFactory) SSLSocketFactory.getDefault();
- }
- else {
- try {
- return trustAll().getSocketFactory();
- } catch (NoSuchAlgorithmException nax) {
- status.error = nax.getMessage();
- return null;
- } catch (KeyManagementException kmx) {
- status.error = kmx.getMessage();
- return null;
- }
- }
- }
-
- /**
- * Returns one Thread to run the relay. Is there a nicer way to do this?
- * Scoping posed some difficulties
- * @param source
- * @return
- */
- private Thread initThread (char source) {
- if (source == 'a') {
- return new Thread() {
- public void run() {
- try {
- aToB.relay();
- } catch (IOException iox) {
- status.error = iox.getMessage();
- return;
- } catch (InterruptedException ix) {
- status.error = ix.getMessage();
- return;
- }
- };
- };
- }
- else if (source == 'b') {
- return new Thread() {
- public void run() {
- try {
- bToA.relay();
- } catch (IOException iox) {
- status.error = iox.getMessage();
- return;
- } catch (InterruptedException ix) {
- status.error = ix.getMessage();
- return;
- }
- };
- };
- }
- else
- return null;
- }
- /**
- * Creates sockA and sockB
- * @param ssf
- * @throws IOException
- * @throws UnknownHostException
- */
- private void initSockets (SSLSocketFactory ssf) throws IOException, UnknownHostException {
- sockA = (SSLSocket) ssf.createSocket(clientAIp, clientAPort);
- System.out.println("connected to " + clientAIp + " on port " + Integer.toString(clientAPort));
- sockB = (SSLSocket) ssf.createSocket(clientBIp, clientBPort);
- System.out.println("connected to " + clientBIp + " on port " + Integer.toString(clientBPort));
- }
- /**
- * Creates relays aToB and bToA
- * @throws IOException
- */
- private void initRelays () throws IOException {
- aToB = new Relay(sockA, sockB);
- System.out.println("relay created from " + clientAIp + " to " + clientBIp);
- bToA = new Relay(sockB, sockA);
- System.out.println("relay created from " + clientBIp + " to " + clientAIp);
- }
-
- /**
- * Create all-trusting TrustManager for no-auth mode and return SSLContext.
- */
- private SSLContext trustAll () throws NoSuchAlgorithmException, KeyManagementException {
- TrustManager[] trustAllMan = new TrustManager[] {new X509TrustManager() {
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return null;
- }
- public void checkClientTrusted(X509Certificate[] certs, String authType) {}
- public void checkServerTrusted(X509Certificate[] certs, String authType) {}
- }
- };
- SSLContext ctx = SSLContext.getInstance("SSL");
- ctx.init(null, trustAllMan, new java.security.SecureRandom());
- return ctx;
- }
-
- private boolean close() {
- try {
- if (aToB != null)
- aToB.close();
- if (bToA != null)
- bToA.close();
- sockA.close();
- sockB.close();
- } catch (IOException iox) {
- status.error = iox.getMessage();
- return false;
- }
- return true;
- }
-
- /**
- * Do the actual relaying in one direction
- */
- private class Relay {
- private InputStream in;
- private OutputStream out;
-
- private byte[] buffer = new byte[16384];
-
- public Relay (SSLSocket sIn, SSLSocket sOut) throws IOException {
- in = sIn.getInputStream();
- out = sOut.getOutputStream();
- }
-
- public void relay() throws IOException, InterruptedException {
- int readBytes = in.read(buffer);
-
- out.write(buffer, 0, readBytes);
- }
-
- public void close() throws IOException {
- in.close();
- out.close();
- }
- }
-
- /**
- * Output - contains additional status data of this task
- */
- @SuppressWarnings( "unused" )
- private static class Output
- {
- protected String error = null;
- }
-}