From 310a08e818ee8ac7fd2998de1478fdf1205441be Mon Sep 17 00:00:00 2001 From: Christoph Schulthess Date: Thu, 23 Feb 2017 14:33:33 +0100 Subject: Decluttered tasks, SSL is now Default Relay mode --- .../openslx/taskmanager/tasks/DispatchRelay.java | 33 ++- .../taskmanager/tasks/DispatchSSLRelay.java | 40 ---- .../openslx/taskmanager/tasks/SSLRelayTask.java | 242 --------------------- 3 files changed, 27 insertions(+), 288 deletions(-) delete mode 100644 src/main/java/org/openslx/taskmanager/tasks/DispatchSSLRelay.java delete mode 100644 src/main/java/org/openslx/taskmanager/tasks/SSLRelayTask.java diff --git a/src/main/java/org/openslx/taskmanager/tasks/DispatchRelay.java b/src/main/java/org/openslx/taskmanager/tasks/DispatchRelay.java index 6f16ab5..5bd1823 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/DispatchRelay.java +++ b/src/main/java/org/openslx/taskmanager/tasks/DispatchRelay.java @@ -1,8 +1,14 @@ package org.openslx.taskmanager.tasks; import java.net.Socket; +import java.security.cert.X509Certificate; import javax.net.SocketFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; import java.io.IOException; import java.io.InputStream; @@ -74,7 +80,7 @@ public class DispatchRelay extends AbstractTask { return false; } - this.status.addMessage( "Initiated relay task." ); + this.status.addMessage( "Initiated relay task: " + this.getClass().getName() ); this.status.addMessage( this.descs[0] + " is " + this.hosts[0] + ":" + this.ports[0] ); this.status.addMessage( this.descs[1] + " is " + this.hosts[1] + ":" + this.ports[1] ); return true; @@ -91,17 +97,32 @@ public class DispatchRelay extends AbstractTask { return t; } - protected SocketFactory getSocketFactory () throws Exception { - return SocketFactory.getDefault(); + protected SSLSocketFactory getSocketFactory () throws Exception { + status.addMessage( "Using TLS/SSL encryption." ); + return trustAll().getSocketFactory(); } - protected Socket[] createSockets ( SocketFactory sf ) throws IOException + protected SSLContext trustAll () throws Exception { + TrustManager[] trustAllMan = new TrustManager[] { new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted( X509Certificate[] certs, String authType ) {} + public void checkServerTrusted( X509Certificate[] certs, String authType ) {} + } + }; + SSLContext ctx = SSLContext.getInstance( "SSL" ); + ctx.init( null, trustAllMan, new java.security.SecureRandom() ); + return ctx; + } + + protected SSLSocket[] createSockets ( SocketFactory sf ) throws IOException { - Socket[] s = new Socket[2]; + SSLSocket[] s = new SSLSocket[2]; for ( int i = 0; i < 2; i++ ) { InetSocketAddress addr = new InetSocketAddress( hosts[i], ports[i] ); - s[i] = sf.createSocket(); + s[i] = (SSLSocket) sf.createSocket(); this.status.addMessage( "trying to connect socket to " + addr.toString() ); s[i].connect( addr, 1200 ); this.status.addMessage( "connected." ); diff --git a/src/main/java/org/openslx/taskmanager/tasks/DispatchSSLRelay.java b/src/main/java/org/openslx/taskmanager/tasks/DispatchSSLRelay.java deleted file mode 100644 index fc1382e..0000000 --- a/src/main/java/org/openslx/taskmanager/tasks/DispatchSSLRelay.java +++ /dev/null @@ -1,40 +0,0 @@ -package org.openslx.taskmanager.tasks; - -import java.io.IOException; -import java.security.cert.X509Certificate; - -import javax.net.SocketFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; -import javax.net.ssl.SSLSocket; - -import org.openslx.taskmanager.tasks.DispatchRelay; - -public class DispatchSSLRelay extends DispatchRelay { - - @Override - protected SSLSocket[] createSockets ( SocketFactory sf ) throws IOException { - return ( SSLSocket[] ) super.createSockets( sf ); - } - - @Override - protected SSLSocketFactory getSocketFactory () throws Exception { - return trustAll().getSocketFactory(); - } - - protected SSLContext trustAll () throws Exception { - TrustManager[] trustAllMan = new TrustManager[] { new X509TrustManager() { - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return null; - } - public void checkClientTrusted( X509Certificate[] certs, String authType ) {} - public void checkServerTrusted( X509Certificate[] certs, String authType ) {} - } - }; - SSLContext ctx = SSLContext.getInstance( "SSL" ); - ctx.init( null, trustAllMan, new java.security.SecureRandom() ); - return ctx; - } -} diff --git a/src/main/java/org/openslx/taskmanager/tasks/SSLRelayTask.java b/src/main/java/org/openslx/taskmanager/tasks/SSLRelayTask.java deleted file mode 100644 index 0109925..0000000 --- a/src/main/java/org/openslx/taskmanager/tasks/SSLRelayTask.java +++ /dev/null @@ -1,242 +0,0 @@ -package org.openslx.taskmanager.tasks; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.net.UnknownHostException; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.X509Certificate; - -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; - -import org.openslx.taskmanager.api.AbstractTask; - -import com.google.gson.annotations.Expose; - -public class SSLRelayTask extends AbstractTask { - - @Expose - private String clientAIp; - @Expose - private int clientAPort; - - @Expose - private String clientBIp; - @Expose - private int clientBPort; - - @Expose - private boolean auth; - - private SSLSocket sockA; - private SSLSocket sockB; - - private Relay aToB; - private Relay bToA; - - private boolean enabled; - - private Output status; - - @Override - protected boolean initTask() { - - this.setStatusObject(status); - return true; - } - - @Override - protected boolean execute() { - SSLSocketFactory ssf = initSSLSocketFactory(); - if (ssf==null) { - status.error = "Could not initialize SSLSocketFactory"; - return false; - } - try { - initSockets(ssf); - initRelays(); - } catch (UnknownHostException uhx) { - status.error = "One of the hosts to relay to/from is unknown: " + uhx.getMessage(); - return close(); - } catch (IOException iox) { - status.error = iox.getMessage(); - return close(); - } - - Thread aToBThread = initThread('a'); - Thread bToAThread = initThread('b'); - - if (aToBThread == null || bToAThread == null) { - status.error = "Could not initialize Threads."; - return close(); - } - - while(enabled) { - aToBThread.start(); - bToAThread.start(); - } - return close(); - } - - /** - * During testing phase there is the option to disable SSL/TLS authentication. - * THIS SHOULD BE REMOVED FOR ROLLOUT - * If auth == true, set system properties for key- and truststore and return default. - * Else, return SocketFactory from all-trusting SSLContext (returned by trustAll(). - * @return - */ - private SSLSocketFactory initSSLSocketFactory () { - if (auth) { - System.setProperty("javax.net.ssl.keyStore", "keystore.jks"); - System.setProperty("javax.net.ssl.trustStore", "cacerts.jks"); - - return (SSLSocketFactory) SSLSocketFactory.getDefault(); - } - else { - try { - return trustAll().getSocketFactory(); - } catch (NoSuchAlgorithmException nax) { - status.error = nax.getMessage(); - return null; - } catch (KeyManagementException kmx) { - status.error = kmx.getMessage(); - return null; - } - } - } - - /** - * Returns one Thread to run the relay. Is there a nicer way to do this? - * Scoping posed some difficulties - * @param source - * @return - */ - private Thread initThread (char source) { - if (source == 'a') { - return new Thread() { - public void run() { - try { - aToB.relay(); - } catch (IOException iox) { - status.error = iox.getMessage(); - return; - } catch (InterruptedException ix) { - status.error = ix.getMessage(); - return; - } - }; - }; - } - else if (source == 'b') { - return new Thread() { - public void run() { - try { - bToA.relay(); - } catch (IOException iox) { - status.error = iox.getMessage(); - return; - } catch (InterruptedException ix) { - status.error = ix.getMessage(); - return; - } - }; - }; - } - else - return null; - } - /** - * Creates sockA and sockB - * @param ssf - * @throws IOException - * @throws UnknownHostException - */ - private void initSockets (SSLSocketFactory ssf) throws IOException, UnknownHostException { - sockA = (SSLSocket) ssf.createSocket(clientAIp, clientAPort); - System.out.println("connected to " + clientAIp + " on port " + Integer.toString(clientAPort)); - sockB = (SSLSocket) ssf.createSocket(clientBIp, clientBPort); - System.out.println("connected to " + clientBIp + " on port " + Integer.toString(clientBPort)); - } - /** - * Creates relays aToB and bToA - * @throws IOException - */ - private void initRelays () throws IOException { - aToB = new Relay(sockA, sockB); - System.out.println("relay created from " + clientAIp + " to " + clientBIp); - bToA = new Relay(sockB, sockA); - System.out.println("relay created from " + clientBIp + " to " + clientAIp); - } - - /** - * Create all-trusting TrustManager for no-auth mode and return SSLContext. - */ - private SSLContext trustAll () throws NoSuchAlgorithmException, KeyManagementException { - TrustManager[] trustAllMan = new TrustManager[] {new X509TrustManager() { - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return null; - } - public void checkClientTrusted(X509Certificate[] certs, String authType) {} - public void checkServerTrusted(X509Certificate[] certs, String authType) {} - } - }; - SSLContext ctx = SSLContext.getInstance("SSL"); - ctx.init(null, trustAllMan, new java.security.SecureRandom()); - return ctx; - } - - private boolean close() { - try { - if (aToB != null) - aToB.close(); - if (bToA != null) - bToA.close(); - sockA.close(); - sockB.close(); - } catch (IOException iox) { - status.error = iox.getMessage(); - return false; - } - return true; - } - - /** - * Do the actual relaying in one direction - */ - private class Relay { - private InputStream in; - private OutputStream out; - - private byte[] buffer = new byte[16384]; - - public Relay (SSLSocket sIn, SSLSocket sOut) throws IOException { - in = sIn.getInputStream(); - out = sOut.getOutputStream(); - } - - public void relay() throws IOException, InterruptedException { - int readBytes = in.read(buffer); - - out.write(buffer, 0, readBytes); - } - - public void close() throws IOException { - in.close(); - out.close(); - } - } - - /** - * Output - contains additional status data of this task - */ - @SuppressWarnings( "unused" ) - private static class Output - { - protected String error = null; - } -} -- cgit v1.2.3-55-g7522