From 74ad01160624d6f10273ba4df39a5ac9d8c43a2a Mon Sep 17 00:00:00 2001 From: Christoph Schulthess Date: Thu, 1 Dec 2016 16:07:39 +0100 Subject: branch initial commit w. SSLRelayTask & new pom.xml due to depency problems --- pom.xml | 21 ++- .../openslx/taskmanager/tasks/SSLRelayTask.java | 199 +++++++++++++++++++++ 2 files changed, 218 insertions(+), 2 deletions(-) create mode 100644 src/main/java/org/openslx/taskmanager/tasks/SSLRelayTask.java diff --git a/pom.xml b/pom.xml index 07a5c02..324c2a3 100644 --- a/pom.xml +++ b/pom.xml @@ -16,9 +16,26 @@ - mltk-repo - mltk repo + mltk-repo-snapshot http://mltk-services.ruf.uni-freiburg.de:8081/nexus/content/repositories/snapshots/ + + false + + + true + always + + + + mltk-repo-release + http://mltk-services.ruf.uni-freiburg.de:8081/nexus/content/repositories/releases/ + + true + always + + + false + diff --git a/src/main/java/org/openslx/taskmanager/tasks/SSLRelayTask.java b/src/main/java/org/openslx/taskmanager/tasks/SSLRelayTask.java new file mode 100644 index 0000000..8377dc6 --- /dev/null +++ b/src/main/java/org/openslx/taskmanager/tasks/SSLRelayTask.java @@ -0,0 +1,199 @@ +package org.openslx.taskmanager.tasks; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.UnknownHostException; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.X509Certificate; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + +import org.openslx.taskmanager.api.AbstractTask; + +import com.google.gson.annotations.Expose; + +public class SSLRelayTask extends AbstractTask { + + @Expose + private String clientAIp; + @Expose + private int clientAPort; + + @Expose + private String clientBIp; + @Expose + private int clientBPort; + + @Expose + private boolean auth; + + private SSLSocket sockA; + private SSLSocket sockB; + + private Relay aToB; + private Relay bToA; + + private boolean enabled; + + private Output status; + + /** + * ###ONLY FOR TESTING### + * 1. initialize SocketFactory w/wo authentication + * ###ONLY FOR TESTING### + * + * 1a. set system properties (if auth==true) + * 2. initialize sockets to A and B + * 3. initialize relays to/from A and B + */ + @Override + protected boolean initTask() { + + this.setStatusObject(status); + return true; + } + + @Override + protected boolean execute() { + SSLSocketFactory ssf; + if (auth) { + try { + ssf = trustAll().getSocketFactory(); + } catch (NoSuchAlgorithmException nax) { + status.error = nax.getMessage(); + return false; + } catch (KeyManagementException kmx) { + status.error = kmx.getMessage(); + return false; + } + } + else { + ssf = (SSLSocketFactory) SSLSocketFactory.getDefault(); + System.setProperty("javax.net.ssl.keyStore", "keystore.jks"); + System.setProperty("javax.net.ssl.trustStore", "cacerts.jks"); + } + + try { + sockA = (SSLSocket) ssf.createSocket(clientAIp, clientAPort); + System.out.println("connected to " + clientAIp + " on port " + Integer.toString(clientAPort)); + sockB = (SSLSocket) ssf.createSocket(clientBIp, clientBPort); + System.out.println("connected to " + clientBIp + " on port " + Integer.toString(clientBPort)); + aToB = new Relay(sockA, sockB); + System.out.println("relay created from " + clientAIp + " to " + clientBIp); + bToA = new Relay(sockB, sockA); + System.out.println("relay created from " + clientBIp + " to " + clientAIp); + } catch (UnknownHostException uhx) { + close(); + status.error = uhx.getMessage(); + return false; + } catch (IOException iox) { + status.error = iox.getMessage(); + return false; + } + + Thread aToBThread = new Thread() { + public void run() { + try { + aToB.relay(); + } catch (IOException iox) { + status.error = iox.getMessage(); + return; + } catch (InterruptedException ix) { + status.error = ix.getMessage(); + return; + } + }; + }; + Thread bToAThread = new Thread() { + public void run() { + try { + bToA.relay(); + } catch (IOException iox) { + status.error = iox.getMessage(); + return; + } catch (InterruptedException ix) { + status.error = ix.getMessage(); + return; + } + }; + }; + while(enabled) { + aToBThread.start(); + bToAThread.start(); + } + close(); + return true; + } + + /** + * Create all-trusting TrustManager for no-auth mode + */ + private SSLContext trustAll () throws NoSuchAlgorithmException, KeyManagementException { + TrustManager[] trustAllMan = new TrustManager[] {new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted(X509Certificate[] certs, String authType) {} + public void checkServerTrusted(X509Certificate[] certs, String authType) {} + } + }; + SSLContext ctx = SSLContext.getInstance("SSL"); + ctx.init(null, trustAllMan, new java.security.SecureRandom()); + return ctx; + } + + private void close() { + try { + if (aToB != null) + aToB.close(); + if (bToA != null) + bToA.close(); + sockA.close(); + sockB.close(); + } catch (IOException iox) { + status.error = iox.getMessage(); + System.exit(1); + } + } + + /** + * Do the actual relaying in one direction + */ + private class Relay { + private InputStream in; + private OutputStream out; + + private byte[] buffer = new byte[16384]; + + public Relay (SSLSocket sIn, SSLSocket sOut) throws IOException { + in = sIn.getInputStream(); + out = sOut.getOutputStream(); + } + + public void relay() throws IOException, InterruptedException { + int readBytes = in.read(buffer); + + out.write(buffer, 0, readBytes); + } + + public void close() throws IOException { + in.close(); + out.close(); + } + } + + /** + * Output - contains additional status data of this task + */ + @SuppressWarnings( "unused" ) + private static class Output + { + protected String error = null; + } +} -- cgit v1.2.3-55-g7522