package au.net.hivemedia.hexcast.api;import sun.misc.BASE64Encoder;import

1. package au.net.hivemedia.hexcast.api;
2.  
3. import sun.misc.BASE64Encoder;
4. import sun.security.provider.X509Factory;
5. import sun.security.x509.*;
6.  
7. import javax.net.ssl.*;
8. import java.io.*;
9. import java.math.BigInteger;
10. import java.net.ServerSocket;
11. import java.net.Socket;
12. import java.security.*;
13. import java.security.cert.*;
14. import java.security.cert.Certificate;
15. import java.security.spec.PKCS8EncodedKeySpec;
16. import java.security.spec.X509EncodedKeySpec;
17. import java.util.Date;
18.  
19. public class SecurityTools {
20.  
21.     private static final File keyStoreFile = new File("hexcast.jks");
22.  
23.     public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm)
24.             throws GeneralSecurityException, IOException
25.     {
26.         PrivateKey privkey = pair.getPrivate();
27.         X509CertInfo info = new X509CertInfo();
28.         Date from = new Date();
29.         Date to = new Date(from.getTime() + days * 86400000l);
30.         CertificateValidity interval = new CertificateValidity(from, to);
31.         BigInteger sn = new BigInteger(64, new SecureRandom());
32.         X500Name owner = new X500Name(dn);
33.  
34.         info.set(X509CertInfo.VALIDITY, interval);
35.         info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
36.         info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
37.         info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
38.         info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
39.         info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
40.         AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
41.         info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
42.  
43.         // Sign the cert to identify the algorithm that's used.
44.         X509CertImpl cert = new X509CertImpl(info);
45.         cert.sign(privkey, algorithm);
46.  
47.         // Update the algorith, and resign.
48.         algo = (AlgorithmId)cert.get(X509CertImpl.SIG_ALG);
49.         info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algo);
50.         cert = new X509CertImpl(info);
51.         cert.sign(privkey, algorithm);
52.         return cert;
53.     }
54.  
55.     public static SSLSocket convertToSecureSocket(Socket baseSocket, String X500name) throws Exception
56.     {
57.         KeyStore keyStore = KeyStore.getInstance("JKS");
58.  
59.         if(!keyStoreFile.exists())
60.         {
61.             KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
62.             SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
63.             keyGen.initialize(1024, random);
64.  
65.             KeyPair pair = keyGen.generateKeyPair();
66.             PrivateKey priKey = pair.getPrivate();
67.             PublicKey pubKey = pair.getPublic();
68.  
69.             X509Certificate cert = SecurityTools.generateCertificate(X500name, pair, 365, "SHA256WithRSA");
70.  
71.             keyStore.load(null);
72.             keyStore.setCertificateEntry("ServerCert", cert);
73.             keyStore.setKeyEntry("ServerPrivateKey", (Key)priKey, "".toCharArray(), new Certificate[] {cert});
74.             keyStore.store(new FileOutputStream(keyStoreFile), "".toCharArray());
75.         }
76.         else
77.             keyStore.load(new FileInputStream(keyStoreFile), "".toCharArray());
78.  
79.         TrustManager[] trustAll = new TrustManager[] {
80.             new X509TrustManager() {
81.                 public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
82.                 }
83.  
84.                 public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
85.                 }
86.  
87.                 public java.security.cert.X509Certificate[] getAcceptedIssuers() {
88.                     return null;
89.                 }
90.             }
91.         };
92.  
93.         KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
94.         kmf.init(keyStore, "".toCharArray());
95.  
96.         SSLContext sslContext = SSLContext.getInstance("SSLv3");
97.         sslContext.init(kmf.getKeyManagers(), trustAll, new SecureRandom());
98.  
99.         SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
100.  
101.         SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(baseSocket, null, baseSocket.getPort(), false);
102.         sslSocket.setUseClientMode(false);
103.         sslSocket.setEnabledProtocols(new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"});
104.  
105.         return sslSocket;
106.     }
107.  
108.     public static boolean isSSLPacket(BufferedInputStream in) throws IOException {
109.         in.mark(10);
110.         byte[] fingerPrint = new byte[10];
111.         in.read(fingerPrint, 0, fingerPrint.length);
112.         in.reset();
113.  
114.         if(fingerPrint[0] == 0x16 && fingerPrint[1] == 0x03 && fingerPrint[5] == 0x01)
115.             return true;
116.         else
117.             return false;
118.     }
119. }