TLSClientHelper.java example

Explorer

2FactorWallet-master
- android_wallet
  - src
    - main
      - java
        de
        uni_bonn
        bit
        KeyShareStore.java
        MainActivityWithPairing.java
        PairingActivity.java
        TLSClientHelper.java
        TransactionConfirmActivity.java
- desktop_wallet
  - src
    - main
      - java
        de
        uni_bonn
        bit
        KeyShareWalletExtension.java
        Main.java
        MainWindow.java
        PairingDialog.java
        PairingProtocolImpl.java
        ProtocolServer.java
        QRCodeHelper.java
        ReceivePaymentDialog.java
        TransactionDialog.java
        TransactionHelper.java
        WalletProtocolImpl.java
- wallet_lib
  - src
    - main
      - java
        de
        uni_bonn
        bit
        BCParameters.java
        BitcoinECMathHelper.java
        DesktopSigner.java
        DesktopTransactionSigner.java
        IPAddressHelper.java
        MultiThreadingHelper.java
        PaillierKeyPair.java
        PhoneSigner.java
        PhoneTransactionSigner.java
        ProtocolException.java
        wallet_protocol
        EncryptedSignatureWithProof.java
        EphemeralPublicValueWithProof.java
        EphemeralValueShare.java
        IPairingProtocol.java
        IWalletProtocol.java
        PairingMessage.java
        QRCodeData.java
        SignatureParts.java
        TransactionInfo.java
        ZKProofDesktop.java
        ZKProofInit.java
        ZKProofPhone.java
    - test
      - java
        de
        uni_bonn
        bit
        PaillierTest.java
        PairingSerializationTest.java
        ProtocolAttackTest.java
        ProtocolBaseTest.java
        ProtocolTest.java
        TransactionSignerBaseTest.java
        TransactionSignerSerializationTests.java
        TransactionSignerTests.java
        ZKProofTest.java

/*
* Copyright 2014 Christopher Mann
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.uni_bonn.bit;

import org.apache.avro.ipc.NettyTransceiver;
import org.jboss.netty.channel.ChannelPipeline;
import org.jboss.netty.channel.socket.SocketChannel;
import org.jboss.netty.channel.socket.nio.NioClientSocketChannelFactory;
import org.jboss.netty.handler.ssl.SslHandler;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.concurrent.Executors;

/**
 * This class contains some helper methods for establishing a TLS connection.
 */
public class TLSClientHelper {

    public static NettyTransceiver createNettyTransceiver(PublicKey publicKey, List<String> ipAddresses) throws IOException {
        String ipAddress = IPAddressHelper.findFirstAddressInCommonNetwork(ipAddresses);
         NettyTransceiver client = new NettyTransceiver(
                new InetSocketAddress(ipAddress, 7001),
                new SSLChannelFactory(publicKey));
        return client;
    }

    private static class SSLChannelFactory extends NioClientSocketChannelFactory {

        private PublicKey publicKey;

        public SSLChannelFactory(PublicKey publicKey) {
            super(Executors.newCachedThreadPool(), Executors.newCachedThreadPool());
            this.publicKey = publicKey;
        }

        @Override
        public SocketChannel newChannel(ChannelPipeline pipeline) {
            try {
                SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
                sslContext.init(null, new TrustManager[]{new BogusTrustManager(publicKey)},
                        null);
                SSLEngine sslEngine = sslContext.createSSLEngine();
                sslEngine.setUseClientMode(true);
                pipeline.addFirst("ssl", new SslHandler(sslEngine));
                return super.newChannel(pipeline);
            } catch (Exception ex) {
                throw new RuntimeException("Cannot create SSL channel", ex);
            }
        }
    }

    /**
     * Bogus trust manager accepting any certificate
     */
    private static class BogusTrustManager implements X509TrustManager {

        private PublicKey publicKey;

        public BogusTrustManager(PublicKey publicKey) {
            this.publicKey = publicKey;
        }

        @Override
        public void checkClientTrusted(X509Certificate[] certs, String s) {
            // nothing
        }

        @Override
        public void checkServerTrusted(X509Certificate[] certs, String s) throws CertificateException {
            if(certs.length != 1)
                throw new CertificateException("Only a single self-signed certificate is expected, but a longer certificate chain was provided.");
            X509Certificate cert = certs[0];
            if(! cert.getPublicKey().equals(publicKey))
                throw new CertificateException("The server is not using the expected public key");
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }
}