This is a very cool algorithm. Makes me a little keen to go back to and do a signal processing post-graduate degree at Uni...
Researchers are Shai Avidan and Ariel Shamir.
Saturday, August 25, 2007
Friday, August 03, 2007
Got a spare computer lying around?
SSL in Java
Got SSL working in Python, and for my next trick the Java end! As you may know I am no fan of Java and so this seemingly simple task took much longer than expected...
The initial program is quite simple:
But when I connected I got:
Oh, what a readable exception... So it appears it doesn't like the certificate of my Python end and I should probably supply that to Java somehow. keytool is the tool for the job (a very cheap and nasty tool). I tried doing a:
Which did seem to import it (shows with
Tried some debugging:
It showed the standard signing authority certificates but not my one...
And that's when I give up and copy someone else's solution to the problem. This is how to replace the certificate checking with a null implementation:
So now it works (for transport) but I must find out how to do the certificates properly.
The initial program is quite simple:
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.SSLSocket;
public class JVT
{
public static void main(final String[] args) throws Throwable
{
SSLSocketFactory sslSocketFactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket)sslSocketFactory.createSocket("localhost", 12345);
sslsocket.getOutputStream().write("Hello from the world of Java\n".getBytes());
}
}
But when I connected I got:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Oh, what a readable exception... So it appears it doesn't like the certificate of my Python end and I should probably supply that to Java somehow. keytool is the tool for the job (a very cheap and nasty tool). I tried doing a:
$ keytool -import cert
Which did seem to import it (shows with
keytool -list) but still the exception.Tried some debugging:
-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -Djavax.net.debug=ssl
It showed the standard signing authority certificates but not my one...
And that's when I give up and copy someone else's solution to the problem. This is how to replace the certificate checking with a null implementation:
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
public class JVT
{
public static void main(final String[] args) throws Throwable
{
// Create empty HostnameVerifier
HostnameVerifier hv = new HostnameVerifier()
{
public boolean verify(String urlHostName, SSLSession session)
{
System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());
return true;
}
};
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]
{
new X509TrustManager()
{
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
{
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
{
}
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
SSLSocketFactory sslSocketFactory = sc.getSocketFactory();
SSLSocket sslsocket = (SSLSocket)sslSocketFactory.createSocket("localhost", 12345);
sslsocket.getOutputStream().write("Hello from the world of Java\n".getBytes());
}
}
So now it works (for transport) but I must find out how to do the certificates properly.
Making an SSL connection in Python
For a work project I want to make a secure point-to-point link between a Java application and a Python server. Here is the result of googling/tinkering to get the link working in Python...
The client side is pretty simple. Python comes with built in SSL support for connecting sockets. Basically you just wrap a standard socket with an SSL socket:
The server is a bit more tricky, you need to install pyopenssl (apt-get install python-pyopenssl) for more SSL features. The server needs a private key and certificate to identify itself with.
The quick and dirty way to generate a test key+certificate is:
And the server wraps the sockets much like the client does:
OpenSSL also provides a test SSL client/server in the style of telnet/netcat, great for debugging:
The client side is pretty simple. Python comes with built in SSL support for connecting sockets. Basically you just wrap a standard socket with an SSL socket:
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('localhost', 12345))
sslSocket = socket.ssl(s)
print repr(sslSocket.server())
print repr(sslSocket.issuer())
sslSocket.write('Hello secure socket\n')
s.close()
The server is a bit more tricky, you need to install pyopenssl (apt-get install python-pyopenssl) for more SSL features. The server needs a private key and certificate to identify itself with.
The quick and dirty way to generate a test key+certificate is:
openssl genrsa 1024 > key
openssl req -new -x509 -nodes -sha1 -days 365 -key key > cert
And the server wraps the sockets much like the client does:
import socket
from OpenSSL import SSL
context = SSL.Context(SSL.SSLv23_METHOD)
context.use_privatekey_file('key')
context.use_certificate_file('cert')
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s = SSL.Connection(context, s)
s.bind(('', 12345))
s.listen(5)
(connection, address) = s.accept()
while True:
print repr(connection.recv(65535))
OpenSSL also provides a test SSL client/server in the style of telnet/netcat, great for debugging:
openssl s_server -accept 12345 -cert cert -key key
openssl s_client -connect localhost:12345
Subscribe to:
Posts (Atom)