## jak wyciagnac pliki .pem z keystore Javy ??? # keytool -importkeystore -srckeystore jsse_client_ks \ -destkeystore jsse_client_ks.p12 \ -srcstoretype jks \ -srcalias client_alias \ -deststoretype pkcs12 \ -destkeypass DUMMY123 # koniecznie trzeba dodac to DUMMY zeby dzialalo !!! openssl pkcs12 -in jsse_client_ks.p12 -out jsse_client_ks.pem # + z pliku jsse_client_ks.pem wyciagnac certyfikat # oraz plik z kluczem prywatnym (tj rozbic go na 2 pliki .pem) ## czy JSSE wspolpracuje z OpenSSL ?!?!!? # + oczywiscie na pewno tak, ale lepiej sprawdzic... # # klient ssl w tcl (OpenSSL) # lappend auto_path ~/tcl/tls1.5; package re tls proc haslo {} {return "qwerty"}; # haslo do klucza pryw serwera set s [tls::socket -password haslo \ -certfile combat_cli_cert.pem -keyfile combat_cli_priv.pem \ localhost 30000 ] #% sock5 tls::handshake $s #% 1 puts $s "A ku ku !!!"; flush $s close $s #% 1 tls::status -local $s #% sha1_hash 0000000000000000000000000000000000000000 subject {/C=Unknown/ST=Unknown/L=Unknown/O=JacORB/OU=Unknown/CN=JSSE SSL Demo Client} issuer {/C=Unknown/ST=Unknown/L=Unknown/O=JacORB/OU=Unknown/CN=JSSE SSL Demo Client} notBefore {Jul 6 08:21:28 2006 GMT} notAfter {Nov 10 01:53:12 2038 GMT} serial 1152174088 sbits 168 cipher EDH-DSS-DES-CBC3-SHA tls::status $s #% sha1_hash E74BA76019A6F63892141DFC9663F3ACBAE2126C subject {/C=Unknown/ST=Unknown/L=Unknown/O=JacORB/OU=Unknown/CN=JSSE SSL Demo Server} issuer {/C=Unknown/ST=Unknown/L=Unknown/O=JacORB/OU=Unknown/CN=JSSE SSL Demo Server} notBefore {Jul 6 08:22:02 2006 GMT} notAfter {Nov 10 01:53:46 2038 GMT} serial 1152174122 sbits 168 cipher EDH-DSS-DES-CBC3-SHA # java/tcl - JSSE, javowa impl. SSL - ///SERWER/// # + trzeba podac "key mgr" ORAZ "trust mgr" z tym samym keystore (!) # + to jest "prawdziwa java" ale za pomoca tclBlend (polaczenie tcl+java) # set j1 [java::call java.security.KeyStore getInstance "JKS"] set j1a [[java::new String "jsse_server_ks_pass"] toCharArray] $j1 load [java::new java.io.FileInputStream "jsse_server_ks"] $j1a #$j1 size #% 2 set j2 [java::call javax.net.ssl.KeyManagerFactory getInstance "SunX509"] $j2 init $j1 $j1a set j3 [$j2 getKeyManagers] set j2a [java::call javax.net.ssl.TrustManagerFactory getInstance "SunX509"] $j2a init $j1 # + tylko 1 argument init !! set j3a [$j2a getTrustManagers] set j4 [java::call javax.net.ssl.SSLContext getInstance "TLS"] $j4 init $j3 $j3a [java::null] # + koniecznie trzeba podac 2 arg (!), "key mgr" i "trust mgr" #set j5 [$j4 getSocketFactory] set j5 [$j4 getServerSocketFactory] set j6 [$j5 {createServerSocket int} 30000] set j6 [java::cast javax.net.ssl.SSLServerSocket $j6] # + tworzymy "ssl serverSocket" set j7 [java::cast javax.net.ssl.SSLSocket [$j6 accept]] #% java0x24 # + czekamy na polaczenie (blokuje!!!) $j7 startHandshake #% #set j8 [java::new java.io.DataInputStream [$j7 getInputStream]] #$j8 readUTF set j8 [java::new java.io.InputStreamReader [$j7 getInputStream]] set j9 [java::new java.io.BufferedReader $j8] $j9 readLine #% A ku ku !!! # + moze blokowac ! info comm java*