portal Michała Hanćkowiaka
Begin main content
## jak wyciagnac pliki .pem z keystore Javy ???
#

keytool -importkeystore -srckeystore jsse_client_ks \
  -destkeystore jsse_client_ks.p12 \
  -srcstoretype jks \
  -srcalias client_alias \
  -deststoretype pkcs12 \
  -destkeypass DUMMY123
    # koniecznie trzeba dodac to DUMMY zeby dzialalo !!!

openssl pkcs12 -in jsse_client_ks.p12 -out jsse_client_ks.pem
  # + z pliku jsse_client_ks.pem wyciagnac certyfikat
  #  oraz plik z kluczem prywatnym (tj rozbic go na 2 pliki .pem)




## czy JSSE wspolpracuje z OpenSSL ?!?!!?
# + oczywiscie na pewno tak, ale lepiej sprawdzic...
#


# klient ssl w tcl (OpenSSL)
#

lappend auto_path ~/tcl/tls1.5; package re tls
proc haslo {} {return "qwerty"}; # haslo do klucza pryw serwera

set s [tls::socket -password haslo \
  -certfile combat_cli_cert.pem -keyfile combat_cli_priv.pem \
  localhost 30000
]
  #% sock5

tls::handshake $s
  #% 1

puts $s "A ku ku !!!"; flush $s

close $s
  #% 1

tls::status -local $s
  #% sha1_hash 0000000000000000000000000000000000000000 subject {/C=Unknown/ST=Unknown/L=Unknown/O=JacORB/OU=Unknown/CN=JSSE SSL Demo Client} issuer {/C=Unknown/ST=Unknown/L=Unknown/O=JacORB/OU=Unknown/CN=JSSE SSL Demo Client} notBefore {Jul  6 08:21:28 2006 GMT} notAfter {Nov 10 01:53:12 2038 GMT} serial 1152174088 sbits 168 cipher EDH-DSS-DES-CBC3-SHA

tls::status $s
  #% sha1_hash E74BA76019A6F63892141DFC9663F3ACBAE2126C subject {/C=Unknown/ST=Unknown/L=Unknown/O=JacORB/OU=Unknown/CN=JSSE SSL Demo Server} issuer {/C=Unknown/ST=Unknown/L=Unknown/O=JacORB/OU=Unknown/CN=JSSE SSL Demo Server} notBefore {Jul  6 08:22:02 2006 GMT} notAfter {Nov 10 01:53:46 2038 GMT} serial 1152174122 sbits 168 cipher EDH-DSS-DES-CBC3-SHA


# java/tcl - JSSE, javowa impl. SSL - ///SERWER///
# + trzeba podac "key mgr" ORAZ "trust mgr" z tym samym keystore (!)
# + to jest "prawdziwa java" ale za pomoca tclBlend (polaczenie tcl+java)
#

set j1 [java::call java.security.KeyStore getInstance "JKS"]
set j1a [[java::new String "jsse_server_ks_pass"] toCharArray]
$j1 load [java::new java.io.FileInputStream "jsse_server_ks"] $j1a
#$j1 size
  #% 2

set j2 [java::call javax.net.ssl.KeyManagerFactory getInstance "SunX509"]
$j2 init $j1 $j1a
set j3 [$j2 getKeyManagers]

set j2a [java::call javax.net.ssl.TrustManagerFactory getInstance "SunX509"]
$j2a init $j1
  # + tylko 1 argument init !!
set j3a [$j2a getTrustManagers]

set j4 [java::call javax.net.ssl.SSLContext getInstance "TLS"]
$j4 init $j3 $j3a [java::null]
  # + koniecznie trzeba podac 2 arg (!), "key mgr" i "trust mgr"

#set j5 [$j4 getSocketFactory]
set j5 [$j4 getServerSocketFactory]

set j6 [$j5 {createServerSocket int} 30000]
set j6 [java::cast javax.net.ssl.SSLServerSocket $j6]
  # + tworzymy "ssl serverSocket"

set j7 [java::cast javax.net.ssl.SSLSocket [$j6 accept]]
  #% java0x24
  # + czekamy na polaczenie (blokuje!!!)

$j7 startHandshake
  #%

#set j8 [java::new java.io.DataInputStream [$j7 getInputStream]]
#$j8 readUTF

set j8 [java::new java.io.InputStreamReader [$j7 getInputStream]]
set j9 [java::new java.io.BufferedReader $j8]

$j9 readLine
  #% A ku ku !!!
  # + moze blokowac !

info comm java*

uwaga: portal używa ciasteczek tylko do obsługi tzw. sesji...