1
0

axssl.java 24 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760
  1. /*
  2. * Copyright (c) 2007, Cameron Rich
  3. *
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without
  7. * modification, are permitted provided that the following conditions are met:
  8. *
  9. * * Redistributions of source code must retain the above copyright notice,
  10. * this list of conditions and the following disclaimer.
  11. * * Redistributions in binary form must reproduce the above copyright notice,
  12. * this list of conditions and the following disclaimer in the documentation
  13. * and/or other materials provided with the distribution.
  14. * * Neither the name of the axTLS project nor the names of its contributors
  15. * may be used to endorse or promote products derived from this software
  16. * without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
  22. * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  23. * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  24. * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  25. * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  26. * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  27. * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  28. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. */
  30. /*
  31. * Demonstrate the use of the axTLS library in Java with a set of
  32. * command-line parameters similar to openssl. In fact, openssl clients
  33. * should be able to communicate with axTLS servers and visa-versa. *
  34. * This code has various bits enabled depending on the configuration. To enable
  35. * the most interesting version, compile with the 'full mode' enabled.
  36. *
  37. * To see what options you have, run the following:
  38. * > java -jar axtls.jar s_server -?
  39. * > java -jar axtls.jar s_client -?
  40. *
  41. * The axtls/axtlsj shared libraries must be in the same directory or be found
  42. * by the OS.
  43. */
  44. import java.io.*;
  45. import java.util.*;
  46. import java.net.*;
  47. import axTLSj.*;
  48. public class axssl
  49. {
  50. /*
  51. * Main()
  52. */
  53. public static void main(String[] args)
  54. {
  55. if (args.length == 1 && args[0].equals("version"))
  56. {
  57. System.out.println("axtls.jar " + SSLUtil.version());
  58. System.exit(0);
  59. }
  60. axssl runner = new axssl();
  61. try
  62. {
  63. if (args.length < 1 ||
  64. (!args[0].equals("s_server") &&
  65. !args[0].equals("s_client")))
  66. {
  67. runner.print_options(args.length > 0 ? args[0] : "");
  68. }
  69. int build_mode = SSLUtil.buildMode();
  70. if (args[0].equals("s_server"))
  71. runner.do_server(build_mode, args);
  72. else
  73. runner.do_client(build_mode, args);
  74. }
  75. catch (Exception e)
  76. {
  77. System.out.println(e);
  78. }
  79. }
  80. /*
  81. * do_server()
  82. */
  83. private void do_server(int build_mode, String[] args)
  84. throws Exception
  85. {
  86. int i = 1;
  87. int port = 4433;
  88. int options = axtlsj.SSL_DISPLAY_CERTS;
  89. boolean quiet = false;
  90. String password = null;
  91. String private_key_file = null;
  92. /* organise the cert/ca_cert lists */
  93. int cert_size = SSLUtil.maxCerts();
  94. int ca_cert_size = SSLUtil.maxCACerts();
  95. String[] cert = new String[cert_size];
  96. String[] ca_cert = new String[ca_cert_size];
  97. int cert_index = 0;
  98. int ca_cert_index = 0;
  99. while (i < args.length)
  100. {
  101. if (args[i].equals("-accept"))
  102. {
  103. if (i >= args.length-1)
  104. {
  105. print_server_options(build_mode, args[i]);
  106. }
  107. port = Integer.parseInt(args[++i]);
  108. }
  109. else if (args[i].equals("-quiet"))
  110. {
  111. quiet = true;
  112. options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
  113. }
  114. else if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
  115. {
  116. if (args[i].equals("-cert"))
  117. {
  118. if (i >= args.length-1 || cert_index >= cert_size)
  119. {
  120. print_server_options(build_mode, args[i]);
  121. }
  122. cert[cert_index++] = args[++i];
  123. }
  124. else if (args[i].equals("-key"))
  125. {
  126. if (i >= args.length-1)
  127. {
  128. print_server_options(build_mode, args[i]);
  129. }
  130. private_key_file = args[++i];
  131. options |= axtlsj.SSL_NO_DEFAULT_KEY;
  132. }
  133. else if (args[i].equals("-pass"))
  134. {
  135. if (i >= args.length-1)
  136. {
  137. print_server_options(build_mode, args[i]);
  138. }
  139. password = args[++i];
  140. }
  141. else if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
  142. {
  143. if (args[i].equals("-verify"))
  144. {
  145. options |= axtlsj.SSL_CLIENT_AUTHENTICATION;
  146. }
  147. else if (args[i].equals("-CAfile"))
  148. {
  149. if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
  150. {
  151. print_server_options(build_mode, args[i]);
  152. }
  153. ca_cert[ca_cert_index++] = args[++i];
  154. }
  155. else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
  156. {
  157. if (args[i].equals("-debug"))
  158. {
  159. options |= axtlsj.SSL_DISPLAY_BYTES;
  160. }
  161. else if (args[i].equals("-state"))
  162. {
  163. options |= axtlsj.SSL_DISPLAY_STATES;
  164. }
  165. else if (args[i].equals("-show-rsa"))
  166. {
  167. options |= axtlsj.SSL_DISPLAY_RSA;
  168. }
  169. else
  170. print_server_options(build_mode, args[i]);
  171. }
  172. else
  173. print_server_options(build_mode, args[i]);
  174. }
  175. else
  176. print_server_options(build_mode, args[i]);
  177. }
  178. else
  179. print_server_options(build_mode, args[i]);
  180. i++;
  181. }
  182. /* Create socket for incoming connections */
  183. ServerSocket server_sock = new ServerSocket(port);
  184. /**********************************************************************
  185. * This is where the interesting stuff happens. Up until now we've
  186. * just been setting up sockets etc. Now we do the SSL handshake.
  187. **********************************************************************/
  188. SSLServer ssl_ctx = new SSLServer(options,
  189. axtlsj.SSL_DEFAULT_SVR_SESS);
  190. if (ssl_ctx == null)
  191. throw new Exception("Error: Server context is invalid");
  192. if (private_key_file != null)
  193. {
  194. int obj_type = axtlsj.SSL_OBJ_RSA_KEY;
  195. if (private_key_file.endsWith(".p8"))
  196. obj_type = axtlsj.SSL_OBJ_PKCS8;
  197. else if (private_key_file.endsWith(".p12"))
  198. obj_type = axtlsj.SSL_OBJ_PKCS12;
  199. if (ssl_ctx.objLoad(obj_type,
  200. private_key_file, password) != axtlsj.SSL_OK)
  201. {
  202. throw new Exception("Error: Private key '" + private_key_file +
  203. "' is undefined.");
  204. }
  205. }
  206. for (i = 0; i < cert_index; i++)
  207. {
  208. if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT,
  209. cert[i], null) != axtlsj.SSL_OK)
  210. {
  211. throw new Exception("Certificate '" + cert[i] +
  212. "' is undefined.");
  213. }
  214. }
  215. for (i = 0; i < ca_cert_index; i++)
  216. {
  217. if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT,
  218. ca_cert[i], null) != axtlsj.SSL_OK)
  219. {
  220. throw new Exception("Certificate '" + ca_cert[i] +
  221. "' is undefined.");
  222. }
  223. }
  224. int res;
  225. SSLReadHolder rh = new SSLReadHolder();
  226. for (;;)
  227. {
  228. if (!quiet)
  229. {
  230. System.out.println("ACCEPT");
  231. }
  232. Socket client_sock = server_sock.accept();
  233. SSL ssl = ssl_ctx.connect(client_sock);
  234. while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
  235. {
  236. /* check when the connection has been established */
  237. if (ssl.handshakeStatus() == axtlsj.SSL_OK)
  238. break;
  239. /* could do something else here */
  240. }
  241. if (res == axtlsj.SSL_OK) /* connection established and ok */
  242. {
  243. if (!quiet)
  244. {
  245. display_session_id(ssl);
  246. display_cipher(ssl);
  247. }
  248. /* now read (and display) whatever the client sends us */
  249. for (;;)
  250. {
  251. /* keep reading until we get something interesting */
  252. while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
  253. {
  254. /* could do something else here */
  255. }
  256. if (res < axtlsj.SSL_OK)
  257. {
  258. if (!quiet)
  259. {
  260. System.out.println("CONNECTION CLOSED");
  261. }
  262. break;
  263. }
  264. /* convert to String */
  265. byte[] buf = rh.getData();
  266. char[] str = new char[res];
  267. for (i = 0; i < res; i++)
  268. {
  269. str[i] = (char)buf[i];
  270. }
  271. System.out.print(str);
  272. }
  273. }
  274. else if (!quiet)
  275. {
  276. SSLUtil.displayError(res);
  277. }
  278. /* client was disconnected or the handshake failed. */
  279. ssl.dispose();
  280. client_sock.close();
  281. }
  282. /* ssl_ctx.dispose(); */
  283. }
  284. /*
  285. * do_client()
  286. */
  287. private void do_client(int build_mode, String[] args)
  288. throws Exception
  289. {
  290. if (build_mode < axtlsj.SSL_BUILD_ENABLE_CLIENT)
  291. print_client_options(build_mode, args[1]);
  292. int i = 1, res;
  293. int port = 4433;
  294. boolean quiet = false;
  295. String password = null;
  296. int reconnect = 0;
  297. String private_key_file = null;
  298. String hostname = "127.0.0.1";
  299. /* organise the cert/ca_cert lists */
  300. int cert_index = 0;
  301. int ca_cert_index = 0;
  302. int cert_size = SSLUtil.maxCerts();
  303. int ca_cert_size = SSLUtil.maxCACerts();
  304. String[] cert = new String[cert_size];
  305. String[] ca_cert = new String[ca_cert_size];
  306. int options = axtlsj.SSL_SERVER_VERIFY_LATER|axtlsj.SSL_DISPLAY_CERTS;
  307. byte[] session_id = null;
  308. while (i < args.length)
  309. {
  310. if (args[i].equals("-connect"))
  311. {
  312. String host_port;
  313. if (i >= args.length-1)
  314. {
  315. print_client_options(build_mode, args[i]);
  316. }
  317. host_port = args[++i];
  318. int index_colon;
  319. if ((index_colon = host_port.indexOf(':')) < 0)
  320. print_client_options(build_mode, args[i]);
  321. hostname = new String(host_port.toCharArray(),
  322. 0, index_colon);
  323. port = Integer.parseInt(new String(host_port.toCharArray(),
  324. index_colon+1, host_port.length()-index_colon-1));
  325. }
  326. else if (args[i].equals("-cert"))
  327. {
  328. if (i >= args.length-1 || cert_index >= cert_size)
  329. {
  330. print_client_options(build_mode, args[i]);
  331. }
  332. cert[cert_index++] = args[++i];
  333. }
  334. else if (args[i].equals("-CAfile"))
  335. {
  336. if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
  337. {
  338. print_client_options(build_mode, args[i]);
  339. }
  340. ca_cert[ca_cert_index++] = args[++i];
  341. }
  342. else if (args[i].equals("-key"))
  343. {
  344. if (i >= args.length-1)
  345. {
  346. print_client_options(build_mode, args[i]);
  347. }
  348. private_key_file = args[++i];
  349. options |= axtlsj.SSL_NO_DEFAULT_KEY;
  350. }
  351. else if (args[i].equals("-verify"))
  352. {
  353. options &= ~(int)axtlsj.SSL_SERVER_VERIFY_LATER;
  354. }
  355. else if (args[i].equals("-reconnect"))
  356. {
  357. reconnect = 4;
  358. }
  359. else if (args[i].equals("-quiet"))
  360. {
  361. quiet = true;
  362. options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
  363. }
  364. else if (args[i].equals("-pass"))
  365. {
  366. if (i >= args.length-1)
  367. {
  368. print_server_options(build_mode, args[i]);
  369. }
  370. password = args[++i];
  371. }
  372. else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
  373. {
  374. if (args[i].equals("-debug"))
  375. {
  376. options |= axtlsj.SSL_DISPLAY_BYTES;
  377. }
  378. else if (args[i].equals("-state"))
  379. {
  380. options |= axtlsj.SSL_DISPLAY_STATES;
  381. }
  382. else if (args[i].equals("-show-rsa"))
  383. {
  384. options |= axtlsj.SSL_DISPLAY_RSA;
  385. }
  386. else
  387. print_client_options(build_mode, args[i]);
  388. }
  389. else /* don't know what this is */
  390. print_client_options(build_mode, args[i]);
  391. i++;
  392. }
  393. Socket client_sock = new Socket(hostname, port);
  394. if (!client_sock.isConnected())
  395. {
  396. System.out.println("could not connect");
  397. throw new Exception();
  398. }
  399. if (!quiet)
  400. {
  401. System.out.println("CONNECTED");
  402. }
  403. /**********************************************************************
  404. * This is where the interesting stuff happens. Up until now we've
  405. * just been setting up sockets etc. Now we do the SSL handshake.
  406. **********************************************************************/
  407. SSLClient ssl_ctx = new SSLClient(options,
  408. axtlsj.SSL_DEFAULT_CLNT_SESS);
  409. if (ssl_ctx == null)
  410. {
  411. throw new Exception("Error: Client context is invalid");
  412. }
  413. if (private_key_file != null)
  414. {
  415. int obj_type = axtlsj.SSL_OBJ_RSA_KEY;
  416. if (private_key_file.endsWith(".p8"))
  417. obj_type = axtlsj.SSL_OBJ_PKCS8;
  418. else if (private_key_file.endsWith(".p12"))
  419. obj_type = axtlsj.SSL_OBJ_PKCS12;
  420. if (ssl_ctx.objLoad(obj_type,
  421. private_key_file, password) != axtlsj.SSL_OK)
  422. {
  423. throw new Exception("Error: Private key '" + private_key_file +
  424. "' is undefined.");
  425. }
  426. }
  427. for (i = 0; i < cert_index; i++)
  428. {
  429. if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT,
  430. cert[i], null) != axtlsj.SSL_OK)
  431. {
  432. throw new Exception("Certificate '" + cert[i] +
  433. "' is undefined.");
  434. }
  435. }
  436. for (i = 0; i < ca_cert_index; i++)
  437. {
  438. if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT,
  439. ca_cert[i], null) != axtlsj.SSL_OK)
  440. {
  441. throw new Exception("Certificate '" + ca_cert[i] +
  442. "' is undefined.");
  443. }
  444. }
  445. SSL ssl = null;
  446. /* Try session resumption? */
  447. if (reconnect > 0)
  448. {
  449. while (reconnect-- > 0)
  450. {
  451. ssl = ssl_ctx.connect(client_sock, session_id);
  452. if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
  453. {
  454. if (!quiet)
  455. {
  456. SSLUtil.displayError(res);
  457. }
  458. ssl.dispose();
  459. throw new Exception();
  460. }
  461. display_session_id(ssl);
  462. session_id = ssl.getSessionId();
  463. if (reconnect > 0)
  464. {
  465. ssl.dispose();
  466. client_sock.close();
  467. /* and reconnect */
  468. client_sock = new Socket(hostname, port);
  469. }
  470. }
  471. }
  472. else
  473. {
  474. ssl = ssl_ctx.connect(client_sock, null);
  475. }
  476. /* check the return status */
  477. if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
  478. {
  479. if (!quiet)
  480. {
  481. SSLUtil.displayError(res);
  482. }
  483. throw new Exception();
  484. }
  485. if (!quiet)
  486. {
  487. String common_name =
  488. ssl.getCertificateDN(axtlsj.SSL_X509_CERT_COMMON_NAME);
  489. if (common_name != null)
  490. {
  491. System.out.println("Common Name:\t\t\t" + common_name);
  492. }
  493. display_session_id(ssl);
  494. display_cipher(ssl);
  495. }
  496. BufferedReader in = new BufferedReader(
  497. new InputStreamReader(System.in));
  498. for (;;)
  499. {
  500. String user_input = in.readLine();
  501. if (user_input == null)
  502. break;
  503. byte[] buf = new byte[user_input.length()+2];
  504. buf[buf.length-2] = (byte)'\n'; /* add the carriage return */
  505. buf[buf.length-1] = 0; /* null terminate */
  506. for (i = 0; i < buf.length-2; i++)
  507. {
  508. buf[i] = (byte)user_input.charAt(i);
  509. }
  510. if ((res = ssl_ctx.write(ssl, buf)) < axtlsj.SSL_OK)
  511. {
  512. if (!quiet)
  513. {
  514. SSLUtil.displayError(res);
  515. }
  516. break;
  517. }
  518. }
  519. ssl_ctx.dispose();
  520. }
  521. /**
  522. * We've had some sort of command-line error. Print out the basic options.
  523. */
  524. private void print_options(String option)
  525. {
  526. System.out.println("axssl: Error: '" + option +
  527. "' is an invalid command.");
  528. System.out.println("usage: axtlsj.jar [s_server|s_client|version] " +
  529. "[args ...]");
  530. System.exit(1);
  531. }
  532. /**
  533. * We've had some sort of command-line error. Print out the server options.
  534. */
  535. private void print_server_options(int build_mode, String option)
  536. {
  537. int cert_size = SSLUtil.maxCerts();
  538. int ca_cert_size = SSLUtil.maxCACerts();
  539. System.out.println("unknown option " + option);
  540. System.out.println("usage: s_server [args ...]");
  541. System.out.println(" -accept arg\t- port to accept on (default " +
  542. "is 4433)");
  543. System.out.println(" -quiet\t\t- No server output");
  544. if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
  545. {
  546. System.out.println(" -cert arg\t- certificate file to add (in " +
  547. "addition to default) to chain -");
  548. System.out.println("\t\t Can repeat up to " + cert_size + " times");
  549. System.out.println(" -key arg\t- Private key file to use");
  550. System.out.println(" -pass\t\t- private key file pass phrase source");
  551. }
  552. if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
  553. {
  554. System.out.println(" -verify\t- turn on peer certificate " +
  555. "verification");
  556. System.out.println(" -CAfile arg\t- Certificate authority. ");
  557. System.out.println("\t\t Can repeat up to " +
  558. ca_cert_size + " times");
  559. }
  560. if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
  561. {
  562. System.out.println(" -debug\t\t- Print more output");
  563. System.out.println(" -state\t\t- Show state messages");
  564. System.out.println(" -show-rsa\t- Show RSA state");
  565. }
  566. System.exit(1);
  567. }
  568. /**
  569. * We've had some sort of command-line error. Print out the client options.
  570. */
  571. private void print_client_options(int build_mode, String option)
  572. {
  573. int cert_size = SSLUtil.maxCerts();
  574. int ca_cert_size = SSLUtil.maxCACerts();
  575. System.out.println("unknown option " + option);
  576. if (build_mode >= axtlsj.SSL_BUILD_ENABLE_CLIENT)
  577. {
  578. System.out.println("usage: s_client [args ...]");
  579. System.out.println(" -connect host:port - who to connect to " +
  580. "(default is localhost:4433)");
  581. System.out.println(" -verify\t- turn on peer certificate " +
  582. "verification");
  583. System.out.println(" -cert arg\t- certificate file to use");
  584. System.out.println(" -key arg\t- Private key file to use");
  585. System.out.println("\t\t Can repeat up to " + cert_size +
  586. " times");
  587. System.out.println(" -CAfile arg\t- Certificate authority.");
  588. System.out.println("\t\t Can repeat up to " + ca_cert_size +
  589. " times");
  590. System.out.println(" -quiet\t\t- No client output");
  591. System.out.println(" -pass\t\t- private key file pass " +
  592. "phrase source");
  593. System.out.println(" -reconnect\t- Drop and re-make the " +
  594. "connection with the same Session-ID");
  595. if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
  596. {
  597. System.out.println(" -debug\t\t- Print more output");
  598. System.out.println(" -state\t\t- Show state messages");
  599. System.out.println(" -show-rsa\t- Show RSA state");
  600. }
  601. }
  602. else
  603. {
  604. System.out.println("Change configuration to allow this feature");
  605. }
  606. System.exit(1);
  607. }
  608. /**
  609. * Display what cipher we are using
  610. */
  611. private void display_cipher(SSL ssl)
  612. {
  613. System.out.print("CIPHER is ");
  614. byte ciph_id = ssl.getCipherId();
  615. if (ciph_id == axtlsj.SSL_AES128_SHA)
  616. System.out.println("AES128-SHA");
  617. else if (ciph_id == axtlsj.SSL_AES256_SHA)
  618. System.out.println("AES256-SHA");
  619. else if (ciph_id == axtlsj.SSL_RC4_128_SHA)
  620. System.out.println("RC4-SHA");
  621. else if (ciph_id == axtlsj.SSL_RC4_128_MD5)
  622. System.out.println("RC4-MD5");
  623. else
  624. System.out.println("Unknown - " + ssl.getCipherId());
  625. }
  626. public char toHexChar(int i)
  627. {
  628. if ((0 <= i) && (i <= 9 ))
  629. return (char)('0' + i);
  630. else
  631. return (char)('a' + (i-10));
  632. }
  633. public void bytesToHex(byte[] data)
  634. {
  635. StringBuffer buf = new StringBuffer();
  636. for (int i = 0; i < data.length; i++ )
  637. {
  638. buf.append(toHexChar((data[i]>>>4)&0x0F));
  639. buf.append(toHexChar(data[i]&0x0F));
  640. }
  641. System.out.println(buf);
  642. }
  643. /**
  644. * Display what session id we have.
  645. */
  646. private void display_session_id(SSL ssl)
  647. {
  648. byte[] session_id = ssl.getSessionId();
  649. if (session_id.length > 0)
  650. {
  651. System.out.println("-----BEGIN SSL SESSION PARAMETERS-----");
  652. bytesToHex(session_id);
  653. System.out.println("-----END SSL SESSION PARAMETERS-----");
  654. }
  655. }
  656. }