BCJSSE Client communication with GNU-TLS Server using OpenPGP

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

BCJSSE Client communication with GNU-TLS Server using OpenPGP

Aravinth Sundaram
I am trying to communicate with a GnuTLS Server (RFC6091) using BCJSSE. The Server accepts cipher suites sent by a GnuTLS client written in C but does not accept the same cipher suites sent by Java. The below is the code snipper I am using. Can anyone help?


TlsCrypto crypto = new BcTlsCrypto(new SecureRandom());
TlsClient tlsClient = new DefaultTlsClient(crypto) {

@Override
protected CertificateStatusRequest getCertificateStatusRequest() {
CertificateStatusRequest certReq = super.getCertificateStatusRequest();
System.out.println("getCertificateStatusRequest()::" + certReq.getStatusType() + "::"
+ certReq.getOCSPStatusRequest());
return certReq;
}

@Override
public void init(TlsClientContext ctx) {
System.out.println("init()::" + ctx);
super.init(ctx);
}

@Override
public TlsCrypto getCrypto() {
TlsCrypto crypto = super.getCrypto();
System.out.println("getCrypto()::ECDHAgreement=" + crypto.hasECDHAgreement()
+ "::RSAEncryption=" + crypto.hasRSAEncryption());
return crypto;
}

@Override
public Hashtable<Integer, byte[]> getClientExtensions() throws IOException {
final Hashtable<Integer, byte[]> clientExtensions = super.getClientExtensions();
clientExtensions.put(9, new byte[] { 1, 1 });
clientExtensions.put(65281, new byte[] { 0 });
clientExtensions.put(35, new byte[] {});
clientExtensions.entrySet().forEach(entry -> {
System.out.println(
"client extension::" + entry.getKey() + "::" + Arrays.toString(entry.getValue()));
});
return clientExtensions;
}

@Override
public ProtocolVersion getClientVersion() {
final ProtocolVersion clientVersion = ProtocolVersion.TLSv11;// super.getClientVersion();
System.out.println(clientVersion);
return clientVersion;
}

@Override
public void notifySelectedCipherSuite(int cipherSuite) {
System.out.println("notifySelectedCipherSuite()::" + cipherSuite);
super.notifySelectedCipherSuite(cipherSuite);
}

@Override
public void notifySessionID(byte[] sessionId) {
System.out.println(new String(sessionId));
super.notifySessionID(sessionId);
}

@Override
public void processServerExtensions(Hashtable extension) throws IOException {
System.out.println("server extension::" + extension);
super.processServerExtensions(extension);
}

@Override
public void notifyAlertRaised(short alertLevel, short alertDescription, String message,
Throwable cause) {
System.out.println("notifyAlertRaised()::" + alertLevel + "::" + alertDescription + "::"
+ message + "::" + cause);
super.notifyAlertRaised(alertLevel, alertDescription, message, cause);
}

@Override
public void notifyAlertReceived(short alertLevel, short alertDescription) {
System.out.println("notifyAlertReceived()::" + alertLevel + "::" + alertDescription);
super.notifyAlertReceived(alertLevel, alertDescription);
}

@Override
public void notifyHandshakeComplete() throws IOException {
System.out.println("notifyHandshakeComplete()");
super.notifyHandshakeComplete();
}

@Override
public void notifySecureRenegotiation(boolean secureRenegotiation) throws IOException {
System.out.println("notifySecureRenegotiation()::" + secureRenegotiation);
super.notifySecureRenegotiation(secureRenegotiation);
}

@Override
public int[] getCipherSuites() {
final int[] cipherSuites = super.getCipherSuites();
System.out.println(LocalTime.now() + ":getCipherSuites(): " + Arrays.toString(cipherSuites));
return cipherSuites;
}

@Override
public TlsKeyExchange getKeyExchange() throws IOException {
System.out.println("getKeyExchange()");
final TlsKeyExchange keyExchange = super.getKeyExchange();
System.out.println(keyExchange);
return keyExchange;
}

@Override
public TlsAuthentication getAuthentication() throws IOException {
System.out.println("getAuthentication()");
return new TlsAuthentication() {

@Override
public void notifyServerCertificate(TlsServerCertificate certificate) throws IOException {
System.out.println("CERTIFICATE: " + certificate);
}

@Override
public TlsCredentials getClientCredentials(CertificateRequest certRequest)
throws IOException {
System.out.println("getClientCredentials()::" + certRequest);
return () -> new Certificate(null);
}
};
}

};
protocol = new TlsClientProtocol(inputStream, plainClient.getOutputStream());
// Initiate a TLS handshake
System.out.println("Initiating handshake...");
protocol.connect(tlsClient);
System.out.println("Handshake Complete");
// Read/write to protocol.getInputStream(), protocol.getOutputStream()
Scanner read = new Scanner(protocol.getInputStream());
while (read.hasNextByte()) {
System.out.println(read.nextByte());
}
read.close();






Thanks and Regards,
Aravinth
Reply | Threaded
Open this post in threaded view
|

Re: BCJSSE Client communication with GNU-TLS Server using OpenPGP

Peter Dettman-3
Hi Aravinth,
Our TLS libraries don't support RFC 6091 (it's not implemented). For
more usual cases, I believe we interoperate fine with GnuTLS.

By the way, "BCJSSE" is the name of our JSSE provider, which you are not
using. We generally refer to the org.bouncycastle.tls code as the
"low-level TLS API".

Regards,
Pete Dettman

On 25/5/18 3:48 pm, Aravinth Sundaram wrote:

> I am trying to communicate with a GnuTLS Server (RFC6091) using BCJSSE.
> The Server accepts cipher suites sent by a GnuTLS client written in C
> but does not accept the same cipher suites sent by Java. The below is
> the code snipper I am using. Can anyone help?
>
>
> TlsCrypto crypto = new BcTlsCrypto(new SecureRandom());
> TlsClient tlsClient = new DefaultTlsClient(crypto) {
>
> @Override
> protected CertificateStatusRequest getCertificateStatusRequest() {
> CertificateStatusRequest certReq = super.getCertificateStatusRequest();
> System.out.println("getCertificateStatusRequest()::" +
> certReq.getStatusType() + "::"
> + certReq.getOCSPStatusRequest());
> return certReq;
> }
>
> @Override
> public void init(TlsClientContext ctx) {
> System.out.println("init()::" + ctx);
> super.init(ctx);
> }
>
> @Override
> public TlsCrypto getCrypto() {
> TlsCrypto crypto = super.getCrypto();
> System.out.println("getCrypto()::ECDHAgreement=" + crypto.hasECDHAgreement()
> + "::RSAEncryption=" + crypto.hasRSAEncryption());
> return crypto;
> }
>
> @Override
> public Hashtable<Integer, byte[]> getClientExtensions() throws IOException {
> final Hashtable<Integer, byte[]> clientExtensions =
> super.getClientExtensions();
> clientExtensions.put(9, new byte[] { 1, 1 });
> clientExtensions.put(65281, new byte[] { 0 });
> clientExtensions.put(35, new byte[] {});
> clientExtensions.entrySet().forEach(entry -> {
> System.out.println(
> "client extension::" + entry.getKey() + "::" +
> Arrays.toString(entry.getValue()));
> });
> return clientExtensions;
> }
>
> @Override
> public ProtocolVersion getClientVersion() {
> final ProtocolVersion clientVersion = ProtocolVersion.TLSv11;//
> super.getClientVersion();
> System.out.println(clientVersion);
> return clientVersion;
> }
>
> @Override
> public void notifySelectedCipherSuite(int cipherSuite) {
> System.out.println("notifySelectedCipherSuite()::" + cipherSuite);
> super.notifySelectedCipherSuite(cipherSuite);
> }
>
> @Override
> public void notifySessionID(byte[] sessionId) {
> System.out.println(new String(sessionId));
> super.notifySessionID(sessionId);
> }
>
> @Override
> public void processServerExtensions(Hashtable extension) throws
> IOException {
> System.out.println("server extension::" + extension);
> super.processServerExtensions(extension);
> }
>
> @Override
> public void notifyAlertRaised(short alertLevel, short alertDescription,
> String message,
> Throwable cause) {
> System.out.println("notifyAlertRaised()::" + alertLevel + "::" +
> alertDescription + "::"
> + message + "::" + cause);
> super.notifyAlertRaised(alertLevel, alertDescription, message, cause);
> }
>
> @Override
> public void notifyAlertReceived(short alertLevel, short alertDescription) {
> System.out.println("notifyAlertReceived()::" + alertLevel + "::" +
> alertDescription);
> super.notifyAlertReceived(alertLevel, alertDescription);
> }
>
> @Override
> public void notifyHandshakeComplete() throws IOException {
> System.out.println("notifyHandshakeComplete()");
> super.notifyHandshakeComplete();
> }
>
> @Override
> public void notifySecureRenegotiation(boolean secureRenegotiation)
> throws IOException {
> System.out.println("notifySecureRenegotiation()::" + secureRenegotiation);
> super.notifySecureRenegotiation(secureRenegotiation);
> }
>
> @Override
> public int[] getCipherSuites() {
> final int[] cipherSuites = super.getCipherSuites();
> System.out.println(LocalTime.now() + ":getCipherSuites(): " +
> Arrays.toString(cipherSuites));
> return cipherSuites;
> }
>
> @Override
> public TlsKeyExchange getKeyExchange() throws IOException {
> System.out.println("getKeyExchange()");
> final TlsKeyExchange keyExchange = super.getKeyExchange();
> System.out.println(keyExchange);
> return keyExchange;
> }
>
> @Override
> public TlsAuthentication getAuthentication() throws IOException {
> System.out.println("getAuthentication()");
> return new TlsAuthentication() {
>
> @Override
> public void notifyServerCertificate(TlsServerCertificate certificate)
> throws IOException {
> System.out.println("CERTIFICATE: " + certificate);
> }
>
> @Override
> public TlsCredentials getClientCredentials(CertificateRequest certRequest)
> throws IOException {
> System.out.println("getClientCredentials()::" + certRequest);
> return () -> new Certificate(null);
> }
> };
> }
>
> };
> protocol = new TlsClientProtocol(inputStream,
> plainClient.getOutputStream());
> // Initiate a TLS handshake
> System.out.println("Initiating handshake...");
> protocol.connect(tlsClient);
> System.out.println("Handshake Complete");
> // Read/write to protocol.getInputStream(), protocol.getOutputStream()
> Scanner read = new Scanner(protocol.getInputStream());
> while (read.hasNextByte()) {
> System.out.println(read.nextByte());
> }
> read.close();
>
>
>
>
>
>
> Thanks and Regards,
> Aravinth
>