Commit 561a5ebc authored by Jannik Hoelling's avatar Jannik Hoelling
Browse files

java move to only one dockerfile

parent bfe2c2cb
# syntax=docker/dockerfile:1
FROM openjdk:17-jdk-alpine3.14
WORKDIR .
ADD src/Client.java /src/
ADD lib/java-getopt-1.0.14.jar /lib/
ADD client.sh /
ADD manifest /
WORKDIR bin
FROM tls-baseimage as tls-java
ARG VERSION=4.8.1-stable
RUN apk add openjdk11-jdk
ADD client /client
ADD server /server
WORKDIR /client/bin
RUN javac -cp ../lib/java-getopt-1.0.14.jar -d . ../src/Client.java
RUN jar cmf ../manifest Client.jar Client.class
WORKDIR /server/bin
RUN javac -cp ../lib/java-getopt-1.0.14.jar -d . ../src/Server.java
RUN jar cmf ../manifest Server.jar Server.class
WORKDIR /
CMD ["/client.sh", ""]
CMD ["java", "-jar", "/server/bin/Server.jar"]
#docker build --build-arg VERSION=2.18 . -t tls-java -f Dockerfile
docker-compose build
\ No newline at end of file
docker build --build-arg . -t tls-java -f Dockerfile
\ No newline at end of file
#!/bin/sh
# echo "------------ Test 1: SNI=tls-server ALPN=http/1.1 ------------"
# java -Djavax.net.ssl.trustStore=certs/ca.crt -jar bin/Client.jar -h $1 -s tls-server -a http/1.1 -p 4433
# sleep 1
# echo "------------ Test 2: SNI=example.com ALPN=http/1.1 ------------"
# java -Djavax.net.ssl.trustStore=certs/ca.crt -jar bin/Client.jar -h $1 -s example.com -a http/1.1 -p 4433
# sleep 1
# echo "------------ Test 3: SNI=tls-server ALPN=invalid ------------"
# java -Djavax.net.ssl.trustStore=certs/ca.crt -jar bin/Client.jar -h $1 -s tls-server -a invalid -p 4433
# sleep 1
# echo "------------ Test 4: wrong certificate by server ------------"
# java -Djavax.net.ssl.trustStore=certs/ca.crt -jar bin/Client.jar -h $2 -s tls-server -a http/1.1 -p 4433
#!/bin/bash
#$1 command to run
#$2 server1 to connect
#$3 server2 to connect
#$4 openssl-malicious-alpn server
#$5 wait seconds before starting
sleep $5
echo "------------ Test 1: SNI=tls-server ALPN=http/1.1 ------------"
$1 -h $2 -s tls-server -a http/1.1
test1=$?
sleep 1
echo "------------ Test 2: SNI=example.com ALPN=http/1.1 ------------"
$1 -h $2 -s example.com -a http/1.1
test2=$?
sleep 1
echo "------------ Test 3: SNI=tls-server ALPN=invalid ------------"
$1 -h $2 -s tls-server -a invalid
test3=$?
sleep 1
echo "------------ Test 4: wrong certificate by server ------------"
$1 -h $3 -s tls-server -a http/1.1
test4=$?
sleep 1
echo "------------ Test 5: server sends wrong alpn ------------"
$1 -h $4 -s tls-server -a http/1.1
test5=$?
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m' # No Color
if [ $test1 = "0" ]; then
echo -e "Test1:${GREEN}SUCCESS exitcode:$test1"
else
echo -e "Test1:${RED}FAILURE exitcode:$test1"
fi
if [ $test2 = "0" ]; then
echo -e "Test2:${RED}FAILURE exitcode:$test2"
else
echo -e "Test2:${GREEN}SUCCESS exitcode:$test2"
fi
if [ $test3 = "0" ]; then
echo -e "Test3:${RED}FAILURE exitcode:$test3"
else
echo -e "Test3:${GREEN}SUCCESS exitcode:$test3"
fi
if [ $test4 = "0" ]; then
echo -e "Test4:${RED}FAILURE exitcode:$test4"
else
echo -e "Test4:${GREEN}SUCCESS exitcode:$test4"
fi
if [ $test5 = "0" ]; then
echo -e "Test5:${RED}FAILURE exitcode:$test5"
else
echo -e "Test5:${GREEN}SUCCESS exitcode:$test5"
fi
......@@ -10,10 +10,8 @@ import javax.naming.InvalidNameException;
import gnu.getopt.Getopt;
public class Client {
public static String cert = "certs/ca.crt";
public static String cert = "/etc/ssl/certs/ca.crt";
public static String[] tls_versions = new String[] { "TLSv1.2", "TLSv1.3" };
public static String[] alpn = { "http/1.1" };
public static String servername = "tls-server";
......@@ -21,7 +19,7 @@ public class Client {
public static int port = 4433;
public static void main(String[] argv) throws Exception {
// Get commandline arguments with GetOpt
Getopt g = new Getopt("Client", argv, "a:s:c:h:p:");
int opt;
......@@ -67,14 +65,14 @@ public class Client {
// Use Custom Keystore
SSLSocketFactory sslsf = (SSLSocketFactory) sslContext.getSocketFactory();
//SSLSocketFactory sslsf = (SSLSocketFactory) SSLSocketFactory.getDefault();
// SSLSocketFactory sslsf = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSocket = (SSLSocket) sslsf.createSocket(host, port);
SSLParameters sslp = sslSocket.getSSLParameters();
// set ALPN
// set ALPN
sslp.setApplicationProtocols(alpn);
// set SNI
// set SNI
SNIHostName serverName = new SNIHostName(servername);
List<SNIServerName> serverNames = new ArrayList<>(1);
serverNames.add(serverName);
......@@ -91,10 +89,10 @@ public class Client {
sslSocket.close();
System.exit(1);
}
// Hostname verification
String peerCNname = getCommonName((X509Certificate)sslSocket.getSession().getPeerCertificates()[0]);
if(!peerCNname.equals(servername)) {
String peerCNname = getCommonName((X509Certificate) sslSocket.getSession().getPeerCertificates()[0]);
if (!peerCNname.equals(servername)) {
System.out.println("Hostname Verification failed: " + peerCNname);
System.exit(1);
}
......@@ -117,7 +115,7 @@ public class Client {
BufferedReader in = new BufferedReader(new InputStreamReader(sslSocket.getInputStream()));
String inputLine;
inputLine = in.readLine();
//while ((inputLine = in.readLine()) != null)
// while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
sslSocket.close();
......@@ -125,8 +123,7 @@ public class Client {
public static String getCommonName(X509Certificate cert) {
try {
LdapName ldapName = new LdapName(cert.getSubjectX500Principal()
.getName());
LdapName ldapName = new LdapName(cert.getSubjectX500Principal().getName());
/*
* Looking for the "most specific CN" (i.e. the last).
*/
......
version: "3"
version: "3.9"
networks:
default:
name: tls-network
internal: true
services:
java-server:
build: server
volumes:
- ../baseimage/certs:/certs
java-server:
image: tls-java
openssl-server-wrong-cn:
image: tls-openssl
command: [ "/server", "-k", "/etc/ssl/cert-data/wrong-server.key", "-c" , "/etc/ssl/cert-data/wrong-server-chain.crt"]
openssl-malicious-alpn:
image: tls-openssl
command: [ "/server", "-m"]
java-client:
build: client
depends_on:
java-client:
image: tls-java
command: [ "/client.sh", "java -Djavax.net.ssl.trustStore=certs/ca.crt -jar /client/bin/Client.jar", "java-server", "openssl-server-wrong-cn", "openssl-malicious-alpn" ,"1"]
depends_on:
- java-server
- openssl-server-wrong-cn
- openssl-malicious-alpn
volumes:
- ../baseimage/certs:/certs
command: [ "/client.sh", "java -Djavax.net.ssl.trustStore=certs/ca.crt -jar bin/Client.jar", "java-server", "openssl-server-wrong-cn" , "openssl-server-wrong-cn", "1"]
\ No newline at end of file
# syntax=docker/dockerfile:1
FROM openjdk:17-jdk-alpine3.14
WORKDIR .
ADD src/Server.java /src/
ADD lib/java-getopt-1.0.14.jar /lib/
ADD manifest /
WORKDIR bin
RUN javac -cp ../lib/java-getopt-1.0.14.jar -d . ../src/Server.java
RUN jar cmf ../manifest Server.jar Server.class
WORKDIR /
CMD ["java", "-jar", "/bin/Server.jar"]
import java.io.*;
import java.security.KeyStore;
import java.util.*;
import javax.net.ssl.*;
import javax.net.ssl.*;
import gnu.getopt.Getopt;
public class Server {
public static String keyFile = "certs/tls-server.p12";
public static String keyFile = "/etc/ssl/cert-data/tls-server.p12";
public static String keyPassword = "123456";
public static String[] protocols = new String[] {"TLSv1.2","TLSv1.3"};
public static String[] alpn = {"http/1.1"};
public static String[] protocols = new String[] { "TLSv1.2", "TLSv1.3" };
public static String[] alpn = { "http/1.1" };
public static String servername = "tls-server";
public static int port = 4433;
public static void main(String[] argv) throws Exception {
// Get commandline arguments with GetOpt
......@@ -35,7 +36,8 @@ public class Server {
System.out.print("Usage: %s [-a alpn] [-s servername] [-t target] [-c certfile] [-p port]");
}
}
System.out.println("Parameters servername="+servername+" alpn=" + alpn[0] + " key="+keyFile+ " port="+port);
System.out.println(
"Parameters servername=" + servername + " alpn=" + alpn[0] + " key=" + keyFile + " port=" + port);
SSLContext ctx = SSLContext.getInstance("TLS");
......@@ -51,17 +53,18 @@ public class Server {
// Initialize SSLContext using the new KeyManager
ctx.init(kms, null, null);
// Instead of using SSLServerSocketFactory.getDefault(),
// Instead of using SSLServerSocketFactory.getDefault(),
// get a SSLServerSocketFactory based on the SSLContext
SSLServerSocketFactory sslssf = ctx.getServerSocketFactory();
SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(port);
while(true) {
while (true) {
// Listen for connectionss
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
SSLParameters sslp = sslSocket.getSSLParameters();
// Set SNI hostname, the matcher aborts the connection if the servername is not found
// Set SNI hostname, the matcher aborts the connection if the servername is not
// found
SNIMatcher matcher = SNIHostName.createSNIMatcher(servername);
Collection<SNIMatcher> matchers = new ArrayList<>(1);
matchers.add(matcher);
......@@ -82,7 +85,8 @@ public class Server {
System.out.println("ALPN: \"" + ap + "\"");
// Send message to client
PrintWriter out = new PrintWriter(new BufferedWriter(new OutputStreamWriter(sslSocket.getOutputStream())));
PrintWriter out = new PrintWriter(
new BufferedWriter(new OutputStreamWriter(sslSocket.getOutputStream())));
out.println("Hello from Server!");
out.flush();
......@@ -100,7 +104,7 @@ public class Server {
sslSocket.close();
continue;
}
sslSocket.close();
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment