[Assorted-commits] SF.net SVN: assorted:[1456] sandbox/trunk/src/java

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 1456
          http://assorted.svn.sourceforge.net/assorted/?rev=1456&view=rev
Author:   yangzhang
Date:     2009-07-20 00:25:59 +0000 (Mon, 20 Jul 2009)

Log Message:
-----------
added ssl fail demo

Added Paths:
-----------
    sandbox/trunk/src/java/ssl/
    sandbox/trunk/src/java/ssl/go.bash

Added: sandbox/trunk/src/java/ssl/go.bash
===================================================================

--- sandbox/trunk/src/java/ssl/go.bash	                        (rev 0)
+++ sandbox/trunk/src/java/ssl/go.bash	2009-07-20 00:25:59 UTC (rev 1456)
@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+
+set -o errexit -o nounset
+
+cat > ssl.cfg << EOF
+[ req ]
+prompt = no
+distinguished_name = req_distinguished_name
+[ req_distinguished_name ]
+C                      = US
+EOF
+
+# CA
+openssl genrsa -des3 -out ca.key -passout pass:capass 4096
+openssl req -new -x509 -days 365 -key ca.key -out ca.crt -passin pass:capass -config ca.cfg
+
+# cert
+openssl genrsa -des3 -out server.key -passout pass:serverpass 4096
+openssl req -new -key server.key -out server.csr -passin pass:serverpass -config server.cfg
+
+# sign
+openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -passin pass:capass
+
+# convert to pkcs12
+openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:serverpass -passout pass:
+
+# try to use from java
+cat > SslTest.java << EOF
+import java.io.*; import java.security.*; import javax.net.ssl.*;
+public class SslTest {
+  public static void main(String[] args) throws Exception {
+    FileInputStream fis = new FileInputStream(args[0]);
+    KeyStore ks = KeyStore.getInstance("pkcs12");
+    ks.load(fis, null);
+
+    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+    kmf.init(ks, "serverpass".toCharArray());
+  }
+}
+EOF
+javac SslTest.java
+java SslTest server.p12
+
+######
+# Output:
+#
+# Generating RSA private key, 4096 bit long modulus
+# ..++
+# ..................................++
+# e is 65537 (0x10001)
+# Generating RSA private key, 4096 bit long modulus
+# .++
+# ...................................................................++
+# e is 65537 (0x10001)
+# Signature ok
+# subject=/C=US
+# Getting CA Private Key
+# Exception in thread "main" java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded
+#         at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:288)
+#         at java.security.KeyStore.getKey(KeyStore.java:779)
+#         at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:131)
+#         at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:68)
+#         at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
+#         at SslTest.main(SslTest.java:9)
+# Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
+#         at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
+#         at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
+#         at com.sun.crypto.provider.PKCS12PBECipherCore.implDoFinal(PKCS12PBECipherCore.java:345)
+#         at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede.engineDoFinal(PKCS12PBECipherCore.java:378)
+#         at javax.crypto.Cipher.doFinal(Cipher.java:1813)
+#         at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:270)
+#         ... 5 more


Property changes on: sandbox/trunk/src/java/ssl/go.bash
___________________________________________________________________
Added: svn:executable
   + *


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


