# HG changeset patch
# User Quintillus
# Date 1595137309 14400
# Sun Jul 19 01:41:49 2020 -0400
# Branch bouncycastle
# Node ID 1a6bd5629d5fc610ef20ea97a40f0fbfe8b78684
# Parent f0057f2c7cb53489a85cbb2f2bccec91d7001c40
First forays into the Bouncy Castle.
- Compatible with JDK 1.6.
- Included dependencies
- Registered the BouncyCastle JSSE (Java Secure Sockets Exention) provider. As I understand it, it's kind of like the ImageIO Service Provider Interface situation where providers can be registered.
- De-registered the build-in Sun provider.
- Added the JCE (Java Cryptography Extensions) dependency in the Gemini Client, so it can use advanced cryptography.
So far it's failing on "no usable cipher suites enabled". I'm not really sure why, as when I look at this list of enabled ones, it has a bunch of the commonly-used ones, e.g. AES 256 with Galois Counter Mode. Are they enabled but not usable somehow?
diff --git a/pom.xml b/pom.xml
--- a/pom.xml
+++ b/pom.xml
@@ -3,11 +3,18 @@
4.0.0
com.ajtjp
GeminiClient
- 1.0-SNAPSHOT
+ 0.5.1
jar
UTF-8
1.5
1.5
+
+
+ org.bouncycastle
+ bctls-jdk15on
+ 1.66
+
+
\ No newline at end of file
diff --git a/src/main/java/com/ajtjp/geminiclient/GeminiClient.java b/src/main/java/com/ajtjp/geminiclient/GeminiClient.java
--- a/src/main/java/com/ajtjp/geminiclient/GeminiClient.java
+++ b/src/main/java/com/ajtjp/geminiclient/GeminiClient.java
@@ -8,17 +8,24 @@
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
+import java.security.KeyStore;
+import java.security.Provider;
+import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
+import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
/**
*
@@ -40,6 +47,11 @@
Socket s = basicSocketFactory.createSocket(host, port);
s = sslSocketFactory.createSocket(s, host, port, true);
+ String[] ciphers = ((SSLSocket)s).getEnabledCipherSuites();
+ for (String str : ciphers) {
+ ;
+ }
+
OutputStream os = s.getOutputStream();
os.write((url + "\r\n").getBytes());
os.flush();
@@ -178,8 +190,29 @@
}
};
- SSLContext sc = SSLContext.getInstance("TLSv1.2");
+// SSLContext sc = SSLContext.getInstance("TLSv1.2");
+
+ Provider[] providers = Security.getProviders();
+ Security.removeProvider("SunJCE");
+
+ Security.addProvider(new BouncyCastleJsseProvider());
+ providers = Security.getProviders();
+
+ SSLContext sc = SSLContext.getInstance("TLSv1.2", new BouncyCastleJsseProvider());
+
+// TrustManagerFactory trustMgrFact = TrustManagerFactory.getInstance(
+// "PKIX", "BCJSSE");
+// trustMgrFact.init(KeyStore.getInstance(KeyStore.getDefaultType()));
+
+ //Could use trustMgrFact.getTrustManagers() instead of trustAllCerts...
+
+// KeyManagerFactory keyMgrFact = KeyManagerFactory.getInstance("PKIX", "BCJSSE");
+// keyMgrFact.init(KeyStore.getInstance(KeyStore.getDefaultType()), new char[0]);
+// sc.init(keyMgrFact.getKeyManagers(), trustAllCerts, new java.security.SecureRandom());
+
+
sc.init(null, trustAllCerts, new java.security.SecureRandom());
+
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
//adj also set it here