-// Copyright (C) 2001 Adam Megacz <adam@xwt.org> all rights reserved.
+// Copyright (C) 2002 Adam Megacz <adam@xwt.org> all rights reserved.
//
// You may modify, copy, and redistribute this code under the terms of
// the GNU Library Public License version 2.1, with the exception of
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.asn1.DERInputStream;
import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.DERConstructedSequence;
+import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.BERInputStream;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.asn1.x509.BasicConstraints;
import org.xwt.util.Log;
import java.net.*;
import java.io.*;
1.02 27-Mar-02 Fixed a bug which would hang the connection when more than one
Handshake message appeared in the same TLS Record
+ 1.03 10-Aug-02 Fixed a vulnerability outlined at
+ http://online.securityfocus.com/archive/1/286290
+
*/
public class TinySSL extends Socket {
public static void main(String[] args) {
Log.on = true;
try {
- Socket s = new TinySSL("www.verisign.com", 443);
+ Socket s = new TinySSL("www.paypal.com", 443);
PrintWriter pw = new PrintWriter(s.getOutputStream());
BufferedReader br = new BufferedReader(new InputStreamReader(s.getInputStream()));
pw.println("GET / HTTP/1.0");
while(true) {
String s2 = br.readLine();
if (s2 == null) return;
- System.out.println(s2);
+ Log.log(TinySSL.class, s2);
}
} catch (Exception e) {
int certlen = ((rec[7 + i] & 0xff) << 16) | ((rec[7 + i + 1] & 0xff) << 8) | (rec[7 + i + 2] & 0xff);
try {
DERInputStream dIn = new DERInputStream(new ByteArrayInputStream(rec, 7 + i + 3, certlen));
- this_cert = new X509CertificateStructure((DERConstructedSequence)dIn.readObject());
+ this_cert = new X509CertificateStructure((DERSequence)dIn.readObject());
} catch (Exception e) {
SSLException t = new SSLException("error decoding server certificate: " + e);
t.fillInStackTrace();
}
if (!good) throw new SSLException("server certificate does not seem to have a CN: " + CN);
- if (!ignoreUntrustedCert && !CN.equals(hostname))
+ if (!ignoreUntrustedCert && !CN.equalsIgnoreCase(hostname))
throw new SSLException("connecting to host " + hostname + " but server certificate was issued for " + CN);
- SimpleDateFormat dateF = new SimpleDateFormat("MM-dd-yy-HH-mm-ss-z");
+ SimpleDateFormat dateF = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss-z");
// the following idiocy is a result of the brokenness of the GNU Classpath's SimpleDateFormat
String s = tbs.getStartDate().getTime();
- s = s.substring(2, 4) + "-" + s.substring(4, 6) + "-" + s.substring(0, 2) + "-" + s.substring(6, 8) + "-" +
- s.substring(8, 10) + "-" + s.substring(10, 12) + "-" + s.substring(12);
+ s = s.substring(0, 4) + "-" + s.substring(4, 6) + "-" + s.substring(6, 8) + "-" +
+ s.substring(8, 10) + "-" + s.substring(10, 12) + "-" +
+ s.substring(12, 14) + "-" + s.substring(14);
+
Date startDate = dateF.parse(s, new ParsePosition(0));
s = tbs.getEndDate().getTime();
Log.log(this, "server cert (name, validity dates) checks out okay");
- } else if (!isSignedBy(last_cert, this_cert.getSubjectPublicKeyInfo()))
- throw new SSLException("the server sent a broken chain of certificates");
+ } else {
+
+ // don't check the top cert since some very old root certs lack a BasicConstraints field.
+ if (certlen + 3 + i < numcertbytes) {
+ // defend against Mike Benham's attack
+ X509Extension basicConstraints = this_cert.getTBSCertificate().getExtensions().getExtension(X509Extensions.BasicConstraints);
+ if (basicConstraints == null) throw new SSLException("certificate did not contain a basic constraints block");
+ DERInputStream dis = new DERInputStream(new ByteArrayInputStream(basicConstraints.getValue().getOctets()));
+ BasicConstraints bc = new BasicConstraints((DERSequence)dis.readObject());
+ if (!bc.isCA()) throw new SSLException("non-CA certificate used for signing");
+ }
+
+ if (!isSignedBy(last_cert, this_cert.getSubjectPublicKeyInfo()))
+ throw new SSLException("the server sent a broken chain of certificates");
+ }
last_cert = this_cert;
i += certlen + 3;
byte[] encrypted_pre_master_secret;
SubjectPublicKeyInfo pki = server_cert.getSubjectPublicKeyInfo();
- RSAPublicKeyStructure rsa_pks = new RSAPublicKeyStructure((DERConstructedSequence)pki.getPublicKey());
+ RSAPublicKeyStructure rsa_pks = new RSAPublicKeyStructure((DERSequence)pki.getPublicKey());
BigInteger modulus = rsa_pks.getModulus();
BigInteger exponent = rsa_pks.getPublicExponent();
// decrypt the signature using the signer's public key
byte[] ED = signee.getSignature().getBytes();
SubjectPublicKeyInfo pki = signer;
- RSAPublicKeyStructure rsa_pks = new RSAPublicKeyStructure((DERConstructedSequence)pki.getPublicKey());
+ RSAPublicKeyStructure rsa_pks = new RSAPublicKeyStructure((DERSequence)pki.getPublicKey());
BigInteger modulus = rsa_pks.getModulus();
BigInteger exponent = rsa_pks.getPublicExponent();
AsymmetricBlockCipher rsa = new PKCS1(new RSAEngine());
byte[] D = rsa.processBlock(ED, 0, ED.length);
BERInputStream beris = new BERInputStream(new ByteArrayInputStream(D));
DERObject derob = beris.readObject();
- DERConstructedSequence dercs = (DERConstructedSequence)derob;
+ DERSequence dercs = (DERSequence)derob;
DEROctetString deros = (DEROctetString)dercs.getObjectAt(1);
byte[] MD = deros.getOctets();
trusted_CA_public_key_identifiers[i/2] = base64_encoded_trusted_CA_public_keys[i];
byte[] b = Base64.decode(base64_encoded_trusted_CA_public_keys[i+1]);
DERInputStream dIn = new DERInputStream(new ByteArrayInputStream(b));
- trusted_CA_public_keys[i/2] = new SubjectPublicKeyInfo((DERConstructedSequence)dIn.readObject());
+ trusted_CA_public_keys[i/2] = new SubjectPublicKeyInfo((DERSequence)dIn.readObject());
}
} catch (Exception e) {