1 package org.cacert.gigi.ping;
3 import java.io.IOException;
4 import java.io.InputStream;
5 import java.io.OutputStream;
6 import java.net.InetSocketAddress;
7 import java.net.Socket;
8 import java.nio.ByteBuffer;
9 import java.nio.channels.SocketChannel;
10 import java.security.NoSuchAlgorithmException;
11 import java.util.Arrays;
13 import javax.net.ssl.SNIHostName;
14 import javax.net.ssl.SNIServerName;
15 import javax.net.ssl.SSLContext;
16 import javax.net.ssl.SSLEngine;
17 import javax.net.ssl.SSLEngineResult.Status;
18 import javax.net.ssl.SSLException;
19 import javax.net.ssl.SSLEngineResult.HandshakeStatus;
20 import javax.net.ssl.SSLParameters;
21 import javax.security.cert.X509Certificate;
23 public class SSLPinger extends DomainPinger {
25 public static final String[] TYPES = new String[] {
26 "xmpp", "server-xmpp", "smtp", "imap"
30 public String ping(String domain, String configuration) {
32 SocketChannel sch = SocketChannel.open();
33 String[] parts = configuration.split(":", 2);
34 sch.connect(new InetSocketAddress(domain, Integer.parseInt(parts[0])));
35 if (parts.length == 2) {
38 startXMPP(sch, false, domain);
41 startXMPP(sch, true, domain);
52 return test(sch, domain);
53 } catch (IOException e) {
54 return "Connecton failed";
59 private void startIMAP(SocketChannel sch) throws IOException {
60 Socket s = sch.socket();
61 InputStream is = s.getInputStream();
62 OutputStream os = s.getOutputStream();
64 os.write("ENABLE STARTTLS\r\n".getBytes());
69 private void startXMPP(SocketChannel sch, boolean server, String domain) throws IOException {
70 Socket s = sch.socket();
71 InputStream is = s.getInputStream();
72 OutputStream os = s.getOutputStream();
73 os.write(("<stream:stream to=\"" + domain + "\" xmlns=\"jabber:" + (server ? "server" : "client") + "\"" + " xmlns:stream=\"http://etherx.jabber.org/streams\" version=\"1.0\">").getBytes());
75 os.write("<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"/>".getBytes());
77 scanFor(is, "<proceed");
82 private void scanFor(InputStream is, String scanFor) throws IOException {
84 while (pos < scanFor.length()) {
85 if (is.read() == scanFor.charAt(pos)) {
93 private void startSMTP(SocketChannel sch) throws IOException {
94 Socket s = sch.socket();
95 InputStream is = s.getInputStream();
97 s.getOutputStream().write("EHLO ssl.pinger\r\n".getBytes());
98 s.getOutputStream().flush();
100 s.getOutputStream().write("HELP\r\n".getBytes());
101 s.getOutputStream().flush();
103 s.getOutputStream().write("STARTTLS\r\n".getBytes());
104 s.getOutputStream().flush();
108 private void readSMTP(InputStream is) throws IOException {
110 boolean finish = true;
112 char c = (char) is.read();
116 } else if (c == '-') {
119 throw new Error("Invalid smtp: " + c);
133 private String test(SocketChannel sch, String domain) {
135 SSLContext sc = SSLContext.getDefault();
136 SSLEngine se = sc.createSSLEngine();
137 ByteBuffer enc_in = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
138 ByteBuffer enc_out = ByteBuffer.allocate(se.getSession().getPacketBufferSize());
139 ByteBuffer dec_in = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
140 ByteBuffer dec_out = ByteBuffer.allocate(se.getSession().getApplicationBufferSize());
141 se.setUseClientMode(true);
142 SSLParameters sp = se.getSSLParameters();
143 sp.setServerNames(Arrays.<SNIServerName>asList(new SNIHostName(domain)));
144 se.setSSLParameters(sp);
147 while (se.getHandshakeStatus() != HandshakeStatus.FINISHED && se.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING) {
148 switch (se.getHandshakeStatus()) {
151 se.wrap(dec_out, enc_out);
153 while (enc_out.remaining() > 0) {
159 if (enc_in.remaining() == 0) {
164 while (se.unwrap(enc_in, dec_in).getStatus() == Status.BUFFER_UNDERFLOW) {
165 enc_in.position(enc_in.limit());
166 enc_in.limit(enc_in.capacity());
174 se.getDelegatedTask().run();
176 case NOT_HANDSHAKING:
182 System.out.println("completed");
183 System.out.println(se.getSession().getCipherSuite());
184 X509Certificate[] peerCertificateChain = se.getSession().getPeerCertificateChain();
185 for (X509Certificate x509Certificate : peerCertificateChain) {
186 System.out.println(x509Certificate.getSubjectDN().getName());
188 return PING_SUCCEDED;
189 } catch (NoSuchAlgorithmException e) {
191 return "Security failed";
192 } catch (SSLException e) {
194 return "Security failed";
195 } catch (IOException e) {
197 return "Connection closed";