I'm trying to establish an SSL connection between a server I'm writing and a device which I don't know a lot about, except for the fact that its probably embedded with a public key (as you'll see below I have the private key).
What I do know is that I have a python code for a server that works and the device is able to connect and send and receive messages.
Along with the python code, I also received a certificate (PEM format) and a private key that I supply during the initialization of the socket. the python code is as follows:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print 'Socket created'
#Bind socket to local host and port
try:
sock.bind((HOST, 34567))
except socket.error as msg:
print 'Bind failed. Error Code : ' + str(msg[0]) + ' Message ' + msg[1]
sys.exit()
print 'Socket bind complete'
sslSocket = ssl.wrap_socket(sock , server_side=True, certfile="device.crt", keyfile="device.key", ssl_version=ssl.PROTOCOL_TLSv1_2)
#Start listening on socket
sslSocket.listen(10)
print 'Socket now listening'
#wait to accept a connection - blocking call
print 'wait to accept a connection'
conn, addr = sslSocket.accept()
print 'Connected with ' + addr[0] + ':' + str(addr[1])
#start new thread takes 1st argument as a function name to be run, second is
the tuple of arguments to the function.
start_new_thread(receiveThread ,(conn,))
time.sleep(1)
start_new_thread(clientThread ,(conn,))
while 1:
time.sleep(1)
if exitNow:
print 'Exit'
break
sock.close()
print 'exiting'
sys.exit()
I have zero experience with sockets but according to what I read about sockets in Java I have to initialize and setup a keystore and truststore to create an SSL socket.
What I did was (according to this SO answer)
Convert my certificate and key into a PKCS12 certificate-
openssl pkcs12 -export -in device.crt -inkey device.key -certfile device.crt -name "someName" -out device.p12
create a keystore and import the newly generate certificate into it-
keytool -importkeystore -deststorepass 123456 -destkeypass 123456 -destkeystore keystore.jks -srckeystore device.p12 -srcstoretype PKCS12 -srcstorepass 1234 -alias someName
copying that keystore once again and call it a truststore (not sure this is the right thing to do). Then I used the generated keystores to intialize the socket with the following code: (please note that I use Spring Integration as my end goal is to have s trying boot application which will send messages on the socket after receiving calls on a REST API):
@EnableIntegration
@IntegrationComponentScan
@Configuration
public class SocketConfiguration implements
ApplicationListener<TcpConnectionEvent> {
private final org.slf4j.Logger log = LoggerFactory.getLogger(getClass());
@Bean
public AbstractServerConnectionFactory AbstractServerConnectionFactory() {
TcpNetServerConnectionFactory tcpNetServerConnectionFactory = new TcpNetServerConnectionFactory(34567);
DefaultTcpNetSSLSocketFactorySupport tcpNetSSLSocketFactory = tcpSocketFactorySupport();
tcpNetServerConnectionFactory.setTcpSocketFactorySupport(tcpNetSSLSocketFactory);
return tcpNetServerConnectionFactory;
}
@Bean
public DefaultTcpNetSSLSocketFactorySupport tcpSocketFactorySupport() {
TcpSSLContextSupport sslContextSupport = new DefaultTcpSSLContextSupport("keystore.jks",
"trustStore.jks", "123456", "123456");
DefaultTcpNetSSLSocketFactorySupport tcpSocketFactorySupport =
new DefaultTcpNetSSLSocketFactorySupport(sslContextSupport);
return tcpSocketFactorySupport;
}
@Bean
public TcpInboundGateway TcpInboundGateway(AbstractServerConnectionFactory connectionFactory) {
TcpInboundGateway inGate = new TcpInboundGateway();
inGate.setConnectionFactory(connectionFactory);
inGate.setRequestChannel(getMessageChannel());
return inGate;
}
@Bean
public MessageChannel getMessageChannel() {
return new DirectChannel();
}
@MessageEndpoint
public class Echo {
@Transformer(inputChannel = "getMessageChannel")
public String convert(byte[] bytes) throws Exception {
return new String(bytes);
}
}
private static ConcurrentHashMap<String, TcpConnection> tcpConnections = new ConcurrentHashMap<>();
@Override
public void onApplicationEvent(TcpConnectionEvent tcpEvent) {
TcpConnection source = (TcpConnection) tcpEvent.getSource();
if (tcpEvent instanceof TcpConnectionOpenEvent) {
log.info("Socket Opened " + source.getConnectionId());
tcpConnections.put(tcpEvent.getConnectionId(), source);
if (!authorizeIncomingConnection(source.getSocketInfo())) {
log.warn("Socket Rejected " + source.getConnectionId());
source.close();
}
} else if (tcpEvent instanceof TcpConnectionCloseEvent) {
log.info("Socket Closed " + source.getConnectionId());
tcpConnections.remove(source.getConnectionId());
}
}
private boolean authorizeIncomingConnection(SocketInfo socketInfo) {
//Authorization Logic , Like Ip,Mac Address WhiteList or anyThing else !
return (System.currentTimeMillis() / 1000) % 2 == 0;
}
I think the socket is created successfully because running netstat on my windows machine shows that port 40003 is taken by a java process (which is not when I terminate the process).
The only problem now is that the device still won't connect with my socket. Unfortunately, this is a closed device which I have zero information on and cannot debug it and understand what is happening and why it can't connect (nor get any logs from it). The only reference that I do have is - that the same device is able to connect to the socket when I run the attached Python code on the same machine I'm running the java code (obviously not together).
Can you please point me to where my java code is different from the python code? or any other direction that I can use.
Thanks!
