Skip to content
This repository was archived by the owner on Dec 24, 2022. It is now read-only.

SSL protection

Jump to bottom
SnowyCoder edited this page Jan 5, 2017 · 1 revision
  1. Why SSL?
  2. What is supported?
  3. Generating SSL keys
  4. Converting key
  5. Server Installation
  6. Client Installation

Why SSL?

SSL is a security protocol that protects against mitm attacks and, generally, read or tampering attemps, This connection is NOT necessary in client-server connections but it's good practice if you think that someone might want to copy the other's assignment, or get his login credentials.

What is supported?

This program works with any signed certificate, and it was tested with a self-signed one.

Generating SSL keys

This part can be skipped if the user has already a key to use. There are already some awesome guides about this so i will only suggest somethings:

  • It can also be done in windows, but we need to set the variable OPENSSL_CONFto the openssl config location (set OPENSSL_CONF=path_to_openssl/share/openssl.cnf in my pc)
  • Skip the last part regarding the Apache setup, we're not using it.

Converting key

The key taken as input from the server needs to be in the format pkcs8, if it already is, good for you, but if it's not here's a command to convert it openssl pkcs8 -topk8 -nocrypt -in old_key_path -out pkcs8_key.pem.

Server Installation

The server doesn't need any compile-time changes to load or change ssl keys and certificates, the only thing to do is to put the ssl keys in the right path, the default one is "ssl/ssl.crt" for the certificate and "ssl/ssl.pem" for the key. They can be changed using the command line arguments:

  • -c or --cert-path for the certificate path
  • -k or --key-path for the path of the key
  • -kp or --key-passw for the password of the key

If you've done everything correctly at the server startup you should see "SSL -> Loaded!" before the port request.

Client Installation

This is more complex, for security reasons we cannot put the certificate in another file external to the program because someone could simply change it with another one. We choose to put the certificate into a class so it should be really hard for a anyone to change it without changing the whole program.

Download the source code

To put the certificate into the program first download the source code (it can be found after the binaries) then extract it into a folder.

Manually paste the certificate

Open the file "verifier-parent/protocol/src/main/java/xyz/upperlevel/verifier/proto/ssl/SslClientContext.java" Open the certificate (with pem format) with a text editor, it should be something like this. It is really important to check if the certificate has the "BEGIN" and "END" certificate in the begin and at the end of the file as in the example (the same words), if it doesn't it means that it's not in PEM format or that it isn't a certificate. If everything is checked you can copy the characters inside the begin and the end of the file (removing "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" and the newlines) and put it into the var. the resould whould look like one of those (I really suggest the last one)

Compiling

To compile the program we need two things: JDK and Maven, Once those are installed, we're ready to go. Open the folder with the modified source and go to the folder "verifier-parent" (the root) and execute (from console) `mvn clean install, This should download all the depencies, run the tests and compile everything. the compiled jar can be found inside of "verifier-parent/verifier-client/target/verifier-client.jar"

Clone this wiki locally