0

I am trying to implement an SSL proxy server in Java that does not raise certificate errors in the browser. I understand that I will need to process the "CONNECT" request, do an SSL handshake thus requiring that I create a sever certificate and store that in the keystore which I will initialize for the SSL socket.

But the browser will always have to verify the server certificate returned and throw the warning error if; 1.The CA certificate is not trusted, but this can be overcome by installing the CA certificate used in signing the server certificate once in the browser. 2.The CN of the certificate does not match the hostname of the website being requested. For this second issue, I implemented using BouncyCastle a certificate generation thread, that uses the hostname being requested to generate a certificate that is signed with the trusted CA private key from above. Then I add the server certificate generated and it's private key into the keystore using the hostname as the alias for the key entry. Now comes the part I can't seem to get a hold of, how do I get to use different certificates for the handshake depending on the hostname being requested. I have seen so many suggestions talking about keymanagers and sslcontext but none of that seem to be able to dynamically change the certificate used for sslhandshake depending on the differing hostname being requested.

I am sorry for the very verbose question, I am new to all this, so please be a little patient with me.

EDIT: Considering implementing a keymanager and initializing sslcontext with it, and creating the serversocket, at the moment when the serversocket is being created there is no hostname being requested, so how do I create a keymanager that is dynamic unlike the fixedserveralias examples I have seen around.

Improve this question
1
  • It sounds like you need to implement a an Interception Proxy. If you want to generate certificates on the fly for domains you don't control, then talk to Trustwave. They have sold the subordinate CA certs in past. Or you need to run your own PKI. The proxies are not ethical in my opinion, and you need to be careful about how its deployed. It might be illegal in some instances (for example, a CFAA violation in the US because you exceeded your authority). Commented Jun 23, 2014 at 5:19

3 Answers 3

Reset to default
2

Since you're getting the CONNECT request over a plain socket, presumably, you're trying to upgrade that socket to an SSLSocket afterwards (which you can indeed to with SSLSocketFactory.createSocket(Socket s, String host, int port, boolean autoClose).

Since you're generating your new certificate on the fly by putting the hostname you get via CONNECT into its CN (by the way, it would be better in a SAN), you can quite easily create a KeyStore instance in memory and put that cert and its private key into it. Then, initialise a KeyManagerFactory from that instance, initialise a new SSLContext using that KMF, create an new SSLSocketFactory from that SSLContext, and use SSLSocketFactory.createSocket(Socket, ...) to upgrade that specific accepted socket. You can do all this per accepted socket and they would all be independent.

Having a single KeyManager and SSLContext for all your sockets would mean that you need to implement some custom logic into your own subclass of X509KeyManager (implementing your own chooseServerAlias()), which seems unnecessarily complicated.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

So I create an existing SSLServerSocket which I overlay with another SSL socket which I created with the dynamic SSLContext, but doesn't "boolean autoClose" also close the underlying socket when the socket is closed.
Sure, you generally want to autoClose indeed. Why wouldn't you? Don't forget to set that new SSLSocket in server mode (setUseClientMode(false)), though, since you're creating an SSLSocket, not an SSLServerSocket using SSLSocketFactory.
I can't seem to be able to do it this way, I might have to dabble into the chooseServerAlias() option.
Do you have any example code for what you're trying to do to see where it could have gone wrong? (You need to call setUseClientMode(false) once the SSLSocket instance is created, but before you do anything else with it, i.e. before the handshake, by the way).
I took note of setUseClientMode(false) yet the ssl handshake still fails.
|
1

Basically you'll have to remember the target hostname and return an appropriate keystore alias from X509KeyManager.chooseServerAlias().

The whole thing sounds like a Grade A security breach to me, in more than one respect. You're not entitled to mediate in what is supposed to be a private conversation, and the end user is entitled to know if the server he thinks he's talking to has a bad or non-trusted certificate.

Improve this answer

3 Comments

I understand your sentiments about the whole security flaw in the process, I will worry about that later.
So after initializing the SSLContext with my KeyManager and using the SSLcontext's SSLServerSocketFactory, to create my listener. Would I need to re-initialize the SSLcontext for a different hostname each time and again.
I would worry about it now. If it isn't something you should be doing, you shouldn't start doing it.
-1

Presumably your proxy server is serving multiple host names on a single IP address. Your best bet is to generate a single certificate with multiple subject alternative names (SANs), one for each host name that is served from your IP address.

You cannot use separate certificates for each host name because your proxy server has no way of knowing which host name is requested. That's because the browser first goes to a DNS to translate the host name into the IP address, and then sends the request directly to the IP address. In fact, doing this with separate dynamically generated certificates would be, from a technological standpoint, equivalent to a "man in the middle" attack, which is exactly what the host name checking is supposed to guard against.

Improve this answer

7 Comments

This is a proxy server that is meant to sniff the contents of the https request.
Can you explain how that's relevant to this answer?
Actually, the proxy server has a way to know which host name is requested, since it's the argument of the CONNECT method.
Maybe I don't understand the question, then. If the CONNECT method is being passed in unencrypted HTTP, why does the proxy server have to worry about SSL certificates?
It seems he wants this proxy to perform a MITM "attack" (not really an attack though, since the client would have the CA cert for the proxy's CA).
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.