-
Notifications
You must be signed in to change notification settings - Fork 2
/
3396-Adds-TLS-SNI-to-ghidra-client-connections.patch
127 lines (114 loc) · 5.32 KB
/
3396-Adds-TLS-SNI-to-ghidra-client-connections.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: David Shepherd <1191800+dtshepherd@users.noreply.github.com>
Date: Fri, 3 Sep 2021 23:45:20 -0400
Subject: [PATCH] 3396: Adds TLS SNI to ghidra client connections
add TLS SNI to ghidra client connections
---
.../stream/RemoteBlockStreamHandle.java | 12 +++--
.../client/GhidraSSLClientSocket.java | 44 +++++++++++++++++++
.../framework/client/ServerConnectTask.java | 5 +--
3 files changed, 55 insertions(+), 6 deletions(-)
create mode 100644 Ghidra/Framework/FileSystem/src/main/java/ghidra/framework/client/GhidraSSLClientSocket.java
diff --git a/Ghidra/Features/GhidraServer/src/main/java/ghidra/server/stream/RemoteBlockStreamHandle.java b/Ghidra/Features/GhidraServer/src/main/java/ghidra/server/stream/RemoteBlockStreamHandle.java
index acf3a080c1..20806fd406 100644
--- a/Ghidra/Features/GhidraServer/src/main/java/ghidra/server/stream/RemoteBlockStreamHandle.java
+++ b/Ghidra/Features/GhidraServer/src/main/java/ghidra/server/stream/RemoteBlockStreamHandle.java
@@ -18,9 +18,10 @@ package ghidra.server.stream;
import java.io.*;
import java.net.Socket;
import java.security.SecureRandom;
+import java.util.*;
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLSocketFactory;
+import javax.net.*;
+import javax.net.ssl.*;
import db.buffers.BlockStream;
import db.buffers.DataBuffer;
@@ -278,7 +279,12 @@ public abstract class RemoteBlockStreamHandle<T extends BlockStream> implements
}
SocketFactory socketFactory = SSLSocketFactory.getDefault();
- Socket socket = socketFactory.createSocket(streamServerIPAddress, streamServerPort);
+ SSLSocket socket = (SSLSocket)socketFactory.createSocket(streamServerIPAddress, streamServerPort);
+
+ List<SNIServerName> serverNames = Arrays.asList(new SNIHostName(streamServerIPAddress));
+ SSLParameters params = socket.getSSLParameters();
+ params.setServerNames(serverNames);
+ socket.setSSLParameters(params);
// TODO: set socket options ?
diff --git a/Ghidra/Framework/FileSystem/src/main/java/ghidra/framework/client/GhidraSSLClientSocket.java b/Ghidra/Framework/FileSystem/src/main/java/ghidra/framework/client/GhidraSSLClientSocket.java
new file mode 100644
index 0000000000..901c214924
--- /dev/null
+++ b/Ghidra/Framework/FileSystem/src/main/java/ghidra/framework/client/GhidraSSLClientSocket.java
@@ -0,0 +1,44 @@
+/* ###
+ * IP: GHIDRA
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package ghidra.framework.client;
+
+import java.io.IOException;
+import java.net.*;
+import java.util.*;
+
+import javax.net.ssl.*;
+import javax.rmi.ssl.SslRMIClientSocketFactory;
+
+/**
+ * <code>GhidraSSLClientSocket</code> facilitates ability to impose client authentication
+ * for SSL server sockets used with Ghidra Server RMI connection.
+ */
+public class GhidraSSLClientSocket extends SslRMIClientSocketFactory {
+ /**
+ * Creates an SSLSocket on a given port
+ *
+ * @throws IOException if an error occurs on socket creation.
+ */
+ public Socket createSocket(String host, int port) throws IOException
+ {
+ SSLSocket sslSocket = (SSLSocket) super.createSocket(host, port);
+ List<SNIServerName> serverNames = Arrays.asList(new SNIHostName(host));
+ SSLParameters params = sslSocket.getSSLParameters();
+ params.setServerNames(serverNames);
+ sslSocket.setSSLParameters(params);
+ return sslSocket;
+ }
+}
diff --git a/Ghidra/Framework/FileSystem/src/main/java/ghidra/framework/client/ServerConnectTask.java b/Ghidra/Framework/FileSystem/src/main/java/ghidra/framework/client/ServerConnectTask.java
index b1da86b4cd..5bd9e4fb26 100644
--- a/Ghidra/Framework/FileSystem/src/main/java/ghidra/framework/client/ServerConnectTask.java
+++ b/Ghidra/Framework/FileSystem/src/main/java/ghidra/framework/client/ServerConnectTask.java
@@ -28,7 +28,6 @@ import java.util.HashSet;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
-import javax.rmi.ssl.SslRMIClientSocketFactory;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.PasswordCallback;
@@ -170,7 +169,7 @@ class ServerConnectTask extends Task {
Registry reg =
LocateRegistry.getRegistry(server.getServerName(), server.getPortNumber(),
- new SslRMIClientSocketFactory());
+ new GhidraSSLClientSocket());
checkServerBindNames(reg);
gsh = (GhidraServerHandle) reg.lookup(GhidraServerHandle.BIND_NAME);
@@ -387,7 +386,7 @@ class ServerConnectTask extends Task {
throws IOException, CancelledException {
RMIServerPortFactory portFactory = new RMIServerPortFactory(server.getPortNumber());
- SslRMIClientSocketFactory factory = new SslRMIClientSocketFactory();
+ GhidraSSLClientSocket factory = new GhidraSSLClientSocket();
String serverName = server.getServerName();
int sslRmiPort = portFactory.getRMISSLPort();
--
2.45.1