Merge pull request #38 from gabrielpadilh4/issues

Improvement to add cipher suites, show required options and fix help command output

README.md

@@ -9,17 +9,23 @@ Command line application built in Java that tests SSL/TLS handshake as client or
 Usage:
 ```sh
 $ ssl-handshake-debugger -h
-Usage: handshake-debug [-ahV] [-f=<fileName>] [-p=<port>] [-pr=<enabledProtocols>] -s=<server> <mode>
+Usage: handshake-debug [-ahv] [-c=<ciphers>] [-f=<fileName>] -p=<port> [-pr=<protocols>] -s=<server> <mode>
+
+Description:
+
 Command line application that tests SSL/TLS handshake as client or server and prints the javax.net.debug output.
-      <mode>              Mode to run, client or server
-  -a, --all               Use javax.net.debug=all instead of javax.net.debug=ssl:handshake:verbose
-  -f, --file=<fileName>   Filename to write the handshake output
-  -h, --help              Show this help message and exit.
-  -p, --port=<port>       Port to listen or be hit
-      -pr, --protocols=<enabledProtocols>
-                          TLS/SSL JVM enabled protocols list(e.g. TLSv1.2, TLSv1.3)
-  -s, -server=<server>    IP or Host to bind or call
-  -V, --version           Print version information and exit.
+*     <mode>                mode to run, client or server
+
+Parameters:
+* -s, -server=<server>      ip or host to bind or call
+* -p, --port=<port>         port to listen or be hit
+  -c, --ciphers=<ciphers>   enabled cipher suites(e.g TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
+  -f, --file=<fileName>     filename to write the handshake output
+      -pr, --protocols=<protocols>
+                            jvm ssl/tls enabled protocols list(e.g. TLSv1.2, TLSv1.3)
+  -a, --all                 use javax.net.debug=all instead of javax.net.debug=ssl:handshake:verbose
+  -v, --version             display version info
+  -h, --help                display this help message
 ```
 
 Command output example as client:

src/main/java/io/github/gabrielpadilh4/commands/SSLDebugCommand.java

@@ -12,30 +12,47 @@
 /**
  * @author [email protected]
  */
-@Command(name = "handshake-debug", mixinStandardHelpOptions = true, 
+@Command(name = "handshake-debug", 
+        mixinStandardHelpOptions = true, 
         description = "Command line application that tests SSL/TLS handshake as client or server and prints the javax.net.debug output.", 
-        version = { "SSL Handshake Debugger 1.4", "JVM: ${java.version} (${java.vendor} ${java.vm.name} ${java.vm.version})", "OS: ${os.name} ${os.version} ${os.arch}" },
-        usageHelpAutoWidth = true)
+        version = { "SSL Handshake Debugger 1.4", 
+                    "JVM: ${java.version} (${java.vendor} ${java.vm.name} ${java.vm.version})", 
+                    "OS: ${os.name} ${os.version} ${os.arch}" 
+                },
+        sortOptions = false, 
+        usageHelpAutoWidth = true,
+        descriptionHeading = "%nDescription:%n%n",
+        optionListHeading = "%nParameters:%n",
+        requiredOptionMarker = '*')
 public class SSLDebugCommand implements Callable<Integer> {
 
-    @Parameters(description = "Mode to run, client or server", defaultValue = "client")
+    @Parameters(description = "mode to run, client or server", defaultValue = "client")
     private String mode;
 
-    @Option(names = { "-s", "-server" }, description = "IP or Host to bind or call", required = true)
+    @Option(names = { "-server", "-s" }, required = true, description = "ip or host to bind or call")
     private String server;
 
-    @Option(names = { "-p", "--port" }, description = "Port to listen or be hit", defaultValue = "443", required = true)
+    @Option(names = { "--port", "-p" }, required = true, description = "port to listen or be hit")
     private int port;
 
-    @Option(names = { "-f", "--file" }, description = "Filename to write the handshake output", defaultValue = "", required = false)
+    @Option(names = { "--ciphers", "-c" }, description = "enabled cipher suites(e.g TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)", defaultValue = "")
+    private String ciphers;
+
+    @Option(names = { "--file", "-f" }, description = "filename to write the handshake output", defaultValue = "")
     private String fileName;
 
-    @Option(names = { "-pr", "--protocols" }, description = "TLS/SSL JVM enabled protocols list(e.g. TLSv1.2, TLSv1.3)", defaultValue = "", required = false)
-    private String enabledProtocols;
+    @Option(names = { "--protocols", "-pr" }, description = "jvm ssl/tls enabled protocols list(e.g. TLSv1.2, TLSv1.3)", defaultValue = "")
+    private String protocols;
 
-    @Option(names = { "-a", "--all" }, description = "Use javax.net.debug=all instead of javax.net.debug=ssl:handshake:verbose", required = false)
+    @Option(names = { "--all", "-a" }, description = "use javax.net.debug=all instead of javax.net.debug=ssl:handshake:verbose")
     private boolean allJavaxNetDebug;
 
+    @Option(names = { "--version", "-v" }, versionHelp = true, description = "display version info")
+    boolean versionInfoRequested;
+
+    @Option(names = { "--help", "-h" }, usageHelp = true, description = "display this help message")
+    boolean usageHelpRequested;
+
     @Override
     public Integer call() throws Exception {
 
@@ -44,8 +61,9 @@ public Integer call() throws Exception {
         sslCliParams.setMode(mode);
         sslCliParams.setServer(server);
         sslCliParams.setPort(port);
+        sslCliParams.setCiphers(ciphers);
         sslCliParams.setFileName(fileName);
-        sslCliParams.setEnabledProtocols(enabledProtocols);
+        sslCliParams.setEnabledProtocols(protocols);
         sslCliParams.setAllDebug(allJavaxNetDebug);
 
         SSLService.logSSLHandshake(sslCliParams);

src/main/java/io/github/gabrielpadilh4/models/SslCliParams.java

@@ -10,13 +10,16 @@ public class SslCliParams {
     private String mode;
     private String server;
     private int port;
+    private String ciphers;
     private String fileName;
     private String enabledProtocols;
     private boolean allDebug;
 
     public SslCliParams() {
         this.mode = "";
         this.server = "";
+        this.port = 0;
+        this.ciphers = "";
         this.fileName = "";
         this.enabledProtocols = "";
         this.allDebug = false;
@@ -52,6 +55,14 @@ public void setPort(int port) {
         this.port = port;
     }
 
+    public String getCiphers() {
+        return ciphers;
+    }
+
+    public void setCiphers(String ciphers) {
+        this.ciphers = ciphers;
+    }
+
     public String getFileName() {
         return fileName;
     }

src/main/java/io/github/gabrielpadilh4/services/SSLService.java

@@ -43,6 +43,11 @@ private static Server parseSslCliParams(SslCliParams sslCliParams) throws Except
             System.setProperty("jdk.tls.client.protocols", sslCliParams.getEnabledProtocols());
         }
 
+        if (!sslCliParams.getCiphers().isBlank()) {
+            System.setProperty("jdk.tls.client.cipherSuites", sslCliParams.getCiphers());
+            System.setProperty("jdk.tls.server.cipherSuites", sslCliParams.getCiphers());
+        }
+
         if (!sslCliParams.getFileName().isBlank()) {
             File file = new File(sslCliParams.getFileName());
             System.out.println("Writing output to file: " + sslCliParams.getFileName());
@@ -76,8 +81,6 @@ private static void openServerSocket(Server serverListener) throws IOException {
         Files.copy(SSLDebugCommand.class.getResourceAsStream("/server.keystore"), temp,
                 StandardCopyOption.REPLACE_EXISTING);
 
-        // String keyStorePath =
-        // SSLDebugCommand.class.getResource("/server.keystore").getPath();
         String keyStorePath = temp.toFile().getAbsolutePath();
         System.setProperty("javax.net.ssl.keyStore", keyStorePath);
         System.setProperty("javax.net.ssl.keyStorePassword", "password");
@@ -88,18 +91,12 @@ private static void openServerSocket(Server serverListener) throws IOException {
         try (SSLServerSocket listener = (SSLServerSocket) factory.createServerSocket(serverListener.getServerPort(), 5,
                 bindAddress)) {
 
-            /*
-             * TODO -
-             * Get a list of enabled cipher suites from the command line
-             * otherwise, use default cipher suites
-             */
-
             try (Socket socket = listener.accept()) {
                 InputStream inputStream = socket.getInputStream();
                 InputStreamReader inputStreamReader = new InputStreamReader(inputStream);
-
                 BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
                 String request = null;
+
                 while ((request = bufferedReader.readLine()) != null) {
                     System.out.println(request);
                     System.out.flush();