pjirc.com

[JUBAiR]

is it possible to make pjirc users connect to the ssl port of the irc server by config? or do i have to put it in the httpsdocs?

any idea anyone?

[TJworld]

No it isn't.

You'd need to write an alternative SecurityProvider that used a javax.net.ssl.SSLSocket instead of java.net.Socket.

Within pjIRC irc.security.DefaultSecuredProvider.getSocket() is where all the socket connection action occurs.

You could extend DefaultSecuredProvider, call the new class DefaultSecuredProviderSSL and simply modify it to use SSL/TLS.

Then in irc.security.SecurityProvider.SecurityProvider() you'd alter

Code: Select all

_provider=new DefaultSecuredProvider();

to read

Code: Select all

_provider=new DefaultSecuredProviderSSL();

If you wanted to provide easy support for unsecure AND secure sockets at the same time you'd need to detect the applet wants to connect to the IANA-assigned secure-IRC port (994) and return a secure socket instead of an unsecure one.

So, it would look like the DefaultSecuredProvider class but with SSL-specific changes:

Code: Select all

package irc.security;
import java.io.*;
import java.net.*;
import javax.net.*;
import javax.net.ssl.*;

public class DefaultSecuredProviderSSL extends DefaultSecuredProvider
{
public final static int IRC_SECURE_PORT = 994; // IANA-assigned secure IRC

/*
  * Get a new (SSL) Socket.
  *
  * If the port number matches the IANA-assigned secure port, an
  * SSL socket will be created, if not an unsecure port.
  * The certificate being used by the host server must be trusted by this
  * Java Virtual Machine (JVM) either directly or through a Certificate
  * Authority in <java-home>/lib/security/cacerts - if not you must
  * manually add the server's certificate to the JVM's truststore.
  * @param host server host
  * @param port server SSL port
  * @throws UnknownHostException if host is not found
  * @throws IOException if an error occurs
  */
public Socket getSocket(String host, Integer port) throws
   UnknownHostException, IOException
{
  int portNum = port.intValue(); // convert to numeric
  if(portNum == IRC_SECURE_PORT) { // secure port requested?
   SocketFactory socketFactory = SSLSocketFactory.getDefault();
   return socketFactory.createSocket(host, portNum);
  }
  else return super.getSocket(host,portNum);

}

public String getName() {
  return "Default SSL Security Provider";
}


I'll upload a ZIP containing the source and compiled class to the Download/Plugins area in case you want to work with it.

[TJworld]

I thought I'd let you know that I've just set up an IRC server that supports SSL connections to port 994, so if you want to try it out let me know.

[TJworld]

Is it possible to mirror or move this topic to the PDK group?

[Guest]

does this work yet?

[GouroB]

TJworld ,

i want to to use it but not with port 994 , can u plz change it to 6697 or 7000 ? i would be glad if u help me with it .. i been trying but getting same error while compiling. Thx in advance .

[Guest]

problem is, that means the ircd must be run on root! 994 is a BS port for secured irc as almost noone has root. this may work for major networks like efnet..but ssl does jack squat for those nets as links ar plain text. SSL is realy only good for small IRC nets, which haveto run on non IANA ports.

the inability to bind to 994 aside (and lets not forget that 194 is the irc port, not 6667...who runs on 194? anyone?) i havent seen 2 networks run SSL on the same port...ever... ive seen it 6901, 7777, 9000, 9999, 6699, and a bunch others...

third and final point:
if you need to use ssl, perhaps you need to use a more substantial client. dont get me wrong, pjirc is great for what it is: a simple, yet well featured, web based irc client

[Guest]

Hi,
I becom this Error, I have many try but i don't know what is wrong. I hope someone can help me.

Connecting...
Logging in...
Error : sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Error : Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Disconnected from 127.0.0.1
Connecting...

Thx for the help [/quote]

[pzYsTorM]

Hi,
I becom this Error, I have many try but i don't know what is wrong. I hope someone can help me.

Connecting...
Logging in...
Error : sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Error : Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Disconnected from 127.0.0.1
Connecting...

Thx for the help

i had the same problem.

solution:

-> YOU (the server-admin) have to do:
get the ssl-certificate from your ircd. if you use unrealircd: Unreal3.2/server.cert.pem
this certficate has to be published, so that any user who wants to use this pjirc-applet can download the certificate.

editing the pjirc-source for the second time:
insert in the IRCClass.java in the init() method:

Code: Select all

System.setProperty("javax.net.ssl.trustStore", System.getProperty( "user.home" ) + "/.keystore");

rename the "irc.jar" to" irc.jar.zip" (the one in the pjirc_2_2_1_bin.zip)

build a new IRCApplet.class... replace the old IRCApplet.class with the new one in irc.jar.zip (with winzip, total commander or so)

go into the META-INF directory in the irc.jar.zip.
delete two files beginning with a "_".

start a "cmd" -> go into the JDK bin dir (C:\Program Files\Java\jdk1.5.0_05\bin)

Code: Select all

keytool -genkey -alias blableh

("blableh" is your choice... only a alias, shortcut)

Code: Select all

jarsigner C:/whatever/irc.jar.zip blableh

(the third is the alias name!)

rename the irc.jar.zip back to irc.jar
replace on your webspace the old irc.jar with your created jar


-> a user has to do the following stuff:
download the certificate (server.cert.pem)
start a "cmd" (in windows)
go into the JRE bin-directory (cd C:\Program Files\Java\je1.5.0_05\bin)
execute:

Code: Select all

keytool -import -file C:/whatever/server.cert.pem -alias blableh

the "blableh" is a alias, so its only a shortcut... u can freely choose this name.

dont forget to close ALL browsers... otherwise the java applet isnt reloaded



behind the scenes (as far as i have understood the shit):
the keystore(=truststore) is a wallet for the ssl-certs. it is protected with a password. to get to the private key files (for signing a jar) u have to know the "keystore-password". an irc-applet doesnt need this password, because it only needs the public keys in the store. they arent protected.
so it only has to know the path.

playing around with overwriting the default SSLSocketFactory and defining own TrustManagers which allows ALL certificates, i have not succeeded.




bye,
pzYsTorM


PS: have fun! no joke! thats the only chance! but: it works without any problems!

[pzYsTorM]

ah, forgot to say:

if you havent access to the ircd-directory to get the certificate:

execute from a linux-pc with installed openssl:

Code: Select all

openssl s_client -connect irc.myircserver.net:6668

(if 6668 is the ssl port)

between
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----
there is the ssl-certificate. copy it (including both the "----" lines)
and save it as server.cert.pem or so.


greets

[Guest]

JESUS! STRIKE! I HAVE SUCCEEDED! sry for my third post ;)


look in this directory:

http://www.testbetrieb.de.vu/pjirc/

download the three files, compile them and put them in the irc.jar.zip

then start begin reading in my first post @

go into the META-INF directory in the irc.jar.zip.
delete two files beginning with a "_".

and do the rest with the irc.jar.zip


-> the USER has to do NOTHING!!! no certificate importing! nothing!

[TheCraig]

Hey! Thank you for the SSL support!

I am having one small problem though, and I'm not sure if it's related to the server or the client or SSL config or something else.

There's a secure IRC server at CU Boulder and though it has some restrictions on it (you have to be on a certain subnet to access the machine, etc) I've been able to logon using mIRC (what they recommend) with SSL enabled, but I'm having problems using pjirc. It connects but then appears to immediately disconnect.

Code: Select all

Logging in....
Disconnected from naugthysmear.colorado.edu


Any ideas?

[pzYsTorM]

sorry, i cannot say exactely.

maybe they only support SSL, and not TLS.

try changing

Code: Select all

SSLContext sslcontext = SSLContext.getInstance("TLS");

to

Code: Select all

SSLContext sslcontext = SSLContext.getInstance("SSL");

in the DummySSLSocketFactory.java

[GouroB]

ok the thing is mine isnt working at all .. i tried many times to change the port to 7000 but i am getting too much error on ...

C:\Program Files\Java\jdk1.5.0_05\bin>javac -nowarn -g:none -O -target 1.5 irc.j
ar\irc\*.java
irc.jar\irc\DefaultSecuredProviderSSL.java:19: cannot find symbol
symbol: class DefaultSecuredProvider
public class DefaultSecuredProviderSSL extends DefaultSecuredProvider {
^
irc.jar\irc\SecurityProvider.java:43: cannot find symbol
symbol : class SecuredProvider
location: class irc.security.SecurityProvider
private SecuredProvider _provider;
^
irc.jar\irc\DefaultSecuredProviderSSL.java:44: cannot find symbol
symbol : variable super
location: class irc.security.DefaultSecuredProviderSSL
else return super.getSocket(host,port);
^
irc.jar\irc\SecurityProvider.java:58: cannot find symbol
symbol : class SecuredProvider
location: class irc.security.SecurityProvider
SecuredProvider old=_provider;
^
irc.jar\irc\SecurityProvider.java:62: cannot find symbol
symbol : class SecuredProvider
location: class irc.security.SecurityProvider
_provider=(SecuredProvider)cl.newInstance();

can any one please help me with it please pm me or mail me in salman_842@hotmail.com if u can help me with this. or post in here if u have any suggetion how can i do it .

[pzYsTorM]

the files from my URL have to be moved to irc/security and NOT to irc.

one file will be replaced. the other two are additional.


bye,
pzYsTorM

[Guest]

and... edit this line... replace 6668 with 7000...

search in DefaultSecuredProviderSSL.java

public final static int IRC_SECURE_PORT = 6668; // IANA-assigned secure IRC

[tuketu]

I am trying to recompile SecurityProvider.java with the
_provider=new DefaultSecuredProviderSSL() changes, and am getting the following compile errors:

D:\Program Files\Java\jdk1.5.0_06\bin>javac -nowarn -g:none -O -target 1.5 E:\Software\Programming\pjirc\irc\security\SecurityProvider.java
E:\Software\Programming\pjirc\irc\security\SecurityProvider.java:43: cannot find symbol
symbol : class SecuredProvider
location: class irc.security.SecurityProvider
private SecuredProvider _provider;
^
E:\Software\Programming\pjirc\irc\security\SecurityProvider.java:53: cannot find
symbol
symbol : class DefaultSecuredProviderSSL
location: class irc.security.SecurityProvider
_provider=new DefaultSecuredProviderSSL();
^
E:\Software\Programming\pjirc\irc\security\SecurityProvider.java:58: cannot find
symbol
symbol : class SecuredProvider
location: class irc.security.SecurityProvider
SecuredProvider old=_provider;
^
E:\Software\Programming\pjirc\irc\security\SecurityProvider.java:62: cannot find
symbol
symbol : class SecuredProvider
location: class irc.security.SecurityProvider
_provider=(SecuredProvider)cl.newInstance();
^
E:\Software\Programming\pjirc\irc\security\SecurityProvider.java:94: cannot find
symbol
symbol : variable EventDispatcher
location: class irc.security.SecurityProvider
Socket ans=(Socket)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_pr
ovider,"getSocket",new Object[] {host,new Integer(port)});
^
E:\Software\Programming\pjirc\irc\security\SecurityProvider.java:117: cannot fin
d symbol
symbol : variable EventDispatcher
location: class irc.security.SecurityProvider
return (ServerSocket)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_
provider,"getServerSocket",new Object[] {new Integer(port)});
^
E:\Software\Programming\pjirc\irc\security\SecurityProvider.java:218: cannot fin
d symbol
symbol : variable EventDispatcher
location: class irc.security.SecurityProvider
return (FileInputStream)EventDispatcher.dispatchEventAsyncAndWaitExSecurit
y(_provider,"getFileInputStream",new Object[] {file});
^
E:\Software\Programming\pjirc\irc\security\SecurityProvider.java:242: cannot fin
d symbol
symbol : variable EventDispatcher
location: class irc.security.SecurityProvider
return (FileOutputStream)EventDispatcher.dispatchEventAsyncAndWaitExSecuri
ty(_provider,"getFileOutputStream",new Object[] {file});
^
E:\Software\Programming\pjirc\irc\security\SecurityProvider.java:263: cannot fin
d symbol
symbol : variable EventDispatcher
location: class irc.security.SecurityProvider
return ((Integer)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_prov
ider,"getFileSize",new Object[] {file})).intValue();
^
E:\Software\Programming\pjirc\irc\security\SecurityProvider.java:280: cannot fin
d symbol
symbol : variable EventDispatcher
location: class irc.security.SecurityProvider
return (File)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_provider
,"getLoadFile",new Object[] {title});
^
E:\Software\Programming\pjirc\irc\security\SecurityProvider.java:297: cannot fin
d symbol
symbol : variable EventDispatcher
location: class irc.security.SecurityProvider
return (File)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_provider
,"getSaveFile",new Object[] {title});
^
E:\Software\Programming\pjirc\irc\security\SecurityProvider.java:315: cannot fin
d symbol
symbol : variable EventDispatcher
location: class irc.security.SecurityProvider
return (File)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_provider
,"getSaveFile",new Object[] {file,title});
^
E:\Software\Programming\pjirc\irc\security\SecurityProvider.java:332: cannot fin
d symbol
symbol : variable EventDispatcher
location: class irc.security.SecurityProvider
return (InetAddress)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_p
rovider,"getLocalHost",new Object[] {});
^
E:\Software\Programming\pjirc\irc\security\SecurityProvider.java:353: cannot fin
d symbol
symbol : variable EventDispatcher
location: class irc.security.SecurityProvider
return (String)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_provid
er,"resolve",new Object[] {addr});
^
14 errors

D:\Program Files\Java\jdk1.5.0_06\bin>

I'm very new at java & compiling so I'm not sure what's wrong, the other .java files seem to compile without errors.

Also if I try to compile the original SecurityProvider.java I still get the same errors.

If I try to compile all the .java in the security folder (*.java) I only get 10 errors and all of them are those "EventDispatcher"

Anyone have any ideas?

[Thema]

You're trying to compile the MS security stuff.
It won't work unless you have a copy of the MS java development kit which came with their Visual Java, or Visual Studio. Or even Visual Studio service pack 5.
I don't know whether you can still obtain it from anywhere. I haven't been able to find the download at MS anymore.

[tuketu]

Thank you so much for the help Thema,
I wanted to let you know of my success!

I really didn't want to touch the MS stuff (not going to use it anyways), so instead of editing the SecurityProvider.java file and having to re-compile it, I edited the DefaultSecuredProvider.java file instead, and incorporated the SSL changes into it as follows:

import javax.net.*; //Added Socketfactory functionality

/**
* Default secured provider.
*/
public class DefaultSecuredProvider implements SecuredProvider
{
public final static int IRC_SECURE_PORT = 6697;
public Socket getSocket(String host,Integer port) throws UnknownHostException,IOException
{
int portNum = port.intValue(); // convert to numeric
if(portNum == IRC_SECURE_PORT) // secure port requested?
{
SocketFactory socketFactory = DummySSLSocketFactory.getDefault();
return socketFactory.createSocket(host, portNum);
}
else return new Socket(host,port.intValue());
}

and I also added the DummySSLSocketFactory provided by pzYsTorM
(though I'm not sure exactly what it does)

That done, its now on to the next enhancement: automatically forcing the user to use their NT login as their IRC Nick and not being able to change it

[frank]

Hi.

I have tried to compile the files from http://www.testbetrieb.de.vu/pjirc/

• DefaultSecuredProviderSSL.java
• SecurityProvider.java
• DummySSLSocketFactory.java

and I've got a lot of compiler errors ("cannot find symbol" - see below).

Is there a compiled pjirc version available where I can define the IRC-SSL port in:

• the pjirc.cfg file
• as param value in the HTML applet tag
• in the /server statement

If not can you help me with the compile options (for a none MS environment)?

Thanks in advance

Frank

Code: Select all

$ javac -nowarn -g:none -O -target 1.5 *.java
DefaultSecuredProviderSSL.java:19: cannot find symbol
symbol: class DefaultSecuredProvider
public class DefaultSecuredProviderSSL extends DefaultSecuredProvider {
                                               ^
SecurityProvider.java:43: cannot find symbol
symbol  : class SecuredProvider
location: class irc.security.SecurityProvider
  private SecuredProvider _provider;
          ^
DefaultSecuredProviderSSL.java:44: cannot find symbol
symbol  : variable super
location: class irc.security.DefaultSecuredProviderSSL
  else return super.getSocket(host,port);
              ^
SecurityProvider.java:58: cannot find symbol
symbol  : class SecuredProvider
location: class irc.security.SecurityProvider
    SecuredProvider old=_provider;
    ^
SecurityProvider.java:62: cannot find symbol
symbol  : class SecuredProvider
location: class irc.security.SecurityProvider
      _provider=(SecuredProvider)cl.newInstance();
                 ^
SecurityProvider.java:94: cannot find symbol
symbol  : variable EventDispatcher
location: class irc.security.SecurityProvider
      Socket ans=(Socket)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_provider,"getSocket",new Object[] {host,new Integer(port)});
                         ^
SecurityProvider.java:117: cannot find symbol
symbol  : variable EventDispatcher
location: class irc.security.SecurityProvider
      return (ServerSocket)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_provider,"getServerSocket",new Object[] {new Integer(port)});
                           ^
SecurityProvider.java:218: cannot find symbol
symbol  : variable EventDispatcher
location: class irc.security.SecurityProvider
      return (FileInputStream)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_provider,"getFileInputStream",new Object[] {file});
                              ^
SecurityProvider.java:242: cannot find symbol
symbol  : variable EventDispatcher
location: class irc.security.SecurityProvider
      return (FileOutputStream)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_provider,"getFileOutputStream",new Object[] {file});
                               ^
SecurityProvider.java:263: cannot find symbol
symbol  : variable EventDispatcher
location: class irc.security.SecurityProvider
      return ((Integer)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_provider,"getFileSize",new Object[] {file})).intValue();
                       ^
SecurityProvider.java:280: cannot find symbol
symbol  : variable EventDispatcher
location: class irc.security.SecurityProvider
      return (File)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_provider,"getLoadFile",new Object[] {title});
                   ^
SecurityProvider.java:297: cannot find symbol
symbol  : variable EventDispatcher
location: class irc.security.SecurityProvider
      return (File)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_provider,"getSaveFile",new Object[] {title});
                   ^
SecurityProvider.java:315: cannot find symbol
symbol  : variable EventDispatcher
location: class irc.security.SecurityProvider
      return (File)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_provider,"getSaveFile",new Object[] {file,title});
                   ^
SecurityProvider.java:332: cannot find symbol
symbol  : variable EventDispatcher
location: class irc.security.SecurityProvider
      return (InetAddress)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_provider,"getLocalHost",new Object[] {});
                          ^
SecurityProvider.java:353: cannot find symbol
symbol  : variable EventDispatcher
location: class irc.security.SecurityProvider
      return (String)EventDispatcher.dispatchEventAsyncAndWaitExSecurity(_provider,"resolve",new Object[] {addr});
                     ^
15 errors