Merge pull request #2 from spoofzu/Beta3

Misc improvements

.classpath

@@ -1,23 +1,23 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
-	<classpathentry kind="src" output="target/classes" path="src/main/java">
+	<classpathentry kind="src" path="src/main/java">
 		<attributes>
 			<attribute name="optional" value="true"/>
 			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
+	<classpathentry kind="src" path="src/main/resources">
 		<attributes>
 			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
+	<classpathentry kind="src" path="src/test/java">
 		<attributes>
 			<attribute name="optional" value="true"/>
 			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
+	<classpathentry kind="src" path="src/test/resources">
 		<attributes>
 			<attribute name="maven.pomderived" value="true"/>
 		</attributes>

pom.xml

@@ -5,6 +5,24 @@
   <version>0.0.1-SNAPSHOT</version>
 
   <dependencies>
+
+    <!-- 
+	<dependency>
+	    <groupId>org.owasp</groupId>
+	    <artifactId>security-logging-common</artifactId>
+	    <version>1.1.0</version>
+	</dependency>
+  -->
+
+      <!-- 
+    <dependency>
+       <groupId>org.owasp</groupId>
+       <artifactId>security-logging-logback</artifactId>
+       <version>1.1.0</version>
+    </dependency>
+      -->
+
+
   	<dependency>
   		<groupId>ch.qos.logback</groupId>
   		<artifactId>logback-classic</artifactId>
@@ -22,6 +40,7 @@
 		<artifactId>commons-cli</artifactId>
 		<version>1.2</version>
 	</dependency>
+
   </dependencies>
 
     <build>

src/main/java/com/mps/deepviolet/bin/StartCMD.java

@@ -24,6 +24,7 @@
 import com.mps.deepviolet.job.DeepScanTask;
 import com.mps.deepviolet.util.FileUtils;
 
+
 /**
  * Entry point to start DeepViolet and run headless.  Useful for running
  * DeepViolet from scripts.
@@ -68,18 +69,34 @@ private void init(String[] args) {
 	    //StatusPrinter.print(lc);
 
 	    logger.info("Starting headless via dvCMD");
+
+	    // Print diagnostics and system state information
+//		IntervalLoggerController wd = SecurityLoggingFactory.getControllerInstance();
+//		wd.start();
 
 		// Create ~/DeepViolet/ working directory on OS
 	    FileUtils.createWorkingDirectory();
 
 		int err = 0;
 
 		try {
-
+
+			//TODO: Java8 java -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"  enable/disable protocols to test
+            //  Java7 -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
+			// proxy support
+			// -Djava.net.useSystemProxies=true
+			//  -Dhttp.proxyHost=proxy.example.com -Dhttp.proxyPort=8080
+		//  -Dhttps.proxyHost=proxy.example.com -Dhttps.proxyPort=808
+		//  -Dhttp.proxyUser=msmith -Dhttp.proxyPassword=xxxx
+			//  -Dhttps.proxyUser=msmith -Dhttps.proxyPassword=xxxx
+			// JCE policy files, unlimited strength
+			// http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
+
 			// Create command line options
 			Options options = new Options();
 			options.addOption("wc", "writecertificate", true, "Optional, write PEM encoded certificate to disk. Ex: -wc ~/certs/mycert.pem");
 			options.addOption("s", "sections", true, "Optional, unspecified prints all sections or specify sections. [t|h|r|c|i|s|n]");
+			options.addOption("d", "debug", false, "Optional, debug SSL/TLS connection.");
 
 			// Mutually exclusive options
 			OptionGroup certsource = new OptionGroup();	
@@ -118,13 +135,22 @@ private void init(String[] args) {
 				}
 			}
 
+		   // Process debug option
+			if( cmdline.hasOption("d") ) {
+				System.setProperty("javax.net.debug", "all");
+			} else {
+				if(System.getProperties().contains("javax.net.debug"));
+					System.getProperties().remove("javax.net.debug");
+			}
+
 		   // print help options
 		   if( cmdline.hasOption("h") ) {
 			   // Generate help options
 
 			   StringBuffer hm = new StringBuffer();
-			   hm.append( "java -jar dvCMD.jar -serverurl <host|ip> [-wc <file> | -rc <file>] [-h -s{t|h|r|c|i|s|n}]"+EOL );
+			   hm.append( "java -jar dvCMD.jar -d -serverurl <host|ip> [-wc <file> | -rc <file>] [-h -s{t|h|r|c|i|s|n}]"+EOL );
 			   hm.append( "Ex: dvCMD.jar -serverurl https://www.host.com/ -sections ts"+EOL );
+			   hm.append( "-d SSL/TLS connection debugging"+EOL );
 			   hm.append( "Where sections are the following,"+EOL);
 			   hm.append( "t=header section, h=host section, r=http response section,"+EOL);
 			   hm.append( "c=connection characteristics section, i=ciphersuite section,"+EOL);
@@ -235,7 +261,6 @@ private void init(String[] args) {
 		   }
 
 		   long finish = System.currentTimeMillis();
-		   logger.info( "");
 		   logger.info( "Processing complete, execution(ms)="+(finish-start));
 
 		} catch (Throwable t ) {
@@ -256,13 +281,13 @@ private void updateLongRunningCMDStatus( final DeepScanTask task ) {
 	   final Logger logger = LoggerFactory.getLogger("com.mps.deepviolet.bin.StartCMD");
 
 	   // Background update thread.  Display scan results in progress
-	   final int delay = 5000; //Update interval
+	   final int delay = 500; //Update interval
 	   ActionListener taskPerformer = new ActionListener() {
 		   int ct = 0;
 		   public void actionPerformed(ActionEvent evt) {
 			   if( task.isWorking() ) {
 				   ct += delay;
-				   logger.info("Still busy, "+ct/1000+" seconds elapsed."); 
+				   if( ct % 15000==0 ) { logger.info("Still busy, "+ct/1000+" seconds elapsed."); }
 			   } else {  	    	
 					// Scan done, stop timer.
 		    	    ((Timer)evt.getSource()).stop();

src/main/java/com/mps/deepviolet/bin/StartUI.java

@@ -1,7 +1,15 @@
 package com.mps.deepviolet.bin;
 
 
+import java.awt.Image;
+import java.awt.Toolkit;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.net.URL;
+
 import javax.swing.SwingUtilities;
+import javax.swing.UIManager;
+import javax.swing.UnsupportedLookAndFeelException;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -46,8 +54,7 @@ public static void main(String[] args) {
 	 * Initialization
 	 */
 	private void init(String[] args) {
-
-
+
 		LoggerContext lc = (LoggerContext) LoggerFactory.getILoggerFactory();
 	    ContextInitializer ci = new ContextInitializer(lc);
 	    lc.reset();
@@ -65,6 +72,28 @@ private void init(String[] args) {
 
 	    SwingUtilities.invokeLater(new Runnable() {
 	       public void run() {
+	    	    try {
+					UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());
+					logger.debug( "Look and feel assigned.  Class="+UIManager.getSystemLookAndFeelClassName() );
+				} catch (Exception e) {
+					logger.error("Error setting lookandfeel, msg="+e.getMessage());
+				}	    	   
+
+	    	    try {
+	    	        Class util = Class.forName("com.apple.eawt.Application");
+	    	        Method getApplication = util.getMethod("getApplication", new Class[0]);
+	    	        Object application = getApplication.invoke(util);
+	    	        Class params[] = new Class[1];
+	    	        params[0] = Image.class;
+	    	        Method setDockIconImage = util.getMethod("setDockIconImage", params);
+	    	        URL url = this.getClass().getClassLoader().getResource("dv-raw.png");
+	    	        Image image = Toolkit.getDefaultToolkit().getImage(url);
+	    	        setDockIconImage.invoke(application, image);
+					logger.debug( "Dock icon assigned, url="+url.toString() );
+	    	    } catch (Exception e) {
+					logger.error("Error setting dockicon image, msg="+e.getMessage());
+	    	    } 
+
 	    		MainFrm main = new MainFrm();
 	    		main.initComponents();
 	    		main.setVisible(true);

src/main/java/com/mps/deepviolet/suite/CipherSuiteUtil.java

@@ -601,7 +601,7 @@ public static synchronized ServerMetadata getServerMetadataInstance( URL url ) t
 		}
 
 		if (sv.size() == 0) {
-			logger.error("Server may not be SSL\\TLS enabled. host=" + isa);
+			logger.error("Server may not be SSL/TLS enabled. host=" + isa);
 			return null;
 		}
 
@@ -1010,27 +1010,27 @@ public static final X509Certificate[] getJavaRootCertificates() throws Exception
 
 	}
 
-	/**
-	 * Test to see if a particular SHA1 hash is a root in the Java system keystore.
-	 * @param sha1hash
-	 * @return true, SHA1 hash belongs to a Java root.  false, no Java root found.
-	 */
-	public static final boolean isJavaRootCertificateSHA1(String sha1hash) throws Exception {
-
-		boolean result = false;
-
-		for( X509Certificate cert : getJavaRootCertificates() ) {
-
-			String fingerprint = sha1Fingerprint(cert.getEncoded());
-
-			if( fingerprint.equals(sha1hash) ) {
-
-				result = true; break;
-			}
-		}
-
-		return result;
-	}
+//	/**
+//	 * Test to see if a particular SHA1 hash is a root in the Java system keystore.
+//	 * @param sha1hash
+//	 * @return true, SHA1 hash belongs to a Java root.  false, no Java root found.
+//	 */
+//	public static final boolean isJavaRootCertificateSHA1(String sha1hash) throws Exception {
+//		
+//		boolean result = false;
+//		
+//		for( X509Certificate cert : getJavaRootCertificates() ) {
+//			
+//			String fingerprint = sha1Fingerprint(cert.getEncoded());
+//		
+//			if( fingerprint.equals(sha1hash) ) {
+//				
+//				result = true; break;
+//			}
+//		}
+//		
+//		return result;
+//	}
 
 	/**
 	 * Test to see if a particular IssuerDN is a root in the Java system keystore.
@@ -1187,43 +1187,43 @@ public static final String signerFingerprint( byte[] der, String signatureAlgori
 
 	   }	
 
-	   /**
-	    * Generate SHA1 fingerprint from certificate bytes
-	    * @param der Certificate in bytes
-	    * @return String SHA1 fingerprint in hex.
-	    * @throws NoSuchAlgorithmException
-	    */
-	   public static final String sha1Fingerprint( byte[] der ) throws NoSuchAlgorithmException {
-
-		   MessageDigest sha1 = MessageDigest.getInstance("SHA1");
-		   sha1.update( der );
-
-		   StringBuffer buff = new StringBuffer();
-		   buff.append("0x");
-		   buff.append(byteArrayToHex(sha1.digest()));
-
-		   return buff.toString();
-
-	   }
+//	   /**
+//	    * Generate SHA1 fingerprint from certificate bytes
+//	    * @param der Certificate in bytes
+//	    * @return String SHA1 fingerprint in hex.
+//	    * @throws NoSuchAlgorithmException
+//	    */
+//	   public static final String sha1Fingerprint( byte[] der ) throws NoSuchAlgorithmException {
+//		   
+//		   MessageDigest sha1 = MessageDigest.getInstance("SHA1");
+//		   sha1.update( der );
+//		   
+//		   StringBuffer buff = new StringBuffer();
+//		   buff.append("0x");
+//		   buff.append(byteArrayToHex(sha1.digest()));
+//		   
+//		   return buff.toString();
+//		   
+//	   }
 
-	   /**
-	    * Generate MD5 fingerprint from certificate bytes
-	    * @param der Certificate in bytes
-	    * @return String MD5 fingerprint in hex.
-	    * @throws NoSuchAlgorithmException
-	    */	   
-	   public static final String md5Fingerprint( byte[] der ) throws NoSuchAlgorithmException {
-
-		   MessageDigest sha1 = MessageDigest.getInstance("MD5");
-		   sha1.update( der );
-
-		   StringBuffer buff = new StringBuffer();
-		   buff.append("0x");
-		   buff.append(byteArrayToHex(sha1.digest()));
-
-		   return buff.toString();
-
-	   }
+//	   /**
+//	    * Generate MD5 fingerprint from certificate bytes
+//	    * @param der Certificate in bytes
+//	    * @return String MD5 fingerprint in hex.
+//	    * @throws NoSuchAlgorithmException
+//	    */	   
+//	   public static final String md5Fingerprint( byte[] der ) throws NoSuchAlgorithmException {
+//		   
+//		   MessageDigest sha1 = MessageDigest.getInstance("MD5");
+//		   sha1.update( der );
+//		   
+//		   StringBuffer buff = new StringBuffer();
+//		   buff.append("0x");
+//		   buff.append(byteArrayToHex(sha1.digest()));
+//		   
+//		   return buff.toString();
+//		   
+//	   }
 
 	   /**
 	    * Convert an array of bytes to a String based hex representation
@@ -1240,6 +1240,11 @@ public static String byteArrayToHex(byte[] a) {
 		   return sb.toString().toUpperCase();
 		}
 
+	   /**
+	    * Returns human readable OID name for the OID number.
+	    * @param oidkey OID number sequence.  Ex: 2.5.29.15
+	    * @return  Human readable String representation of the OID number sequence.  Ex: keyusage
+	    */
 	   public static String getOIDKeyName(String oidkey) {
 
 		   // TODO: Need to figure out a better way to do this.
@@ -1254,10 +1259,7 @@ public static String getOIDKeyName(String oidkey) {
 	 * @throws IOException
 	 * @see http://stackoverflow.com/questions/2409618/how-do-i-decode-a-der-encoded-string-in-java
 	 */
-	public static final ASN1Primitive toDERObject(byte[] data) throws IOException
-	{
-
-
+	public static final ASN1Primitive toDERObject(byte[] data) throws IOException {
 
 		ByteArrayInputStream inStream = new ByteArrayInputStream(data);
 

src/main/java/com/mps/deepviolet/ui/DocPrintUtil.java

@@ -278,6 +278,10 @@ public static final void printSupportedCipherSuites(StringBuffer con, URL url) {
 
 			Map<String,List<String>> all_ciphers = new HashMap<String, List<String>>();
 			ServerMetadata m = CipherSuiteUtil.getServerMetadataInstance( url );
+			if( m == null ) {
+				logger.error("No server metadata returned.");
+				return;
+			}
 			if( m.containsKey("getServerMetadataInstance","SSLv2") ) all_ciphers.put("SSLv2",m.getVectorValue("getServerMetadataInstance","SSLv2"));
 			if( m.containsKey("getServerMetadataInstance","SSLv3") ) all_ciphers.put("SSLv3",m.getVectorValue("getServerMetadataInstance","SSLv3"));
 			if( m.containsKey("getServerMetadataInstance","TLSv1.0") ) all_ciphers.put("TLSv1.0",m.getVectorValue("getServerMetadataInstance","TLSv1.0"));
@@ -772,7 +776,7 @@ private static final void printX509Certificate( StringBuffer con, X509Certificat
         		try {
 
         			cert.checkValidity();
-                    DocPrintUtil.println(con, "Validity Check= VALID, certificate valid between "+cert.getNotBefore().toString()+" and "+cert.getNotAfter().toString() );
+                    DocPrintUtil.println(con, "Validity Check=VALID, certificate valid between "+cert.getNotBefore().toString()+" and "+cert.getNotAfter().toString() );
 
                 } catch (CertificateNotYetValidException e) {
                     DocPrintUtil.println(con, "Validity Check= >>>NOT YET VALID<<<, certificate valid between "+cert.getNotBefore().toString()+" and "+cert.getNotAfter().toString() );
@@ -887,7 +891,7 @@ private static final void printOIDs(StringBuffer con, X509Certificate cert, Set<
     		try {
     			aval = CipherSuiteUtil.getExtensionValue(cert,oid);
     		} catch( IOException e ) {
-    			logger.error("Can't print ANS.1 value", e);
+    			logger.error("Can't print ASN.1 value", e);
     		}
 
     		oidbuff.append( "  -");