List of usage examples for javax.net.ssl SSLSocket getSession
public abstract SSLSession getSession();
From source file:com.kenai.redminenb.repository.RedmineRepository.java
static PoolingClientConnectionManager createConnectionManager() throws SSLInitializationException { SSLSocketFactory socketFactory = SSLSocketFactory.getSystemSocketFactory(); socketFactory.setHostnameVerifier(new X509HostnameVerifier() { @Override/*from w ww .ja v a2s . c om*/ public void verify(String string, SSLSocket ssls) throws IOException { if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(string, ssls.getSession())) { throw new SSLException("Hostname did not verify"); } } @Override public void verify(String string, X509Certificate xc) throws SSLException { throw new SSLException("Check not implemented yet"); } @Override public void verify(String string, String[] strings, String[] strings1) throws SSLException { throw new SSLException("Check not implemented yet"); } @Override public boolean verify(String string, SSLSession ssls) { return HttpsURLConnection.getDefaultHostnameVerifier().verify(string, ssls); } }); PoolingClientConnectionManager connectionManager = RedmineManagerFactory .createConnectionManager(Integer.MAX_VALUE, socketFactory); return connectionManager; }
From source file:com.eviware.soapui.impl.wsdl.support.http.SoapUIEasySSLProtocolSocketFactory.java
private synchronized Socket enableSocket(SSLSocket socket) { socket.getSession().invalidate(); String protocols = System.getProperty("soapui.https.protocols"); String ciphers = System.getProperty("soapui.https.ciphers"); if (StringUtils.hasContent(protocols)) { socket.setEnabledProtocols(protocols.split(",")); } else if (socket.getSupportedProtocols() != null) { socket.setEnabledProtocols(socket.getSupportedProtocols()); }//from ww w. j a va 2 s . c o m if (StringUtils.hasContent(ciphers)) { socket.setEnabledCipherSuites(ciphers.split(",")); } else if (socket.getSupportedCipherSuites() != null) { socket.setEnabledCipherSuites(socket.getSupportedCipherSuites()); } return socket; }
From source file:org.eclipse.aether.transport.http.X509HostnameVerifierAdapter.java
public void verify(String host, SSLSocket socket) throws IOException { if (!verify(host, socket.getSession())) { throw new SSLException("<" + host + "> does not pass hostname verification"); }// w w w. j a v a2 s .c o m }
From source file:ua.pp.msk.cliqr.CliQrHostnameVerifier.java
@Override public void verify(String host, SSLSocket ssls) throws IOException { verify(host, ssls.getSession()); }
From source file:org.lizardirc.beancounter.security.VerifyingSslSocketFactory.java
private void verify(SSLSocket socket) throws SSLException { SSLSession session = socket.getSession(); if (!verifier.verify(hostname, session)) { System.err.println("Rejecting; hostname verification failed"); throw new SSLPeerUnverifiedException("Failed to verify hostname: certificate mismatch"); }/*from w w w . ja v a2 s .c om*/ }
From source file:org.apache.nifi.toolkit.tls.service.client.TlsCertificateAuthorityClientSocketFactory.java
@Override public synchronized Socket connectSocket(int connectTimeout, Socket socket, HttpHost host, InetSocketAddress remoteAddress, InetSocketAddress localAddress, HttpContext context) throws IOException { Socket result = super.connectSocket(connectTimeout, socket, host, remoteAddress, localAddress, context); if (!SSLSocket.class.isInstance(result)) { throw new IOException("Expected tls socket"); }// w w w . j a v a 2 s . c om SSLSocket sslSocket = (SSLSocket) result; java.security.cert.Certificate[] peerCertificateChain = sslSocket.getSession().getPeerCertificates(); if (peerCertificateChain.length != 1) { throw new IOException("Expected root ca cert"); } if (!X509Certificate.class.isInstance(peerCertificateChain[0])) { throw new IOException("Expected root ca cert in X509 format"); } String cn; try { X509Certificate certificate = (X509Certificate) peerCertificateChain[0]; cn = IETFUtils .valueToString(new JcaX509CertificateHolder(certificate).getSubject().getRDNs(BCStyle.CN)[0] .getFirst().getValue()); certificates.add(certificate); } catch (Exception e) { throw new IOException(e); } if (!caHostname.equals(cn)) { throw new IOException("Expected cn of " + caHostname + " but got " + cn); } return result; }
From source file:org.lizardirc.beancounter.security.FingerprintingSslSocketFactory.java
private void verify(SSLSocket socket) throws SSLException { SSLSession session = socket.getSession(); Certificate cert = session.getPeerCertificates()[0]; byte[] encoded; try {/*w w w . ja va2 s . c o m*/ encoded = cert.getEncoded(); } catch (CertificateEncodingException e) { throw new SSLProtocolException("Invalid certificate encoding"); } boolean match = Stream.<Function<byte[], String>>of(DigestUtils::md5Hex, DigestUtils::sha1Hex, DigestUtils::sha256Hex, DigestUtils::sha512Hex).map(f -> f.apply(encoded)) .anyMatch(fingerprints::contains); if (!match) { System.err.println("Rejecting; fingerprint not matched"); throw new SSLPeerUnverifiedException("Failed to verify: certificate fingerprint mismatch"); } }
From source file:com.ntsync.android.sync.client.MySSLSocketFactory.java
private void verifyHostname(SSLSocket socket) throws SSLPeerUnverifiedException { SSLSession session = socket.getSession(); String hostname = session.getPeerHost(); X509Certificate[] certs = session.getPeerCertificateChain(); if (certs == null || certs.length == 0) { throw new SSLPeerUnverifiedException("No server certificates found!"); }//w ww . j a v a 2s. c om // get the servers DN in its string representation String dn = certs[0].getSubjectDN().getName(); // might be useful to print out all certificates we receive from the // server, in case one has to debug a problem with the installed certs. if (Log.isLoggable(TAG, Log.DEBUG)) { Log.d(TAG, "Server certificate chain:"); for (int i = 0; i < certs.length; i++) { Log.d(TAG, "X509Certificate[" + i + "]=" + certs[i]); } } // get the common name from the first cert String cn = getCN(dn); if (hostname != null && hostname.equalsIgnoreCase(cn)) { if (Log.isLoggable(TAG, Log.DEBUG)) { Log.d(TAG, "Target hostname valid: " + cn); } } else { if (BuildConfig.DEBUG) { Log.w(TAG, "HTTPS hostname invalid: expected '" + hostname + "', received '" + cn + "'"); return; } throw new SSLPeerUnverifiedException( "HTTPS hostname invalid: expected '" + hostname + "', received '" + cn + "'"); } }
From source file:com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.java
/** * Double check the master secret of an SSL session must not be null, or * else a {@link SecurityException} will be thrown. * @param sock connected socket/* www . j ava 2s . com*/ */ private void verifyMasterSecret(final Socket sock) { if (sock instanceof SSLSocket) { SSLSocket ssl = (SSLSocket) sock; SSLSession session = ssl.getSession(); if (session != null) { String className = session.getClass().getName(); if ("sun.security.ssl.SSLSessionImpl".equals(className)) { try { Class<?> clazz = Class.forName(className); Method method = clazz.getDeclaredMethod("getMasterSecret"); method.setAccessible(true); Object masterSecret = method.invoke(session); if (masterSecret == null) { session.invalidate(); if (log.isDebugEnabled()) { log.debug("Invalidated session " + session); } throw log(new SecurityException("Invalid SSL master secret")); } } catch (ClassNotFoundException e) { failedToVerifyMasterSecret(e); } catch (NoSuchMethodException e) { failedToVerifyMasterSecret(e); } catch (IllegalAccessException e) { failedToVerifyMasterSecret(e); } catch (InvocationTargetException e) { failedToVerifyMasterSecret(e.getCause()); } } } } return; }
From source file:net.sourceforge.myvd.quickstart.util.GetSSLCert.java
private void getCert(SSLSocket socket) throws SSLPeerUnverifiedException { SSLSession session = socket.getSession(); javax.security.cert.X509Certificate[] certs = session.getPeerCertificateChain(); if (this.cert == null) { this.cert = certs[certs.length - 1]; }/*from w w w . ja v a 2s.co m*/ }