List of usage examples for javax.net.ssl SSLSocket setEnabledProtocols
public abstract void setEnabledProtocols(String protocols[]);
From source file:org.apache.nutch.protocol.http.HttpResponse.java
/** * Default public constructor./*from www . j av a 2s.co m*/ * * @param http * @param url * @param datum * @throws ProtocolException * @throws IOException */ public HttpResponse(HttpBase http, URL url, CrawlDatum datum) throws ProtocolException, IOException { this.http = http; this.url = url; this.orig = url.toString(); this.base = url.toString(); Scheme scheme = null; if ("http".equals(url.getProtocol())) { scheme = Scheme.HTTP; } else if ("https".equals(url.getProtocol())) { scheme = Scheme.HTTPS; } else { throw new HttpException("Unknown scheme (not http/https) for url:" + url); } if (Http.LOG.isTraceEnabled()) { Http.LOG.trace("fetching " + url); } String path = "".equals(url.getFile()) ? "/" : url.getFile(); // some servers will redirect a request with a host line like // "Host: <hostname>:80" to "http://<hpstname>/<orig_path>"- they // don't want the :80... LOG.info("Fetching " + url.toString()); String host = url.getHost(); int port; String portString; if (url.getPort() == -1) { if (scheme == Scheme.HTTP) { port = 80; } else { port = 443; } portString = ""; } else { port = url.getPort(); portString = ":" + port; } Socket socket = null; try { socket = new Socket(); // create the socket socket.setSoTimeout(http.getTimeout()); // connect String sockHost = http.useProxy(url) ? http.getProxyHost() : host; int sockPort = http.useProxy(url) ? http.getProxyPort() : port; InetSocketAddress sockAddr = new InetSocketAddress(sockHost, sockPort); socket.connect(sockAddr, http.getTimeout()); if (scheme == Scheme.HTTPS) { SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); SSLSocket sslsocket = (SSLSocket) factory.createSocket(socket, sockHost, sockPort, true); sslsocket.setUseClientMode(true); // Get the protocols and ciphers supported by this JVM Set<String> protocols = new HashSet<String>(Arrays.asList(sslsocket.getSupportedProtocols())); Set<String> ciphers = new HashSet<String>(Arrays.asList(sslsocket.getSupportedCipherSuites())); // Intersect with preferred protocols and ciphers protocols.retainAll(http.getTlsPreferredProtocols()); ciphers.retainAll(http.getTlsPreferredCipherSuites()); sslsocket.setEnabledProtocols(protocols.toArray(new String[protocols.size()])); sslsocket.setEnabledCipherSuites(ciphers.toArray(new String[ciphers.size()])); sslsocket.startHandshake(); socket = sslsocket; } this.conf = http.getConf(); if (sockAddr != null && conf.getBoolean("store.ip.address", false) == true) { headers.add("_ip_", sockAddr.getAddress().getHostAddress()); } // make request OutputStream req = socket.getOutputStream(); StringBuffer reqStr = new StringBuffer("GET "); if (http.useProxy(url)) { reqStr.append(url.getProtocol() + "://" + host + portString + path); } else { reqStr.append(path); } reqStr.append(" HTTP/1.0\r\n"); reqStr.append("Host: "); reqStr.append(host); reqStr.append(portString); reqStr.append("\r\n"); reqStr.append("Accept-Encoding: x-gzip, gzip, deflate\r\n"); String userAgent = http.getUserAgent(); if ((userAgent == null) || (userAgent.length() == 0)) { if (Http.LOG.isErrorEnabled()) { Http.LOG.error("User-agent is not set!"); } } else { reqStr.append("User-Agent: "); reqStr.append(userAgent); reqStr.append("\r\n"); } reqStr.append("Accept-Language: "); reqStr.append(this.http.getAcceptLanguage()); reqStr.append("\r\n"); reqStr.append("Accept: "); reqStr.append(this.http.getAccept()); reqStr.append("\r\n"); if (http.isIfModifiedSinceEnabled() && datum.getModifiedTime() > 0) { reqStr.append("If-Modified-Since: " + HttpDateFormat.toString(datum.getModifiedTime())); reqStr.append("\r\n"); } reqStr.append("\r\n"); // store the request in the metadata? if (conf.getBoolean("store.http.request", false) == true) { headers.add("_request_", reqStr.toString()); } byte[] reqBytes = reqStr.toString().getBytes(); req.write(reqBytes); req.flush(); LOG.info("Processing response.."); PushbackInputStream in = // process response new PushbackInputStream(new BufferedInputStream(socket.getInputStream(), Http.BUFFER_SIZE), Http.BUFFER_SIZE); StringBuffer line = new StringBuffer(); // store the http headers verbatim if (conf.getBoolean("store.http.headers", false) == true) { httpHeaders = new StringBuffer(); } headers.add("nutch.fetch.time", Long.toString(System.currentTimeMillis())); boolean haveSeenNonContinueStatus = false; while (!haveSeenNonContinueStatus) { // parse status code line this.code = parseStatusLine(in, line); if (httpHeaders != null) httpHeaders.append(line).append("\n"); // parse headers parseHeaders(in, line, httpHeaders); haveSeenNonContinueStatus = code != 100; // 100 is "Continue" } if (httpHeaders != null) { headers.add("_response.headers_", httpHeaders.toString()); } String transferEncoding = getHeader(Response.TRANSFER_ENCODING); LOG.info("Transfer Encoding for " + url + ":" + transferEncoding); if (transferEncoding != null && "chunked".equalsIgnoreCase(transferEncoding.trim())) { readChunkedContent(in, line); } else { readPlainContent(in); } String contentEncoding = getHeader(Response.CONTENT_ENCODING); if ("gzip".equals(contentEncoding) || "x-gzip".equals(contentEncoding)) { content = http.processGzipEncoded(content, url); } else if ("deflate".equals(contentEncoding)) { content = http.processDeflateEncoded(content, url); } else { if (Http.LOG.isTraceEnabled()) { Http.LOG.trace("fetched " + content.length + " bytes from " + url); } } LOG.info("Checking URL:" + url.toString()); //check if url contains google drive string if (url.toString().toLowerCase().contains("https://drive.google.com/")) { //split into two string separated by '=' to get the article id LOG.info("Google Drive URL Detected!"); String[] parts = url.toString().split("="); url = new URL("http://drive.google.com/uc?export=download&id=" + parts[1]); LOG.info("New URL:" + url.toString()); this.http = http; this.url = url; this.orig = url.toString(); this.base = url.toString(); HttpClient client = new HttpClient(); GetMethod method = new GetMethod(url.toString()); int statusCode = client.executeMethod(method); content = method.getResponseBody(); LOG.info("File Size on Drive: " + content.length); // return; } LOG.info("Fetch Bytes: " + content.length + " bytes from " + url); } finally { if (socket != null) socket.close(); } }
From source file:org.apache.nutch.protocol.s2jh.HttpResponse.java
public HttpResponse(HttpBase http, URL url, WebPage page) throws ProtocolException, IOException { conf = http.getConf();//from ww w.j a va 2 s.com this.http = http; this.url = url; Scheme scheme = null; if ("http".equals(url.getProtocol())) { scheme = Scheme.HTTP; } else if ("https".equals(url.getProtocol())) { scheme = Scheme.HTTPS; } else { throw new HttpException("Unknown scheme (not http/https) for url:" + url); } if (Http.LOG.isTraceEnabled()) { Http.LOG.trace("fetching " + url); } String path = "".equals(url.getFile()) ? "/" : url.getFile(); // some servers will redirect a request with a host line like // "Host: <hostname>:80" to "http://<hpstname>/<orig_path>"- they // don't want the :80... String host = url.getHost(); int port; String portString; if (url.getPort() == -1) { if (scheme == Scheme.HTTP) { port = 80; } else { port = 443; } portString = ""; } else { port = url.getPort(); portString = ":" + port; } Socket socket = null; try { socket = new Socket(); // create the socket socket.setSoTimeout(http.getTimeout()); // connect String sockHost = http.useProxy() ? http.getProxyHost() : host; int sockPort = http.useProxy() ? http.getProxyPort() : port; InetSocketAddress sockAddr = new InetSocketAddress(sockHost, sockPort); socket.connect(sockAddr, http.getTimeout()); if (scheme == Scheme.HTTPS) { SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); SSLSocket sslsocket = (SSLSocket) factory.createSocket(socket, sockHost, sockPort, true); sslsocket.setUseClientMode(true); // Get the protocols and ciphers supported by this JVM Set<String> protocols = new HashSet<String>(Arrays.asList(sslsocket.getSupportedProtocols())); Set<String> ciphers = new HashSet<String>(Arrays.asList(sslsocket.getSupportedCipherSuites())); // Intersect with preferred protocols and ciphers protocols.retainAll(http.getTlsPreferredProtocols()); ciphers.retainAll(http.getTlsPreferredCipherSuites()); sslsocket.setEnabledProtocols(protocols.toArray(new String[protocols.size()])); sslsocket.setEnabledCipherSuites(ciphers.toArray(new String[ciphers.size()])); sslsocket.startHandshake(); socket = sslsocket; } if (sockAddr != null && conf.getBoolean("store.ip.address", false) == true) { String ipString = sockAddr.getAddress().getHostAddress(); // get the ip // address page.getMetadata().put(new Utf8("_ip_"), ByteBuffer.wrap(ipString.getBytes())); } Http.LOG.debug("HTTP fetching: " + url); // make request OutputStream req = socket.getOutputStream(); StringBuffer reqStr = new StringBuffer("GET "); if (http.useProxy()) { reqStr.append(url.getProtocol() + "://" + host + portString + path); } else { reqStr.append(path); } reqStr.append(" HTTP/1.0\r\n"); reqStr.append("Host: "); reqStr.append(host); reqStr.append(portString); reqStr.append("\r\n"); reqStr.append("Accept-Encoding: x-gzip, gzip\r\n"); reqStr.append("Accept: "); reqStr.append(this.http.getAccept()); reqStr.append("\r\n"); String userAgent = http.getUserAgent(); if ((userAgent == null) || (userAgent.length() == 0)) { if (Http.LOG.isErrorEnabled()) { Http.LOG.error("User-agent is not set!"); } } else { reqStr.append("User-Agent: "); reqStr.append(userAgent); reqStr.append("\r\n"); } // if (page.isReadable(WebPage.Field.MODIFIED_TIME.getIndex())) { reqStr.append("If-Modified-Since: " + HttpDateFormat.toString(page.getModifiedTime())); reqStr.append("\r\n"); // } reqStr.append("\r\n"); byte[] reqBytes = reqStr.toString().getBytes(); req.write(reqBytes); req.flush(); PushbackInputStream in = // process response new PushbackInputStream(new BufferedInputStream(socket.getInputStream(), Http.BUFFER_SIZE), Http.BUFFER_SIZE); StringBuffer line = new StringBuffer(); boolean haveSeenNonContinueStatus = false; while (!haveSeenNonContinueStatus) { // parse status code line this.code = parseStatusLine(in, line); // parse headers parseHeaders(in, line); haveSeenNonContinueStatus = code != 100; // 100 is "Continue" } if (!url.toString().endsWith("robots.txt")) { if (readPlainContent(url.toString(), in)) { } else if (readPlainContentByHtmlunit(url)) { } else { readPlainContentByWebDriver(url); } } if (content != null && content.length > 0) { String html = charset == null ? new String(content) : new String(content, charset); //System.out.println("URL: " + url + ", CharsetName: " + charset + " , Page HTML=\n" + html); Http.LOG_HTML.trace("URL: " + url + ", CharsetName: " + charset + " , Page HTML=\n" + html); } // add headers in metadata to row if (page.getHeaders() != null) { page.getHeaders().clear(); } for (String key : headers.names()) { page.getHeaders().put(new Utf8(key), new Utf8(headers.get(key))); } } catch (Exception e) { Http.LOG.error(e.getMessage(), e); } finally { if (socket != null) socket.close(); } }
From source file:org.beepcore.beep.profile.tls.jsse.TLSProfileJSSE.java
public void receiveMSG(MessageMSG msg) { Channel channel = msg.getChannel(); InputDataStreamAdapter is = msg.getDataStream().getInputStream(); BufferedReader reader = new BufferedReader(new InputStreamReader(is)); String data;/*from w w w. j a v a 2 s . com*/ try { try { data = reader.readLine(); } catch (IOException e) { msg.sendERR(BEEPError.CODE_PARAMETER_ERROR, "Error reading data"); return; } if (data.equals(READY1) == false && data.equals(READY2) == false) { msg.sendERR(BEEPError.CODE_PARAMETER_INVALID, "Expected READY element"); } this.begin(channel); msg.sendRPY(new StringOutputDataStream(PROCEED2)); } catch (BEEPException e1) { channel.getSession().terminate("unable to send ERR"); return; } try { Socket oldSocket = ((TCPSession) channel.getSession()).getSocket(); /** @TODO add support for serverName */ SSLSocket newSocket = (SSLSocket) socketFactory.createSocket(oldSocket, oldSocket.getInetAddress().getHostName(), oldSocket.getPort(), true); BeepListenerHCL l = new BeepListenerHCL(channel); newSocket.addHandshakeCompletedListener(l); newSocket.setUseClientMode(false); newSocket.setNeedClientAuth(needClientAuth); newSocket.setEnabledCipherSuites(newSocket.getSupportedCipherSuites()); if (sslProtocols != null) { newSocket.setEnabledProtocols(sslProtocols); } newSocket.startHandshake(); } catch (IOException e) { channel.getSession().terminate("TLS error: " + e.getMessage()); return; } }
From source file:org.beepcore.beep.profile.tls.jsse.TLSProfileJSSE.java
/** * start a channel for the TLS profile. Besides issuing the * channel start request, it also performs the initiator side * chores necessary to begin encrypted communication using TLS * over a session. Parameters regarding the type of encryption * and whether or not authentication is required are specified * using the profile configuration passed to the <code>init</code> * method Upon returning, all traffic over the session will be * entrusted as per these parameters.<p> * * @see #init init - profile configuration * @param session The session to encrypt communcation for * * @return new <code>Session</code> with TLS negotiated. * @throws BEEPException an error occurs during the channel start * request or the TLS handshake (such as trying to negotiate an * anonymous connection with a peer that doesn't support an * anonymous cipher suite).// www . jav a 2 s . c o m */ public TCPSession startTLS(TCPSession session) throws BEEPException { Channel ch = startChannel(session, uri, false, READY2, null); // See if we got start data back String data = ch.getStartData(); if (log.isDebugEnabled()) { log.debug("Got start data of " + data); } // Consider the data (see if it's proceed) if ((data == null) || (!data.equals(PROCEED1) && !data.equals(PROCEED2))) { log.error("Invalid reply: " + data); throw new BEEPException(ERR_EXPECTED_PROCEED); } // Freeze IO and get the socket and reset it to TLS Socket oldSocket = session.getSocket(); SSLSocket newSocket = null; TLSHandshake l = new TLSHandshake(); // create the SSL Socket try { newSocket = (SSLSocket) socketFactory.createSocket(oldSocket, oldSocket.getInetAddress().getHostName(), oldSocket.getPort(), true); newSocket.addHandshakeCompletedListener(l); newSocket.setUseClientMode(true); newSocket.setNeedClientAuth(needClientAuth); newSocket.setEnabledCipherSuites(newSocket.getSupportedCipherSuites()); if (this.sslProtocols != null) { newSocket.setEnabledProtocols(sslProtocols); } // set up so the handshake listeners will be called l.session = session; log.debug("Handshake starting"); newSocket.startHandshake(); log.debug("Handshake returned"); synchronized (l) { if (!l.notifiedHandshake) { l.waitingForHandshake = true; l.wait(); l.waitingForHandshake = false; } } log.debug("Handshake done waiting"); } catch (javax.net.ssl.SSLException e) { log.error(e); throw new BEEPException(e); } catch (java.io.IOException e) { log.error(e); throw new BEEPException(ERR_TLS_SOCKET); } catch (InterruptedException e) { log.error(e); throw new BEEPException(ERR_TLS_HANDSHAKE_WAIT); } // swap it out for the new one with TLS enabled. if (abortSession) { session.close(); throw new BEEPException(ERR_TLS_NO_AUTHENTICATION); } else { Hashtable hash = new Hashtable(); hash.put(SessionTuningProperties.ENCRYPTION, "true"); SessionTuningProperties tuning = new SessionTuningProperties(hash); return (TCPSession) reset(session, generateCredential(), l.cred, tuning, session.getProfileRegistry(), newSocket); } }
From source file:org.cloudcoder.submitsvc.oop.builder.WebappSocketFactory.java
/** * Create a secure connection to the webapp. * //from w w w. j a v a 2 s . c om * @return Socket through which the builder can communicate with the webapp * @throws UnknownHostException * @throws IOException * @throws GeneralSecurityException */ public Socket connectToWebapp() throws UnknownHostException, IOException { SSLSocket socket = (SSLSocket) socketFactory.createSocket(host, port); socket.setEnabledProtocols(new String[] { "TLSv1" }); return socket; }
From source file:org.glite.security.trustmanager.axis2.AXIS2SocketFactory.java
/** Creates a new SSLSocket bound to ContextWrapper **/ private Socket createSocket() throws IOException { SSLSocket socket; try {/* ww w. ja v a 2s . c om*/ ContextWrapper contextWrapper = new ContextWrapper(getCurrentProperties()); socket = (javax.net.ssl.SSLSocket) contextWrapper.getSocketFactory().createSocket(); socket.setEnabledProtocols(new String[] { contextWrapper.getContext().getProtocol() }); } catch (Exception e) { LOGGER.fatal("createSocket(): SSL socket creation failed : " + e.getMessage(), e); throw new IOException(e.toString()); } return socket; }
From source file:org.globus.myproxy.MyProxy.java
/** * Bootstraps trustroot information from the MyProxy server. * * @exception MyProxyException/*from w ww .j a v a2s.co m*/ * If an error occurred during the operation. */ public void bootstrapTrust() throws MyProxyException { try { SSLContext sc = SSLContext.getInstance("SSL"); MyTrustManager myTrustManager = new MyTrustManager(); TrustManager[] trustAllCerts = new TrustManager[] { myTrustManager }; sc.init(null, trustAllCerts, new java.security.SecureRandom()); SSLSocketFactory sf = sc.getSocketFactory(); SSLSocket socket = (SSLSocket) sf.createSocket(this.host, this.port); socket.setEnabledProtocols(new String[] { "SSLv3" }); socket.startHandshake(); socket.close(); X509Certificate[] acceptedIssuers = myTrustManager.getAcceptedIssuers(); if (acceptedIssuers == null) { throw new MyProxyException("Failed to determine MyProxy server trust roots in bootstrapTrust."); } for (int idx = 0; idx < acceptedIssuers.length; idx++) { File x509Dir = new File(org.globus.myproxy.MyProxy.getTrustRootPath()); if (!x509Dir.exists()) { StringBuffer newSubject = new StringBuffer(); String[] subjArr = acceptedIssuers[idx].getSubjectDN().getName().split(", "); for (int i = (subjArr.length - 1); i > -1; i--) { newSubject.append("/"); newSubject.append(subjArr[i]); } String subject = newSubject.toString(); File tmpDir = new File(getTrustRootPath() + "-" + System.currentTimeMillis()); if (tmpDir.mkdir() == true) { String hash = opensslHash(acceptedIssuers[idx]); String filename = tmpDir.getPath() + tmpDir.separator + hash + ".0"; FileOutputStream os = new FileOutputStream(new File(filename)); CertificateIOUtil.writeCertificate(os, acceptedIssuers[idx]); os.close(); if (logger.isDebugEnabled()) { logger.debug("wrote trusted certificate to " + filename); } filename = tmpDir.getPath() + tmpDir.separator + hash + ".signing_policy"; os = new FileOutputStream(new File(filename)); Writer wr = new OutputStreamWriter(os, Charset.forName("UTF-8")); wr.write("access_id_CA X509 '"); wr.write(subject); wr.write("'\npos_rights globus CA:sign\ncond_subjects globus \"*\"\n"); wr.flush(); wr.close(); os.close(); if (logger.isDebugEnabled()) { logger.debug("wrote trusted certificate policy to " + filename); } // success. commit the bootstrapped directory. if (tmpDir.renameTo(x509Dir) == true) { if (logger.isDebugEnabled()) { logger.debug("renamed " + tmpDir.getPath() + " to " + x509Dir.getPath()); } } else { throw new MyProxyException( "Unable to rename " + tmpDir.getPath() + " to " + x509Dir.getPath()); } } else { throw new MyProxyException("Cannot create temporary directory: " + tmpDir.getName()); } } } } catch (Exception e) { throw new MyProxyException("MyProxy bootstrapTrust failed.", e); } }
From source file:org.lockss.protocol.BlockingStreamComm.java
private void disableSelectedProtocols(SSLSocket sock) { if (paramDisableSslClientProtocols == null) return;/* ww w .ja v a 2 s .c om*/ Set<String> enaprotos = new HashSet<String>(); for (String s : sock.getEnabledProtocols()) { if (paramDisableSslClientProtocols.contains(s)) { continue; } enaprotos.add(s); } sock.setEnabledProtocols(enaprotos.toArray(new String[0])); }
From source file:org.openhealthtools.openatna.net.SecureSocketFactory.java
private void setAtnaProtocols(SSLSocket secureSocket) { secureSocket.setEnabledProtocols(getAtnaProtocols()); //String[] strings = {"SSL_RSA_WITH_NULL_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA"}; secureSocket.setEnabledCipherSuites(getAtnaCipherSuites()); // Useful debugging information: //secureSocket.setSoTimeout(1000); //String[] strings = secureSocket.getSupportedCipherSuites(); //for (String s: strings) System.out.println(s); //strings = secureSocket.getEnabledCipherSuites(); //for (String s: strings) System.out.println(s); }
From source file:org.openhealthtools.openexchange.actorconfig.net.SecureSocketFactory.java
private void setAtnaProtocols(SSLSocket secureSocket) { secureSocket.setEnabledProtocols(new String[] { "TLSv1" }); String[] strings = { //retired per CP 478 "SSL_RSA_WITH_NULL_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA" }; secureSocket.setEnabledCipherSuites(strings); // Useful debugging information: //secureSocket.setSoTimeout(1000); //String[] strings = secureSocket.getSupportedCipherSuites(); //for (String s: strings) System.out.println(s); //strings = secureSocket.getEnabledCipherSuites(); //for (String s: strings) System.out.println(s); }