Example usage for org.apache.http.conn.ssl DefaultHostnameVerifier verify

Introduction

In this page you can find the example usage for org.apache.http.conn.ssl DefaultHostnameVerifier verify.

Prototype

public final void verify(final String host, final X509Certificate cert) throws SSLException 

Source Link

Usage

From source file:org.aevans.goat.net.SSLStrategyGetter.java

public static SchemeIOSessionStrategy getSchemeIOSessionStrategy() {
    DefaultHostnameVerifier hostnameVerifier = new DefaultHostnameVerifier(
            PublicSuffixMatcherLoader.getDefault());
    SchemeIOSessionStrategy sioss = new SchemeIOSessionStrategy() {

        @Override/*ww w  .j a v a  2 s .  c  o  m*/
        public boolean isLayeringRequired() {
            return true;
        }

        @Override
        public IOSession upgrade(final HttpHost host, final IOSession iosession) throws IOException {

            SSLSetupHandler handler = new SSLSetupHandler() {

                @Override
                public void initalize(SSLEngine sslengine) throws SSLException {
                }

                @Override
                public void verify(IOSession iosession, SSLSession sslsession) throws SSLException {
                    if (!hostnameVerifier.verify(host.getHostName(), sslsession)) {
                        final java.security.cert.Certificate[] certs = sslsession.getPeerCertificates();
                        final X509Certificate x509 = (X509Certificate) certs[0];
                        final X500Principal x500Principal = x509.getSubjectX500Principal();
                        throw new SSLPeerUnverifiedException("Host name '" + host.getHostName()
                                + "' does not match " + "the certificate subject provided by the peer ("
                                + x500Principal.toString() + ")");
                    }
                }

            };
            SSLBufferManagementStrategy sslbm = new ReleasableSSLBufferManagementStrategy();
            SSLIOSession ssio = new SSLIOSession(iosession, SSLMode.CLIENT, host, SSLContexts.createDefault(),
                    handler, sslbm);
            iosession.setAttribute(SSLIOSession.SESSION_KEY, ssio);
            ssio.initialize();
            return ssio;
        }

    };

    return sioss;
}

---

From source file:com.codedx.burp.security.InvalidCertificateDialogStrategy.java

@Override
public CertificateAcceptance checkAcceptance(Certificate genericCert, CertificateException certError) {
    if (genericCert instanceof X509Certificate && defaultHostVerifier instanceof DefaultHostnameVerifier) {
        X509Certificate cert = (X509Certificate) genericCert;
        DefaultHostnameVerifier verifier = (DefaultHostnameVerifier) defaultHostVerifier;

        JPanel message = new JPanel(new GridBagLayout());
        GridBagConstraints gbc = new GridBagConstraints();
        gbc.gridwidth = 2;/*w  w  w . j  a  v a2  s .  co  m*/
        gbc.insets = new Insets(0, 0, 10, 0);
        gbc.anchor = GridBagConstraints.WEST;
        message.add(
                new JLabel("Unable to establish a secure connection because the certificate is not trusted"),
                gbc);

        gbc = new GridBagConstraints();
        gbc.gridy = 2;
        gbc.insets = new Insets(2, 0, 2, 0);
        gbc.anchor = GridBagConstraints.WEST;

        JLabel issuer = new JLabel("Issuer: ");
        Font defaultFont = issuer.getFont();
        Font bold = new Font(defaultFont.getName(), Font.BOLD, defaultFont.getSize());
        issuer.setFont(bold);

        message.add(issuer, gbc);
        gbc.gridx = 1;
        message.add(new JLabel(cert.getIssuerDN().toString()), gbc);

        try {
            JLabel fingerprint = new JLabel("Thumbprint: ");
            fingerprint.setFont(bold);
            gbc.gridx = 0;
            gbc.gridy += 1;
            message.add(fingerprint, gbc);

            gbc.gridx = 1;
            message.add(new JLabel(toHexString(getSHA1(cert.getEncoded()), " ")), gbc);
        } catch (CertificateEncodingException e) {
            // this shouldn't actually ever happen
        }

        try {
            verifier.verify(host, cert);
        } catch (SSLException e) {
            String cn = getCN(cert);

            JLabel mismatch = new JLabel("Host Mismatch: ");
            mismatch.setFont(bold);
            gbc.gridx = 0;
            gbc.gridy += 1;
            message.add(mismatch, gbc);

            String msg;
            if (cn != null) {
                msg = String.format("Expected '%s', but the certificate is for '%s'.", host, cn);
            } else {
                msg = e.getMessage();
            }

            gbc.gridx = 1;
            message.add(new JLabel(msg), gbc);
        }

        // Open the dialog, and return its result
        int choice = JOptionPane.showOptionDialog(burpExtender.getUiComponent(), message, dialogTitle,
                JOptionPane.YES_NO_CANCEL_OPTION, JOptionPane.PLAIN_MESSAGE, null, dialogButtons, null);
        switch (choice) {
        case (0):
            return CertificateAcceptance.REJECT;
        case (1):
            return CertificateAcceptance.ACCEPT_TEMPORARILY;
        case (2):
            return CertificateAcceptance.ACCEPT_PERMANENTLY;
        }
    }
    return CertificateAcceptance.REJECT;
}

---