public SunSSLTransportFactory(Properties properties) throws GeneralSecurityException {
X509TrustManager trustManager;
HostnameVerifier hostnameVerifier;
SSLContext sslContext;
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
url = (URL) properties.get(XmlRpcTransportFactory.TRANSPORT_URL);
auth = properties.getProperty(XmlRpcTransportFactory.TRANSPORT_AUTH);
trustManager = (X509TrustManager) properties.get(TRANSPORT_TRUSTMANAGER);
if (trustManager == null) {
trustManager = openTrustManager;
}
hostnameVerifier = (HostnameVerifier) properties.get(TRANSPORT_HOSTNAMEVERIFIER);
if (hostnameVerifier == null) {
hostnameVerifier = openHostnameVerifier;
}
sslContext = SSLContext.getInstance(SecurityTool.getSecurityProtocol());
X509TrustManager[] tmArray = new X509TrustManager[] {trustManager};
sslContext.init(null, tmArray, new SecureRandom());
// Set the default SocketFactory and HostnameVerifier
// for javax.net.ssl.HttpsURLConnection
if (sslContext != null) {
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
}
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
while (!serverReady) {
Thread.sleep(50);
}
/*
* See if an unknown keystore actually gets checked ok.
*/
System.out.println("==============");
System.out.println("Starting test0");
KeyStore uks = KeyStore.getInstance("JKS");
SSLContext ctx = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
uks.load(new FileInputStream(unknownFilename), cpasswd);
kmf.init(uks, cpasswd);
TrustManager[] tms = new TrustManager[] {new MyJavaxX509TrustManager()};
ctx.init(kmf.getKeyManagers(), tms, null);
SSLSocketFactory sslsf = (SSLSocketFactory) ctx.getSocketFactory();
System.out.println("Trying first socket " + serverPort);
SSLSocket sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort);
doTest(sslSocket);
/*
* Now try the other way.
*/
com.sun.net.ssl.SSLContext ctx1 = com.sun.net.ssl.SSLContext.getInstance("TLS");
com.sun.net.ssl.KeyManagerFactory kmf1 =
com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
kmf1.init(uks, cpasswd);
com.sun.net.ssl.TrustManager[] tms1 =
new com.sun.net.ssl.TrustManager[] {new MyComX509TrustManager()};
ctx1.init(kmf1.getKeyManagers(), tms1, null);
sslsf = (SSLSocketFactory) ctx1.getSocketFactory();
System.out.println("Trying second socket " + serverPort1);
sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort1);
doTest(sslSocket);
System.out.println("Completed test1");
}
public static javax.net.SocketFactory getSSLFactory(
java.lang.String s, java.lang.String s1, java.lang.StringBuffer stringbuffer) {
javax.net.ssl.SSLSocketFactory sslsocketfactory = null;
try {
if (!(new File(s)).exists()) {
throw new Exception("certificate not found");
}
java.security.KeyStore keystore;
if (s.endsWith(".pfx")) {
keystore = java.security.KeyStore.getInstance("PKCS12");
} else {
keystore = java.security.KeyStore.getInstance("JKS");
}
java.io.FileInputStream fileinputstream = new FileInputStream(s);
char ac[] = s1.toCharArray();
char ac1[] = s1.toCharArray();
keystore.load(fileinputstream, ac);
java.util.Enumeration enumeration = keystore.aliases();
while (enumeration.hasMoreElements()) {
java.lang.String s2 = (java.lang.String) enumeration.nextElement();
certificateDescription = certificateDescription + " (" + s2;
java.security.cert.Certificate acertificate[] = keystore.getCertificateChain(s2);
if (acertificate != null) {
int i = 0;
while (i < acertificate.length) {
java.security.cert.X509Certificate x509certificate =
(java.security.cert.X509Certificate) acertificate[i];
certificateDescription =
certificateDescription
+ " (cert "
+ x509certificate.getSubjectDN()
+ ", "
+ x509certificate.getSigAlgName()
+ ")";
i++;
}
}
}
stringbuffer.append("certs: " + certificateDescription + "\n");
com.sun.net.ssl.KeyManagerFactory keymanagerfactory =
com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
keymanagerfactory.init(keystore, ac1);
com.sun.net.ssl.KeyManager akeymanager[] = keymanagerfactory.getKeyManagers();
com.sun.net.ssl.SSLContext sslcontext = com.sun.net.ssl.SSLContext.getInstance("SSL");
sslcontext.init(akeymanager, null, randomGenerator);
sslsocketfactory = sslcontext.getSocketFactory();
} catch (java.lang.Throwable throwable) {
throwable.printStackTrace();
stringbuffer.append("error: " + throwable.toString());
}
return sslsocketfactory;
}
/**
* Set the default X509 Trust Manager to an instance of a fake class that trust all certificates,
* even the self-signed ones. This method uses the old deprecated API from the <code>com.sun.ssl
* </code> package.
*
* @deprecated see {@link #_trustAllHttpsCertificates()}.
*/
private static void __trustAllHttpsCertificates() {
com.sun.net.ssl.SSLContext context;
// Create a trust manager that does not validate certificate chains
if (__trustManagers == null) {
__trustManagers = new com.sun.net.ssl.TrustManager[] {new _FakeX509TrustManager()};
} // if
// Install the all-trusting trust manager
try {
context = com.sun.net.ssl.SSLContext.getInstance("SSL");
context.init(null, __trustManagers, new SecureRandom());
} catch (GeneralSecurityException gse) {
throw new IllegalStateException(gse.getMessage());
} // catch
com.sun.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
} // __trustAllHttpsCertificates
public ZMSSLSocketFactory() {
System.out.println("ZMSSLSocketFactory instantiated");
try {
SSLContext sslcontext = SSLContext.getInstance("SSL");
sslcontext.init(
null, // No KeyManager required
new TrustManager[] {new ZMTrustManager()},
new java.security.SecureRandom());
factory = (SSLSocketFactory) sslcontext.getSocketFactory();
} catch (Exception ex) {
ex.printStackTrace();
}
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
new javax.net.ssl.HostnameVerifier() {
public boolean verify(String urlHostname, String certHostname) {
return true;
}
public boolean verify(String urlHostname, javax.net.ssl.SSLSession session) {
return true;
}
});
}
public static java.lang.String initialize(
java.lang.String s, java.lang.String s1, java.lang.String s2) {
java.lang.String s3 = "";
try {
java.lang.System.setProperty(
"java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
java.security.Security.addProvider(new Provider());
com.sun.net.ssl.SSLContext sslcontext = com.sun.net.ssl.SSLContext.getInstance("SSL");
randomGenerator = new SecureRandom();
byte abyte0[] = new byte[20];
for (int i = 0; i < 20; i++) {
abyte0[i] = (byte) (int) (java.lang.Math.random() * 256D - 128D);
}
randomGenerator.setSeed(abyte0);
if ((new File(s + ".pfx")).exists()) {
s = s + ".pfx";
}
com.sun.net.ssl.KeyManager akeymanager[] = null;
try {
if ((new File(s)).exists()) {
java.security.KeyStore keystore;
if (s.endsWith(".pfx")) {
keystore = java.security.KeyStore.getInstance("PKCS12");
} else {
keystore = java.security.KeyStore.getInstance("JKS");
}
com.sun.net.ssl.KeyManagerFactory keymanagerfactory =
com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
java.io.FileInputStream fileinputstream = new FileInputStream(s);
char ac[] = s1.toCharArray();
char ac1[] = s2.toCharArray();
keystore.load(fileinputstream, ac);
java.util.Enumeration enumeration = keystore.aliases();
while (enumeration.hasMoreElements()) {
java.lang.String s4 = (java.lang.String) enumeration.nextElement();
certificateDescription = certificateDescription + " (" + s4;
java.security.cert.Certificate acertificate[] = keystore.getCertificateChain(s4);
if (acertificate != null) {
int j = 0;
while (j < acertificate.length) {
java.security.cert.X509Certificate x509certificate =
(java.security.cert.X509Certificate) acertificate[j];
certificateDescription =
certificateDescription
+ " (cert "
+ x509certificate.getSubjectDN()
+ ", "
+ x509certificate.getSigAlgName()
+ ")";
j++;
}
}
}
s3 = s3 + "certs: " + certificateDescription + "\n";
keymanagerfactory.init(keystore, ac1);
akeymanager = keymanagerfactory.getKeyManagers();
}
} catch (java.lang.Exception exception) {
exception.printStackTrace();
s3 = s3 + exception.toString();
}
sslcontext.init(akeymanager, null, randomGenerator);
if (akeymanager != null) {
sslServerSocketFactory = sslcontext.getServerSocketFactory();
}
sslSocketFactory = sslcontext.getSocketFactory();
} catch (java.lang.Throwable throwable) {
throwable.printStackTrace();
s3 = s3 + throwable.toString();
}
return s3;
}