public SunSSLTransportFactory(Properties properties) throws GeneralSecurityException {
    X509TrustManager trustManager;
    HostnameVerifier hostnameVerifier;
    SSLContext sslContext;

    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

    url = (URL) properties.get(XmlRpcTransportFactory.TRANSPORT_URL);
    auth = properties.getProperty(XmlRpcTransportFactory.TRANSPORT_AUTH);

    trustManager = (X509TrustManager) properties.get(TRANSPORT_TRUSTMANAGER);
    if (trustManager == null) {
      trustManager = openTrustManager;
    }

    hostnameVerifier = (HostnameVerifier) properties.get(TRANSPORT_HOSTNAMEVERIFIER);
    if (hostnameVerifier == null) {
      hostnameVerifier = openHostnameVerifier;
    }

    sslContext = SSLContext.getInstance(SecurityTool.getSecurityProtocol());
    X509TrustManager[] tmArray = new X509TrustManager[] {trustManager};
    sslContext.init(null, tmArray, new SecureRandom());

    // Set the default SocketFactory and HostnameVerifier
    // for javax.net.ssl.HttpsURLConnection
    if (sslContext != null) {
      HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
    }
    HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
  }
Ejemplo n.º 2
0
  /*
   * Define the client side of the test.
   *
   * If the server prematurely exits, serverReady will be set to true
   * to avoid infinite hangs.
   */
  void doClientSide() throws Exception {

    /*
     * Wait for server to get started.
     */
    while (!serverReady) {
      Thread.sleep(50);
    }

    /*
     * See if an unknown keystore actually gets checked ok.
     */
    System.out.println("==============");
    System.out.println("Starting test0");
    KeyStore uks = KeyStore.getInstance("JKS");
    SSLContext ctx = SSLContext.getInstance("TLS");
    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

    uks.load(new FileInputStream(unknownFilename), cpasswd);
    kmf.init(uks, cpasswd);

    TrustManager[] tms = new TrustManager[] {new MyJavaxX509TrustManager()};

    ctx.init(kmf.getKeyManagers(), tms, null);

    SSLSocketFactory sslsf = (SSLSocketFactory) ctx.getSocketFactory();

    System.out.println("Trying first socket " + serverPort);
    SSLSocket sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort);

    doTest(sslSocket);

    /*
     * Now try the other way.
     */
    com.sun.net.ssl.SSLContext ctx1 = com.sun.net.ssl.SSLContext.getInstance("TLS");
    com.sun.net.ssl.KeyManagerFactory kmf1 =
        com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
    kmf1.init(uks, cpasswd);

    com.sun.net.ssl.TrustManager[] tms1 =
        new com.sun.net.ssl.TrustManager[] {new MyComX509TrustManager()};

    ctx1.init(kmf1.getKeyManagers(), tms1, null);

    sslsf = (SSLSocketFactory) ctx1.getSocketFactory();

    System.out.println("Trying second socket " + serverPort1);
    sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort1);

    doTest(sslSocket);
    System.out.println("Completed test1");
  }
Ejemplo n.º 3
0
 public static javax.net.SocketFactory getSSLFactory(
     java.lang.String s, java.lang.String s1, java.lang.StringBuffer stringbuffer) {
   javax.net.ssl.SSLSocketFactory sslsocketfactory = null;
   try {
     if (!(new File(s)).exists()) {
       throw new Exception("certificate not found");
     }
     java.security.KeyStore keystore;
     if (s.endsWith(".pfx")) {
       keystore = java.security.KeyStore.getInstance("PKCS12");
     } else {
       keystore = java.security.KeyStore.getInstance("JKS");
     }
     java.io.FileInputStream fileinputstream = new FileInputStream(s);
     char ac[] = s1.toCharArray();
     char ac1[] = s1.toCharArray();
     keystore.load(fileinputstream, ac);
     java.util.Enumeration enumeration = keystore.aliases();
     while (enumeration.hasMoreElements()) {
       java.lang.String s2 = (java.lang.String) enumeration.nextElement();
       certificateDescription = certificateDescription + " (" + s2;
       java.security.cert.Certificate acertificate[] = keystore.getCertificateChain(s2);
       if (acertificate != null) {
         int i = 0;
         while (i < acertificate.length) {
           java.security.cert.X509Certificate x509certificate =
               (java.security.cert.X509Certificate) acertificate[i];
           certificateDescription =
               certificateDescription
                   + " (cert "
                   + x509certificate.getSubjectDN()
                   + ", "
                   + x509certificate.getSigAlgName()
                   + ")";
           i++;
         }
       }
     }
     stringbuffer.append("certs: " + certificateDescription + "\n");
     com.sun.net.ssl.KeyManagerFactory keymanagerfactory =
         com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
     keymanagerfactory.init(keystore, ac1);
     com.sun.net.ssl.KeyManager akeymanager[] = keymanagerfactory.getKeyManagers();
     com.sun.net.ssl.SSLContext sslcontext = com.sun.net.ssl.SSLContext.getInstance("SSL");
     sslcontext.init(akeymanager, null, randomGenerator);
     sslsocketfactory = sslcontext.getSocketFactory();
   } catch (java.lang.Throwable throwable) {
     throwable.printStackTrace();
     stringbuffer.append("error: " + throwable.toString());
   }
   return sslsocketfactory;
 }
Ejemplo n.º 4
0
  /**
   * Set the default X509 Trust Manager to an instance of a fake class that trust all certificates,
   * even the self-signed ones. This method uses the old deprecated API from the <code>com.sun.ssl
   * </code> package.
   *
   * @deprecated see {@link #_trustAllHttpsCertificates()}.
   */
  private static void __trustAllHttpsCertificates() {
    com.sun.net.ssl.SSLContext context;

    // Create a trust manager that does not validate certificate chains
    if (__trustManagers == null) {
      __trustManagers = new com.sun.net.ssl.TrustManager[] {new _FakeX509TrustManager()};
    } // if
    // Install the all-trusting trust manager
    try {
      context = com.sun.net.ssl.SSLContext.getInstance("SSL");
      context.init(null, __trustManagers, new SecureRandom());
    } catch (GeneralSecurityException gse) {
      throw new IllegalStateException(gse.getMessage());
    } // catch
    com.sun.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
  } // __trustAllHttpsCertificates
Ejemplo n.º 5
0
  public ZMSSLSocketFactory() {
    System.out.println("ZMSSLSocketFactory instantiated");
    try {
      SSLContext sslcontext = SSLContext.getInstance("SSL");
      sslcontext.init(
          null, // No KeyManager required
          new TrustManager[] {new ZMTrustManager()},
          new java.security.SecureRandom());
      factory = (SSLSocketFactory) sslcontext.getSocketFactory();
    } catch (Exception ex) {
      ex.printStackTrace();
    }
    javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
        new javax.net.ssl.HostnameVerifier() {
          public boolean verify(String urlHostname, String certHostname) {
            return true;
          }

          public boolean verify(String urlHostname, javax.net.ssl.SSLSession session) {
            return true;
          }
        });
  }
Ejemplo n.º 6
0
  /*
   * Define the server side of the test.
   *
   * If the server prematurely exits, serverReady will be set to true
   * to avoid infinite hangs.
   */
  void doServerSide() throws Exception {
    KeyStore ks = KeyStore.getInstance("JKS");
    com.sun.net.ssl.SSLContext ctx = com.sun.net.ssl.SSLContext.getInstance("TLS");
    com.sun.net.ssl.KeyManagerFactory kmf =
        com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");

    ks.load(new FileInputStream(keyFilename), cpasswd);
    kmf.init(ks, cpasswd);

    com.sun.net.ssl.TrustManager[] tms =
        new com.sun.net.ssl.TrustManager[] {new MyComX509TrustManager()};

    ctx.init(kmf.getKeyManagers(), tms, null);

    SSLServerSocketFactory sslssf = (SSLServerSocketFactory) ctx.getServerSocketFactory();

    SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort);
    serverPort = sslServerSocket.getLocalPort();

    sslServerSocket.setNeedClientAuth(true);

    /*
     * Create using the other type.
     */
    SSLContext ctx1 = SSLContext.getInstance("TLS");
    KeyManagerFactory kmf1 = KeyManagerFactory.getInstance("SunX509");

    TrustManager[] tms1 = new TrustManager[] {new MyJavaxX509TrustManager()};

    kmf1.init(ks, cpasswd);

    ctx1.init(kmf1.getKeyManagers(), tms1, null);

    sslssf = (SSLServerSocketFactory) ctx1.getServerSocketFactory();

    SSLServerSocket sslServerSocket1 = (SSLServerSocket) sslssf.createServerSocket(serverPort1);
    serverPort1 = sslServerSocket1.getLocalPort();
    sslServerSocket1.setNeedClientAuth(true);

    /*
     * Signal Client, we're ready for his connect.
     */
    serverReady = true;

    SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
    sslServerSocket.close();
    serverReady = false;

    InputStream sslIS = sslSocket.getInputStream();
    OutputStream sslOS = sslSocket.getOutputStream();

    sslIS.read();
    sslOS.write(85);
    sslOS.flush();
    sslSocket.close();

    sslSocket = (SSLSocket) sslServerSocket1.accept();
    sslIS = sslSocket.getInputStream();
    sslOS = sslSocket.getOutputStream();

    sslIS.read();
    sslOS.write(85);
    sslOS.flush();
    sslSocket.close();

    System.out.println("Server exiting!");
    System.out.flush();
  }
Ejemplo n.º 7
0
  public static java.lang.String initialize(
      java.lang.String s, java.lang.String s1, java.lang.String s2) {
    java.lang.String s3 = "";
    try {
      java.lang.System.setProperty(
          "java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
      java.security.Security.addProvider(new Provider());
      com.sun.net.ssl.SSLContext sslcontext = com.sun.net.ssl.SSLContext.getInstance("SSL");
      randomGenerator = new SecureRandom();
      byte abyte0[] = new byte[20];
      for (int i = 0; i < 20; i++) {
        abyte0[i] = (byte) (int) (java.lang.Math.random() * 256D - 128D);
      }

      randomGenerator.setSeed(abyte0);
      if ((new File(s + ".pfx")).exists()) {
        s = s + ".pfx";
      }
      com.sun.net.ssl.KeyManager akeymanager[] = null;
      try {
        if ((new File(s)).exists()) {
          java.security.KeyStore keystore;
          if (s.endsWith(".pfx")) {
            keystore = java.security.KeyStore.getInstance("PKCS12");
          } else {
            keystore = java.security.KeyStore.getInstance("JKS");
          }
          com.sun.net.ssl.KeyManagerFactory keymanagerfactory =
              com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
          java.io.FileInputStream fileinputstream = new FileInputStream(s);
          char ac[] = s1.toCharArray();
          char ac1[] = s2.toCharArray();
          keystore.load(fileinputstream, ac);
          java.util.Enumeration enumeration = keystore.aliases();
          while (enumeration.hasMoreElements()) {
            java.lang.String s4 = (java.lang.String) enumeration.nextElement();
            certificateDescription = certificateDescription + " (" + s4;
            java.security.cert.Certificate acertificate[] = keystore.getCertificateChain(s4);
            if (acertificate != null) {
              int j = 0;
              while (j < acertificate.length) {
                java.security.cert.X509Certificate x509certificate =
                    (java.security.cert.X509Certificate) acertificate[j];
                certificateDescription =
                    certificateDescription
                        + " (cert "
                        + x509certificate.getSubjectDN()
                        + ", "
                        + x509certificate.getSigAlgName()
                        + ")";
                j++;
              }
            }
          }
          s3 = s3 + "certs: " + certificateDescription + "\n";
          keymanagerfactory.init(keystore, ac1);
          akeymanager = keymanagerfactory.getKeyManagers();
        }
      } catch (java.lang.Exception exception) {
        exception.printStackTrace();
        s3 = s3 + exception.toString();
      }
      sslcontext.init(akeymanager, null, randomGenerator);
      if (akeymanager != null) {
        sslServerSocketFactory = sslcontext.getServerSocketFactory();
      }
      sslSocketFactory = sslcontext.getSocketFactory();
    } catch (java.lang.Throwable throwable) {
      throwable.printStackTrace();
      s3 = s3 + throwable.toString();
    }
    return s3;
  }