/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
while (!serverReady) {
Thread.sleep(50);
}
SSLSocketFactory sslsf = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort);
// enable TLSv1.1 only
sslSocket.setEnabledProtocols(new String[] {"TLSv1.1"});
// enable a block cipher
sslSocket.setEnabledCipherSuites(new String[] {"TLS_RSA_WITH_AES_128_CBC_SHA"});
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
sslOS.write('B');
sslOS.flush();
sslIS.read();
sslSocket.close();
}
/**
* SSL/TLS negotiation. Acquires an SSL socket of a control connection and carries out handshake
* processing.
*
* @throws IOException If server negotiation fails
*/
protected void sslNegotiation() throws IOException {
plainSocket = _socket_;
initSslContext();
SSLSocketFactory ssf = context.getSocketFactory();
String ip = _socket_.getInetAddress().getHostAddress();
int port = _socket_.getPort();
SSLSocket socket = (SSLSocket) ssf.createSocket(_socket_, ip, port, false);
socket.setEnableSessionCreation(isCreation);
socket.setUseClientMode(isClientMode);
// server mode
if (!isClientMode) {
socket.setNeedClientAuth(isNeedClientAuth);
socket.setWantClientAuth(isWantClientAuth);
}
if (protocols != null) {
socket.setEnabledProtocols(protocols);
}
if (suites != null) {
socket.setEnabledCipherSuites(suites);
}
socket.startHandshake();
_socket_ = socket;
_controlInput_ =
new BufferedReader(new InputStreamReader(socket.getInputStream(), getControlEncoding()));
_controlOutput_ =
new BufferedWriter(new OutputStreamWriter(socket.getOutputStream(), getControlEncoding()));
}
private void connect() throws IOException {
Socket tmp = null;
try {
tmp = socketFactory.createSocket();
tmp.setTcpNoDelay(tcpNoDelay);
if (sendBuffer > 0) tmp.setSendBufferSize(sendBuffer);
tmp.bind(bindaddr);
if (tmp instanceof SSLSocket) {
SSLSocket sslsock = (SSLSocket) tmp;
sslsock.setEnabledProtocols(new String[] {tlsProtocol});
sslsock.setEnabledCipherSuites(tlsCiphers);
}
tmp.connect(addr, tcpConnectTimeout);
if (tmp instanceof SSLSocket) {
SSLSocket sslsock = (SSLSocket) tmp;
sslsock.startHandshake();
}
sockout = new BufferedOutputStream(tmp.getOutputStream());
sock = tmp;
tmp = null;
} finally {
if (tmp != null)
try {
tmp.close();
} catch (Exception ignore) {
}
}
}
/**
* Returns a socket of the data connection. Wrapped as an {@link SSLSocket}, which carries out
* handshake processing.
*
* @param command The textual representation of the FTP command to send.
* @param arg The arguments to the FTP command. If this parameter is set to null, then the command
* is sent with no arguments.
* @return corresponding to the established data connection. Null is returned if an FTP protocol
* error is reported at any point during the establishment and initialization of the
* connection.
* @throws IOException If there is any problem with the connection.
* @see FTPClient#_openDataConnection_(int, String)
* @since 3.2
*/
@Override
protected Socket _openDataConnection_(String command, String arg) throws IOException {
Socket socket = super._openDataConnection_(command, arg);
_prepareDataSocket_(socket);
if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket;
sslSocket.setUseClientMode(isClientMode);
sslSocket.setEnableSessionCreation(isCreation);
// server mode
if (!isClientMode) {
sslSocket.setNeedClientAuth(isNeedClientAuth);
sslSocket.setWantClientAuth(isWantClientAuth);
}
if (suites != null) {
sslSocket.setEnabledCipherSuites(suites);
}
if (protocols != null) {
sslSocket.setEnabledProtocols(protocols);
}
sslSocket.startHandshake();
}
return socket;
}
public NetworkThread(String server, String channel, int port) {
try {
this.channel = channel;
if (Settings.ssl) {
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
socket = (SSLSocket) sslsocketfactory.createSocket();
List<String> limited = new LinkedList<String>();
for (String suite : ((SSLSocket) socket).getEnabledCipherSuites()) {
if (!suite.contains("_DHE_")) {
limited.add(suite);
}
}
((SSLSocket) socket).setEnabledCipherSuites(limited.toArray(new String[limited.size()]));
socket.connect(new InetSocketAddress(server, port));
} else {
socket = new Socket(server, port);
}
writer = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
reader = new BufferedReader(new InputStreamReader(socket.getInputStream()));
uc = new Utilities();
line = null;
} catch (Exception e) {
e.printStackTrace();
}
}
public Socket createSocket(String host, int port) throws IOException {
Socket s = this.factory.createSocket(host, port);
if (s instanceof SSLSocket) {
SSLSocket ssl = (SSLSocket) s;
ssl.setEnabledCipherSuites(this.getNoAuthCiperSuites(ssl.getSupportedCipherSuites()));
}
return s;
}
private static void hardenSocket(SSLSocket sock) {
if (ENABLED_CIPHERS != null) {
sock.setEnabledCipherSuites(ENABLED_CIPHERS);
}
if (ENABLED_PROTOCOLS != null) {
sock.setEnabledProtocols(ENABLED_PROTOCOLS);
}
}
public Socket createSocket(
InetAddress address, int port, InetAddress clientAddress, int clientPort) throws IOException {
Socket s = this.factory.createSocket(address, port, clientAddress, clientPort);
if (s instanceof SSLSocket) {
SSLSocket ssl = (SSLSocket) s;
ssl.setEnabledCipherSuites(this.getNoAuthCiperSuites(ssl.getSupportedCipherSuites()));
}
return s;
}
/** Applies this spec to {@code sslSocket}. */
void apply(SSLSocket sslSocket, boolean isFallback) {
ConnectionSpec specToApply = supportedSpec(sslSocket, isFallback);
if (specToApply.tlsVersions != null) {
sslSocket.setEnabledProtocols(specToApply.tlsVersions);
}
if (specToApply.cipherSuites != null) {
sslSocket.setEnabledCipherSuites(specToApply.cipherSuites);
}
}
public void afterConnect() throws IOException, UnknownHostException {
if (!isCachedConnection()) {
SSLSocket s = null;
SSLSocketFactory factory;
factory = sslSocketFactory;
try {
if (!(serverSocket instanceof SSLSocket)) {
s = (SSLSocket) factory.createSocket(serverSocket, host, port, true);
} else {
s = (SSLSocket) serverSocket;
}
} catch (IOException ex) {
// If we fail to connect through the tunnel, try it
// locally, as a last resort. If this doesn't work,
// throw the original exception.
try {
s = (SSLSocket) factory.createSocket(host, port);
} catch (IOException ignored) {
throw ex;
}
}
SSLSocketFactoryImpl.checkCreate(s);
//
// Force handshaking, so that we get any authentication.
// Register a handshake callback so our session state tracks any
// later session renegotiations.
//
String[] protocols = getProtocols();
String[] ciphers = getCipherSuites();
if (protocols != null) s.setEnabledProtocols(protocols);
if (ciphers != null) s.setEnabledCipherSuites(ciphers);
s.addHandshakeCompletedListener(this);
s.startHandshake();
session = s.getSession();
// change the serverSocket and serverOutput
serverSocket = s;
try {
serverOutput =
new PrintStream(
new BufferedOutputStream(serverSocket.getOutputStream()), false, encoding);
} catch (UnsupportedEncodingException e) {
throw new InternalError(encoding + " encoding not found");
}
// check URL spoofing
checkURLSpoofing(hv);
} else {
// if we are reusing a cached https session,
// we don't need to do handshaking etc. But we do need to
// set the ssl session
session = ((SSLSocket) serverSocket).getSession();
}
}
/**
* Creates the ssl collection
*
* @param ip - ip of the server
* @return
*/
private static SSLSocket handshake(String ip) {
try {
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(ip, 9996);
String[] enabledCipherSuites = {"SSL_DH_anon_WITH_RC4_128_MD5"};
sslsocket.setEnabledCipherSuites(enabledCipherSuites);
return sslsocket;
} catch (Exception exception) {
exception.printStackTrace();
return null;
}
}
@Override
public void handshake(Socket sock) throws IOException {
// We do getSession instead of startHandshake() so we can call this multiple times
SSLSession session = ((SSLSocket) sock).getSession();
if (session.getCipherSuite().equals("SSL_NULL_WITH_NULL_NULL"))
throw new IOException(
"SSL handshake failed. Ciper suite in SSL Session is SSL_NULL_WITH_NULL_NULL");
if (!allowUnsafeLegacyRenegotiation && !rfc5746Supported) {
// Prevent further handshakes by removing all cipher suites
((SSLSocket) sock).setEnabledCipherSuites(new String[0]);
}
}
// Server loop
private static void serverLoop() throws Exception {
// Check if client is connected
if (hidOut == null && !busy) {
// Busy
busy = true;
// Notify
// System.out.println("Awaiting HID client...");
// No client is connected - accept connection
SSLSocket client = (SSLSocket) server.accept();
// Require auth
// client.setNeedClientAuth(true);
// Enable ciphers
client.setEnabledCipherSuites(client.getEnabledCipherSuites());
// Add a handshake listener
client.addHandshakeCompletedListener(
new HandshakeCompletedListener() {
@Override
public void handshakeCompleted(HandshakeCompletedEvent event) {
handleClient(event);
}
});
// Start handshake
client.startHandshake();
} else {
// Check client status
try {
// System.out.print("Checking HID client status...");
if (!connected) {
// System.out.println(Color.YELLOW + " Connecting..." +
// Color.RESET);
return;
}
// Send a ping to the client
hidOut.write(0x01);
// System.out.println(Color.GREEN + " Connected!" + Color.RESET);
Thread.sleep(1000);
} catch (Exception e) {
// System.out.println(Color.RED + " Not Connected!" + Color.RESET);
// Reset variables
hidClient = null;
hidOut = null;
busy = false;
connected = false;
// Reset display
Display.readyMessage = Display.defaultReadyMessage;
Display.ready();
// Notify
System.out.println(Color.BLUE + "NOTICE: " + Color.RESET + "HID client has disconnected");
}
}
}
/* */ public Socket createSocket(String paramString, int paramInt)
/* */ throws IOException
/* */ {
/* 117 */ SocketFactory localSocketFactory = getDefaultClientSocketFactory();
/* */
/* 120 */ SSLSocket localSSLSocket =
(SSLSocket) localSocketFactory.createSocket(paramString, paramInt);
/* */
/* 124 */ String str = System.getProperty("javax.rmi.ssl.client.enabledCipherSuites");
/* */
/* 126 */ if (str != null) {
/* 127 */ localObject = new StringTokenizer(str, ",");
/* 128 */ int i = ((StringTokenizer) localObject).countTokens();
/* 129 */ String[] arrayOfString1 = new String[i];
/* 130 */ for (int k = 0; k < i; k++)
/* 131 */ arrayOfString1[k] = ((StringTokenizer) localObject).nextToken();
/* */ try
/* */ {
/* 134 */ localSSLSocket.setEnabledCipherSuites(arrayOfString1);
/* */ } catch (IllegalArgumentException localIllegalArgumentException1) {
/* 136 */ throw ((IOException)
new IOException(localIllegalArgumentException1.getMessage())
.initCause(localIllegalArgumentException1));
/* */ }
/* */
/* */ }
/* */
/* 142 */ Object localObject = System.getProperty("javax.rmi.ssl.client.enabledProtocols");
/* */
/* 144 */ if (localObject != null) {
/* 145 */ StringTokenizer localStringTokenizer =
new StringTokenizer((String) localObject, ",");
/* 146 */ int j = localStringTokenizer.countTokens();
/* 147 */ String[] arrayOfString2 = new String[j];
/* 148 */ for (int m = 0; m < j; m++)
/* 149 */ arrayOfString2[m] = localStringTokenizer.nextToken();
/* */ try
/* */ {
/* 152 */ localSSLSocket.setEnabledProtocols(arrayOfString2);
/* */ } catch (IllegalArgumentException localIllegalArgumentException2) {
/* 154 */ throw ((IOException)
new IOException(localIllegalArgumentException2.getMessage())
.initCause(localIllegalArgumentException2));
/* */ }
/* */
/* */ }
/* */
/* 160 */ return localSSLSocket;
/* */ }
public static void main(String[] args) throws Exception {
try {
Class.forName("javax.security.auth.kerberos.KerberosPrincipal");
System.out.println("Kerberos is present, nothing to test");
return;
} catch (ClassNotFoundException okay) {
}
// test SSLSocket
try (Socket s = SSLSocketFactory.getDefault().createSocket()) {
SSLSocket sslSocket = (SSLSocket) s;
checkNotSupported(sslSocket.getSupportedCipherSuites());
// attempt to enable each of the Kerberos cipher suites
for (String kcs : KERBEROS_CIPHER_SUITES) {
String[] suites = {kcs};
try {
sslSocket.setEnabledCipherSuites(suites);
throw new RuntimeException(
"SSLSocket.setEnabledCipherSuitessuites allowed "
+ kcs
+ " but Kerberos not supported");
} catch (IllegalArgumentException expected) {
}
}
}
// test SSLServerSocket
try (ServerSocket ss = SSLServerSocketFactory.getDefault().createServerSocket()) {
SSLServerSocket sslSocket = (SSLServerSocket) ss;
checkNotSupported(sslSocket.getSupportedCipherSuites());
// attempt to enable each of the Kerberos cipher suites
for (String kcs : KERBEROS_CIPHER_SUITES) {
String[] suites = {kcs};
try {
sslSocket.setEnabledCipherSuites(suites);
throw new RuntimeException(
"SSLSocket.setEnabledCipherSuitessuites allowed "
+ kcs
+ " but Kerberos not supported");
} catch (IllegalArgumentException expected) {
}
}
}
}
public SSLSocket clientNoHandshake(String hostName, int hostPort, boolean useClientCert)
throws IOException {
SSLSocket socket = null;
// SSL Strong Cipher Hack
// SSL Strong Cipher Hack
if (useClientCert) {
socket = (SSLSocket) clientSSLSockCertFactory.createSocket(hostName, hostPort);
} else {
socket = (SSLSocket) clientSSLSockFactory.createSocket(hostName, hostPort);
}
socket.setEnabledProtocols(new String[] {"SSLv3"});
socket.setEnabledCipherSuites(new String[] {"SSL_RSA_WITH_DES_CBC_SHA"});
return socket;
}
@Override
public void execute(String commandString, Session sess) throws IOException {
if (!commandString.trim().toUpperCase().equals(this.getName())) {
sess.sendResponse("501 Syntax error (no parameters allowed)");
return;
}
try {
Socket socket = sess.getSocket();
if (socket instanceof SSLSocket) {
sess.sendResponse("454 TLS not available due to temporary reason: TLS already active");
return;
}
sess.sendResponse("220 Ready to start TLS");
InetSocketAddress remoteAddress = (InetSocketAddress) socket.getRemoteSocketAddress();
SSLSocketFactory sf = ((SSLSocketFactory) SSLSocketFactory.getDefault());
SSLSocket s =
(SSLSocket)
(sf.createSocket(socket, remoteAddress.getHostName(), socket.getPort(), true));
// we are a server
s.setUseClientMode(false);
// allow all supported cipher suites
s.setEnabledCipherSuites(s.getSupportedCipherSuites());
s.startHandshake();
sess.setSocket(s);
sess.resetMessageState(); // clean slate
} catch (SSLHandshakeException ex) {
// "no cipher suites in common" is common and puts a lot of crap in the logs.
// This will at least limit it to a single WARN line and not a whole stacktrace.
// Unfortunately it might catch some other types of SSLHandshakeException (if
// in fact other types exist), but oh well.
log.warn("startTLS() failed: " + ex);
} catch (IOException ex) {
log.warn("startTLS() failed: " + ex.getMessage(), ex);
}
}
public void supportTlsIntolerantServer(SSLSocket socket) {
String fallbackScsv = "TLS_FALLBACK_SCSV";
boolean socketSupportsFallbackScsv = false;
String[] supportedCipherSuites = socket.getSupportedCipherSuites();
for (int i = supportedCipherSuites.length - 1; i >= 0; i--) {
if ("TLS_FALLBACK_SCSV".equals(supportedCipherSuites[i])) {
socketSupportsFallbackScsv = true;
break;
}
}
if (socketSupportsFallbackScsv) {
String[] enabledCipherSuites = socket.getEnabledCipherSuites();
String[] newEnabledCipherSuites = new String[(enabledCipherSuites.length + 1)];
System.arraycopy(
enabledCipherSuites, 0, newEnabledCipherSuites, 0, enabledCipherSuites.length);
newEnabledCipherSuites[newEnabledCipherSuites.length - 1] = "TLS_FALLBACK_SCSV";
socket.setEnabledCipherSuites(newEnabledCipherSuites);
}
socket.setEnabledProtocols(new String[] {"SSLv3"});
}
@Test
public void tls_defaultCiphers_withFallbackIndicator() throws Exception {
ConnectionSpec tlsSpec =
new ConnectionSpec.Builder(true)
.tlsVersions(TlsVersion.TLS_1_2)
.supportsTlsExtensions(false)
.build();
SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
socket.setEnabledCipherSuites(
new String[] {
CipherSuite.TLS_RSA_WITH_RC4_128_MD5.javaName,
CipherSuite.TLS_RSA_WITH_RC4_128_SHA.javaName,
});
socket.setEnabledProtocols(
new String[] {
TlsVersion.TLS_1_2.javaName, TlsVersion.TLS_1_1.javaName,
});
Route route =
new Route(
HTTPS_ADDRESS,
PROXY,
INET_SOCKET_ADDRESS,
tlsSpec,
true /* shouldSendTlsFallbackIndicator */);
tlsSpec.apply(socket, route);
assertEquals(createSet(TlsVersion.TLS_1_2.javaName), createSet(socket.getEnabledProtocols()));
Set<String> expectedCipherSet =
createSet(
CipherSuite.TLS_RSA_WITH_RC4_128_MD5.javaName,
CipherSuite.TLS_RSA_WITH_RC4_128_SHA.javaName);
if (Arrays.asList(socket.getSupportedCipherSuites()).contains("TLS_FALLBACK_SCSV")) {
expectedCipherSet.add("TLS_FALLBACK_SCSV");
}
assertEquals(expectedCipherSet, expectedCipherSet);
}
/**
* Discover if the desired service is available at a specified host.
*
* @param serviceProvider address of the service provider.
* @throws FederationServiceDiscoveryFailed if the required service is unavailable on the
* specified host
* @return an valid instance of FederationRequest that can be consumed by a valid instance of this
* calss
*/
@Override
public FederationRequest discover(InetAddress serviceProvider)
throws FederationServiceDiscoveryFailed {
try {
// first establish a connection
int port = FederationService.getInstance().getFederatingPort();
Socket sock = new Socket(serviceProvider, port);
SSLSocketFactory sockFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket federatingSocket =
(SSLSocket) sockFactory.createSocket(sock, serviceProvider.getHostAddress(), port, true);
SSLServerSocketFactory serverFactory =
(SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
federatingSocket.setEnabledCipherSuites(serverFactory.getSupportedCipherSuites());
// next check if the required service is provided
BufferedWriter writer =
new BufferedWriter(new OutputStreamWriter(federatingSocket.getOutputStream()));
BufferedReader reader =
new BufferedReader(new InputStreamReader(federatingSocket.getInputStream()));
writer.write(FederationRequestType.VOICE_TALK.toString() + '\n');
writer.flush();
String responce = reader.readLine();
if (FederationServiceMessageCodes.valueOf(responce)
!= FederationServiceMessageCodes.SERVICE_AVAILABLE) {
throw new IOException("Unexpected responce: " + responce);
} // end if
// form the federation request object and send the stuff, if the
// required service is found
return new FederationRequest(
federatingSocket, reader, writer, FederationRequestType.VOICE_TALK);
} catch (IOException ioe) {
throw new FederationServiceDiscoveryFailed("Error while discovery: " + ioe.toString());
} // end of try .. catch block
}
/**
* Prepares a TLS/SSL connection socket by: - setting reasonable TLS protocol versions - setting
* reasonable cipher suites (if required)
*
* @param socket unconnected SSLSocket to prepare
*/
private void setTlsParameters(SSLSocket socket) {
// Android 5.0+ (API level21) provides reasonable default settings
// but it still allows SSLv3
// https://developer.android.com/about/versions/android-5.0-changes.html#ssl
/* set reasonable protocol versions */
// - enable all supported protocols (enables TLSv1.1 and TLSv1.2 on Android <5.0)
// - remove all SSL versions (especially SSLv3) because they're insecure now
final List<String> protocols = new LinkedList<String>();
for (String protocol : socket.getSupportedProtocols()) {
if (!protocol.toUpperCase().contains("SSL")) {
protocols.add(protocol);
}
}
Log.v(TAG, "Setting allowed TLS protocols: " + TextUtils.join(", ", protocols));
socket.setEnabledProtocols(protocols.toArray(new String[protocols.size()]));
/* set reasonable cipher suites */
if (Build.VERSION.SDK_INT < VERSION_CODES_LOLLIPOP) {
// choose secure cipher suites
final List<String> availableCiphers = Arrays.asList(socket.getSupportedCipherSuites());
// preferred ciphers = allowed Ciphers \ availableCiphers
final Set<String> preferredCiphers = new HashSet<String>(ALLOWED_CIPHERS);
preferredCiphers.retainAll(availableCiphers);
// add enabled ciphers to preferred ciphers
// for maximum security, preferred ciphers should *replace* enabled ciphers,
// but for the security level of ACRA, disabling of insecure
// ciphers should be a server-side task
preferredCiphers.addAll(Arrays.asList(socket.getEnabledCipherSuites()));
Log.v(TAG, "Setting allowed TLS ciphers: " + TextUtils.join(", ", preferredCiphers));
socket.setEnabledCipherSuites(preferredCiphers.toArray(new String[preferredCiphers.size()]));
}
}
/**
* Create an SSL socket at the specified host and port.
*
* @param the host
* @param the port
* @return the socket.
*/
private Socket createSSLSocket(String host, int port) throws IOException {
SSLSocket socket = null;
SSLSocketFactory factory = null;
try {
// get socketfactory+sanity check
// clientSslInfo is never null
factory = clientSslInfo.getContext().getSocketFactory();
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Creating SSL Socket for host:" + host + " port:" + port);
}
String[] ssl3TlsCiphers = clientSslInfo.getSsl3TlsCiphers();
String[] ssl2Ciphers = clientSslInfo.getSsl2Ciphers();
String[] clientCiphers = null;
if (ssl3TlsCiphers != null || ssl2Ciphers != null) {
String[] socketCiphers = factory.getDefaultCipherSuites();
clientCiphers = mergeCiphers(socketCiphers, ssl3TlsCiphers, ssl2Ciphers);
}
socket = (SSLSocket) factory.createSocket(host, port);
if (clientCiphers != null) {
socket.setEnabledCipherSuites(clientCiphers);
}
} catch (Exception e) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(
Level.FINE, "iiop.createsocket_exception", new Object[] {host, String.valueOf(port)});
_logger.log(Level.FINE, "", e);
}
IOException e2 =
new IOException("Error opening SSL socket to host=" + host + " port=" + port);
e2.initCause(e);
throw e2;
}
return socket;
}
/**
* SSL/TLS negotiation. Acquires an SSL socket of a connection and carries out handshake
* processing.
*
* @throws java.io.IOException If server negotiation fails.
*/
private void performSSLNegotiation() throws IOException {
initSSLContext();
SSLSocketFactory ssf = context.getSocketFactory();
String ip = getRemoteAddress().getHostAddress();
int port = getRemotePort();
SSLSocket socket = (SSLSocket) ssf.createSocket(_socket_, ip, port, true);
socket.setEnableSessionCreation(true);
socket.setUseClientMode(true);
if (protocols != null) {
socket.setEnabledProtocols(protocols);
}
if (suites != null) {
socket.setEnabledCipherSuites(suites);
}
socket.startHandshake();
_socket_ = socket;
_input_ = socket.getInputStream();
_output_ = socket.getOutputStream();
_reader = new CRLFLineReader(new InputStreamReader(_input_, encoding));
_writer = new BufferedWriter(new OutputStreamWriter(_output_, encoding));
}
/** @return {@link DefaultHttpClient} instance. */
private HttpClient createHttpClient(CouchDbProperties props) {
DefaultHttpClient httpclient = null;
try {
SchemeSocketFactory ssf = null;
if (props.getProtocol().equals("https")) {
TrustManager trustManager =
new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {}
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
SSLContext sslcontext = SSLContext.getInstance("TLS");
sslcontext.init(null, new TrustManager[] {trustManager}, null);
ssf = new SSLSocketFactory(sslcontext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
SSLSocket socket = (SSLSocket) ssf.createSocket(null);
socket.setEnabledCipherSuites(new String[] {"SSL_RSA_WITH_RC4_128_MD5"});
} else {
ssf = PlainSocketFactory.getSocketFactory();
}
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme(props.getProtocol(), props.getPort(), ssf));
PoolingClientConnectionManager ccm = new PoolingClientConnectionManager(schemeRegistry);
httpclient = new DefaultHttpClient(ccm);
host = new HttpHost(props.getHost(), props.getPort(), props.getProtocol());
context = new BasicHttpContext();
// Http params
httpclient.getParams().setParameter(CoreProtocolPNames.HTTP_CONTENT_CHARSET, "UTF-8");
httpclient
.getParams()
.setParameter(CoreConnectionPNames.SO_TIMEOUT, props.getSocketTimeout());
httpclient
.getParams()
.setParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, props.getConnectionTimeout());
int maxConnections = props.getMaxConnections();
if (maxConnections != 0) {
ccm.setMaxTotal(maxConnections);
ccm.setDefaultMaxPerRoute(maxConnections);
}
if (props.getProxyHost() != null) {
HttpHost proxy = new HttpHost(props.getProxyHost(), props.getProxyPort());
httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);
}
// basic authentication
if (props.getUsername() != null && props.getPassword() != null) {
httpclient
.getCredentialsProvider()
.setCredentials(
new AuthScope(props.getHost(), props.getPort()),
new UsernamePasswordCredentials(props.getUsername(), props.getPassword()));
props.clearPassword();
AuthCache authCache = new BasicAuthCache();
BasicScheme basicAuth = new BasicScheme();
authCache.put(host, basicAuth);
context.setAttribute(ClientContext.AUTH_CACHE, authCache);
}
// request interceptor
httpclient.addRequestInterceptor(
new HttpRequestInterceptor() {
public void process(final HttpRequest request, final HttpContext context)
throws IOException {
if (log.isInfoEnabled()) {
RequestLine requestLine = request.getRequestLine();
try {
log.info(
">> "
+ (new StringBuilder())
.append(">> ")
.append(requestLine.getMethod())
.append(" ")
.append(urlCodec.decode(requestLine.getUri()))
.toString());
} catch (DecoderException e) {
log.error(e, e);
}
}
}
});
// response interceptor
httpclient.addResponseInterceptor(
new HttpResponseInterceptor() {
public void process(final HttpResponse response, final HttpContext context)
throws IOException {
validate(response);
if (log.isInfoEnabled())
log.info("<< Status: " + response.getStatusLine().getStatusCode());
}
});
} catch (Exception e) {
log.error("Error Creating HTTP client. " + e.getMessage());
throw new IllegalStateException(e);
}
return httpclient;
}
public void setEnabledCipherSuites(final String[] suites) {
delegate.setEnabledCipherSuites(suites);
}
