public boolean connect(int fd, boolean sslVerifyPeer, String hostname) {
try {
Logger.I(TAG, "SSL connect to " + hostname);
RhoSockAddr remote = getRemoteSockAddr(fd);
Socket s = new RhoSocket(fd, remote);
SSLSocketFactory f = getFactory(sslVerifyPeer);
StringTokenizer st = new StringTokenizer(hostname, ":");
String host = st.nextToken();
SSLSocket aSock = (SSLSocket) f.createSocket(s, host, remote.port, true);
aSock.setUseClientMode(true);
synchronized (this) {
sock = aSock;
os = sock.getOutputStream();
is = sock.getInputStream();
sockfd = fd;
}
return true;
} catch (Exception e) {
reportFail("connect", e);
e.printStackTrace();
return false;
}
}
private Socket getSocket(String hostName, int port, boolean useSsl) throws IOException {
if (useSsl) {
try {
TrustManager[] trustAllCerts =
new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {}
}
};
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
SSLSocketFactory factory = sc.getSocketFactory();
SSLSocket sslSocket = (SSLSocket) factory.createSocket(hostName, port);
sslSocket.setUseClientMode(true);
return sslSocket;
} catch (Exception e) {
log.error("Could not create SSL Connection", e);
}
return null;
} else {
return new Socket(hostName, port);
}
}
/**
* SSL/TLS negotiation. Acquires an SSL socket of a control connection and carries out handshake
* processing.
*
* @throws IOException If server negotiation fails
*/
protected void sslNegotiation() throws IOException {
plainSocket = _socket_;
initSslContext();
SSLSocketFactory ssf = context.getSocketFactory();
String ip = _socket_.getInetAddress().getHostAddress();
int port = _socket_.getPort();
SSLSocket socket = (SSLSocket) ssf.createSocket(_socket_, ip, port, false);
socket.setEnableSessionCreation(isCreation);
socket.setUseClientMode(isClientMode);
// server mode
if (!isClientMode) {
socket.setNeedClientAuth(isNeedClientAuth);
socket.setWantClientAuth(isWantClientAuth);
}
if (protocols != null) {
socket.setEnabledProtocols(protocols);
}
if (suites != null) {
socket.setEnabledCipherSuites(suites);
}
socket.startHandshake();
_socket_ = socket;
_controlInput_ =
new BufferedReader(new InputStreamReader(socket.getInputStream(), getControlEncoding()));
_controlOutput_ =
new BufferedWriter(new OutputStreamWriter(socket.getOutputStream(), getControlEncoding()));
}
/**
* Returns a socket of the data connection. Wrapped as an {@link SSLSocket}, which carries out
* handshake processing.
*
* @param command The textual representation of the FTP command to send.
* @param arg The arguments to the FTP command. If this parameter is set to null, then the command
* is sent with no arguments.
* @return corresponding to the established data connection. Null is returned if an FTP protocol
* error is reported at any point during the establishment and initialization of the
* connection.
* @throws IOException If there is any problem with the connection.
* @see FTPClient#_openDataConnection_(int, String)
* @since 3.2
*/
@Override
protected Socket _openDataConnection_(String command, String arg) throws IOException {
Socket socket = super._openDataConnection_(command, arg);
_prepareDataSocket_(socket);
if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket;
sslSocket.setUseClientMode(isClientMode);
sslSocket.setEnableSessionCreation(isCreation);
// server mode
if (!isClientMode) {
sslSocket.setNeedClientAuth(isNeedClientAuth);
sslSocket.setWantClientAuth(isWantClientAuth);
}
if (suites != null) {
sslSocket.setEnabledCipherSuites(suites);
}
if (protocols != null) {
sslSocket.setEnabledProtocols(protocols);
}
sslSocket.startHandshake();
}
return socket;
}
/**
* Generates an SSL-enabled socket.
*
* @return the new socket
* @throws GeneralSecurityException on error building the socket
* @throws IOException on error loading the KeyStore
*/
private SSLSocket getSslSocket(RemoteDevice target)
throws GeneralSecurityException, IOException {
// Build a new key store based on the key store manager.
KeyManager[] keyManagers = coreService.getKeyStoreManager().getKeyManagers();
TrustManager[] trustManagers = coreService.getKeyStoreManager().getTrustManagers();
if (keyManagers.length == 0) {
throw new IllegalStateException("No key managers");
}
// Create a new SSLContext, using the new KeyManagers and TrustManagers
// as the sources of keys and trust decisions, respectively.
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, null);
// Finally, build a new SSLSocketFactory from the SSLContext, and
// then generate a new SSLSocket from it.
SSLSocketFactory factory = sslContext.getSocketFactory();
SSLSocket sock = (SSLSocket) factory.createSocket();
sock.setNeedClientAuth(true);
sock.setUseClientMode(true);
sock.setKeepAlive(true);
sock.setTcpNoDelay(true);
InetSocketAddress fullAddr = new InetSocketAddress(target.getAddress(), target.getPort());
sock.connect(fullAddr, SOCKET_CREATION_TIMEOUT_MS);
sock.startHandshake();
return sock;
}
public Socket createSocket(String host, int port) throws IOException {
Socket s = this.factory.createSocket(host, port);
if (s instanceof SSLSocket) {
SSLSocket ssl = (SSLSocket) s;
ssl.setUseClientMode(false); // client offers to authenticate itself
ssl.setNeedClientAuth(true);
}
return s;
}
public Socket createSocket(
InetAddress address, int port, InetAddress clientAddress, int clientPort) throws IOException {
Socket s = this.factory.createSocket(address, port, clientAddress, clientPort);
if (s instanceof SSLSocket) {
SSLSocket ssl = (SSLSocket) s;
ssl.setUseClientMode(false); // client offers to authenticate itself
ssl.setNeedClientAuth(true);
}
return s;
}
/** Creates a new TlsSocket */
public TlsSocket createTlsSocket(String host, int port)
throws
java.io
.IOException { // SSLSocket ssl_socket=(SSLSocket)ssl_factory.createSocket(host,port);
// return new TlsSocket(ssl_socket);
SSLSocket ssl_socket = (SSLSocket) ssl_factory.createSocket();
if (!client_mode) ssl_socket.setUseClientMode(false);
if (enabled_protocols != null) ssl_socket.setEnabledProtocols(enabled_protocols);
ssl_socket.connect(new java.net.InetSocketAddress(host, port));
return new TlsSocket(ssl_socket);
}
/**
* Create a SSLsocket using an existing connected socket. It can be used such as a tunneled SSL
* proxy socket (eg when a CONNECT request is received). This SSLSocket will start server side
* handshake immediately.
*
* @param targethost the host where you want to connect to
* @param socket
* @return
* @throws IOException
*/
public Socket createTunnelServerSocket(String targethost, Socket socket) throws IOException {
// ZAP: added host name parameter
SSLSocket s =
(SSLSocket)
getTunnelSSLSocketFactory(targethost)
.createSocket(
socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true);
s.setUseClientMode(false);
s.startHandshake();
return s;
}
public static SSLSocket wrapSocket(Socket socket) throws Exception {
// ssl socket factory
SSLSocketFactory sslSocketFactory = sslContext().getSocketFactory();
// ssl socket
SSLSocket sslSocket =
(SSLSocket)
sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true);
sslSocket.setUseClientMode(true);
sslSocket.startHandshake();
return sslSocket;
}
public boolean connect(int fd, boolean sslVerifyPeer) {
try {
sockfd = fd;
RhoSockAddr remote = getRemoteSockAddr(sockfd);
Socket s = new RhoSocket(sockfd, remote);
SSLSocketFactory f = getFactory(sslVerifyPeer);
sock = (SSLSocket) f.createSocket(s, remote.host.toString(), remote.port, true);
sock.setUseClientMode(true);
os = sock.getOutputStream();
is = sock.getInputStream();
return true;
} catch (Exception e) {
reportFail("connect", e);
e.printStackTrace();
return false;
}
}
private Socket secureConnect() throws IOException {
if (socket_factory == null) {
try {
SSLContext context = SSLContext.getInstance("TLS");
context.init(getKeyManagers(config.getCertFile(), config.getCertPhrase()), null, sec_rnd);
socket_factory = context.getSocketFactory();
} catch (GeneralSecurityException security_exception) {
throw new IOException("Failed to create SSL socket factory.");
} catch (IOException io_exception) {
throw new IOException("Failed to read APNS certificate.");
}
}
SSLSocket ssl_socket = null;
ssl_socket =
(SSLSocket)
socket_factory.createSocket(config.getHostname(service), config.getPort(service));
ssl_socket.setUseClientMode(true);
return ssl_socket;
}
@Override
public void execute(String commandString, Session sess) throws IOException {
if (!commandString.trim().toUpperCase().equals(this.getName())) {
sess.sendResponse("501 Syntax error (no parameters allowed)");
return;
}
try {
Socket socket = sess.getSocket();
if (socket instanceof SSLSocket) {
sess.sendResponse("454 TLS not available due to temporary reason: TLS already active");
return;
}
sess.sendResponse("220 Ready to start TLS");
InetSocketAddress remoteAddress = (InetSocketAddress) socket.getRemoteSocketAddress();
SSLSocketFactory sf = ((SSLSocketFactory) SSLSocketFactory.getDefault());
SSLSocket s =
(SSLSocket)
(sf.createSocket(socket, remoteAddress.getHostName(), socket.getPort(), true));
// we are a server
s.setUseClientMode(false);
// allow all supported cipher suites
s.setEnabledCipherSuites(s.getSupportedCipherSuites());
s.startHandshake();
sess.setSocket(s);
sess.resetMessageState(); // clean slate
} catch (SSLHandshakeException ex) {
// "no cipher suites in common" is common and puts a lot of crap in the logs.
// This will at least limit it to a single WARN line and not a whole stacktrace.
// Unfortunately it might catch some other types of SSLHandshakeException (if
// in fact other types exist), but oh well.
log.warn("startTLS() failed: " + ex);
} catch (IOException ex) {
log.warn("startTLS() failed: " + ex.getMessage(), ex);
}
}
public static TcpSocket makeTls(TcpSocket upgrade) {
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, null, null);
// get SSL factory because Java loves factories!
SSLSocketFactory factory = sslContext.getSocketFactory();
// create new SSL socket
SSLSocket socket;
if (upgrade == null) {
socket = (SSLSocket) factory.createSocket();
}
// upgrade an existing socket
else {
socket =
(SSLSocket)
factory.createSocket(
upgrade.peer.socket,
upgrade.peer.socket.getInetAddress().getHostAddress(),
upgrade.peer.socket.getPort(),
false);
socket.setUseClientMode(true);
socket.startHandshake();
}
// create the new TcpSocket instance
TcpSocket self = new TcpSocket();
self.peer = new TcpSocketPeer(socket);
// if upgrade, then initialize socket as already connected
if (upgrade != null) self.peer.connected(self);
return self;
} catch (Exception e) {
throw IOErr.make(e);
}
}
public boolean connect() throws IOException, NoSuchAlgorithmException, KeyManagementException {
// try{
// Connect
if (socket == null || socket.isClosed() || !socket.isConnected()) {
if (socket != null && !socket.isClosed()) socket.close();
if (sslContext == null) {
sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, tm, new java.security.SecureRandom());
}
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
socket = (SSLSocket) socketFactory.createSocket(host, 443);
socket.setSoTimeout(0);
socket.setUseClientMode(true);
connected = true;
Log.i(getClass().toString(), "Connected.");
}
// Secure
if (connected) {
Log.i(getClass().toString(), "Securing...");
SSLSession session = socket.getSession();
secured = session.isValid();
if (secured) {
Log.i(getClass().toString(), "Secured.");
output = new BufferedOutputStream(socket.getOutputStream());
} else {
Log.i(getClass().toString(), "Securing failed.");
}
}
return connected;
}
/**
* SSL/TLS negotiation. Acquires an SSL socket of a connection and carries out handshake
* processing.
*
* @throws java.io.IOException If server negotiation fails.
*/
private void performSSLNegotiation() throws IOException {
initSSLContext();
SSLSocketFactory ssf = context.getSocketFactory();
String ip = getRemoteAddress().getHostAddress();
int port = getRemotePort();
SSLSocket socket = (SSLSocket) ssf.createSocket(_socket_, ip, port, true);
socket.setEnableSessionCreation(true);
socket.setUseClientMode(true);
if (protocols != null) {
socket.setEnabledProtocols(protocols);
}
if (suites != null) {
socket.setEnabledCipherSuites(suites);
}
socket.startHandshake();
_socket_ = socket;
_input_ = socket.getInputStream();
_output_ = socket.getOutputStream();
_reader = new CRLFLineReader(new InputStreamReader(_input_, encoding));
_writer = new BufferedWriter(new OutputStreamWriter(_output_, encoding));
}
private void m(Context context) {
SSLSocket sslSocket = null;
try {
boolean connected = false;
if (sslSocket == null || sslSocket.isClosed() || !sslSocket.isConnected()) {
if (sslSocket != null && !sslSocket.isClosed()) {
sslSocket.close();
}
Log.i(getClass().toString(), "Connecting...");
// messages.getText().append("Connecting...");
final KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(context.getResources().openRawResource(R.raw.clientkey), null);
final KeyManagerFactory keyManager =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManager.init(keyStore, null);
// keyManager.init(null, null);
final TrustManagerFactory trustFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(keyStore);
sslContext = SSLContext.getInstance("TLS");
sslContext.init(
keyManager.getKeyManagers(), trustFactory.getTrustManagers(), new SecureRandom());
final SSLSocketFactory delegate = sslContext.getSocketFactory();
SocketFactory factory =
new SSLSocketFactory() {
@Override
public Socket createSocket(String host, int port)
throws IOException, UnknownHostException {
InetAddress addr = InetAddress.getByName(host);
injectHostname(addr, host);
return delegate.createSocket(addr, port);
}
@Override
public Socket createSocket(InetAddress host, int port) throws IOException {
return delegate.createSocket(host, port);
}
@Override
public Socket createSocket(
String host, int port, InetAddress localHost, int localPort)
throws IOException, UnknownHostException {
return delegate.createSocket(host, port, localHost, localPort);
}
@Override
public Socket createSocket(
InetAddress address, int port, InetAddress localAddress, int localPort)
throws IOException {
return delegate.createSocket(address, port, localAddress, localPort);
}
private void injectHostname(InetAddress address, String host) {
try {
Field field = InetAddress.class.getDeclaredField("hostName");
field.setAccessible(true);
field.set(address, host);
} catch (Exception ignored) {
}
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose)
throws IOException {
injectHostname(s.getInetAddress(), host);
return delegate.createSocket(s, host, port, autoClose);
}
@Override
public String[] getDefaultCipherSuites() {
return delegate.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return delegate.getSupportedCipherSuites();
}
};
sslSocket = (SSLSocket) factory.createSocket("195.248.169.76", 4445);
sslSocket.setSoTimeout(20000);
sslSocket.setUseClientMode(true);
connected = true;
Log.i(getClass().toString(), "Connected.");
// messages.getText().append("Connected.");
}
// Secure
if (connected) {
Log.i(getClass().toString(), "Securing...");
// messages.getText().append("Securing...");
SSLSession session = sslSocket.getSession();
boolean secured = session.isValid();
if (secured) {
Log.i(getClass().toString(), "Secured.");
// messages.getText().append("Secured.");
}
}
} catch (CertificateException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (UnknownHostException e) {
e.printStackTrace();
} catch (SocketException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
/** Enables the client mode and the client authentication */
protected SSLSocket enableClientAuth(SSLSocket sock) {
sock.setNeedClientAuth(true);
sock.setUseClientMode(true);
return sock;
}
private void testServerSendsConnectionClose(boolean chunked, String content) throws Exception {
ServerSocket server = new ServerSocket(0);
int port = server.getLocalPort();
startClient();
Request request = client.newRequest("localhost", port).scheme("https").path("/ctx/path");
FutureResponseListener listener = new FutureResponseListener(request);
request.send(listener);
Socket socket = server.accept();
SSLContext sslContext = client.getSslContextFactory().getSslContext();
SSLSocket sslSocket =
(SSLSocket) sslContext.getSocketFactory().createSocket(socket, "localhost", port, false);
sslSocket.setUseClientMode(false);
sslSocket.startHandshake();
InputStream input = sslSocket.getInputStream();
consumeRequest(input);
OutputStream output = sslSocket.getOutputStream();
String serverResponse = "" + "HTTP/1.1 200 OK\r\n" + "Connection: close\r\n";
if (chunked) {
serverResponse += "" + "Transfer-Encoding: chunked\r\n" + "\r\n";
for (int i = 0; i < 2; ++i) {
serverResponse += Integer.toHexString(content.length()) + "\r\n" + content + "\r\n";
}
serverResponse += "" + "0\r\n" + "\r\n";
} else {
serverResponse += "Content-Length: " + content.length() + "\r\n";
serverResponse += "\r\n";
serverResponse += content;
}
output.write(serverResponse.getBytes("UTF-8"));
output.flush();
switch (closeMode) {
case NONE:
{
break;
}
case CLOSE:
{
sslSocket.close();
break;
}
case ABRUPT:
{
socket.shutdownOutput();
break;
}
default:
{
throw new IllegalStateException();
}
}
ContentResponse response = listener.get(5, TimeUnit.SECONDS);
Assert.assertEquals(HttpStatus.OK_200, response.getStatus());
// Give some time to process the connection.
Thread.sleep(1000);
// Connection should have been removed from pool.
HttpDestinationOverHTTP destination =
(HttpDestinationOverHTTP) client.getDestination("http", "localhost", port);
DuplexConnectionPool connectionPool = (DuplexConnectionPool) destination.getConnectionPool();
Assert.assertEquals(0, connectionPool.getConnectionCount());
Assert.assertEquals(0, connectionPool.getIdleConnectionCount());
Assert.assertEquals(0, connectionPool.getActiveConnectionCount());
}
public void setUseClientMode(final boolean mode) {
delegate.setUseClientMode(mode);
}
public SSLSocket convertToSecureServerSocket(final Socket socket, final String domain)
throws Exception {
SSLSocket sslSocket = convertToSecureSocket(socket, domain);
sslSocket.setUseClientMode(false);
return sslSocket;
}
@Override
public Socket getSocket(String host, int port, Context context) throws Exception {
SSLSocket sslSocket = null;
boolean connected = false;
if (sslSocket == null || sslSocket.isClosed() || !sslSocket.isConnected()) {
if (sslSocket != null && !sslSocket.isClosed()) sslSocket.close();
Log.i(getClass().toString(), "Connecting...");
final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
// keyStore.load(context.getResources().openRawResource(R.raw.clientkey), ksPass);
keyStore.load(null, null);
//
final KeyManagerFactory keyManager =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManager.init(keyStore, null);
//
// final TrustManagerFactory trustFactory =
// TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
// final TrustManagerFactory trustFactory =
// TrustManagerFactory.getInstance("SunX509");
// trustFactory.init(keyStore);
// if (sslContext == null) {
// sslContext = SSLContext.getInstance("TLS");
// sslContext.init(keyManager.getKeyManagers(),
// trustFactory.getTrustManagers(), new SecureRandom());
// }
TrustManager tm =
new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {}
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[] {tm}, null);
// sslContext.init(keyManager.getKeyManagers(),
// trustFactory.getTrustManagers(), new SecureRandom());
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
sslSocket = (SSLSocket) socketFactory.createSocket(host, port);
sslSocket.setSoTimeout(20000);
sslSocket.setUseClientMode(true);
sslSocket.startHandshake();
connected = true;
Log.i(getClass().toString(), "Connected.");
}
return sslSocket;
// Secure
// if (connected) {
// Log.i(getClass().toString(), "Securing...");
// SSLSession session = sslSocket.getSession();
// secured = session.isValid();
// if (secured) {
// Log.i(getClass().toString(), "Secured.");
// }
// else
// Log.i(getClass().toString(), "Securing failed.");
// }
}
