/** * SSL/TLS negotiation. Acquires an SSL socket of a control connection and carries out handshake * processing. * * @throws IOException If server negotiation fails */ protected void sslNegotiation() throws IOException { plainSocket = _socket_; initSslContext(); SSLSocketFactory ssf = context.getSocketFactory(); String ip = _socket_.getInetAddress().getHostAddress(); int port = _socket_.getPort(); SSLSocket socket = (SSLSocket) ssf.createSocket(_socket_, ip, port, false); socket.setEnableSessionCreation(isCreation); socket.setUseClientMode(isClientMode); // server mode if (!isClientMode) { socket.setNeedClientAuth(isNeedClientAuth); socket.setWantClientAuth(isWantClientAuth); } if (protocols != null) { socket.setEnabledProtocols(protocols); } if (suites != null) { socket.setEnabledCipherSuites(suites); } socket.startHandshake(); _socket_ = socket; _controlInput_ = new BufferedReader(new InputStreamReader(socket.getInputStream(), getControlEncoding())); _controlOutput_ = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream(), getControlEncoding())); }
/** * Returns a socket of the data connection. Wrapped as an {@link SSLSocket}, which carries out * handshake processing. * * @param command The textual representation of the FTP command to send. * @param arg The arguments to the FTP command. If this parameter is set to null, then the command * is sent with no arguments. * @return corresponding to the established data connection. Null is returned if an FTP protocol * error is reported at any point during the establishment and initialization of the * connection. * @throws IOException If there is any problem with the connection. * @see FTPClient#_openDataConnection_(int, String) * @since 3.2 */ @Override protected Socket _openDataConnection_(String command, String arg) throws IOException { Socket socket = super._openDataConnection_(command, arg); _prepareDataSocket_(socket); if (socket instanceof SSLSocket) { SSLSocket sslSocket = (SSLSocket) socket; sslSocket.setUseClientMode(isClientMode); sslSocket.setEnableSessionCreation(isCreation); // server mode if (!isClientMode) { sslSocket.setNeedClientAuth(isNeedClientAuth); sslSocket.setWantClientAuth(isWantClientAuth); } if (suites != null) { sslSocket.setEnabledCipherSuites(suites); } if (protocols != null) { sslSocket.setEnabledProtocols(protocols); } sslSocket.startHandshake(); } return socket; }
/** * Generates an SSL-enabled socket. * * @return the new socket * @throws GeneralSecurityException on error building the socket * @throws IOException on error loading the KeyStore */ private SSLSocket getSslSocket(RemoteDevice target) throws GeneralSecurityException, IOException { // Build a new key store based on the key store manager. KeyManager[] keyManagers = coreService.getKeyStoreManager().getKeyManagers(); TrustManager[] trustManagers = coreService.getKeyStoreManager().getTrustManagers(); if (keyManagers.length == 0) { throw new IllegalStateException("No key managers"); } // Create a new SSLContext, using the new KeyManagers and TrustManagers // as the sources of keys and trust decisions, respectively. SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagers, trustManagers, null); // Finally, build a new SSLSocketFactory from the SSLContext, and // then generate a new SSLSocket from it. SSLSocketFactory factory = sslContext.getSocketFactory(); SSLSocket sock = (SSLSocket) factory.createSocket(); sock.setNeedClientAuth(true); sock.setUseClientMode(true); sock.setKeepAlive(true); sock.setTcpNoDelay(true); InetSocketAddress fullAddr = new InetSocketAddress(target.getAddress(), target.getPort()); sock.connect(fullAddr, SOCKET_CREATION_TIMEOUT_MS); sock.startHandshake(); return sock; }
public Socket createSocket(String host, int port) throws IOException { Socket s = this.factory.createSocket(host, port); if (s instanceof SSLSocket) { SSLSocket ssl = (SSLSocket) s; ssl.setUseClientMode(false); // client offers to authenticate itself ssl.setNeedClientAuth(true); } return s; }
public Socket createSocket( InetAddress address, int port, InetAddress clientAddress, int clientPort) throws IOException { Socket s = this.factory.createSocket(address, port, clientAddress, clientPort); if (s instanceof SSLSocket) { SSLSocket ssl = (SSLSocket) s; ssl.setUseClientMode(false); // client offers to authenticate itself ssl.setNeedClientAuth(true); } return s; }
public void handShake() throws IOException, RemoteException { try { if (ssl.getWantClientAuth()) { log.debug(sm.getString("jsseSupport.noCertWant")); } else { ssl.setNeedClientAuth(true); } if (ssl.getEnabledCipherSuites().length == 0) { // Handshake is never going to be successful. // Assume this is because handshakes are disabled log.warn(sm.getString("jsseSupport.serverRenegDisabled")); session.invalidate(); ssl.close(); return; } InputStream in = ssl.getInputStream(); int oldTimeout = ssl.getSoTimeout(); ssl.setSoTimeout(1000); byte[] b = new byte[1]; listener.reset(); ssl.startHandshake(); int maxTries = 60; // 60 * 1000 = example 1 minute time out for (int i = 0; i < maxTries; i++) { if (log.isTraceEnabled()) log.trace("Reading for try #" + i); try { int read = in.read(b); if (read > 0) { // Shouldn't happen as all input should have been swallowed // before trying to do the handshake. If it does, something // went wrong so lets bomb out now. throw new SSLException(sm.getString("jsseSupport.unexpectedData")); } } catch (SSLException sslex) { log.info(sm.getString("jsseSupport.clientCertError"), sslex); throw sslex; } catch (IOException e) { // ignore - presumably the timeout } if (listener.isCompleted()) { break; } } ssl.setSoTimeout(oldTimeout); if (listener.isCompleted() == false) { throw new SocketException("SSL Cert handshake timeout"); } } catch (Exception excp) { excp.printStackTrace(); } }
/** Enables the client mode and the client authentication */ protected SSLSocket enableClientAuth(SSLSocket sock) { sock.setNeedClientAuth(true); sock.setUseClientMode(true); return sock; }
public void setNeedClientAuth(final boolean need) { delegate.setNeedClientAuth(need); }