public SSLResult fingerprint() throws IOException, FingerprintError { SSLConfigCollector scc; scc = new SSLConfigCollector(host, port, si); scc.setCertValidator(cv); startDate = new Date(); sslSupport = SSLResult.UNKNOWN; // If a delay is set, wait some time, except for // the first request if (!initial && (delay > 0)) { if (Debug.get(Debug.Delay)) { System.err.println("Delaying request."); } try { Thread.sleep(delay); } catch (InterruptedException e) { Thread.currentThread().interrupt(); } } initial = false; try { scc.probe(); sslSupport = SSLResult.SUPPORTED; sslSupportReason = null; } catch (NoSSLException e) { // This exception is thrown when the protocol support // for ssl is not available sslSupport = SSLResult.UNSUPPORTED; sslSupportReason = e.toString(); } catch (FingerprintException e) { sslSupport = SSLResult.UNSUPPORTED; sslSupportReason = e.toString(); } catch (IOException e) { sslSupport = SSLResult.UNKNOWN; sslSupportReason = e.toString(); } endDate = new Date(); protos = scc.getSupportedProtos(); ProbeResult pres = new ProbeResult( host, port, startDate, endDate, sslSupport, sslSupportReason, scc.getServerCertificates(), scc.serverCertificateVerifies(), scc.serverCertNameMatch()); pres.setProtosResult(protos); return pres; }
/* * Define the client side of the test. * * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ void doClientSide() throws Exception { /* * Wait for server to get started. */ while (!serverReady) { Thread.sleep(50); } /* * See if an unknown keystore actually gets checked ok. */ System.out.println("=============="); System.out.println("Starting test0"); KeyStore uks = KeyStore.getInstance("JKS"); SSLContext ctx = SSLContext.getInstance("TLS"); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); uks.load(new FileInputStream(unknownFilename), cpasswd); kmf.init(uks, cpasswd); TrustManager[] tms = new TrustManager[] {new MyJavaxX509TrustManager()}; ctx.init(kmf.getKeyManagers(), tms, null); SSLSocketFactory sslsf = (SSLSocketFactory) ctx.getSocketFactory(); System.out.println("Trying first socket " + serverPort); SSLSocket sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort); doTest(sslSocket); /* * Now try the other way. */ com.sun.net.ssl.SSLContext ctx1 = com.sun.net.ssl.SSLContext.getInstance("TLS"); com.sun.net.ssl.KeyManagerFactory kmf1 = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509"); kmf1.init(uks, cpasswd); com.sun.net.ssl.TrustManager[] tms1 = new com.sun.net.ssl.TrustManager[] {new MyComX509TrustManager()}; ctx1.init(kmf1.getKeyManagers(), tms1, null); sslsf = (SSLSocketFactory) ctx1.getSocketFactory(); System.out.println("Trying second socket " + serverPort1); sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort1); doTest(sslSocket); System.out.println("Completed test1"); }
/* * Define the client side of the test. * * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ void doClientSide() throws Exception { /* * Wait for server to get started. */ while (!serverReady) { Thread.sleep(50); } HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier()); URL url = new URL("https://" + "localhost:" + serverPort + "/etc/hosts"); URLConnection urlc = url.openConnection(); if (!(urlc instanceof javax.net.ssl.HttpsURLConnection)) { throw new Exception("URLConnection ! instanceof javax.net.ssl.HttpsURLConnection"); } BufferedReader in = null; try { in = new BufferedReader(new InputStreamReader(urlc.getInputStream())); String inputLine; System.out.print("Client reading... "); while ((inputLine = in.readLine()) != null) System.out.println(inputLine); System.out.println("Cipher Suite: " + ((HttpsURLConnection) urlc).getCipherSuite()); Certificate[] certs = ((HttpsURLConnection) urlc).getServerCertificates(); for (int i = 0; i < certs.length; i++) { System.out.println(certs[0]); } in.close(); } catch (SSLException e) { if (in != null) in.close(); throw e; } System.out.println("Client reports: SUCCESS"); }