public SSLResult fingerprint() throws IOException, FingerprintError {
SSLConfigCollector scc;
scc = new SSLConfigCollector(host, port, si);
scc.setCertValidator(cv);
startDate = new Date();
sslSupport = SSLResult.UNKNOWN;
// If a delay is set, wait some time, except for
// the first request
if (!initial && (delay > 0)) {
if (Debug.get(Debug.Delay)) {
System.err.println("Delaying request.");
}
try {
Thread.sleep(delay);
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
}
}
initial = false;
try {
scc.probe();
sslSupport = SSLResult.SUPPORTED;
sslSupportReason = null;
} catch (NoSSLException e) {
// This exception is thrown when the protocol support
// for ssl is not available
sslSupport = SSLResult.UNSUPPORTED;
sslSupportReason = e.toString();
} catch (FingerprintException e) {
sslSupport = SSLResult.UNSUPPORTED;
sslSupportReason = e.toString();
} catch (IOException e) {
sslSupport = SSLResult.UNKNOWN;
sslSupportReason = e.toString();
}
endDate = new Date();
protos = scc.getSupportedProtos();
ProbeResult pres =
new ProbeResult(
host,
port,
startDate,
endDate,
sslSupport,
sslSupportReason,
scc.getServerCertificates(),
scc.serverCertificateVerifies(),
scc.serverCertNameMatch());
pres.setProtosResult(protos);
return pres;
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
while (!serverReady) {
Thread.sleep(50);
}
/*
* See if an unknown keystore actually gets checked ok.
*/
System.out.println("==============");
System.out.println("Starting test0");
KeyStore uks = KeyStore.getInstance("JKS");
SSLContext ctx = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
uks.load(new FileInputStream(unknownFilename), cpasswd);
kmf.init(uks, cpasswd);
TrustManager[] tms = new TrustManager[] {new MyJavaxX509TrustManager()};
ctx.init(kmf.getKeyManagers(), tms, null);
SSLSocketFactory sslsf = (SSLSocketFactory) ctx.getSocketFactory();
System.out.println("Trying first socket " + serverPort);
SSLSocket sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort);
doTest(sslSocket);
/*
* Now try the other way.
*/
com.sun.net.ssl.SSLContext ctx1 = com.sun.net.ssl.SSLContext.getInstance("TLS");
com.sun.net.ssl.KeyManagerFactory kmf1 =
com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
kmf1.init(uks, cpasswd);
com.sun.net.ssl.TrustManager[] tms1 =
new com.sun.net.ssl.TrustManager[] {new MyComX509TrustManager()};
ctx1.init(kmf1.getKeyManagers(), tms1, null);
sslsf = (SSLSocketFactory) ctx1.getSocketFactory();
System.out.println("Trying second socket " + serverPort1);
sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort1);
doTest(sslSocket);
System.out.println("Completed test1");
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
while (!serverReady) {
Thread.sleep(50);
}
HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
URL url = new URL("https://" + "localhost:" + serverPort + "/etc/hosts");
URLConnection urlc = url.openConnection();
if (!(urlc instanceof javax.net.ssl.HttpsURLConnection)) {
throw new Exception("URLConnection ! instanceof javax.net.ssl.HttpsURLConnection");
}
BufferedReader in = null;
try {
in = new BufferedReader(new InputStreamReader(urlc.getInputStream()));
String inputLine;
System.out.print("Client reading... ");
while ((inputLine = in.readLine()) != null) System.out.println(inputLine);
System.out.println("Cipher Suite: " + ((HttpsURLConnection) urlc).getCipherSuite());
Certificate[] certs = ((HttpsURLConnection) urlc).getServerCertificates();
for (int i = 0; i < certs.length; i++) {
System.out.println(certs[0]);
}
in.close();
} catch (SSLException e) {
if (in != null) in.close();
throw e;
}
System.out.println("Client reports: SUCCESS");
}
