Esempio n. 1
0
 private static void printConnectionInfo(SSLSocket s) {
   SSLSession currentSession = s.getSession();
   System.out.println("Protocol: " + currentSession.getProtocol());
   System.out.println("Cipher Suite: " + currentSession.getCipherSuite());
   System.out.println("Host: " + currentSession.getPeerHost());
   System.out.println("Host Port: " + currentSession.getPeerPort());
 }
    private ProxyLdapContext(Hashtable env) throws NamingException {
      final Map<String, Object> savedEnv = new HashMap<String, Object>();
      for (final String key :
          Arrays.asList(
              Context.SECURITY_AUTHENTICATION,
              Context.SECURITY_CREDENTIALS,
              Context.SECURITY_PRINCIPAL,
              Context.SECURITY_PROTOCOL)) {
        final Object entry = env.remove(key);
        if (entry != null) {
          savedEnv.put(key, entry);
        }
      }
      delegate = new InitialLdapContext(env, null);
      tls = (StartTlsResponse) delegate.extendedOperation(new StartTlsRequest());
      tls.setHostnameVerifier(
          new HostnameVerifier() {

            @Override
            public boolean verify(String hostname, SSLSession session) {
              return true;
            }
          });
      try {
        final SSLSession negotiate = tls.negotiate();
        Logger.getLogger(this.getClass().getCanonicalName())
            .fine("LDAP is now using " + negotiate.getProtocol());
      } catch (final IOException e) {
        throw new NamingException(e.getMessage());
      }
      for (final Map.Entry<String, Object> savedEntry : savedEnv.entrySet()) {
        delegate.addToEnvironment(savedEntry.getKey(), savedEntry.getValue());
      }
    }
Esempio n. 3
0
 private static void printSocketInfo(SSLSocket s) {
   LOGGER.info("Socket class: " + s.getClass());
   LOGGER.info("   Remote address = " + s.getInetAddress().toString());
   LOGGER.info("   Remote port = " + s.getPort());
   LOGGER.info("   Local socket address = " + s.getLocalSocketAddress().toString());
   LOGGER.info("   Local address = " + s.getLocalAddress().toString());
   LOGGER.info("   Local port = " + s.getLocalPort());
   LOGGER.info("   Need client authentication = " + s.getNeedClientAuth());
   SSLSession ss = s.getSession();
   LOGGER.info("   Cipher suite = " + ss.getCipherSuite());
   LOGGER.info("   Protocol = " + ss.getProtocol());
 }
  @Override
  public Socket createSocket(Socket plainSocket, String host, int port, boolean autoClose)
      throws IOException {
    String peerHost = this.conn.getRequestProperty("Host");
    if (peerHost == null) peerHost = host;
    Log.i(TAG, "customized createSocket. host: " + peerHost);
    InetAddress address = plainSocket.getInetAddress();
    if (autoClose) {
      // we don't need the plainSocket
      plainSocket.close();
    }
    // create and connect SSL socket, but don't do hostname/certificate verification yet
    SSLCertificateSocketFactory sslSocketFactory =
        (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0);
    SSLSocket ssl = (SSLSocket) sslSocketFactory.createSocket(address, port);

    // enable TLSv1.1/1.2 if available
    ssl.setEnabledProtocols(ssl.getSupportedProtocols());

    // set up SNI before the handshake
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
      Log.i(TAG, "Setting SNI hostname");
      sslSocketFactory.setHostname(ssl, peerHost);
    } else {
      Log.d(TAG, "No documented SNI support on Android <4.2, trying with reflection");
      try {
        java.lang.reflect.Method setHostnameMethod =
            ssl.getClass().getMethod("setHostname", String.class);
        setHostnameMethod.invoke(ssl, peerHost);
      } catch (Exception e) {
        Log.w(TAG, "SNI not useable", e);
      }
    }

    // verify hostname and certificate
    SSLSession session = ssl.getSession();

    if (!hostnameVerifier.verify(peerHost, session))
      throw new SSLPeerUnverifiedException("Cannot verify hostname: " + peerHost);

    Log.i(
        TAG,
        "Established "
            + session.getProtocol()
            + " connection with "
            + session.getPeerHost()
            + " using "
            + session.getCipherSuite());

    return ssl;
  }
  @Override
  public void handshakeCompleted(HandshakeCompletedEvent event) {
    SSLSession session = event.getSession();
    String protocol = session.getProtocol();
    String cipherSuite = session.getCipherSuite();
    String peerName = null;

    try {
      peerName = session.getPeerPrincipal().getName();
      Log.d(TAG, "peerName: " + peerName);
    } catch (SSLPeerUnverifiedException e) {
      e.printStackTrace();
    }
    Log.d(TAG, "session: " + session);
    Log.d(TAG, "protocol: " + protocol);
    Log.d(TAG, "cipherSuite: " + cipherSuite);
  }
  @SuppressLint("NewApi")
  private Socket enableSNI(SSLSocket ssl, String host) throws SSLPeerUnverifiedException {
    // enable TLSv1.1/1.2 if available
    // (see https://github.com/rfc2822/davdroid/issues/229)
    ssl.setEnabledProtocols(ssl.getSupportedProtocols());

    // set up SNI before the handshake
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
      AppLog.i(T.API, "Setting SNI hostname");
      mFactory.setHostname(ssl, host);
    } else {
      AppLog.i(T.API, "No documented SNI support on Android <4.2, trying with reflection");
      try {
        java.lang.reflect.Method setHostnameMethod =
            ssl.getClass().getMethod("setHostname", String.class);
        setHostnameMethod.invoke(ssl, host);
      } catch (Exception e) {
        AppLog.e(T.API, "SNI not useable", e);
      }
    }

    // verify hostname and certificate
    SSLSession session = ssl.getSession();
    if (!mHostnameVerifier.verify(host, session)) {
      throw new SSLPeerUnverifiedException("Cannot verify hostname: " + host);
    }

    AppLog.i(
        T.API,
        "Established "
            + session.getProtocol()
            + " connection with "
            + session.getPeerHost()
            + " using "
            + session.getCipherSuite());

    return ssl;
  }
Esempio n. 7
0
  /**
   * Establishes and verifies a TLS connection to a (TCP-)connected SSLSocket: - set TLS parameters
   * like allowed protocols and ciphers - set SNI host name - verify host name - verify certificate
   *
   * @param socket unconnected SSLSocket
   * @param host host name for SNI
   * @throws java.io.IOException if the connection could not be established.
   */
  private void establishAndVerify(SSLSocket socket, String host) throws IOException {
    setTlsParameters(socket);
    setSniHostname(socket, host);

    // TLS handshake, throws an exception for untrusted certificates
    socket.startHandshake();

    // verify hostname and certificate
    SSLSession session = socket.getSession();
    if (!hostnameVerifier.verify(host, session)) {
      // throw exception for invalid host names
      throw new SSLPeerUnverifiedException(host);
    }

    Log.i(
        TAG,
        "Established "
            + session.getProtocol()
            + " connection with "
            + session.getPeerHost()
            + " using "
            + session.getCipherSuite());
  }
Esempio n. 8
0
  static SSLSecurityInfoImpl create(SSLSocket socket) throws IOException {
    SSLSession session = socket.getSession();

    java.security.cert.Certificate[] certs = session.getPeerCertificates();
    CertificateImpl ci = null;
    if (certs != null && certs.length > 0 && certs[0] instanceof X509Certificate) {
      // TODO: is this the right way?
      ci = new CertificateImpl((X509Certificate) certs[0]);
    }

    // parse protocol name and version
    final String protocol = session.getProtocol();
    String protocolName = null;
    String protocolVersion = null;
    if (protocol.startsWith("TLS")) {
      protocolName = "TLS";
      protocolVersion = "3.1";
    } else if (protocol.startsWith("SSL")) {
      protocolName = "SSL";
      protocolVersion = "3.0";
    }

    return new SSLSecurityInfoImpl(session.getCipherSuite(), protocolName, protocolVersion, ci);
  }
Esempio n. 9
0
  public static void main(String args[]) throws Exception {
    System.setProperty("javax.net.ssl.trustStore", "clienttrust");

    SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
    Socket s = ssf.createSocket("127.0.0.1", 5432);

    SSLSession session = ((SSLSocket) s).getSession();
    Certificate[] cchain = session.getPeerCertificates();
    System.out.println("The Certificates used by peer");
    for (int i = 0; i < cchain.length; i++) {
      System.out.println(((X509Certificate) cchain[i]).getSubjectDN());
    }
    System.out.println("Peer host is " + session.getPeerHost());
    System.out.println("Cipher is " + session.getCipherSuite());
    System.out.println("Protocol is " + session.getProtocol());
    System.out.println("ID is " + new BigInteger(session.getId()));
    System.out.println("Session created in " + session.getCreationTime());
    System.out.println("Session accessed in " + session.getLastAccessedTime());

    BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));
    String x = in.readLine();
    System.out.println(x);
    in.close();
  }