private static void printConnectionInfo(SSLSocket s) {
SSLSession currentSession = s.getSession();
System.out.println("Protocol: " + currentSession.getProtocol());
System.out.println("Cipher Suite: " + currentSession.getCipherSuite());
System.out.println("Host: " + currentSession.getPeerHost());
System.out.println("Host Port: " + currentSession.getPeerPort());
}
public boolean verify(String hostName, SSLSession session) {
System.out.println("Server: " + hostName + ":" + session.getPeerPort());
try {
X509Certificate[] chain = session.getPeerCertificateChain();
for (X509Certificate cert : chain) {
System.out.println("DN: " + cert.getSubjectDN());
}
} catch (SSLPeerUnverifiedException e) {
e.printStackTrace();
}
System.out.println("-----");
return true;
}
/**
* Invalidates all SSL/TLS sessions in {@code sessionContext} associated with {@code
* remoteAddress}.
*
* @param sessionContext collection of SSL/TLS sessions to be (potentially) invalidated
* @param remoteAddress associated with sessions to invalidate
*/
private void clearSessionCache(
final SSLSessionContext sessionContext, final InetSocketAddress remoteAddress) {
final String hostName = remoteAddress.getHostName();
final int port = remoteAddress.getPort();
final Enumeration<byte[]> ids = sessionContext.getIds();
if (ids == null) {
return;
}
while (ids.hasMoreElements()) {
final byte[] id = ids.nextElement();
final SSLSession session = sessionContext.getSession(id);
if (session != null
&& session.getPeerHost() != null
&& session.getPeerHost().equalsIgnoreCase(hostName)
&& session.getPeerPort() == port) {
session.invalidate();
if (LOG.isDebugEnabled()) {
LOG.debug("Invalidated session " + session);
}
}
}
}
public synchronized void checkClientTrusted(
X509Certificate[] paramArrayOfX509Certificate, String paramString, Socket paramSocket)
throws CertificateException {
SSLSocket localSSLSocket = (SSLSocket) paramSocket;
SSLSession localSSLSession = localSSLSocket.getHandshakeSession();
String str1 = localSSLSocket.getSSLParameters().getEndpointIdentificationAlgorithm();
String str2 = localSSLSession.getPeerHost();
if ((str1 != null) && (!isSupportedAlgorithm(str1))) return;
boolean bool = false;
int i = 0;
if (this.trustManager == null)
throw new IllegalStateException("TrustManager should not be null");
int j = -1;
try {
rootStore.load();
sslRootStore.load();
permanentStore.load();
sessionStore.load();
deniedStore.load();
if ((browserSSLRootStore != null) && (!isBrowserSSLRootStoreLoaded)) {
browserSSLRootStore.load();
isBrowserSSLRootStoreLoaded = true;
}
if (deniedStore.contains(paramArrayOfX509Certificate[0]))
throw new CertificateException("Certificate has been denied");
if (!alwaysShow)
try {
this.trustManager.checkClientTrusted(
paramArrayOfX509Certificate, paramString, localSSLSocket);
return;
} catch (CertificateException localCertificateException1) {
}
if (sessionStore.contains(paramArrayOfX509Certificate[0])) return;
if (permanentStore.contains(paramArrayOfX509Certificate[0])) return;
if ((paramArrayOfX509Certificate != null) && (paramArrayOfX509Certificate.length > 0)) {
k = paramArrayOfX509Certificate.length - 1;
if ((!rootStore.verify(paramArrayOfX509Certificate[k]))
&& (!sslRootStore.verify(paramArrayOfX509Certificate[k]))
&& ((browserSSLRootStore == null)
|| (!browserSSLRootStore.verify(paramArrayOfX509Certificate[k])))) bool = true;
}
for (int k = 0; k < paramArrayOfX509Certificate.length; k++)
try {
paramArrayOfX509Certificate[k].checkValidity();
} catch (CertificateExpiredException localCertificateExpiredException) {
i = -1;
} catch (CertificateNotYetValidException localCertificateNotYetValidException) {
i = 1;
}
if (!Trace.isAutomationEnabled()) {
k =
(alwaysShow)
|| (bool)
|| (i != 0)
|| ((mismatchShow)
&& (!CertUtils.checkWildcardDomainList(
str2, CertUtils.getServername(paramArrayOfX509Certificate[0]))))
? 1
: 0;
if (k != 0) {
Trace.msgSecurityPrintln("x509trustmgr.check.invalidcert");
URL localURL = null;
try {
localURL =
new URL("https", localSSLSession.getPeerHost(), localSSLSession.getPeerPort(), "");
} catch (Exception localException) {
}
j =
TrustDeciderDialog.showDialog(
paramArrayOfX509Certificate,
localURL,
0,
paramArrayOfX509Certificate.length,
bool,
i,
null,
new AppInfo(),
true,
str2);
} else {
j = 0;
}
} else {
Trace.msgSecurityPrintln("x509trustmgr.automation.ignoreclientcert");
j = 0;
}
if (j == 0) {
sessionStore.add(paramArrayOfX509Certificate[0]);
sessionStore.save();
} else if (j == 2) {
CertStore localCertStore = DeploySSLCertStore.getUserCertStore();
localCertStore.load(true);
if (localCertStore.add(paramArrayOfX509Certificate[0])) localCertStore.save();
} else {
deniedStore.add(paramArrayOfX509Certificate[0]);
deniedStore.save();
}
} catch (CertificateException localCertificateException2) {
throw localCertificateException2;
} catch (Throwable localThrowable) {
localThrowable.printStackTrace();
}
if ((j != 0) && (j != 2)) throw new CertificateException("Java couldn't trust Client");
}
/** javax.net.ssl.SSLSession#getPeerHost() javax.net.ssl.SSLSession#getPeerPort() */
public void test_getPeerHost() throws Exception {
SSLSession s = clientSession;
assertEquals(InetAddress.getLocalHost().getHostName(), s.getPeerHost());
assertEquals(port, s.getPeerPort());
}
