private static void printConnectionInfo(SSLSocket s) { SSLSession currentSession = s.getSession(); System.out.println("Protocol: " + currentSession.getProtocol()); System.out.println("Cipher Suite: " + currentSession.getCipherSuite()); System.out.println("Host: " + currentSession.getPeerHost()); System.out.println("Host Port: " + currentSession.getPeerPort()); }
public boolean verify(String hostName, SSLSession session) { System.out.println("Server: " + hostName + ":" + session.getPeerPort()); try { X509Certificate[] chain = session.getPeerCertificateChain(); for (X509Certificate cert : chain) { System.out.println("DN: " + cert.getSubjectDN()); } } catch (SSLPeerUnverifiedException e) { e.printStackTrace(); } System.out.println("-----"); return true; }
/** * Invalidates all SSL/TLS sessions in {@code sessionContext} associated with {@code * remoteAddress}. * * @param sessionContext collection of SSL/TLS sessions to be (potentially) invalidated * @param remoteAddress associated with sessions to invalidate */ private void clearSessionCache( final SSLSessionContext sessionContext, final InetSocketAddress remoteAddress) { final String hostName = remoteAddress.getHostName(); final int port = remoteAddress.getPort(); final Enumeration<byte[]> ids = sessionContext.getIds(); if (ids == null) { return; } while (ids.hasMoreElements()) { final byte[] id = ids.nextElement(); final SSLSession session = sessionContext.getSession(id); if (session != null && session.getPeerHost() != null && session.getPeerHost().equalsIgnoreCase(hostName) && session.getPeerPort() == port) { session.invalidate(); if (LOG.isDebugEnabled()) { LOG.debug("Invalidated session " + session); } } } }
public synchronized void checkClientTrusted( X509Certificate[] paramArrayOfX509Certificate, String paramString, Socket paramSocket) throws CertificateException { SSLSocket localSSLSocket = (SSLSocket) paramSocket; SSLSession localSSLSession = localSSLSocket.getHandshakeSession(); String str1 = localSSLSocket.getSSLParameters().getEndpointIdentificationAlgorithm(); String str2 = localSSLSession.getPeerHost(); if ((str1 != null) && (!isSupportedAlgorithm(str1))) return; boolean bool = false; int i = 0; if (this.trustManager == null) throw new IllegalStateException("TrustManager should not be null"); int j = -1; try { rootStore.load(); sslRootStore.load(); permanentStore.load(); sessionStore.load(); deniedStore.load(); if ((browserSSLRootStore != null) && (!isBrowserSSLRootStoreLoaded)) { browserSSLRootStore.load(); isBrowserSSLRootStoreLoaded = true; } if (deniedStore.contains(paramArrayOfX509Certificate[0])) throw new CertificateException("Certificate has been denied"); if (!alwaysShow) try { this.trustManager.checkClientTrusted( paramArrayOfX509Certificate, paramString, localSSLSocket); return; } catch (CertificateException localCertificateException1) { } if (sessionStore.contains(paramArrayOfX509Certificate[0])) return; if (permanentStore.contains(paramArrayOfX509Certificate[0])) return; if ((paramArrayOfX509Certificate != null) && (paramArrayOfX509Certificate.length > 0)) { k = paramArrayOfX509Certificate.length - 1; if ((!rootStore.verify(paramArrayOfX509Certificate[k])) && (!sslRootStore.verify(paramArrayOfX509Certificate[k])) && ((browserSSLRootStore == null) || (!browserSSLRootStore.verify(paramArrayOfX509Certificate[k])))) bool = true; } for (int k = 0; k < paramArrayOfX509Certificate.length; k++) try { paramArrayOfX509Certificate[k].checkValidity(); } catch (CertificateExpiredException localCertificateExpiredException) { i = -1; } catch (CertificateNotYetValidException localCertificateNotYetValidException) { i = 1; } if (!Trace.isAutomationEnabled()) { k = (alwaysShow) || (bool) || (i != 0) || ((mismatchShow) && (!CertUtils.checkWildcardDomainList( str2, CertUtils.getServername(paramArrayOfX509Certificate[0])))) ? 1 : 0; if (k != 0) { Trace.msgSecurityPrintln("x509trustmgr.check.invalidcert"); URL localURL = null; try { localURL = new URL("https", localSSLSession.getPeerHost(), localSSLSession.getPeerPort(), ""); } catch (Exception localException) { } j = TrustDeciderDialog.showDialog( paramArrayOfX509Certificate, localURL, 0, paramArrayOfX509Certificate.length, bool, i, null, new AppInfo(), true, str2); } else { j = 0; } } else { Trace.msgSecurityPrintln("x509trustmgr.automation.ignoreclientcert"); j = 0; } if (j == 0) { sessionStore.add(paramArrayOfX509Certificate[0]); sessionStore.save(); } else if (j == 2) { CertStore localCertStore = DeploySSLCertStore.getUserCertStore(); localCertStore.load(true); if (localCertStore.add(paramArrayOfX509Certificate[0])) localCertStore.save(); } else { deniedStore.add(paramArrayOfX509Certificate[0]); deniedStore.save(); } } catch (CertificateException localCertificateException2) { throw localCertificateException2; } catch (Throwable localThrowable) { localThrowable.printStackTrace(); } if ((j != 0) && (j != 2)) throw new CertificateException("Java couldn't trust Client"); }
/** javax.net.ssl.SSLSession#getPeerHost() javax.net.ssl.SSLSession#getPeerPort() */ public void test_getPeerHost() throws Exception { SSLSession s = clientSession; assertEquals(InetAddress.getLocalHost().getHostName(), s.getPeerHost()); assertEquals(port, s.getPeerPort()); }