public boolean connect(int fd, boolean sslVerifyPeer, String hostname) { try { Logger.I(TAG, "SSL connect to " + hostname); RhoSockAddr remote = getRemoteSockAddr(fd); Socket s = new RhoSocket(fd, remote); SSLSocketFactory f = getFactory(sslVerifyPeer); StringTokenizer st = new StringTokenizer(hostname, ":"); String host = st.nextToken(); SSLSocket aSock = (SSLSocket) f.createSocket(s, host, remote.port, true); aSock.setUseClientMode(true); synchronized (this) { sock = aSock; os = sock.getOutputStream(); is = sock.getInputStream(); sockfd = fd; } return true; } catch (Exception e) { reportFail("connect", e); e.printStackTrace(); return false; } }
private Socket getSocket(String hostName, int port, boolean useSsl) throws IOException { if (useSsl) { try { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType) {} public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) {} } }; SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); SSLSocketFactory factory = sc.getSocketFactory(); SSLSocket sslSocket = (SSLSocket) factory.createSocket(hostName, port); sslSocket.setUseClientMode(true); return sslSocket; } catch (Exception e) { log.error("Could not create SSL Connection", e); } return null; } else { return new Socket(hostName, port); } }
/** * SSL/TLS negotiation. Acquires an SSL socket of a control connection and carries out handshake * processing. * * @throws IOException If server negotiation fails */ protected void sslNegotiation() throws IOException { plainSocket = _socket_; initSslContext(); SSLSocketFactory ssf = context.getSocketFactory(); String ip = _socket_.getInetAddress().getHostAddress(); int port = _socket_.getPort(); SSLSocket socket = (SSLSocket) ssf.createSocket(_socket_, ip, port, false); socket.setEnableSessionCreation(isCreation); socket.setUseClientMode(isClientMode); // server mode if (!isClientMode) { socket.setNeedClientAuth(isNeedClientAuth); socket.setWantClientAuth(isWantClientAuth); } if (protocols != null) { socket.setEnabledProtocols(protocols); } if (suites != null) { socket.setEnabledCipherSuites(suites); } socket.startHandshake(); _socket_ = socket; _controlInput_ = new BufferedReader(new InputStreamReader(socket.getInputStream(), getControlEncoding())); _controlOutput_ = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream(), getControlEncoding())); }
/** * Returns a socket of the data connection. Wrapped as an {@link SSLSocket}, which carries out * handshake processing. * * @param command The textual representation of the FTP command to send. * @param arg The arguments to the FTP command. If this parameter is set to null, then the command * is sent with no arguments. * @return corresponding to the established data connection. Null is returned if an FTP protocol * error is reported at any point during the establishment and initialization of the * connection. * @throws IOException If there is any problem with the connection. * @see FTPClient#_openDataConnection_(int, String) * @since 3.2 */ @Override protected Socket _openDataConnection_(String command, String arg) throws IOException { Socket socket = super._openDataConnection_(command, arg); _prepareDataSocket_(socket); if (socket instanceof SSLSocket) { SSLSocket sslSocket = (SSLSocket) socket; sslSocket.setUseClientMode(isClientMode); sslSocket.setEnableSessionCreation(isCreation); // server mode if (!isClientMode) { sslSocket.setNeedClientAuth(isNeedClientAuth); sslSocket.setWantClientAuth(isWantClientAuth); } if (suites != null) { sslSocket.setEnabledCipherSuites(suites); } if (protocols != null) { sslSocket.setEnabledProtocols(protocols); } sslSocket.startHandshake(); } return socket; }
/** * Generates an SSL-enabled socket. * * @return the new socket * @throws GeneralSecurityException on error building the socket * @throws IOException on error loading the KeyStore */ private SSLSocket getSslSocket(RemoteDevice target) throws GeneralSecurityException, IOException { // Build a new key store based on the key store manager. KeyManager[] keyManagers = coreService.getKeyStoreManager().getKeyManagers(); TrustManager[] trustManagers = coreService.getKeyStoreManager().getTrustManagers(); if (keyManagers.length == 0) { throw new IllegalStateException("No key managers"); } // Create a new SSLContext, using the new KeyManagers and TrustManagers // as the sources of keys and trust decisions, respectively. SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagers, trustManagers, null); // Finally, build a new SSLSocketFactory from the SSLContext, and // then generate a new SSLSocket from it. SSLSocketFactory factory = sslContext.getSocketFactory(); SSLSocket sock = (SSLSocket) factory.createSocket(); sock.setNeedClientAuth(true); sock.setUseClientMode(true); sock.setKeepAlive(true); sock.setTcpNoDelay(true); InetSocketAddress fullAddr = new InetSocketAddress(target.getAddress(), target.getPort()); sock.connect(fullAddr, SOCKET_CREATION_TIMEOUT_MS); sock.startHandshake(); return sock; }
public Socket createSocket(String host, int port) throws IOException { Socket s = this.factory.createSocket(host, port); if (s instanceof SSLSocket) { SSLSocket ssl = (SSLSocket) s; ssl.setUseClientMode(false); // client offers to authenticate itself ssl.setNeedClientAuth(true); } return s; }
public Socket createSocket( InetAddress address, int port, InetAddress clientAddress, int clientPort) throws IOException { Socket s = this.factory.createSocket(address, port, clientAddress, clientPort); if (s instanceof SSLSocket) { SSLSocket ssl = (SSLSocket) s; ssl.setUseClientMode(false); // client offers to authenticate itself ssl.setNeedClientAuth(true); } return s; }
/** Creates a new TlsSocket */ public TlsSocket createTlsSocket(String host, int port) throws java.io .IOException { // SSLSocket ssl_socket=(SSLSocket)ssl_factory.createSocket(host,port); // return new TlsSocket(ssl_socket); SSLSocket ssl_socket = (SSLSocket) ssl_factory.createSocket(); if (!client_mode) ssl_socket.setUseClientMode(false); if (enabled_protocols != null) ssl_socket.setEnabledProtocols(enabled_protocols); ssl_socket.connect(new java.net.InetSocketAddress(host, port)); return new TlsSocket(ssl_socket); }
/** * Create a SSLsocket using an existing connected socket. It can be used such as a tunneled SSL * proxy socket (eg when a CONNECT request is received). This SSLSocket will start server side * handshake immediately. * * @param targethost the host where you want to connect to * @param socket * @return * @throws IOException */ public Socket createTunnelServerSocket(String targethost, Socket socket) throws IOException { // ZAP: added host name parameter SSLSocket s = (SSLSocket) getTunnelSSLSocketFactory(targethost) .createSocket( socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true); s.setUseClientMode(false); s.startHandshake(); return s; }
public static SSLSocket wrapSocket(Socket socket) throws Exception { // ssl socket factory SSLSocketFactory sslSocketFactory = sslContext().getSocketFactory(); // ssl socket SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket( socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true); sslSocket.setUseClientMode(true); sslSocket.startHandshake(); return sslSocket; }
public boolean connect(int fd, boolean sslVerifyPeer) { try { sockfd = fd; RhoSockAddr remote = getRemoteSockAddr(sockfd); Socket s = new RhoSocket(sockfd, remote); SSLSocketFactory f = getFactory(sslVerifyPeer); sock = (SSLSocket) f.createSocket(s, remote.host.toString(), remote.port, true); sock.setUseClientMode(true); os = sock.getOutputStream(); is = sock.getInputStream(); return true; } catch (Exception e) { reportFail("connect", e); e.printStackTrace(); return false; } }
private Socket secureConnect() throws IOException { if (socket_factory == null) { try { SSLContext context = SSLContext.getInstance("TLS"); context.init(getKeyManagers(config.getCertFile(), config.getCertPhrase()), null, sec_rnd); socket_factory = context.getSocketFactory(); } catch (GeneralSecurityException security_exception) { throw new IOException("Failed to create SSL socket factory."); } catch (IOException io_exception) { throw new IOException("Failed to read APNS certificate."); } } SSLSocket ssl_socket = null; ssl_socket = (SSLSocket) socket_factory.createSocket(config.getHostname(service), config.getPort(service)); ssl_socket.setUseClientMode(true); return ssl_socket; }
@Override public void execute(String commandString, Session sess) throws IOException { if (!commandString.trim().toUpperCase().equals(this.getName())) { sess.sendResponse("501 Syntax error (no parameters allowed)"); return; } try { Socket socket = sess.getSocket(); if (socket instanceof SSLSocket) { sess.sendResponse("454 TLS not available due to temporary reason: TLS already active"); return; } sess.sendResponse("220 Ready to start TLS"); InetSocketAddress remoteAddress = (InetSocketAddress) socket.getRemoteSocketAddress(); SSLSocketFactory sf = ((SSLSocketFactory) SSLSocketFactory.getDefault()); SSLSocket s = (SSLSocket) (sf.createSocket(socket, remoteAddress.getHostName(), socket.getPort(), true)); // we are a server s.setUseClientMode(false); // allow all supported cipher suites s.setEnabledCipherSuites(s.getSupportedCipherSuites()); s.startHandshake(); sess.setSocket(s); sess.resetMessageState(); // clean slate } catch (SSLHandshakeException ex) { // "no cipher suites in common" is common and puts a lot of crap in the logs. // This will at least limit it to a single WARN line and not a whole stacktrace. // Unfortunately it might catch some other types of SSLHandshakeException (if // in fact other types exist), but oh well. log.warn("startTLS() failed: " + ex); } catch (IOException ex) { log.warn("startTLS() failed: " + ex.getMessage(), ex); } }
public static TcpSocket makeTls(TcpSocket upgrade) { try { SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, null, null); // get SSL factory because Java loves factories! SSLSocketFactory factory = sslContext.getSocketFactory(); // create new SSL socket SSLSocket socket; if (upgrade == null) { socket = (SSLSocket) factory.createSocket(); } // upgrade an existing socket else { socket = (SSLSocket) factory.createSocket( upgrade.peer.socket, upgrade.peer.socket.getInetAddress().getHostAddress(), upgrade.peer.socket.getPort(), false); socket.setUseClientMode(true); socket.startHandshake(); } // create the new TcpSocket instance TcpSocket self = new TcpSocket(); self.peer = new TcpSocketPeer(socket); // if upgrade, then initialize socket as already connected if (upgrade != null) self.peer.connected(self); return self; } catch (Exception e) { throw IOErr.make(e); } }
public boolean connect() throws IOException, NoSuchAlgorithmException, KeyManagementException { // try{ // Connect if (socket == null || socket.isClosed() || !socket.isConnected()) { if (socket != null && !socket.isClosed()) socket.close(); if (sslContext == null) { sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, tm, new java.security.SecureRandom()); } SSLSocketFactory socketFactory = sslContext.getSocketFactory(); socket = (SSLSocket) socketFactory.createSocket(host, 443); socket.setSoTimeout(0); socket.setUseClientMode(true); connected = true; Log.i(getClass().toString(), "Connected."); } // Secure if (connected) { Log.i(getClass().toString(), "Securing..."); SSLSession session = socket.getSession(); secured = session.isValid(); if (secured) { Log.i(getClass().toString(), "Secured."); output = new BufferedOutputStream(socket.getOutputStream()); } else { Log.i(getClass().toString(), "Securing failed."); } } return connected; }
/** * SSL/TLS negotiation. Acquires an SSL socket of a connection and carries out handshake * processing. * * @throws java.io.IOException If server negotiation fails. */ private void performSSLNegotiation() throws IOException { initSSLContext(); SSLSocketFactory ssf = context.getSocketFactory(); String ip = getRemoteAddress().getHostAddress(); int port = getRemotePort(); SSLSocket socket = (SSLSocket) ssf.createSocket(_socket_, ip, port, true); socket.setEnableSessionCreation(true); socket.setUseClientMode(true); if (protocols != null) { socket.setEnabledProtocols(protocols); } if (suites != null) { socket.setEnabledCipherSuites(suites); } socket.startHandshake(); _socket_ = socket; _input_ = socket.getInputStream(); _output_ = socket.getOutputStream(); _reader = new CRLFLineReader(new InputStreamReader(_input_, encoding)); _writer = new BufferedWriter(new OutputStreamWriter(_output_, encoding)); }
private void m(Context context) { SSLSocket sslSocket = null; try { boolean connected = false; if (sslSocket == null || sslSocket.isClosed() || !sslSocket.isConnected()) { if (sslSocket != null && !sslSocket.isClosed()) { sslSocket.close(); } Log.i(getClass().toString(), "Connecting..."); // messages.getText().append("Connecting..."); final KeyStore keyStore = KeyStore.getInstance("BKS"); keyStore.load(context.getResources().openRawResource(R.raw.clientkey), null); final KeyManagerFactory keyManager = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManager.init(keyStore, null); // keyManager.init(null, null); final TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustFactory.init(keyStore); sslContext = SSLContext.getInstance("TLS"); sslContext.init( keyManager.getKeyManagers(), trustFactory.getTrustManagers(), new SecureRandom()); final SSLSocketFactory delegate = sslContext.getSocketFactory(); SocketFactory factory = new SSLSocketFactory() { @Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { InetAddress addr = InetAddress.getByName(host); injectHostname(addr, host); return delegate.createSocket(addr, port); } @Override public Socket createSocket(InetAddress host, int port) throws IOException { return delegate.createSocket(host, port); } @Override public Socket createSocket( String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return delegate.createSocket(host, port, localHost, localPort); } @Override public Socket createSocket( InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { return delegate.createSocket(address, port, localAddress, localPort); } private void injectHostname(InetAddress address, String host) { try { Field field = InetAddress.class.getDeclaredField("hostName"); field.setAccessible(true); field.set(address, host); } catch (Exception ignored) { } } @Override public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { injectHostname(s.getInetAddress(), host); return delegate.createSocket(s, host, port, autoClose); } @Override public String[] getDefaultCipherSuites() { return delegate.getDefaultCipherSuites(); } @Override public String[] getSupportedCipherSuites() { return delegate.getSupportedCipherSuites(); } }; sslSocket = (SSLSocket) factory.createSocket("195.248.169.76", 4445); sslSocket.setSoTimeout(20000); sslSocket.setUseClientMode(true); connected = true; Log.i(getClass().toString(), "Connected."); // messages.getText().append("Connected."); } // Secure if (connected) { Log.i(getClass().toString(), "Securing..."); // messages.getText().append("Securing..."); SSLSession session = sslSocket.getSession(); boolean secured = session.isValid(); if (secured) { Log.i(getClass().toString(), "Secured."); // messages.getText().append("Secured."); } } } catch (CertificateException e) { e.printStackTrace(); } catch (UnrecoverableKeyException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } catch (UnknownHostException e) { e.printStackTrace(); } catch (SocketException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } }
/** Enables the client mode and the client authentication */ protected SSLSocket enableClientAuth(SSLSocket sock) { sock.setNeedClientAuth(true); sock.setUseClientMode(true); return sock; }
private void testServerSendsConnectionClose(boolean chunked, String content) throws Exception { ServerSocket server = new ServerSocket(0); int port = server.getLocalPort(); startClient(); Request request = client.newRequest("localhost", port).scheme("https").path("/ctx/path"); FutureResponseListener listener = new FutureResponseListener(request); request.send(listener); Socket socket = server.accept(); SSLContext sslContext = client.getSslContextFactory().getSslContext(); SSLSocket sslSocket = (SSLSocket) sslContext.getSocketFactory().createSocket(socket, "localhost", port, false); sslSocket.setUseClientMode(false); sslSocket.startHandshake(); InputStream input = sslSocket.getInputStream(); consumeRequest(input); OutputStream output = sslSocket.getOutputStream(); String serverResponse = "" + "HTTP/1.1 200 OK\r\n" + "Connection: close\r\n"; if (chunked) { serverResponse += "" + "Transfer-Encoding: chunked\r\n" + "\r\n"; for (int i = 0; i < 2; ++i) { serverResponse += Integer.toHexString(content.length()) + "\r\n" + content + "\r\n"; } serverResponse += "" + "0\r\n" + "\r\n"; } else { serverResponse += "Content-Length: " + content.length() + "\r\n"; serverResponse += "\r\n"; serverResponse += content; } output.write(serverResponse.getBytes("UTF-8")); output.flush(); switch (closeMode) { case NONE: { break; } case CLOSE: { sslSocket.close(); break; } case ABRUPT: { socket.shutdownOutput(); break; } default: { throw new IllegalStateException(); } } ContentResponse response = listener.get(5, TimeUnit.SECONDS); Assert.assertEquals(HttpStatus.OK_200, response.getStatus()); // Give some time to process the connection. Thread.sleep(1000); // Connection should have been removed from pool. HttpDestinationOverHTTP destination = (HttpDestinationOverHTTP) client.getDestination("http", "localhost", port); DuplexConnectionPool connectionPool = (DuplexConnectionPool) destination.getConnectionPool(); Assert.assertEquals(0, connectionPool.getConnectionCount()); Assert.assertEquals(0, connectionPool.getIdleConnectionCount()); Assert.assertEquals(0, connectionPool.getActiveConnectionCount()); }
public void setUseClientMode(final boolean mode) { delegate.setUseClientMode(mode); }
public SSLSocket convertToSecureServerSocket(final Socket socket, final String domain) throws Exception { SSLSocket sslSocket = convertToSecureSocket(socket, domain); sslSocket.setUseClientMode(false); return sslSocket; }
@Override public Socket getSocket(String host, int port, Context context) throws Exception { SSLSocket sslSocket = null; boolean connected = false; if (sslSocket == null || sslSocket.isClosed() || !sslSocket.isConnected()) { if (sslSocket != null && !sslSocket.isClosed()) sslSocket.close(); Log.i(getClass().toString(), "Connecting..."); final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); // keyStore.load(context.getResources().openRawResource(R.raw.clientkey), ksPass); keyStore.load(null, null); // final KeyManagerFactory keyManager = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManager.init(keyStore, null); // // final TrustManagerFactory trustFactory = // TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); // final TrustManagerFactory trustFactory = // TrustManagerFactory.getInstance("SunX509"); // trustFactory.init(keyStore); // if (sslContext == null) { // sslContext = SSLContext.getInstance("TLS"); // sslContext.init(keyManager.getKeyManagers(), // trustFactory.getTrustManagers(), new SecureRandom()); // } TrustManager tm = new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {} public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {} public X509Certificate[] getAcceptedIssuers() { return null; } }; sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, new TrustManager[] {tm}, null); // sslContext.init(keyManager.getKeyManagers(), // trustFactory.getTrustManagers(), new SecureRandom()); SSLSocketFactory socketFactory = sslContext.getSocketFactory(); sslSocket = (SSLSocket) socketFactory.createSocket(host, port); sslSocket.setSoTimeout(20000); sslSocket.setUseClientMode(true); sslSocket.startHandshake(); connected = true; Log.i(getClass().toString(), "Connected."); } return sslSocket; // Secure // if (connected) { // Log.i(getClass().toString(), "Securing..."); // SSLSession session = sslSocket.getSession(); // secured = session.isValid(); // if (secured) { // Log.i(getClass().toString(), "Secured."); // } // else // Log.i(getClass().toString(), "Securing failed."); // } }