예제 #1
0
  /**
   * Return the security information associated with this connection. If the connection is still in
   * <CODE>Setup</CODE> state then the connection is initiated to establish the secure connection to
   * the server. The method returns when the connection is established and the <CODE>Certificate
   * </CODE> supplied by the server has been validated. The <CODE>SecurityInfo</CODE> is only
   * returned if the connection has been successfully made to the server.
   *
   * @return the security information associated with this open connection.
   * @exception CertificateException if the <code>Certificate</code> supplied by the server cannot
   *     be validated. The <code>CertificateException</code> will contain the information about the
   *     error and indicate the certificate in the validation chain with the error.
   * @exception IOException if an arbitrary connection failure occurs
   */
  public SecurityInfo getSecurityInfo() throws IOException {
    ensureOpen();

    sendRequest();

    if (sslConnection == null) {
      /*
       * This is a persistent connection so the connect method did
       * not get called, so the stream connection of HTTP class
       * will be a SSL connection. Get the info from that.
       */
      StreamConnection sc = ((StreamConnectionElement) getStreamConnection()).getBaseConnection();

      return ((SSLStreamConnection) sc).getSecurityInfo();
    }

    return sslConnection.getSecurityInfo();
  }
예제 #2
0
  /**
   * Connect to the underlying secure socket transport. Perform the SSL handshake and then proceded
   * to the underlying HTTP protocol connect semantics.
   *
   * @return SSL/TCP stream connection
   * @exception IOException is thrown if the connection cannot be opened
   */
  protected StreamConnection connect() throws IOException {
    String httpsTunnel;
    com.sun.midp.io.j2me.socket.Protocol tcpConnection;
    OutputStream tcpOutputStream;
    InputStream tcpInputStream;
    X509Certificate serverCert;

    verifyPermissionCheck();

    /*
     * To save memory for applications the do not use HTTPS,
     * the public keys of the certificate authorities may not
     * have been loaded yet.
     */
    WebPublicKeyStore.loadCertificateAuthorities();

    // Open socket connection
    tcpConnection = new com.sun.midp.io.j2me.socket.Protocol();

    // check to see if a protocol is specified for the tunnel
    httpsTunnel = Configuration.getProperty("com.sun.midp.io.http.proxy");
    if (httpsTunnel != null) {
      // Make the connection to the ssl tunnel
      tcpConnection.openPrim(classSecurityToken, "//" + httpsTunnel);

      // Do not delay request since this delays the response.
      tcpConnection.setSocketOption(SocketConnection.DELAY, 0);

      tcpOutputStream = tcpConnection.openOutputStream();
      tcpInputStream = tcpConnection.openInputStream();

      // Do the handshake with the ssl tunnel
      try {
        doTunnelHandshake(tcpOutputStream, tcpInputStream);
      } catch (IOException ioe) {
        String temp = ioe.getMessage();

        tcpConnection.close();
        tcpOutputStream.close();
        tcpInputStream.close();

        if (temp.indexOf(" 500 ") > -1) {
          throw new ConnectionNotFoundException(temp);
        }

        throw ioe;
      }
    } else {
      tcpConnection.openPrim(classSecurityToken, "//" + hostAndPort);

      // Do not delay request since this delays the response.
      tcpConnection.setSocketOption(SocketConnection.DELAY, 0);

      tcpOutputStream = tcpConnection.openOutputStream();
      tcpInputStream = tcpConnection.openInputStream();
    }

    tcpConnection.close();

    try {
      // Get the SSLStreamConnection
      sslConnection = new SSLStreamConnection(url.host, url.port, tcpInputStream, tcpOutputStream);
    } catch (Exception e) {
      try {
        tcpInputStream.close();
      } finally {
        try {
          tcpOutputStream.close();
        } finally {
          if (e instanceof IOException) {
            throw (IOException) e;
          } else {
            throw (RuntimeException) e;
          }
        }
      }
    }

    try {
      serverCert = sslConnection.getServerCertificate();

      /*
       * if the subject alternate name is a DNS name,
       * then use that instead of the common name for a
       * site name match
       */
      if (serverCert.getSubjectAltNameType() == X509Certificate.TYPE_DNS_NAME) {
        if (!checkSiteName(url.host, (String) serverCert.getSubjectAltName())) {
          throw new CertificateException(
              "Subject alternative name did not match site name",
              serverCert,
              CertificateException.SITENAME_MISMATCH);
        }
      } else {
        String cname = getCommonName(serverCert.getSubject());
        if (cname == null) {
          throw new CertificateException(
              "Common name missing from subject name",
              serverCert,
              CertificateException.SITENAME_MISMATCH);
        }

        if (!checkSiteName(url.host, cname)) {
          throw new CertificateException(serverCert, CertificateException.SITENAME_MISMATCH);
        }
      }

      return sslConnection;
    } catch (Exception e) {
      try {
        sslConnection.close();
      } finally {
        if (e instanceof IOException) {
          throw (IOException) e;
        } else {
          throw (RuntimeException) e;
        }
      }
    }
  }