public SunSSLTransportFactory(Properties properties) throws GeneralSecurityException { X509TrustManager trustManager; HostnameVerifier hostnameVerifier; SSLContext sslContext; Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); url = (URL) properties.get(XmlRpcTransportFactory.TRANSPORT_URL); auth = properties.getProperty(XmlRpcTransportFactory.TRANSPORT_AUTH); trustManager = (X509TrustManager) properties.get(TRANSPORT_TRUSTMANAGER); if (trustManager == null) { trustManager = openTrustManager; } hostnameVerifier = (HostnameVerifier) properties.get(TRANSPORT_HOSTNAMEVERIFIER); if (hostnameVerifier == null) { hostnameVerifier = openHostnameVerifier; } sslContext = SSLContext.getInstance(SecurityTool.getSecurityProtocol()); X509TrustManager[] tmArray = new X509TrustManager[] {trustManager}; sslContext.init(null, tmArray, new SecureRandom()); // Set the default SocketFactory and HostnameVerifier // for javax.net.ssl.HttpsURLConnection if (sslContext != null) { HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); } HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier); }
/* * Define the client side of the test. * * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ void doClientSide() throws Exception { /* * Wait for server to get started. */ while (!serverReady) { Thread.sleep(50); } /* * See if an unknown keystore actually gets checked ok. */ System.out.println("=============="); System.out.println("Starting test0"); KeyStore uks = KeyStore.getInstance("JKS"); SSLContext ctx = SSLContext.getInstance("TLS"); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); uks.load(new FileInputStream(unknownFilename), cpasswd); kmf.init(uks, cpasswd); TrustManager[] tms = new TrustManager[] {new MyJavaxX509TrustManager()}; ctx.init(kmf.getKeyManagers(), tms, null); SSLSocketFactory sslsf = (SSLSocketFactory) ctx.getSocketFactory(); System.out.println("Trying first socket " + serverPort); SSLSocket sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort); doTest(sslSocket); /* * Now try the other way. */ com.sun.net.ssl.SSLContext ctx1 = com.sun.net.ssl.SSLContext.getInstance("TLS"); com.sun.net.ssl.KeyManagerFactory kmf1 = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509"); kmf1.init(uks, cpasswd); com.sun.net.ssl.TrustManager[] tms1 = new com.sun.net.ssl.TrustManager[] {new MyComX509TrustManager()}; ctx1.init(kmf1.getKeyManagers(), tms1, null); sslsf = (SSLSocketFactory) ctx1.getSocketFactory(); System.out.println("Trying second socket " + serverPort1); sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort1); doTest(sslSocket); System.out.println("Completed test1"); }
public static javax.net.SocketFactory getSSLFactory( java.lang.String s, java.lang.String s1, java.lang.StringBuffer stringbuffer) { javax.net.ssl.SSLSocketFactory sslsocketfactory = null; try { if (!(new File(s)).exists()) { throw new Exception("certificate not found"); } java.security.KeyStore keystore; if (s.endsWith(".pfx")) { keystore = java.security.KeyStore.getInstance("PKCS12"); } else { keystore = java.security.KeyStore.getInstance("JKS"); } java.io.FileInputStream fileinputstream = new FileInputStream(s); char ac[] = s1.toCharArray(); char ac1[] = s1.toCharArray(); keystore.load(fileinputstream, ac); java.util.Enumeration enumeration = keystore.aliases(); while (enumeration.hasMoreElements()) { java.lang.String s2 = (java.lang.String) enumeration.nextElement(); certificateDescription = certificateDescription + " (" + s2; java.security.cert.Certificate acertificate[] = keystore.getCertificateChain(s2); if (acertificate != null) { int i = 0; while (i < acertificate.length) { java.security.cert.X509Certificate x509certificate = (java.security.cert.X509Certificate) acertificate[i]; certificateDescription = certificateDescription + " (cert " + x509certificate.getSubjectDN() + ", " + x509certificate.getSigAlgName() + ")"; i++; } } } stringbuffer.append("certs: " + certificateDescription + "\n"); com.sun.net.ssl.KeyManagerFactory keymanagerfactory = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509"); keymanagerfactory.init(keystore, ac1); com.sun.net.ssl.KeyManager akeymanager[] = keymanagerfactory.getKeyManagers(); com.sun.net.ssl.SSLContext sslcontext = com.sun.net.ssl.SSLContext.getInstance("SSL"); sslcontext.init(akeymanager, null, randomGenerator); sslsocketfactory = sslcontext.getSocketFactory(); } catch (java.lang.Throwable throwable) { throwable.printStackTrace(); stringbuffer.append("error: " + throwable.toString()); } return sslsocketfactory; }
/** * Set the default X509 Trust Manager to an instance of a fake class that trust all certificates, * even the self-signed ones. This method uses the old deprecated API from the <code>com.sun.ssl * </code> package. * * @deprecated see {@link #_trustAllHttpsCertificates()}. */ private static void __trustAllHttpsCertificates() { com.sun.net.ssl.SSLContext context; // Create a trust manager that does not validate certificate chains if (__trustManagers == null) { __trustManagers = new com.sun.net.ssl.TrustManager[] {new _FakeX509TrustManager()}; } // if // Install the all-trusting trust manager try { context = com.sun.net.ssl.SSLContext.getInstance("SSL"); context.init(null, __trustManagers, new SecureRandom()); } catch (GeneralSecurityException gse) { throw new IllegalStateException(gse.getMessage()); } // catch com.sun.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory()); } // __trustAllHttpsCertificates
public ZMSSLSocketFactory() { System.out.println("ZMSSLSocketFactory instantiated"); try { SSLContext sslcontext = SSLContext.getInstance("SSL"); sslcontext.init( null, // No KeyManager required new TrustManager[] {new ZMTrustManager()}, new java.security.SecureRandom()); factory = (SSLSocketFactory) sslcontext.getSocketFactory(); } catch (Exception ex) { ex.printStackTrace(); } javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier( new javax.net.ssl.HostnameVerifier() { public boolean verify(String urlHostname, String certHostname) { return true; } public boolean verify(String urlHostname, javax.net.ssl.SSLSession session) { return true; } }); }
public static java.lang.String initialize( java.lang.String s, java.lang.String s1, java.lang.String s2) { java.lang.String s3 = ""; try { java.lang.System.setProperty( "java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); java.security.Security.addProvider(new Provider()); com.sun.net.ssl.SSLContext sslcontext = com.sun.net.ssl.SSLContext.getInstance("SSL"); randomGenerator = new SecureRandom(); byte abyte0[] = new byte[20]; for (int i = 0; i < 20; i++) { abyte0[i] = (byte) (int) (java.lang.Math.random() * 256D - 128D); } randomGenerator.setSeed(abyte0); if ((new File(s + ".pfx")).exists()) { s = s + ".pfx"; } com.sun.net.ssl.KeyManager akeymanager[] = null; try { if ((new File(s)).exists()) { java.security.KeyStore keystore; if (s.endsWith(".pfx")) { keystore = java.security.KeyStore.getInstance("PKCS12"); } else { keystore = java.security.KeyStore.getInstance("JKS"); } com.sun.net.ssl.KeyManagerFactory keymanagerfactory = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509"); java.io.FileInputStream fileinputstream = new FileInputStream(s); char ac[] = s1.toCharArray(); char ac1[] = s2.toCharArray(); keystore.load(fileinputstream, ac); java.util.Enumeration enumeration = keystore.aliases(); while (enumeration.hasMoreElements()) { java.lang.String s4 = (java.lang.String) enumeration.nextElement(); certificateDescription = certificateDescription + " (" + s4; java.security.cert.Certificate acertificate[] = keystore.getCertificateChain(s4); if (acertificate != null) { int j = 0; while (j < acertificate.length) { java.security.cert.X509Certificate x509certificate = (java.security.cert.X509Certificate) acertificate[j]; certificateDescription = certificateDescription + " (cert " + x509certificate.getSubjectDN() + ", " + x509certificate.getSigAlgName() + ")"; j++; } } } s3 = s3 + "certs: " + certificateDescription + "\n"; keymanagerfactory.init(keystore, ac1); akeymanager = keymanagerfactory.getKeyManagers(); } } catch (java.lang.Exception exception) { exception.printStackTrace(); s3 = s3 + exception.toString(); } sslcontext.init(akeymanager, null, randomGenerator); if (akeymanager != null) { sslServerSocketFactory = sslcontext.getServerSocketFactory(); } sslSocketFactory = sslcontext.getSocketFactory(); } catch (java.lang.Throwable throwable) { throwable.printStackTrace(); s3 = s3 + throwable.toString(); } return s3; }