예제 #1
0
 @Override
 public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
     throws IOException, UnknownHostException {
   SSLSocket sslSocket = (SSLSocket) socketFactory.createSocket(socket, host, port, autoClose);
   hostnameVerifier.verify(host, sslSocket);
   return sslSocket;
 }
예제 #2
0
  @Override
  public Socket connectSocket(
      Socket sock,
      String host,
      int port,
      InetAddress localAddress,
      int localPort,
      HttpParams params)
      throws IOException, UnknownHostException, ConnectTimeoutException {
    if (host == null) {
      throw new IllegalArgumentException("Target host may not be null.");
    }
    if (params == null) {
      throw new IllegalArgumentException("Parameters may not be null.");
    }

    if (App.DEBUG)
      Log.e(
          TAG + "delete",
          "ConnectSocket with "
              + "\n\t host="
              + host
              + "\n\t port="
              + port
              + "\n\t localport="
              + localPort);

    SSLSocket sslsock = (SSLSocket) ((sock != null) ? sock : createSocket());

    if ((localAddress != null) || (localPort > 0)) {
      if (localPort < 0) localPort = 0;

      InetSocketAddress isa = new InetSocketAddress(localAddress, localPort);
      sslsock.bind(isa);
    }

    int connTimeout = HttpConnectionParams.getConnectionTimeout(params);
    int soTimeout = HttpConnectionParams.getSoTimeout(params);

    InetSocketAddress remoteAddress = new InetSocketAddress(host, port);

    sslsock.connect(remoteAddress, connTimeout);

    sslsock.setSoTimeout(soTimeout);

    try {
      hostnameVerifier.verify(host, sslsock);
    } catch (IOException iox) {
      try {
        sslsock.close();
      } catch (Exception x) {
      }

      throw iox;
    }

    return sslsock;
  }
  // non-javadoc, see interface org.apache.http.conn.SocketFactory
  public Socket connectSocket(
      final Socket sock,
      final String host,
      final int port,
      final InetAddress localAddress,
      int localPort,
      final HttpParams params)
      throws IOException {

    if (host == null) {
      throw new IllegalArgumentException("Target host may not be null.");
    }
    if (params == null) {
      throw new IllegalArgumentException("Parameters may not be null.");
    }

    SSLSocket sslsock = (SSLSocket) ((sock != null) ? sock : createSocket());

    if ((localAddress != null) || (localPort > 0)) {

      // we need to bind explicitly
      if (localPort < 0) localPort = 0; // indicates "any"

      InetSocketAddress isa = new InetSocketAddress(localAddress, localPort);
      sslsock.bind(isa);
    }

    int connTimeout = HttpConnectionParams.getConnectionTimeout(params);
    int soTimeout = HttpConnectionParams.getSoTimeout(params);

    InetSocketAddress remoteAddress;
    if (this.nameResolver != null) {
      remoteAddress = new InetSocketAddress(this.nameResolver.resolve(host), port);
    } else {
      remoteAddress = new InetSocketAddress(host, port);
    }
    try {
      sslsock.connect(remoteAddress, connTimeout);
    } catch (SocketTimeoutException ex) {
      throw new ConnectTimeoutException("Connect to " + remoteAddress + " timed out");
    }
    sslsock.setSoTimeout(soTimeout);
    try {
      hostnameVerifier.verify(host, sslsock);
      // verifyHostName() didn't blowup - good!
    } catch (IOException iox) {
      // close the socket before re-throwing the exception
      try {
        sslsock.close();
      } catch (Exception x) {
        /*ignore*/
      }
      throw iox;
    }

    return sslsock;
  }
 // non-javadoc, see interface LayeredSocketFactory
 public Socket createSocket(
     final Socket socket, final String host, final int port, final boolean autoClose)
     throws IOException, UnknownHostException {
   SSLSocket sslSocket;
   Metrics.getInstance().startStep(Metrics.STEP_3);
   try {
     sslSocket = (SSLSocket) this.socketfactory.createSocket(socket, host, port, autoClose);
   } finally {
     Metrics.getInstance().finishStep(Metrics.STEP_3);
   }
   hostnameVerifier.verify(host, sslSocket);
   // verifyHostName() didn't blowup - good!
   return sslSocket;
 }
  /**
   * Verifies the identity of the server.
   *
   * <p>The server certificate is verified first.
   *
   * <p>Then, the host name is compared with the content of the server certificate using the current
   * host name verifier, if any.
   *
   * @param socket
   */
  private void verifyPeerIdentity(String host, int port, Socket socket) throws IOException {
    try {
      CertificateCombinedException failInHandshake = null;
      /// 1. VERIFY THE SERVER CERTIFICATE through the registered TrustManager (that should be an
      // instance of AdvancedX509TrustManager)
      try {
        SSLSocket sock =
            (SSLSocket) socket; // a new SSLSession instance is created as a "side effect"
        sock.startHandshake();

      } catch (RuntimeException e) {

        if (e instanceof CertificateCombinedException) {
          failInHandshake = (CertificateCombinedException) e;
        } else {
          Throwable cause = e.getCause();
          Throwable previousCause = null;
          while (cause != null
              && cause != previousCause
              && !(cause instanceof CertificateCombinedException)) {
            previousCause = cause;
            cause = cause.getCause();
          }
          if (cause != null && cause instanceof CertificateCombinedException) {
            failInHandshake = (CertificateCombinedException) cause;
          }
        }
        if (failInHandshake == null) {
          throw e;
        }
        failInHandshake.setHostInUrl(host);
      }

      /// 2. VERIFY HOSTNAME
      SSLSession newSession = null;
      boolean verifiedHostname = true;
      if (mHostnameVerifier != null) {
        if (failInHandshake != null) {
          /// 2.1 : a new SSLSession instance was NOT created in the handshake
          X509Certificate serverCert = failInHandshake.getServerCertificate();
          try {
            mHostnameVerifier.verify(host, serverCert);
          } catch (SSLException e) {
            verifiedHostname = false;
          }

        } else {
          /// 2.2 : a new SSLSession instance was created in the handshake
          newSession = ((SSLSocket) socket).getSession();
          if (!mTrustManager.isKnownServer(
              (X509Certificate) (newSession.getPeerCertificates()[0]))) {
            verifiedHostname = mHostnameVerifier.verify(host, newSession);
          }
        }
      }

      /// 3. Combine the exceptions to throw, if any
      if (!verifiedHostname) {
        SSLPeerUnverifiedException pue =
            new SSLPeerUnverifiedException(
                "Names in the server certificate do not match to " + host + " in the URL");
        if (failInHandshake == null) {
          failInHandshake =
              new CertificateCombinedException(
                  (X509Certificate) newSession.getPeerCertificates()[0]);
          failInHandshake.setHostInUrl(host);
        }
        failInHandshake.setSslPeerUnverifiedException(pue);
        pue.initCause(failInHandshake);
        throw pue;

      } else if (failInHandshake != null) {
        SSLHandshakeException hse =
            new SSLHandshakeException("Server certificate could not be verified");
        hse.initCause(failInHandshake);
        throw hse;
      }

    } catch (IOException io) {
      try {
        socket.close();
      } catch (Exception x) {
        // NOTHING - irrelevant exception for the caller
      }
      throw io;
    }
  }