Exemplo n.º 1
0
 private static void printConnectionInfo(SSLSocket s) {
   SSLSession currentSession = s.getSession();
   System.out.println("Protocol: " + currentSession.getProtocol());
   System.out.println("Cipher Suite: " + currentSession.getCipherSuite());
   System.out.println("Host: " + currentSession.getPeerHost());
   System.out.println("Host Port: " + currentSession.getPeerPort());
 }
  public boolean verify(String hostName, SSLSession session) {
    System.out.println("Server: " + hostName + ":" + session.getPeerPort());
    try {
      X509Certificate[] chain = session.getPeerCertificateChain();
      for (X509Certificate cert : chain) {

        System.out.println("DN: " + cert.getSubjectDN());
      }
    } catch (SSLPeerUnverifiedException e) {
      e.printStackTrace();
    }
    System.out.println("-----");
    return true;
  }
  /**
   * Invalidates all SSL/TLS sessions in {@code sessionContext} associated with {@code
   * remoteAddress}.
   *
   * @param sessionContext collection of SSL/TLS sessions to be (potentially) invalidated
   * @param remoteAddress associated with sessions to invalidate
   */
  private void clearSessionCache(
      final SSLSessionContext sessionContext, final InetSocketAddress remoteAddress) {
    final String hostName = remoteAddress.getHostName();
    final int port = remoteAddress.getPort();
    final Enumeration<byte[]> ids = sessionContext.getIds();

    if (ids == null) {
      return;
    }

    while (ids.hasMoreElements()) {
      final byte[] id = ids.nextElement();
      final SSLSession session = sessionContext.getSession(id);
      if (session != null
          && session.getPeerHost() != null
          && session.getPeerHost().equalsIgnoreCase(hostName)
          && session.getPeerPort() == port) {
        session.invalidate();
        if (LOG.isDebugEnabled()) {
          LOG.debug("Invalidated session " + session);
        }
      }
    }
  }
 public synchronized void checkClientTrusted(
     X509Certificate[] paramArrayOfX509Certificate, String paramString, Socket paramSocket)
     throws CertificateException {
   SSLSocket localSSLSocket = (SSLSocket) paramSocket;
   SSLSession localSSLSession = localSSLSocket.getHandshakeSession();
   String str1 = localSSLSocket.getSSLParameters().getEndpointIdentificationAlgorithm();
   String str2 = localSSLSession.getPeerHost();
   if ((str1 != null) && (!isSupportedAlgorithm(str1))) return;
   boolean bool = false;
   int i = 0;
   if (this.trustManager == null)
     throw new IllegalStateException("TrustManager should not be null");
   int j = -1;
   try {
     rootStore.load();
     sslRootStore.load();
     permanentStore.load();
     sessionStore.load();
     deniedStore.load();
     if ((browserSSLRootStore != null) && (!isBrowserSSLRootStoreLoaded)) {
       browserSSLRootStore.load();
       isBrowserSSLRootStoreLoaded = true;
     }
     if (deniedStore.contains(paramArrayOfX509Certificate[0]))
       throw new CertificateException("Certificate has been denied");
     if (!alwaysShow)
       try {
         this.trustManager.checkClientTrusted(
             paramArrayOfX509Certificate, paramString, localSSLSocket);
         return;
       } catch (CertificateException localCertificateException1) {
       }
     if (sessionStore.contains(paramArrayOfX509Certificate[0])) return;
     if (permanentStore.contains(paramArrayOfX509Certificate[0])) return;
     if ((paramArrayOfX509Certificate != null) && (paramArrayOfX509Certificate.length > 0)) {
       k = paramArrayOfX509Certificate.length - 1;
       if ((!rootStore.verify(paramArrayOfX509Certificate[k]))
           && (!sslRootStore.verify(paramArrayOfX509Certificate[k]))
           && ((browserSSLRootStore == null)
               || (!browserSSLRootStore.verify(paramArrayOfX509Certificate[k])))) bool = true;
     }
     for (int k = 0; k < paramArrayOfX509Certificate.length; k++)
       try {
         paramArrayOfX509Certificate[k].checkValidity();
       } catch (CertificateExpiredException localCertificateExpiredException) {
         i = -1;
       } catch (CertificateNotYetValidException localCertificateNotYetValidException) {
         i = 1;
       }
     if (!Trace.isAutomationEnabled()) {
       k =
           (alwaysShow)
                   || (bool)
                   || (i != 0)
                   || ((mismatchShow)
                       && (!CertUtils.checkWildcardDomainList(
                           str2, CertUtils.getServername(paramArrayOfX509Certificate[0]))))
               ? 1
               : 0;
       if (k != 0) {
         Trace.msgSecurityPrintln("x509trustmgr.check.invalidcert");
         URL localURL = null;
         try {
           localURL =
               new URL("https", localSSLSession.getPeerHost(), localSSLSession.getPeerPort(), "");
         } catch (Exception localException) {
         }
         j =
             TrustDeciderDialog.showDialog(
                 paramArrayOfX509Certificate,
                 localURL,
                 0,
                 paramArrayOfX509Certificate.length,
                 bool,
                 i,
                 null,
                 new AppInfo(),
                 true,
                 str2);
       } else {
         j = 0;
       }
     } else {
       Trace.msgSecurityPrintln("x509trustmgr.automation.ignoreclientcert");
       j = 0;
     }
     if (j == 0) {
       sessionStore.add(paramArrayOfX509Certificate[0]);
       sessionStore.save();
     } else if (j == 2) {
       CertStore localCertStore = DeploySSLCertStore.getUserCertStore();
       localCertStore.load(true);
       if (localCertStore.add(paramArrayOfX509Certificate[0])) localCertStore.save();
     } else {
       deniedStore.add(paramArrayOfX509Certificate[0]);
       deniedStore.save();
     }
   } catch (CertificateException localCertificateException2) {
     throw localCertificateException2;
   } catch (Throwable localThrowable) {
     localThrowable.printStackTrace();
   }
   if ((j != 0) && (j != 2)) throw new CertificateException("Java couldn't trust Client");
 }
Exemplo n.º 5
0
 /** javax.net.ssl.SSLSession#getPeerHost() javax.net.ssl.SSLSession#getPeerPort() */
 public void test_getPeerHost() throws Exception {
   SSLSession s = clientSession;
   assertEquals(InetAddress.getLocalHost().getHostName(), s.getPeerHost());
   assertEquals(port, s.getPeerPort());
 }