Example 56 with HostnameVerifier
use of javax.net.ssl.HostnameVerifier in project jersey by jersey.
the class SslFilterTest method testCustomHostameVerificationPass.
@Test
public void testCustomHostameVerificationPass() throws Throwable {
CountDownLatch latch = new CountDownLatch(1);
SslEchoServer server = new SslEchoServer();
try {
server.start();
HostnameVerifier verifier = new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
};
openClientSocket("127.0.0.1", ByteBuffer.allocate(0), latch, verifier);
} finally {
server.stop();
}
}
Also used :
SSLSession(javax.net.ssl.SSLSession)
CountDownLatch(java.util.concurrent.CountDownLatch)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
Test(org.junit.Test)
Example 57 with HostnameVerifier
use of javax.net.ssl.HostnameVerifier in project apjp by jvansteirteghem.
the class HTTPRequest method open.
public void open() throws HTTPRequestException {
try {
url = new URL(APJP.APJP_REMOTE_HTTP_SERVER_REQUEST_URL[i]);
Proxy proxy = Proxy.NO_PROXY;
if (url.getProtocol().equalsIgnoreCase("HTTP") == true) {
if (APJP.APJP_HTTP_PROXY_SERVER_ADDRESS.equalsIgnoreCase("") == false) {
proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(APJP.APJP_HTTP_PROXY_SERVER_ADDRESS, APJP.APJP_HTTP_PROXY_SERVER_PORT));
}
} else {
if (url.getProtocol().equalsIgnoreCase("HTTPS") == true) {
if (APJP.APJP_HTTPS_PROXY_SERVER_ADDRESS.equalsIgnoreCase("") == false) {
proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(APJP.APJP_HTTPS_PROXY_SERVER_ADDRESS, APJP.APJP_HTTPS_PROXY_SERVER_PORT));
}
}
}
urlConnection = url.openConnection(proxy);
if (urlConnection instanceof HttpsURLConnection) {
((HttpsURLConnection) urlConnection).setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession sslSession) {
String value1 = APJP.APJP_REMOTE_HTTP_SERVER_REQUEST_URL[i];
String[] values1 = value1.split("/", -1);
String value2 = values1[2];
String[] values2 = value2.split(":");
String value3 = values2[0];
if (value3.equalsIgnoreCase(hostname)) {
return true;
} else {
return false;
}
}
});
}
if (url.getProtocol().equalsIgnoreCase("HTTP") == true) {
if (APJP.APJP_HTTP_PROXY_SERVER_ADDRESS.equalsIgnoreCase("") == false && APJP.APJP_HTTP_PROXY_SERVER_USERNAME.equalsIgnoreCase("") == false) {
urlConnection.setRequestProperty("Proxy-Authorization", "Basic " + new String(BASE64.encode((APJP.APJP_HTTP_PROXY_SERVER_USERNAME + ":" + APJP.APJP_HTTP_PROXY_SERVER_PASSWORD).getBytes())));
}
} else {
if (url.getProtocol().equalsIgnoreCase("HTTPS") == true) {
if (APJP.APJP_HTTPS_PROXY_SERVER_ADDRESS.equalsIgnoreCase("") == false && APJP.APJP_HTTPS_PROXY_SERVER_USERNAME.equalsIgnoreCase("") == false) {
urlConnection.setRequestProperty("Proxy-Authorization", "Basic " + new String(BASE64.encode((APJP.APJP_HTTPS_PROXY_SERVER_USERNAME + ":" + APJP.APJP_HTTPS_PROXY_SERVER_PASSWORD).getBytes())));
}
}
}
for (int j = 0; j < APJP.APJP_REMOTE_HTTP_SERVER_REQUEST_PROPERTY_KEY[i].length; j = j + 1) {
if (APJP.APJP_REMOTE_HTTP_SERVER_REQUEST_PROPERTY_KEY[i][j].equalsIgnoreCase("") == false) {
urlConnection.setRequestProperty(APJP.APJP_REMOTE_HTTP_SERVER_REQUEST_PROPERTY_KEY[i][j], APJP.APJP_REMOTE_HTTP_SERVER_REQUEST_PROPERTY_VALUE[i][j]);
}
}
urlConnection.setDoOutput(true);
urlConnection.setDoInput(true);
urlConnection.connect();
} catch (Exception e) {
throw new HTTPRequestException("HTTP_REQUEST/OPEN", e);
}
}
Also used :
Proxy(java.net.Proxy)
InetSocketAddress(java.net.InetSocketAddress)
SSLSession(javax.net.ssl.SSLSession)
URL(java.net.URL)
HttpsURLConnection(javax.net.ssl.HttpsURLConnection)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
Example 58 with HostnameVerifier
use of javax.net.ssl.HostnameVerifier in project KJFrameForAndroid by kymjs.
the class HTTPSTrustManager method allowAllSSL.
public static void allowAllSSL() {
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
});
SSLContext context = null;
if (trustManagers == null) {
trustManagers = new TrustManager[] { new HTTPSTrustManager() };
}
try {
context = SSLContext.getInstance("TLS");
context.init(null, trustManagers, new SecureRandom());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
}
Also used :
SSLSession(javax.net.ssl.SSLSession)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyManagementException(java.security.KeyManagementException)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
Example 59 with HostnameVerifier
use of javax.net.ssl.HostnameVerifier in project openhab1-addons by openhab.
the class IhcConnectionPool method init.
private void init() {
// Create a local instance of cookie store
cookieStore = new BasicCookieStore();
// Create local HTTP context
localContext = HttpClientContext.create();
// Bind custom cookie store to the local context
localContext.setCookieStore(cookieStore);
httpClientBuilder = HttpClientBuilder.create();
// Setup a Trust Strategy that allows all certificates.
logger.debug("Initialize SSL context");
// Create a trust manager that does not validate certificate chains,
// but accept all.
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
logger.trace("Trusting server cert: " + certs[0].getIssuerDN());
}
} };
try {
// Controller supports only SSLv3 and TLSv1
sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
} catch (NoSuchAlgorithmException e) {
logger.warn("Exception", e);
} catch (KeyManagementException e) {
logger.warn("Exception", e);
}
httpClientBuilder.setSslcontext(sslContext);
// Controller accepts only HTTPS connections and because normally IP
// address are used on home network rather than DNS names, create custom
// host name verifier.
HostnameVerifier hostnameVerifier = new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
logger.trace("HostnameVerifier: arg0 = " + arg0);
logger.trace("HostnameVerifier: arg1 = " + arg1);
return true;
}
};
// Create an SSL Socket Factory, to use our weakened "trust strategy"
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1" }, null, hostnameVerifier);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", sslSocketFactory).build();
// Create connection-manager using our Registry. Allows multi-threaded
// use
PoolingHttpClientConnectionManager connMngr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
// Increase max connection counts
connMngr.setMaxTotal(20);
connMngr.setDefaultMaxPerRoute(6);
httpClientBuilder.setConnectionManager(connMngr);
}
Also used :
SSLSession(javax.net.ssl.SSLSession)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
KeyManagementException(java.security.KeyManagementException)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager)
BasicCookieStore(org.apache.http.impl.client.BasicCookieStore)
ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
X509TrustManager(javax.net.ssl.X509TrustManager)
Example 60 with HostnameVerifier
use of javax.net.ssl.HostnameVerifier in project hadoop by apache.
the class LdapAuthenticationHandler method authenticateWithTlsExtension.
private void authenticateWithTlsExtension(String userDN, String password) throws AuthenticationException {
LdapContext ctx = null;
Hashtable<String, Object> env = new Hashtable<String, Object>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, providerUrl);
try {
// Create initial context
ctx = new InitialLdapContext(env, null);
// Establish TLS session
StartTlsResponse tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
if (disableHostNameVerification) {
tls.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
}
tls.negotiate();
// Initialize security credentials & perform read operation for
// verification.
ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, SECURITY_AUTHENTICATION);
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
ctx.lookup(userDN);
logger.debug("Authentication successful for {}", userDN);
} catch (NamingException | IOException ex) {
throw new AuthenticationException("Error validating LDAP user", ex);
} finally {
if (ctx != null) {
try {
ctx.close();
} catch (NamingException e) {
/* Ignore. */
}
}
}
}
Also used :
AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException)
Hashtable(java.util.Hashtable)
SSLSession(javax.net.ssl.SSLSession)
IOException(java.io.IOException)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
StartTlsResponse(javax.naming.ldap.StartTlsResponse)
InitialLdapContext(javax.naming.ldap.InitialLdapContext)
NamingException(javax.naming.NamingException)
StartTlsRequest(javax.naming.ldap.StartTlsRequest)
InitialLdapContext(javax.naming.ldap.InitialLdapContext)
LdapContext(javax.naming.ldap.LdapContext)
Aggregations
HostnameVerifier (javax.net.ssl.HostnameVerifier)94
SSLSession (javax.net.ssl.SSLSession)41
SSLContext (javax.net.ssl.SSLContext)30
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)27
HttpsURLConnection (javax.net.ssl.HttpsURLConnection)24
TrustManager (javax.net.ssl.TrustManager)19
IOException (java.io.IOException)18
URL (java.net.URL)18
X509Certificate (java.security.cert.X509Certificate)17
X509TrustManager (javax.net.ssl.X509TrustManager)17
Test (org.junit.Test)16
HttpURLConnection (java.net.HttpURLConnection)14
SecureRandom (java.security.SecureRandom)14
InputStream (java.io.InputStream)12
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)10
CertificateException (java.security.cert.CertificateException)10
SSLConnectionSocketFactory (org.apache.http.conn.ssl.SSLConnectionSocketFactory)10
KeyManagementException (java.security.KeyManagementException)9
ConnectionSocketFactory (org.apache.http.conn.socket.ConnectionSocketFactory)9
ByteArrayInputStream (java.io.ByteArrayInputStream)8
