Search in sources :

Example 56 with HostnameVerifier

use of javax.net.ssl.HostnameVerifier in project jersey by jersey.

the class SslFilterTest method testCustomHostameVerificationPass.

@Test
public void testCustomHostameVerificationPass() throws Throwable {
    CountDownLatch latch = new CountDownLatch(1);
    SslEchoServer server = new SslEchoServer();
    try {
        server.start();
        HostnameVerifier verifier = new HostnameVerifier() {

            @Override
            public boolean verify(String s, SSLSession sslSession) {
                return true;
            }
        };
        openClientSocket("127.0.0.1", ByteBuffer.allocate(0), latch, verifier);
    } finally {
        server.stop();
    }
}
Also used : SSLSession(javax.net.ssl.SSLSession) CountDownLatch(java.util.concurrent.CountDownLatch) HostnameVerifier(javax.net.ssl.HostnameVerifier) Test(org.junit.Test)

Example 57 with HostnameVerifier

use of javax.net.ssl.HostnameVerifier in project apjp by jvansteirteghem.

the class HTTPRequest method open.

public void open() throws HTTPRequestException {
    try {
        url = new URL(APJP.APJP_REMOTE_HTTP_SERVER_REQUEST_URL[i]);
        Proxy proxy = Proxy.NO_PROXY;
        if (url.getProtocol().equalsIgnoreCase("HTTP") == true) {
            if (APJP.APJP_HTTP_PROXY_SERVER_ADDRESS.equalsIgnoreCase("") == false) {
                proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(APJP.APJP_HTTP_PROXY_SERVER_ADDRESS, APJP.APJP_HTTP_PROXY_SERVER_PORT));
            }
        } else {
            if (url.getProtocol().equalsIgnoreCase("HTTPS") == true) {
                if (APJP.APJP_HTTPS_PROXY_SERVER_ADDRESS.equalsIgnoreCase("") == false) {
                    proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(APJP.APJP_HTTPS_PROXY_SERVER_ADDRESS, APJP.APJP_HTTPS_PROXY_SERVER_PORT));
                }
            }
        }
        urlConnection = url.openConnection(proxy);
        if (urlConnection instanceof HttpsURLConnection) {
            ((HttpsURLConnection) urlConnection).setHostnameVerifier(new HostnameVerifier() {

                public boolean verify(String hostname, SSLSession sslSession) {
                    String value1 = APJP.APJP_REMOTE_HTTP_SERVER_REQUEST_URL[i];
                    String[] values1 = value1.split("/", -1);
                    String value2 = values1[2];
                    String[] values2 = value2.split(":");
                    String value3 = values2[0];
                    if (value3.equalsIgnoreCase(hostname)) {
                        return true;
                    } else {
                        return false;
                    }
                }
            });
        }
        if (url.getProtocol().equalsIgnoreCase("HTTP") == true) {
            if (APJP.APJP_HTTP_PROXY_SERVER_ADDRESS.equalsIgnoreCase("") == false && APJP.APJP_HTTP_PROXY_SERVER_USERNAME.equalsIgnoreCase("") == false) {
                urlConnection.setRequestProperty("Proxy-Authorization", "Basic " + new String(BASE64.encode((APJP.APJP_HTTP_PROXY_SERVER_USERNAME + ":" + APJP.APJP_HTTP_PROXY_SERVER_PASSWORD).getBytes())));
            }
        } else {
            if (url.getProtocol().equalsIgnoreCase("HTTPS") == true) {
                if (APJP.APJP_HTTPS_PROXY_SERVER_ADDRESS.equalsIgnoreCase("") == false && APJP.APJP_HTTPS_PROXY_SERVER_USERNAME.equalsIgnoreCase("") == false) {
                    urlConnection.setRequestProperty("Proxy-Authorization", "Basic " + new String(BASE64.encode((APJP.APJP_HTTPS_PROXY_SERVER_USERNAME + ":" + APJP.APJP_HTTPS_PROXY_SERVER_PASSWORD).getBytes())));
                }
            }
        }
        for (int j = 0; j < APJP.APJP_REMOTE_HTTP_SERVER_REQUEST_PROPERTY_KEY[i].length; j = j + 1) {
            if (APJP.APJP_REMOTE_HTTP_SERVER_REQUEST_PROPERTY_KEY[i][j].equalsIgnoreCase("") == false) {
                urlConnection.setRequestProperty(APJP.APJP_REMOTE_HTTP_SERVER_REQUEST_PROPERTY_KEY[i][j], APJP.APJP_REMOTE_HTTP_SERVER_REQUEST_PROPERTY_VALUE[i][j]);
            }
        }
        urlConnection.setDoOutput(true);
        urlConnection.setDoInput(true);
        urlConnection.connect();
    } catch (Exception e) {
        throw new HTTPRequestException("HTTP_REQUEST/OPEN", e);
    }
}
Also used : Proxy(java.net.Proxy) InetSocketAddress(java.net.InetSocketAddress) SSLSession(javax.net.ssl.SSLSession) URL(java.net.URL) HttpsURLConnection(javax.net.ssl.HttpsURLConnection) HostnameVerifier(javax.net.ssl.HostnameVerifier)

Example 58 with HostnameVerifier

use of javax.net.ssl.HostnameVerifier in project KJFrameForAndroid by kymjs.

the class HTTPSTrustManager method allowAllSSL.

public static void allowAllSSL() {
    HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {

        @Override
        public boolean verify(String arg0, SSLSession arg1) {
            return true;
        }
    });
    SSLContext context = null;
    if (trustManagers == null) {
        trustManagers = new TrustManager[] { new HTTPSTrustManager() };
    }
    try {
        context = SSLContext.getInstance("TLS");
        context.init(null, trustManagers, new SecureRandom());
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (KeyManagementException e) {
        e.printStackTrace();
    }
    HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
}
Also used : SSLSession(javax.net.ssl.SSLSession) SecureRandom(java.security.SecureRandom) SSLContext(javax.net.ssl.SSLContext) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyManagementException(java.security.KeyManagementException) HostnameVerifier(javax.net.ssl.HostnameVerifier)

Example 59 with HostnameVerifier

use of javax.net.ssl.HostnameVerifier in project openhab1-addons by openhab.

the class IhcConnectionPool method init.

private void init() {
    // Create a local instance of cookie store
    cookieStore = new BasicCookieStore();
    // Create local HTTP context
    localContext = HttpClientContext.create();
    // Bind custom cookie store to the local context
    localContext.setCookieStore(cookieStore);
    httpClientBuilder = HttpClientBuilder.create();
    // Setup a Trust Strategy that allows all certificates.
    logger.debug("Initialize SSL context");
    // Create a trust manager that does not validate certificate chains,
    // but accept all.
    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {

        @Override
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override
        public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
        }

        @Override
        public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
            logger.trace("Trusting server cert: " + certs[0].getIssuerDN());
        }
    } };
    try {
        // Controller supports only SSLv3 and TLSv1
        sslContext = SSLContext.getInstance("TLSv1");
        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
    } catch (NoSuchAlgorithmException e) {
        logger.warn("Exception", e);
    } catch (KeyManagementException e) {
        logger.warn("Exception", e);
    }
    httpClientBuilder.setSslcontext(sslContext);
    // Controller accepts only HTTPS connections and because normally IP
    // address are used on home network rather than DNS names, create custom
    // host name verifier.
    HostnameVerifier hostnameVerifier = new HostnameVerifier() {

        @Override
        public boolean verify(String arg0, SSLSession arg1) {
            logger.trace("HostnameVerifier: arg0 = " + arg0);
            logger.trace("HostnameVerifier: arg1 = " + arg1);
            return true;
        }
    };
    // Create an SSL Socket Factory, to use our weakened "trust strategy"
    SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1" }, null, hostnameVerifier);
    Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", sslSocketFactory).build();
    // Create connection-manager using our Registry. Allows multi-threaded
    // use
    PoolingHttpClientConnectionManager connMngr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
    // Increase max connection counts
    connMngr.setMaxTotal(20);
    connMngr.setDefaultMaxPerRoute(6);
    httpClientBuilder.setConnectionManager(connMngr);
}
Also used : SSLSession(javax.net.ssl.SSLSession) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) KeyManagementException(java.security.KeyManagementException) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) HostnameVerifier(javax.net.ssl.HostnameVerifier) PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager) BasicCookieStore(org.apache.http.impl.client.BasicCookieStore) ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 60 with HostnameVerifier

use of javax.net.ssl.HostnameVerifier in project hadoop by apache.

the class LdapAuthenticationHandler method authenticateWithTlsExtension.

private void authenticateWithTlsExtension(String userDN, String password) throws AuthenticationException {
    LdapContext ctx = null;
    Hashtable<String, Object> env = new Hashtable<String, Object>();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, providerUrl);
    try {
        // Create initial context
        ctx = new InitialLdapContext(env, null);
        // Establish TLS session
        StartTlsResponse tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
        if (disableHostNameVerification) {
            tls.setHostnameVerifier(new HostnameVerifier() {

                @Override
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            });
        }
        tls.negotiate();
        // Initialize security credentials & perform read operation for
        // verification.
        ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, SECURITY_AUTHENTICATION);
        ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
        ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
        ctx.lookup(userDN);
        logger.debug("Authentication successful for {}", userDN);
    } catch (NamingException | IOException ex) {
        throw new AuthenticationException("Error validating LDAP user", ex);
    } finally {
        if (ctx != null) {
            try {
                ctx.close();
            } catch (NamingException e) {
            /* Ignore. */
            }
        }
    }
}
Also used : AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) Hashtable(java.util.Hashtable) SSLSession(javax.net.ssl.SSLSession) IOException(java.io.IOException) HostnameVerifier(javax.net.ssl.HostnameVerifier) StartTlsResponse(javax.naming.ldap.StartTlsResponse) InitialLdapContext(javax.naming.ldap.InitialLdapContext) NamingException(javax.naming.NamingException) StartTlsRequest(javax.naming.ldap.StartTlsRequest) InitialLdapContext(javax.naming.ldap.InitialLdapContext) LdapContext(javax.naming.ldap.LdapContext)

Aggregations

HostnameVerifier (javax.net.ssl.HostnameVerifier)94 SSLSession (javax.net.ssl.SSLSession)41 SSLContext (javax.net.ssl.SSLContext)30 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)27 HttpsURLConnection (javax.net.ssl.HttpsURLConnection)24 TrustManager (javax.net.ssl.TrustManager)19 IOException (java.io.IOException)18 URL (java.net.URL)18 X509Certificate (java.security.cert.X509Certificate)17 X509TrustManager (javax.net.ssl.X509TrustManager)17 Test (org.junit.Test)16 HttpURLConnection (java.net.HttpURLConnection)14 SecureRandom (java.security.SecureRandom)14 InputStream (java.io.InputStream)12 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)10 CertificateException (java.security.cert.CertificateException)10 SSLConnectionSocketFactory (org.apache.http.conn.ssl.SSLConnectionSocketFactory)10 KeyManagementException (java.security.KeyManagementException)9 ConnectionSocketFactory (org.apache.http.conn.socket.ConnectionSocketFactory)9 ByteArrayInputStream (java.io.ByteArrayInputStream)8