Example 56 with SSLSession
use of javax.net.ssl.SSLSession in project maven-plugins by apache.
the class ProjectInfoReportUtils method getURLConnection.
/**
* @param url not null
* @param project not null
* @param settings not null
* @return the url connection with auth if required. Don't check the certificate if SSL scheme.
* @throws IOException if any
*/
private static URLConnection getURLConnection(URL url, MavenProject project, Settings settings) throws IOException {
URLConnection conn = url.openConnection();
conn.setConnectTimeout(TIMEOUT);
conn.setReadTimeout(TIMEOUT);
//@formatter:off
if (settings.getServers() != null && !settings.getServers().isEmpty() && project != null && project.getDistributionManagement() != null && (project.getDistributionManagement().getRepository() != null || project.getDistributionManagement().getSnapshotRepository() != null) && (StringUtils.isNotEmpty(project.getDistributionManagement().getRepository().getUrl()) || StringUtils.isNotEmpty(project.getDistributionManagement().getSnapshotRepository().getUrl()))) //@formatter:on
{
Server server = null;
if (url.toString().contains(project.getDistributionManagement().getRepository().getUrl())) {
server = settings.getServer(project.getDistributionManagement().getRepository().getId());
}
if (server == null && url.toString().contains(project.getDistributionManagement().getSnapshotRepository().getUrl())) {
server = settings.getServer(project.getDistributionManagement().getSnapshotRepository().getId());
}
if (server != null && StringUtils.isNotEmpty(server.getUsername()) && StringUtils.isNotEmpty(server.getPassword())) {
String up = server.getUsername().trim() + ":" + server.getPassword().trim();
String upEncoded = new String(Base64.encodeBase64Chunked(up.getBytes())).trim();
conn.setRequestProperty("Authorization", "Basic " + upEncoded);
}
}
if (conn instanceof HttpsURLConnection) {
HostnameVerifier hostnameverifier = new HostnameVerifier() {
/** {@inheritDoc} */
public boolean verify(String urlHostName, SSLSession session) {
return true;
}
};
((HttpsURLConnection) conn).setHostnameVerifier(hostnameverifier);
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
/** {@inheritDoc} */
public void checkClientTrusted(final X509Certificate[] chain, final String authType) {
}
/** {@inheritDoc} */
public void checkServerTrusted(final X509Certificate[] chain, final String authType) {
}
/** {@inheritDoc} */
public X509Certificate[] getAcceptedIssuers() {
return null;
}
} };
try {
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new SecureRandom());
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
((HttpsURLConnection) conn).setSSLSocketFactory(sslSocketFactory);
} catch (NoSuchAlgorithmException e1) {
// ignore
} catch (KeyManagementException e) {
// ignore
}
}
return conn;
}
Also used :
Server(org.apache.maven.settings.Server)
SSLSession(javax.net.ssl.SSLSession)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
URLConnection(java.net.URLConnection)
HttpsURLConnection(javax.net.ssl.HttpsURLConnection)
X509Certificate(java.security.cert.X509Certificate)
KeyManagementException(java.security.KeyManagementException)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
HttpsURLConnection(javax.net.ssl.HttpsURLConnection)
Example 57 with SSLSession
use of javax.net.ssl.SSLSession in project geode by apache.
the class ConnectCommandWithHttpAndSSLDUnitTest method connect.
@Override
protected void connect(final String host, final int jmxPort, final int httpPort, final HeadlessGfsh shell) {
assertNotNull(host);
assertNotNull(shell);
final CommandStringBuilder command = new CommandStringBuilder(CONNECT);
String endpoint;
// This is for testing purpose only. If we remove this piece of code we will
// get a java.security.cert.CertificateException
// as matching hostname can not be obtained in all test environment.
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String string, SSLSession ssls) {
return true;
}
});
endpoint = "https://" + host + ":" + httpPort + urlContext + "/v1";
command.addOption(CONNECT__USE_HTTP, Boolean.TRUE.toString());
command.addOption(CONNECT__URL, endpoint);
command.addOption(CONNECT__USE_SSL, Boolean.TRUE.toString());
if (sslInfoHolder.get().getProperty(CONNECT__KEY_STORE) != null) {
command.addOption(CONNECT__KEY_STORE, sslInfoHolder.get().getProperty(CONNECT__KEY_STORE));
}
if (sslInfoHolder.get().getProperty(CONNECT__KEY_STORE_PASSWORD) != null) {
command.addOption(CONNECT__KEY_STORE_PASSWORD, sslInfoHolder.get().getProperty(CONNECT__KEY_STORE_PASSWORD));
}
if (sslInfoHolder.get().getProperty(CONNECT__TRUST_STORE) != null) {
command.addOption(CONNECT__TRUST_STORE, sslInfoHolder.get().getProperty(CONNECT__TRUST_STORE));
}
if (sslInfoHolder.get().getProperty(CONNECT__TRUST_STORE_PASSWORD) != null) {
command.addOption(CONNECT__TRUST_STORE_PASSWORD, sslInfoHolder.get().getProperty(CONNECT__TRUST_STORE_PASSWORD));
}
if (sslInfoHolder.get().getProperty(CONNECT__SSL_PROTOCOLS) != null) {
command.addOption(CONNECT__SSL_PROTOCOLS, sslInfoHolder.get().getProperty(CONNECT__SSL_PROTOCOLS));
}
if (sslInfoHolder.get().getProperty(CONNECT__SSL_CIPHERS) != null) {
command.addOption(CONNECT__SSL_CIPHERS, sslInfoHolder.get().getProperty(CONNECT__SSL_CIPHERS));
}
CommandResult result = executeCommand(shell, command.toString());
if (!shell.isConnectedAndReady()) {
fail("Connect command failed to connect to manager " + endpoint + " result=" + commandResultToString(result));
}
info("Successfully connected to managing node using HTTPS");
assertEquals(true, shell.isConnectedAndReady());
}
Also used :
CommandStringBuilder(org.apache.geode.management.internal.cli.util.CommandStringBuilder)
SSLSession(javax.net.ssl.SSLSession)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
CommandResult(org.apache.geode.management.internal.cli.result.CommandResult)
Example 58 with SSLSession
use of javax.net.ssl.SSLSession in project wildfly by wildfly.
the class RemotingLoginModule method login.
@SuppressWarnings("unchecked")
@Override
public boolean login() throws LoginException {
if (super.login() == true) {
log.debug("super.login()==true");
return true;
}
Object credential = getCredential();
if (credential instanceof RemotingConnectionCredential) {
Connection con = ((RemotingConnectionCredential) credential).getConnection();
Principal up = null;
SecurityIdentity localIdentity = con.getLocalIdentity();
if (localIdentity != null) {
up = new RealmUser(localIdentity.getPrincipal().getName());
}
// If we found a principal from the connection then authentication succeeded.
if (up != null) {
identity = up;
if (getUseFirstPass()) {
String userName = identity.getName();
log.debugf("Storing username '%s'", userName);
// Add the username to the shared state map
sharedState.put("javax.security.auth.login.name", identity);
if (useNewClientCert) {
SSLSession session = con.getSslSession();
if (session != null) {
try {
credential = session.getPeerCertificates()[0];
log.debug("Using new certificate as credential.");
} catch (SSLPeerUnverifiedException e) {
log.debugf("No peer certificate available for '%s'", userName);
}
}
} else if (useClientCert) {
SSLSession session = con.getSslSession();
if (session != null) {
try {
credential = session.getPeerCertificateChain()[0];
log.debug("Using certificate as credential.");
} catch (SSLPeerUnverifiedException e) {
log.debugf("No peer certificate available for '%s'", userName);
}
}
}
sharedState.put("javax.security.auth.login.password", credential);
}
loginOk = true;
return true;
}
}
// username and password has been supplied to a web auth.
return false;
}
Also used :
SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
Connection(org.jboss.remoting3.Connection)
RealmUser(org.jboss.as.core.security.RealmUser)
SSLSession(javax.net.ssl.SSLSession)
Principal(java.security.Principal)
Example 59 with SSLSession
use of javax.net.ssl.SSLSession in project cloudstack by apache.
the class HttpClientWrapper method wrapClient.
public static HttpClient wrapClient(HttpClient base) {
try {
SSLContext ctx = SSLUtils.getSSLContext();
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
X509HostnameVerifier verifier = new X509HostnameVerifier() {
@Override
public void verify(String string, SSLSocket ssls) throws IOException {
}
@Override
public void verify(String string, X509Certificate xc) throws SSLException {
}
@Override
public void verify(String string, String[] strings, String[] strings1) throws SSLException {
}
@Override
public boolean verify(String string, SSLSession ssls) {
return true;
}
};
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx);
ssf.setHostnameVerifier(verifier);
ClientConnectionManager ccm = base.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", ssf, 443));
return new DefaultHttpClient(ccm, base.getParams());
} catch (Exception ex) {
ex.printStackTrace();
return null;
}
}
Also used :
Scheme(org.apache.http.conn.scheme.Scheme)
SSLSocket(javax.net.ssl.SSLSocket)
SSLSession(javax.net.ssl.SSLSession)
SSLContext(javax.net.ssl.SSLContext)
ClientConnectionManager(org.apache.http.conn.ClientConnectionManager)
X509Certificate(java.security.cert.X509Certificate)
DefaultHttpClient(org.apache.http.impl.client.DefaultHttpClient)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
SSLException(javax.net.ssl.SSLException)
X509HostnameVerifier(org.apache.http.conn.ssl.X509HostnameVerifier)
X509TrustManager(javax.net.ssl.X509TrustManager)
SchemeRegistry(org.apache.http.conn.scheme.SchemeRegistry)
SSLSocketFactory(org.apache.http.conn.ssl.SSLSocketFactory)
Example 60 with SSLSession
use of javax.net.ssl.SSLSession in project cubrid-manager by CUBRID.
the class ClientHttp method setUpConnection.
/**
* Set up a http client
*
* @throws UnknownHostException a possible exception
* @throws IOException a possible exception
*/
private void setUpConnection() {
tearDownConnection();
this.requestUrl = "https://" + hostAddress + ":" + port + METHOD;
// support https
try {
// KeyStore trustStore =
// KeyStore.getInstance(KeyStore.getDefaultType());
// instream = new FileInputStream(new File("cm.keystore"));
// trustStore.load(instream, "admin1".toCharArray());
// SSLSocketFactory socketFactory = new
// SSLSocketFactory(trustStore);
// Scheme sch = new Scheme("https", 443, socketFactory);
// this.httpClient.getConnectionManager().getSchemeRegistry().register(sch);
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
};
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[] { tm }, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
URL url = new URL(requestUrl);
conn = (HttpsURLConnection) url.openConnection();
conn.setRequestMethod("POST");
conn.setConnectTimeout(timeout);
conn.setDoInput(true);
conn.setDoOutput(true);
conn.setRequestProperty("Content-Type", "application/json");
} catch (Exception e) {
LOGGER.error("Make to support HTTPS failed.", e);
}
}
Also used :
X509TrustManager(javax.net.ssl.X509TrustManager)
SSLSession(javax.net.ssl.SSLSession)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
X509Certificate(java.security.cert.X509Certificate)
URL(java.net.URL)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
UnknownHostException(java.net.UnknownHostException)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
Aggregations
SSLSession (javax.net.ssl.SSLSession)187
HostnameVerifier (javax.net.ssl.HostnameVerifier)50
SSLSocket (javax.net.ssl.SSLSocket)34
X509Certificate (java.security.cert.X509Certificate)32
IOException (java.io.IOException)31
SSLContext (javax.net.ssl.SSLContext)30
Test (org.junit.Test)29
CertificateException (java.security.cert.CertificateException)27
Certificate (java.security.cert.Certificate)20
SSLException (javax.net.ssl.SSLException)17
X509TrustManager (javax.net.ssl.X509TrustManager)16
URL (java.net.URL)14
HttpsURLConnection (javax.net.ssl.HttpsURLConnection)14
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)14
TrustManager (javax.net.ssl.TrustManager)14
SecureRandom (java.security.SecureRandom)13
FakeSSLSession (okhttp3.FakeSSLSession)13
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)12
InputStream (java.io.InputStream)11
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11
