Examples with SSLSession javax.net.ssl.SSLSession used on opensource projects

Example 66 with SSLSession

use of javax.net.ssl.SSLSession in project CloudStack-archive by CloudStack-extras.

the class Link method read.

public byte[] read(SocketChannel ch) throws IOException {
    if (_readHeader) {
        // Start of a packet
        if (_readBuffer.position() == 0) {
            _readBuffer.limit(4);
        }
        if (ch.read(_readBuffer) == -1) {
            throw new IOException("Connection closed with -1 on reading size.");
        }
        if (_readBuffer.hasRemaining()) {
            s_logger.trace("Need to read the rest of the packet length");
            return null;
        }
        _readBuffer.flip();
        int header = _readBuffer.getInt();
        int readSize = (short) header;
        if (s_logger.isTraceEnabled()) {
            s_logger.trace("Packet length is " + readSize);
        }
        if (readSize > MAX_SIZE_PER_PACKET) {
            throw new IOException("Wrong packet size: " + readSize);
        }
        if (!_gotFollowingPacket) {
            _plaintextBuffer = ByteBuffer.allocate(2000);
        }
        if ((header & HEADER_FLAG_FOLLOWING) != 0) {
            _gotFollowingPacket = true;
        } else {
            _gotFollowingPacket = false;
        }
        _readBuffer.clear();
        _readHeader = false;
        if (_readBuffer.capacity() < readSize) {
            if (s_logger.isTraceEnabled()) {
                s_logger.trace("Resizing the byte buffer from " + _readBuffer.capacity());
            }
            _readBuffer = ByteBuffer.allocate(readSize);
        }
        _readBuffer.limit(readSize);
    }
    if (ch.read(_readBuffer) == -1) {
        throw new IOException("Connection closed with -1 on read.");
    }
    if (_readBuffer.hasRemaining()) {
        // We're not done yet.
        if (s_logger.isTraceEnabled()) {
            s_logger.trace("Still has " + _readBuffer.remaining());
        }
        return null;
    }
    _readBuffer.flip();
    ByteBuffer appBuf;
    SSLSession sslSession = _sslEngine.getSession();
    SSLEngineResult engResult;
    int remaining = 0;
    while (_readBuffer.hasRemaining()) {
        remaining = _readBuffer.remaining();
        appBuf = ByteBuffer.allocate(sslSession.getApplicationBufferSize() + 40);
        engResult = _sslEngine.unwrap(_readBuffer, appBuf);
        if (engResult.getHandshakeStatus() != HandshakeStatus.FINISHED && engResult.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING && engResult.getStatus() != SSLEngineResult.Status.OK) {
            throw new IOException("SSL: SSLEngine return bad result! " + engResult);
        }
        if (remaining == _readBuffer.remaining()) {
            throw new IOException("SSL: Unable to unwrap received data! still remaining " + remaining + "bytes!");
        }
        appBuf.flip();
        if (_plaintextBuffer.remaining() < appBuf.limit()) {
            // We need to expand _plaintextBuffer for more data
            ByteBuffer newBuffer = ByteBuffer.allocate(_plaintextBuffer.capacity() + appBuf.limit() * 5);
            _plaintextBuffer.flip();
            newBuffer.put(_plaintextBuffer);
            _plaintextBuffer = newBuffer;
        }
        _plaintextBuffer.put(appBuf);
        if (s_logger.isTraceEnabled()) {
            s_logger.trace("Done with packet: " + appBuf.limit());
        }
    }
    _readBuffer.clear();
    _readHeader = true;
    if (!_gotFollowingPacket) {
        _plaintextBuffer.flip();
        byte[] result = new byte[_plaintextBuffer.limit()];
        _plaintextBuffer.get(result);
        return result;
    } else {
        if (s_logger.isTraceEnabled()) {
            s_logger.trace("Waiting for more packets");
        }
        return null;
    }
}

Example 67 with SSLSession

use of javax.net.ssl.SSLSession in project cubrid-manager by CUBRID.

the class ClientHttp method setUpConnection.

/**
	 * Set up a http client
	 *
	 * @throws UnknownHostException a possible exception
	 * @throws IOException a possible exception
	 */
private void setUpConnection() {
    tearDownConnection();
    this.requestUrl = "https://" + hostAddress + ":" + port + METHOD;
    // support https
    try {
        // KeyStore trustStore =
        // KeyStore.getInstance(KeyStore.getDefaultType());
        // instream = new FileInputStream(new File("cm.keystore"));
        // trustStore.load(instream, "admin1".toCharArray());
        // SSLSocketFactory socketFactory = new
        // SSLSocketFactory(trustStore);
        // Scheme sch = new Scheme("https", 443, socketFactory);
        // this.httpClient.getConnectionManager().getSchemeRegistry().register(sch);
        X509TrustManager tm = new X509TrustManager() {

            public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
        SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(null, new TrustManager[] { tm }, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {

            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });
        URL url = new URL(requestUrl);
        conn = (HttpsURLConnection) url.openConnection();
        conn.setRequestMethod("POST");
        conn.setConnectTimeout(timeout);
        conn.setDoInput(true);
        conn.setDoOutput(true);
        conn.setRequestProperty("Content-Type", "application/json");
    } catch (Exception e) {
        LOGGER.error("Make to support HTTPS failed.", e);
    }
}

Example 68 with SSLSession

use of javax.net.ssl.SSLSession in project platform_external_apache-http by android.

the class CertificateChainValidator method doHandshakeAndValidateServerCertificates.

/**
     * Performs the handshake and server certificates validation
     * Notice a new chain will be rebuilt by tracing the issuer and subject
     * before calling checkServerTrusted().
     * And if the last traced certificate is self issued and it is expired, it
     * will be dropped.
     * @param sslSocket The secure connection socket
     * @param domain The website domain
     * @return An SSL error object if there is an error and null otherwise
     */
public SslError doHandshakeAndValidateServerCertificates(HttpsConnection connection, SSLSocket sslSocket, String domain) throws IOException {
    // get a valid SSLSession, close the socket if we fail
    SSLSession sslSession = sslSocket.getSession();
    if (!sslSession.isValid()) {
        closeSocketThrowException(sslSocket, "failed to perform SSL handshake");
    }
    // retrieve the chain of the server peer certificates
    Certificate[] peerCertificates = sslSocket.getSession().getPeerCertificates();
    if (peerCertificates == null || peerCertificates.length == 0) {
        closeSocketThrowException(sslSocket, "failed to retrieve peer certificates");
    } else {
        // update the SSL certificate associated with the connection
        if (connection != null) {
            if (peerCertificates[0] != null) {
                connection.setCertificate(new SslCertificate((X509Certificate) peerCertificates[0]));
            }
        }
    }
    return verifyServerDomainAndCertificates((X509Certificate[]) peerCertificates, domain, "RSA");
}

Example 69 with SSLSession

use of javax.net.ssl.SSLSession in project platform_external_apache-http by android.

the class CertificateChainValidator method closeSocketThrowException.

private void closeSocketThrowException(SSLSocket socket, String errorMessage) throws IOException {
    if (HttpLog.LOGV) {
        HttpLog.v("validation error: " + errorMessage);
    }
    if (socket != null) {
        SSLSession session = socket.getSession();
        if (session != null) {
            session.invalidate();
        }
        socket.close();
    }
    throw new SSLHandshakeException(errorMessage);
}

Example 70 with SSLSession

use of javax.net.ssl.SSLSession in project cloudstack by apache.

the class HttpClientWrapper method wrapClient.

public static HttpClient wrapClient(HttpClient base) {
    try {
        SSLContext ctx = SSLUtils.getSSLContext();
        X509TrustManager tm = new X509TrustManager() {

            @Override
            public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            @Override
            public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        X509HostnameVerifier verifier = new X509HostnameVerifier() {

            @Override
            public void verify(String string, SSLSocket ssls) throws IOException {
            }

            @Override
            public void verify(String string, X509Certificate xc) throws SSLException {
            }

            @Override
            public void verify(String string, String[] strings, String[] strings1) throws SSLException {
            }

            @Override
            public boolean verify(String string, SSLSession ssls) {
                return true;
            }
        };
        ctx.init(null, new TrustManager[] { tm }, null);
        SSLSocketFactory ssf = new SSLSocketFactory(ctx);
        ssf.setHostnameVerifier(verifier);
        ClientConnectionManager ccm = base.getConnectionManager();
        SchemeRegistry sr = ccm.getSchemeRegistry();
        sr.register(new Scheme("https", ssf, 443));
        return new DefaultHttpClient(ccm, base.getParams());
    } catch (Exception ex) {
        ex.printStackTrace();
        return null;
    }
}