Example 81 with SSLSession
use of javax.net.ssl.SSLSession in project android_frameworks_base by AOSPA.
the class SSLCertificateSocketFactory method verifyHostname.
/**
* Verify the hostname of the certificate used by the other end of a
* connected socket. You MUST call this if you did not supply a hostname
* to {@link #createSocket()}. It is harmless to call this method
* redundantly if the hostname has already been verified.
*
* <p>Wildcard certificates are allowed to verify any matching hostname,
* so "foo.bar.example.com" is verified if the peer has a certificate
* for "*.example.com".
*
* @param socket An SSL socket which has been connected to a server
* @param hostname The expected hostname of the remote server
* @throws IOException if something goes wrong handshaking with the server
* @throws SSLPeerUnverifiedException if the server cannot prove its identity
*
* @hide
*/
public static void verifyHostname(Socket socket, String hostname) throws IOException {
if (!(socket instanceof SSLSocket)) {
throw new IllegalArgumentException("Attempt to verify non-SSL socket");
}
if (!isSslCheckRelaxed()) {
// The code at the start of OpenSSLSocketImpl.startHandshake()
// ensures that the call is idempotent, so we can safely call it.
SSLSocket ssl = (SSLSocket) socket;
ssl.startHandshake();
SSLSession session = ssl.getSession();
if (session == null) {
throw new SSLException("Cannot verify SSL socket without session");
}
if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) {
throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
}
}
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
SSLSession(javax.net.ssl.SSLSession)
SSLException(javax.net.ssl.SSLException)
Example 82 with SSLSession
use of javax.net.ssl.SSLSession in project android_frameworks_base by AOSPA.
the class RootTrustManager method checkServerTrusted.
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType, Socket socket) throws CertificateException {
if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket;
SSLSession session = sslSocket.getHandshakeSession();
if (session == null) {
throw new CertificateException("Not in handshake; no session available");
}
String host = session.getPeerHost();
NetworkSecurityConfig config = mConfig.getConfigForHostname(host);
config.getTrustManager().checkServerTrusted(certs, authType, socket);
} else {
// Not an SSLSocket, use the hostname unaware checkServerTrusted.
checkServerTrusted(certs, authType);
}
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
SSLSession(javax.net.ssl.SSLSession)
CertificateException(java.security.cert.CertificateException)
Example 83 with SSLSession
use of javax.net.ssl.SSLSession in project android_frameworks_base by DirtyUnicorns.
the class SSLCertificateSocketFactory method verifyHostname.
/**
* Verify the hostname of the certificate used by the other end of a
* connected socket. You MUST call this if you did not supply a hostname
* to {@link #createSocket()}. It is harmless to call this method
* redundantly if the hostname has already been verified.
*
* <p>Wildcard certificates are allowed to verify any matching hostname,
* so "foo.bar.example.com" is verified if the peer has a certificate
* for "*.example.com".
*
* @param socket An SSL socket which has been connected to a server
* @param hostname The expected hostname of the remote server
* @throws IOException if something goes wrong handshaking with the server
* @throws SSLPeerUnverifiedException if the server cannot prove its identity
*
* @hide
*/
public static void verifyHostname(Socket socket, String hostname) throws IOException {
if (!(socket instanceof SSLSocket)) {
throw new IllegalArgumentException("Attempt to verify non-SSL socket");
}
if (!isSslCheckRelaxed()) {
// The code at the start of OpenSSLSocketImpl.startHandshake()
// ensures that the call is idempotent, so we can safely call it.
SSLSocket ssl = (SSLSocket) socket;
ssl.startHandshake();
SSLSession session = ssl.getSession();
if (session == null) {
throw new SSLException("Cannot verify SSL socket without session");
}
if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) {
throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
}
}
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
SSLSession(javax.net.ssl.SSLSession)
SSLException(javax.net.ssl.SSLException)
Example 84 with SSLSession
use of javax.net.ssl.SSLSession in project geode by apache.
the class SocketCreator method configureServerSSLSocket.
/**
* Will be a server socket... this one simply registers the listeners.
*/
public void configureServerSSLSocket(Socket socket) throws IOException {
if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket;
try {
sslSocket.startHandshake();
SSLSession session = sslSocket.getSession();
Certificate[] peer = session.getPeerCertificates();
if (logger.isDebugEnabled()) {
logger.debug(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_CONNECTION_FROM_PEER_0, ((X509Certificate) peer[0]).getSubjectDN()));
}
} catch (SSLPeerUnverifiedException ex) {
if (this.sslConfig.isRequireAuth()) {
logger.fatal(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER_0_1, new Object[] { socket.getInetAddress(), Integer.valueOf(socket.getPort()) }), ex);
throw ex;
}
} catch (SSLException ex) {
logger.fatal(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1, new Object[] { socket.getInetAddress(), Integer.valueOf(socket.getPort()) }), ex);
throw ex;
}
}
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
SSLSession(javax.net.ssl.SSLSession)
SSLException(javax.net.ssl.SSLException)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 85 with SSLSession
use of javax.net.ssl.SSLSession in project J2ME-Loader by nikita36078.
the class Connection method getSecurityInfo.
@Override
public SecurityInfo getSecurityInfo() throws IOException {
if (securityInfo == null) {
SSLSession session = ((SSLSocket) socket).getSession();
Certificate[] certs = session.getPeerCertificates();
if (certs.length == 0) {
throw new IOException();
}
securityInfo = new SecurityInfoImpl(session.getCipherSuite(), session.getProtocol(), new CertificateImpl((X509Certificate) certs[0]));
}
return securityInfo;
}
Also used :
SecurityInfoImpl(org.microemu.cldc.SecurityInfoImpl)
SSLSocket(javax.net.ssl.SSLSocket)
SSLSession(javax.net.ssl.SSLSession)
IOException(java.io.IOException)
CertificateImpl(org.microemu.cldc.CertificateImpl)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
SSLSession (javax.net.ssl.SSLSession)187
HostnameVerifier (javax.net.ssl.HostnameVerifier)50
SSLSocket (javax.net.ssl.SSLSocket)34
X509Certificate (java.security.cert.X509Certificate)32
IOException (java.io.IOException)31
SSLContext (javax.net.ssl.SSLContext)30
Test (org.junit.Test)29
CertificateException (java.security.cert.CertificateException)27
Certificate (java.security.cert.Certificate)20
SSLException (javax.net.ssl.SSLException)17
X509TrustManager (javax.net.ssl.X509TrustManager)16
URL (java.net.URL)14
HttpsURLConnection (javax.net.ssl.HttpsURLConnection)14
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)14
TrustManager (javax.net.ssl.TrustManager)14
SecureRandom (java.security.SecureRandom)13
FakeSSLSession (okhttp3.FakeSSLSession)13
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)12
InputStream (java.io.InputStream)11
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)11
