Examples with SSLSocketFactory - javax.net.ssl.SSLSocketFactory

Example 96 with SSLSocketFactory

use of javax.net.ssl.SSLSocketFactory in project cosmic by MissionCriticalCloud.

the class SecureSSLSocketFactory method createSocket.

@Override
public Socket createSocket(final String host, final int port, final InetAddress inetAddress, final int localPort) throws IOException, UnknownHostException {
    final SSLSocketFactory factory = _sslContext.getSocketFactory();
    final Socket socket = factory.createSocket(host, port, inetAddress, localPort);
    if (socket instanceof SSLSocket) {
        ((SSLSocket) socket).setEnabledProtocols(SSLUtils.getSupportedProtocols(((SSLSocket) socket).getEnabledProtocols()));
    }
    return socket;
}

Also used : SSLSocket(javax.net.ssl.SSLSocket) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) Socket(java.net.Socket) SSLSocket(javax.net.ssl.SSLSocket)

Example 97 with SSLSocketFactory

use of javax.net.ssl.SSLSocketFactory in project matrix-android-sdk by matrix-org.

the class CertUtil method newPinnedSSLSocketFactory.

/**
 * Create a SSLSocket factory for a HS config.
 *
 * @param hsConfig the HS config.
 * @return SSLSocket factory
 */
public static SSLSocketFactory newPinnedSSLSocketFactory(HomeServerConnectionConfig hsConfig) {
    try {
        X509TrustManager defaultTrustManager = null;
        // X509 checks if fingerprints don't match.
        if (!hsConfig.shouldPin()) {
            TrustManagerFactory tf = null;
            // get the PKIX instance
            try {
                tf = TrustManagerFactory.getInstance("PKIX");
            } catch (Exception e) {
                Log.e(LOG_TAG, "## newPinnedSSLSocketFactory() : TrustManagerFactory.getInstance failed " + e.getMessage());
            }
            // it doesn't exist, use the default one.
            if (null == tf) {
                try {
                    tf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                } catch (Exception e) {
                    Log.e(LOG_TAG, "## addRule : onBingRuleUpdateFailure failed " + e.getMessage());
                }
            }
            tf.init((KeyStore) null);
            TrustManager[] trustManagers = tf.getTrustManagers();
            for (int i = 0; i < trustManagers.length; i++) {
                if (trustManagers[i] instanceof X509TrustManager) {
                    defaultTrustManager = (X509TrustManager) trustManagers[i];
                    break;
                }
            }
        }
        TrustManager[] trustPinned = new TrustManager[] { new PinnedTrustManager(hsConfig.getAllowedFingerprints(), defaultTrustManager) };
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, trustPinned, new java.security.SecureRandom());
        SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
        return sslSocketFactory;
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}

Also used : X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) SSLContext(javax.net.ssl.SSLContext) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) CertificateException(java.security.cert.CertificateException) SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 98 with SSLSocketFactory

use of javax.net.ssl.SSLSocketFactory in project java-sdk by watson-developer-cloud.

the class HttpClientSingleton method setupTLSProtocol.

/**
 * Specifically enable all TLS protocols. See: https://github.com/watson-developer-cloud/java-sdk/issues/610
 *
 * @param builder the {@link OkHttpClient} builder.
 */
private void setupTLSProtocol(final OkHttpClient.Builder builder) {
    try {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
            throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
        }
        X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
        System.setProperty("com.ibm.jsse2.overrideDefaultTLS", "true");
        SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
        sslContext.init(null, new TrustManager[] { trustManager }, null);
        SSLSocketFactory sslSocketFactory = new DelegatingSSLSocketFactory(sslContext.getSocketFactory()) {

            @Override
            protected SSLSocket configureSocket(SSLSocket socket) throws IOException {
                socket.setEnabledProtocols(new String[] { TlsVersion.TLS_1_0.javaName(), TlsVersion.TLS_1_1.javaName(), TlsVersion.TLS_1_2.javaName() });
                return socket;
            }
        };
        builder.sslSocketFactory(sslSocketFactory, trustManager);
    } catch (NoSuchAlgorithmException e) {
        LOG.log(Level.SEVERE, "The cryptographic algorithm requested is not available in the environment.", e);
    } catch (KeyStoreException e) {
        LOG.log(Level.SEVERE, "Error using the keystore.", e);
    } catch (KeyManagementException e) {
        LOG.log(Level.SEVERE, "Error initializing the SSL Context.", e);
    }
}

Also used : X509TrustManager(javax.net.ssl.X509TrustManager) DelegatingSSLSocketFactory(com.ibm.watson.developer_cloud.service.security.DelegatingSSLSocketFactory) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) SSLSocket(javax.net.ssl.SSLSocket) SSLContext(javax.net.ssl.SSLContext) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) DelegatingSSLSocketFactory(com.ibm.watson.developer_cloud.service.security.DelegatingSSLSocketFactory) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) KeyManagementException(java.security.KeyManagementException) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 99 with SSLSocketFactory

use of javax.net.ssl.SSLSocketFactory in project calcite by apache.

the class TrustAllSslSocketFactory method createSSLSocketFactory.

/**
 * Creates an "accept-all" SSLSocketFactory - ssl sockets will accept ANY
 * certificate sent to them - thus effectively just securing the
 * communications. This could be set in a HttpsURLConnection using
 * HttpsURLConnection.setSSLSocketFactory(.....)
 *
 * @return SSLSocketFactory
 */
public static SSLSocketFactory createSSLSocketFactory() {
    SSLSocketFactory sslsocketfactory = null;
    TrustManager[] trustAllCerts = { new DummyTrustManager() };
    try {
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        sslsocketfactory = sc.getSocketFactory();
    } catch (Exception e) {
        e.printStackTrace();
    }
    return sslsocketfactory;
}

Also used : SecureRandom(java.security.SecureRandom) SSLContext(javax.net.ssl.SSLContext) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) IOException(java.io.IOException) X509TrustManager(javax.net.ssl.X509TrustManager) TrustManager(javax.net.ssl.TrustManager)

Example 100 with SSLSocketFactory

use of javax.net.ssl.SSLSocketFactory in project mule by mulesoft.

the class TlsConfigurationTestCase method overrideDefaultProtocolFromConfigFile.

@Test
public void overrideDefaultProtocolFromConfigFile() throws Exception {
    File configFile = createDefaultProtocolConfigFile();
    try {
        TlsConfiguration tlsConfiguration = new TlsConfiguration(DEFAULT_KEYSTORE);
        tlsConfiguration.setSslType("TLSv1.2");
        tlsConfiguration.initialise(true, JSSE_NAMESPACE);
        SSLSocketFactory socketFactory = tlsConfiguration.getSocketFactory();
        SSLContext sslContext = SSLContext.getInstance(SUPPORTED_PROTOCOL);
        sslContext.init(null, null, null);
        SSLSocketFactory protocolSocketFactory = sslContext.getSocketFactory();
        assertThat(socketFactory.getDefaultCipherSuites(), not(arrayWithSize(protocolSocketFactory.getDefaultCipherSuites().length)));
    } finally {
        configFile.delete();
    }
}

Also used : TlsConfiguration(org.mule.runtime.core.privileged.security.tls.TlsConfiguration) SSLContext(javax.net.ssl.SSLContext) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) File(java.io.File) Test(org.junit.Test)

Aggregations

SSLSocketFactory (javax.net.ssl.SSLSocketFactory)403 SSLContext (javax.net.ssl.SSLContext)150 SSLSocket (javax.net.ssl.SSLSocket)134 IOException (java.io.IOException)106 X509TrustManager (javax.net.ssl.X509TrustManager)69 Socket (java.net.Socket)63 TrustManager (javax.net.ssl.TrustManager)56 HostnameVerifier (javax.net.ssl.HostnameVerifier)49 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)48 HttpsURLConnection (javax.net.ssl.HttpsURLConnection)48 Test (org.junit.Test)46 KeyManagementException (java.security.KeyManagementException)45 URL (java.net.URL)41 CertificateException (java.security.cert.CertificateException)39 OkHttpClient (okhttp3.OkHttpClient)39 OutputStream (java.io.OutputStream)35 InputStream (java.io.InputStream)34 X509Certificate (java.security.cert.X509Certificate)34 SSLSession (javax.net.ssl.SSLSession)30 InetSocketAddress (java.net.InetSocketAddress)29