Examples with SslClient okhttp3.internal.tls.SslClient used on opensource projects

Search in sources :

Example 1 with SslClient

use of okhttp3.internal.tls.SslClient in project okhttp by square.

the class ConnectionCoalescingTest method setUp.

@Before
public void setUp() throws Exception {
    rootCa = new HeldCertificate.Builder().serialNumber("1").ca(3).commonName("root").build();
    certificate = new HeldCertificate.Builder().issuedBy(rootCa).serialNumber("2").commonName(server.getHostName()).subjectAlternativeName(server.getHostName()).subjectAlternativeName("san.com").subjectAlternativeName("*.wildcard.com").subjectAlternativeName("differentdns.com").build();
    serverIps = Dns.SYSTEM.lookup(server.getHostName());
    dns.set(server.getHostName(), serverIps);
    dns.set("san.com", serverIps);
    dns.set("nonsan.com", serverIps);
    dns.set("www.wildcard.com", serverIps);
    dns.set("differentdns.com", Collections.<InetAddress>emptyList());
    SslClient sslClient = new SslClient.Builder().addTrustedCertificate(rootCa.certificate).build();
    client = new OkHttpClient.Builder().dns(dns).sslSocketFactory(sslClient.socketFactory, sslClient.trustManager).build();
    SslClient serverSslClient = new SslClient.Builder().certificateChain(certificate, rootCa).build();
    server.useHttps(serverSslClient.socketFactory, false);
    url = server.url("/robots.txt");
}
Also used : SslClient(okhttp3.internal.tls.SslClient) HeldCertificate(okhttp3.internal.tls.HeldCertificate) Before(org.junit.Before)

Example 2 with SslClient

use of okhttp3.internal.tls.SslClient in project okhttp by square.

the class ConnectionReuseTest method connectionsAreNotReusedIfSslSocketFactoryChanges.

@Test
public void connectionsAreNotReusedIfSslSocketFactoryChanges() throws Exception {
    enableHttps();
    server.enqueue(new MockResponse());
    server.enqueue(new MockResponse());
    Request request = new Request.Builder().url(server.url("/")).build();
    Response response = client.newCall(request).execute();
    response.body().close();
    // This client shares a connection pool but has a different SSL socket factory.
    SslClient sslClient2 = new SslClient.Builder().build();
    OkHttpClient anotherClient = client.newBuilder().sslSocketFactory(sslClient2.socketFactory, sslClient2.trustManager).build();
    // This client fails to connect because the new SSL socket factory refuses.
    try {
        anotherClient.newCall(request).execute();
        fail();
    } catch (SSLException expected) {
    }
}
Also used : MockResponse(okhttp3.mockwebserver.MockResponse) MockResponse(okhttp3.mockwebserver.MockResponse) SslClient(okhttp3.internal.tls.SslClient) SSLException(javax.net.ssl.SSLException) Test(org.junit.Test)

Example 3 with SslClient

use of okhttp3.internal.tls.SslClient in project keywhiz by square.

the class ClientUtilsTest method testSslOkHttpClientCreation.

@Test
public void testSslOkHttpClientCreation() throws Exception {
    OkHttpClient sslClient = ClientUtils.sslOkHttpClient(config.getDevTrustStore(), ImmutableList.of());
    assertThat(sslClient.followSslRedirects()).isFalse();
    assertThat(sslClient.sslSocketFactory()).isNotNull();
    assertThat(sslClient.networkInterceptors()).isNotEmpty();
    assertThat(sslClient.cookieJar()).isNotNull();
    java.util.List<HttpCookie> cookieList = ClientUtils.getCookieManager().getCookieStore().getCookies();
    assertThat(cookieList).isEmpty();
}
Also used : OkHttpClient(okhttp3.OkHttpClient) HttpCookie(java.net.HttpCookie) Test(org.junit.Test)

Example 4 with SslClient

use of okhttp3.internal.tls.SslClient in project okhttp by square.

the class OkHttpAsync method prepare.

@Override
public void prepare(final Benchmark benchmark) {
    concurrencyLevel = benchmark.concurrencyLevel;
    targetBacklog = benchmark.targetBacklog;
    client = new OkHttpClient.Builder().protocols(benchmark.protocols).dispatcher(new Dispatcher(new ThreadPoolExecutor(benchmark.concurrencyLevel, benchmark.concurrencyLevel, 60, TimeUnit.SECONDS, new LinkedBlockingQueue<Runnable>()))).build();
    if (benchmark.tls) {
        SslClient sslClient = SslClient.localhost();
        SSLSocketFactory socketFactory = sslClient.socketFactory;
        HostnameVerifier hostnameVerifier = new HostnameVerifier() {

            @Override
            public boolean verify(String s, SSLSession session) {
                return true;
            }
        };
        client = client.newBuilder().sslSocketFactory(socketFactory, sslClient.trustManager).hostnameVerifier(hostnameVerifier).build();
    }
    callback = new Callback() {

        @Override
        public void onFailure(Call call, IOException e) {
            System.out.println("Failed: " + e);
        }

        @Override
        public void onResponse(Call call, Response response) throws IOException {
            ResponseBody body = response.body();
            long total = SynchronousHttpClient.readAllAndClose(body.byteStream());
            long finish = System.nanoTime();
            if (VERBOSE) {
                long start = (Long) response.request().tag();
                System.out.printf("Transferred % 8d bytes in %4d ms%n", total, TimeUnit.NANOSECONDS.toMillis(finish - start));
            }
            requestsInFlight.decrementAndGet();
        }
    };
}
Also used : Call(okhttp3.Call) SslClient(okhttp3.internal.tls.SslClient) SSLSession(javax.net.ssl.SSLSession) IOException(java.io.IOException) Dispatcher(okhttp3.Dispatcher) HostnameVerifier(javax.net.ssl.HostnameVerifier) ResponseBody(okhttp3.ResponseBody) Response(okhttp3.Response) Callback(okhttp3.Callback) ThreadPoolExecutor(java.util.concurrent.ThreadPoolExecutor) SSLSocketFactory(javax.net.ssl.SSLSocketFactory)

Example 5 with SslClient

use of okhttp3.internal.tls.SslClient in project okhttp by square.

the class CertificatePinnerChainValidationTest method unrelatedPinnedIntermediateCertificateInChain.

@Test
public void unrelatedPinnedIntermediateCertificateInChain() throws Exception {
    // Start with two root CA certificates, one is good and the other is compromised.
    HeldCertificate rootCa = new HeldCertificate.Builder().serialNumber("1").ca(3).commonName("root").build();
    HeldCertificate compromisedRootCa = new HeldCertificate.Builder().serialNumber("2").ca(3).commonName("compromised_root").build();
    // Add a good intermediate CA, and have that issue a good certificate to localhost. Prepare an
    // SSL context for an HTTP client under attack. It includes the trusted CA and a pinned
    // certificate.
    HeldCertificate goodIntermediateCa = new HeldCertificate.Builder().issuedBy(rootCa).ca(2).serialNumber("3").commonName("intermediate_ca").build();
    CertificatePinner certificatePinner = new CertificatePinner.Builder().add(server.getHostName(), CertificatePinner.pin(goodIntermediateCa.certificate)).build();
    SslClient clientContextBuilder = new SslClient.Builder().addTrustedCertificate(rootCa.certificate).addTrustedCertificate(compromisedRootCa.certificate).build();
    OkHttpClient client = defaultClient().newBuilder().sslSocketFactory(clientContextBuilder.socketFactory, clientContextBuilder.trustManager).hostnameVerifier(new RecordingHostnameVerifier()).certificatePinner(certificatePinner).build();
    // The attacker compromises the root CA, issues an intermediate with the same common name
    // "intermediate_ca" as the good CA. This signs a rogue certificate for localhost. The server
    // serves the good CAs certificate in the chain, which means the certificate pinner sees a
    // different set of certificates than the SSL verifier.
    HeldCertificate compromisedIntermediateCa = new HeldCertificate.Builder().issuedBy(compromisedRootCa).ca(2).serialNumber("4").commonName("intermediate_ca").build();
    HeldCertificate rogueCertificate = new HeldCertificate.Builder().serialNumber("5").issuedBy(compromisedIntermediateCa).commonName(server.getHostName()).build();
    SslClient.Builder sslBuilder = new SslClient.Builder();
    // http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/2c1c21d11e58/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java#l596
    if (getPlatform().equals("jdk9")) {
        sslBuilder.keyStoreType("JKS");
    }
    SslClient serverSslContext = sslBuilder.certificateChain(rogueCertificate.keyPair, rogueCertificate.certificate, goodIntermediateCa.certificate, compromisedIntermediateCa.certificate, compromisedRootCa.certificate).build();
    server.useHttps(serverSslContext.socketFactory, false);
    server.enqueue(new MockResponse().setBody("abc").addHeader("Content-Type: text/plain"));
    // Make a request from client to server. It should succeed certificate checks (unfortunately the
    // rogue CA is trusted) but it should fail certificate pinning.
    Request request = new Request.Builder().url(server.url("/")).build();
    Call call = client.newCall(request);
    try {
        call.execute();
        fail();
    } catch (SSLHandshakeException expected) {
        // On Android, the handshake fails before the certificate pinner runs.
        String message = expected.getMessage();
        assertTrue(message, message.contains("Could not validate certificate"));
    } catch (SSLPeerUnverifiedException expected) {
        // On OpenJDK, the handshake succeeds but the certificate pinner fails.
        String message = expected.getMessage();
        assertTrue(message, message.startsWith("Certificate pinning failure!"));
    }
}
Also used : MockResponse(okhttp3.mockwebserver.MockResponse) Call(okhttp3.Call) OkHttpClient(okhttp3.OkHttpClient) CertificatePinner(okhttp3.CertificatePinner) SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException) Request(okhttp3.Request) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) RecordingHostnameVerifier(okhttp3.RecordingHostnameVerifier) Test(org.junit.Test)

Aggregations

SslClient (okhttp3.internal.tls.SslClient)11 Test (org.junit.Test)10 MockResponse (okhttp3.mockwebserver.MockResponse)8 OkHttpClient (okhttp3.OkHttpClient)7 Call (okhttp3.Call)5 CertificatePinner (okhttp3.CertificatePinner)4 RecordingHostnameVerifier (okhttp3.RecordingHostnameVerifier)4 Request (okhttp3.Request)4 HostnameVerifier (javax.net.ssl.HostnameVerifier)3 SSLSession (javax.net.ssl.SSLSession)3 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)3 Response (okhttp3.Response)3 IOException (java.io.IOException)2 HttpCookie (java.net.HttpCookie)2 SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)2 HeldCertificate (okhttp3.internal.tls.HeldCertificate)2 MockWebServer (okhttp3.mockwebserver.MockWebServer)2 RecordedRequest (okhttp3.mockwebserver.RecordedRequest)2 Bootstrap (io.netty.bootstrap.Bootstrap)1 ChannelInitializer (io.netty.channel.ChannelInitializer)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial