Examples with SecureSSLSocketFactory org.apache.cloudstack.utils.security.SecureSSLSocketFactory used on opensource projects

Example 1 with SecureSSLSocketFactory

use of org.apache.cloudstack.utils.security.SecureSSLSocketFactory in project cloudstack by apache.

the class RawHTTP method _getSocket.

private Socket _getSocket() throws IOException {
    if (useSSL) {
        SSLContext context = null;
        try {
            context = SSLUtils.getSSLContext("SunJSSE");
        } catch (NoSuchAlgorithmException e) {
            s_logger.error("Unexpected exception ", e);
        } catch (NoSuchProviderException e) {
            s_logger.error("Unexpected exception ", e);
        }
        if (context == null)
            throw new IOException("Unable to setup SSL context");
        SSLSocket ssl = null;
        try {
            context.init(null, trustAllCerts, new SecureRandom());
            SocketFactory factory = new SecureSSLSocketFactory(context);
            ssl = (SSLSocket) factory.createSocket(host, port);
            ssl.setEnabledProtocols(SSLUtils.getSupportedProtocols(ssl.getEnabledProtocols()));
        /* ssl.setSSLParameters(context.getDefaultSSLParameters()); */
        } catch (IOException e) {
            s_logger.error("IOException: " + e.getMessage(), e);
            throw e;
        } catch (KeyManagementException e) {
            s_logger.error("KeyManagementException: " + e.getMessage(), e);
        } catch (NoSuchAlgorithmException e) {
            s_logger.error("NoSuchAlgorithmException: " + e.getMessage(), e);
        }
        return ssl;
    } else {
        return new Socket(host, port);
    }
}

Example 2 with SecureSSLSocketFactory

use of org.apache.cloudstack.utils.security.SecureSSLSocketFactory in project cloudstack by apache.

the class SocketWrapperImpl method upgradeToSsl.

@Override
public void upgradeToSsl() {
    if (sslSocket != null)
        // Already upgraded
        return;
    if (verbose)
        System.out.println("[" + this + "] INFO: Upgrading socket to SSL.");
    try {
        // Use most secure implementation of SSL available now.
        // JVM will try to negotiate TLS1.2, then will fallback to TLS1.0, if
        // TLS1.2 is not supported.
        SSLContext sslContext = SSLUtils.getSSLContext();
        // Trust all certificates (FIXME: insecure)
        sslContext.init(null, new TrustManager[] { new TrustAllX509TrustManager(sslState) }, null);
        SSLSocketFactory sslSocketFactory = new SecureSSLSocketFactory(sslContext);
        sslSocket = (SSLSocket) sslSocketFactory.createSocket(socket, address.getHostName(), address.getPort(), true);
        sslSocket.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslSocket.getEnabledProtocols()));
        sslSocket.startHandshake();
        InputStream sis = sslSocket.getInputStream();
        source.setInputStream(sis);
        OutputStream sos = sslSocket.getOutputStream();
        sink.setOutputStream(sos);
    } catch (Exception e) {
        throw new RuntimeException("Cannot upgrade socket to SSL: " + e.getMessage(), e);
    }
}

Example 3 with SecureSSLSocketFactory

use of org.apache.cloudstack.utils.security.SecureSSLSocketFactory in project cloudstack by apache.

the class VmwareClient method trustAllHttpsCertificates.

private static void trustAllHttpsCertificates() throws Exception {
    // Create a trust manager that does not validate certificate chains:
    javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
    javax.net.ssl.TrustManager tm = new TrustAllTrustManager();
    trustAllCerts[0] = tm;
    javax.net.ssl.SSLContext sc = SSLUtils.getSSLContext();
    javax.net.ssl.SSLSessionContext sslsc = sc.getServerSessionContext();
    sslsc.setSessionTimeout(0);
    sc.init(null, trustAllCerts, null);
    javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(new SecureSSLSocketFactory(sc));
}