Example 1 with TlsClientProtocol
use of org.openecard.bouncycastle.tls.TlsClientProtocol in project open-ecard by ecsec.
the class StreamHttpClientConnectionTest method testRequestHttpsGoogle.
@Test
public void testRequestHttpsGoogle() throws IOException, HttpException {
final String hostName = "www.google.com";
// open connection
Socket socket = new Socket(hostName, 443);
assertTrue(socket.isConnected());
DefaultTlsClient tlsClient = new DefaultTlsClientImpl(new BcTlsCrypto(rand)) {
@Override
protected Vector getSNIServerNames() {
return new Vector(Collections.singletonList(hostName));
}
};
TlsClientProtocol handler = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream());
handler.connect(tlsClient);
StreamHttpClientConnection conn = new StreamHttpClientConnection(handler.getInputStream(), handler.getOutputStream());
assertTrue(conn.isOpen());
consumeEntity(conn, hostName, 2);
}
Also used :
TlsClientProtocol(org.openecard.bouncycastle.tls.TlsClientProtocol)
DefaultTlsClient(org.openecard.bouncycastle.tls.DefaultTlsClient)
BcTlsCrypto(org.openecard.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto)
Vector(java.util.Vector)
Socket(java.net.Socket)
Test(org.testng.annotations.Test)
Example 2 with TlsClientProtocol
use of org.openecard.bouncycastle.tls.TlsClientProtocol in project open-ecard by ecsec.
the class HttpGetTask method getRequest.
private void getRequest() throws IOException, ConnectionError, URISyntaxException, HttpException {
TlsConnectionHandler tlsHandler = new TlsConnectionHandler(dispatcher, tokenRequest, connectionHandle);
tlsHandler.setUpClient();
// connect the tls endpoint and make a get request
TlsClientProtocol handler = tlsHandler.createTlsConnection();
// set up connection to endpoint
InputStream in = handler.getInputStream();
OutputStream out = handler.getOutputStream();
StreamHttpClientConnection conn = new StreamHttpClientConnection(in, out);
// prepare HTTP connection
HttpContext ctx = new BasicHttpContext();
HttpRequestExecutor httpexecutor = new HttpRequestExecutor();
DefaultConnectionReuseStrategy reuse = new DefaultConnectionReuseStrategy();
// prepare request
String resource = tlsHandler.getResource();
BasicHttpEntityEnclosingRequest req = new BasicHttpEntityEnclosingRequest("GET", resource);
HttpRequestHelper.setDefaultHeader(req, tlsHandler.getServerAddress());
req.setHeader("Accept", "text/html, */*;q=0.8");
req.setHeader("Accept-Charset", "utf-8, *;q=0.8");
HttpUtils.dumpHttpRequest(LOG, req);
// send request and receive response
HttpResponse response = httpexecutor.execute(req, conn, ctx);
int statusCode = response.getStatusLine().getStatusCode();
conn.receiveResponseEntity(response);
HttpEntity entity = response.getEntity();
byte[] entityData = FileUtils.toByteArray(entity.getContent());
HttpUtils.dumpHttpResponse(LOG, response, entityData);
conn.close();
if (statusCode < 200 || statusCode > 299) {
throw new ConnectionError(WRONG_SERVER_RESULT, statusCode);
}
}
Also used :
HttpRequestExecutor(org.openecard.apache.http.protocol.HttpRequestExecutor)
HttpEntity(org.openecard.apache.http.HttpEntity)
InputStream(java.io.InputStream)
BasicHttpContext(org.openecard.apache.http.protocol.BasicHttpContext)
OutputStream(java.io.OutputStream)
TlsClientProtocol(org.openecard.bouncycastle.tls.TlsClientProtocol)
BasicHttpContext(org.openecard.apache.http.protocol.BasicHttpContext)
HttpContext(org.openecard.apache.http.protocol.HttpContext)
DefaultConnectionReuseStrategy(org.openecard.apache.http.impl.DefaultConnectionReuseStrategy)
HttpResponse(org.openecard.apache.http.HttpResponse)
StreamHttpClientConnection(org.openecard.transport.httpcore.StreamHttpClientConnection)
BasicHttpEntityEnclosingRequest(org.openecard.apache.http.message.BasicHttpEntityEnclosingRequest)
Example 3 with TlsClientProtocol
use of org.openecard.bouncycastle.tls.TlsClientProtocol in project open-ecard by ecsec.
the class ResourceContext method getStreamInt.
private static ResourceContext getStreamInt(URL url, CertificateValidator v, List<Pair<URL, TlsServerCertificate>> serverCerts, int maxRedirects) throws IOException, ResourceException, ValidationError, InvalidAddressException {
try {
DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
CookieManager cManager = (CookieManager) dynCtx.get(TR03112Keys.COOKIE_MANAGER);
LOG.info("Trying to load resource from: {}", url);
if (maxRedirects == 0) {
throw new ResourceException(MAX_REDIRECTS);
}
maxRedirects--;
String protocol = url.getProtocol();
String hostname = url.getHost();
int port = url.getPort();
if (port == -1) {
port = url.getDefaultPort();
}
String resource = url.getFile();
resource = resource.isEmpty() ? "/" : resource;
if (!"https".equals(protocol)) {
throw new InvalidAddressException(INVALID_ADDRESS);
}
// open a TLS connection, retrieve the server certificate and save it
TlsClientProtocol h;
DynamicAuthentication tlsAuth = new DynamicAuthentication(hostname);
// add PKIX validator if not doin nPA auth
if (isPKIXVerify()) {
tlsAuth.addCertificateVerifier(new JavaSecVerifier());
}
// FIXME: validate certificate chain as soon as a usable solution exists for the trust problem
// tlsAuth.setCertificateVerifier(new JavaSecVerifier());
TlsCrypto crypto = new BcTlsCrypto(ReusableSecureRandom.getInstance());
ClientCertTlsClient tlsClient = new ClientCertDefaultTlsClient(crypto, hostname, true);
tlsClient.setAuthentication(tlsAuth);
// connect tls client
tlsClient.setClientVersion(ProtocolVersion.TLSv12);
Socket socket = ProxySettings.getDefault().getSocket(protocol, hostname, port);
h = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream());
LOG.debug("Performing TLS handshake.");
h.connect(tlsClient);
LOG.debug("TLS handshake performed.");
serverCerts.add(new Pair<>(url, tlsAuth.getServerCertificate()));
// check result
CertificateValidator.VerifierResult verifyResult = v.validate(url, tlsAuth.getServerCertificate());
if (verifyResult == CertificateValidator.VerifierResult.FINISH) {
List<Pair<URL, TlsServerCertificate>> pairs = Collections.unmodifiableList(serverCerts);
return new ResourceContext(tlsClient, h, pairs);
}
StreamHttpClientConnection conn = new StreamHttpClientConnection(h.getInputStream(), h.getOutputStream());
HttpContext ctx = new BasicHttpContext();
HttpRequestExecutor httpexecutor = new HttpRequestExecutor();
BasicHttpEntityEnclosingRequest req = new BasicHttpEntityEnclosingRequest("GET", resource);
HttpRequestHelper.setDefaultHeader(req, url);
req.setHeader("Accept", "text/xml, */*;q=0.8");
req.setHeader("Accept-Charset", "utf-8, *;q=0.8");
setCookieHeader(req, cManager, url);
HttpUtils.dumpHttpRequest(LOG, req);
LOG.debug("Sending HTTP request.");
HttpResponse response = httpexecutor.execute(req, conn, ctx);
storeCookies(response, cManager, url);
LOG.debug("HTTP response received.");
StatusLine status = response.getStatusLine();
int statusCode = status.getStatusCode();
String reason = status.getReasonPhrase();
HttpUtils.dumpHttpResponse(LOG, response, null);
HttpEntity entity = null;
boolean finished = false;
if (TR03112Utils.isRedirectStatusCode(statusCode)) {
Header[] headers = response.getHeaders("Location");
if (headers.length > 0) {
String uri = headers[0].getValue();
url = new URL(uri);
} else {
// FIXME: refactor exception handling
throw new ResourceException(MISSING_LOCATION_HEADER);
}
} else if (statusCode >= 400) {
// according to the HTTP RFC, codes greater than 400 signal errors
LOG.debug("Received a result code {} '{}' from server.", statusCode, reason);
throw new InvalidResultStatus(LANG.translationForKey(INVALID_RESULT_STATUS, statusCode, reason));
} else {
if (verifyResult == CertificateValidator.VerifierResult.CONTINUE) {
throw new InvalidAddressException(INVALID_REFRESH_ADDRESS_NOSOP);
} else {
conn.receiveResponseEntity(response);
entity = response.getEntity();
finished = true;
}
}
// follow next redirect or finish?
if (finished) {
assert (entity != null);
ResourceContext result = new ResourceContext(tlsClient, h, serverCerts);
LimitedInputStream is = new LimitedInputStream(entity.getContent());
result.setStream(is);
return result;
} else {
h.close();
return getStreamInt(url, v, serverCerts, maxRedirects);
}
} catch (URISyntaxException ex) {
throw new IOException(LANG.translationForKey(FAILED_PROXY), ex);
} catch (HttpException ex) {
// don't translate this, it is handled in the ActivationAction
throw new IOException("Invalid HTTP message received.", ex);
}
}
Also used :
HttpRequestExecutor(org.openecard.apache.http.protocol.HttpRequestExecutor)
HttpEntity(org.openecard.apache.http.HttpEntity)
BasicHttpContext(org.openecard.apache.http.protocol.BasicHttpContext)
LimitedInputStream(org.openecard.common.io.LimitedInputStream)
TlsClientProtocol(org.openecard.bouncycastle.tls.TlsClientProtocol)
URISyntaxException(java.net.URISyntaxException)
ClientCertTlsClient(org.openecard.crypto.tls.ClientCertTlsClient)
StreamHttpClientConnection(org.openecard.transport.httpcore.StreamHttpClientConnection)
URL(java.net.URL)
TlsCrypto(org.openecard.bouncycastle.tls.crypto.TlsCrypto)
BcTlsCrypto(org.openecard.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto)
HttpException(org.openecard.apache.http.HttpException)
CookieManager(org.openecard.transport.httpcore.cookies.CookieManager)
JavaSecVerifier(org.openecard.crypto.tls.verify.JavaSecVerifier)
InvalidResultStatus(org.openecard.transport.httpcore.InvalidResultStatus)
Pair(org.openecard.common.util.Pair)
BasicHttpEntityEnclosingRequest(org.openecard.apache.http.message.BasicHttpEntityEnclosingRequest)
BasicHttpContext(org.openecard.apache.http.protocol.BasicHttpContext)
HttpContext(org.openecard.apache.http.protocol.HttpContext)
ClientCertDefaultTlsClient(org.openecard.crypto.tls.ClientCertDefaultTlsClient)
HttpResponse(org.openecard.apache.http.HttpResponse)
BcTlsCrypto(org.openecard.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto)
IOException(java.io.IOException)
StatusLine(org.openecard.apache.http.StatusLine)
Header(org.openecard.apache.http.Header)
DynamicAuthentication(org.openecard.crypto.tls.auth.DynamicAuthentication)
InvalidAddressException(org.openecard.binding.tctoken.ex.InvalidAddressException)
Socket(java.net.Socket)
DynamicContext(org.openecard.common.DynamicContext)
Example 4 with TlsClientProtocol
use of org.openecard.bouncycastle.tls.TlsClientProtocol in project open-ecard by ecsec.
the class PAOS method openHttpStream.
private StreamHttpClientConnection openHttpStream() throws PAOSConnectionException {
StreamHttpClientConnection conn;
try {
LOG.debug("Opening connection to PAOS server.");
TlsClientProtocol handler = tlsHandler.createTlsConnection();
conn = new StreamHttpClientConnection(handler.getInputStream(), handler.getOutputStream());
LOG.debug("Connection to PAOS server established.");
return conn;
} catch (IOException | URISyntaxException ex) {
throw new PAOSConnectionException(ex);
}
}
Also used :
TlsClientProtocol(org.openecard.bouncycastle.tls.TlsClientProtocol)
IOException(java.io.IOException)
URISyntaxException(java.net.URISyntaxException)
StreamHttpClientConnection(org.openecard.transport.httpcore.StreamHttpClientConnection)
Example 5 with TlsClientProtocol
use of org.openecard.bouncycastle.tls.TlsClientProtocol in project open-ecard by ecsec.
the class JavaSecVerifierTest method testVerificationError.
@Test(expectedExceptions = IOException.class)
public void testVerificationError() throws IOException {
final String hostName = "www.google.com";
final String actualHostName = "github.com";
TlsClientProtocol handler;
DefaultTlsClientImpl c;
try {
// open connection
Socket socket = new Socket(actualHostName, 443);
assertTrue(socket.isConnected());
assertTrue(socket.isBound());
assertFalse(socket.isClosed());
// connect client
c = new DefaultTlsClientImpl(hostName);
handler = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream());
} catch (Exception ex) {
throw new SkipException("Unable to create TLS client.");
}
// do TLS handshake
handler.connect(c);
handler.close();
}
Also used :
TlsClientProtocol(org.openecard.bouncycastle.tls.TlsClientProtocol)
SkipException(org.testng.SkipException)
Socket(java.net.Socket)
SkipException(org.testng.SkipException)
IOException(java.io.IOException)
Test(org.testng.annotations.Test)
Aggregations
TlsClientProtocol (org.openecard.bouncycastle.tls.TlsClientProtocol)10
Socket (java.net.Socket)7
IOException (java.io.IOException)5
StreamHttpClientConnection (org.openecard.transport.httpcore.StreamHttpClientConnection)4
InputStream (java.io.InputStream)3
OutputStream (java.io.OutputStream)3
URISyntaxException (java.net.URISyntaxException)3
BcTlsCrypto (org.openecard.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto)3
Test (org.testng.annotations.Test)3
HttpEntity (org.openecard.apache.http.HttpEntity)2
HttpResponse (org.openecard.apache.http.HttpResponse)2
BasicHttpEntityEnclosingRequest (org.openecard.apache.http.message.BasicHttpEntityEnclosingRequest)2
BasicHttpContext (org.openecard.apache.http.protocol.BasicHttpContext)2
HttpContext (org.openecard.apache.http.protocol.HttpContext)2
HttpRequestExecutor (org.openecard.apache.http.protocol.HttpRequestExecutor)2
TlsCrypto (org.openecard.bouncycastle.tls.crypto.TlsCrypto)2
ClientCertDefaultTlsClient (org.openecard.crypto.tls.ClientCertDefaultTlsClient)2
DynamicAuthentication (org.openecard.crypto.tls.auth.DynamicAuthentication)2
JavaSecVerifier (org.openecard.crypto.tls.verify.JavaSecVerifier)2
InetSocketAddress (java.net.InetSocketAddress)1
