use of org.openecard.crypto.tls.verify.HostnameVerifier in project open-ecard by ecsec.
the class HttpConnectProxy method connectSocket.
private Socket connectSocket() throws IOException {
// Socket object connecting to proxy
Socket sock = new Socket();
SocketAddress addr = new InetSocketAddress(proxyHost, proxyPort);
sock.setKeepAlive(true);
// this is pretty much, but not a problem, as this only shifts the responsibility to the server
sock.setSoTimeout(5 * 60 * 1000);
sock.connect(addr, 60 * 1000);
// evaluate scheme
if ("HTTPS".equals(proxyScheme)) {
TlsCrypto crypto = new BcTlsCrypto(ReusableSecureRandom.getInstance());
ClientCertDefaultTlsClient tlsClient = new ClientCertDefaultTlsClient(crypto, proxyHost, true);
DynamicAuthentication tlsAuth = new DynamicAuthentication(proxyHost);
if (proxyValidate) {
CertificateVerifier cv = new CertificateVerifierBuilder().and(new HostnameVerifier()).and(new KeyLengthVerifier()).and(new JavaSecVerifier()).build();
tlsAuth.setCertificateVerifier(cv);
}
tlsClient.setAuthentication(tlsAuth);
TlsClientProtocol proto = new TlsClientProtocol(sock.getInputStream(), sock.getOutputStream());
proto.connect(tlsClient);
// wrap socket
Socket tlsSock = new SocketWrapper(sock, proto.getInputStream(), proto.getOutputStream());
return tlsSock;
} else {
return sock;
}
}
Aggregations