Search in sources :

Example 1 with HostnameVerifier

use of org.openecard.crypto.tls.verify.HostnameVerifier in project open-ecard by ecsec.

the class HttpConnectProxy method connectSocket.

private Socket connectSocket() throws IOException {
    // Socket object connecting to proxy
    Socket sock = new Socket();
    SocketAddress addr = new InetSocketAddress(proxyHost, proxyPort);
    sock.setKeepAlive(true);
    // this is pretty much, but not a problem, as this only shifts the responsibility to the server
    sock.setSoTimeout(5 * 60 * 1000);
    sock.connect(addr, 60 * 1000);
    // evaluate scheme
    if ("HTTPS".equals(proxyScheme)) {
        TlsCrypto crypto = new BcTlsCrypto(ReusableSecureRandom.getInstance());
        ClientCertDefaultTlsClient tlsClient = new ClientCertDefaultTlsClient(crypto, proxyHost, true);
        DynamicAuthentication tlsAuth = new DynamicAuthentication(proxyHost);
        if (proxyValidate) {
            CertificateVerifier cv = new CertificateVerifierBuilder().and(new HostnameVerifier()).and(new KeyLengthVerifier()).and(new JavaSecVerifier()).build();
            tlsAuth.setCertificateVerifier(cv);
        }
        tlsClient.setAuthentication(tlsAuth);
        TlsClientProtocol proto = new TlsClientProtocol(sock.getInputStream(), sock.getOutputStream());
        proto.connect(tlsClient);
        // wrap socket
        Socket tlsSock = new SocketWrapper(sock, proto.getInputStream(), proto.getOutputStream());
        return tlsSock;
    } else {
        return sock;
    }
}
Also used : InetSocketAddress(java.net.InetSocketAddress) TlsClientProtocol(org.openecard.bouncycastle.tls.TlsClientProtocol) ClientCertDefaultTlsClient(org.openecard.crypto.tls.ClientCertDefaultTlsClient) BcTlsCrypto(org.openecard.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto) CertificateVerifierBuilder(org.openecard.crypto.tls.verify.CertificateVerifierBuilder) KeyLengthVerifier(org.openecard.crypto.tls.verify.KeyLengthVerifier) TlsCrypto(org.openecard.bouncycastle.tls.crypto.TlsCrypto) BcTlsCrypto(org.openecard.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto) HostnameVerifier(org.openecard.crypto.tls.verify.HostnameVerifier) CertificateVerifier(org.openecard.crypto.tls.CertificateVerifier) DynamicAuthentication(org.openecard.crypto.tls.auth.DynamicAuthentication) SocketAddress(java.net.SocketAddress) InetSocketAddress(java.net.InetSocketAddress) Socket(java.net.Socket) JavaSecVerifier(org.openecard.crypto.tls.verify.JavaSecVerifier) SocketWrapper(org.openecard.crypto.tls.SocketWrapper)

Aggregations

InetSocketAddress (java.net.InetSocketAddress)1 Socket (java.net.Socket)1 SocketAddress (java.net.SocketAddress)1 TlsClientProtocol (org.openecard.bouncycastle.tls.TlsClientProtocol)1 TlsCrypto (org.openecard.bouncycastle.tls.crypto.TlsCrypto)1 BcTlsCrypto (org.openecard.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto)1 CertificateVerifier (org.openecard.crypto.tls.CertificateVerifier)1 ClientCertDefaultTlsClient (org.openecard.crypto.tls.ClientCertDefaultTlsClient)1 SocketWrapper (org.openecard.crypto.tls.SocketWrapper)1 DynamicAuthentication (org.openecard.crypto.tls.auth.DynamicAuthentication)1 CertificateVerifierBuilder (org.openecard.crypto.tls.verify.CertificateVerifierBuilder)1 HostnameVerifier (org.openecard.crypto.tls.verify.HostnameVerifier)1 JavaSecVerifier (org.openecard.crypto.tls.verify.JavaSecVerifier)1 KeyLengthVerifier (org.openecard.crypto.tls.verify.KeyLengthVerifier)1