Example 1 with KeyLengthVerifier
use of org.openecard.crypto.tls.verify.KeyLengthVerifier in project open-ecard by ecsec.
the class HttpConnectProxy method connectSocket.
private Socket connectSocket() throws IOException {
// Socket object connecting to proxy
Socket sock = new Socket();
SocketAddress addr = new InetSocketAddress(proxyHost, proxyPort);
sock.setKeepAlive(true);
// this is pretty much, but not a problem, as this only shifts the responsibility to the server
sock.setSoTimeout(5 * 60 * 1000);
sock.connect(addr, 60 * 1000);
// evaluate scheme
if ("HTTPS".equals(proxyScheme)) {
TlsCrypto crypto = new BcTlsCrypto(ReusableSecureRandom.getInstance());
ClientCertDefaultTlsClient tlsClient = new ClientCertDefaultTlsClient(crypto, proxyHost, true);
DynamicAuthentication tlsAuth = new DynamicAuthentication(proxyHost);
if (proxyValidate) {
CertificateVerifier cv = new CertificateVerifierBuilder().and(new HostnameVerifier()).and(new KeyLengthVerifier()).and(new JavaSecVerifier()).build();
tlsAuth.setCertificateVerifier(cv);
}
tlsClient.setAuthentication(tlsAuth);
TlsClientProtocol proto = new TlsClientProtocol(sock.getInputStream(), sock.getOutputStream());
proto.connect(tlsClient);
// wrap socket
Socket tlsSock = new SocketWrapper(sock, proto.getInputStream(), proto.getOutputStream());
return tlsSock;
} else {
return sock;
}
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
TlsClientProtocol(org.openecard.bouncycastle.tls.TlsClientProtocol)
ClientCertDefaultTlsClient(org.openecard.crypto.tls.ClientCertDefaultTlsClient)
BcTlsCrypto(org.openecard.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto)
CertificateVerifierBuilder(org.openecard.crypto.tls.verify.CertificateVerifierBuilder)
KeyLengthVerifier(org.openecard.crypto.tls.verify.KeyLengthVerifier)
TlsCrypto(org.openecard.bouncycastle.tls.crypto.TlsCrypto)
BcTlsCrypto(org.openecard.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto)
HostnameVerifier(org.openecard.crypto.tls.verify.HostnameVerifier)
CertificateVerifier(org.openecard.crypto.tls.CertificateVerifier)
DynamicAuthentication(org.openecard.crypto.tls.auth.DynamicAuthentication)
SocketAddress(java.net.SocketAddress)
InetSocketAddress(java.net.InetSocketAddress)
Socket(java.net.Socket)
JavaSecVerifier(org.openecard.crypto.tls.verify.JavaSecVerifier)
SocketWrapper(org.openecard.crypto.tls.SocketWrapper)
Aggregations
InetSocketAddress (java.net.InetSocketAddress)1
Socket (java.net.Socket)1
SocketAddress (java.net.SocketAddress)1
TlsClientProtocol (org.openecard.bouncycastle.tls.TlsClientProtocol)1
TlsCrypto (org.openecard.bouncycastle.tls.crypto.TlsCrypto)1
BcTlsCrypto (org.openecard.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto)1
CertificateVerifier (org.openecard.crypto.tls.CertificateVerifier)1
ClientCertDefaultTlsClient (org.openecard.crypto.tls.ClientCertDefaultTlsClient)1
SocketWrapper (org.openecard.crypto.tls.SocketWrapper)1
DynamicAuthentication (org.openecard.crypto.tls.auth.DynamicAuthentication)1
CertificateVerifierBuilder (org.openecard.crypto.tls.verify.CertificateVerifierBuilder)1
HostnameVerifier (org.openecard.crypto.tls.verify.HostnameVerifier)1
JavaSecVerifier (org.openecard.crypto.tls.verify.JavaSecVerifier)1
KeyLengthVerifier (org.openecard.crypto.tls.verify.KeyLengthVerifier)1
