use of org.parosproxy.paros.security.MissingRootCertificateException in project zaproxy by zaproxy.
the class ProxyThread method beginSSL.
/**
* @param targethost the host where you want to connect to
* @throws IOException if an error occurred while establishing the SSL/TLS connection
*/
private void beginSSL(String targethost) throws IOException {
// ZAP: added parameter 'targethost'
try {
inSocket = HttpSender.getSSLConnector().createTunnelServerSocket(targethost, inSocket);
} catch (MissingRootCertificateException e) {
// throw again, cause will be catched later.
throw new MissingRootCertificateException(e);
} catch (Exception e) {
// ZAP: transform for further processing
throw new IOException("Error while establishing SSL connection for '" + targethost + "'!", e);
}
httpIn = new HttpInputStream(inSocket);
httpOut = new HttpOutputStream(inSocket.getOutputStream());
}
use of org.parosproxy.paros.security.MissingRootCertificateException in project zaproxy by zaproxy.
the class ProxyThread method run.
@Override
public void run() {
proxyThreadList.add(thread);
boolean isSecure = this instanceof ProxyThreadSSL;
HttpRequestHeader firstHeader = null;
try {
BufferedInputStream bufferedInputStream = new BufferedInputStream(inSocket.getInputStream(), 2048);
inSocket = new CustomStreamsSocket(inSocket, bufferedInputStream, inSocket.getOutputStream());
httpIn = new HttpInputStream(inSocket);
httpOut = new HttpOutputStream(inSocket.getOutputStream());
firstHeader = httpIn.readRequestHeader(isSecure);
firstHeader.setSenderAddress(inSocket.getInetAddress());
if (firstHeader.getMethod().equalsIgnoreCase(HttpRequestHeader.CONNECT)) {
HttpMessage connectMsg = new HttpMessage(firstHeader);
connectMsg.setTimeSentMillis(System.currentTimeMillis());
try {
httpOut.write(CONNECT_HTTP_200);
httpOut.flush();
connectMsg.setResponseHeader(CONNECT_HTTP_200);
connectMsg.setTimeElapsedMillis((int) (System.currentTimeMillis() - connectMsg.getTimeSentMillis()));
notifyConnectMessage(connectMsg);
byte[] bytes = new byte[3];
bufferedInputStream.mark(3);
bufferedInputStream.read(bytes);
bufferedInputStream.reset();
if (isSslTlsHandshake(bytes)) {
isSecure = true;
beginSSL(firstHeader.getHostName());
}
firstHeader = httpIn.readRequestHeader(isSecure);
firstHeader.setSenderAddress(inSocket.getInetAddress());
processHttp(firstHeader, isSecure);
} catch (MissingRootCertificateException e) {
// Unluckily Firefox and Internet Explorer will not show this message.
// We should find a way to let the browsers display this error message.
// May we can redirect to some kind of ZAP custom error page.
final HttpMessage errmsg = new HttpMessage(firstHeader);
setErrorResponse(errmsg, BAD_GATEWAY_RESPONSE_STATUS, e, "ZAP SSL Error");
writeHttpResponse(errmsg, httpOut);
throw new IOException(e);
}
} else {
processHttp(firstHeader, isSecure);
}
} catch (SocketTimeoutException e) {
// ZAP: Log the exception
if (firstHeader != null) {
if (HttpRequestHeader.CONNECT.equalsIgnoreCase(firstHeader.getMethod())) {
log.warn("Timeout reading (client) message after CONNECT to " + firstHeader.getURI());
} else {
log.warn("Timeout accessing " + firstHeader.getURI());
}
} else {
log.warn("Socket timeout while reading first message.");
if (log.isDebugEnabled()) {
log.debug(e, e);
}
}
} catch (HttpMalformedHeaderException e) {
log.warn("Malformed Header: ", e);
} catch (HttpException e) {
log.error(e.getMessage(), e);
} catch (IOException e) {
log.debug("IOException: ", e);
} finally {
proxyThreadList.remove(thread);
// ZAP: do only close if flag is false
if (!keepSocketOpen) {
disconnect();
}
}
}
Aggregations