List of usage examples for javax.net.ssl SSLPeerUnverifiedException SSLPeerUnverifiedException
public SSLPeerUnverifiedException(String reason)
From source file:org.aevans.goat.net.SSLStrategyGetter.java
public static SchemeIOSessionStrategy getSchemeIOSessionStrategy() { DefaultHostnameVerifier hostnameVerifier = new DefaultHostnameVerifier( PublicSuffixMatcherLoader.getDefault()); SchemeIOSessionStrategy sioss = new SchemeIOSessionStrategy() { @Override/*from w w w.j ava 2 s . c o m*/ public boolean isLayeringRequired() { return true; } @Override public IOSession upgrade(final HttpHost host, final IOSession iosession) throws IOException { SSLSetupHandler handler = new SSLSetupHandler() { @Override public void initalize(SSLEngine sslengine) throws SSLException { } @Override public void verify(IOSession iosession, SSLSession sslsession) throws SSLException { if (!hostnameVerifier.verify(host.getHostName(), sslsession)) { final java.security.cert.Certificate[] certs = sslsession.getPeerCertificates(); final X509Certificate x509 = (X509Certificate) certs[0]; final X500Principal x500Principal = x509.getSubjectX500Principal(); throw new SSLPeerUnverifiedException("Host name '" + host.getHostName() + "' does not match " + "the certificate subject provided by the peer (" + x500Principal.toString() + ")"); } } }; SSLBufferManagementStrategy sslbm = new ReleasableSSLBufferManagementStrategy(); SSLIOSession ssio = new SSLIOSession(iosession, SSLMode.CLIENT, host, SSLContexts.createDefault(), handler, sslbm); iosession.setAttribute(SSLIOSession.SESSION_KEY, ssio); ssio.initialize(); return ssio; } }; return sioss; }
From source file:com.odoo.core.support.OdooServerTester.java
public boolean testConnection(String serverURL, Boolean forceConnect) throws SSLPeerUnverifiedException, OVersionException { mForceConnect = forceConnect;//ww w.j ava2 s . com if (!TextUtils.isEmpty(serverURL)) { try { mOdoo = new Odoo(mContext, serverURL, forceConnect); mDatabases = mOdoo.getDatabaseList(); if (mDatabases == null) { mDatabases = new JSONArray(); if (mOdoo.getDatabaseName() != null) { mDatabases.put(mOdoo.getDatabaseName()); } } if (mDatabases.length() > 0) return true; } catch (SSLPeerUnverifiedException peer) { throw new SSLPeerUnverifiedException(peer.getMessage()); } catch (OVersionException version) { throw new OVersionException(version.getMessage()); } catch (Exception e) { e.printStackTrace(); } } return false; }
From source file:com.openerp.support.OpenERPServerConnection.java
/** * Test connection.//from ww w . j a va 2 s . c o m * * @param context * the context * @param serverURL * the server url * @param mForceConnect * @return true, if successful * @throws OEVersionException * @throws SSLPeerUnverifiedException */ public boolean testConnection(Context context, String serverURL) throws OEVersionException, SSLPeerUnverifiedException { Log.d(TAG, "OpenERPServerConnection->testConnection()"); if (TextUtils.isEmpty(serverURL)) { return false; } try { openerp = new OpenERP(serverURL); openerp.getDatabaseList(); } catch (SSLPeerUnverifiedException ssl) { Log.d(TAG, "Throw SSLPeerUnverifiedException "); throw new SSLPeerUnverifiedException(ssl.getMessage()); } catch (OEVersionException version) { throw new OEVersionException(version.getMessage()); } catch (Exception e) { e.printStackTrace(); return false; } return true; }
From source file:org.opensaml.security.httpclient.HttpClientSecuritySupport.java
/** * Check that trust engine evaluation of the server TLS credential was actually performed when the * scheme is HTTPS.//from w w w .j a v a2s .c o m * * @param context the current HTTP context instance in use * @param scheme the HTTP request scheme * @throws SSLPeerUnverifiedException thrown if the TLS credential was not actually evaluated by the trust engine */ public static void checkTLSCredentialEvaluated(@Nonnull final HttpClientContext context, @Nonnull final String scheme) throws SSLPeerUnverifiedException { if (context.getAttribute(CONTEXT_KEY_TRUST_ENGINE) != null && "https".equalsIgnoreCase(scheme)) { if (context.getAttribute(CONTEXT_KEY_SERVER_TLS_CREDENTIAL_TRUSTED) == null) { LOG.warn("Configured TLS trust engine was not used to verify server TLS credential, " + "the appropriate socket factory was likely not configured"); throw new SSLPeerUnverifiedException( "Evaluation of server TLS credential with configured TrustEngine was not performed"); } } }
From source file:com.odoo.support.OdooServerConnection.java
/** * Test connection./*from www.j a va2s . com*/ * * @param context * the context * @param serverURL * the server url * @param mForceConnect * @return true, if successful * @throws OVersionException * @throws SSLPeerUnverifiedException */ public boolean testConnection(Context context, String serverURL) throws OVersionException, SSLPeerUnverifiedException { Log.d(TAG, "OdooServerConnection->testConnection()"); if (TextUtils.isEmpty(serverURL) && !serverURL.contains(".")) { return false; } try { odoo = new Odoo(context, serverURL, mAllowSelfSignedSSL); mDbLists = odoo.getDatabaseList(); if (mDbLists == null) { mDbLists = new JSONArray(); if (odoo.getDatabaseName() != null) mDbLists.put(odoo.getDatabaseName()); } } catch (SSLPeerUnverifiedException ssl) { Log.d(TAG, "Throw SSLPeerUnverifiedException "); throw new SSLPeerUnverifiedException(ssl.getMessage()); } catch (OVersionException version) { throw new OVersionException(version.getMessage()); } catch (Exception e) { e.printStackTrace(); return false; } return true; }
From source file:com.rastating.droidbeard.net.TlsSocketFactory.java
@Override public Socket createSocket(Socket plainSocket, String host, int port, boolean autoClose) throws IOException, UnknownHostException { // Create and connect SSL socket, but don't do hostname/certificate verification yet SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory .getDefault(0);//from www . j av a 2 s. c om // Setup custom trust manager if we are trusting all certificates if (mTrustAllCertificates) { TrustManager tm = new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() { return null; } }; sslSocketFactory.setTrustManagers(new TrustManager[] { tm }); } SSLSocket ssl = (SSLSocket) sslSocketFactory.createSocket(InetAddress.getByName(host), port); // Enable TLSv1.1/1.2 if available // (see https://github.com/rfc2822/davdroid/issues/229) ssl.setEnabledProtocols(ssl.getSupportedProtocols()); SSLSession session = ssl.getSession(); // Verify hostname and certificate if we aren't trusting all certificates if (!mTrustAllCertificates) { if (!hostnameVerifier.verify(host, session)) throw new SSLPeerUnverifiedException("Cannot verify hostname: " + host); } Log.i("droidbeard", "Established " + session.getProtocol() + " connection with " + session.getPeerHost() + " using " + session.getCipherSuite()); return ssl; }
From source file:org.transdroid.util.TlsSniSocketFactory.java
@Override @TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR1) public Socket createSocket(Socket plainSocket, String host, int port, boolean autoClose) throws IOException { if (autoClose) { // we don't need the plainSocket plainSocket.close();//from w w w . j a v a 2s. c o m } SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory .getDefault(0); // create and connect SSL socket, but don't do hostname/certificate verification yet SSLSocket ssl = (SSLSocket) sslSocketFactory.createSocket(InetAddress.getByName(host), port); // enable TLSv1.1/1.2 if available ssl.setEnabledProtocols(ssl.getSupportedProtocols()); // set up SNI before the handshake if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) { sslSocketFactory.setHostname(ssl, host); } else { try { java.lang.reflect.Method setHostnameMethod = ssl.getClass().getMethod("setHostname", String.class); setHostnameMethod.invoke(ssl, host); } catch (Exception e) { Log.d(TlsSniSocketFactory.class.getSimpleName(), "SNI not usable: " + e); } } // verify hostname and certificate SSLSession session = ssl.getSession(); if (!hostnameVerifier.verify(host, session)) { throw new SSLPeerUnverifiedException("Cannot verify hostname: " + host); } return ssl; }
From source file:com.ntsync.android.sync.client.MySSLSocketFactory.java
private void verifyHostname(SSLSocket socket) throws SSLPeerUnverifiedException { SSLSession session = socket.getSession(); String hostname = session.getPeerHost(); X509Certificate[] certs = session.getPeerCertificateChain(); if (certs == null || certs.length == 0) { throw new SSLPeerUnverifiedException("No server certificates found!"); }// w w w . j av a 2 s . c o m // get the servers DN in its string representation String dn = certs[0].getSubjectDN().getName(); // might be useful to print out all certificates we receive from the // server, in case one has to debug a problem with the installed certs. if (Log.isLoggable(TAG, Log.DEBUG)) { Log.d(TAG, "Server certificate chain:"); for (int i = 0; i < certs.length; i++) { Log.d(TAG, "X509Certificate[" + i + "]=" + certs[i]); } } // get the common name from the first cert String cn = getCN(dn); if (hostname != null && hostname.equalsIgnoreCase(cn)) { if (Log.isLoggable(TAG, Log.DEBUG)) { Log.d(TAG, "Target hostname valid: " + cn); } } else { if (BuildConfig.DEBUG) { Log.w(TAG, "HTTPS hostname invalid: expected '" + hostname + "', received '" + cn + "'"); return; } throw new SSLPeerUnverifiedException( "HTTPS hostname invalid: expected '" + hostname + "', received '" + cn + "'"); } }
From source file:org.lizardirc.beancounter.security.VerifyingSslSocketFactory.java
private void verify(SSLSocket socket) throws SSLException { SSLSession session = socket.getSession(); if (!verifier.verify(hostname, session)) { System.err.println("Rejecting; hostname verification failed"); throw new SSLPeerUnverifiedException("Failed to verify hostname: certificate mismatch"); }//from w w w . java 2 s . c o m }