List of usage examples for javax.net.ssl SSLSession getPeerPrincipal
public Principal getPeerPrincipal() throws SSLPeerUnverifiedException;
From source file:net.sf.taverna.cagrid.activity.CaGridActivity.java
/** * This static block is needed in case some of the caGrid services require * https which is more than likely and needs to be executed before we start * loading caGrid services or otherwise some of these services will fail. * Some caGrid services requiring https have a weird CN in their server * certificates - instead of CN=<HOSTNAME> they have CN="host/"+<HOSTNAME>, * i.e. string "host/" prepended so we have to tell Java's SSL to accept * these hostnames as well. This is not very good at is sets this hostname * verifier across all https connections created in the JVM from now on, but * solves the problem with such caGrid services. * /*from w w w.jav a 2 s .c o m*/ */ protected static void setHostNameVerifier() { HostnameVerifier hv = new HostnameVerifier() { public boolean verify(String hostName, SSLSession session) { String hostNameFromCertificate = null; try { hostNameFromCertificate = session.getPeerPrincipal().getName().substring(3, session.getPeerPrincipal().getName().indexOf(',')); } catch (SSLPeerUnverifiedException e) { e.printStackTrace(); return false; } logger.info("Hostname verifier: host from url: " + hostName + " vs. host from certificate: " + hostNameFromCertificate); //return (hostName.equals(hostNameFromCertificate) || ("host/"+hostName).equals(hostNameFromCertificate)); //force no-verification, dangerous!!! System.out.println(hostName + "\nis using a certificate issued to:\n " + hostNameFromCertificate); return true; } }; HttpsURLConnection.setDefaultHostnameVerifier(hv); }
From source file:org.openymsg.network.Session.java
private String[] yahooAuth16Stage1(final String seed) throws LoginRefusedException, IOException, NoSuchAlgorithmException { String authLink = "https://" + this.yahooLoginHost + "/config/pwtoken_get?src=ymsgr&ts=&login=" + this.loginID.getId() + "&passwd=" + URLEncoder.encode(this.password, "UTF-8") + "&chal=" + URLEncoder.encode(seed, "UTF-8"); URL u = new URL(authLink); URLConnection uc = u.openConnection(); uc.setConnectTimeout(LOGIN_HTTP_TIMEOUT); if (uc instanceof HttpsURLConnection) { HttpsURLConnection httpUc = (HttpsURLConnection) uc; // used to simulate failures // if (triesBeforeFailure++ % 3 == 0) { // throw new SocketException("Test failure"); // } if (!this.yahooLoginHost.equalsIgnoreCase(LOGIN_YAHOO_COM)) httpUc.setHostnameVerifier(new HostnameVerifier() { @Override//from ww w . ja v a 2s .com public boolean verify(final String hostname, final SSLSession session) { Principal principal = null; try { principal = session.getPeerPrincipal(); } catch (SSLPeerUnverifiedException e) { } String localName = "no set"; if (principal != null) localName = principal.getName(); log.debug("Hostname verify: " + hostname + "localName: " + localName); return true; } }); int responseCode = httpUc.getResponseCode(); this.setSessionStatus(SessionState.STAGE1); if (responseCode == HttpURLConnection.HTTP_OK) { InputStream in = uc.getInputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream(); int read = -1; byte[] buff = new byte[256]; while ((read = in.read(buff)) != -1) out.write(buff, 0, read); in.close(); StringTokenizer toks = new StringTokenizer(out.toString(), "\r\n"); if (toks.countTokens() <= 0) // errrorrrr throw new LoginRefusedException( "Login Failed, wrong response in stage 1:" + httpUc.getResponseMessage()); int responseNo = -1; try { responseNo = Integer.valueOf(toks.nextToken()); } catch (NumberFormatException e) { throw new LoginRefusedException( "Login Failed, wrong response in stage 1:" + httpUc.getResponseMessage()); } if (responseNo != 0 || !toks.hasMoreTokens()) switch (responseNo) { case 1235: throw new LoginRefusedException("Login Failed, Invalid username", AuthenticationState.BADUSERNAME); case 1212: throw new LoginRefusedException("Login Failed, Wrong password", AuthenticationState.BAD); case 1213: throw new LoginRefusedException("Login locked: Too many failed login attempts", AuthenticationState.LOCKED); case 1236: throw new LoginRefusedException("Login locked", AuthenticationState.LOCKED); case 100: throw new LoginRefusedException("Username or password missing", AuthenticationState.BAD); default: throw new LoginRefusedException("Login Failed, Unkown error", AuthenticationState.BAD); } String ymsgr = toks.nextToken(); if (ymsgr.indexOf("ymsgr=") == -1 && toks.hasMoreTokens()) ymsgr = toks.nextToken(); ymsgr = ymsgr.replaceAll("ymsgr=", ""); return yahooAuth16Stage2(ymsgr, seed); } else { log.error("Failed opening login url: " + authLink + " return code: " + responseCode); throw new LoginRefusedException( "Login Failed, Login url: " + authLink + " return code: " + responseCode); } } else { Class<? extends URLConnection> ucType = null; if (uc != null) ucType = uc.getClass(); log.error("Failed opening login url: " + authLink + " returns: " + ucType); throw new LoginRefusedException("Login Failed, Unable to submit login url"); } //throw new LoginRefusedException("Login Failed, unable to retrieve stage 1 url"); }