List of usage examples for javax.net.ssl SSLSession invalidate
public void invalidate();
From source file:com.ksc.http.conn.ssl.SdkTLSSocketFactory.java
/** * Invalidates all SSL/TLS sessions in {@code sessionContext} associated with {@code remoteAddress}. * * @param sessionContext collection of SSL/TLS sessions to be (potentially) invalidated * @param remoteAddress associated with sessions to invalidate *//* w ww.ja va2 s.c om*/ private void clearSessionCache(final SSLSessionContext sessionContext, final InetSocketAddress remoteAddress) { final String hostName = remoteAddress.getHostName(); final int port = remoteAddress.getPort(); final Enumeration<byte[]> ids = sessionContext.getIds(); if (ids == null) { return; } while (ids.hasMoreElements()) { final byte[] id = ids.nextElement(); final SSLSession session = sessionContext.getSession(id); if (session != null && session.getPeerHost() != null && session.getPeerHost().equalsIgnoreCase(hostName) && session.getPeerPort() == port) { session.invalidate(); if (LOG.isDebugEnabled()) { LOG.debug("Invalidated session " + session); } } } }
From source file:com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.java
/** * Invalidates all SSL/TLS sessions in {@code sessionContext} associated with {@code remoteAddress}. * @param sessionContext collection of SSL/TLS sessions to be (potentially) invalidated * @param remoteAddress associated with sessions to invalidate *///from w w w . j a va 2 s .c om private void clearSessionCache(final SSLSessionContext sessionContext, final InetSocketAddress remoteAddress) { final String hostName = remoteAddress.getHostName(); final int port = remoteAddress.getPort(); final Enumeration<byte[]> ids = sessionContext.getIds(); if (ids == null) { return; } while (ids.hasMoreElements()) { final byte[] id = ids.nextElement(); final SSLSession session = sessionContext.getSession(id); if (session != null && session.getPeerHost() != null && session.getPeerHost().equalsIgnoreCase(hostName) && session.getPeerPort() == port) { session.invalidate(); if (log.isDebugEnabled()) { log.debug("Invalidated session " + session); } } } }
From source file:android.net.http.CertificateChainValidator.java
private void closeSocketThrowException(SSLSocket socket, String errorMessage) throws SSLHandshakeException, IOException { if (HttpLog.LOGV) { HttpLog.v("validation error: " + errorMessage); }// w w w. j a v a 2s . c o m if (socket != null) { SSLSession session = socket.getSession(); if (session != null) { session.invalidate(); } socket.close(); } throw new SSLHandshakeException(errorMessage); }
From source file:com.amazonaws.http.conn.ssl.privileged.PrivilegedMasterSecretValidator.java
/** * Checks the validity of an SSLSession's master secret. Should be run within a doPrivileged * block/* w w w . j a v a 2s.c om*/ */ private boolean privilegedIsMasterSecretValid(final Socket socket) { if (socket instanceof SSLSocket) { SSLSession session = getSslSession(socket); if (session != null) { String className = session.getClass().getName(); if ("sun.security.ssl.SSLSessionImpl".equals(className)) { try { Object masterSecret = getMasterSecret(session, className); if (masterSecret == null) { session.invalidate(); if (LOG.isDebugEnabled()) { LOG.debug("Invalidated session " + session); } return false; } } catch (Exception e) { failedToVerifyMasterSecret(e); } } } } return true; }
From source file:com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.java
/** * Double check the master secret of an SSL session must not be null, or * else a {@link SecurityException} will be thrown. * @param sock connected socket//w ww . ja v a2 s . c o m */ private void verifyMasterSecret(final Socket sock) { if (sock instanceof SSLSocket) { SSLSocket ssl = (SSLSocket) sock; SSLSession session = ssl.getSession(); if (session != null) { String className = session.getClass().getName(); if ("sun.security.ssl.SSLSessionImpl".equals(className)) { try { Class<?> clazz = Class.forName(className); Method method = clazz.getDeclaredMethod("getMasterSecret"); method.setAccessible(true); Object masterSecret = method.invoke(session); if (masterSecret == null) { session.invalidate(); if (log.isDebugEnabled()) { log.debug("Invalidated session " + session); } throw log(new SecurityException("Invalid SSL master secret")); } } catch (ClassNotFoundException e) { failedToVerifyMasterSecret(e); } catch (NoSuchMethodException e) { failedToVerifyMasterSecret(e); } catch (IllegalAccessException e) { failedToVerifyMasterSecret(e); } catch (InvocationTargetException e) { failedToVerifyMasterSecret(e.getCause()); } } } } return; }
From source file:org.apache.tomcat.util.net.jsse.JSSESupport.java
public Object[] getPeerCertificateChain(boolean force) throws IOException { // Look up the current SSLSession SSLSession session = ssl.getSession(); if (session == null) return null; // Convert JSSE's certificate format to the ones we need X509Certificate[] jsseCerts = null; try {/*from w w w . ja va 2s . c om*/ jsseCerts = session.getPeerCertificateChain(); } catch (Exception bex) { // ignore. } if (jsseCerts == null) jsseCerts = new X509Certificate[0]; if (jsseCerts.length <= 0 && force) { session.invalidate(); handShake(); session = ssl.getSession(); } return getX509Certificates(session); }
From source file:test.integ.be.fedict.commons.eid.client.SSLTest.java
@Test public void testMutualSSL() throws Exception { Security.addProvider(new BeIDProvider()); final KeyPair serverKeyPair = generateKeyPair(); final PrivateKey serverPrivateKey = serverKeyPair.getPrivate(); final DateTime notBefore = new DateTime(); final DateTime notAfter = notBefore.plusDays(1); final X509Certificate serverCertificate = generateCACertificate(serverKeyPair, "CN=Test", notBefore, notAfter);/*w w w .j ava 2 s. com*/ final KeyManager keyManager = new ServerTestX509KeyManager(serverPrivateKey, serverCertificate); final TrustManager trustManager = new ServerTestX509TrustManager(); final SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(new KeyManager[] { keyManager }, new TrustManager[] { trustManager }, new SecureRandom()); final SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory(); final int serverPort = 8443; final SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketFactory .createServerSocket(serverPort); sslServerSocket.setNeedClientAuth(true); final TestRunnable testRunnable = new TestRunnable(serverPort); final Thread thread = new Thread(testRunnable); thread.start(); SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); LOG.debug("server accepted"); InputStream inputStream = sslSocket.getInputStream(); int result = inputStream.read(); LOG.debug("result: " + result); assertEquals(12, result); SSLSession sslSession = sslSocket.getSession(); sslSession.invalidate(); sslSocket = (SSLSocket) sslServerSocket.accept(); inputStream = sslSocket.getInputStream(); result = inputStream.read(); LOG.debug("result: " + result); assertEquals(34, result); }