List of usage examples for javax.net.ssl SSLSession isValid
public boolean isValid();
From source file:org.andstatus.app.net.http.TlsSniSocketFactory.java
@TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR1) private void connectWithSNI(SSLSocket ssl, String host) throws SSLPeerUnverifiedException { // set reasonable SSL/TLS settings before the handshake: // - enable all supported protocols (enables TLSv1.1 and TLSv1.2 on Android <4.4.3, if available) ssl.setEnabledProtocols(ssl.getSupportedProtocols()); // - set SNI host name if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) { MyLog.d(this, "Using documented SNI with host name " + host); sslSocketFactory.setHostname(ssl, host); } else {/*from ww w. j a v a 2 s .co m*/ MyLog.d(this, "No documented SNI support on Android <4.2, trying with reflection"); try { java.lang.reflect.Method setHostnameMethod = ssl.getClass().getMethod("setHostname", String.class); setHostnameMethod.invoke(ssl, host); } catch (Exception e) { MyLog.i(this, "SNI not useable", e); } } // verify hostname and certificate SSLSession session = ssl.getSession(); if (!session.isValid()) { MyLog.i(this, "Invalid session to host:'" + host + "'"); } HostnameVerifier hostnameVerifier = secure ? new BrowserCompatHostnameVerifier() : new AllowAllHostnameVerifier(); if (!hostnameVerifier.verify(host, session)) { throw new SSLPeerUnverifiedException("Cannot verify hostname: " + host); } MyLog.i(this, "Established " + session.getProtocol() + " connection with " + session.getPeerHost() + " using " + session.getCipherSuite()); }
From source file:eu.eidas.auth.engine.metadata.impl.BaseMetadataFetcher.java
/** * Override this method to plug your own SSLSocketFactory. * <p>/*from ww w. ja v a 2 s. com*/ * This default implementation relies on the default one from the JVM, i.e. using the default trustStore * ($JRE/lib/security/cacerts). * * @return the SecureProtocolSocketFactory instance to be used to connect to https metadata URLs. */ @Nonnull protected SecureProtocolSocketFactory newSslSocketFactory() { HostnameVerifier hostnameVerifier; if (!Boolean.getBoolean(DefaultBootstrap.SYSPROP_HTTPCLIENT_HTTPS_DISABLE_HOSTNAME_VERIFICATION)) { hostnameVerifier = new StrictHostnameVerifier(); } else { hostnameVerifier = org.apache.commons.ssl.HostnameVerifier.ALLOW_ALL; } TLSProtocolSocketFactory tlsProtocolSocketFactory = new TLSProtocolSocketFactory(null, null, hostnameVerifier) { @Override protected void verifyHostname(Socket socket) throws SSLException { if (socket instanceof SSLSocket) { SSLSocket sslSocket = (SSLSocket) socket; try { sslSocket.startHandshake(); } catch (IOException e) { throw new SSLException(e); } SSLSession sslSession = sslSocket.getSession(); if (!sslSession.isValid()) { throw new SSLException("SSLSession was invalid: Likely implicit handshake failure: " + "Set system property javax.net.debug=all for details"); } super.verifyHostname(sslSocket); } } }; Protocol.registerProtocol("https", new Protocol("https", tlsProtocolSocketFactory, 443)); return tlsProtocolSocketFactory; }
From source file:eu.eidas.node.auth.metadata.NodeMetadataFetcher.java
protected SecureProtocolSocketFactory hubLocalSslSocketFactory() { HostnameVerifier hostnameVerifier; if (!Boolean.getBoolean(DefaultBootstrap.SYSPROP_HTTPCLIENT_HTTPS_DISABLE_HOSTNAME_VERIFICATION)) { hostnameVerifier = new StrictHostnameVerifier(); } else {/*from w w w . j a v a2 s. co m*/ hostnameVerifier = org.apache.commons.ssl.HostnameVerifier.ALLOW_ALL; } X509TrustManager trustedCertManager = new X509TrustManager() { @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { try { return new X509Certificate[] { CertificateUtil.toCertificate(hubSslCertificateString) }; } catch (EIDASSAMLEngineException e) { throw new RuntimeException("Unable to load trusted certificate: ", e); } } @Override public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } }; TLSProtocolSocketFactory tlsProtocolSocketFactory = new TLSProtocolSocketFactory(null, trustedCertManager, hostnameVerifier) { @Override protected void verifyHostname(Socket socket) throws SSLException { if (socket instanceof SSLSocket) { SSLSocket sslSocket = (SSLSocket) socket; try { sslSocket.startHandshake(); } catch (IOException e) { throw new SSLException(e); } SSLSession sslSession = sslSocket.getSession(); if (!sslSession.isValid()) { throw new SSLException("SSLSession was invalid: Likely implicit handshake failure: " + "Set system property javax.net.debug=all for details"); } super.verifyHostname(sslSocket); } } }; Protocol.registerProtocol("https", new Protocol("https", tlsProtocolSocketFactory, 443)); return tlsProtocolSocketFactory; }
From source file:ch.cyberduck.core.ftp.FTPClient.java
@Override protected void _prepareDataSocket_(final Socket socket) throws IOException { if (preferences.getBoolean("ftp.tls.session.requirereuse")) { if (socket instanceof SSLSocket) { // Control socket is SSL final SSLSession session = ((SSLSocket) _socket_).getSession(); if (session.isValid()) { final SSLSessionContext context = session.getSessionContext(); context.setSessionCacheSize(preferences.getInteger("ftp.ssl.session.cache.size")); try { final Field sessionHostPortCache = context.getClass() .getDeclaredField("sessionHostPortCache"); sessionHostPortCache.setAccessible(true); final Object cache = sessionHostPortCache.get(context); final Method method = cache.getClass().getDeclaredMethod("put", Object.class, Object.class); method.setAccessible(true); method.invoke(cache, String.format("%s:%s", socket.getInetAddress().getHostName(), String.valueOf(socket.getPort())).toLowerCase(Locale.ROOT), session); method.invoke(cache, String.format("%s:%s", socket.getInetAddress().getHostAddress(), String.valueOf(socket.getPort())).toLowerCase(Locale.ROOT), session); } catch (NoSuchFieldException e) { // Not running in expected JRE log.warn("No field sessionHostPortCache in SSLSessionContext", e); } catch (Exception e) { // Not running in expected JRE log.warn(e.getMessage()); }/*from w w w.j ava2 s .com*/ } else { log.warn(String.format("SSL session %s for socket %s is not rejoinable", session, socket)); } } } }
From source file:android.net.http.CertificateChainValidator.java
/** * @param sslContext The SSL context shared accross all the SSL sessions * @param host The host associated with the session * @return A suitable SSL session from the SSL context *//* w w w . ja v a 2s .c om*/ private SSLSession getSSLSession(SSLContext sslContext, HttpHost host) { if (sslContext != null && host != null) { Enumeration en = sslContext.getClientSessionContext().getIds(); while (en.hasMoreElements()) { byte[] id = (byte[]) en.nextElement(); if (id != null) { SSLSession session = sslContext.getClientSessionContext().getSession(id); if (session.isValid() && host.getHostName().equals(session.getPeerHost()) && host.getPort() == session.getPeerPort()) { return session; } } } } return null; }