List of usage examples for javax.net.ssl SSLSocket getSession
public abstract SSLSession getSession();
From source file:MainClass.java
public static void main(String args[]) throws Exception { SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory(); SSLSocket socket = (SSLSocket) factory.createSocket("127.0.0.1", 9999); socket.startHandshake();//from w ww . j av a2s . c om SSLSession session = socket.getSession(); java.security.cert.Certificate[] servercerts = session.getPeerCertificates(); List mylist = new ArrayList(); for (int i = 0; i < servercerts.length; i++) { mylist.add(servercerts[i]); } CertificateFactory cf = CertificateFactory.getInstance("X.509"); CertPath cp = cf.generateCertPath(mylist); FileOutputStream f = new FileOutputStream("CertPath.dat"); ObjectOutputStream b = new ObjectOutputStream(f); b.writeObject(cp); }
From source file:MainClass.java
public static void main(String[] args) throws Exception { SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); String hostName = "hostName"; String fileName = "fileName"; SSLSocket sslsock = (SSLSocket) factory.createSocket(hostName, 443); SSLSession session = sslsock.getSession(); X509Certificate cert;// w ww . j a v a 2s .co m try { cert = (X509Certificate) session.getPeerCertificates()[0]; } catch (SSLPeerUnverifiedException e) { System.err.println(session.getPeerHost() + " did not present a valid certificate."); return; } System.out.println(session.getPeerHost() + " has presented a certificate belonging to:"); Principal p = cert.getSubjectDN(); System.out.println("\t[" + p.getName() + "]"); System.out.println("The certificate bears the valid signature of:"); System.out.println("\t[" + cert.getIssuerDN().getName() + "]"); System.out.print("Do you trust this certificate (y/n)? "); System.out.flush(); BufferedReader console = new BufferedReader(new InputStreamReader(System.in)); if (Character.toLowerCase(console.readLine().charAt(0)) != 'y') return; PrintWriter out = new PrintWriter(sslsock.getOutputStream()); out.print("GET " + fileName + " HTTP/1.0\r\n\r\n"); out.flush(); BufferedReader in = new BufferedReader(new InputStreamReader(sslsock.getInputStream())); String line; while ((line = in.readLine()) != null) System.out.println(line); sslsock.close(); }
From source file:Main.java
public static void main(String[] argv) throws Exception { int port = 443; String hostname = "hostname"; SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory(); SSLSocket socket = (SSLSocket) factory.createSocket(hostname, port); socket.startHandshake();//from w w w . jav a2 s . c om // Retrieve the server's certificate chain Certificate[] serverCerts = socket.getSession().getPeerCertificates(); socket.close(); }
From source file:Test.java
public static void main(String[] arstring) throws Exception { SSLServerSocketFactory sslServerSocketFactory = (SSLServerSocketFactory) SSLServerSocketFactory .getDefault();// www .j a v a 2s.c o m SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketFactory.createServerSocket(9999); System.out.println("Waiting for a client ..."); SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); SSLParameters parameters = sslSocket.getSSLParameters(); parameters.setAlgorithmConstraints(new SimpleConstraints()); AlgorithmConstraints constraints = parameters.getAlgorithmConstraints(); System.out.println("Constraint: " + constraints); String endPoint = parameters.getEndpointIdentificationAlgorithm(); System.out.println("End Point: " + endPoint); System.out.println("Local Supported Signature Algorithms"); if (sslSocket.getSession() instanceof ExtendedSSLSession) { ExtendedSSLSession extendedSSLSession = (ExtendedSSLSession) sslSocket.getSession(); String alogrithms[] = extendedSSLSession.getLocalSupportedSignatureAlgorithms(); for (String algorithm : alogrithms) { System.out.println("Algortihm: " + algorithm); } } System.out.println("Peer Supported Signature Algorithms"); if (sslSocket.getSession() instanceof ExtendedSSLSession) { String alogrithms[] = ((ExtendedSSLSession) sslSocket.getSession()) .getPeerSupportedSignatureAlgorithms(); for (String algorithm : alogrithms) { System.out.println("Algortihm: " + algorithm); } } InputStream inputstream = sslSocket.getInputStream(); InputStreamReader inputstreamreader = new InputStreamReader(inputstream); BufferedReader bufferedreader = new BufferedReader(inputstreamreader); SSLSession session = sslSocket.getHandshakeSession(); if (session != null) { System.out.println("Last accessed: " + new Date(session.getLastAccessedTime())); } String string = null; while ((string = bufferedreader.readLine()) != null) { System.out.println(string); System.out.flush(); } }
From source file:ee.ria.xroad.proxy.serverproxy.CustomSSLSocketFactory.java
private static X509Certificate getPeerCertificate(SSLSocket sslsock) throws Exception { Certificate[] certs = sslsock.getSession().getPeerCertificates(); if (certs.length == 0) { throw new Exception("Could not get peer certificates"); }//from www .ja va2 s. c om return (X509Certificate) certs[0]; }
From source file:com.kenai.redminenb.repository.RedmineManagerFactoryHelper.java
public static HttpClient getTransportConfig() { /**/* www. j a v a2 s.co m*/ * Implement a minimal hostname verifier. This is needed to be able to use * hosts with certificates, that don't match the used hostname (VServer). * * This is implemented by first trying the "Browser compatible" hostname * verifier and if that fails, fall back to the default java hostname * verifier. * * If the default case the hostname verifier in java always rejects, but * for netbeans the "SSL Certificate Exception" module is available that * catches this and turns a failure into a request to the GUI user. */ X509HostnameVerifier hostnameverified = new X509HostnameVerifier() { @Override public void verify(String string, SSLSocket ssls) throws IOException { if (SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER.verify(string, ssls.getSession())) { return; } if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(string, ssls.getSession())) { throw new SSLException("Hostname did not verify"); } } @Override public void verify(String string, X509Certificate xc) throws SSLException { throw new SSLException("Check not implemented yet"); } @Override public void verify(String string, String[] strings, String[] strings1) throws SSLException { throw new SSLException("Check not implemented yet"); } @Override public boolean verify(String string, SSLSession ssls) { if (SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER.verify(string, ssls)) { return true; } return HttpsURLConnection.getDefaultHostnameVerifier().verify(string, ssls); } }; try { SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(SSLContext.getDefault(), hostnameverified); HttpClient hc = HttpClientBuilder.create() .setRoutePlanner(new SystemDefaultRoutePlanner(ProxySelector.getDefault())) .setSSLSocketFactory(scsf).build(); return hc; } catch (NoSuchAlgorithmException ex) { throw new RuntimeException(ex); } }
From source file:com.eviware.soapui.impl.wsdl.support.http.SoapUISSLSocketFactory.java
private static SSLSocket enableSocket(SSLSocket socket) { String invalidateSession = System.getProperty("soapui.https.session.invalidate"); String protocols = System.getProperty("soapui.https.protocols"); String ciphers = System.getProperty("soapui.https.ciphers"); if (StringUtils.hasContent(invalidateSession)) { socket.getSession().invalidate(); }/*ww w. j av a 2 s . com*/ if (StringUtils.hasContent(protocols)) { socket.setEnabledProtocols(protocols.split(",")); } // else if( socket.getSupportedProtocols() != null ) // { // socket.setEnabledProtocols( socket.getSupportedProtocols() ); // } if (StringUtils.hasContent(ciphers)) { socket.setEnabledCipherSuites(ciphers.split(",")); } // else if( socket.getSupportedCipherSuites() != null ) // { // socket.setEnabledCipherSuites( socket.getSupportedCipherSuites() ); // } return socket; }
From source file:android.net.SSLCertificateSocketFactory.java
/** * Verify the hostname of the certificate used by the other end of a * connected socket. You MUST call this if you did not supply a hostname * to {@link #createSocket()}. It is harmless to call this method * redundantly if the hostname has already been verified. * * <p>Wildcard certificates are allowed to verify any matching hostname, * so "foo.bar.example.com" is verified if the peer has a certificate * for "*.example.com"./*from www .j av a 2 s. c om*/ * * @param socket An SSL socket which has been connected to a server * @param hostname The expected hostname of the remote server * @throws IOException if something goes wrong handshaking with the server * @throws SSLPeerUnverifiedException if the server cannot prove its identity * * @hide */ public static void verifyHostname(Socket socket, String hostname) throws IOException { if (!(socket instanceof SSLSocket)) { throw new IllegalArgumentException("Attempt to verify non-SSL socket"); } if (!isSslCheckRelaxed()) { // The code at the start of OpenSSLSocketImpl.startHandshake() // ensures that the call is idempotent, so we can safely call it. SSLSocket ssl = (SSLSocket) socket; ssl.startHandshake(); SSLSession session = ssl.getSession(); if (session == null) { throw new SSLException("Cannot verify SSL socket without session"); } if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) { throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname); } } }
From source file:org.apache.nifi.registry.security.util.CertificateUtils.java
/** * Returns the DN extracted from the server certificate. * * @param socket the SSL Socket/*from w w w. j a v a 2 s . c o m*/ * @return the extracted DN * @throws CertificateException if there is a problem parsing the certificate */ private static String extractPeerDNFromServerSSLSocket(Socket socket) throws CertificateException { String dn = null; if (socket instanceof SSLSocket) { final SSLSocket sslSocket = (SSLSocket) socket; try { final Certificate[] certChains = sslSocket.getSession().getPeerCertificates(); if (certChains != null && certChains.length > 0) { X509Certificate x509Certificate = convertAbstractX509Certificate(certChains[0]); dn = x509Certificate.getSubjectDN().getName().trim(); logger.debug("Extracted DN={} from server certificate", dn); } } catch (SSLPeerUnverifiedException e) { if (e.getMessage().equals(PEER_NOT_AUTHENTICATED_MSG)) { logger.error("The server did not present a certificate and thus the DN cannot" + " be extracted. Check that the other endpoint is providing a complete certificate chain"); } throw new CertificateException(e); } } return dn; }
From source file:org.wso2.carbon.identity.relyingparty.saml.IssuerCertificateUtil.java
public static Certificate readCertFromUrl(String url) throws Exception { URL hostURL = null;/*w ww. j a v a 2 s. co m*/ String hostname = null; int port; SSLSocketFactory factory = null; SSLSocket socket = null; try { // Create the client socket hostURL = new URL(url); hostname = hostURL.getHost(); // Check whether the url has a port stated explicitly. If its not present default to 443 port = hostURL.getPort(); if (port == -1) { port = 443; } factory = HttpsURLConnection.getDefaultSSLSocketFactory(); socket = (SSLSocket) factory.createSocket(hostname, port); // Connect to the server socket.startHandshake(); // Retrieve the server's certificate chain Certificate[] serverCerts = socket.getSession().getPeerCertificates(); // The local certificate first followed by any certificate authorities. if (serverCerts != null && serverCerts.length > 0) { if (log.isDebugEnabled()) { log.debug("Return any associated certificates suceessfully" + url); } return serverCerts[0]; } else { if (log.isDebugEnabled()) { log.debug("Does not return any associated certificates" + url); } return null; } } finally { // Close the socket if (socket != null) { socket.close(); } } }