List of usage examples for javax.net.ssl SSLSocket startHandshake
public abstract void startHandshake() throws IOException;
From source file:be.fgov.kszbcss.rhq.websphere.connector.agent.ConnectorSubsystemComponent.java
public OperationResult invokeOperation(String name, Configuration parameters) throws InterruptedException, Exception { if (name.equals("importCertificateFromFile")) { CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream in = new FileInputStream(parameters.getSimple("file").getStringValue()); try {//from w w w. ja va 2 s . co m Iterator<? extends Certificate> it = cf.generateCertificates(in).iterator(); if (it.hasNext()) { TrustStoreManager.getInstance().addCertificate(parameters.getSimple("alias").getStringValue(), (X509Certificate) it.next()); } else { throw new Exception("No certificate found"); } } finally { in.close(); } return null; } else if (name.equals("retrieveCellCertificate")) { DeploymentManager dm = new DeploymentManager(null, new ConfigurationBasedProcessLocator(parameters)); String cell = dm.getCell(); ConfigQueryExecutor configQueryExecutor = ConfigQueryServiceFactory.getInstance() .getConfigQueryExecutor(dm); try { X509Certificate cert = configQueryExecutor.query(CellRootCertificateQuery.INSTANCE); TrustStoreManager.getInstance().addCertificate("cell:" + cell, cert); } finally { configQueryExecutor.destroy(); } return null; } else if (name.equals("retrieveCertificateFromPort")) { SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(new KeyManager[0], new TrustManager[] { new AutoImportTrustManager(parameters.getSimple("alias").getStringValue()) }, new SecureRandom()); SSLSocket socket = (SSLSocket) sslContext.getSocketFactory().createSocket( parameters.getSimple("host").getStringValue(), parameters.getSimple("port").getIntegerValue()); try { socket.startHandshake(); } finally { socket.close(); } return null; } else if (name.equals("listCertificates")) { final PropertyList certificates = new PropertyList("certificates"); TrustStoreManager.getInstance().execute(new TrustStoreAction() { public void execute(KeyStore truststore) throws Exception { // Sort the aliases for convenience Set<String> aliases = new TreeSet<String>(); for (Enumeration<String> e = truststore.aliases(); e.hasMoreElements();) { aliases.add(e.nextElement()); } for (String alias : aliases) { X509Certificate cert = (X509Certificate) truststore.getCertificate(alias); PropertyMap map = new PropertyMap("certificate"); map.put(new PropertySimple("alias", alias)); map.put(new PropertySimple("subject", cert.getSubjectDN().toString())); MessageDigest md = MessageDigest.getInstance("SHA-1"); md.update(cert.getEncoded()); byte[] digest = md.digest(); StringBuilder fingerprint = new StringBuilder(); for (int i = 0; i < digest.length; i++) { if (i > 0) { fingerprint.append(':'); } fingerprint.append(getHexDigit(((int) digest[i] & 0xf0) >> 4)); fingerprint.append(getHexDigit((int) digest[i] & 0x0f)); } map.put(new PropertySimple("fingerprint", fingerprint.toString())); certificates.add(map); } } }, true); if (log.isDebugEnabled()) { log.debug("certificates=" + certificates); } OperationResult result = new OperationResult(); result.getComplexResults().put(certificates); return result; } else if (name.equals("removeCertificate")) { final String alias = parameters.getSimple("alias").getStringValue(); TrustStoreManager.getInstance().execute(new TrustStoreAction() { public void execute(KeyStore truststore) throws Exception { truststore.deleteEntry(alias); } }, false); return null; } else if (name.equals("renameCertificate")) { final String oldAlias = parameters.getSimple("oldAlias").getStringValue(); final String newAlias = parameters.getSimple("newAlias").getStringValue(); TrustStoreManager.getInstance().execute(new TrustStoreAction() { public void execute(KeyStore truststore) throws Exception { Certificate cert = truststore.getCertificate(oldAlias); truststore.setCertificateEntry(newAlias, cert); truststore.deleteEntry(oldAlias); } }, false); return null; } else { return null; } }
From source file:com.sonatype.nexus.ssl.plugin.internal.CertificateRetriever.java
/** * Retrieves certificate chain of specified host:port using direct socket connection. * * @param host to get certificate chain from (cannot be null) * @param port of host to connect to/*from w ww . j a v a 2 s . com*/ * @return certificate chain * @throws Exception Re-thrown from accessing the remote host */ public Certificate[] retrieveCertificates(final String host, final int port) throws Exception { checkNotNull(host); log.info("Retrieving certificate from {}:{} using direct socket connection", host, port); SSLSocket socket = null; try { SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, new TrustManager[] { ACCEPT_ALL_TRUST_MANAGER }, null); javax.net.ssl.SSLSocketFactory sslSocketFactory = sc.getSocketFactory(); socket = (SSLSocket) sslSocketFactory.createSocket(host, port); socket.startHandshake(); SSLSession session = socket.getSession(); return session.getPeerCertificates(); } finally { if (socket != null) { socket.close(); } } }
From source file:edu.htl3r.schoolplanner.backend.network.Network.java
/** * Liefert ein {@link SSLSocket}, wenn eine Verbindung via SSL zum Server aufgebaut werden konnte oder 'null', wenn SSL nicht verfuegbar ist. * @param sa Die Adresse des Sockets, zum dem die Verbindung aufgebaut werden soll * @param set Ein Set mit {@link SSLSocket}s, mithilfe derer versucht werden soll, eine Verbindung aufzubauen * @return Das erste SSLSocket aus dem Set, mit dem eine problemlos Verbindung zum Server aufgebaut werden konnte oder 'null', wenn dies mit keinem moeglich war *//* w w w. java 2 s . c o m*/ private SSLSocket getWorkingSSLSocket(SocketAddress sa, Set<SSLSocket> set) { final int sslSocketTimeout = 2000; for (SSLSocket sslSocket : set) { try { sslSocket.connect(sa, sslSocketTimeout); sslSocket.setSoTimeout(sslSocketTimeout); sslSocket.setReuseAddress(true); sslSocket.startHandshake(); return sslSocket; } catch (IOException e) { } finally { try { sslSocket.close(); } catch (IOException e) { } } } return null; }
From source file:net.jmhertlein.mcanalytics.console.gui.LoginPane.java
@FXML public void onLoginButtonPressed(ActionEvent event) { HostEntry selected = hostList.getSelectionModel().getSelectedItem(); if (selected == null) return;//from ww w. ja v a2 s. c o m try { SSLContext ctx = SSLUtil.buildClientContext(trust); SSLSocket raw = (SSLSocket) ctx.getSocketFactory().createSocket(selected.getUrl(), selected.getPort()); raw.setWantClientAuth(true); try { System.out.println("Starting handshake..."); raw.startHandshake(); } catch (SSLException ssle) { if (ssle.getCause() instanceof UntrustedCertificateException) { System.out.println("Got the correct exception"); UntrustedCertificateException uce = (UntrustedCertificateException) ssle.getCause(); CertTrustPromptDialog dlg = new CertTrustPromptDialog(trust, (X509Certificate) uce.getChain()[0]); dlg.showAndWait(); System.out.println("DIALOG RETURNED"); } return; } PrintWriter out = new PrintWriter(raw.getOutputStream()); BufferedReader in = new BufferedReader(new InputStreamReader(raw.getInputStream())); APISocket sock = new APISocket(out, in); app.setAPISocket(sock); sock.startListener(); //handle authentication boolean hasCert = false; FutureRequest<AuthenticationResult> login; if (trust.isCertificateEntry(selected.getUrl())) { try { ((X509Certificate) trust.getCertificate(selected.getUrl())).checkValidity(); hasCert = true; } catch (CertificateExpiredException | CertificateNotYetValidException ex) { Logger.getLogger(LoginPane.class.getName()).log(Level.SEVERE, null, ex); } } System.out.println("Has cert: " + hasCert); KeyPair newPair = null; String username; if (hasCert) { username = SSLUtil.getCNs((X509Certificate) trust.getCertificate(selected.getUrl())).iterator() .next(); login = sock.submit(new AuthenticationRequest(username)); System.out.println("Logging in w/ cert. CN: " + username + ", URL: " + selected.getUrl()); } else if (rememberLoginBox.isSelected()) { newPair = SSLUtil.newECDSAKeyPair(); username = usernameField.getText(); PKCS10CertificationRequest csr = SSLUtil.newCertificateRequest( SSLUtil.newX500Name(username, selected.getUrl(), "mcanalytics"), newPair); login = sock .submit(new AuthenticationRequest(usernameField.getText(), passwordField.getText(), csr)); System.out.println("Logging in with: " + usernameField.getText() + " + " + passwordField.getText() + " and requesting a cert."); } else { username = usernameField.getText(); login = sock.submit(new AuthenticationRequest(username, passwordField.getText())); System.out.println("Logging in with: " + username + " + " + passwordField.getText()); } try { boolean success = login.get().getSuccess(); if (success) { System.out.println("Login successful"); if (login.get().hasCertificate()) { trust.setCertificateEntry(selected.getUrl(), login.get().getCert()); trust.setKeyEntry(selected.getUrl() + "-private", newPair.getPrivate(), new char[0], new Certificate[] { login.get().getCert(), login.get().getCA() }); System.out.println("Stored a trusted cert from server."); } } else { System.out.println("Login failed."); Dialog dlg = new Dialog(); dlg.setTitle("Login Failed"); dlg.setContentText("Could not login- invalid login credentials."); dlg.showAndWait(); return; } } catch (InterruptedException | ExecutionException | KeyStoreException ex) { Logger.getLogger(LoginPane.class.getName()).log(Level.SEVERE, null, ex); Dialogs.showMessage("Connection Error", "Connection Error", ex.getMessage(), ex.toString()); System.out.println("Login error."); return; } //auth done Stage window = (Stage) loginButton.getScene().getWindow(); window.setScene(new Scene(new ChartPane(username, sock))); window.show(); } catch (IOException | KeyStoreException ex) { Logger.getLogger(LoginPane.class.getName()).log(Level.SEVERE, null, ex); Dialog dlg = new Dialog(); dlg.setTitle("Connection Error"); dlg.setContentText(ex.getMessage()); dlg.showAndWait(); System.out.println("Login error."); return; } }
From source file:info.guardianproject.netcipher.client.SSLConnectionSocketFactory.java
@Override public Socket connectSocket(final int connectTimeout, final Socket socket, final HttpHost host, final InetSocketAddress remoteAddress, final InetSocketAddress localAddress, final HttpContext context) throws IOException { Args.notNull(host, "HTTP host"); Args.notNull(remoteAddress, "Remote address"); final Socket sock = socket != null ? socket : createSocket(context); if (localAddress != null) { sock.bind(localAddress);//from w w w.java 2 s . c o m } try { if (connectTimeout > 0 && sock.getSoTimeout() == 0) { sock.setSoTimeout(connectTimeout); } /* if (this.log.isDebugEnabled()) { this.log.debug("Connecting socket to " + remoteAddress + " with timeout " + connectTimeout); } */ sock.connect(remoteAddress, connectTimeout); } catch (final IOException ex) { try { sock.close(); } catch (final IOException ignore) { } throw ex; } // Setup SSL layering if necessary if (sock instanceof SSLSocket) { final SSLSocket sslsock = (SSLSocket) sock; // this.log.debug("Starting handshake"); sslsock.startHandshake(); verifyHostname(sslsock, host.getHostName()); return sock; } else { return createLayeredSocket(sock, host.getHostName(), remoteAddress.getPort(), context); } }
From source file:ch.cyberduck.core.ftp.FTPClient.java
@Override protected void sslNegotiation() throws IOException { if (protocol.isSecure()) { final SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket(_socket_, _socket_.getInetAddress().getHostAddress(), _socket_.getPort(), false); socket.setEnableSessionCreation(true); socket.setUseClientMode(true);/*ww w . ja va 2 s . c o m*/ socket.startHandshake(); _socket_ = socket; _controlInput_ = new BufferedReader( new InputStreamReader(socket.getInputStream(), getControlEncoding())); _controlOutput_ = new BufferedWriter( new OutputStreamWriter(socket.getOutputStream(), getControlEncoding())); } }
From source file:com.leetchi.api.client.ssl.SSLConnectionSocketFactory.java
public Socket createLayeredSocket(final Socket socket, final String target, final int port, final HttpContext context) throws IOException { final SSLSocket sslsock = (SSLSocket) this.socketfactory.createSocket(socket, target, port, true); // DEBUT PATCH POUR FORCER LA VERSION DE PROTOCOLE // if (supportedProtocols != null) { sslsock.setEnabledProtocols(new String[] { "TLSv1" }); // }//from w ww .j a va 2 s . c om if (supportedCipherSuites != null) { sslsock.setEnabledCipherSuites(supportedCipherSuites); } prepareSocket(sslsock); sslsock.startHandshake(); verifyHostname(sslsock, target); return sslsock; }
From source file:com.mendhak.gpslogger.common.network.CertificateValidationWorkflow.java
private void connectToSSLSocket(Socket plainSocket) throws IOException { SSLSocketFactory factory = Networks.getSocketFactory(context); SSLSocket socket = (SSLSocket) factory.createSocket(host, port); if (plainSocket != null) { socket = (SSLSocket) factory.createSocket(plainSocket, host, port, true); }// ww w . java 2s.co m if (serverType == ServerType.SMTP) { socket.setUseClientMode(true); socket.setNeedClientAuth(true); } socket.setSoTimeout(5000); LOG.debug("Starting handshake..."); socket.startHandshake(); SSLSession session = socket.getSession(); Certificate[] servercerts = session.getPeerCertificates(); }
From source file:sos.net.SOSSSLSocketFactory.java
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException { // http proxy is available if (proxyHost != null && proxyHost.length() > 0) { Socket tunnel = new Socket(proxyHost, proxyPort); doTunnelHandshake(tunnel, host, port); SSLSocket sslSocket = (SSLSocket) sslFactory.createSocket(tunnel, host, port, autoClose); sslSocket.addHandshakeCompletedListener(new HandshakeCompletedListener() { public void handshakeCompleted(HandshakeCompletedEvent event) { // Handshake finished!" done = true;//from w w w. jav a 2s . co m } }); if (!done) sslSocket.startHandshake(); return sslSocket; } else { return sslFactory.createSocket(socket, host, port, autoClose); } }
From source file:org.gvnix.service.roo.addon.addon.security.SecurityServiceImpl.java
/** * Get certificates in the chain of the host server and import them. * <p>/* w ww .j av a 2 s .c o m*/ * Tries to get the certificates in the certificates chain of the host * server and import them to: * <ol> * <li>A custom keystore in <code>SRC_MAIN_RESOURCES/gvnix-cacerts</code></li> * <li>The JVM cacerts keystore in * <code>$JAVA_HOME/jre/lib/security/cacerts</code>. Here we can have a * problem if JVM <code>cacerts</code> file is not writable by the user due * to file permissions. In this case we throw an exception informing about * the error.</li> * </ol> * </p> * <p> * With that operation we can try again to get the WSDL.<br/> * Also it exports the chain certificates to <code>.cer</code> files in * <code>SRC_MAIN_RESOURCES</code>, so the developer can distribute them for * its installation in other environments or just in case we reach the * problem with the JVM <code>cacerts</code> file permissions. * </p> * * @see GvNix509TrustManager#saveCertFile(String, X509Certificate, * FileManager, PathResolver) * @see <a href= * "http://download.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html" * >Java SE keytool</a>. */ protected Document installCertificates(String loc, String pass) throws NoSuchAlgorithmException, KeyStoreException, Exception, KeyManagementException, MalformedURLException, IOException, UnknownHostException, SocketException, SAXException { // Create a SSL context SSLContext context = SSLContext.getInstance("TLS"); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); // Passphrase of the keystore: "changeit" by default char[] passArray = (StringUtils.isNotBlank(pass) ? pass.toCharArray() : "changeit".toCharArray()); // Get the project keystore and copy it from JVM if not exists File keystore = getProjectKeystore(); tmf.init(GvNix509TrustManager.loadKeyStore(keystore, passArray)); X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0]; GvNix509TrustManager tm = new GvNix509TrustManager(defaultTrustManager); context.init(null, new TrustManager[] { tm }, null); SSLSocketFactory factory = context.getSocketFactory(); // Open URL location (default 443 port if not defined) URL url = new URL(loc); String host = url.getHost(); int port = url.getPort() == -1 ? 443 : url.getPort(); SSLSocket socket = (SSLSocket) factory.createSocket(host, port); socket.setSoTimeout(10000); Document doc = null; try { socket.startHandshake(); URLConnection connection = url.openConnection(); if (connection instanceof HttpsURLConnection) { ((HttpsURLConnection) connection).setSSLSocketFactory(factory); } doc = XmlUtils.getDocumentBuilder().parse(connection.getInputStream()); socket.close(); } catch (SSLException ssle) { // Get needed certificates for this host getCerts(tm, host, keystore, passArray); doc = getWsdl(loc, pass); } catch (IOException ioe) { invalidHostCert(passArray, keystore, tm, host); } Validate.notNull(doc, "No valid document format"); return doc; }