org.aevans.goat.net.SSLStrategyGetter.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.aevans.goat.net.SSLStrategyGetter.java

Introduction

Here is the source code for org.aevans.goat.net.SSLStrategyGetter.java

Source

package org.aevans.goat.net;

import java.io.IOException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.x500.X500Principal;
import javax.security.cert.Certificate;

import org.apache.http.nio.reactor.ssl.SSLBufferManagementStrategy;
import org.apache.http.nio.reactor.ssl.SSLIOSession;
import org.apache.http.nio.reactor.ssl.SSLMode;
import org.apache.http.HttpHost;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.conn.util.PublicSuffixMatcherLoader;
import org.apache.http.nio.conn.SchemeIOSessionStrategy;
import org.apache.http.nio.reactor.IOSession;
import org.apache.http.nio.reactor.ssl.ReleasableSSLBufferManagementStrategy;
import org.apache.http.nio.reactor.ssl.SSLBufferManagementStrategy;
import org.apache.http.nio.reactor.ssl.SSLSetupHandler;

/**
 * Get an SSL strategy which releases connections.
 * 
 * @author Andrew Evans
 * Copyright 2016
 * License : Free BSD
 */
public class SSLStrategyGetter {

    public static SchemeIOSessionStrategy getSchemeIOSessionStrategy() {
        DefaultHostnameVerifier hostnameVerifier = new DefaultHostnameVerifier(
                PublicSuffixMatcherLoader.getDefault());
        SchemeIOSessionStrategy sioss = new SchemeIOSessionStrategy() {

            @Override
            public boolean isLayeringRequired() {
                return true;
            }

            @Override
            public IOSession upgrade(final HttpHost host, final IOSession iosession) throws IOException {

                SSLSetupHandler handler = new SSLSetupHandler() {

                    @Override
                    public void initalize(SSLEngine sslengine) throws SSLException {
                    }

                    @Override
                    public void verify(IOSession iosession, SSLSession sslsession) throws SSLException {
                        if (!hostnameVerifier.verify(host.getHostName(), sslsession)) {
                            final java.security.cert.Certificate[] certs = sslsession.getPeerCertificates();
                            final X509Certificate x509 = (X509Certificate) certs[0];
                            final X500Principal x500Principal = x509.getSubjectX500Principal();
                            throw new SSLPeerUnverifiedException("Host name '" + host.getHostName()
                                    + "' does not match " + "the certificate subject provided by the peer ("
                                    + x500Principal.toString() + ")");
                        }
                    }

                };
                SSLBufferManagementStrategy sslbm = new ReleasableSSLBufferManagementStrategy();
                SSLIOSession ssio = new SSLIOSession(iosession, SSLMode.CLIENT, host, SSLContexts.createDefault(),
                        handler, sslbm);
                iosession.setAttribute(SSLIOSession.SESSION_KEY, ssio);
                ssio.initialize();
                return ssio;
            }

        };

        return sioss;
    }

}