public static Socket getSocket(String host, int port, Properties props, String prefix) throws IOException { return getSocket(host, port, props, prefix, false); }
/** * Start TLS on an existing socket. * Supports the "STARTTLS" command in many protocols. * This version for compatibility with possible third party code * that might've used this API even though it shouldn't. * * @param socket the existing socket * @return the wrapped Socket * @exception IOException for I/O errors * @deprecated */ @Deprecated public static Socket startTLS(Socket socket) throws IOException { return startTLS(socket, new Properties(), "socket"); }
String sfClass = props.getProperty(prefix + ".ssl.socketFactory.class"); sf = getSocketFactory(sfClass); sfErr = "SSL socket factory class " + sfClass; String sfClass = props.getProperty(prefix + ".socketFactory.class"); sf = getSocketFactory(sfClass); sfErr = "socket factory class " + sfClass; configureSSLSocket(socket, host, props, prefix, ssf); } catch (Exception ex) { if (ex instanceof InvocationTargetException) {
sslsocket.setEnabledProtocols(stringArray(protocols)); else { sslsocket.setEnabledCipherSuites(stringArray(ciphers)); if (logger.isLoggable(Level.FINER)) { logger.finer("SSL enabled protocols after " + prefix + ".ssl.checkserveridentity", false); if (idCheck) checkServerIdentity(host, sslsocket); if (sf instanceof MailSSLSocketFactory) { MailSSLSocketFactory msf = (MailSSLSocketFactory)sf; if (!msf.isServerTrusted(host, sslsocket)) { throw cleanupAndThrow(sslsocket, new IOException("Server is not trusted: " + host));
sslsocket.setEnabledProtocols(stringArray(protocols)); else { sslsocket.setEnabledCipherSuites(stringArray(ciphers)); if (logger.isLoggable(Level.FINER)) { logger.finer("SSL enabled protocols after " + prefix + ".ssl.checkserveridentity", false); if (idCheck) checkServerIdentity(host, sslsocket); if (sf instanceof MailSSLSocketFactory) { MailSSLSocketFactory msf = (MailSSLSocketFactory)sf;
String sfClass = props.getProperty(prefix + ".ssl.socketFactory.class"); sf = getSocketFactory(sfClass); sfErr = "SSL socket factory class " + sfClass; String sfClass = props.getProperty(prefix + ".socketFactory.class"); sf = getSocketFactory(sfClass); sfErr = "socket factory class " + sfClass; socket = createSocket(localaddr, localport, host, sfPort, cto, to, props, prefix, sf, useSSL); socket = createSocket(localaddr, localport, host, port, cto, to, props, prefix, null, useSSL);
logger.finest("connecting..."); if (proxyHost != null) proxyConnect(socket, proxyHost, proxyPort, proxyUser, proxyPassword, host, port, cto); else if (cto >= 0) configureSSLSocket(socket, host, props, prefix, sf);
int sfPort = -1; try { SocketFactory sf = getSocketFactory(sfClass); if (sf != null) { String sfPortStr = socket = createSocket(localaddr, localport, host, sfPort, cto, sf, useSSL); socket = createSocket(localaddr, localport, host, port, cto, null, useSSL); socket.setSoTimeout(to); configureSSLSocket(socket, props, prefix); return socket;
/** * Return a socket factory of the specified class. */ private static SocketFactory getSocketFactory(String sfClass) throws ClassNotFoundException, NoSuchMethodException, IllegalAccessException, InvocationTargetException { if (sfClass == null || sfClass.length() == 0) return null; // dynamically load the class ClassLoader cl = getContextClassLoader(); Class<?> clsSockFact = null; if (cl != null) { try { clsSockFact = Class.forName(sfClass, false, cl); } catch (ClassNotFoundException cex) { } } if (clsSockFact == null) clsSockFact = Class.forName(sfClass); // get & invoke the getDefault() method Method mthGetDefault = clsSockFact.getMethod("getDefault", new Class<?>[]{}); SocketFactory sf = (SocketFactory) mthGetDefault.invoke(new Object(), new Object[]{}); return sf; }
/** * Check the server from the Socket connection against the server name(s) * as expressed in the server certificate (RFC 2595 check). * * @param server name of the server expected * @param sslSocket SSLSocket connected to the server * @exception IOException if we can't verify identity of server */ private static void checkServerIdentity(String server, SSLSocket sslSocket) throws IOException { // Check against the server name(s) as expressed in server certificate try { java.security.cert.Certificate[] certChain = sslSocket.getSession().getPeerCertificates(); if (certChain != null && certChain.length > 0 && certChain[0] instanceof X509Certificate && matchCert(server, (X509Certificate)certChain[0])) return; } catch (SSLPeerUnverifiedException e) { sslSocket.close(); IOException ioex = new IOException( "Can't verify identity of server: " + server); ioex.initCause(e); throw ioex; } // If we get here, there is nothing to consider the server as trusted. sslSocket.close(); throw new IOException("Can't verify identity of server: " + server); }
if (logger.isLoggable(Level.FINER)) logger.finer("found name: " + name); if (matchServer(server, name)) return true; if (m.find() && matchServer(server, m.group(1).trim())) return true;
if (socksHost != null) { try { ClassLoader cl = getContextClassLoader(); Class proxySupport = null; if (cl != null) { configureSSLSocket(socket, host, props, prefix, sf);
configureSSLSocket(socket, host, props, prefix, sf);
sslsocket.setEnabledProtocols(stringArray(protocols)); else { sslsocket.setEnabledCipherSuites(stringArray(ciphers));
sslsocket.setEnabledProtocols(stringArray(protocols)); else { sslsocket.setEnabledCipherSuites(stringArray(ciphers)); if (logger.isLoggable(Level.FINER)) { logger.finer("SSL enabled protocols after " + prefix + ".ssl.checkserveridentity", false); if (idCheck) checkServerIdentity(host, sslsocket); if (sf instanceof MailSSLSocketFactory) { MailSSLSocketFactory msf = (MailSSLSocketFactory)sf; if (!msf.isServerTrusted(host, sslsocket)) { throw cleanupAndThrow(sslsocket, new IOException("Server is not trusted: " + host));
String sfClass = props.getProperty(prefix + ".ssl.socketFactory.class"); sf = getSocketFactory(sfClass); sfErr = "SSL socket factory class " + sfClass; String sfClass = props.getProperty(prefix + ".socketFactory.class"); sf = getSocketFactory(sfClass); sfErr = "socket factory class " + sfClass; socket = createSocket(localaddr, localport, host, sfPort, cto, to, props, prefix, sf, useSSL); socket = createSocket(localaddr, localport, host, port, cto, to, props, prefix, null, useSSL);
logger.finest("connecting..."); if (proxyHost != null) proxyConnect(socket, proxyHost, proxyPort, proxyUser, proxyPassword, host, port, cto); else if (cto >= 0) configureSSLSocket(socket, host, props, prefix, sf);
/** * Return a socket factory of the specified class. */ private static SocketFactory getSocketFactory(String sfClass) throws ClassNotFoundException, NoSuchMethodException, IllegalAccessException, InvocationTargetException { if (sfClass == null || sfClass.length() == 0) return null; // dynamically load the class ClassLoader cl = getContextClassLoader(); Class<?> clsSockFact = null; if (cl != null) { try { clsSockFact = Class.forName(sfClass, false, cl); } catch (ClassNotFoundException cex) { } } if (clsSockFact == null) clsSockFact = Class.forName(sfClass); // get & invoke the getDefault() method Method mthGetDefault = clsSockFact.getMethod("getDefault", new Class<?>[]{}); SocketFactory sf = (SocketFactory) mthGetDefault.invoke(new Object(), new Object[]{}); return sf; }
sslsocket.setEnabledProtocols(stringArray(protocols)); else { sslsocket.setEnabledCipherSuites(stringArray(ciphers)); if (debug) { System.out.println("DEBUG SocketFetcher: SSL protocols after " + prefix + ".ssl.checkserveridentity", false); if (idCheck) checkServerIdentity(host, sslsocket); if (sf instanceof MailSSLSocketFactory) { MailSSLSocketFactory msf = (MailSSLSocketFactory)sf;
/** * Check the server from the Socket connection against the server name(s) * as expressed in the server certificate (RFC 2595 check). * * @param server name of the server expected * @param sslSocket SSLSocket connected to the server * @exception IOException if we can't verify identity of server */ private static void checkServerIdentity(String server, SSLSocket sslSocket) throws IOException { // Check against the server name(s) as expressed in server certificate try { java.security.cert.Certificate[] certChain = sslSocket.getSession().getPeerCertificates(); if (certChain != null && certChain.length > 0 && certChain[0] instanceof X509Certificate && matchCert(server, (X509Certificate)certChain[0])) return; } catch (SSLPeerUnverifiedException e) { sslSocket.close(); IOException ioex = new IOException( "Can't verify identity of server: " + server); ioex.initCause(e); throw ioex; } // If we get here, there is nothing to consider the server as trusted. sslSocket.close(); throw new IOException("Can't verify identity of server: " + server); }