/** * @return the address portion of the URL */ private static HostSpec[] hostSpecs(Properties props) { String[] hosts = props.getProperty("PGHOST").split(","); String[] ports = props.getProperty("PGPORT").split(","); HostSpec[] hostSpecs = new HostSpec[hosts.length]; for (int i = 0; i < hostSpecs.length; ++i) { hostSpecs[i] = new HostSpec(hosts[i], Integer.parseInt(ports[i])); } return hostSpecs; }
private Pattern toPattern(String mask) { StringBuilder joiner = new StringBuilder(); String separator = ""; for (String disjunct : mask.split("\\|")) { if (!disjunct.isEmpty()) { String regex = disjunctToRegex(disjunct.toLowerCase()); joiner.append(separator).append(regex); separator = "|"; } } return joiner.length() == 0 ? null : compile(joiner.toString()); }
public Boolean shouldResolve() { String socksProxy = System.getProperty("socksProxyHost"); if (socksProxy == null || socksProxy.trim().isEmpty()) { return true; } return matchesNonProxyHosts(); }
/** * Constructor: Connect to the PostgreSQL back end and return a stream connection. * * @param socketFactory socket factory to use when creating sockets * @param hostSpec the host and port to connect to * @param timeout timeout in milliseconds, or 0 if no timeout set * @throws IOException if an IOException occurs below it. */ public PGStream(SocketFactory socketFactory, HostSpec hostSpec, int timeout) throws IOException { this.socketFactory = socketFactory; this.hostSpec = hostSpec; Socket socket = socketFactory.createSocket(); if (!socket.isConnected()) { // When using a SOCKS proxy, the host might not be resolvable locally, // thus we defer resolution until the traffic reaches the proxy. If there // is no proxy, we must resolve the host to an IP to connect the socket. InetSocketAddress address = hostSpec.shouldResolve() ? new InetSocketAddress(hostSpec.getHost(), hostSpec.getPort()) : InetSocketAddress.createUnresolved(hostSpec.getHost(), hostSpec.getPort()); socket.connect(address, timeout); } changeSocket(socket); setEncoding(Encoding.getJVMEncoding("UTF-8")); _int2buf = new byte[2]; _int4buf = new byte[4]; }
private String makeSPN() throws PSQLException { final HostSpec hs = pgStream.getHostSpec(); try { return NTDSAPIWrapper.instance.DsMakeSpn(spnServiceClass, hs.getHost(), null, (short) hs.getPort(), null); } catch (LastErrorException ex) { throw new PSQLException("SSPI setup failed to determine SPN", PSQLState.CONNECTION_UNABLE_TO_CONNECT, ex); } }
private static void verifyPeerName(PGStream stream, Properties info, SSLSocket newConnection) throws PSQLException { HostnameVerifier hvn; String sslhostnameverifier = PGProperty.SSL_HOSTNAME_VERIFIER.get(info); if (sslhostnameverifier == null) { hvn = PGjdbcHostnameVerifier.INSTANCE; sslhostnameverifier = "PgjdbcHostnameVerifier"; } else { try { hvn = (HostnameVerifier) instantiate(sslhostnameverifier, info, false, null); } catch (Exception e) { throw new PSQLException( GT.tr("The HostnameVerifier class provided {0} could not be instantiated.", sslhostnameverifier), PSQLState.CONNECTION_FAILURE, e); } } if (hvn.verify(stream.getHostSpec().getHost(), newConnection.getSession())) { return; } throw new PSQLException( GT.tr("The hostname {0} could not be verified by hostnameverifier {1}.", stream.getHostSpec().getHost(), sslhostnameverifier), PSQLState.CONNECTION_FAILURE); }
@Override public String toString() { return host.toString() + '=' + status; } }
private Boolean matchesNonProxyHosts() { String nonProxyHosts = System.getProperty("socksNonProxyHosts", DEFAULT_NON_PROXY_HOSTS); if (nonProxyHosts == null || this.host.isEmpty()) { return false; } Pattern pattern = toPattern(nonProxyHosts); Matcher matcher = pattern == null ? null : pattern.matcher(this.host); return matcher != null && matcher.matches(); }
public static void convert(PGStream stream, Properties info) throws PSQLException, IOException { LOGGER.log(Level.FINE, "converting regular socket connection to ssl"); SSLSocketFactory factory = SocketFactoryFactory.getSslSocketFactory(info); SSLSocket newConnection; try { newConnection = (SSLSocket) factory.createSocket(stream.getSocket(), stream.getHostSpec().getHost(), stream.getHostSpec().getPort(), true); // We must invoke manually, otherwise the exceptions are hidden newConnection.setUseClientMode(true); newConnection.startHandshake(); } catch (IOException ex) { throw new PSQLException(GT.tr("SSL error: {0}", ex.getMessage()), PSQLState.CONNECTION_FAILURE, ex); } if (factory instanceof LibPQFactory) { // throw any KeyManager exception ((LibPQFactory) factory).throwKeyManagerException(); } SslMode sslMode = SslMode.of(info); if (sslMode.verifyPeerName()) { verifyPeerName(stream, info, newConnection); } stream.changeSocket(newConnection); }
doAuthentication(newStream, hostSpec.getHost(), user, info);
Properties info = new Properties(); info.put("password", "postgres"); Jdbc4Connection c = new Jdbc4Connection(new HostSpec[]{new HostSpec("localhost", 5432)}, "postgres", "postgres", info, "");