public void destroy() { if (sslFactory != null) { sslFactory.destroy(); } }
@Override public void check(String host, X509Certificate cert) throws SSLException { check(new String[]{host}, cert); }
@Override public final void check(final String[] host, final String[] cns, final String[] subjectAlts) throws SSLException { check(host, cns, subjectAlts, false, true); }
private HttpURLConnection configureConnection(HttpURLConnection conn) throws IOException { if (sslFactory != null) { HttpsURLConnection httpsConn = (HttpsURLConnection) conn; try { httpsConn.setSSLSocketFactory(sslFactory.createSSLSocketFactory()); } catch (GeneralSecurityException ex) { throw new IOException(ex); } httpsConn.setHostnameVerifier(sslFactory.getHostnameVerifier()); } return conn; }
/** * Initializes the factory. * * @throws GeneralSecurityException thrown if an SSL initialization error * happened. * @throws IOException thrown if an IO error happened while reading the SSL * configuration. */ public void init() throws GeneralSecurityException, IOException { keystoresFactory.init(mode); context = SSLContext.getInstance("TLS"); context.init(keystoresFactory.getKeyManagers(), keystoresFactory.getTrustManagers(), null); context.getDefaultSSLParameters().setProtocols(enabledProtocols); hostnameVerifier = getHostnameVerifier(conf); }
private static String readOut(URL url) throws Exception { HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); conn.setSSLSocketFactory(clientSslFactory.createSSLSocketFactory()); InputStream in = conn.getInputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream(); IOUtils.copyBytes(in, out, 1024); return out.toString(); }
private HostnameVerifier getHostnameVerifier(Configuration conf) throws GeneralSecurityException, IOException { return getHostnameVerifier(StringUtils.toUpperCase( conf.get(SSL_HOSTNAME_VERIFIER_KEY, "DEFAULT").trim())); }
@Override public void check(String[] host, X509Certificate cert) throws SSLException { String[] cns = Certificates.getCNs(cert); String[] subjectAlts = Certificates.getDNSSubjectAlts(cert); try { check(host, cns, subjectAlts); } catch (SSLException e) { LOG.error("Host check error {}", e); throw e; } }
@Override public final void check(final String[] hosts, final String[] cns, final String[] subjectAlts) throws SSLException { if (isLocalhost(hosts[0])) { return; } check(hosts, cns, subjectAlts, false, false); }
/** * Releases any resources being used. */ @Override public synchronized void destroy() { if (trustManager != null) { trustManager.destroy(); trustManager = null; keyManagers = null; trustManagers = null; } }
/** * Returns the hostname verifier it should be used in HttpsURLConnections. * * @return the hostname verifier. */ public HostnameVerifier getHostnameVerifier() { if (mode != Mode.CLIENT) { throw new IllegalStateException( "Factory is not in CLIENT mode. Actual mode is " + mode.toString()); } return hostnameVerifier; }
/** * Releases any resources being used. */ public void destroy() { keystoresFactory.destroy(); } /**
@Override public final void check(final String[] host, final String[] cns, final String[] subjectAlts) throws SSLException { check(host, cns, subjectAlts, true, true); }
@Override public final void check(final String[] hosts, final String[] cns, final String[] subjectAlts) throws SSLException { check(hosts, cns, subjectAlts, false, false); }
/** * Shutdown valueQueue executor threads */ @Override public void close() throws IOException { try { encKeyVersionQueue.shutdown(); } catch (Exception e) { throw new IOException(e); } finally { if (sslFactory != null) { sslFactory.destroy(); sslFactory = null; } } }
@Override public void check(String host, String[] cns, String[] subjectAlts) throws SSLException { check(new String[]{host}, cns, subjectAlts); }
/** * Returns a configured SSLServerSocketFactory. * * @return the configured SSLSocketFactory. * @throws GeneralSecurityException thrown if the SSLSocketFactory could not * be initialized. * @throws IOException thrown if and IO error occurred while loading * the server keystore. */ public SSLServerSocketFactory createSSLServerSocketFactory() throws GeneralSecurityException, IOException { if (mode != Mode.SERVER) { throw new IllegalStateException( "Factory is not in SERVER mode. Actual mode is " + mode.toString()); } return context.getServerSocketFactory(); }
@Override public void check(String host, SSLSocket ssl) throws IOException { check(new String[]{host}, ssl); }
/** * Returns a configured SSLSocketFactory. * * @return the configured SSLSocketFactory. * @throws GeneralSecurityException thrown if the SSLSocketFactory could not * be initialized. * @throws IOException thrown if and IO error occurred while loading * the server keystore. */ public SSLSocketFactory createSSLSocketFactory() throws GeneralSecurityException, IOException { if (mode != Mode.CLIENT) { throw new IllegalStateException( "Factory is not in CLIENT mode. Actual mode is " + mode.toString()); } return context.getSocketFactory(); }
/** * The javax.net.ssl.HostnameVerifier contract. * * @param host 'hostname' we used to create our socket * @param session SSLSession with the remote server * @return true if the host matched the one in the certificate. */ @Override public boolean verify(String host, SSLSession session) { try { Certificate[] certs = session.getPeerCertificates(); X509Certificate x509 = (X509Certificate) certs[0]; check(new String[]{host}, x509); return true; } catch (SSLException e) { return false; } }