/// <exception cref="System.IO.IOException"></exception>
public void Verify(string host, SSLSocket ssl)
{
if (host == null)
{
throw new ArgumentNullException("host to verify is null");
}
SSLSession session = ssl.GetSession();
if (session == null)
{
// In our experience this only happens under IBM 1.4.x when
// spurious (unrelated) certificates show up in the server'
// chain. Hopefully this will unearth the real problem:
InputStream @in = ssl.GetInputStream();
@in.Available();
// If ssl.getInputStream().available() didn't cause an
// exception, maybe at least now the session is available?
session = ssl.GetSession();
if (session == null)
{
// If it's still null, probably a startHandshake() will
// unearth the real problem.
ssl.StartHandshake();
// Okay, if we still haven't managed to cause an exception,
// might as well go for the NPE. Or maybe we're okay now?
session = ssl.GetSession();
}
}
Certificate[] certs = session.GetPeerCertificates();
X509Certificate x509 = (X509Certificate)certs[0];
Verify(host, x509);
}
public virtual object GetUserToken(HttpContext context)
{
HttpClientContext clientContext = ((HttpClientContext)HttpClientContext.Adapt(context
));
Principal userPrincipal = null;
AuthState targetAuthState = clientContext.GetTargetAuthState();
if (targetAuthState != null)
{
userPrincipal = GetAuthPrincipal(targetAuthState);
if (userPrincipal == null)
{
AuthState proxyAuthState = clientContext.GetProxyAuthState();
userPrincipal = GetAuthPrincipal(proxyAuthState);
}
}
if (userPrincipal == null)
{
HttpConnection conn = clientContext.GetConnection();
if (conn.IsOpen() && conn is ManagedHttpClientConnection)
{
SSLSession sslsession = ((ManagedHttpClientConnection)conn).GetSSLSession();
if (sslsession != null)
{
userPrincipal = sslsession.GetLocalPrincipal();
}
}
}
return(userPrincipal);
}
public bool verify(String hostname, SSLSession session)
{
if (_isVerifySSLPeer == false &&
_isVerifySSLCommonName == false &&
_isVerifySSLHostname == false)
{
return(true);
}
Principal principal = null;
try {
principal = session.getPeerPrincipal();
}
catch (SSLPeerUnverifiedException e) {
if (_isVerifySSLPeer)
{
return(false);
}
}
if (_isVerifySSLPeer)
{
try {
session.getPeerPrincipal();
}
catch (SSLPeerUnverifiedException e) {
//XXX: log
return(false);
}
}
if (_isVerifySSLCommonName)
{
if (principal == null || !principal.getName().equals(hostname))
{
return(false);
}
}
if (_isVerifySSLHostname)
{
if (session.getPeerHost() == null ||
!session.getPeerHost().equals(hostname))
{
return(false);
}
}
return(true);
}
/// <summary>The javax.net.ssl.HostnameVerifier contract.</summary>
/// <param name="host">'hostname' we used to create our socket</param>
/// <param name="session">SSLSession with the remote server</param>
/// <returns>true if the host matched the one in the certificate.</returns>
public override bool Verify(string host, SSLSession session)
{
try
{
Certificate[] certs = session.GetPeerCertificates();
X509Certificate x509 = (X509Certificate)certs[0];
Check(new string[] { host }, x509);
return(true);
}
catch (SSLException)
{
return(false);
}
}
public bool Verify(string host, SSLSession session)
{
try
{
Certificate[] certs = session.GetPeerCertificates();
X509Certificate x509 = (X509Certificate)certs[0];
Verify(host, x509);
return(true);
}
catch (SSLException)
{
return(false);
}
}
public abstract bool Verify(string host, SSLSession session);
/// <exception cref="System.IO.IOException"/>
public override void Check(string[] host, SSLSocket ssl)
{
if (host == null)
{
throw new ArgumentNullException("host to verify is null");
}
SSLSession session = ssl.GetSession();
if (session == null)
{
// In our experience this only happens under IBM 1.4.x when
// spurious (unrelated) certificates show up in the server'
// chain. Hopefully this will unearth the real problem:
InputStream @in = ssl.GetInputStream();
@in.Available();
/*
* If you're looking at the 2 lines of code above because
* you're running into a problem, you probably have two
* options:
*
#1. Clean up the certificate chain that your server
* is presenting (e.g. edit "/etc/apache2/server.crt"
* or wherever it is your server's certificate chain
* is defined).
*
* OR
*
#2. Upgrade to an IBM 1.5.x or greater JVM, or switch
* to a non-IBM JVM.
*/
// If ssl.getInputStream().available() didn't cause an
// exception, maybe at least now the session is available?
session = ssl.GetSession();
if (session == null)
{
// If it's still null, probably a startHandshake() will
// unearth the real problem.
ssl.StartHandshake();
// Okay, if we still haven't managed to cause an exception,
// might as well go for the NPE. Or maybe we're okay now?
session = ssl.GetSession();
}
}
Certificate[] certs;
try
{
certs = session.GetPeerCertificates();
}
catch (SSLPeerUnverifiedException spue)
{
InputStream @in = ssl.GetInputStream();
@in.Available();
// Didn't trigger anything interesting? Okay, just throw
// original.
throw;
}
X509Certificate x509 = (X509Certificate)certs[0];
Check(host, x509);
}
public bool verify(string hostname, SSLSession session)
{
//Console.WriteLine("localHostnameVerifier " + new { hostname });
return(true);
}
public bool verify(string hostname, SSLSession session)
{
//Console.WriteLine("localHostnameVerifier " + new { hostname });
return true;
}
