public _ConnectionConfigurator_536(SSLSocketFactory sf, HostnameVerifier hv, int timeout) { this.sf = sf; this.hv = hv; this.timeout = timeout; }
/// <summary>Initializes the factory.</summary> /// <exception cref="GeneralSecurityException"> /// thrown if an SSL initialization error /// happened. /// </exception> /// <exception cref="System.IO.IOException"> /// thrown if an IO error happened while reading the SSL /// configuration. /// </exception> public virtual void Init() { keystoresFactory.Init(mode); context = SSLContext.GetInstance("TLS"); context.Init(keystoresFactory.GetKeyManagers(), keystoresFactory.GetTrustManagers (), null); context.GetDefaultSSLParameters().SetProtocols(enabledProtocols); hostnameVerifier = GetHostnameVerifier(conf); }
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: //ORIGINAL LINE: private static com.sun.jersey.api.client.Client createClient() throws Exception private static Client CreateClient() { HostnameVerifier hostnameVerifier = HttpsURLConnection.DefaultHostnameVerifier; ClientConfig config = new DefaultClientConfig(); SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(null, new TrustManager[] { new InsecureTrustManager() }, null); config.Properties.put(PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hostnameVerifier, ctx)); return(Client.create(config)); }
/// <summary> /// Create a Jersey HTTP client that is able to talk HTTPS and trusts all certificates. /// </summary> /// <returns> new client. </returns> private static Client CreateClient() { try { HostnameVerifier hostnameVerifier = HttpsURLConnection.DefaultHostnameVerifier; ClientConfig config = new DefaultClientConfig(); SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(null, new TrustManager[] { new InsecureTrustManager() }, null); IDictionary <string, object> properties = config.Properties; properties[PROPERTY_HTTPS_PROPERTIES] = new HTTPSProperties(hostnameVerifier, ctx); properties[PROPERTY_FOLLOW_REDIRECTS] = false; return(Client.create(config)); } catch (Exception e) { throw new Exception(e); } }
/// <exception cref="GeneralSecurityException"/> /// <exception cref="System.IO.IOException"/> public static HostnameVerifier GetHostnameVerifier(string verifier) { HostnameVerifier hostnameVerifier; if (verifier.Equals("DEFAULT")) { hostnameVerifier = SSLHostnameVerifier.Default; } else { if (verifier.Equals("DEFAULT_AND_LOCALHOST")) { hostnameVerifier = SSLHostnameVerifier.DefaultAndLocalhost; } else { if (verifier.Equals("STRICT")) { hostnameVerifier = SSLHostnameVerifier.Strict; } else { if (verifier.Equals("STRICT_IE6")) { hostnameVerifier = SSLHostnameVerifier.StrictIe6; } else { if (verifier.Equals("ALLOW_ALL")) { hostnameVerifier = SSLHostnameVerifier.AllowAll; } else { throw new GeneralSecurityException("Invalid hostname verifier: " + verifier); } } } } } return(hostnameVerifier); }
protected override void init(CurlResource curl) { Proxy proxy = getProxy(); URLConnection conn; HttpsURLConnection httpsConn = null; if (proxy != null) { conn = getURL().openConnection(proxy); } else { conn = getURL().openConnection(); } if (conn instanceof HttpsURLConnection) { httpsConn = (HttpsURLConnection)conn; if (!curl.getIsVerifySSLPeer() || !curl.getIsVerifySSLCommonName() || !curl.getIsVerifySSLHostname()) { HostnameVerifier hostnameVerifier = CurlHostnameVerifier.create(curl.getIsVerifySSLPeer(), curl.getIsVerifySSLCommonName(), curl.getIsVerifySSLHostname()); httpsConn.setHostnameVerifier(hostnameVerifier); } } setConnection(conn); }
public bool verify(CertificateTrustCallback prompt, String hostName, List certs) { X509Certificate2 serverCert = ConvertCertificate(certs.iterator().next() as X509Certificate); X509Chain chain = new X509Chain(); chain.ChainPolicy.RevocationMode = PreferencesFactory.get().getBoolean("connection.ssl.x509.revocation.online") ? X509RevocationMode.Online : X509RevocationMode.Offline; chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 0, 10); // set timeout to 10 seconds chain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag; for (int index = 1; index < certs.size(); index++) { chain.ChainPolicy.ExtraStore.Add(ConvertCertificate(certs.get(index) as X509Certificate)); } chain.Build(serverCert); bool isException = CheckForException(hostName, serverCert); if (isException) { // Exceptions always have precedence return(true); } string errorFromChainStatus = GetErrorFromChainStatus(chain, hostName); bool certError = null != errorFromChainStatus; bool hostnameMismatch = hostName != null && !HostnameVerifier.CheckServerIdentity(certs.iterator().next() as X509Certificate, serverCert, hostName); // check if host name matches if (null == errorFromChainStatus && hostnameMismatch) { errorFromChainStatus = string.Format(LocaleFactory.localizedString( "The certificate for this server is invalid. You might be connecting to a server that is pretending to be {0} which could put your confidential information at risk. Would you like to connect to the server anyway?", "Keychain"), hostName); } if (null != errorFromChainStatus) { // Title: LocaleFactory.localizedString("Certificate Error", "Keychain") // Main Instruction: LocaleFactory.localizedString("Certificate Error", "Keychain") // Content: errorFromChainStatus // Verification Text: LocaleFactory.localizedString("Always Trust", "Keychain") // CommandButtons: { LocaleFactory.localizedString("Continue", "Credentials"), LocaleFactory.localizedString("Disconnect"), LocaleFactory.localizedString("Show Certificate", "Keychain") } // ShowCancelButton: false // Main Icon: Warning // Footer Icon: Information TaskDialogResult result = TaskDialog.TaskDialog.Show( title: LocaleFactory.localizedString("Certificate Error", "Keychain"), mainInstruction: LocaleFactory.localizedString("Certificate Error", "Keychain"), verificationText: LocaleFactory.localizedString("Always Trust", "Keychain"), content: errorFromChainStatus, commandLinks: new string[] { LocaleFactory.localizedString("Continue", "Credentials"), LocaleFactory.localizedString("Disconnect"), LocaleFactory.localizedString("Show Certificate", "Keychain") }, mainIcon: TaskDialogIcon.Warning, footerIcon: TaskDialogIcon.Information, callback: (dialog, args, data) => { switch (args.Notification) { case TaskDialogNotification.ButtonClicked: if (args.ButtonIndex == 2) { X509Certificate2UI.DisplayCertificate(serverCert); return(true); } break; } return(false); }); if (result.Result == TaskDialogSimpleResult.Command) { if (result.CommandButtonResult == 0) { if (result.VerificationChecked == true) { if (certError) { //todo can we use the Trusted People and Third Party Certificate Authority Store? Currently X509Chain is the problem. AddCertificate(serverCert, StoreName.Root); } PreferencesFactory.get() .setProperty(hostName + ".certificate.accept", serverCert.Thumbprint); } return(true); } if (result.CommandButtonResult == 1) { return(false); } } } return(true); }
public override bool isTrusted(String hostName, X509Certificate[] certs) { X509Certificate2 serverCert = ConvertCertificate(certs[0]); X509Chain chain = new X509Chain(); //todo Online revocation check. Preference. chain.ChainPolicy.RevocationMode = X509RevocationMode.Offline; // | X509RevocationMode.Online chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 0, 10); // set timeout to 10 seconds chain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag; for (int index = 1; index < certs.Length; index++) { chain.ChainPolicy.ExtraStore.Add(ConvertCertificate(certs[index])); } chain.Build(serverCert); string errorFromChainStatus = GetErrorFromChainStatus(chain, hostName); bool certError = null != errorFromChainStatus; bool hostnameMismatch = !HostnameVerifier.CheckServerIdentity(certs[0], serverCert, hostName) && !CheckForException(hostName, serverCert); // check if host name matches if (null == errorFromChainStatus && hostnameMismatch) { errorFromChainStatus = Locale.localizedString( "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “%@” which could put your confidential information at risk. Would you like to connect to the server anyway?", "Keychain").Replace("%@", hostName); } if (null != errorFromChainStatus) { while (true) { TaskDialog d = new TaskDialog(); DialogResult r = d.ShowCommandBox(Locale.localizedString("This certificate is not valid", "Keychain"), Locale.localizedString("This certificate is not valid", "Keychain"), errorFromChainStatus, null, null, Locale.localizedString("Always Trust", "Keychain"), String.Format("{0}|{1}|{2}", Locale.localizedString("Continue", "Credentials"), Locale.localizedString("Disconnect"), Locale.localizedString("Show Certificate", "Keychain")), false, SysIcons.Warning, SysIcons.Information); if (r == DialogResult.OK) { if (d.CommandButtonResult == 0) { if (d.VerificationChecked) { if (certError) { //todo can we use the Trusted People and Third Party Certificate Authority Store? Currently X509Chain is the problem. AddCertificate(serverCert, StoreName.Root); } if (hostnameMismatch) { Preferences.instance().setProperty(hostName + ".certificate.accept", serverCert.SubjectName.Name); } } return(true); } if (d.CommandButtonResult == 1) { return(false); } if (d.CommandButtonResult == 2) { X509Certificate2UI.DisplayCertificate(serverCert); } } } } return(true); }
public static void setDefaultHostnameVerifier(HostnameVerifier v) { }