/// <exception cref="System.IO.IOException"></exception>
public void Verify(string host, SSLSocket ssl)
{
if (host == null)
{
throw new ArgumentNullException("host to verify is null");
}
SSLSession session = ssl.GetSession();
if (session == null)
{
// In our experience this only happens under IBM 1.4.x when
// spurious (unrelated) certificates show up in the server'
// chain. Hopefully this will unearth the real problem:
InputStream @in = ssl.GetInputStream();
@in.Available();
// If ssl.getInputStream().available() didn't cause an
// exception, maybe at least now the session is available?
session = ssl.GetSession();
if (session == null)
{
// If it's still null, probably a startHandshake() will
// unearth the real problem.
ssl.StartHandshake();
// Okay, if we still haven't managed to cause an exception,
// might as well go for the NPE. Or maybe we're okay now?
session = ssl.GetSession();
}
}
Certificate[] certs = session.GetPeerCertificates();
X509Certificate x509 = (X509Certificate)certs[0];
Verify(host, x509);
}
public override Java.Net.Socket CreateSocket(string host, int port, Java.Net.InetAddress localHost, int localPort)
{
SSLSocket socket = (SSLSocket)factory.CreateSocket(host, port, localHost, localPort);
socket.SetEnabledProtocols(socket.GetSupportedProtocols());
return(socket);
}
public override Java.Net.Socket CreateSocket(string host, int port)
{
SSLSocket socket = (SSLSocket)_factory.CreateSocket(host, port);
socket.SetEnabledProtocols(socket.GetSupportedProtocols());
return(socket);
}
public override Java.Net.Socket CreateSocket(Java.Net.InetAddress address, int port, Java.Net.InetAddress localAddress, int localPort)
{
SSLSocket socket = (SSLSocket)_factory.CreateSocket(address, port, localAddress, localPort);
socket.SetEnabledProtocols(socket.GetSupportedProtocols());
return(socket);
}
public override Java.Net.Socket CreateSocket(Java.Net.Socket s, string host, int port, bool autoClose)
{
SSLSocket socket = (SSLSocket)factory.CreateSocket(s, host, port, autoClose);
socket.SetEnabledProtocols(socket.GetSupportedProtocols());
return(socket);
}
public override Java.Net.Socket CreateSocket()
{
SSLSocket socket = (SSLSocket)factory.CreateSocket();
socket.SetEnabledProtocols(socket.GetSupportedProtocols());
return(socket);
}
public override Java.Net.Socket CreateSocket(Java.Net.InetAddress host, int port)
{
SSLSocket socket = (SSLSocket)factory.CreateSocket(host, port);
socket.SetEnabledProtocols(socket.GetSupportedProtocols());
socket.SetEnabledCipherSuites(socket.GetSupportedCipherSuites());
return(socket);
}
public void Connect(int sendTimeout = -1, int receiveTimeout = -1)
{
SSLSocket sslSocket = null;
var f = SSLSocketFactory.Default as SSLSocketFactory;
sslSocket = f.CreateSocket(_remoteHostName, _remotePort) as SSLSocket;
_socket = sslSocket;
_socket.SoTimeout = receiveTimeout == -1 ? 0 : receiveTimeout;
sslSocket.StartHandshake();
_socket.SoTimeout = 0;
}
/// <exception cref="System.IO.IOException"></exception>
public virtual System.Net.Sockets.Socket CreateLayeredSocket(System.Net.Sockets.Socket
socket, string target, int port, HttpContext context)
{
SSLSocket sslsock = (SSLSocket)this.socketfactory.CreateSocket(socket, target, port
, true);
if (supportedProtocols != null)
{
sslsock.SetEnabledProtocols(supportedProtocols);
}
if (supportedCipherSuites != null)
{
sslsock.SetEnabledCipherSuites(supportedCipherSuites);
}
PrepareSocket(sslsock);
sslsock.StartHandshake();
VerifyHostname(sslsock, target);
return(sslsock);
}
/// <exception cref="System.IO.IOException"></exception>
private void VerifyHostname(SSLSocket sslsock, string hostname)
{
try
{
this.hostnameVerifier.Verify(hostname, sslsock);
}
catch (IOException iox)
{
// verifyHostName() didn't blowup - good!
// close the socket before re-throwing the exception
try
{
sslsock.Close();
}
catch (Exception)
{
}
throw;
}
}
/// <exception cref="System.IO.IOException"></exception>
public virtual System.Net.Sockets.Socket ConnectSocket(int connectTimeout, System.Net.Sockets.Socket
socket, HttpHost host, IPEndPoint remoteAddress, IPEndPoint localAddress, HttpContext
context)
{
Args.NotNull(host, "HTTP host");
Args.NotNull(remoteAddress, "Remote address");
System.Net.Sockets.Socket sock = socket != null ? socket : CreateSocket(context);
if (localAddress != null)
{
sock.Bind2(localAddress);
}
try
{
sock.Connect(remoteAddress, connectTimeout);
}
catch (IOException ex)
{
try
{
sock.Close();
}
catch (IOException)
{
}
throw;
}
// Setup SSL layering if necessary
if (sock is SSLSocket)
{
SSLSocket sslsock = (SSLSocket)sock;
sslsock.StartHandshake();
VerifyHostname(sslsock, host.GetHostName());
return(sock);
}
else
{
return(CreateLayeredSocket(sock, host.GetHostName(), remoteAddress.Port, context));
}
}
/// <exception cref="System.IO.IOException"/> public abstract void Check(string[] hosts, SSLSocket ssl);
/// <exception cref="System.IO.IOException"/> public abstract void Check(string host, SSLSocket ssl);
/// <exception cref="System.IO.IOException"/>
public override void Check(string[] host, SSLSocket ssl)
{
if (host == null)
{
throw new ArgumentNullException("host to verify is null");
}
SSLSession session = ssl.GetSession();
if (session == null)
{
// In our experience this only happens under IBM 1.4.x when
// spurious (unrelated) certificates show up in the server'
// chain. Hopefully this will unearth the real problem:
InputStream @in = ssl.GetInputStream();
@in.Available();
/*
* If you're looking at the 2 lines of code above because
* you're running into a problem, you probably have two
* options:
*
#1. Clean up the certificate chain that your server
* is presenting (e.g. edit "/etc/apache2/server.crt"
* or wherever it is your server's certificate chain
* is defined).
*
* OR
*
#2. Upgrade to an IBM 1.5.x or greater JVM, or switch
* to a non-IBM JVM.
*/
// If ssl.getInputStream().available() didn't cause an
// exception, maybe at least now the session is available?
session = ssl.GetSession();
if (session == null)
{
// If it's still null, probably a startHandshake() will
// unearth the real problem.
ssl.StartHandshake();
// Okay, if we still haven't managed to cause an exception,
// might as well go for the NPE. Or maybe we're okay now?
session = ssl.GetSession();
}
}
Certificate[] certs;
try
{
certs = session.GetPeerCertificates();
}
catch (SSLPeerUnverifiedException spue)
{
InputStream @in = ssl.GetInputStream();
@in.Available();
// Didn't trigger anything interesting? Okay, just throw
// original.
throw;
}
X509Certificate x509 = (X509Certificate)certs[0];
Check(host, x509);
}
/// <exception cref="System.IO.IOException"/>
public override void Check(string host, SSLSocket ssl)
{
Check(new string[] { host }, ssl);
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#:
//ORIGINAL LINE: public static void main(String[] paramArrayOfString) throws Exception
public static void Main(string[] paramArrayOfString)
{
bool @bool;
char[] arrayOfChar;
char c;
string str1;
if (paramArrayOfString.Length == 1 || paramArrayOfString.Length == 2)
{
string[] arrayOfString = paramArrayOfString[0].Split(":", true);
str1 = arrayOfString[0];
c = (arrayOfString.Length == 1) ? (char)443 : (char)int.Parse(arrayOfString[1]);
string str = (paramArrayOfString.Length == 1) ? "changeit" : paramArrayOfString[1];
arrayOfChar = str.ToCharArray();
}
else
{
Console.WriteLine("Usage: java InstallCert [:port] [passphrase]");
return;
}
File file = new File("jssecacerts");
if (!file.File)
{
char c1 = Path.DirectorySeparatorChar;
File file1 = new File(System.getProperty("java.home") + c1 + "lib" + c1 + "security");
file = new File(file1, "jssecacerts");
if (!file.File)
{
file = new File(file1, "cacerts");
}
}
Console.WriteLine("Loading KeyStore " + file + "...");
FileStream fileInputStream = new FileStream(file, FileMode.Open, FileAccess.Read);
KeyStore keyStore = KeyStore.getInstance(KeyStore.DefaultType);
keyStore.load(fileInputStream, arrayOfChar);
fileInputStream.Close();
SSLContext sSLContext = SSLContext.getInstance("TLS");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.DefaultAlgorithm);
trustManagerFactory.init(keyStore);
X509TrustManager x509TrustManager = (X509TrustManager)trustManagerFactory.TrustManagers[0];
SavingTrustManager savingTrustManager = new SavingTrustManager(x509TrustManager);
sSLContext.init(null, new TrustManager[] { savingTrustManager }, null);
SSLSocketFactory sSLSocketFactory = sSLContext.SocketFactory;
Console.WriteLine("Opening connection to " + str1 + ":" + c + "...");
SSLSocket sSLSocket = (SSLSocket)sSLSocketFactory.createSocket(str1, c);
sSLSocket.SoTimeout = 10000;
try
{
Console.WriteLine("Starting SSL handshake...");
sSLSocket.startHandshake();
sSLSocket.close();
Console.WriteLine();
Console.WriteLine("No errors, certificate is already trusted");
}
catch (SSLException sSLException)
{
Console.WriteLine();
sSLException.printStackTrace(System.out);
}
X509Certificate[] arrayOfX509Certificate = savingTrustManager.chain;
if (arrayOfX509Certificate == null)
{
Console.WriteLine("Could not obtain server certificate chain");
return;
}
StreamReader bufferedReader = new StreamReader(System.in);
Console.WriteLine();
Console.WriteLine("Server sent " + arrayOfX509Certificate.Length + " certificate(s):");
Console.WriteLine();
MessageDigest messageDigest1;
MessageDigest messageDigest2 = (messageDigest1 = MessageDigest.getInstance("SHA1")).getInstance("MD5");
for (sbyte b = 0; b < arrayOfX509Certificate.Length; b++)
{
X509Certificate x509Certificate1 = arrayOfX509Certificate[b];
Console.WriteLine(" " + (b + true) + " Subject " + x509Certificate1.SubjectDN);
Console.WriteLine(" Issuer " + x509Certificate1.IssuerDN);
messageDigest1.update(x509Certificate1.Encoded);
Console.WriteLine(" sha1 " + toHexString(messageDigest1.digest()));
messageDigest2.update(x509Certificate1.Encoded);
Console.WriteLine(" md5 " + toHexString(messageDigest2.digest()));
Console.WriteLine();
}
Console.WriteLine("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
string str2 = bufferedReader.ReadLine().Trim();
try
{
@bool = (str2.Length == 0) ? 0 : (int.Parse(str2) - 1);
}
catch (System.FormatException)
{
Console.WriteLine("KeyStore not changed");
return;
}
X509Certificate x509Certificate = arrayOfX509Certificate[@bool];
string str3 = str1 + "-" + (@bool + true);
keyStore.setCertificateEntry(str3, x509Certificate);
FileStream fileOutputStream = new FileStream("jssecacerts", FileMode.Create, FileAccess.Write);
keyStore.store(fileOutputStream, arrayOfChar);
fileOutputStream.Close();
Console.WriteLine();
Console.WriteLine(x509Certificate);
Console.WriteLine();
Console.WriteLine("Added certificate to keystore 'jssecacerts' using alias '" + str3 + "'");
}
/// <summary>
/// Performs any custom initialization for a newly created SSLSocket
/// (before the SSL handshake happens).
/// </summary>
/// <remarks>
/// Performs any custom initialization for a newly created SSLSocket
/// (before the SSL handshake happens).
/// The default implementation is a no-op, but could be overriden to, e.g.,
/// call
/// <see cref="Sharpen.SSLSocket.SetEnabledCipherSuites(string[])">Sharpen.SSLSocket.SetEnabledCipherSuites(string[])
/// </see>
/// .
/// </remarks>
/// <exception cref="System.IO.IOException"></exception>
protected internal virtual void PrepareSocket(SSLSocket socket)
{
}
