/// <exception cref="System.IO.IOException"></exception> public void Verify(string host, SSLSocket ssl) { if (host == null) { throw new ArgumentNullException("host to verify is null"); } SSLSession session = ssl.GetSession(); if (session == null) { // In our experience this only happens under IBM 1.4.x when // spurious (unrelated) certificates show up in the server' // chain. Hopefully this will unearth the real problem: InputStream @in = ssl.GetInputStream(); @in.Available(); // If ssl.getInputStream().available() didn't cause an // exception, maybe at least now the session is available? session = ssl.GetSession(); if (session == null) { // If it's still null, probably a startHandshake() will // unearth the real problem. ssl.StartHandshake(); // Okay, if we still haven't managed to cause an exception, // might as well go for the NPE. Or maybe we're okay now? session = ssl.GetSession(); } } Certificate[] certs = session.GetPeerCertificates(); X509Certificate x509 = (X509Certificate)certs[0]; Verify(host, x509); }
public override Java.Net.Socket CreateSocket(string host, int port, Java.Net.InetAddress localHost, int localPort) { SSLSocket socket = (SSLSocket)factory.CreateSocket(host, port, localHost, localPort); socket.SetEnabledProtocols(socket.GetSupportedProtocols()); return(socket); }
public override Java.Net.Socket CreateSocket(string host, int port) { SSLSocket socket = (SSLSocket)_factory.CreateSocket(host, port); socket.SetEnabledProtocols(socket.GetSupportedProtocols()); return(socket); }
public override Java.Net.Socket CreateSocket(Java.Net.InetAddress address, int port, Java.Net.InetAddress localAddress, int localPort) { SSLSocket socket = (SSLSocket)_factory.CreateSocket(address, port, localAddress, localPort); socket.SetEnabledProtocols(socket.GetSupportedProtocols()); return(socket); }
public override Java.Net.Socket CreateSocket(Java.Net.Socket s, string host, int port, bool autoClose) { SSLSocket socket = (SSLSocket)factory.CreateSocket(s, host, port, autoClose); socket.SetEnabledProtocols(socket.GetSupportedProtocols()); return(socket); }
public override Java.Net.Socket CreateSocket() { SSLSocket socket = (SSLSocket)factory.CreateSocket(); socket.SetEnabledProtocols(socket.GetSupportedProtocols()); return(socket); }
public override Java.Net.Socket CreateSocket(Java.Net.InetAddress host, int port) { SSLSocket socket = (SSLSocket)factory.CreateSocket(host, port); socket.SetEnabledProtocols(socket.GetSupportedProtocols()); socket.SetEnabledCipherSuites(socket.GetSupportedCipherSuites()); return(socket); }
public void Connect(int sendTimeout = -1, int receiveTimeout = -1) { SSLSocket sslSocket = null; var f = SSLSocketFactory.Default as SSLSocketFactory; sslSocket = f.CreateSocket(_remoteHostName, _remotePort) as SSLSocket; _socket = sslSocket; _socket.SoTimeout = receiveTimeout == -1 ? 0 : receiveTimeout; sslSocket.StartHandshake(); _socket.SoTimeout = 0; }
/// <exception cref="System.IO.IOException"></exception> public virtual System.Net.Sockets.Socket CreateLayeredSocket(System.Net.Sockets.Socket socket, string target, int port, HttpContext context) { SSLSocket sslsock = (SSLSocket)this.socketfactory.CreateSocket(socket, target, port , true); if (supportedProtocols != null) { sslsock.SetEnabledProtocols(supportedProtocols); } if (supportedCipherSuites != null) { sslsock.SetEnabledCipherSuites(supportedCipherSuites); } PrepareSocket(sslsock); sslsock.StartHandshake(); VerifyHostname(sslsock, target); return(sslsock); }
/// <exception cref="System.IO.IOException"></exception> private void VerifyHostname(SSLSocket sslsock, string hostname) { try { this.hostnameVerifier.Verify(hostname, sslsock); } catch (IOException iox) { // verifyHostName() didn't blowup - good! // close the socket before re-throwing the exception try { sslsock.Close(); } catch (Exception) { } throw; } }
/// <exception cref="System.IO.IOException"></exception> public virtual System.Net.Sockets.Socket ConnectSocket(int connectTimeout, System.Net.Sockets.Socket socket, HttpHost host, IPEndPoint remoteAddress, IPEndPoint localAddress, HttpContext context) { Args.NotNull(host, "HTTP host"); Args.NotNull(remoteAddress, "Remote address"); System.Net.Sockets.Socket sock = socket != null ? socket : CreateSocket(context); if (localAddress != null) { sock.Bind2(localAddress); } try { sock.Connect(remoteAddress, connectTimeout); } catch (IOException ex) { try { sock.Close(); } catch (IOException) { } throw; } // Setup SSL layering if necessary if (sock is SSLSocket) { SSLSocket sslsock = (SSLSocket)sock; sslsock.StartHandshake(); VerifyHostname(sslsock, host.GetHostName()); return(sock); } else { return(CreateLayeredSocket(sock, host.GetHostName(), remoteAddress.Port, context)); } }
/// <exception cref="System.IO.IOException"/> public abstract void Check(string[] hosts, SSLSocket ssl);
/// <exception cref="System.IO.IOException"/> public abstract void Check(string host, SSLSocket ssl);
/// <exception cref="System.IO.IOException"/> public override void Check(string[] host, SSLSocket ssl) { if (host == null) { throw new ArgumentNullException("host to verify is null"); } SSLSession session = ssl.GetSession(); if (session == null) { // In our experience this only happens under IBM 1.4.x when // spurious (unrelated) certificates show up in the server' // chain. Hopefully this will unearth the real problem: InputStream @in = ssl.GetInputStream(); @in.Available(); /* * If you're looking at the 2 lines of code above because * you're running into a problem, you probably have two * options: * #1. Clean up the certificate chain that your server * is presenting (e.g. edit "/etc/apache2/server.crt" * or wherever it is your server's certificate chain * is defined). * * OR * #2. Upgrade to an IBM 1.5.x or greater JVM, or switch * to a non-IBM JVM. */ // If ssl.getInputStream().available() didn't cause an // exception, maybe at least now the session is available? session = ssl.GetSession(); if (session == null) { // If it's still null, probably a startHandshake() will // unearth the real problem. ssl.StartHandshake(); // Okay, if we still haven't managed to cause an exception, // might as well go for the NPE. Or maybe we're okay now? session = ssl.GetSession(); } } Certificate[] certs; try { certs = session.GetPeerCertificates(); } catch (SSLPeerUnverifiedException spue) { InputStream @in = ssl.GetInputStream(); @in.Available(); // Didn't trigger anything interesting? Okay, just throw // original. throw; } X509Certificate x509 = (X509Certificate)certs[0]; Check(host, x509); }
/// <exception cref="System.IO.IOException"/> public override void Check(string host, SSLSocket ssl) { Check(new string[] { host }, ssl); }
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in C#: //ORIGINAL LINE: public static void main(String[] paramArrayOfString) throws Exception public static void Main(string[] paramArrayOfString) { bool @bool; char[] arrayOfChar; char c; string str1; if (paramArrayOfString.Length == 1 || paramArrayOfString.Length == 2) { string[] arrayOfString = paramArrayOfString[0].Split(":", true); str1 = arrayOfString[0]; c = (arrayOfString.Length == 1) ? (char)443 : (char)int.Parse(arrayOfString[1]); string str = (paramArrayOfString.Length == 1) ? "changeit" : paramArrayOfString[1]; arrayOfChar = str.ToCharArray(); } else { Console.WriteLine("Usage: java InstallCert [:port] [passphrase]"); return; } File file = new File("jssecacerts"); if (!file.File) { char c1 = Path.DirectorySeparatorChar; File file1 = new File(System.getProperty("java.home") + c1 + "lib" + c1 + "security"); file = new File(file1, "jssecacerts"); if (!file.File) { file = new File(file1, "cacerts"); } } Console.WriteLine("Loading KeyStore " + file + "..."); FileStream fileInputStream = new FileStream(file, FileMode.Open, FileAccess.Read); KeyStore keyStore = KeyStore.getInstance(KeyStore.DefaultType); keyStore.load(fileInputStream, arrayOfChar); fileInputStream.Close(); SSLContext sSLContext = SSLContext.getInstance("TLS"); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.DefaultAlgorithm); trustManagerFactory.init(keyStore); X509TrustManager x509TrustManager = (X509TrustManager)trustManagerFactory.TrustManagers[0]; SavingTrustManager savingTrustManager = new SavingTrustManager(x509TrustManager); sSLContext.init(null, new TrustManager[] { savingTrustManager }, null); SSLSocketFactory sSLSocketFactory = sSLContext.SocketFactory; Console.WriteLine("Opening connection to " + str1 + ":" + c + "..."); SSLSocket sSLSocket = (SSLSocket)sSLSocketFactory.createSocket(str1, c); sSLSocket.SoTimeout = 10000; try { Console.WriteLine("Starting SSL handshake..."); sSLSocket.startHandshake(); sSLSocket.close(); Console.WriteLine(); Console.WriteLine("No errors, certificate is already trusted"); } catch (SSLException sSLException) { Console.WriteLine(); sSLException.printStackTrace(System.out); } X509Certificate[] arrayOfX509Certificate = savingTrustManager.chain; if (arrayOfX509Certificate == null) { Console.WriteLine("Could not obtain server certificate chain"); return; } StreamReader bufferedReader = new StreamReader(System.in); Console.WriteLine(); Console.WriteLine("Server sent " + arrayOfX509Certificate.Length + " certificate(s):"); Console.WriteLine(); MessageDigest messageDigest1; MessageDigest messageDigest2 = (messageDigest1 = MessageDigest.getInstance("SHA1")).getInstance("MD5"); for (sbyte b = 0; b < arrayOfX509Certificate.Length; b++) { X509Certificate x509Certificate1 = arrayOfX509Certificate[b]; Console.WriteLine(" " + (b + true) + " Subject " + x509Certificate1.SubjectDN); Console.WriteLine(" Issuer " + x509Certificate1.IssuerDN); messageDigest1.update(x509Certificate1.Encoded); Console.WriteLine(" sha1 " + toHexString(messageDigest1.digest())); messageDigest2.update(x509Certificate1.Encoded); Console.WriteLine(" md5 " + toHexString(messageDigest2.digest())); Console.WriteLine(); } Console.WriteLine("Enter certificate to add to trusted keystore or 'q' to quit: [1]"); string str2 = bufferedReader.ReadLine().Trim(); try { @bool = (str2.Length == 0) ? 0 : (int.Parse(str2) - 1); } catch (System.FormatException) { Console.WriteLine("KeyStore not changed"); return; } X509Certificate x509Certificate = arrayOfX509Certificate[@bool]; string str3 = str1 + "-" + (@bool + true); keyStore.setCertificateEntry(str3, x509Certificate); FileStream fileOutputStream = new FileStream("jssecacerts", FileMode.Create, FileAccess.Write); keyStore.store(fileOutputStream, arrayOfChar); fileOutputStream.Close(); Console.WriteLine(); Console.WriteLine(x509Certificate); Console.WriteLine(); Console.WriteLine("Added certificate to keystore 'jssecacerts' using alias '" + str3 + "'"); }
/// <summary> /// Performs any custom initialization for a newly created SSLSocket /// (before the SSL handshake happens). /// </summary> /// <remarks> /// Performs any custom initialization for a newly created SSLSocket /// (before the SSL handshake happens). /// The default implementation is a no-op, but could be overriden to, e.g., /// call /// <see cref="Sharpen.SSLSocket.SetEnabledCipherSuites(string[])">Sharpen.SSLSocket.SetEnabledCipherSuites(string[]) /// </see> /// . /// </remarks> /// <exception cref="System.IO.IOException"></exception> protected internal virtual void PrepareSocket(SSLSocket socket) { }