本文整理汇总了Java中javax.net.ssl.SSLSocket.getSession方法的典型用法代码示例。如果您正苦于以下问题:Java SSLSocket.getSession方法的具体用法?Java SSLSocket.getSession怎么用?Java SSLSocket.getSession使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类javax.net.ssl.SSLSocket
的用法示例。
在下文中一共展示了SSLSocket.getSession方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: verifyHostname
import javax.net.ssl.SSLSocket; //导入方法依赖的package包/类
private void verifyHostname(SSLSocket socket, String hostname) throws HostnameUnverifiedException
{
if (mVerifyHostname == false)
{
// Skip hostname verification.
return;
}
// Hostname verifier.
OkHostnameVerifier verifier = OkHostnameVerifier.INSTANCE;
// The SSL session.
SSLSession session = socket.getSession();
// Verify the hostname.
if (verifier.verify(hostname, session))
{
// Verified. No problem.
return;
}
// The certificate of the peer does not match the expected hostname.
throw new HostnameUnverifiedException(socket, hostname);
}
示例2: verifyHostname
import javax.net.ssl.SSLSocket; //导入方法依赖的package包/类
/**
* Verifies the peer's hostname using the configured {@link HostnameVerifier}.
*
* @param socket the socket connected to the peer whose hostname is to be verified.
*
* @throws SSLException if the hostname does not verify against the peer's certificate,
* or if there is an error in performing the evaluation
*/
protected void verifyHostname(Socket socket) throws SSLException {
if (hostnameVerifier == null) {
return;
}
if (!(socket instanceof SSLSocket)) {
return;
}
SSLSocket sslSocket = (SSLSocket) socket;
try {
SSLSession sslSession = sslSocket.getSession();
String hostname = sslSession.getPeerHost();
if (!hostnameVerifier.verify(hostname, sslSession)) {
throw new SSLPeerUnverifiedException("SSL peer failed hostname validation for name: " + hostname);
}
} catch (SSLException e) {
cleanUpFailedSocket(sslSocket);
throw e;
} catch (Throwable t) {
// Make sure we close the socket on any kind of Exception, RuntimeException or Error.
cleanUpFailedSocket(sslSocket);
throw new SSLException("Error in hostname verification", t);
}
}
示例3: getHelloFromServer
import javax.net.ssl.SSLSocket; //导入方法依赖的package包/类
/**
* Returned socket may be sslsocket if TLSEnabled.
*
* @param socket
* @param TLSEnabled
* @param host
* @param charset
* @return
* @throws IOException
*/
public static Socket getHelloFromServer(Socket socket, boolean TLSEnabled, String host, Charset charset) throws SSLPeerUnverifiedException, IOException, SocketTimeoutException{
PrintWriter out = new PrintWriter(new OutputStreamWriter(socket.getOutputStream(), charset));
BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream(), charset));
String line = in.readLine();
if (line == null || (!line.startsWith("200") && !line.startsWith("201") )){
Log.get().log(Level.WARNING, "Bad Hello from host {0} : {1}",
new Object[]{host, line});
throw new IOException();
}
if (TLSEnabled){
SSLSocket sslsocket = TLS.createSSLClientSocket(socket);
out.print("STARTTLS"+NNTPConnection.NEWLINE);
out.flush();
line = in.readLine();
if (line == null || !line.startsWith("382")) { //"382 Continue with TLS negotiation"
Log.get().log(Level.WARNING, "From host {0} STARTTLS response: {1}",
new Object[]{host, line});
throw new IOException();
}
SSLSession session = sslsocket.getSession(); //handshake
//throw exception:
X509Certificate cert = (X509Certificate) session.getPeerCertificates()[0]; //I am not sure how to check that it is right cert. TrustManager must do it.
//ready for encrypted communication
//new encrypted streams
//this.out = new PrintWriter(new OutputStreamWriter(sslsocket.getOutputStream(), this.charset));
//this.in = new BufferedReader(new InputStreamReader(sslsocket.getInputStream(), this.charset));
return sslsocket;
}else
return socket;
}
示例4: verifyHostname
import javax.net.ssl.SSLSocket; //导入方法依赖的package包/类
/**
* Verify hostname against certificate
* @param sslSocket Socket
* @param host Host name
* @throws IOException Exception if host name is not verified
*/
private void verifyHostname(SSLSocket sslSocket, String host) throws IOException {
// Make sure we started handshake before verifying
sslSocket.startHandshake();
SSLSession session = sslSocket.getSession();
if (session == null) {
throw new SSLException("Hostname '" + host + "' was not verified (no session)");
}
if (!hostnameVerifier.verify(host, session)) {
throw new SSLPeerUnverifiedException("Hostname '" + host + "' was not verified (" + session.getPeerPrincipal() + ")");
}
if (Logger.DEBUG) { Log.d(TAG, "Connected to " + session.getPeerHost() + " using " + session.getProtocol() + " (" + session.getCipherSuite() + ")"); }
}
示例5: JSSESupport
import javax.net.ssl.SSLSocket; //导入方法依赖的package包/类
JSSESupport(SSLSocket sock){
ssl=sock;
session = sock.getSession();
sock.addHandshakeCompletedListener(listener);
}
示例6: verify
import javax.net.ssl.SSLSocket; //导入方法依赖的package包/类
public final void verify(String host, SSLSocket ssl)
throws IOException {
if(host == null) {
throw new NullPointerException("host to verify is null");
}
SSLSession session = ssl.getSession();
if(session == null) {
// In our experience this only happens under IBM 1.4.x when
// spurious (unrelated) certificates show up in the server'
// chain. Hopefully this will unearth the real problem:
InputStream in = ssl.getInputStream();
in.available();
/*
If you're looking at the 2 lines of code above because
you're running into a problem, you probably have two
options:
#1. Clean up the certificate chain that your server
is presenting (e.g. edit "/etc/apache2/server.crt"
or wherever it is your server's certificate chain
is defined).
OR
#2. Upgrade to an IBM 1.5.x or greater JVM, or switch
to a non-IBM JVM.
*/
// If ssl.getInputStream().available() didn't cause an
// exception, maybe at least now the session is available?
session = ssl.getSession();
if(session == null) {
// If it's still null, probably a startHandshake() will
// unearth the real problem.
ssl.startHandshake();
// Okay, if we still haven't managed to cause an exception,
// might as well go for the NPE. Or maybe we're okay now?
session = ssl.getSession();
}
}
Certificate[] certs = session.getPeerCertificates();
X509Certificate x509 = (X509Certificate) certs[0];
verify(host, x509);
}
示例7: verify
import javax.net.ssl.SSLSocket; //导入方法依赖的package包/类
public final void verify(final String host, final SSLSocket ssl)
throws IOException {
if(host == null) {
throw new NullPointerException("host to verify is null");
}
SSLSession session = ssl.getSession();
if(session == null) {
// In our experience this only happens under IBM 1.4.x when
// spurious (unrelated) certificates show up in the server'
// chain. Hopefully this will unearth the real problem:
final InputStream in = ssl.getInputStream();
in.available();
/*
If you're looking at the 2 lines of code above because
you're running into a problem, you probably have two
options:
#1. Clean up the certificate chain that your server
is presenting (e.g. edit "/etc/apache2/server.crt"
or wherever it is your server's certificate chain
is defined).
OR
#2. Upgrade to an IBM 1.5.x or greater JVM, or switch
to a non-IBM JVM.
*/
// If ssl.getInputStream().available() didn't cause an
// exception, maybe at least now the session is available?
session = ssl.getSession();
if(session == null) {
// If it's still null, probably a startHandshake() will
// unearth the real problem.
ssl.startHandshake();
// Okay, if we still haven't managed to cause an exception,
// might as well go for the NPE. Or maybe we're okay now?
session = ssl.getSession();
}
}
final Certificate[] certs = session.getPeerCertificates();
final X509Certificate x509 = (X509Certificate) certs[0];
verify(host, x509);
}
示例8: doClientSide
import javax.net.ssl.SSLSocket; //导入方法依赖的package包/类
SBListener doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
while (!serverReady) {
Thread.sleep(50);
}
SSLSocketFactory sslsf =
(SSLSocketFactory) SSLSocketFactory.getDefault();
try {
SSLSocket sslSocket = (SSLSocket)
sslsf.createSocket("localhost", serverPort);
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
sslOS.write(280);
sslOS.flush();
sslIS.read();
sslOS.close();
sslIS.close();
SSLSession sslSession = sslSocket.getSession();
System.out.printf(" sslSession: %s %n %s%n", sslSession, sslSession.getClass());
SBListener sbListener = new SBListener(sslSession);
sslSession.putValue("x", sbListener);
sslSession.invalidate();
sslSocket.close();
sslOS = null;
sslIS = null;
sslSession = null;
sslSocket = null;
Reference.reachabilityFence(sslOS);
Reference.reachabilityFence(sslIS);
Reference.reachabilityFence(sslSession);
Reference.reachabilityFence(sslSocket);
return sbListener;
} catch (Exception ex) {
ex.printStackTrace();
throw ex;
}
}
示例9: verifyHostName
import javax.net.ssl.SSLSocket; //导入方法依赖的package包/类
/**
* Verifies that the given hostname in certicifate is the hostname we are trying to connect to
* http://www.cvedetails.com/cve/CVE-2012-5783/
* @param host
* @param ssl
* @throws IOException
*/
private static void verifyHostName(String host, SSLSocket ssl)
throws IOException {
if (host == null) {
throw new IllegalArgumentException("host to verify was null");
}
SSLSession session = ssl.getSession();
if (session == null) {
// In our experience this only happens under IBM 1.4.x when
// spurious (unrelated) certificates show up in the server's chain.
// Hopefully this will unearth the real problem:
InputStream in = ssl.getInputStream();
in.available();
/*
If you're looking at the 2 lines of code above because you're
running into a problem, you probably have two options:
#1. Clean up the certificate chain that your server
is presenting (e.g. edit "/etc/apache2/server.crt" or
wherever it is your server's certificate chain is
defined).
OR
#2. Upgrade to an IBM 1.5.x or greater JVM, or switch to a
non-IBM JVM.
*/
// If ssl.getInputStream().available() didn't cause an exception,
// maybe at least now the session is available?
session = ssl.getSession();
if (session == null) {
// If it's still null, probably a startHandshake() will
// unearth the real problem.
ssl.startHandshake();
// Okay, if we still haven't managed to cause an exception,
// might as well go for the NPE. Or maybe we're okay now?
session = ssl.getSession();
}
}
Certificate[] certs = session.getPeerCertificates();
verifyHostName(host.trim().toLowerCase(Locale.US), (X509Certificate) certs[0]);
}
示例10: verifyHostname
import javax.net.ssl.SSLSocket; //导入方法依赖的package包/类
/**
* Describe <code>verifyHostname</code> method here.
*
* @param socket a <code>SSLSocket</code> value
* @exception SSLPeerUnverifiedException If there are problems obtaining
* the server certificates from the SSL session, or the server host name
* does not match with the "Common Name" in the server certificates
* SubjectDN.
* @exception UnknownHostException If we are not able to resolve
* the SSL sessions returned server host name.
*/
private void verifyHostname(SSLSocket socket)
throws SSLPeerUnverifiedException, UnknownHostException {
if (! verifyHostname)
return;
SSLSession session = socket.getSession();
String hostname = session.getPeerHost();
try {
InetAddress addr = InetAddress.getByName(hostname);
} catch (UnknownHostException uhe) {
throw new UnknownHostException("Could not resolve SSL sessions "
+ "server hostname: " + hostname);
}
X509Certificate[] certs = session.getPeerCertificateChain();
if (certs == null || certs.length == 0)
throw new SSLPeerUnverifiedException("No server certificates found!");
//get the servers DN in its string representation
String dn = certs[0].getSubjectDN().getName();
//might be useful to print out all certificates we receive from the
//server, in case one has to debug a problem with the installed certs.
if (LOG.isDebugEnabled()) {
LOG.debug("Server certificate chain:");
for (int i = 0; i < certs.length; i++) {
LOG.debug("X509Certificate[" + i + "]=" + certs[i]);
}
}
//get the common name from the first cert
String cn = getCN(dn);
if (hostname.equalsIgnoreCase(cn)) {
if (LOG.isDebugEnabled()) {
LOG.debug("Target hostname valid: " + cn);
}
} else {
throw new SSLPeerUnverifiedException(
"HTTPS hostname invalid: expected '" + hostname + "', received '" + cn + "'");
}
}
示例11: JSSESupport
import javax.net.ssl.SSLSocket; //导入方法依赖的package包/类
JSSESupport(SSLSocket sock) {
ssl = sock;
session = sock.getSession();
sock.addHandshakeCompletedListener(listener);
}