public void handshakeCompleted(HandshakeCompletedEvent evt) { SSLSession session; String sessionId; SSLSocket socket; if (Error.TRACESYSTEMOUT) { socket = evt.getSocket(); session = evt.getSession(); Error.printSystemOut("SSL handshake completed:"); Error.printSystemOut( "------------------------------------------------"); Error.printSystemOut("socket: : " + socket); Error.printSystemOut("cipher suite : " + session.getCipherSuite()); sessionId = StringConverter.byteArrayToHexString(session.getId()); Error.printSystemOut("session id : " + sessionId); Error.printSystemOut( "------------------------------------------------"); } }
public void handshakeCompleted(HandshakeCompletedEvent evt) { SSLSession session; String sessionId; SSLSocket socket; if (Trace.TRACE) { socket = evt.getSocket(); session = evt.getSession(); Trace.printSystemOut("SSL handshake completed:"); Trace.printSystemOut( "------------------------------------------------"); Trace.printSystemOut("socket: : " + socket); Trace.printSystemOut("cipher suite : " + session.getCipherSuite()); sessionId = StringConverter.byteToHex(session.getId()); Trace.printSystemOut("session id : " + sessionId); Trace.printSystemOut( "------------------------------------------------"); } }
final void notifyHandshakeCompletedListeners() { if (listeners != null && !listeners.isEmpty()) { // notify the listeners HandshakeCompletedEvent event = new HandshakeCompletedEvent(this, getActiveSession()); for (HandshakeCompletedListener listener : listeners) { try { listener.handshakeCompleted(event); } catch (RuntimeException e) { // The RI runs the handlers in a separate thread, // which we do not. But we try to preserve their // behavior of logging a problem and not killing // the handshaking thread just because a listener // has a problem. Thread thread = Thread.currentThread(); thread.getUncaughtExceptionHandler().uncaughtException(thread, e); } } } }
@Override public void handshakeCompleted(HandshakeCompletedEvent event) { SSLSession session = event.getSession(); sslConnectionInfos.setPeerHost(session.getPeerHost()); sslConnectionInfos.setPeerPort(session.getPeerPort()); sslConnectionInfos.setProtocol(session.getProtocol()); sslConnectionInfos.setCipherSuite(session.getCipherSuite()); Certificate[] locChain = session.getLocalCertificates(); if (locChain != null) { X509Certificate[] clientCertificates = Arrays.copyOf(locChain, locChain.length, X509Certificate[].class); sslConnectionInfos.setClientCertificates(clientCertificates); } try { Certificate[] chain = session.getPeerCertificates(); if (chain != null) { X509Certificate[] serverCertificates = Arrays.copyOf(chain, chain.length, X509Certificate[].class); sslConnectionInfos.setServerCertificates(serverCertificates); } } catch (SSLPeerUnverifiedException e) { // do nothing } }
@Override public void connect(SocketAddress endpoint, int timeout) throws IOException { Date start = new Date(); socket.connect(endpoint, timeout); Date end = new Date(); RequestInfo.get().connect(start, end); handshakeStart = new Date(); startHandshake(); this.addHandshakeCompletedListener(new HandshakeCompletedListener() { @Override public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) { if (handshakeStart != null) { RequestInfo.get().ssl(handshakeStart, new Date()); } } }); }
private void notifyHandshakeCompletedListeners() { if (listeners != null && !listeners.isEmpty()) { // notify the listeners HandshakeCompletedEvent event = new HandshakeCompletedEvent(this, sslSession); for (HandshakeCompletedListener listener : listeners) { try { listener.handshakeCompleted(event); } catch (RuntimeException e) { // The RI runs the handlers in a separate thread, // which we do not. But we try to preserve their // behavior of logging a problem and not killing // the handshaking thread just because a listener // has a problem. Thread thread = Thread.currentThread(); thread.getUncaughtExceptionHandler().uncaughtException(thread, e); } } } }
/** * @throws IOException * @tests javax.net.ssl.HandshakeCompletedEvent#getCipherSuite() */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "getCipherSuite", args = {} ) public final void test_getCipherSuite() throws IOException { mySSLSession session = new mySSLSession("localhost", 1080, null); SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session); try { assertEquals("SuiteName", event.getCipherSuite()); } catch (Exception e) { fail("Unexpected exception: " + e); } }
/** * @throws IOException * @tests javax.net.ssl.HandshakeCompletedEvent#getLocalCertificates() */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "getLocalCertificates", args = {} ) public final void test_getLocalCertificates() throws IOException { mySSLSession session = new mySSLSession("localhost", 1080, null); SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session); try { assertNull(event.getLocalCertificates()); } catch (Exception e) { fail("Unexpected exception: " + e); } }
/** * @throws IOException * @tests javax.net.ssl.HandshakeCompletedEvent#getLocalPrincipal() */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "getLocalPrincipal", args = {} ) public final void test_getLocalPrincipal() throws IOException { mySSLSession session = new mySSLSession("localhost", 1080, null); SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session); try { assertNull(event.getLocalPrincipal()); } catch (Exception e) { fail("Unexpected exception: " + e); } }
/** * @throws IOException * @tests javax.net.ssl.HandshakeCompletedEvent#getPeerPrincipal() */ @TestTargetNew( level = TestLevel.SUFFICIENT, notes = "", method = "getPeerPrincipal", args = {} ) public final void test_getPeerPrincipal() throws IOException { mySSLSession session = new mySSLSession("localhost", 1080, null); SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session); try { assertNull(event.getPeerPrincipal()); } catch (Exception e) { fail("Unexpected exception: " + e); } }
/** * @throws IOException * @tests javax.net.ssl.HandshakeCompletedEvent#getSession() */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "getSession", args = {} ) public final void test_getSession() throws IOException { mySSLSession session = new mySSLSession("localhost", 1080, null); SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, session); try { SSLSession ss = event.getSession(); assertNotNull(ss); assertEquals(session, ss); } catch (Exception e) { fail("Unexpected exception: " + e); } }
/** * @throws IOException * @tests javax.net.ssl.HandshakeCompletedEvent#getSocket() */ @TestTargetNew( level = TestLevel.COMPLETE, notes = "", method = "getSocket", args = {} ) public final void test_getSocket() throws IOException { SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); HandshakeCompletedEvent event = new HandshakeCompletedEvent(socket, null); try { SSLSocket ss = event.getSocket(); assertNotNull(ss); assertEquals(socket, ss); } catch (Exception e) { fail("Unexpected exception: " + e); } }
public final void testGetLocalCertificates() { if (noFreePort || noSocket) { return; } SSLSession ses = new MySSLSession(); HandshakeCompletedEvent event = new HandshakeCompletedEvent(soc, ses); Certificate[] certs = event.getLocalCertificates(); Certificate[] ses_certs = ses.getLocalCertificates(); if (certs == null && ses_certs == null) { return; } if (certs == null || ses_certs == null) { fail("incorrect LocalCertificates"); } for (int i = 0; i < certs.length; i++) { if (certs[i] != ses_certs[i]) { fail("incorrect LocalCertificates"); } } }
public final void testGetCipherSuite() { if (noFreePort || noSocket) { return; } SSLSession ses = new MySSLSession(); HandshakeCompletedEvent event = new HandshakeCompletedEvent(soc, ses); String name = event.getCipherSuite(); String name_ses = ses.getCipherSuite(); if (name == null && name_ses != null) { fail("incorrect null CipherCuite"); } if (!name.equals(name_ses)) { fail("incorrect CipherCuite"); } }
public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) { if (this.watchdog != null) { sipStack.getTimer().cancel(watchdog); this.watchdog = null; } this.handshakeCompletedEvent = handshakeCompletedEvent; synchronized (eventWaitObject) { eventWaitObject.notify(); } }
/** * Gets the event indicating that the SSL handshake has completed. The * method waits until the event has been obtained by the listener or a * timeout of 5 seconds has elapsed. * * @return the handshakeCompletedEvent or null when the timeout elapsed */ public HandshakeCompletedEvent getHandshakeCompletedEvent() { try { synchronized (eventWaitObject) { if (handshakeCompletedEvent == null) eventWaitObject.wait(5000); } } catch (InterruptedException e) { // we don't care } return handshakeCompletedEvent; }
/** * @param socket Socket to configure * @param protocols Enabled SSL protocol versions */ protected void configure(final Socket socket, final String[] protocols) throws IOException { if(socket instanceof SSLSocket) { try { if(log.isDebugEnabled()) { log.debug(String.format("Configure SSL parameters with protocols %s", Arrays.toString(protocols))); } ((SSLSocket) socket).setEnabledProtocols(protocols); final List<String> ciphers = Arrays.asList(((SSLSocket) socket).getEnabledCipherSuites()); final List<String> blacklist = preferences.getList("connection.ssl.cipher.blacklist"); if(!blacklist.isEmpty()) { ciphers.removeIf(blacklist::contains); } ((SSLSocket) socket).setEnabledCipherSuites(ciphers.toArray(new String[ciphers.size()])); if(log.isInfoEnabled()) { log.info(String.format("Enabled cipher suites %s", Arrays.toString(((SSLSocket) socket).getEnabledCipherSuites()))); ((SSLSocket) socket).addHandshakeCompletedListener(new HandshakeCompletedListener() { @Override public void handshakeCompleted(final HandshakeCompletedEvent event) { log.info(String.format("Completed handshake with %s and negotiated cipher suite %s", event.getSession().getProtocol(), event.getCipherSuite())); ((SSLSocket) socket).removeHandshakeCompletedListener(this); } }); } } catch(Exception e) { log.warn(String.format("Failed to configure SSL parameters %s", e.getMessage())); } } }
/** * Create an SSL client socket using the IOR-encoded * security characteristics. * Setting want/need client auth on a client socket has no effect so all we can do is use the right host, port, ciphers * * @param host The target host name. * @param port The target connection port. * * @return An appropriately configured client SSLSocket. * @exception IOException if ssl socket can't be obtained and configured. */ private Socket createSSLSocket(String host, int port, int requires, int supports) throws IOException { SSLSocketFactory factory = getSocketFactory(); SSLSocket socket = (SSLSocket) factory.createSocket(host, port); socket.setSoTimeout(SOCKET_TIMEOUT_MS); // get a set of cipher suites appropriate for this connections requirements. // We request this for each connection, since the outgoing IOR's requirements may be different from // our server listener requirements. String[] iorSuites = SSLCipherSuiteDatabase.getCipherSuites(requires, supports, factory.getSupportedCipherSuites()); socket.setEnabledCipherSuites(iorSuites); if (log.isDebugEnabled()) { log.debug("Created SSL socket to " + host + ":" + port); log.debug(" cipher suites:"); for (int i = 0; i < iorSuites.length; i++) { log.debug(" " + iorSuites[i]); } socket.addHandshakeCompletedListener(new HandshakeCompletedListener() { public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) { Certificate[] certs = handshakeCompletedEvent.getLocalCertificates(); if (certs != null) { log.debug("handshake returned local certs count: " + certs.length); for (int i = 0; i < certs.length; i++) { Certificate cert = certs[i]; log.debug("cert: " + cert.toString()); } } else { log.debug("handshake returned no local certs"); } } }); } return socket; }
@Test public void test_SSLSocket_HandshakeCompletedListener_RuntimeException() throws Exception { final Thread self = Thread.currentThread(); final UncaughtExceptionHandler original = self.getUncaughtExceptionHandler(); final RuntimeException expectedException = new RuntimeException("expected"); final TestUncaughtExceptionHandler test = new TestUncaughtExceptionHandler(); self.setUncaughtExceptionHandler(test); final TestSSLContext c = TestSSLContext.create(); final SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket(c.host, c.port); final SSLSocket server = (SSLSocket) c.serverSocket.accept(); Future<Void> future = runAsync(new Callable<Void>() { @Override public Void call() throws Exception { server.startHandshake(); return null; } }); client.addHandshakeCompletedListener(new HandshakeCompletedListener() { @Override public void handshakeCompleted(HandshakeCompletedEvent event) { throw expectedException; } }); client.startHandshake(); future.get(); client.close(); server.close(); c.close(); assertSame(expectedException, test.actualException); self.setUncaughtExceptionHandler(original); }
@Override public void handshakeCompleted(HandshakeCompletedEvent event) { Log.i(TAG, "SSL handshake completed"); try { // Log.i(TAG, "getCipherSuite: " + event.getCipherSuite()); // Log.i(TAG, "algorithm: " + config.getPrivateKey().getAlgorithm()); // Log.i(TAG, "modulusBitLength: " + ((RSAPrivateKey) // config.getPrivateKey()).getModulus().bitLength()); // SSLSession session = event.getSession(); // Log.i(TAG, "getProtocol: " + session.getProtocol()); // Log.i(TAG, "getPeerHost: " + session.getPeerHost()); // Log.i(TAG, "getId: " + RapidUtils.bytesToHex(session.getId())); // Log.i(TAG, "getCreationTime: " + session.getCreationTime()); // java.security.cert.Certificate[] certs = event.getPeerCertificates(); // for (int i = 0; i < certs.length; i++) // { // if (!(certs[i] instanceof java.security.cert.X509Certificate)) continue; // java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) certs[i]; // Log.i(TAG, "Cert #" + i + ": " + cert.getSubjectDN().getName()); // } } catch (Exception e) { Log.e(TAG, "SSL handshake completed with errors: " + e); } }
public void handshakeCompleted() { if(listenerList.isEmpty()) { return; } final HandshakeCompletedEvent event = new HandshakeCompletedEvent(this, engine.getSession()); for(HandshakeCompletedListener listener: listenerList) { listener.handshakeCompleted(event); } }
@Override public void startHandshake() throws IOException { Log.d(TAG, "SSLSocket.startHandshake"); EidTlsClient client = new EidTlsClient(eidService, host, port); tlsClientProtocol.connect(client); this.session = new EidSSLSession(client); for (HandshakeCompletedListener listener : listeners) { listener.handshakeCompleted(new HandshakeCompletedEvent(this, this.session)); } }
/** * {@inheritDoc} */ @Override public void handshakeCompleted(HandshakeCompletedEvent event) { synchronized (SecureFinalSocket.this) { handshakeCompleted = true; SecureFinalSocket.this.notify(); } }
/** * {@inheritDoc} */ @Override public void handshakeCompleted(HandshakeCompletedEvent event) { synchronized (SecureSelfHealSocket.this) { handshakeCompleted = true; SecureSelfHealSocket.this.notify(); } }
@Override protected Object[] getData() { try { SSLContext cont = SSLContext.getInstance("TLS"); cont.init(null, null, null); SSLSocket soc = (SSLSocket )cont.getSocketFactory().createSocket(); return new Object[] { new HandshakeCompletedEvent(soc, soc.getSession())}; } catch (Exception e) { fail("Can not create data: "+ e); return null; } }
public final void testGetCipherSuite() { if (noFreePort || noSocket) { return; } SSLSession ses = new MySSLSession(); HandshakeCompletedEvent event = new HandshakeCompletedEvent(soc, ses); assertEquals(event.getCipherSuite(), ses.getCipherSuite()); }
public final void testGetPeerCertificates() { if (noFreePort || noSocket) { return; } SSLSession ses = new MySSLSession(); HandshakeCompletedEvent event = new HandshakeCompletedEvent(soc, ses); try { event.getPeerCertificates(); fail("No excpected SSLPeerUnverifiedException"); } catch (SSLPeerUnverifiedException e) { } }
public final void testGetPeerCertificateChain() { if (noFreePort || noSocket) { return; } SSLSession ses = new MySSLSession(); HandshakeCompletedEvent event = new HandshakeCompletedEvent(soc, ses); try { event.getPeerCertificateChain(); fail("No excpected SSLPeerUnverifiedException"); } catch (SSLPeerUnverifiedException e) { } }
public final void testHandshakeCompletedEvent() { if (noFreePort || noSocket) { return; } SSLSession ses = new MySSLSession(); HandshakeCompletedEvent event = new HandshakeCompletedEvent(soc, ses); assertEquals(ses, event.getSession()); assertEquals(soc, event.getSocket()); }