| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409 |
- package xin.glue.user.common;
- import java.io.ByteArrayInputStream;
- import java.io.ByteArrayOutputStream;
- import java.io.DataOutputStream;
- import java.io.FileInputStream;
- import java.io.IOException;
- import java.io.InputStream;
- import java.io.OutputStream;
- import java.net.InetAddress;
- import java.net.InetSocketAddress;
- import java.net.Socket;
- import java.net.UnknownHostException;
- import java.security.KeyStore;
- import java.security.Principal;
- import java.security.SecureRandom;
- import java.security.Security;
- import java.security.cert.CertificateExpiredException;
- import java.security.cert.CertificateFactory;
- import java.util.Hashtable;
- import java.util.LinkedList;
- import java.util.List;
-
- import javax.net.ssl.HandshakeCompletedListener;
- import javax.net.ssl.SSLPeerUnverifiedException;
- import javax.net.ssl.SSLSession;
- import javax.net.ssl.SSLSessionContext;
- import javax.net.ssl.SSLSocket;
- import javax.net.ssl.SSLSocketFactory;
- import javax.security.cert.X509Certificate;
-
- import org.bouncycastle.crypto.tls.*;
- import org.bouncycastle.crypto.tls.Certificate;
- import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
- /**
- * Created by hzlizhou on 2016/9/9.
- */
- public class UIJ030053 extends SSLSocketFactory {
-
- static {
- if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
- Security.addProvider(new BouncyCastleProvider());
- }
- }
-
- @Override
- public Socket createSocket(Socket socket, final String host, int port,
- boolean arg3) throws IOException {
- if (socket == null) {
- socket = new Socket();
- }
- if (!socket.isConnected()) {
- socket.connect(new InetSocketAddress(host, port));
- }
-
- final TlsClientProtocol tlsClientProtocol = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), new SecureRandom());
-
- return _createSSLSocket(host, tlsClientProtocol);
- }
-
- @Override
- public String[] getDefaultCipherSuites() {
- return null;
- }
-
- @Override
- public String[] getSupportedCipherSuites() {
- return null;
- }
-
- @Override
- public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public Socket createSocket(InetAddress host, int port) throws IOException {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
- return null;
- }
-
- @Override
- public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
- throw new UnsupportedOperationException();
- }
-
- private SSLSocket _createSSLSocket(final String host, final TlsClientProtocol tlsClientProtocol) {
- return new SSLSocket() {
- private java.security.cert.Certificate[] peertCerts;
-
- @Override
- public InputStream getInputStream() throws IOException {
- return tlsClientProtocol.getInputStream();
- }
-
- @Override
- public OutputStream getOutputStream() throws IOException {
- return tlsClientProtocol.getOutputStream();
- }
-
- @Override
- public synchronized void close() throws IOException {
- tlsClientProtocol.close();
- }
-
- @Override
- public void addHandshakeCompletedListener(HandshakeCompletedListener arg0) {
- }
-
- @Override
- public boolean getEnableSessionCreation() {
- return false;
- }
-
- @Override
- public String[] getEnabledCipherSuites() {
- return null;
- }
-
- @Override
- public String[] getEnabledProtocols() {
- return null;
- }
-
- @Override
- public boolean getNeedClientAuth() {
- return false;
- }
-
- @Override
- public SSLSession getSession() {
- return new SSLSession() {
-
- @Override
- public int getApplicationBufferSize() {
- return 0;
- }
-
- @Override
- public String getCipherSuite() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public long getCreationTime() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public byte[] getId() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public long getLastAccessedTime() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public java.security.cert.Certificate[] getLocalCertificates() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public Principal getLocalPrincipal() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public int getPacketBufferSize() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
- return null;
- }
-
- @Override
- public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
- return peertCerts;
- }
-
- @Override
- public String getPeerHost() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public int getPeerPort() {
- return 0;
- }
-
- @Override
- public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
- return null;
- }
-
- @Override
- public String getProtocol() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public SSLSessionContext getSessionContext() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public Object getValue(String arg0) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public String[] getValueNames() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void invalidate() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public boolean isValid() {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void putValue(String arg0, Object arg1) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void removeValue(String arg0) {
- throw new UnsupportedOperationException();
- }
- };
- }
-
- @Override
- public String[] getSupportedProtocols() {
- return null;
- }
-
- @Override
- public boolean getUseClientMode() {
- return false;
- }
-
- @Override
- public boolean getWantClientAuth() {
- return false;
- }
-
- @Override
- public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) {
- }
-
- @Override
- public void setEnableSessionCreation(boolean arg0) {
- }
-
- @Override
- public void setEnabledCipherSuites(String[] arg0) {
- }
-
- @Override
- public void setEnabledProtocols(String[] arg0) {
- }
-
- @Override
- public void setNeedClientAuth(boolean arg0) {
- }
-
- @Override
- public void setUseClientMode(boolean arg0) {
- }
-
- @Override
- public void setWantClientAuth(boolean arg0) {
- }
-
- @Override
- public String[] getSupportedCipherSuites() {
- return null;
- }
-
- @Override
- public void startHandshake() throws IOException {
- tlsClientProtocol.connect(new DefaultTlsClient() {
-
- @SuppressWarnings("unchecked")
- @Override
- public Hashtable<Integer, byte[]> getClientExtensions() throws IOException {
- Hashtable<Integer, byte[]> clientExtensions = super.getClientExtensions();
- if (clientExtensions == null) {
- clientExtensions = new Hashtable<Integer, byte[]>();
- }
-
- //Add host_name
- byte[] host_name = host.getBytes();
-
- final ByteArrayOutputStream baos = new ByteArrayOutputStream();
- final DataOutputStream dos = new DataOutputStream(baos);
- dos.writeShort(host_name.length + 3);
- dos.writeByte(0);
- dos.writeShort(host_name.length);
- dos.write(host_name);
- dos.close();
- clientExtensions.put(ExtensionType.server_name, baos.toByteArray());
- return clientExtensions;
- }
-
- @Override
- public TlsAuthentication getAuthentication() throws IOException {
- return new TlsAuthentication() {
- @Override
- public void notifyServerCertificate(Certificate serverCertificate) throws IOException {
- try {
- KeyStore ks = _loadKeyStore();
-
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- List<java.security.cert.Certificate> certs = new LinkedList<java.security.cert.Certificate>();
- boolean trustedCertificate = false;
- for (org.bouncycastle.asn1.x509.Certificate c : ((org.bouncycastle.crypto.tls.Certificate) serverCertificate).getCertificateList()) {
- java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));
- certs.add(cert);
-
- String alias = ks.getCertificateAlias(cert);
- if (alias != null) {
- if (cert instanceof java.security.cert.X509Certificate) {
- try {
- ((java.security.cert.X509Certificate) cert).checkValidity();
- trustedCertificate = true;
- } catch (CertificateExpiredException cee) {
- // Accept all the certs!
- }
- }
- } else {
- // Accept all the certs!
- }
-
- }
- if (!trustedCertificate) {
- // Accept all the certs!
- }
- peertCerts = certs.toArray(new java.security.cert.Certificate[0]);
- } catch (Exception ex) {
- ex.printStackTrace();
- throw new IOException(ex);
- }
- }
-
- @Override
- public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
- return null;
- }
-
- private KeyStore _loadKeyStore() throws Exception {
- FileInputStream trustStoreFis = null;
- try {
- KeyStore localKeyStore = null;
-
- String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType") != null ? System.getProperty("javax.net.ssl.trustStoreType") : KeyStore.getDefaultType();
- String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider") != null ? System.getProperty("javax.net.ssl.trustStoreProvider") : "";
-
- if (trustStoreType.length() != 0) {
- if (trustStoreProvider.length() == 0) {
- localKeyStore = KeyStore.getInstance(trustStoreType);
- } else {
- localKeyStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
- }
-
- char[] keyStorePass = null;
- String str5 = System.getProperty("javax.net.ssl.trustStorePassword") != null ? System.getProperty("javax.net.ssl.trustStorePassword") : "";
-
- if (str5.length() != 0) {
- keyStorePass = str5.toCharArray();
- }
-
- localKeyStore.load(trustStoreFis, keyStorePass);
-
- if (keyStorePass != null) {
- for (int i = 0; i < keyStorePass.length; i++) {
- keyStorePass[i] = 0;
- }
- }
- }
- return localKeyStore;
- } finally {
- if (trustStoreFis != null) {
- trustStoreFis.close();
- }
- }
- }
-
- };
- }
-
- });
- } // startHandshake
- };
- }
- }
|
