Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
- */
- package neembuu.uploader.utils;
- import java.security.GeneralSecurityException;
- import java.security.SecureRandom;
- import java.security.cert.X509Certificate;
- import javax.net.ssl.HostnameVerifier;
- import javax.net.ssl.HttpsURLConnection;
- import javax.net.ssl.SSLContext;
- import javax.net.ssl.TrustManager;
- import javax.net.ssl.X509TrustManager;
- /**
- * This class provide various static methods that relax X509 certificate and
- * hostname verification while using the SSL over the HTTP protocol.
- *
- * @author Francis Labrie
- */
- public final class SSLUtilities {
- /**
- * Hostname verifier for the Sun's deprecated API.
- *
- * @deprecated see {@link #_hostnameVerifier}.
- */
- private static com.sun.net.ssl.HostnameVerifier __hostnameVerifier;
- /**
- * Thrust managers for the Sun's deprecated API.
- *
- * @deprecated see {@link #_trustManagers}.
- */
- private static com.sun.net.ssl.TrustManager[] __trustManagers;
- /**
- * Hostname verifier.
- */
- private static HostnameVerifier _hostnameVerifier;
- /**
- * Thrust managers.
- */
- private static TrustManager[] _trustManagers;
- /**
- * Set the default Hostname Verifier to an instance of a fake class that
- * trust all hostnames. This method uses the old deprecated API from the
- * com.sun.ssl package.
- *
- * @deprecated see {@link #_trustAllHostnames()}.
- */
- private static void __trustAllHostnames() {
- // Create a trust manager that does not validate certificate chains
- if(__hostnameVerifier == null) {
- __hostnameVerifier = new _FakeHostnameVerifier();
- } // if
- // Install the all-trusting host name verifier
- com.sun.net.ssl.HttpsURLConnection.
- setDefaultHostnameVerifier(__hostnameVerifier);
- } // __trustAllHttpsCertificates
- /**
- * Set the default X509 Trust Manager to an instance of a fake class that
- * trust all certificates, even the self-signed ones. This method uses the
- * old deprecated API from the com.sun.ssl package.
- *
- * @deprecated see {@link #_trustAllHttpsCertificates()}.
- */
- private static void __trustAllHttpsCertificates() {
- com.sun.net.ssl.SSLContext context;
- // Create a trust manager that does not validate certificate chains
- if(__trustManagers == null) {
- __trustManagers = new com.sun.net.ssl.TrustManager[]
- {new _FakeX509TrustManager()};
- } // if
- // Install the all-trusting trust manager
- try {
- context = com.sun.net.ssl.SSLContext.getInstance("SSL");
- context.init(null, __trustManagers, new SecureRandom());
- } catch(GeneralSecurityException gse) {
- throw new IllegalStateException(gse.getMessage());
- } // catch
- com.sun.net.ssl.HttpsURLConnection.
- setDefaultSSLSocketFactory(context.getSocketFactory());
- } // __trustAllHttpsCertificates
- /**
- * Return true if the protocol handler property java.
- * protocol.handler.pkgs is set to the Sun's com.sun.net.ssl.
- * internal.www.protocol deprecated one, false
- * otherwise.
- *
- * @return true if the protocol handler
- * property is set to the Sun's deprecated one, false
- * otherwise.
- */
- private static boolean isDeprecatedSSLProtocol() {
- return("com.sun.net.ssl.internal.www.protocol".equals(System.
- getProperty("java.protocol.handler.pkgs")));
- } // isDeprecatedSSLProtocol
- /**
- * Set the default Hostname Verifier to an instance of a fake class that
- * trust all hostnames.
- */
- private static void _trustAllHostnames() {
- // Create a trust manager that does not validate certificate chains
- if(_hostnameVerifier == null) {
- _hostnameVerifier = new FakeHostnameVerifier();
- } // if
- // Install the all-trusting host name verifier:
- HttpsURLConnection.setDefaultHostnameVerifier(_hostnameVerifier);
- } // _trustAllHttpsCertificates
- /**
- * Set the default X509 Trust Manager to an instance of a fake class that
- * trust all certificates, even the self-signed ones.
- */
- private static void _trustAllHttpsCertificates() {
- SSLContext context;
- // Create a trust manager that does not validate certificate chains
- if(_trustManagers == null) {
- _trustManagers = new TrustManager[] {new FakeX509TrustManager()};
- } // if
- // Install the all-trusting trust manager:
- try {
- context = SSLContext.getInstance("SSL");
- context.init(null, _trustManagers, new SecureRandom());
- } catch(GeneralSecurityException gse) {
- throw new IllegalStateException(gse.getMessage());
- } // catch
- HttpsURLConnection.setDefaultSSLSocketFactory(context.
- getSocketFactory());
- } // _trustAllHttpsCertificates
- /**
- * Set the default Hostname Verifier to an instance of a fake class that
- * trust all hostnames.
- */
- public static void trustAllHostnames() {
- // Is the deprecated protocol setted?
- if(isDeprecatedSSLProtocol()) {
- __trustAllHostnames();
- } else {
- _trustAllHostnames();
- } // else
- } // trustAllHostnames
- /**
- * Set the default X509 Trust Manager to an instance of a fake class that
- * trust all certificates, even the self-signed ones.
- */
- public static void trustAllHttpsCertificates() {
- // Is the deprecated protocol setted?
- if(isDeprecatedSSLProtocol()) {
- __trustAllHttpsCertificates();
- } else {
- _trustAllHttpsCertificates();
- } // else
- } // trustAllHttpsCertificates
- /**
- * This class implements a fake hostname verificator, trusting any host
- * name. This class uses the old deprecated API from the com.sun.
- * ssl package.
- *
- * @author Francis Labrie
- *
- * @deprecated see {@link SSLUtilities.FakeHostnameVerifier}.
- */
- public static class _FakeHostnameVerifier
- implements com.sun.net.ssl.HostnameVerifier {
- /**
- * Always return true, indicating that the host name is an
- * acceptable match with the server's authentication scheme.
- *
- * @param hostname the host name.
- * @param session the SSL session used on the connection to
- * host.
- * @return the true boolean value
- * indicating the host name is trusted.
- */
- public boolean verify(String hostname, String session) {
- return(true);
- } // verify
- } // _FakeHostnameVerifier
- /**
- * This class allow any X509 certificates to be used to authenticate the
- * remote side of a secure socket, including self-signed certificates. This
- * class uses the old deprecated API from the com.sun.ssl
- * package.
- *
- * @author Francis Labrie
- *
- * @deprecated see {@link SSLUtilities.FakeX509TrustManager}.
- */
- public static class _FakeX509TrustManager
- implements com.sun.net.ssl.X509TrustManager {
- /**
- * Empty array of certificate authority certificates.
- */
- private static final X509Certificate[] _AcceptedIssuers =
- new X509Certificate[] {};
- /**
- * Always return true, trusting for client SSL
- * chain peer certificate chain.
- *
- * @param chain the peer certificate chain.
- * @return the true boolean value
- * indicating the chain is trusted.
- */
- public boolean isClientTrusted(X509Certificate[] chain) {
- return(true);
- } // checkClientTrusted
- /**
- * Always return true, trusting for server SSL
- * chain peer certificate chain.
- *
- * @param chain the peer certificate chain.
- * @return the true boolean value
- * indicating the chain is trusted.
- */
- public boolean isServerTrusted(X509Certificate[] chain) {
- return(true);
- } // checkServerTrusted
- /**
- * Return an empty array of certificate authority certificates which
- * are trusted for authenticating peers.
- *
- * @return a empty array of issuer certificates.
- */
- public X509Certificate[] getAcceptedIssuers() {
- return(_AcceptedIssuers);
- } // getAcceptedIssuers
- } // _FakeX509TrustManager
- /**
- * This class implements a fake hostname verificator, trusting any host
- * name.
- *
- * @author Francis Labrie
- */
- public static class FakeHostnameVerifier implements HostnameVerifier {
- /**
- * Always return true, indicating that the host name is
- * an acceptable match with the server's authentication scheme.
- *
- * @param hostname the host name.
- * @param session the SSL session used on the connection to
- * host.
- * @return the true boolean value
- * indicating the host name is trusted.
- */
- public boolean verify(String hostname,
- javax.net.ssl.SSLSession session) {
- return(true);
- } // verify
- } // FakeHostnameVerifier
- /**
- * This class allow any X509 certificates to be used to authenticate the
- * remote side of a secure socket, including self-signed certificates.
- *
- * @author Francis Labrie
- */
- public static class FakeX509TrustManager implements X509TrustManager {
- /**
- * Empty array of certificate authority certificates.
- */
- private static final X509Certificate[] _AcceptedIssuers =
- new X509Certificate[] {};
- /**
- * Always trust for client SSL chain peer certificate
- * chain with any authType authentication types.
- *
- * @param chain the peer certificate chain.
- * @param authType the authentication type based on the client
- * certificate.
- */
- public void checkClientTrusted(X509Certificate[] chain,
- String authType) {
- } // checkClientTrusted
- /**
- * Always trust for server SSL chain peer certificate
- * chain with any authType exchange algorithm types.
- *
- * @param chain the peer certificate chain.
- * @param authType the key exchange algorithm used.
- */
- public void checkServerTrusted(X509Certificate[] chain,
- String authType) {
- } // checkServerTrusted
- /**
- * Return an empty array of certificate authority certificates which
- * are trusted for authenticating peers.
- *
- * @return a empty array of issuer certificates.
- */
- public X509Certificate[] getAcceptedIssuers() {
- return(_AcceptedIssuers);
- } // getAcceptedIssuers
- } // FakeX509TrustManager
- } // SSLUtilities
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement