/* * To change this license header, choose License Headers in Project Properti

1. /*
2.  * To change this license header, choose License Headers in Project Properties.
3.  * To change this template file, choose Tools | Templates
4.  * and open the template in the editor.
5.  */
6. package neembuu.uploader.utils;
7.  
8.  import java.security.GeneralSecurityException;
9.  import java.security.SecureRandom;
10.  import java.security.cert.X509Certificate;
11.  import javax.net.ssl.HostnameVerifier;
12.  import javax.net.ssl.HttpsURLConnection;
13.  import javax.net.ssl.SSLContext;
14.  import javax.net.ssl.TrustManager;
15.  import javax.net.ssl.X509TrustManager;
16.  
17.  /**
18.   * This class provide various static methods that relax X509 certificate and
19.   * hostname verification while using the SSL over the HTTP protocol.
20.   *
21.   * @author    Francis Labrie
22.   */
23.  public final class SSLUtilities {
24.    
25.    /**
26.     * Hostname verifier for the Sun's deprecated API.
27.     *
28.     * @deprecated see {@link #_hostnameVerifier}.
29.     */
30.    private static com.sun.net.ssl.HostnameVerifier __hostnameVerifier;
31.    /**
32.     * Thrust managers for the Sun's deprecated API.
33.     *
34.     * @deprecated see {@link #_trustManagers}.
35.     */
36.    private static com.sun.net.ssl.TrustManager[] __trustManagers;
37.    /**
38.     * Hostname verifier.
39.     */
40.    private static HostnameVerifier _hostnameVerifier;
41.    /**
42.     * Thrust managers.
43.     */
44.    private static TrustManager[] _trustManagers;
45.  
46.  
47.    /**
48.     * Set the default Hostname Verifier to an instance of a fake class that
49.     * trust all hostnames. This method uses the old deprecated API from the
50.     * com.sun.ssl package.
51.     *
52.     * @deprecated see {@link #_trustAllHostnames()}.
53.     */
54.    private static void __trustAllHostnames() {
55.        // Create a trust manager that does not validate certificate chains
56.        if(__hostnameVerifier == null) {
57.            __hostnameVerifier = new _FakeHostnameVerifier();
58.        } // if
59.        // Install the all-trusting host name verifier
60.        com.sun.net.ssl.HttpsURLConnection.
61.            setDefaultHostnameVerifier(__hostnameVerifier);
62.    } // __trustAllHttpsCertificates
63.    
64.    /**
65.     * Set the default X509 Trust Manager to an instance of a fake class that
66.     * trust all certificates, even the self-signed ones. This method uses the
67.     * old deprecated API from the com.sun.ssl package.
68.     *
69.     * @deprecated see {@link #_trustAllHttpsCertificates()}.
70.     */
71.    private static void __trustAllHttpsCertificates() {
72.        com.sun.net.ssl.SSLContext context;
73.        
74.        // Create a trust manager that does not validate certificate chains
75.        if(__trustManagers == null) {
76.            __trustManagers = new com.sun.net.ssl.TrustManager[]
77.                {new _FakeX509TrustManager()};
78.        } // if
79.        // Install the all-trusting trust manager
80.        try {
81.            context = com.sun.net.ssl.SSLContext.getInstance("SSL");
82.            context.init(null, __trustManagers, new SecureRandom());
83.        } catch(GeneralSecurityException gse) {
84.            throw new IllegalStateException(gse.getMessage());
85.        } // catch
86.        com.sun.net.ssl.HttpsURLConnection.
87.            setDefaultSSLSocketFactory(context.getSocketFactory());
88.    } // __trustAllHttpsCertificates
89.  
90.    /**
91.     * Return true if the protocol handler property java.
92.     * protocol.handler.pkgs is set to the Sun's com.sun.net.ssl.
93.     * internal.www.protocol deprecated one, false
94.     * otherwise.
95.     *
96.     * @return                true if the protocol handler
97.     * property is set to the Sun's deprecated one, false
98.     * otherwise.
99.     */
100.    private static boolean isDeprecatedSSLProtocol() {
101.        return("com.sun.net.ssl.internal.www.protocol".equals(System.
102.            getProperty("java.protocol.handler.pkgs")));
103.    } // isDeprecatedSSLProtocol
104.  
105.    /**
106.     * Set the default Hostname Verifier to an instance of a fake class that
107.     * trust all hostnames.
108.     */
109.    private static void _trustAllHostnames() {
110.        // Create a trust manager that does not validate certificate chains
111.        if(_hostnameVerifier == null) {
112.            _hostnameVerifier = new FakeHostnameVerifier();
113.        } // if
114.          // Install the all-trusting host name verifier:
115.        HttpsURLConnection.setDefaultHostnameVerifier(_hostnameVerifier);
116.    } // _trustAllHttpsCertificates
117.    
118.    /**
119.     * Set the default X509 Trust Manager to an instance of a fake class that
120.     * trust all certificates, even the self-signed ones.
121.     */
122.    private static void _trustAllHttpsCertificates() {
123.        SSLContext context;
124.        
125.        // Create a trust manager that does not validate certificate chains
126.        if(_trustManagers == null) {
127.            _trustManagers = new TrustManager[] {new FakeX509TrustManager()};
128.        } // if
129.        // Install the all-trusting trust manager:
130.        try {
131.        context = SSLContext.getInstance("SSL");
132.        context.init(null, _trustManagers, new SecureRandom());
133.        } catch(GeneralSecurityException gse) {
134.            throw new IllegalStateException(gse.getMessage());
135.        } // catch
136.        HttpsURLConnection.setDefaultSSLSocketFactory(context.
137.            getSocketFactory());
138.    } // _trustAllHttpsCertificates
139.  
140.    /**
141.     * Set the default Hostname Verifier to an instance of a fake class that
142.     * trust all hostnames.
143.     */
144.    public static void trustAllHostnames() {
145.        // Is the deprecated protocol setted?
146.        if(isDeprecatedSSLProtocol()) {
147.            __trustAllHostnames();
148.        } else {
149.            _trustAllHostnames();
150.        } // else
151.    } // trustAllHostnames
152.    
153.    /**
154.     * Set the default X509 Trust Manager to an instance of a fake class that
155.     * trust all certificates, even the self-signed ones.
156.     */
157.    public static void trustAllHttpsCertificates() {
158.        // Is the deprecated protocol setted?
159.        if(isDeprecatedSSLProtocol()) {
160.            __trustAllHttpsCertificates();
161.        } else {
162.            _trustAllHttpsCertificates();
163.        } // else
164.    } // trustAllHttpsCertificates
165.    
166.    /**
167.     * This class implements a fake hostname verificator, trusting any host
168.     * name. This class uses the old deprecated API from the com.sun.
169.     * ssl package.
170.     *
171.     * @author    Francis Labrie
172.     *
173.     * @deprecated see {@link SSLUtilities.FakeHostnameVerifier}.
174.     */
175.    public static class _FakeHostnameVerifier
176.        implements com.sun.net.ssl.HostnameVerifier {
177.        
178.        /**
179.         * Always return true, indicating that the host name is an
180.         * acceptable match with the server's authentication scheme.
181.         *
182.         * @param hostname        the host name.
183.         * @param session         the SSL session used on the connection to
184.         * host.
185.         * @return                the true boolean value
186.         * indicating the host name is trusted.
187.         */
188.        public boolean verify(String hostname, String session) {
189.            return(true);
190.        } // verify
191.    } // _FakeHostnameVerifier
192.  
193.  
194.    /**
195.     * This class allow any X509 certificates to be used to authenticate the
196.     * remote side of a secure socket, including self-signed certificates. This
197.     * class uses the old deprecated API from the com.sun.ssl
198.     * package.
199.     *
200.     * @author    Francis Labrie
201.     *
202.     * @deprecated see {@link SSLUtilities.FakeX509TrustManager}.
203.     */
204.    public static class _FakeX509TrustManager
205.        implements com.sun.net.ssl.X509TrustManager {
206.    
207.        /**
208.         * Empty array of certificate authority certificates.
209.         */
210.        private static final X509Certificate[] _AcceptedIssuers =
211.            new X509Certificate[] {};
212.        
213.        
214.        /**
215.         * Always return true, trusting for client SSL
216.         * chain peer certificate chain.
217.         *
218.         * @param chain           the peer certificate chain.
219.         * @return                the true boolean value
220.         * indicating the chain is trusted.
221.         */
222.        public boolean isClientTrusted(X509Certificate[] chain) {
223.            return(true);
224.        } // checkClientTrusted
225.        
226.        /**
227.         * Always return true, trusting for server SSL
228.         * chain peer certificate chain.
229.         *
230.         * @param chain           the peer certificate chain.
231.         * @return                the true boolean value
232.         * indicating the chain is trusted.
233.         */
234.        public boolean isServerTrusted(X509Certificate[] chain) {
235.            return(true);
236.        } // checkServerTrusted
237.        
238.        /**
239.         * Return an empty array of certificate authority certificates which
240.         * are trusted for authenticating peers.
241.         *
242.         * @return                a empty array of issuer certificates.
243.         */
244.        public X509Certificate[] getAcceptedIssuers() {
245.            return(_AcceptedIssuers);
246.        } // getAcceptedIssuers
247.    } // _FakeX509TrustManager
248.  
249.  
250.    /**
251.     * This class implements a fake hostname verificator, trusting any host
252.     * name.
253.     *
254.     * @author    Francis Labrie
255.     */
256.    public static class FakeHostnameVerifier implements HostnameVerifier {
257.        
258.        /**
259.         * Always return true, indicating that the host name is
260.         * an acceptable match with the server's authentication scheme.
261.         *
262.         * @param hostname        the host name.
263.         * @param session         the SSL session used on the connection to
264.         * host.
265.         * @return                the true boolean value
266.         * indicating the host name is trusted.
267.         */
268.        public boolean verify(String hostname,
269.            javax.net.ssl.SSLSession session) {
270.            return(true);
271.        } // verify
272.    } // FakeHostnameVerifier
273.  
274.  
275.    /**
276.     * This class allow any X509 certificates to be used to authenticate the
277.     * remote side of a secure socket, including self-signed certificates.
278.     *
279.     * @author    Francis Labrie
280.     */
281.    public static class FakeX509TrustManager implements X509TrustManager {
282.  
283.        /**
284.         * Empty array of certificate authority certificates.
285.         */
286.        private static final X509Certificate[] _AcceptedIssuers =
287.            new X509Certificate[] {};
288.  
289.  
290.        /**
291.         * Always trust for client SSL chain peer certificate
292.         * chain with any authType authentication types.
293.         *
294.         * @param chain           the peer certificate chain.
295.         * @param authType        the authentication type based on the client
296.         * certificate.
297.         */
298.        public void checkClientTrusted(X509Certificate[] chain,
299.            String authType) {
300.        } // checkClientTrusted
301.        
302.        /**
303.         * Always trust for server SSL chain peer certificate
304.         * chain with any authType exchange algorithm types.
305.         *
306.         * @param chain           the peer certificate chain.
307.         * @param authType        the key exchange algorithm used.
308.         */
309.        public void checkServerTrusted(X509Certificate[] chain,
310.            String authType) {
311.        } // checkServerTrusted
312.        
313.        /**
314.         * Return an empty array of certificate authority certificates which
315.         * are trusted for authenticating peers.
316.         *
317.         * @return                a empty array of issuer certificates.
318.         */
319.        public X509Certificate[] getAcceptedIssuers() {
320.            return(_AcceptedIssuers);
321.        } // getAcceptedIssuers
322.    } // FakeX509TrustManager
323.  } // SSLUtilities