EasySSLProtocolSocketFactory.java
6.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
/*
* Decompiled with CFR 0_118.
*
* Could not load the following classes:
* org.apache.commons.httpclient.HttpClientError
* org.apache.commons.httpclient.params.HttpConnectionParams
* org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
* org.slf4j.Logger
* org.slf4j.LoggerFactory
*/
package com.day.cq.replication.impl.transport;
import com.day.cq.replication.impl.transport.EasyX509TrustManager;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import org.apache.commons.httpclient.HttpClientError;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class EasySSLProtocolSocketFactory
implements SecureProtocolSocketFactory {
private static final Logger log = LoggerFactory.getLogger(EasySSLProtocolSocketFactory.class);
private SSLContext sslcontext = null;
private boolean allowExpired;
protected Set<String> disabledSuites;
protected String[] enabledSuites;
public EasySSLProtocolSocketFactory(boolean allowExpired, String[] disabledSuites, String[] enabledSuites) {
this.allowExpired = allowExpired;
this.disabledSuites = disabledSuites == null ? null : new HashSet<String>(Arrays.asList(disabledSuites));
this.enabledSuites = enabledSuites;
}
public EasySSLProtocolSocketFactory(String[] disabledSuites, String[] enabledSuites) {
this.disabledSuites = disabledSuites == null ? null : new HashSet<String>(Arrays.asList(disabledSuites));
this.enabledSuites = enabledSuites;
}
private SSLContext createEasySSLContext() {
try {
SSLContext context = SSLContext.getInstance("SSL");
context.init(null, new TrustManager[]{new EasyX509TrustManager(null, this.allowExpired)}, new SecureRandom());
return context;
}
catch (Exception e) {
log.error("Error while creating SSL context.", (Throwable)e);
throw new HttpClientError(e.toString());
}
}
protected SSLContext getSSLContext() {
if (this.sslcontext == null) {
this.sslcontext = this.createEasySSLContext();
}
return this.sslcontext;
}
public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) throws IOException {
SSLSocket sslSocket = (SSLSocket)this.getSSLContext().getSocketFactory().createSocket(host, port, clientHost, clientPort);
this.enableSuites(sslSocket);
return sslSocket;
}
public Socket createSocket(String host, int port, InetAddress localAddress, int localPort, HttpConnectionParams params) throws IOException {
if (params == null) {
throw new IllegalArgumentException("Parameters may not be null");
}
SSLSocket sslSocket = null;
int timeout = params.getConnectionTimeout();
SSLSocketFactory socketfactory = this.getSSLContext().getSocketFactory();
if (timeout == 0) {
sslSocket = (SSLSocket)socketfactory.createSocket(host, port, localAddress, localPort);
this.enableSuites(sslSocket);
} else {
sslSocket = (SSLSocket)socketfactory.createSocket();
this.enableSuites(sslSocket);
InetSocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
InetSocketAddress remoteaddr = new InetSocketAddress(host, port);
sslSocket.bind(localaddr);
sslSocket.connect(remoteaddr, timeout);
}
return sslSocket;
}
public Socket createSocket(String host, int port) throws IOException {
SSLSocket sslSocket = (SSLSocket)this.getSSLContext().getSocketFactory().createSocket(host, port);
this.enableSuites(sslSocket);
return sslSocket;
}
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
SSLSocket sslSocket = (SSLSocket)this.getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
this.enableSuites(sslSocket);
return sslSocket;
}
public boolean equals(Object obj) {
return obj != null && obj.getClass().equals(EasySSLProtocolSocketFactory.class);
}
public int hashCode() {
return EasySSLProtocolSocketFactory.class.hashCode();
}
protected void enableSuites(SSLSocket sslSocket) {
ArrayList<String> suitesList = new ArrayList<String>();
String[] enabledSuites = sslSocket.getEnabledCipherSuites();
for (int i = 0; i < enabledSuites.length; ++i) {
String suite = enabledSuites[i];
if (this.disabledSuites != null && this.disabledSuites.contains(suite)) {
log.info("Disabling suite: {}", (Object)suite);
continue;
}
suitesList.add(suite);
}
if (this.enabledSuites != null) {
HashSet<String> supportedCipherSuites = new HashSet<String>(Arrays.asList(sslSocket.getSupportedCipherSuites()));
for (int i2 = 0; i2 < this.enabledSuites.length; ++i2) {
String suite = this.enabledSuites[i2];
if (supportedCipherSuites.contains(suite)) {
log.info("Enabling suite: {}", (Object)suite);
suitesList.add(suite);
continue;
}
log.warn("Suite {} specified to be enabled not in supported list.");
}
}
String[] suites = suitesList.toArray(new String[0]);
if (log.isDebugEnabled()) {
for (int i3 = 0; i3 < suites.length; ++i3) {
log.info("Enabled cipher suite: {}", (Object)suites[i3]);
}
}
sslSocket.setEnabledCipherSuites(suites);
}
}