"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java" between
httpcomponents-client-4.5.7-src.tar.gz and httpcomponents-client-4.5.8-src.tar.gz

About: HttpComponents is an Apache project responsible for creating and maintaining a toolset of low level Java components focused on HTTP and associated protocols. Java sources.

SSLConnectionSocketFactory.java  (httpcomponents-client-4.5.7-src):SSLConnectionSocketFactory.java  (httpcomponents-client-4.5.8-src)
skipping to change at line 39 skipping to change at line 39
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.net.Socket; import java.net.Socket;
import java.security.cert.Certificate; import java.security.cert.Certificate;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.regex.Pattern;
import javax.net.SocketFactory; import javax.net.SocketFactory;
import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocket;
import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal;
skipping to change at line 166 skipping to change at line 168
public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIE R public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIE R
= BrowserCompatHostnameVerifier.INSTANCE; = BrowserCompatHostnameVerifier.INSTANCE;
/** /**
* @deprecated Use {@link StrictHostnameVerifier#INSTANCE}. * @deprecated Use {@link StrictHostnameVerifier#INSTANCE}.
*/ */
@Deprecated @Deprecated
public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
= StrictHostnameVerifier.INSTANCE; = StrictHostnameVerifier.INSTANCE;
private static final String WEAK_KEY_EXCHANGES
= "^(TLS|SSL)_(NULL|ECDH_anon|DH_anon|DH_anon_EXPORT|DHE_RSA_EXPORT|
DHE_DSS_EXPORT|"
+ "DSS_EXPORT|DH_DSS_EXPORT|DH_RSA_EXPORT|RSA_EXPORT|KRB5_EXPORT)_(.
*)";
private static final String WEAK_CIPHERS
= "^(TLS|SSL)_(.*)_WITH_(NULL|DES_CBC|DES40_CBC|DES_CBC_40|3DES_EDE_
CBC|RC4_128|RC4_40|RC2_CBC_40)_(.*)";
private static final List<Pattern> WEAK_CIPHER_SUITE_PATTERNS = Collections.
unmodifiableList(Arrays.asList(
Pattern.compile(WEAK_KEY_EXCHANGES, Pattern.CASE_INSENSITIVE),
Pattern.compile(WEAK_CIPHERS, Pattern.CASE_INSENSITIVE)));
private final Log log = LogFactory.getLog(getClass()); private final Log log = LogFactory.getLog(getClass());
/** /**
* @since 4.4 * @since 4.4
*/ */
public static HostnameVerifier getDefaultHostnameVerifier() { public static HostnameVerifier getDefaultHostnameVerifier() {
return new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault( )); return new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault( ));
} }
/** /**
* Obtains default SSL socket factory with an SSL context based on the stand ard JSSE * Obtains default SSL socket factory with an SSL context based on the stand ard JSSE
* trust material ({@code cacerts} file in the security properties directory ). * trust material ({@code cacerts} file in the security properties directory ).
* System properties are not taken into consideration. * System properties are not taken into consideration.
* *
* @return default SSL socket factory * @return default SSL socket factory
*/ */
public static SSLConnectionSocketFactory getSocketFactory() throws SSLInitia lizationException { public static SSLConnectionSocketFactory getSocketFactory() throws SSLInitia lizationException {
return new SSLConnectionSocketFactory(SSLContexts.createDefault(), getDe faultHostnameVerifier()); return new SSLConnectionSocketFactory(SSLContexts.createDefault(), getDe faultHostnameVerifier());
} }
static boolean isWeakCipherSuite(final String cipherSuite) {
for (final Pattern pattern : WEAK_CIPHER_SUITE_PATTERNS) {
if (pattern.matcher(cipherSuite).matches()) {
return true;
}
}
return false;
}
private static String[] split(final String s) { private static String[] split(final String s) {
if (TextUtils.isBlank(s)) { if (TextUtils.isBlank(s)) {
return null; return null;
} }
return s.split(" *, *"); return s.split(" *, *");
} }
/** /**
* Obtains default SSL socket factory with an SSL context based on system pr operties * Obtains default SSL socket factory with an SSL context based on system pr operties
* as described in * as described in
skipping to change at line 395 skipping to change at line 415
if (!protocol.startsWith("SSL")) { if (!protocol.startsWith("SSL")) {
enabledProtocols.add(protocol); enabledProtocols.add(protocol);
} }
} }
if (!enabledProtocols.isEmpty()) { if (!enabledProtocols.isEmpty()) {
sslsock.setEnabledProtocols(enabledProtocols.toArray(new String[ enabledProtocols.size()])); sslsock.setEnabledProtocols(enabledProtocols.toArray(new String[ enabledProtocols.size()]));
} }
} }
if (supportedCipherSuites != null) { if (supportedCipherSuites != null) {
sslsock.setEnabledCipherSuites(supportedCipherSuites); sslsock.setEnabledCipherSuites(supportedCipherSuites);
} else {
// If cipher suites are not explicitly set, remove all insecure ones
final String[] allCipherSuites = sslsock.getEnabledCipherSuites();
final List<String> enabledCipherSuites = new ArrayList<String>(allCi
pherSuites.length);
for (final String cipherSuite : allCipherSuites) {
if (!isWeakCipherSuite(cipherSuite)) {
enabledCipherSuites.add(cipherSuite);
}
}
if (!enabledCipherSuites.isEmpty()) {
sslsock.setEnabledCipherSuites(enabledCipherSuites.toArray(new S
tring[enabledCipherSuites.size()]));
}
} }
if (this.log.isDebugEnabled()) { if (this.log.isDebugEnabled()) {
this.log.debug("Enabled protocols: " + Arrays.asList(sslsock.getEnab ledProtocols())); this.log.debug("Enabled protocols: " + Arrays.asList(sslsock.getEnab ledProtocols()));
this.log.debug("Enabled cipher suites:" + Arrays.asList(sslsock.getE nabledCipherSuites())); this.log.debug("Enabled cipher suites:" + Arrays.asList(sslsock.getE nabledCipherSuites()));
} }
prepareSocket(sslsock); prepareSocket(sslsock);
this.log.debug("Starting handshake"); this.log.debug("Starting handshake");
sslsock.startHandshake(); sslsock.startHandshake();
 End of changes. 5 change blocks. 
0 lines changed or deleted 38 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)