is an Apache project responsible for creating and maintaining a toolset of low level Java components focused on HTTP and associated protocols. Java sources.
| SSLConnectionSocketFactory.java (httpcomponents-client-4.5.7-src) | : | SSLConnectionSocketFactory.java (httpcomponents-client-4.5.8-src) |
|---|
| | |
| skipping to change at line 39 | | skipping to change at line 39 |
|---|
| | |
| import java.io.IOException; | | import java.io.IOException; |
| import java.io.InputStream; | | import java.io.InputStream; |
| import java.net.InetSocketAddress; | | import java.net.InetSocketAddress; |
| import java.net.Socket; | | import java.net.Socket; |
| import java.security.cert.Certificate; | | import java.security.cert.Certificate; |
| import java.security.cert.X509Certificate; | | import java.security.cert.X509Certificate; |
| import java.util.ArrayList; | | import java.util.ArrayList; |
| import java.util.Arrays; | | import java.util.Arrays; |
| import java.util.Collection; | | import java.util.Collection; |
|
| | import java.util.Collections; |
| import java.util.List; | | import java.util.List; |
|
| | import java.util.regex.Pattern; |
| | |
| import javax.net.SocketFactory; | | import javax.net.SocketFactory; |
| import javax.net.ssl.HostnameVerifier; | | import javax.net.ssl.HostnameVerifier; |
| import javax.net.ssl.SSLContext; | | import javax.net.ssl.SSLContext; |
| import javax.net.ssl.SSLHandshakeException; | | import javax.net.ssl.SSLHandshakeException; |
| import javax.net.ssl.SSLPeerUnverifiedException; | | import javax.net.ssl.SSLPeerUnverifiedException; |
| import javax.net.ssl.SSLSession; | | import javax.net.ssl.SSLSession; |
| import javax.net.ssl.SSLSocket; | | import javax.net.ssl.SSLSocket; |
| import javax.security.auth.x500.X500Principal; | | import javax.security.auth.x500.X500Principal; |
| | |
| | |
| skipping to change at line 166 | | skipping to change at line 168 |
|---|
| public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIE
R | | public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIE
R |
| = BrowserCompatHostnameVerifier.INSTANCE; | | = BrowserCompatHostnameVerifier.INSTANCE; |
| | |
| /** | | /** |
| * @deprecated Use {@link StrictHostnameVerifier#INSTANCE}. | | * @deprecated Use {@link StrictHostnameVerifier#INSTANCE}. |
| */ | | */ |
| @Deprecated | | @Deprecated |
| public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER | | public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER |
| = StrictHostnameVerifier.INSTANCE; | | = StrictHostnameVerifier.INSTANCE; |
| | |
|
| | private static final String WEAK_KEY_EXCHANGES |
| | = "^(TLS|SSL)_(NULL|ECDH_anon|DH_anon|DH_anon_EXPORT|DHE_RSA_EXPORT| |
| | DHE_DSS_EXPORT|" |
| | + "DSS_EXPORT|DH_DSS_EXPORT|DH_RSA_EXPORT|RSA_EXPORT|KRB5_EXPORT)_(. |
| | *)"; |
| | private static final String WEAK_CIPHERS |
| | = "^(TLS|SSL)_(.*)_WITH_(NULL|DES_CBC|DES40_CBC|DES_CBC_40|3DES_EDE_ |
| | CBC|RC4_128|RC4_40|RC2_CBC_40)_(.*)"; |
| | private static final List<Pattern> WEAK_CIPHER_SUITE_PATTERNS = Collections. |
| | unmodifiableList(Arrays.asList( |
| | Pattern.compile(WEAK_KEY_EXCHANGES, Pattern.CASE_INSENSITIVE), |
| | Pattern.compile(WEAK_CIPHERS, Pattern.CASE_INSENSITIVE))); |
| | |
| private final Log log = LogFactory.getLog(getClass()); | | private final Log log = LogFactory.getLog(getClass()); |
| | |
| /** | | /** |
| * @since 4.4 | | * @since 4.4 |
| */ | | */ |
| public static HostnameVerifier getDefaultHostnameVerifier() { | | public static HostnameVerifier getDefaultHostnameVerifier() { |
| return new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault(
)); | | return new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault(
)); |
| } | | } |
| | |
| /** | | /** |
| * Obtains default SSL socket factory with an SSL context based on the stand
ard JSSE | | * Obtains default SSL socket factory with an SSL context based on the stand
ard JSSE |
| * trust material ({@code cacerts} file in the security properties directory
). | | * trust material ({@code cacerts} file in the security properties directory
). |
| * System properties are not taken into consideration. | | * System properties are not taken into consideration. |
| * | | * |
| * @return default SSL socket factory | | * @return default SSL socket factory |
| */ | | */ |
| public static SSLConnectionSocketFactory getSocketFactory() throws SSLInitia
lizationException { | | public static SSLConnectionSocketFactory getSocketFactory() throws SSLInitia
lizationException { |
| return new SSLConnectionSocketFactory(SSLContexts.createDefault(), getDe
faultHostnameVerifier()); | | return new SSLConnectionSocketFactory(SSLContexts.createDefault(), getDe
faultHostnameVerifier()); |
| } | | } |
| | |
|
| | static boolean isWeakCipherSuite(final String cipherSuite) { |
| | for (final Pattern pattern : WEAK_CIPHER_SUITE_PATTERNS) { |
| | if (pattern.matcher(cipherSuite).matches()) { |
| | return true; |
| | } |
| | } |
| | return false; |
| | } |
| | |
| private static String[] split(final String s) { | | private static String[] split(final String s) { |
| if (TextUtils.isBlank(s)) { | | if (TextUtils.isBlank(s)) { |
| return null; | | return null; |
| } | | } |
| return s.split(" *, *"); | | return s.split(" *, *"); |
| } | | } |
| | |
| /** | | /** |
| * Obtains default SSL socket factory with an SSL context based on system pr
operties | | * Obtains default SSL socket factory with an SSL context based on system pr
operties |
| * as described in | | * as described in |
| | |
| skipping to change at line 395 | | skipping to change at line 415 |
|---|
| if (!protocol.startsWith("SSL")) { | | if (!protocol.startsWith("SSL")) { |
| enabledProtocols.add(protocol); | | enabledProtocols.add(protocol); |
| } | | } |
| } | | } |
| if (!enabledProtocols.isEmpty()) { | | if (!enabledProtocols.isEmpty()) { |
| sslsock.setEnabledProtocols(enabledProtocols.toArray(new String[
enabledProtocols.size()])); | | sslsock.setEnabledProtocols(enabledProtocols.toArray(new String[
enabledProtocols.size()])); |
| } | | } |
| } | | } |
| if (supportedCipherSuites != null) { | | if (supportedCipherSuites != null) { |
| sslsock.setEnabledCipherSuites(supportedCipherSuites); | | sslsock.setEnabledCipherSuites(supportedCipherSuites); |
|
| | } else { |
| | // If cipher suites are not explicitly set, remove all insecure ones |
| | final String[] allCipherSuites = sslsock.getEnabledCipherSuites(); |
| | final List<String> enabledCipherSuites = new ArrayList<String>(allCi |
| | pherSuites.length); |
| | for (final String cipherSuite : allCipherSuites) { |
| | if (!isWeakCipherSuite(cipherSuite)) { |
| | enabledCipherSuites.add(cipherSuite); |
| | } |
| | } |
| | if (!enabledCipherSuites.isEmpty()) { |
| | sslsock.setEnabledCipherSuites(enabledCipherSuites.toArray(new S |
| | tring[enabledCipherSuites.size()])); |
| | } |
| } | | } |
| | |
| if (this.log.isDebugEnabled()) { | | if (this.log.isDebugEnabled()) { |
| this.log.debug("Enabled protocols: " + Arrays.asList(sslsock.getEnab
ledProtocols())); | | this.log.debug("Enabled protocols: " + Arrays.asList(sslsock.getEnab
ledProtocols())); |
| this.log.debug("Enabled cipher suites:" + Arrays.asList(sslsock.getE
nabledCipherSuites())); | | this.log.debug("Enabled cipher suites:" + Arrays.asList(sslsock.getE
nabledCipherSuites())); |
| } | | } |
| | |
| prepareSocket(sslsock); | | prepareSocket(sslsock); |
| this.log.debug("Starting handshake"); | | this.log.debug("Starting handshake"); |
| sslsock.startHandshake(); | | sslsock.startHandshake(); |
| | | |
| End of changes. 5 change blocks. |
|---|
| 0 lines changed or deleted | | 38 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 