Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Copyright 2014-2015 Amazon Technologies, Inc.
   *
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
   * You may obtain a copy of the License at:
   *
   *    http://aws.amazon.com/apache2.0
   *
  * This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
  * OR CONDITIONS OF ANY KIND, either express or implied. See the
  * License for the specific language governing permissions and
  * limitations under the License.
  */
 package com.amazonaws.http.conn.ssl;
 import java.util.List;
 
 
 
Used to enforce the preferred TLS protocol during SSL handshake.
 
 public class SdkTLSSocketFactory extends SSLSocketFactory {
     private static final Log log = LogFactory.getLog(SdkTLSSocketFactory.class);
     
     public SdkTLSSocketFactory(final SSLContext sslContext,
             final X509HostnameVerifier hostnameVerifier) {
         super(sslContexthostnameVerifier);
     }

    
Used to enforce the preferred TLS protocol during SSL handshake.
 
     @Override
     protected final void prepareSocket(final SSLSocket socket) {
         String[] supported = socket.getSupportedProtocols();
         String[] enabled = socket.getEnabledProtocols();
         if (.isDebugEnabled()) {
             .debug("socket.getSupportedProtocols(): "
                     + Arrays.toString(supported)
                     + ", socket.getEnabledProtocols(): "
                     + Arrays.toString(enabled));
         }
         List<Stringtarget = new ArrayList<String>();
         if (supported != null) {
             // Append the preferred protocols in descending order of preference
             // but only do so if the protocols are supported
             TLSProtocol[] values = TLSProtocol.values();
             for (int i=0; i < values.lengthi++) {
                 final String pname = values[i].getProtocolName();
                 if (existsIn(pnamesupported))
                     target.add(pname);
             }
         }
         if (enabled != null) {
             // Append the rest of the already enabled protocols to the end
             // if not already included in the list
             for (String pnameenabled) {
                 if (!target.contains(pname))
                     target.add(pname);
             }
         }
         if (target.size() > 0) {
             String[] enabling = target.toArray(new String[target.size()]);
             socket.setEnabledProtocols(enabling);
             if (.isDebugEnabled()) {
                 .debug("TLS protocol enabled for SSL handshake: "
                         + Arrays.toString(enabling));
             }
         }
     }
    
Returns true if the given element exists in the given array; false otherwise.
 
    private boolean existsIn(String elementString[] a) {
        for (String sa) {
            if (element.equals(s))
                return true;
        }
        return false;
    }
    @Override
    public Socket connectSocket(
            final Socket socket,
            final InetSocketAddress remoteAddress,
            final InetSocketAddress localAddress,
            final HttpParams params)
            throws IOExceptionUnknownHostExceptionConnectTimeoutException {
        if (.isDebugEnabled())
            .debug("connecting to " + remoteAddress.getAddress() + ":"
                    + remoteAddress.getPort());
        verifyMasterSecret(
            super.connectSocket(socketremoteAddresslocalAddressparams));
        if (socket instanceof SSLSocket)
            return new SdkSSLSocket((SSLSocket)socket);
        return new SdkSocket(socket);
    }

    
Double check the master secret of an SSL session must not be null, or else a java.lang.SecurityException will be thrown.

Parameters:
sock connected socket
    private void verifyMasterSecret(final Socket sock) {
        if (sock instanceof SSLSocket) {
            SSLSocket ssl = (SSLSocket)sock;
            SSLSession session = ssl.getSession();
            if (session != null) {
                String className = session.getClass().getName();
                if ("sun.security.ssl.SSLSessionImpl".equals(className)) {
                    try {
                        Class<?> clazz = Class.forName(className);
                        Method method = clazz.getDeclaredMethod("getMasterSecret");
                        method.setAccessible(true);
                        Object masterSecret = method.invoke(session);
                        if (masterSecret == null)
                            throw log(new SecurityException("Invalid SSL master secret"));
                    } catch (ClassNotFoundException e) {
                        failedToVerifyMasterSecret(e);
                    } catch (NoSuchMethodException e) {
                        failedToVerifyMasterSecret(e);
                    } catch (IllegalAccessException e) {
                        failedToVerifyMasterSecret(e);
                    } catch (InvocationTargetException e) {
                        failedToVerifyMasterSecret(e.getCause());
                    }
                }
            }
        }
        return;
    }
    private void failedToVerifyMasterSecret(Throwable t) {
        if (.isDebugEnabled())
            .debug("Failed to verify the SSL master secret"t);
    }
    private <T extends Throwable> T log(T t) {
        if (.isDebugEnabled())
            .debug(""t);
        return t;
    }
New to GrepCode? Check out our FAQ X