packagecn.cbsw.tools;importjava.io.ByteArrayInputStream;importjava.io.ByteArrayOutputStream;importjava.io.DataOutputStream;importjava.io.FileInputStream;importjava.io.IOException;importjava.io.InputStream;importjava.io.OutputStream;importjava.net.InetAddress;importjava.net.InetSocketAddress;importjava.net.Socket;importjava.net.UnknownHostException;importjava.security.KeyStore;importjava.security.Principal;importjava.security.SecureRandom;importjava.security.Security;importjava.security.cert.CertificateExpiredException;importjava.security.cert.CertificateFactory;importjava.util.Hashtable;importjava.util.LinkedList;importjava.util.List;importjavax.net.ssl.HandshakeCompletedListener;importjavax.net.ssl.SSLPeerUnverifiedException;importjavax.net.ssl.SSLSession;importjavax.net.ssl.SSLSessionContext;importjavax.net.ssl.SSLSocket;importjavax.net.ssl.SSLSocketFactory;importjavax.security.cert.X509Certificate;importorg.bouncycastle.crypto.tls.Certificate;importorg.bouncycastle.crypto.tls.CertificateRequest;importorg.bouncycastle.crypto.tls.DefaultTlsClient;importorg.bouncycastle.crypto.tls.ExtensionType;importorg.bouncycastle.crypto.tls.TlsAuthentication;importorg.bouncycastle.crypto.tls.TlsClientProtocol;importorg.bouncycastle.crypto.tls.TlsCredentials;importorg.bouncycastle.jce.provider.BouncyCastleProvider;/*** 建立一个自己的ssl类*/
public class TLSSocketConnectionFactory extendsSSLSocketFactory{static{if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(newBouncyCastleProvider());
}
}
@Overridepublic Socket createSocket(Socket socket, final String host, intport,boolean arg3) throwsIOException {if (socket == null) {
socket= newSocket();
}if (!socket.isConnected()) {
socket.connect(newInetSocketAddress(host, port));
}final TlsClientProtocol tlsClientProtocol = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), newSecureRandom());return_createSSLSocket(host, tlsClientProtocol);
}
@Overridepublic String[] getDefaultCipherSuites() { return null; }
@Overridepublic String[] getSupportedCipherSuites() { return null; }
@Overridepublic Socket createSocket(String host, int port) throws IOException, UnknownHostException { return null; }
@Overridepublic Socket createSocket(InetAddress host, int port) throws IOException { return null; }
@Overridepublic Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return null; }
@Overridepublic Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { return null; }private SSLSocket _createSSLSocket(final String host, finalTlsClientProtocol tlsClientProtocol) {return newSSLSocket() {privatejava.security.cert.Certificate[] peertCerts;
@Overridepublic InputStream getInputStream() throws IOException { returntlsClientProtocol.getInputStream(); }
@Overridepublic OutputStream getOutputStream() throws IOException { returntlsClientProtocol.getOutputStream(); }
@Overridepublic synchronized void close() throwsIOException { tlsClientProtocol.close(); }
@Overridepublic voidaddHandshakeCompletedListener( HandshakeCompletedListener arg0) { }
@Overridepublic boolean getEnableSessionCreation() { return false; }
@Overridepublic String[] getEnabledCipherSuites() { return null; }
@Overridepublic String[] getEnabledProtocols() { return null; }
@Overridepublic boolean getNeedClientAuth() { return false; }
@OverridepublicSSLSession getSession() {return newSSLSession() {/*原本这些方法都是直接throw UnsupportedOperationException 导致看不到真实异常*/@Overridepublic intgetApplicationBufferSize() {return 0;
}
@Overridepublic String getCipherSuite() { return null; }
@Overridepublic long getCreationTime() { return 0; }
@Overridepublic byte[] getId() { return null; }
@Overridepublic long getLastAccessedTime() { return 0; }
@Overridepublic java.security.cert.Certificate[] getLocalCertificates() { return null; }
@Overridepublic Principal getLocalPrincipal() { return null; }
@Overridepublic int getPacketBufferSize() { return 0; }
@Overridepublic X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException { return null; }
@Overridepublic java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { returnpeertCerts; }
@Overridepublic String getPeerHost() { return null; }
@Overridepublic int getPeerPort() { return 0; }
@Overridepublic Principal getPeerPrincipal() throws SSLPeerUnverifiedException { return null; }
@Overridepublic String getProtocol() { return null; }
@Overridepublic SSLSessionContext getSessionContext() { return null; }
@Overridepublic Object getValue(String arg0) { return null; }
@Overridepublic String[] getValueNames() { return null; }
@Overridepublic void invalidate() { return; }
@Overridepublic boolean isValid() { return true; }
@Overridepublic void putValue(String arg0, Object arg1) { return; }
@Overridepublic voidremoveValue(String arg0) {return;
}
};
}
@Overridepublic String[] getSupportedProtocols() { return null; }
@Overridepublic boolean getUseClientMode() { return false; }
@Overridepublic boolean getWantClientAuth() { return false; }
@Overridepublic voidremoveHandshakeCompletedListener(HandshakeCompletedListener arg0) { }
@Overridepublic void setEnableSessionCreation(booleanarg0) { }
@Overridepublic voidsetEnabledCipherSuites(String[] arg0) { }
@Overridepublic voidsetEnabledProtocols(String[] arg0) { }
@Overridepublic void setNeedClientAuth(booleanarg0) { }
@Overridepublic void setUseClientMode(booleanarg0) { }
@Overridepublic void setWantClientAuth(booleanarg0) { }
@Overridepublic String[] getSupportedCipherSuites() { return null; }
@Overridepublic void startHandshake() throwsIOException {
tlsClientProtocol.connect(newDefaultTlsClient() {
@SuppressWarnings("unchecked")
@Overridepublic Hashtable getClientExtensions() throwsIOException {
Hashtable clientExtensions = super.getClientExtensions();if (clientExtensions == null) {
clientExtensions= new Hashtable();
}//Add host_name
byte[] host_name =host.getBytes();final ByteArrayOutputStream baos = newByteArrayOutputStream();final DataOutputStream dos = newDataOutputStream(baos);
dos.writeShort(host_name.length+ 3);
dos.writeByte(0);
dos.writeShort(host_name.length);
dos.write(host_name);
dos.close();
clientExtensions.put(ExtensionType.server_name, baos.toByteArray());returnclientExtensions;
}
@Overridepublic TlsAuthentication getAuthentication() throwsIOException {return newTlsAuthentication() {
@Overridepublic void notifyServerCertificate(Certificate serverCertificate) throwsIOException {try{
KeyStore ks=_loadKeyStore();
CertificateFactory cf= CertificateFactory.getInstance("X.509");
List certs = new LinkedList();boolean trustedCertificate = false;for( org.bouncycastle.asn1.x509.Certificate c : serverCertificate.getCertificateList()) {
java.security.cert.Certificate cert= cf.generateCertificate(newByteArrayInputStream(c.getEncoded()));
certs.add(cert);
String alias=ks.getCertificateAlias(cert);if(alias != null) {if (cert instanceofjava.security.cert.X509Certificate) {try{
( (java.security.cert.X509Certificate) cert).checkValidity();
trustedCertificate= true;
}catch(CertificateExpiredException cee) {//Accept all the certs!
}
}
}else{//Accept all the certs!
}
}if (!trustedCertificate) {//Accept all the certs!
}
peertCerts= certs.toArray(new java.security.cert.Certificate[0]);
}catch(Exception ex) {
ex.printStackTrace();throw newIOException(ex);
}
}
@Overridepublic TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throwsIOException {return null;
}private KeyStore _loadKeyStore() throwsException {
FileInputStream trustStoreFis= null;try{
KeyStore localKeyStore= null;
String trustStoreType= System.getProperty("javax.net.ssl.trustStoreType")!=null?System.getProperty("javax.net.ssl.trustStoreType"):KeyStore.getDefaultType();
String trustStoreProvider= System.getProperty("javax.net.ssl.trustStoreProvider")!=null?System.getProperty("javax.net.ssl.trustStoreProvider"):"";if (trustStoreType.length() != 0) {if (trustStoreProvider.length() == 0) {
localKeyStore=KeyStore.getInstance(trustStoreType);
}else{
localKeyStore=KeyStore.getInstance(trustStoreType, trustStoreProvider);
}char[] keyStorePass = null;
String str5= System.getProperty("javax.net.ssl.trustStorePassword")!=null?System.getProperty("javax.net.ssl.trustStorePassword"):"";if (str5.length() != 0) {
keyStorePass=str5.toCharArray();
}
localKeyStore.load(trustStoreFis, keyStorePass);if (keyStorePass != null) {for (int i = 0; i < keyStorePass.length; i++) {
keyStorePass[i]= 0;
}
}
}returnlocalKeyStore;
}finally{if (trustStoreFis != null) {
trustStoreFis.close();
}
}
}
};
}
});
}//startHandshake
};
}
}