summaryrefslogtreecommitdiff
path: root/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java
diff options
context:
space:
mode:
Diffstat (limited to 'BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java')
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java157
1 files changed, 157 insertions, 0 deletions
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java
new file mode 100644
index 00000000..a02e56eb
--- /dev/null
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package at.gv.egiz.bku.online.applet;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.List;
+
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class InternalSSLSocketFactory extends SSLSocketFactory {
+
+ private final static String GOV_DOMAIN = ".gv.at";
+
+ private static InternalSSLSocketFactory instance = new InternalSSLSocketFactory();
+
+ private final static Log log = LogFactory
+ .getLog(InternalSSLSocketFactory.class);
+
+ private SSLSocket sslSocket;
+
+ private SSLSocketFactory proxy;
+
+ private InternalSSLSocketFactory() {
+ proxy = HttpsURLConnection.getDefaultSSLSocketFactory();
+ }
+
+ public static InternalSSLSocketFactory getInstance() {
+ return instance;
+ }
+
+ @Override
+ public Socket createSocket() throws IOException {
+ sslSocket = (SSLSocket) proxy.createSocket();
+ return sslSocket;
+ }
+
+ @Override
+ public Socket createSocket(String arg0, int arg1) throws IOException,
+ UnknownHostException {
+ sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1);
+
+ return sslSocket;
+ }
+
+ @Override
+ public Socket createSocket(InetAddress arg0, int arg1) throws IOException {
+ sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1);
+ return sslSocket;
+ }
+
+ @Override
+ public Socket createSocket(String arg0, int arg1, InetAddress arg2, int arg3)
+ throws IOException, UnknownHostException {
+ sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3);
+ return sslSocket;
+ }
+
+ @Override
+ public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2,
+ int arg3) throws IOException {
+ sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3);
+ return sslSocket;
+ }
+
+ @Override
+ public Socket createSocket(Socket arg0, String arg1, int arg2, boolean arg3)
+ throws IOException {
+ sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3);
+ return sslSocket;
+ }
+
+ @Override
+ public String[] getDefaultCipherSuites() {
+ return proxy.getDefaultCipherSuites();
+ }
+
+ @Override
+ public String[] getSupportedCipherSuites() {
+ return proxy.getSupportedCipherSuites();
+ }
+
+ public boolean isEgovAgency() {
+ log.info("Checking if server is egov agency");
+ if (sslSocket != null) {
+ try {
+ X509Certificate cert = (X509Certificate) sslSocket.getSession()
+ .getPeerCertificates()[0];
+ log.info("Server cert: " + cert);
+ return isGovAgency(cert);
+ } catch (SSLPeerUnverifiedException e) {
+ log.error(e);
+ return false;
+ }
+ }
+ log.info("Not a SSL connection");
+ return false;
+ }
+
+ public static boolean isGovAgency(X509Certificate cert) {
+ String[] rdns = (cert.getSubjectX500Principal().getName()).split(",");
+ for (String rdn : rdns) {
+ if (rdn.startsWith("CN=")) {
+ String dns = rdn.split("=")[1];
+ if (dns.endsWith(GOV_DOMAIN)) {
+ return true;
+ }
+ }
+ }
+ try {
+ Collection<List<?>> sanList = cert.getSubjectAlternativeNames();
+ if (sanList != null) {
+ for (List<?> san : sanList) {
+ if ((Integer) san.get(0) == 2) {
+ String dns = (String) san.get(1);
+ if (dns.endsWith(GOV_DOMAIN)) {
+ return true;
+ }
+ }
+ }
+ }
+ } catch (CertificateParsingException e) {
+ log.error(e);
+ }
+ if ((cert.getExtensionValue("1.2.40.0.10.1.1.1") != null)
+ || (cert.getExtensionValue("1.2.40.0.10.1.1.2") != null)) {
+ return true;
+ }
+ return false;
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 01:53:34 +0000