Hi do any one having idea about setting setEnabledProtocols other than java code
SSLSocket.setEnabledProtocols(newProtocol);
Because in our web service code we couldn't find any socket connection.
Thanks in advance. Appreciate your help if you guide me in setting dynamic UNIX java command.
Like that:
SSLContext context = SSLUtils.createSSLContext();
// Connect to the tracer
SSLSocketFactory factory = context.getSocketFactory();
SSLSocket sslSocket = (SSLSocket)factory.createSocket(endpointId.getHostName(),
endpointId.getPort());
// Enable TLS protocols
SSLParameters params = new SSLParameters();
params.setProtocols(new String[] {"TLSv1", "TLSv1.1","TLSv1.2"});
sslSocket.setSSLParameters(params);
// Initialize the SSL handshake
sslSocket.startHandshake();
I have used System.setproperty("https.protocol","SSLv3"); and now its working fine.
Related
I need to specify a custom proxy host and port for an MQConnectionFactoy and I saw that the set proxy host and port are not supported anymore. I am using exactly this 8.0 version and I don't want to downgrade.
https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_8.0.0/com.ibm.mq.javadoc.doc/WMQJMSClasses/com/ibm/mq/jms/MQConnectionFactory.html#setProxyHostName(java.lang.String)
Does anyone know how I can achieve this? Is there a JmsConnectionFactoryProxy which can wrap the MQConnectionFactory?
Thanks in advance.
Regards,
C
I've been able to achieve what I wanted with ProxySelector.
I've added a custom rule for the case when scheme is "socket", hostname = "MQ_HOSTNAME" and port = "MQ_PORT" to return a custom created proxy.
SocketAddress socketAddress = new InetSocketAddress(proxyHost, proxyPort);
Proxy proxy = new Proxy(Type.SOCKS, socketAddress);
I'm trying to use firebase to authenticate my users via Google. On my Java server I'm verifying the validity of the idToken and every time I get this error:
com.google.firebase.auth.FirebaseAuthException: Error while verifying token signature.
I identified the problem as being the proxy of my server that avoid the http requests made by the sdk. I tested my code on my computer and it works so I'm pretty sure the problem is the proxy.
Here is my code:
InputStream serviceAccount = getClass().getClassLoader().getResourceAsStream(<fileName>);
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(<address>, <port>));
HttpTransport httpTransport = new NetHttpTransport.Builder().setProxy(proxy).build();
HttpTransportFactory httpTransportFactory = () -> httpTransport;
FirebaseOptions options = new FirebaseOptions.Builder()
.setCredentials(GoogleCredentials.fromStream(serviceAccount, httpTransportFactory))
.setDatabaseUrl(<adress>)
.setHttpTransport(httpTransport)
.build();
FirebaseApp.initializeApp(options);
FirebaseToken decodedToken = FirebaseAuth.getInstance().verifyIdTokenAsync(<token>).get();
What am I doing wrong ?
I believe this is a bug. As you can see here, the token verifier does not use the HTTP transport injected through options. I'd appreciate if you can create an issue for this on GitHub.
In the meantime, you might be able to get around this limitation by configuring the HTTP/S proxy for the JVM. Try setting the https.proxyHost and https.proxyPort system properties when starting the JVM (more details here).
I've faced the same problem, and still waiting for a greater solution.
In the meantime, I've decompiled the WebSocket class (com.google.firebase.database.tubesock.WebSocket), and created an underlying socket by myself, then droped this decompiled class in a new package in my project: com.google.firebase.database.tubesock.
The creation of the SSLSocket is around the line 295 of this class.
I've created the socket this way:
SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
InetSocketAddress proxyAddr = new InetSocketAddress("200.5.92.169", 8080);
Socket underlying = new Socket(new Proxy(Proxy.Type.HTTP, proxyAddr));
underlying.connect(new InetSocketAddress(host, port));
SSLSocket sslSocket = (SSLSocket) factory.createSocket(underlying, host, port, true);
I am trying to implement a SSL socket between an Android App and a Python API.
The code below...
SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
Socket s = ssf.createSocket("10.0.2.2", 5001);
DataOutputStream myDataOut = new DataOutputStream(s.getOutputStream());
myDataOut.writeUTF("Hello Server");
myDataOut.flush();
myDataOut.close();
s.close();
doesn't work as you can see:
590.0750 - Establishing connection to ('127.0.0.1', 50888)
590.0970 - Error while connecting
590.0970 - Error information: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:590)
I believe it doesn't because I am not specifying the certificate.
See a Python working example of client:
import socket, ssl, pprint
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(s,
ca_certs="server.crt",
cert_reqs=ssl.CERT_REQUIRED)
ssl_sock.connect(('localhost', 5001))
print repr(ssl_sock.getpeername())
print ssl_sock.cipher()
print pprint.pformat(ssl_sock.getpeercert())
ssl_sock.write("Hello from the client...")
How can I specify the certificate in Java like I did in Python?
Taken that I understood you right, this answer to a related question might be interesting for you. It describes the ways of specififying the certifications.
I have successfully created an embedded HttpServer using the example at https://hc.apache.org.httpcomponents-core-ga/httpcore/examples/org/apache/http/examples/HttpFileServer.java, which handles http: traffic just fine. Now I would like to extend this to support TLS.
I copied some likely looking code from here: https://hc.apache.org/httpcomponents-core-ga/tutorial/html/blocking-io.html#d5e455
But some parts of it are showing up as deprecated, which makes me wonder whether this example is out of date and whether the tree I'm at is the one where I should be barking. Even if that weren't the case, I am having trouble finding the relationship between HttpServer and DefaultBHttpClientConnection (mentioned in the example). I suspect that I should be using DefaultBHttpServerConnection but I am so far unable to find that either.
Is there a newer example of this anywhere?
Michael D. Spence
Mockingbird Data Systems, Inc.
I am not sure understand the problem you are having. All you need is to provide a correctly initialized SSLContext instance to ServerBoostrap . HttpCore ships with SSLContextBuilder specifically designed to simplify the process of SSLContext initialization.
The example included in HttpCore distribution pretty much shows every step required to set up SSL/TLS transport layer.
SSLContext sslcontext = null;
if (port == 8443) {
// Initialize SSL context
URL url = HttpFileServer.class.getResource("/my.keystore");
if (url == null) {
System.out.println("Keystore not found");
System.exit(1);
}
sslcontext = SSLContexts.custom()
.loadKeyMaterial(url, "secret".toCharArray(), "secret".toCharArray())
.build();
}
SocketConfig socketConfig = SocketConfig.custom()
.setSoTimeout(15000)
.setTcpNoDelay(true)
.build();
final HttpServer server = ServerBootstrap.bootstrap()
.setListenerPort(port)
.setServerInfo("Test/1.1")
.setSocketConfig(socketConfig)
.setSslContext(sslcontext)
.setExceptionLogger(new StdErrorExceptionLogger())
.registerHandler("*", new HttpFileHandler(docRoot))
.create();
server.start();
SslConnector.java interface has been changed in the newest Jetty 7.3.1.v20110307.
Almost all off the methods have been marked as deprecated without mentioning the replacement interface or methods to use.
I've checked the jetty-users and jetty-dev mailing lists for the information with no luck.
Is there anybody out there who knows how should be the code changed for the future?
Thanks in advance!
Okay, digging out from the subversion changelog for the corresponding commits (crazy) it came out that SslContextFactory should be used.
Example:
final SslContextFactory sslContextFactory = new SslContextFactory(sKeyStore);
sslContextFactory.setKeyStorePassword(sPassword);
final SslSocketConnector conn = new SslSocketConnector(sslContextFactory);
conn.setReuseAddress(true);
// ...
Building on your own answer:
Server server = new Server();
// Encrypt the connection using a valid certificate/keystore
SslContextFactory sslContextFactory = new SslContextFactory("path/keystore.jks");
sslContextFactory.setKeyStorePassword("password");
// Create a new SocketConnector at port 443, which is the default port for
// HTTPS web pages (no port number needs to be specified in the browser).
SslSocketConnector sslConnector = new SslSocketConnector(sslContextFactory);
sslConnector.setPort(443);
// Add the SocketConnector to the server
server.setConnectors(new Connector[] {sslConnector});