-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add custom hostname verifier for CRTM certificate
- Loading branch information
Showing
10 changed files
with
379 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 2 additions & 1 deletion
3
src/main/java/com/github/jamezrin/crtmcards/EndpointConstants.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,8 @@ | ||
package com.github.jamezrin.crtmcards; | ||
|
||
public class EndpointConstants { | ||
public static final String CRTM_BASE_URI = "https://www.tarjetatransportepublico.es"; | ||
public static final String CRTM_BASE_DOMAIN = "www.tarjetatransportepublico.es"; | ||
public static final String CRTM_BASE_URI = "https://" + CRTM_BASE_DOMAIN; | ||
public static final String CRTM_QUERY_URI = CRTM_BASE_URI + "/CRTM-ABONOS/consultaSaldo.aspx"; | ||
public static final String CRTM_USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36"; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
26 changes: 26 additions & 0 deletions
26
src/main/java/com/github/jamezrin/crtmcards/security/AdditionalSubjectHostnameVerifier.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
package com.github.jamezrin.crtmcards.security; | ||
|
||
import org.apache.http.conn.ssl.DefaultHostnameVerifier; | ||
|
||
import javax.net.ssl.HostnameVerifier; | ||
import javax.net.ssl.SSLSession; | ||
|
||
public class AdditionalSubjectHostnameVerifier implements HostnameVerifier { | ||
private final HostnameVerifier hostnameVerifier = new DefaultHostnameVerifier(); | ||
private final String[] additionalSubjectAlts; | ||
|
||
public AdditionalSubjectHostnameVerifier(String... additionalSubjectAlts) { | ||
this.additionalSubjectAlts = additionalSubjectAlts; | ||
} | ||
|
||
@Override | ||
public boolean verify(String hostname, SSLSession session) { | ||
SSLSession sessionWrapper = new AdditionalSubjectSessionWrapper( | ||
session, additionalSubjectAlts); | ||
return hostnameVerifier.verify(hostname, sessionWrapper); | ||
} | ||
|
||
public String[] getAdditionalSubjectAlts() { | ||
return additionalSubjectAlts; | ||
} | ||
} |
144 changes: 144 additions & 0 deletions
144
src/main/java/com/github/jamezrin/crtmcards/security/AdditionalSubjectSessionWrapper.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,144 @@ | ||
package com.github.jamezrin.crtmcards.security; | ||
|
||
import javax.net.ssl.SSLPeerUnverifiedException; | ||
import javax.net.ssl.SSLSession; | ||
import javax.net.ssl.SSLSessionContext; | ||
import javax.security.cert.X509Certificate; | ||
import java.security.Principal; | ||
import java.security.cert.Certificate; | ||
|
||
public class AdditionalSubjectSessionWrapper implements SSLSession { | ||
private final SSLSession wrappedSession; | ||
private final String[] additionalSubjectAlts; | ||
|
||
public AdditionalSubjectSessionWrapper(SSLSession wrappedSession, String[] additionalSubjectAlts) { | ||
this.wrappedSession = wrappedSession; | ||
this.additionalSubjectAlts = additionalSubjectAlts; | ||
} | ||
|
||
@Override | ||
public byte[] getId() { | ||
return wrappedSession.getId(); | ||
} | ||
|
||
@Override | ||
public SSLSessionContext getSessionContext() { | ||
return wrappedSession.getSessionContext(); | ||
} | ||
|
||
@Override | ||
public long getCreationTime() { | ||
return wrappedSession.getCreationTime(); | ||
} | ||
|
||
@Override | ||
public long getLastAccessedTime() { | ||
return wrappedSession.getLastAccessedTime(); | ||
} | ||
|
||
@Override | ||
public void invalidate() { | ||
wrappedSession.invalidate(); | ||
} | ||
|
||
@Override | ||
public boolean isValid() { | ||
return wrappedSession.isValid(); | ||
} | ||
|
||
@Override | ||
public void putValue(String s, Object o) { | ||
wrappedSession.putValue(s, o); | ||
} | ||
|
||
@Override | ||
public Object getValue(String s) { | ||
return wrappedSession.getValue(s); | ||
} | ||
|
||
@Override | ||
public void removeValue(String s) { | ||
wrappedSession.removeValue(s); | ||
} | ||
|
||
@Override | ||
public String[] getValueNames() { | ||
return wrappedSession.getValueNames(); | ||
} | ||
|
||
@Override | ||
public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { | ||
Certificate[] certificates = wrappedSession.getPeerCertificates(); | ||
Certificate[] results = new Certificate[certificates.length]; | ||
|
||
for (int i = 0; i < certificates.length; i++) { | ||
Certificate certificate = certificates[i]; | ||
if (certificate instanceof java.security.cert.X509Certificate) { | ||
java.security.cert.X509Certificate x509cert = (java.security.cert.X509Certificate) certificate; | ||
results[i] = new AdditionalSubjectX509CertificateWrapper(x509cert, additionalSubjectAlts); | ||
} else { | ||
results[i] = certificate; | ||
} | ||
} | ||
|
||
return results; | ||
} | ||
|
||
@Override | ||
public Certificate[] getLocalCertificates() { | ||
return wrappedSession.getLocalCertificates(); | ||
} | ||
|
||
@Override | ||
public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException { | ||
return wrappedSession.getPeerCertificateChain(); | ||
} | ||
|
||
@Override | ||
public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { | ||
return wrappedSession.getPeerPrincipal(); | ||
} | ||
|
||
@Override | ||
public Principal getLocalPrincipal() { | ||
return wrappedSession.getLocalPrincipal(); | ||
} | ||
|
||
@Override | ||
public String getCipherSuite() { | ||
return wrappedSession.getCipherSuite(); | ||
} | ||
|
||
@Override | ||
public String getProtocol() { | ||
return wrappedSession.getProtocol(); | ||
} | ||
|
||
@Override | ||
public String getPeerHost() { | ||
return wrappedSession.getPeerHost(); | ||
} | ||
|
||
@Override | ||
public int getPeerPort() { | ||
return wrappedSession.getPeerPort(); | ||
} | ||
|
||
@Override | ||
public int getPacketBufferSize() { | ||
return wrappedSession.getPacketBufferSize(); | ||
} | ||
|
||
@Override | ||
public int getApplicationBufferSize() { | ||
return wrappedSession.getApplicationBufferSize(); | ||
} | ||
|
||
public String[] getAdditionalSubjectAlts() { | ||
return additionalSubjectAlts; | ||
} | ||
|
||
public SSLSession getWrappedSession() { | ||
return wrappedSession; | ||
} | ||
} |
Oops, something went wrong.