net.lightbody.bmp.mitm.exception.SslContextInitializationException Java Examples

The following examples show how to use net.lightbody.bmp.mitm.exception.SslContextInitializationException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SslUtil.java    From CapturePacket with MIT License 6 votes vote down vote up 
/**
 * Creates a netty SslContext for use when connecting to upstream servers. Retrieves the list of trusted root CAs
 * from the trustSource. When trustSource is true, no upstream certificate verification will be performed.
 * <b>This will make it possible for attackers to MITM communications with the upstream server</b>, so always
 * supply an appropriate trustSource except in extraordinary circumstances (e.g. testing with dynamically-generated
 * certificates).
 *
 * @param cipherSuites    cipher suites to allow when connecting to the upstream server
 * @param trustSource     the trust store that will be used to validate upstream servers' certificates, or null to accept all upstream server certificates
 * @return an SSLContext to connect to upstream servers with
 */
public static SslContext getUpstreamServerSslContext(Collection<String> cipherSuites, TrustSource trustSource) {
    SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();

    if (trustSource == null) {
        log.warn("Disabling upstream server certificate verification. This will allow attackers to intercept communications with upstream servers.");

        sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
    } else {
        sslContextBuilder.trustManager(trustSource.getTrustedCAs());
    }

    sslContextBuilder.ciphers(cipherSuites, SupportedCipherSuiteFilter.INSTANCE);

    try {
        return sslContextBuilder.build();
    } catch (SSLException e) {
        throw new SslContextInitializationException("Error creating new SSL context for connection to upstream server", e);
    }
}
Example #2
Source File: SslUtil.java    From Dream-Catcher with MIT License 6 votes vote down vote up 
/**
 * Creates a netty SslContext for use when connecting to upstream servers. Retrieves the list of trusted root CAs
 * from the trustSource. When trustSource is true, no upstream certificate verification will be performed.
 * <b>This will make it possible for attackers to MITM communications with the upstream server</b>, so always
 * supply an appropriate trustSource except in extraordinary circumstances (e.g. testing with dynamically-generated
 * certificates).
 *
 * @param cipherSuites    cipher suites to allow when connecting to the upstream server
 * @param trustSource     the trust store that will be used to validate upstream servers' certificates, or null to accept all upstream server certificates
 * @return an SSLContext to connect to upstream servers with
 */
public static SslContext getUpstreamServerSslContext(Collection<String> cipherSuites, TrustSource trustSource) {
    SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();

    if (trustSource == null) {
        log.warn("Disabling upstream server certificate verification. This will allow attackers to intercept communications with upstream servers.");

        sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
    } else {
        sslContextBuilder.trustManager(trustSource.getTrustedCAs());
    }

    sslContextBuilder.ciphers(cipherSuites, SupportedCipherSuiteFilter.INSTANCE);

    try {
        return sslContextBuilder.build();
    } catch (SSLException e) {
        throw new SslContextInitializationException("Error creating new SSL context for connection to upstream server", e);
    }
}
Example #3
Source File: SslUtil.java    From AndroidHttpCapture with MIT License 6 votes vote down vote up 
/**
 * Creates a netty SslContext for use when connecting to upstream servers. Retrieves the list of trusted root CAs
 * from the trustSource. When trustSource is true, no upstream certificate verification will be performed.
 * <b>This will make it possible for attackers to MITM communications with the upstream server</b>, so always
 * supply an appropriate trustSource except in extraordinary circumstances (e.g. testing with dynamically-generated
 * certificates).
 *
 * @param cipherSuites    cipher suites to allow when connecting to the upstream server
 * @param trustSource     the trust store that will be used to validate upstream servers' certificates, or null to accept all upstream server certificates
 * @return an SSLContext to connect to upstream servers with
 */
public static SslContext getUpstreamServerSslContext(Collection<String> cipherSuites, TrustSource trustSource) {
    SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();

    if (trustSource == null) {
        log.warn("Disabling upstream server certificate verification. This will allow attackers to intercept communications with upstream servers.");

        sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
    } else {
        sslContextBuilder.trustManager(trustSource.getTrustedCAs());
    }

    sslContextBuilder.ciphers(cipherSuites, SupportedCipherSuiteFilter.INSTANCE);

    try {
        return sslContextBuilder.build();
    } catch (SSLException e) {
        throw new SslContextInitializationException("Error creating new SSL context for connection to upstream server", e);
    }
}
Example #4
Source File: ImpersonatingMitmManager.java    From CapturePacket with MIT License 5 votes vote down vote up 
/**
 * Retrieves an SSLContext that impersonates the specified hostname. If an impersonating SSLContext has already been
 * created for this hostname and is stored in the cache, it will be reused. Otherwise, a certificate will be created
 * which impersonates the specified hostname.
 *
 * @param hostnameToImpersonate the hostname for which the impersonated SSLContext is being requested
 * @param sslSession the upstream server SSLSession
 * @return SSLContext which will present an impersonated certificate
 */
private SslContext getHostnameImpersonatingSslContext(final String hostnameToImpersonate, final SSLSession sslSession) {
    try {
        return sslContextCache.get(hostnameToImpersonate, new Callable<SslContext>() {
            @Override
            public SslContext call() throws Exception {
                return createImpersonatingSslContext(sslSession, hostnameToImpersonate);
            }
        });
    } catch (ExecutionException e) {
        throw new SslContextInitializationException("An error occurred while impersonating the remote host: " + hostnameToImpersonate, e);
    }

    //TODO: generate wildcard certificates, rather than one certificate per host, to reduce the number of certs generated
}
Example #5
Source File: ImpersonatingMitmManager.java    From Dream-Catcher with MIT License 5 votes vote down vote up 
/**
 * Retrieves an SSLContext that impersonates the specified hostname. If an impersonating SSLContext has already been
 * created for this hostname and is stored in the cache, it will be reused. Otherwise, a certificate will be created
 * which impersonates the specified hostname.
 *
 * @param hostnameToImpersonate the hostname for which the impersonated SSLContext is being requested
 * @param sslSession the upstream server SSLSession
 * @return SSLContext which will present an impersonated certificate
 */
private SslContext getHostnameImpersonatingSslContext(final String hostnameToImpersonate, final SSLSession sslSession) {
    try {
        return sslContextCache.get(hostnameToImpersonate, new Callable<SslContext>() {
            @Override
            public SslContext call() throws Exception {
                return createImpersonatingSslContext(sslSession, hostnameToImpersonate);
            }
        });
    } catch (ExecutionException e) {
        throw new SslContextInitializationException("An error occurred while impersonating the remote host: " + hostnameToImpersonate, e);
    }

    //TODO: generate wildcard certificates, rather than one certificate per host, to reduce the number of certs generated
}
Example #6
Source File: ImpersonatingMitmManager.java    From AndroidHttpCapture with MIT License 5 votes vote down vote up 
/**
 * Retrieves an SSLContext that impersonates the specified hostname. If an impersonating SSLContext has already been
 * created for this hostname and is stored in the cache, it will be reused. Otherwise, a certificate will be created
 * which impersonates the specified hostname.
 *
 * @param hostnameToImpersonate the hostname for which the impersonated SSLContext is being requested
 * @param sslSession the upstream server SSLSession
 * @return SSLContext which will present an impersonated certificate
 */
private SslContext getHostnameImpersonatingSslContext(final String hostnameToImpersonate, final SSLSession sslSession) {
    try {
        return sslContextCache.get(hostnameToImpersonate, new Callable<SslContext>() {
            @Override
            public SslContext call() throws Exception {
                return createImpersonatingSslContext(sslSession, hostnameToImpersonate);
            }
        });
    } catch (ExecutionException e) {
        throw new SslContextInitializationException("An error occurred while impersonating the remote host: " + hostnameToImpersonate, e);
    }

    //TODO: generate wildcard certificates, rather than one certificate per host, to reduce the number of certs generated
}