Skip to content

Commit

Permalink
Attempt jpips peer identification using Java builtin facilities
Browse files Browse the repository at this point in the history
  • Loading branch information
bogdanni committed May 4, 2024
1 parent b142d07 commit fc0f726
Showing 1 changed file with 11 additions and 18 deletions.
29 changes: 11 additions & 18 deletions src/org/helioviewer/jhv/view/j2k/jpip/http/HTTPSocket.java
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,14 @@

import java.io.IOException;
import java.io.InputStream;
//import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.zip.InflaterInputStream;
import java.util.zip.GZIPInputStream;

//import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

Expand All @@ -36,7 +35,15 @@ protected HTTPSocket(URI uri) throws IOException {
case "jpip" -> socket = new Socket(ProxySettings.proxy);
case "jpips" -> {
socket = SSLSocketFactory.getDefault().createSocket();
((SSLSocket) socket).setEnabledProtocols(new String[]{"TLSv1.3"});
if (socket instanceof SSLSocket sslSocket) { // obviously
SSLParameters parameters = sslSocket.getSSLParameters();
if (parameters != null) {
parameters.setProtocols(new String[]{"TLSv1.3"});
parameters.setApplicationProtocols(new String[]{"http/1.1"}); // probably useless
parameters.setEndpointIdentificationAlgorithm("HTTPS"); // hope this is performed
sslSocket.setSSLParameters(parameters);
}
}
}
default -> throw new IOException("JPIP scheme not supported: " + uri);
}
Expand All @@ -46,22 +53,8 @@ protected HTTPSocket(URI uri) throws IOException {
socket.setSoTimeout(TIMEOUT_READ);
socket.setKeepAlive(true);
socket.setTcpNoDelay(true);

socket.connect(new InetSocketAddress(host, port), TIMEOUT_CONNECT);
/* verify peer address for coverity
if (socket instanceof SSLSocket ssl) {
SSLSession session = ssl.getSession();
String principal = session.getPeerPrincipal().getName();
String[] parts = Regex.Equal.split(principal);
if (parts.length != 2)
throw new Exception("Invalid principal name: " + principal);
InetAddress priAddr = InetAddress.getByName(parts[1]);
InetAddress conAddr = InetAddress.getByName(host);
if (!InetAddress.getByName(parts[1]).equals(InetAddress.getByName(host)))
throw new Exception("Certificate name (" + parts[1] + ") does not resolve to host (" + host + ')');
}
*/

inputStream = socket.getInputStream();

HTTPMessage msg = new HTTPMessage();
Expand Down

0 comments on commit fc0f726

Please sign in to comment.