def ignoreJavaSSL(): """ Creates a dummy socket factory that doesn't verify connections. HttpsURLConnection.setDefaultSSLSocketFactory(...) This code was taken from multiple sources. Only makes since in jython (java). otherwise, just use verify=False! """ import sys if not 'java' in sys.platform: raise RuntimeError('only use if platform (sys.platform) is java!') else: #=================================================================== # set default SSL socket to ignore verification #=================================================================== import javax.net.ssl.X509TrustManager as X509TrustManager # @UnresolvedImport class MyTrustManager(X509TrustManager): def getAcceptedIssuers(self,*args,**keys): return None def checkServerTrusted(self,*args,**keys): pass def checkClientTrusted(self,*args,**keys): pass import com.sun.net.ssl.internal.ssl.Provider # @UnresolvedImport from java.security import Security # @UnresolvedImport Security.addProvider(com.sun.net.ssl.internal.ssl.Provider()) trustAllCerts = [MyTrustManager()] import javax.net.ssl.SSLContext as SSLContext # @UnresolvedImport sc = SSLContext.getInstance("SSL"); import java.security.SecureRandom as SecureRandom # @UnresolvedImport sc.init(None, trustAllCerts,SecureRandom()) import javax.net.ssl.HttpsURLConnection as HttpsURLConnection # @UnresolvedImport HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()) #=================================================================== # Do a test! #=================================================================== ''' # setup proxy import java.net.Proxy as Proxy import java.net.InetSocketAddress as InetSocketAddress p = Proxy(Proxy.Type.HTTP,InetSocketAddress("host",port)) import java.net.URL as URL u = URL("https://www.google.com/") conn = u.openConnection(p) print 'server response: %r',conn.getResponseCode() ''' #=================================================================== # ignore requests's error logging - this is for dev #=================================================================== try: import requests.packages.urllib3 as urllib3 urllib3.disable_warnings() except: pass return 'SSL verification in Java is disabled!'
def _initializeMXPI(serverName, serverPort, protocol, MxpiMain5_1SoapBindingStubClass, VerifyAllHostnameVerifierClass): serverPortName = 'MxpiMain5_1' namespaceURI = "urn:client.v5_1.soap.mx.hp.com" serviceName = "MxpiMainService" wsdlURL = "%s://%s:%s/mxsoap/services/%s?wsdl" % (protocol, serverName, serverPort, serverPortName) # Set trust manager if protocol == 'https': verifyAllHostnameVerifier = VerifyAllHostnameVerifierClass() sslContext = SSLContextManager.getAutoAcceptSSLContext() HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()) HttpsURLConnection.setDefaultHostnameVerifier(verifyAllHostnameVerifier) ## Set trust all SSL Socket to accept all certificates System.setProperty("ssl.SocketFactory.provider", "TrustAllSSLSocketFactory") Security.setProperty("ssl.SocketFactory.provider", "TrustAllSSLSocketFactory") # Try and initialize connection simBindingStub = MxpiMain5_1SoapBindingStubClass() simServiceFactory = ServiceFactory.newInstance() simService = simServiceFactory.createService(URL(wsdlURL), QName(namespaceURI, serviceName)) theMxpiMain = simService.getPort(QName(namespaceURI, serverPortName), simBindingStub.getClass()) return theMxpiMain
def testPage(self, page): class MyTrustManager(X509TrustManager): def getAcceptedIssuers(self): return None def checkClientTrusted(self, certs, auth): pass def checkServerTrusted(self, certs, auth): pass trustAllCerts = [MyTrustManager()] sc = SSLContext.getInstance("SSL") sc.init(None, trustAllCerts, SecureRandom()) HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()) class MyHostnameVerifier(HostnameVerifier): def verify(self, host, sess): return True HttpsURLConnection.setDefaultHostnameVerifier(MyHostnameVerifier()) try: httpsURL = 'https://%s:%s/%s' % (self._host, self._port, page) url = URL(httpsURL) conn = url.openConnection() conn.setConnectTimeout(5000) conn.setRequestProperty("Accept-encoding", 'gzip,deflate,compress') conn.setRequestProperty( "User-agent", 'https://google.com/' if 'google' not in self._host else 'https://yandex.ru/') # Use foreign referer #ist = conn.getInputStream() #isr = InputStreamReader(ist) #br = BufferedReader(isr) print("[BREACH] Received response: %d" % conn.getResponseCode()) if conn.getContentEncoding() != None: print("[BREACH] Received Content-encoding: %s" % (conn.getContentEncoding())) return True except: print("[BREACH] Socket timeout or an error occurred") return False