SSLParameters for WebSocketClient

src/main/example/SSLClientExample.java

@@ -28,6 +28,7 @@
 import java.io.FileInputStream;
 import java.io.InputStreamReader;
 import java.net.URI;
+import java.nio.file.Paths;
 import java.security.KeyStore;
 
 import javax.net.ssl.KeyManagerFactory;
@@ -83,7 +84,7 @@ public static void main( String[] args ) throws Exception {
 
 		// load up the key store
 		String STORETYPE = "JKS";
-		String KEYSTORE = "keystore.jks";
+		String KEYSTORE = Paths.get("src", "test", "java", "org", "java_websocket", "keystore.jks").toString();
 		String STOREPASSWORD = "storepassword";
 		String KEYPASSWORD = "keypassword";
 

src/main/example/SSLServerCustomWebsocketFactoryExample.java

@@ -32,6 +32,7 @@
 import javax.net.ssl.TrustManagerFactory;
 import java.io.File;
 import java.io.FileInputStream;
+import java.nio.file.Paths;
 import java.security.KeyStore;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -52,7 +53,7 @@ public static void main(String[] args) throws Exception {
 
         // load up the key store
         String STORETYPE = "JKS";
-        String KEYSTORE = "keystore.jks";
+        String KEYSTORE = Paths.get("src", "test", "java", "org", "java_websocket", "keystore.jks").toString();
         String STOREPASSWORD = "storepassword";
         String KEYPASSWORD = "keypassword";
 

src/main/example/SSLServerExample.java

@@ -27,6 +27,7 @@
 
 import java.io.File;
 import java.io.FileInputStream;
+import java.nio.file.Paths;
 import java.security.KeyStore;
 
 import javax.net.ssl.KeyManagerFactory;
@@ -48,7 +49,7 @@ public static void main( String[] args ) throws Exception {
 
 		// load up the key store
 		String STORETYPE = "JKS";
-		String KEYSTORE = "keystore.jks";
+		String KEYSTORE = Paths.get("src", "test", "java", "org", "java_websocket", "keystore.jks").toString();
 		String STOREPASSWORD = "storepassword";
 		String KEYPASSWORD = "keypassword";
 

src/main/example/TwoWaySSLServerExample.java

@@ -33,6 +33,7 @@
 import javax.net.ssl.TrustManagerFactory;
 import java.io.File;
 import java.io.FileInputStream;
+import java.nio.file.Paths;
 import java.security.KeyStore;
 
 /**
@@ -51,7 +52,7 @@ public static void main( String[] args ) throws Exception {
 
 		// load up the key store
 		String STORETYPE = "JKS";
-		String KEYSTORE = "keystore.jks";
+		String KEYSTORE = Paths.get("src", "test", "java", "org", "java_websocket", "keystore.jks").toString();
 		String STOREPASSWORD = "storepassword";
 		String KEYPASSWORD = "keypassword";
 

src/main/java/org/java_websocket/client/WebSocketClient.java

@@ -449,7 +449,6 @@ public void run() {
 			} else if( socket == null ) {
 				socket = new Socket( proxy );
 				isNewSocket = true;
-
 			} else if( socket.isClosed() ) {
 				throw new IOException();
 			}
@@ -464,13 +463,21 @@ public void run() {
 
 			// if the socket is set by others we don't apply any TLS wrapper
 			if (isNewSocket && "wss".equals( uri.getScheme())) {
-
 				SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
 				sslContext.init(null, null, null);
 				SSLSocketFactory factory = sslContext.getSocketFactory();
 				socket = factory.createSocket(socket, uri.getHost(), getPort(), true);
 			}
 
+			if (socket instanceof SSLSocket) {
+				SSLSocket sslSocket = (SSLSocket)socket;
+				SSLParameters sslParameters = sslSocket.getSSLParameters();
+				// Make sure we perform hostname validation
+				sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+				onSetSSLParameters(sslParameters);
+				sslSocket.setSSLParameters(sslParameters);
+			}
+
 			istream = socket.getInputStream();
 			ostream = socket.getOutputStream();
 
@@ -511,6 +518,14 @@ public void run() {
 		connectReadThread = null;
 	}
 
+	/**
+	 * Apply specific SSLParameters
+	 *
+	 * @param sslParameters the SSLParameters which will be used for the SSLSocket
+	 */
+	protected void onSetSSLParameters(SSLParameters sslParameters) {
+	}
+
 	/**
 	 * Extract the specified port
 	 * @return the specified port or the default port for the specific scheme

src/test/java/org/java_websocket/example/AutobahnSSLServerTest.java

@@ -43,6 +43,7 @@
 import java.net.InetSocketAddress;
 import java.net.UnknownHostException;
 import java.nio.ByteBuffer;
+import java.nio.file.Paths;
 import java.security.KeyStore;
 import java.security.spec.ECField;
 import java.util.Collections;
@@ -102,7 +103,7 @@ public static void main( String[] args ) throws UnknownHostException {
 		try {
 			// load up the key store
 			String STORETYPE = "JKS";
-			String KEYSTORE = "keystore.jks";
+			String KEYSTORE = Paths.get("src", "test", "java", "org", "java_websocket", "keystore.jks").toString();
 			String STOREPASSWORD = "storepassword";
 			String KEYPASSWORD = "keypassword";
 

src/test/java/org/java_websocket/issues/Issue962Test.java

@@ -85,7 +85,7 @@ public Socket createSocket(InetAddress ia, int i, InetAddress ia1, int i1) throw
 
     }
 
-    @Test
+    @Test(timeout = 2000)
     public void testIssue() throws IOException, URISyntaxException, InterruptedException {
         int port = SocketUtil.getAvailablePort();
         WebSocketClient client = new WebSocketClient(new URI("ws://127.0.0.1:" + port)) {
@@ -103,7 +103,7 @@ public void onClose(int code, String reason, boolean remote) {
 
             @Override
             public void onError(Exception ex) {
-                Assert.fail(ex.toString() + " sould not occur");
+                Assert.fail(ex.toString() + " should not occur");
             }
         };
 

src/test/java/org/java_websocket/issues/Issue997Test.java

@@ -0,0 +1,186 @@
+package org.java_websocket.issues;
+
+/*
+ * Copyright (c) 2010-2020 Nathan Rajlich
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ *
+ */
+
+
+import org.java_websocket.WebSocket;
+import org.java_websocket.client.WebSocketClient;
+import org.java_websocket.handshake.ClientHandshake;
+import org.java_websocket.handshake.ServerHandshake;
+import org.java_websocket.server.DefaultSSLWebSocketServerFactory;
+import org.java_websocket.server.WebSocketServer;
+import org.java_websocket.util.SSLContextUtil;
+import org.java_websocket.util.SocketUtil;
+import org.junit.Test;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLHandshakeException;
+import javax.net.ssl.SSLParameters;
+import java.io.IOException;
+import java.net.*;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+
+import static org.junit.Assert.*;
+
+public class Issue997Test {
+
+    @Test(timeout=2000)
+    public void test_localServer_ServerLocalhost_Client127_CheckActive() throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException, URISyntaxException, InterruptedException {
+        SSLWebSocketClient client = testIssueWithLocalServer("127.0.0.1", SocketUtil.getAvailablePort(), SSLContextUtil.getLocalhostOnlyContext(), SSLContextUtil.getLocalhostOnlyContext(), "HTTPS");
+        assertFalse(client.onOpen);
+        assertTrue(client.onSSLError);
+    }
+    @Test(timeout=2000)
+    public void test_localServer_ServerLocalhost_Client127_CheckInactive() throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException, URISyntaxException, InterruptedException {
+        SSLWebSocketClient client = testIssueWithLocalServer("127.0.0.1", SocketUtil.getAvailablePort(), SSLContextUtil.getLocalhostOnlyContext(), SSLContextUtil.getLocalhostOnlyContext(), "");
+        assertTrue(client.onOpen);
+        assertFalse(client.onSSLError);
+    }
+
+    @Test(timeout=2000)
+    public void test_localServer_ServerLocalhost_Client127_CheckDefault() throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException, URISyntaxException, InterruptedException {
+        SSLWebSocketClient client = testIssueWithLocalServer("127.0.0.1", SocketUtil.getAvailablePort(), SSLContextUtil.getLocalhostOnlyContext(), SSLContextUtil.getLocalhostOnlyContext(), null);
+        assertFalse(client.onOpen);
+        assertTrue(client.onSSLError);
+    }
+
+    @Test(timeout=2000)
+    public void test_localServer_ServerLocalhost_ClientLocalhost_CheckActive() throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException, URISyntaxException, InterruptedException {
+        SSLWebSocketClient client = testIssueWithLocalServer("localhost", SocketUtil.getAvailablePort(), SSLContextUtil.getLocalhostOnlyContext(), SSLContextUtil.getLocalhostOnlyContext(), "HTTPS");
+        assertTrue(client.onOpen);
+        assertFalse(client.onSSLError);
+    }
+    @Test(timeout=2000)
+    public void test_localServer_ServerLocalhost_ClientLocalhost_CheckInactive() throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException, URISyntaxException, InterruptedException {
+        SSLWebSocketClient client = testIssueWithLocalServer("localhost", SocketUtil.getAvailablePort(), SSLContextUtil.getLocalhostOnlyContext(), SSLContextUtil.getLocalhostOnlyContext(), "");
+        assertTrue(client.onOpen);
+        assertFalse(client.onSSLError);
+    }
+
+    @Test(timeout=2000)
+    public void test_localServer_ServerLocalhost_ClientLocalhost_CheckDefault() throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException, URISyntaxException, InterruptedException {
+        SSLWebSocketClient client = testIssueWithLocalServer("localhost", SocketUtil.getAvailablePort(), SSLContextUtil.getLocalhostOnlyContext(), SSLContextUtil.getLocalhostOnlyContext(), null);
+        assertTrue(client.onOpen);
+        assertFalse(client.onSSLError);
+    }
+
+
+    public SSLWebSocketClient testIssueWithLocalServer(String address, int port, SSLContext serverContext, SSLContext clientContext, String endpointIdentificationAlgorithm) throws IOException, URISyntaxException, InterruptedException {
+        CountDownLatch countServerDownLatch = new CountDownLatch(1);
+        SSLWebSocketClient client = new SSLWebSocketClient(address, port, endpointIdentificationAlgorithm);
+        WebSocketServer server = new SSLWebSocketServer(port, countServerDownLatch);
+
+        server.setWebSocketFactory(new DefaultSSLWebSocketServerFactory(serverContext));
+        if (clientContext != null) {
+            client.setSocketFactory(clientContext.getSocketFactory());
+        }
+        server.start();
+        countServerDownLatch.await();
+        client.connectBlocking(1, TimeUnit.SECONDS);
+        return client;
+    }
+
+
+    private static class SSLWebSocketClient extends WebSocketClient {
+        private final String endpointIdentificationAlgorithm;
+        public boolean onSSLError = false;
+        public boolean onOpen = false;
+
+        public SSLWebSocketClient(String address, int port, String endpointIdentificationAlgorithm) throws URISyntaxException {
+            super(new URI("wss://"+ address + ':' +port));
+            this.endpointIdentificationAlgorithm = endpointIdentificationAlgorithm;
+        }
+
+        @Override
+        public void onOpen(ServerHandshake handshakedata) {
+            this.onOpen = true;
+        }
+
+        @Override
+        public void onMessage(String message) {
+        }
+
+        @Override
+        public void onClose(int code, String reason, boolean remote) {
+        }
+
+        @Override
+        public void onError(Exception ex) {
+            if (ex instanceof SSLHandshakeException) {
+                this.onSSLError = true;
+            }
+        }
+
+        @Override
+        protected void onSetSSLParameters(SSLParameters sslParameters) {
+            if (endpointIdentificationAlgorithm != null) {
+                sslParameters.setEndpointIdentificationAlgorithm(endpointIdentificationAlgorithm);
+            }
+        }
+
+    };
+
+
+    private static class SSLWebSocketServer extends WebSocketServer {
+        private final CountDownLatch countServerDownLatch;
+
+
+        public SSLWebSocketServer(int port, CountDownLatch countServerDownLatch) {
+            super(new InetSocketAddress(port));
+            this.countServerDownLatch = countServerDownLatch;
+        }
+
+        @Override
+        public void onOpen(WebSocket conn, ClientHandshake handshake) {
+        }
+
+        @Override
+        public void onClose(WebSocket conn, int code, String reason, boolean remote) {
+        }
+
+        @Override
+        public void onMessage(WebSocket conn, String message) {
+
+        }
+
+        @Override
+        public void onError(WebSocket conn, Exception ex) {
+            ex.printStackTrace();
+        }
+
+        @Override
+        public void onStart() {
+            countServerDownLatch.countDown();
+        }
+    }
+}

src/test/java/org/java_websocket/util/SSLContextUtil.java

@@ -31,8 +31,8 @@
 import javax.net.ssl.TrustManagerFactory;
 import java.io.File;
 import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.nio.file.Paths;
 import java.security.*;
 import java.security.cert.CertificateException;
 
@@ -41,7 +41,29 @@ public class SSLContextUtil {
     public static SSLContext getContext() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException {
         // load up the key store
         String STORETYPE = "JKS";
-        String KEYSTORE = String.format("src%1$stest%1$1sjava%1$1sorg%1$1sjava_websocket%1$1skeystore.jks", File.separator);
+        String KEYSTORE = Paths.get("src", "test", "java", "org", "java_websocket", "keystore.jks").toString();
+        String STOREPASSWORD = "storepassword";
+        String KEYPASSWORD = "keypassword";
+
+        KeyStore ks = KeyStore.getInstance(STORETYPE);
+        File kf = new File(KEYSTORE);
+        ks.load(new FileInputStream(kf), STOREPASSWORD.toCharArray());
+
+        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+        kmf.init(ks, KEYPASSWORD.toCharArray());
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
+        tmf.init(ks);
+
+        SSLContext sslContext = null;
+        sslContext = SSLContext.getInstance("TLS");
+        sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+        return sslContext;
+    }
+
+    public static SSLContext getLocalhostOnlyContext() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException {
+        // load up the key store
+        String STORETYPE = "JKS";
+        String KEYSTORE = Paths.get("src", "test", "java", "org", "java_websocket", "keystore_localhost_only.jks").toString();
         String STOREPASSWORD = "storepassword";
         String KEYPASSWORD = "keypassword";