From 0659fa5b821f6705141c781b9475191ed4c9b473 Mon Sep 17 00:00:00 2001 From: Adam Date: Wed, 21 Aug 2013 21:24:42 -0700 Subject: [PATCH 1/3] Could not generate DH Keypair workaround --- project.clj | 4 ++- src/clj_http/lite/NoDHSocketFactory.clj | 41 +++++++++++++++++++++++++ src/clj_http/lite/core.clj | 17 ++++++++-- 3 files changed, 59 insertions(+), 3 deletions(-) create mode 100644 src/clj_http/lite/NoDHSocketFactory.clj diff --git a/project.clj b/project.clj index 487b7efe..7606e4f6 100644 --- a/project.clj +++ b/project.clj @@ -18,4 +18,6 @@ :integration :integration :all (constantly true)} :aliases {"all" ["with-profile" "dev,1.2:dev,1.3:dev:1.5,dev"]} - :checksum-deps true) + :checksum-deps true + :aot [clj-http.lite.NoDHSocketFactory] + ) diff --git a/src/clj_http/lite/NoDHSocketFactory.clj b/src/clj_http/lite/NoDHSocketFactory.clj new file mode 100644 index 00000000..72811fb4 --- /dev/null +++ b/src/clj_http/lite/NoDHSocketFactory.clj @@ -0,0 +1,41 @@ +(ns clj-http.lite.NoDHSocketFactory + (:import (javax.net.ssl SSLSocket SSLSocketFactory) + (java.net Socket)) + (:gen-class + :name clj-http.lite.NoDHSocketFactory + :extends javax.net.ssl.SSLSocketFactory + :init init + :state state + :constructors {[javax.net.ssl.SSLSocketFactory] []})) + +(defn strip-dh-suites + "Remove cipher suites containing 'DH'" + [suites] + (into-array String (filter #(not (or (re-find #"_DHE_" %) + (re-find #"_DH_" %) + (re-find #"_ECDH_" %) + (re-find #"_ECDHE_" %))) suites))) + +(defn -init + [^SSLSocketFactory f] + (let [state {:factory f + :enabled-ciphers (strip-dh-suites (.getSupportedCipherSuites f))}] + + [[] (atom state)])) + +(defn -createSocket [this & args] + (prn @(.state this)) + (doto + (apply (partial (memfn createSocket) (:factory @(.state this))) args) + (.setEnabledCipherSuites (:enabled-ciphers @(.state this))))) + +(defn -getDefaultCipherSuites [this] + (strip-dh-suites (.getDefaultCipherSuites (:factory @(.state this))))) + +(defn -getSupportedCipherSuites [this] + (strip-dh-suites (.getSupportedCipherSuites (:factory @(.state this))))) + +(comment + (compile clj-http.lite.NoDHSocketFactory + ) + ) diff --git a/src/clj_http/lite/core.clj b/src/clj_http/lite/core.clj index b0c73b42..4fa06222 100644 --- a/src/clj_http/lite/core.clj +++ b/src/clj_http/lite/core.clj @@ -2,7 +2,9 @@ "Core HTTP request/response implementation." (:require [clojure.java.io :as io]) (:import (java.io ByteArrayOutputStream InputStream IOException) - (java.net URI URL HttpURLConnection))) + (java.net URI URL HttpURLConnection) + (javax.net.ssl HttpsURLConnection) + (clj-http.lite NoDHSocketFactory))) (defn parse-headers "Takes a URLConnection and returns a map of names to values. @@ -39,6 +41,17 @@ (.flush baos) (.toByteArray baos))))) +(defn- get-connection [^URL url] + "Wrap .openConnection to " + (let [conn (.openConnection url)] + (if (instance? HttpsURLConnection conn) + (doto conn + (.setSSLSocketFactory + (NoDHSocketFactory. + (.getSSLSocketFactory conn)))) + conn))) + + (defn request "Executes the HTTP request corresponding to the given Ring request map and returns the Ring response map corresponding to the resulting HTTP response. @@ -52,7 +65,7 @@ (when server-port (str ":" server-port)) uri (when query-string (str "?" query-string))) - conn (.openConnection ^URL (URL. http-url))] + conn (get-connection ^URL (URL. http-url))] (when (and content-type character-encoding) (.setRequestProperty conn "Content-Type" (str content-type "; charset=" From 1db9ca68d8c42ee9e9c5e509e7c7711315132679 Mon Sep 17 00:00:00 2001 From: Adam Date: Wed, 21 Aug 2013 21:37:00 -0700 Subject: [PATCH 2/3] Cleanup NoDHSocketFactory --- src/clj_http/lite/NoDHSocketFactory.clj | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/clj_http/lite/NoDHSocketFactory.clj b/src/clj_http/lite/NoDHSocketFactory.clj index 72811fb4..63ce1b78 100644 --- a/src/clj_http/lite/NoDHSocketFactory.clj +++ b/src/clj_http/lite/NoDHSocketFactory.clj @@ -24,7 +24,6 @@ [[] (atom state)])) (defn -createSocket [this & args] - (prn @(.state this)) (doto (apply (partial (memfn createSocket) (:factory @(.state this))) args) (.setEnabledCipherSuites (:enabled-ciphers @(.state this))))) @@ -34,8 +33,3 @@ (defn -getSupportedCipherSuites [this] (strip-dh-suites (.getSupportedCipherSuites (:factory @(.state this))))) - -(comment - (compile clj-http.lite.NoDHSocketFactory - ) - ) From 3cbf3dda2786bebfc403afbd710a3416833f7af5 Mon Sep 17 00:00:00 2001 From: Kevin Downey Date: Tue, 3 Sep 2013 17:18:49 -0700 Subject: [PATCH 3/3] possible proxy replacement for NoDHSocketFactory --- project.clj | 1 - src/clj_http/lite/NoDHSocketFactory.clj | 43 ++++++++++++------------- src/clj_http/lite/core.clj | 8 ++--- 3 files changed, 24 insertions(+), 28 deletions(-) diff --git a/project.clj b/project.clj index 7606e4f6..4410e216 100644 --- a/project.clj +++ b/project.clj @@ -19,5 +19,4 @@ :all (constantly true)} :aliases {"all" ["with-profile" "dev,1.2:dev,1.3:dev:1.5,dev"]} :checksum-deps true - :aot [clj-http.lite.NoDHSocketFactory] ) diff --git a/src/clj_http/lite/NoDHSocketFactory.clj b/src/clj_http/lite/NoDHSocketFactory.clj index 63ce1b78..5d0dbe68 100644 --- a/src/clj_http/lite/NoDHSocketFactory.clj +++ b/src/clj_http/lite/NoDHSocketFactory.clj @@ -1,12 +1,6 @@ (ns clj-http.lite.NoDHSocketFactory (:import (javax.net.ssl SSLSocket SSLSocketFactory) - (java.net Socket)) - (:gen-class - :name clj-http.lite.NoDHSocketFactory - :extends javax.net.ssl.SSLSocketFactory - :init init - :state state - :constructors {[javax.net.ssl.SSLSocketFactory] []})) + (java.net Socket))) (defn strip-dh-suites "Remove cipher suites containing 'DH'" @@ -16,20 +10,23 @@ (re-find #"_ECDH_" %) (re-find #"_ECDHE_" %))) suites))) -(defn -init - [^SSLSocketFactory f] - (let [state {:factory f - :enabled-ciphers (strip-dh-suites (.getSupportedCipherSuites f))}] +(defn set-cipher-suites [s sf] + (.setEnabledCipherSuites s (strip-dh-suites (.getSupportedCipherSuites sf))) + s) - [[] (atom state)])) - -(defn -createSocket [this & args] - (doto - (apply (partial (memfn createSocket) (:factory @(.state this))) args) - (.setEnabledCipherSuites (:enabled-ciphers @(.state this))))) - -(defn -getDefaultCipherSuites [this] - (strip-dh-suites (.getDefaultCipherSuites (:factory @(.state this))))) - -(defn -getSupportedCipherSuites [this] - (strip-dh-suites (.getSupportedCipherSuites (:factory @(.state this))))) +(defn no-dhs-socket-factory [sf] + (proxy [SSLSocketFactory] [] + (createSocket + ([] + (doto (.createSocket sf) + (set-cipher-suites sf))) + ([host port] + (doto (.createSocket sf host port) + (set-cipher-suites sf))) + ([host port local-host local-port] + (doto (.createSocket sf host port local-host local-port) + (set-cipher-suites sf)))) + (getDefaultCipherSuites [] + (.getDefaultCipherSuites sf)) + (getSupportedCipherSuites [] + (.getSupportedCipherSuites sf)))) diff --git a/src/clj_http/lite/core.clj b/src/clj_http/lite/core.clj index 4fa06222..68bd3698 100644 --- a/src/clj_http/lite/core.clj +++ b/src/clj_http/lite/core.clj @@ -1,10 +1,10 @@ (ns clj-http.lite.core "Core HTTP request/response implementation." - (:require [clojure.java.io :as io]) + (:require [clojure.java.io :as io] + [clj-http.lite.NoDHSocketFactory]) (:import (java.io ByteArrayOutputStream InputStream IOException) (java.net URI URL HttpURLConnection) - (javax.net.ssl HttpsURLConnection) - (clj-http.lite NoDHSocketFactory))) + (javax.net.ssl HttpsURLConnection))) (defn parse-headers "Takes a URLConnection and returns a map of names to values. @@ -47,7 +47,7 @@ (if (instance? HttpsURLConnection conn) (doto conn (.setSSLSocketFactory - (NoDHSocketFactory. + (clj-http.lite.NoDHSocketFactory/no-dhs-socket-factory (.getSSLSocketFactory conn)))) conn)))