Examples with SSLSessionContext javax.net.ssl.SSLSessionContext used on opensource projects

Example 1 with SSLSessionContext

use of javax.net.ssl.SSLSessionContext in project tomcat by apache.

the class AbstractJsseEndpoint method createSSLContext.

@Override
protected void createSSLContext(SSLHostConfig sslHostConfig) throws IllegalArgumentException {
    boolean firstCertificate = true;
    for (SSLHostConfigCertificate certificate : sslHostConfig.getCertificates(true)) {
        SSLUtil sslUtil = sslImplementation.getSSLUtil(certificate);
        if (firstCertificate) {
            firstCertificate = false;
            sslHostConfig.setEnabledProtocols(sslUtil.getEnabledProtocols());
            sslHostConfig.setEnabledCiphers(sslUtil.getEnabledCiphers());
        }
        SSLContext sslContext;
        try {
            sslContext = sslUtil.createSSLContext(negotiableProtocols);
            sslContext.init(sslUtil.getKeyManagers(), sslUtil.getTrustManagers(), null);
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
        SSLSessionContext sessionContext = sslContext.getServerSessionContext();
        if (sessionContext != null) {
            sslUtil.configureSessionContext(sessionContext);
        }
        certificate.setSslContext(sslContext);
    }
}

Example 2 with SSLSessionContext

use of javax.net.ssl.SSLSessionContext in project netty by netty.

the class JdkSslServerContext method newSSLContext.

private static SSLContext newSSLContext(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory, long sessionCacheSize, long sessionTimeout) throws SSLException {
    if (key == null && keyManagerFactory == null) {
        throw new NullPointerException("key, keyManagerFactory");
    }
    try {
        if (trustCertCollection != null) {
            trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
        }
        if (key != null) {
            keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory);
        }
        // Initialize the SSLContext to work with our key managers.
        SSLContext ctx = SSLContext.getInstance(PROTOCOL);
        ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(), null);
        SSLSessionContext sessCtx = ctx.getServerSessionContext();
        if (sessionCacheSize > 0) {
            sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
        }
        if (sessionTimeout > 0) {
            sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
        }
        return ctx;
    } catch (Exception e) {
        if (e instanceof SSLException) {
            throw (SSLException) e;
        }
        throw new SSLException("failed to initialize the server-side SSL context", e);
    }
}

Example 3 with SSLSessionContext

use of javax.net.ssl.SSLSessionContext in project robovm by robovm.

the class SSLSessionContextTest method test_SSLSessionContext_setSessionCacheSize_dynamic.

public void test_SSLSessionContext_setSessionCacheSize_dynamic() throws Exception {
    TestSSLContext c = TestSSLContext.create();
    SSLSessionContext client = c.clientContext.getClientSessionContext();
    SSLSessionContext server = c.serverContext.getServerSessionContext();
    String[] supportedCipherSuites = c.serverSocket.getSupportedCipherSuites();
    c.serverSocket.setEnabledCipherSuites(supportedCipherSuites);
    LinkedList<String> uniqueCipherSuites = new LinkedList(Arrays.asList(supportedCipherSuites));
    // only use RSA cipher suites which will work with our TrustProvider
    Iterator<String> i = uniqueCipherSuites.iterator();
    while (i.hasNext()) {
        String cipherSuite = i.next();
        // Certificate key length too long for export ciphers
        if (cipherSuite.startsWith("SSL_RSA_EXPORT_")) {
            i.remove();
            continue;
        }
        if (cipherSuite.startsWith("SSL_RSA_")) {
            continue;
        }
        if (cipherSuite.startsWith("TLS_RSA_")) {
            continue;
        }
        if (cipherSuite.startsWith("TLS_DHE_RSA_")) {
            continue;
        }
        if (cipherSuite.startsWith("SSL_DHE_RSA_")) {
            continue;
        }
        i.remove();
    }
    /*
         * having more than 3 uniqueCipherSuites is a test
         * requirement, not a requirement of the interface or
         * implementation. It simply allows us to make sure that we
         * will not get a cached session ID since we'll have to
         * renegotiate a new session due to the new cipher suite
         * requirement. even this test only really needs three if it
         * reused the unique cipher suites every time it resets the
         * session cache.
         */
    assertTrue(uniqueCipherSuites.size() >= 3);
    String cipherSuite1 = uniqueCipherSuites.get(0);
    String cipherSuite2 = uniqueCipherSuites.get(1);
    String cipherSuite3 = uniqueCipherSuites.get(2);
    List<SSLSocket[]> toClose = new ArrayList<SSLSocket[]>();
    toClose.add(TestSSLSocketPair.connect(c, new String[] { cipherSuite1 }, null));
    assertSSLSessionContextSize(1, c);
    toClose.add(TestSSLSocketPair.connect(c, new String[] { cipherSuite2 }, null));
    assertSSLSessionContextSize(2, c);
    toClose.add(TestSSLSocketPair.connect(c, new String[] { cipherSuite3 }, null));
    assertSSLSessionContextSize(3, c);
    client.setSessionCacheSize(1);
    server.setSessionCacheSize(1);
    assertEquals(1, client.getSessionCacheSize());
    assertEquals(1, server.getSessionCacheSize());
    assertSSLSessionContextSize(1, c);
    toClose.add(TestSSLSocketPair.connect(c, new String[] { cipherSuite1 }, null));
    assertSSLSessionContextSize(1, c);
    client.setSessionCacheSize(2);
    server.setSessionCacheSize(2);
    toClose.add(TestSSLSocketPair.connect(c, new String[] { cipherSuite2 }, null));
    assertSSLSessionContextSize(2, c);
    toClose.add(TestSSLSocketPair.connect(c, new String[] { cipherSuite3 }, null));
    assertSSLSessionContextSize(2, c);
    for (SSLSocket[] pair : toClose) {
        for (SSLSocket s : pair) {
            s.close();
        }
    }
    c.close();
}

Example 4 with SSLSessionContext

use of javax.net.ssl.SSLSessionContext in project robovm by robovm.

the class SSLSessionContextTest method test_SSLSessionContext_setSessionCacheSize_oneConnect.

public void test_SSLSessionContext_setSessionCacheSize_oneConnect() {
    TestSSLSocketPair s = TestSSLSocketPair.create();
    SSLSessionContext client = s.c.clientContext.getClientSessionContext();
    SSLSessionContext server = s.c.serverContext.getServerSessionContext();
    assertEquals(TestSSLContext.EXPECTED_DEFAULT_CLIENT_SSL_SESSION_CACHE_SIZE, client.getSessionCacheSize());
    assertEquals(TestSSLContext.EXPECTED_DEFAULT_SERVER_SSL_SESSION_CACHE_SIZE, server.getSessionCacheSize());
    assertSSLSessionContextSize(1, s.c);
    s.close();
}

Example 5 with SSLSessionContext

use of javax.net.ssl.SSLSessionContext in project robovm by robovm.

the class SSLContextTest method test_SSLContext_getServerSessionContext.

public void test_SSLContext_getServerSessionContext() throws Exception {
    for (String protocol : StandardNames.SSL_CONTEXT_PROTOCOLS) {
        SSLContext sslContext = SSLContext.getInstance(protocol);
        SSLSessionContext sessionContext = sslContext.getServerSessionContext();
        assertNotNull(sessionContext);
        if (!StandardNames.IS_RI && protocol.equals(StandardNames.SSL_CONTEXT_PROTOCOLS_DEFAULT)) {
            assertSame(SSLContext.getInstance(protocol).getServerSessionContext(), sessionContext);
        } else {
            assertNotSame(SSLContext.getInstance(protocol).getServerSessionContext(), sessionContext);
        }
    }
}