Example 1 with SSLSocket
use of javax.net.ssl.SSLSocket in project camel by apache.
the class AbstractJsseParametersTest method createPropertiesPlaceholderAwareContext.
protected CamelContext createPropertiesPlaceholderAwareContext() throws Exception {
Properties supplementalProperties = new Properties();
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
SecureRandom sr = null;
try {
sr = SecureRandom.getInstance("SHA1PRNG");
} catch (NoSuchAlgorithmException e) {
// Ignore
}
SSLContext sslc = SSLContext.getInstance("TLS");
sslc.init(null, null, null);
SSLSocket socket = (SSLSocket) sslc.getSocketFactory().createSocket();
supplementalProperties.setProperty("keyStoreParameters.type", KeyStore.getDefaultType());
supplementalProperties.setProperty("keyStoreParameters.provider", ks.getProvider().getName());
supplementalProperties.setProperty("keyManagersParameters.algorithm", KeyManagerFactory.getDefaultAlgorithm());
supplementalProperties.setProperty("keyManagersParameters.provider", kmf.getProvider().getName());
supplementalProperties.setProperty("trustManagersParameters.algorithm", TrustManagerFactory.getDefaultAlgorithm());
supplementalProperties.setProperty("trustManagersParameters.provider", tmf.getProvider().getName());
if (sr != null) {
supplementalProperties.setProperty("secureRandomParameters.algorithm", "SHA1PRNG");
supplementalProperties.setProperty("secureRandomParameters.provider", sr.getProvider().getName());
}
supplementalProperties.setProperty("sslContextParameters.provider", sslc.getProvider().getName());
supplementalProperties.setProperty("cipherSuite.0", socket.getSupportedCipherSuites()[0]);
// Have to skip this guy because he doesn't work with TLS as the SSLContext protocol
String ssp = "";
for (String protocol : socket.getSupportedProtocols()) {
if (!"SSLv2Hello".equals(protocol)) {
ssp = protocol;
break;
}
}
supplementalProperties.setProperty("secureSocketProtocol.0", ssp);
return this.createPropertiesPlaceholderAwareContext(supplementalProperties);
}
Also used :
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
SSLSocket(javax.net.ssl.SSLSocket)
SecureRandom(java.security.SecureRandom)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SSLContext(javax.net.ssl.SSLContext)
Properties(java.util.Properties)
KeyStore(java.security.KeyStore)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 2 with SSLSocket
use of javax.net.ssl.SSLSocket in project camel by apache.
the class SSLContextParametersTest method testSecureSocketProtocolsFilter.
public void testSecureSocketProtocolsFilter() throws Exception {
SSLContext controlContext = SSLContext.getInstance("TLS");
controlContext.init(null, null, null);
SSLEngine controlEngine = controlContext.createSSLEngine();
SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket();
SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
// default
SSLContextParameters scp = new SSLContextParameters();
SSLContext context = scp.createSSLContext();
SSLEngine engine = context.createSSLEngine();
SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket();
SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
// default disable the SSL* protocols
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertStartsWith(socket.getEnabledProtocols(), "TLS");
assertStartsWith(serverSocket.getEnabledProtocols(), "TLS");
// empty filter
FilterParameters filter = new FilterParameters();
scp.setSecureSocketProtocolsFilter(filter);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertEquals(0, engine.getEnabledProtocols().length);
assertEquals(0, socket.getEnabledProtocols().length);
assertEquals(0, serverSocket.getEnabledProtocols().length);
// explicit filter
filter.getInclude().add(".*");
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertTrue(Arrays.equals(controlEngine.getEnabledProtocols(), engine.getEnabledProtocols()));
assertTrue(Arrays.equals(controlSocket.getEnabledProtocols(), socket.getEnabledProtocols()));
checkProtocols(controlServerSocket.getEnabledProtocols(), serverSocket.getEnabledProtocols());
// explicit filter with excludes (excludes overrides)
filter.getExclude().add(".*");
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertEquals(0, engine.getEnabledProtocols().length);
assertEquals(0, socket.getEnabledProtocols().length);
assertEquals(0, serverSocket.getEnabledProtocols().length);
// explicit filter single include
filter.getInclude().clear();
filter.getExclude().clear();
filter.getInclude().add("TLS.*");
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
// not all platforms/JDKs have these cipher suites
if (!isPlatform("aix")) {
assertTrue(engine.getEnabledProtocols().length >= 1);
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertTrue(socket.getEnabledProtocols().length >= 1);
assertStartsWith(socket.getEnabledProtocols(), "TLS");
assertTrue(socket.getEnabledProtocols().length >= 1);
assertStartsWith(serverSocket.getEnabledProtocols(), "TLS");
}
}
Also used :
SSLEngine(javax.net.ssl.SSLEngine)
SSLSocket(javax.net.ssl.SSLSocket)
SSLContext(javax.net.ssl.SSLContext)
SSLServerSocket(javax.net.ssl.SSLServerSocket)
Example 3 with SSLSocket
use of javax.net.ssl.SSLSocket in project camel by apache.
the class SSLContextParametersTest method testCipherSuitesFilter.
public void testCipherSuitesFilter() throws Exception {
SSLContext controlContext = SSLContext.getInstance("TLS");
controlContext.init(null, null, null);
SSLEngine controlEngine = controlContext.createSSLEngine();
SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket();
SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
// default
SSLContextParameters scp = new SSLContextParameters();
SSLContext context = scp.createSSLContext();
CipherSuitesParameters csp = new CipherSuitesParameters();
scp.setCipherSuites(csp);
SSLEngine engine = context.createSSLEngine();
SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket();
SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites()));
// empty filter
FilterParameters filter = new FilterParameters();
scp.setCipherSuitesFilter(filter);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertEquals(0, engine.getEnabledCipherSuites().length);
assertEquals(0, socket.getEnabledCipherSuites().length);
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
// explicit filter
filter.getInclude().add(".*");
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertEquals(0, engine.getEnabledCipherSuites().length);
assertEquals(0, socket.getEnabledCipherSuites().length);
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
// explicit filter with excludes (excludes overrides)
filter.getExclude().add(".*");
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertEquals(0, engine.getEnabledCipherSuites().length);
assertEquals(0, socket.getEnabledCipherSuites().length);
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
// explicit filter single include
filter.getInclude().clear();
filter.getExclude().clear();
csp.setCipherSuite(Collections.singletonList("TLS_RSA_WITH_AES_128_CBC_SHA"));
filter.getInclude().add("TLS.*");
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
// not all platforms/JDKs have these cipher suites
if (!isPlatform("aix")) {
assertTrue(engine.getEnabledCipherSuites().length >= 1);
assertStartsWith(engine.getEnabledCipherSuites(), "TLS");
assertTrue(socket.getEnabledCipherSuites().length >= 1);
assertStartsWith(socket.getEnabledCipherSuites(), "TLS");
assertTrue(serverSocket.getEnabledCipherSuites().length >= 1);
assertStartsWith(serverSocket.getEnabledCipherSuites(), "TLS");
}
}
Also used :
SSLEngine(javax.net.ssl.SSLEngine)
SSLSocket(javax.net.ssl.SSLSocket)
SSLContext(javax.net.ssl.SSLContext)
SSLServerSocket(javax.net.ssl.SSLServerSocket)
Example 4 with SSLSocket
use of javax.net.ssl.SSLSocket in project camel by apache.
the class SSLContextParametersTest method testSecureSocketProtocol.
public void testSecureSocketProtocol() throws Exception {
SSLContextParameters scp = new SSLContextParameters();
scp.setSecureSocketProtocol("SSLv3");
SSLContext context = scp.createSSLContext();
assertEquals("SSLv3", context.getProtocol());
SSLEngine engine = context.createSSLEngine();
SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket();
SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
// default disable the SSL* protocols
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertStartsWith(socket.getEnabledProtocols(), "TLS");
assertStartsWith(serverSocket.getEnabledProtocols(), "TLS");
// allow SSL* protocols by explicitly asking for them
final SecureSocketProtocolsParameters protocols = new SecureSocketProtocolsParameters();
protocols.setSecureSocketProtocol(Collections.singletonList("SSLv3"));
scp.setSecureSocketProtocols(protocols);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertEquals(engine.getEnabledProtocols().length, 1);
assertEquals(engine.getEnabledProtocols()[0], "SSLv3");
assertEquals(socket.getEnabledProtocols().length, 1);
assertEquals(socket.getEnabledProtocols()[0], "SSLv3");
assertEquals(serverSocket.getEnabledProtocols().length, 1);
assertEquals(serverSocket.getEnabledProtocols()[0], "SSLv3");
}
Also used :
SSLEngine(javax.net.ssl.SSLEngine)
SSLSocket(javax.net.ssl.SSLSocket)
SSLContext(javax.net.ssl.SSLContext)
SSLServerSocket(javax.net.ssl.SSLServerSocket)
Example 5 with SSLSocket
use of javax.net.ssl.SSLSocket in project camel by apache.
the class CamelSSLIRCConnection method connect.
@Override
public void connect() throws IOException {
if (sslContextParameters == null) {
super.connect();
} else {
if (level != 0) {
throw new SocketException("Socket closed or already open (" + level + ")");
}
IOException exception = null;
final SSLContext sslContext;
try {
sslContext = sslContextParameters.createSSLContext(camelContext);
} catch (GeneralSecurityException e) {
throw new RuntimeCamelException("Error in SSLContextParameters configuration or instantiation.", e);
}
final SSLSocketFactory sf = sslContext.getSocketFactory();
SSLSocket s = null;
for (int i = 0; i < ports.length && s == null; i++) {
try {
s = (SSLSocket) sf.createSocket(host, ports[i]);
s.startHandshake();
exception = null;
} catch (SSLNotSupportedException exc) {
if (s != null) {
s.close();
}
s = null;
throw exc;
} catch (IOException exc) {
if (s != null) {
s.close();
}
s = null;
exception = exc;
}
}
if (exception != null) {
// connection wasn't successful at any port
throw exception;
}
prepare(s);
}
}
Also used :
SocketException(java.net.SocketException)
GeneralSecurityException(java.security.GeneralSecurityException)
SSLSocket(javax.net.ssl.SSLSocket)
SSLNotSupportedException(org.schwering.irc.lib.ssl.SSLNotSupportedException)
RuntimeCamelException(org.apache.camel.RuntimeCamelException)
IOException(java.io.IOException)
SSLContext(javax.net.ssl.SSLContext)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
Aggregations
SSLSocket (javax.net.ssl.SSLSocket)326
IOException (java.io.IOException)101
Test (org.junit.Test)62
SSLContext (javax.net.ssl.SSLContext)59
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)59
Socket (java.net.Socket)57
OutputStream (java.io.OutputStream)50
InetSocketAddress (java.net.InetSocketAddress)39
CertificateException (java.security.cert.CertificateException)33
SSLException (javax.net.ssl.SSLException)32
SSLSession (javax.net.ssl.SSLSession)31
InputStream (java.io.InputStream)30
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)30
SSLServerSocket (javax.net.ssl.SSLServerSocket)27
SocketTimeoutException (java.net.SocketTimeoutException)24
SocketException (java.net.SocketException)23
ServerSocket (java.net.ServerSocket)22
UnknownHostException (java.net.UnknownHostException)21
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)21
InputStreamReader (java.io.InputStreamReader)19
