use of javax.net.ssl.SNIHostName in project jetty.project by eclipse.
the class SniSslConnectionFactoryTest method testSameConnectionRequestsForManyWildDomains.
@Test
public void testSameConnectionRequestsForManyWildDomains() throws Exception {
SslContextFactory clientContextFactory = new SslContextFactory(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
try (SSLSocket sslSocket = (SSLSocket) factory.createSocket("127.0.0.1", _port)) {
SNIHostName serverName = new SNIHostName("www.domain.com");
SSLParameters params = sslSocket.getSSLParameters();
params.setServerNames(Collections.singletonList(serverName));
sslSocket.setSSLParameters(params);
sslSocket.startHandshake();
String request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: www.domain.com\r\n" + "\r\n";
OutputStream output = sslSocket.getOutputStream();
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
InputStream input = sslSocket.getInputStream();
String response = response(input);
Assert.assertTrue(response.startsWith("HTTP/1.1 200 "));
// Now, on the same socket, send a request for a different valid domain.
request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: assets.domain.com\r\n" + "\r\n";
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
response = response(input);
Assert.assertTrue(response.startsWith("HTTP/1.1 200 "));
// Now make a request for an invalid domain for this connection.
request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: www.example.com\r\n" + "\r\n";
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
response = response(input);
Assert.assertTrue(response.startsWith("HTTP/1.1 400 "));
Assert.assertThat(response, Matchers.containsString("Host does not match SNI"));
} finally {
clientContextFactory.stop();
}
}
use of javax.net.ssl.SNIHostName in project jetty.project by eclipse.
the class SniSslConnectionFactoryTest method testSameConnectionRequestsForManyDomains.
@Test
public void testSameConnectionRequestsForManyDomains() throws Exception {
SslContextFactory clientContextFactory = new SslContextFactory(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
try (SSLSocket sslSocket = (SSLSocket) factory.createSocket("127.0.0.1", _port)) {
SNIHostName serverName = new SNIHostName("m.san.com");
SSLParameters params = sslSocket.getSSLParameters();
params.setServerNames(Collections.singletonList(serverName));
sslSocket.setSSLParameters(params);
sslSocket.startHandshake();
// The first request binds the socket to an alias.
String request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: m.san.com\r\n" + "\r\n";
OutputStream output = sslSocket.getOutputStream();
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
InputStream input = sslSocket.getInputStream();
String response = response(input);
Assert.assertTrue(response.startsWith("HTTP/1.1 200 "));
// Same socket, send a request for a different domain but same alias.
request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: www.san.com\r\n" + "\r\n";
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
response = response(input);
Assert.assertTrue(response.startsWith("HTTP/1.1 200 "));
// Same socket, send a request for a different domain but different alias.
request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: www.example.com\r\n" + "\r\n";
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
response = response(input);
assertThat(response, startsWith("HTTP/1.1 400 "));
assertThat(response, containsString("Host does not match SNI"));
} finally {
clientContextFactory.stop();
}
}
use of javax.net.ssl.SNIHostName in project netty by netty.
the class Java8SslParametersUtils method getSniHostNames.
static List<String> getSniHostNames(SSLParameters sslParameters) {
List<SNIServerName> names = sslParameters.getServerNames();
if (names == null || names.isEmpty()) {
return Collections.emptyList();
}
List<String> strings = new ArrayList<String>(names.size());
for (SNIServerName serverName : names) {
if (serverName instanceof SNIHostName) {
strings.add(((SNIHostName) serverName).getAsciiName());
} else {
throw new IllegalArgumentException("Only " + SNIHostName.class.getName() + " instances are supported, but found: " + serverName);
}
}
return strings;
}
use of javax.net.ssl.SNIHostName in project netty by netty.
the class Java8SslParametersUtils method setSniHostNames.
static void setSniHostNames(SSLParameters sslParameters, List<String> names) {
List<SNIServerName> sniServerNames = new ArrayList<SNIServerName>(names.size());
for (String name : names) {
sniServerNames.add(new SNIHostName(name));
}
sslParameters.setServerNames(sniServerNames);
}
use of javax.net.ssl.SNIHostName in project jetty.project by eclipse.
the class SniSslConnectionFactoryTest method getResponse.
private String getResponse(String sniHost, String reqHost, String cn) throws Exception {
SslContextFactory clientContextFactory = new SslContextFactory(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
try (SSLSocket sslSocket = (SSLSocket) factory.createSocket("127.0.0.1", _port)) {
if (cn != null) {
SNIHostName serverName = new SNIHostName(sniHost);
List<SNIServerName> serverNames = new ArrayList<>();
serverNames.add(serverName);
SSLParameters params = sslSocket.getSSLParameters();
params.setServerNames(serverNames);
sslSocket.setSSLParameters(params);
}
sslSocket.startHandshake();
if (cn != null) {
X509Certificate cert = ((X509Certificate) sslSocket.getSession().getPeerCertificates()[0]);
Assert.assertThat(cert.getSubjectX500Principal().getName("CANONICAL"), Matchers.startsWith("cn=" + cn));
}
String response = "GET /ctx/path HTTP/1.0\r\nHost: " + reqHost + ":" + _port + "\r\n\r\n";
sslSocket.getOutputStream().write(response.getBytes(StandardCharsets.ISO_8859_1));
return IO.toString(sslSocket.getInputStream());
} finally {
clientContextFactory.stop();
}
}
Aggregations