use of javax.net.ssl.SNIHostName in project qpid-broker-j by apache.
the class NonBlockingConnectionTLSDelegate method processData.
@Override
public boolean processData() throws IOException {
if (!_hostChecked) {
try (QpidByteBuffer buffer = _netInputBuffer.duplicate()) {
buffer.flip();
if (SSLUtil.isSufficientToDetermineClientSNIHost(buffer)) {
final SNIHostName hostName = getSNIHostName(buffer);
if (hostName != null) {
_parent.setSelectedHost(hostName.getAsciiName());
SSLParameters sslParameters = _sslEngine.getSSLParameters();
sslParameters.setServerNames(Collections.singletonList(hostName));
_sslEngine.setSSLParameters(sslParameters);
}
_hostChecked = true;
} else {
return false;
}
}
}
_netInputBuffer.flip();
boolean readData = false;
boolean tasksRun;
int oldNetBufferPos;
do {
int oldAppBufPos = _applicationBuffer.position();
oldNetBufferPos = _netInputBuffer.position();
_status = QpidByteBuffer.decryptSSL(_sslEngine, _netInputBuffer, _applicationBuffer);
if (_status.getStatus() == SSLEngineResult.Status.CLOSED) {
int remaining = _netInputBuffer.remaining();
_netInputBuffer.position(_netInputBuffer.limit());
// We'd usually expect no more bytes to be sent following a close_notify
LOGGER.debug("SSLEngine closed, discarded {} byte(s)", remaining);
}
tasksRun = runSSLEngineTasks(_status);
_applicationBuffer.flip();
if (_applicationBuffer.position() > oldAppBufPos) {
readData = true;
}
_parent.processAmqpData(_applicationBuffer);
restoreApplicationBufferForWrite();
} while ((_netInputBuffer.hasRemaining() && (_netInputBuffer.position() > oldNetBufferPos)) || tasksRun);
if (_netInputBuffer.hasRemaining()) {
_netInputBuffer.compact();
} else {
_netInputBuffer.clear();
}
return readData;
}
use of javax.net.ssl.SNIHostName in project jetty.project by eclipse.
the class SslConnectionFactoryTest method getResponse.
private String getResponse(String sniHost, String reqHost, String cn) throws Exception {
SslContextFactory clientContextFactory = new SslContextFactory(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
SSLSocket sslSocket = (SSLSocket) factory.createSocket("127.0.0.1", _port);
if (cn != null) {
SNIHostName serverName = new SNIHostName(sniHost);
List<SNIServerName> serverNames = new ArrayList<>();
serverNames.add(serverName);
SSLParameters params = sslSocket.getSSLParameters();
params.setServerNames(serverNames);
sslSocket.setSSLParameters(params);
}
sslSocket.startHandshake();
if (cn != null) {
X509Certificate cert = ((X509Certificate) sslSocket.getSession().getPeerCertificates()[0]);
Assert.assertThat(cert.getSubjectX500Principal().getName("CANONICAL"), Matchers.startsWith("cn=" + cn));
}
sslSocket.getOutputStream().write(("GET /ctx/path HTTP/1.0\r\nHost: " + reqHost + ":" + _port + "\r\n\r\n").getBytes(StandardCharsets.ISO_8859_1));
String response = IO.toString(sslSocket.getInputStream());
sslSocket.close();
clientContextFactory.stop();
return response;
}
use of javax.net.ssl.SNIHostName in project mongo-java-driver by mongodb.
the class Java8SniSslHelper method enableSni.
@Override
public void enableSni(final ServerAddress address, final SSLParameters sslParameters) {
try {
SNIServerName sniHostName = new SNIHostName(address.getHost());
sslParameters.setServerNames(singletonList(sniHostName));
} catch (IllegalArgumentException e) {
// ignore because SNIHostName will throw this for some legit host names for connecting to MongoDB, e.g an IPV6 literal
}
}
use of javax.net.ssl.SNIHostName in project jdk8u_jdk by JetBrains.
the class SSLEchoServer method init.
static SSLClient init(String host, int port, String cipherSuiteFilter, String sniHostName) throws NoSuchAlgorithmException, IOException {
SSLContext sslContext = SSLContext.getDefault();
SSLSocketFactory ssf = (SSLSocketFactory) sslContext.getSocketFactory();
SSLSocket socket = (SSLSocket) ssf.createSocket(host, port);
SSLParameters params = new SSLParameters();
if (cipherSuiteFilter != null) {
String[] cipherSuites = UnboundSSLUtils.filterStringArray(ssf.getSupportedCipherSuites(), cipherSuiteFilter);
System.out.println("Client: enabled cipher suites: " + Arrays.toString(cipherSuites));
params.setCipherSuites(cipherSuites);
}
if (sniHostName != null) {
System.out.println("Client: set SNI hostname: " + sniHostName);
SNIHostName serverName = new SNIHostName(sniHostName);
List<SNIServerName> serverNames = new ArrayList<>();
serverNames.add(serverName);
params.setServerNames(serverNames);
}
socket.setSSLParameters(params);
return new SSLClient(socket);
}
use of javax.net.ssl.SNIHostName in project certmgr by hdecarne.
the class SSLPeer method readCertificatesHelper.
private Certificate[] readCertificatesHelper(SSLProtocalHelper protocolHelper) throws GeneralSecurityException, IOException {
SSLContext sslContext = SSLContext.getInstance("TLS");
// Accept as much certificates as possible
sslContext.init(null, new TrustManager[] { INSECURE_TRUST_MANAGER }, null);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
// Prepare additional options: SNI server names
List<SNIServerName> serverNames = Arrays.asList(new SNIHostName(this.address.getHostName()));
// Start SSL handshake and retrieve certificates
Certificate[] certificates = null;
try (SSLSocket sslSocket = protocolHelper.createSSLSocket(sslSocketFactory, this.address, this.port)) {
sslSocket.setSoTimeout(SOCKET_TIMEOUT);
SSLParameters sslParams = sslSocket.getSSLParameters();
sslParams.setServerNames(serverNames);
sslSocket.setSSLParameters(sslParams);
sslSocket.startHandshake();
certificates = sslSocket.getSession().getPeerCertificates();
}
return certificates;
}
Aggregations