Search in sources :

Example 16 with SNIHostName

use of javax.net.ssl.SNIHostName in project qpid-broker-j by apache.

the class NonBlockingConnectionTLSDelegate method processData.

@Override
public boolean processData() throws IOException {
    if (!_hostChecked) {
        try (QpidByteBuffer buffer = _netInputBuffer.duplicate()) {
            buffer.flip();
            if (SSLUtil.isSufficientToDetermineClientSNIHost(buffer)) {
                final SNIHostName hostName = getSNIHostName(buffer);
                if (hostName != null) {
                    _parent.setSelectedHost(hostName.getAsciiName());
                    SSLParameters sslParameters = _sslEngine.getSSLParameters();
                    sslParameters.setServerNames(Collections.singletonList(hostName));
                    _sslEngine.setSSLParameters(sslParameters);
                }
                _hostChecked = true;
            } else {
                return false;
            }
        }
    }
    _netInputBuffer.flip();
    boolean readData = false;
    boolean tasksRun;
    int oldNetBufferPos;
    do {
        int oldAppBufPos = _applicationBuffer.position();
        oldNetBufferPos = _netInputBuffer.position();
        _status = QpidByteBuffer.decryptSSL(_sslEngine, _netInputBuffer, _applicationBuffer);
        if (_status.getStatus() == SSLEngineResult.Status.CLOSED) {
            int remaining = _netInputBuffer.remaining();
            _netInputBuffer.position(_netInputBuffer.limit());
            // We'd usually expect no more bytes to be sent following a close_notify
            LOGGER.debug("SSLEngine closed, discarded {} byte(s)", remaining);
        }
        tasksRun = runSSLEngineTasks(_status);
        _applicationBuffer.flip();
        if (_applicationBuffer.position() > oldAppBufPos) {
            readData = true;
        }
        _parent.processAmqpData(_applicationBuffer);
        restoreApplicationBufferForWrite();
    } while ((_netInputBuffer.hasRemaining() && (_netInputBuffer.position() > oldNetBufferPos)) || tasksRun);
    if (_netInputBuffer.hasRemaining()) {
        _netInputBuffer.compact();
    } else {
        _netInputBuffer.clear();
    }
    return readData;
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) SNIHostName(javax.net.ssl.SNIHostName) QpidByteBuffer(org.apache.qpid.server.bytebuffer.QpidByteBuffer)

Example 17 with SNIHostName

use of javax.net.ssl.SNIHostName in project jetty.project by eclipse.

the class SslConnectionFactoryTest method getResponse.

private String getResponse(String sniHost, String reqHost, String cn) throws Exception {
    SslContextFactory clientContextFactory = new SslContextFactory(true);
    clientContextFactory.start();
    SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
    SSLSocket sslSocket = (SSLSocket) factory.createSocket("127.0.0.1", _port);
    if (cn != null) {
        SNIHostName serverName = new SNIHostName(sniHost);
        List<SNIServerName> serverNames = new ArrayList<>();
        serverNames.add(serverName);
        SSLParameters params = sslSocket.getSSLParameters();
        params.setServerNames(serverNames);
        sslSocket.setSSLParameters(params);
    }
    sslSocket.startHandshake();
    if (cn != null) {
        X509Certificate cert = ((X509Certificate) sslSocket.getSession().getPeerCertificates()[0]);
        Assert.assertThat(cert.getSubjectX500Principal().getName("CANONICAL"), Matchers.startsWith("cn=" + cn));
    }
    sslSocket.getOutputStream().write(("GET /ctx/path HTTP/1.0\r\nHost: " + reqHost + ":" + _port + "\r\n\r\n").getBytes(StandardCharsets.ISO_8859_1));
    String response = IO.toString(sslSocket.getInputStream());
    sslSocket.close();
    clientContextFactory.stop();
    return response;
}
Also used : SNIServerName(javax.net.ssl.SNIServerName) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SSLParameters(javax.net.ssl.SSLParameters) SNIHostName(javax.net.ssl.SNIHostName) SSLSocket(javax.net.ssl.SSLSocket) ArrayList(java.util.ArrayList) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) X509Certificate(java.security.cert.X509Certificate)

Example 18 with SNIHostName

use of javax.net.ssl.SNIHostName in project mongo-java-driver by mongodb.

the class Java8SniSslHelper method enableSni.

@Override
public void enableSni(final ServerAddress address, final SSLParameters sslParameters) {
    try {
        SNIServerName sniHostName = new SNIHostName(address.getHost());
        sslParameters.setServerNames(singletonList(sniHostName));
    } catch (IllegalArgumentException e) {
    // ignore because SNIHostName will throw this for some legit host names for connecting to MongoDB, e.g an IPV6 literal
    }
}
Also used : SNIServerName(javax.net.ssl.SNIServerName) SNIHostName(javax.net.ssl.SNIHostName)

Example 19 with SNIHostName

use of javax.net.ssl.SNIHostName in project jdk8u_jdk by JetBrains.

the class SSLEchoServer method init.

static SSLClient init(String host, int port, String cipherSuiteFilter, String sniHostName) throws NoSuchAlgorithmException, IOException {
    SSLContext sslContext = SSLContext.getDefault();
    SSLSocketFactory ssf = (SSLSocketFactory) sslContext.getSocketFactory();
    SSLSocket socket = (SSLSocket) ssf.createSocket(host, port);
    SSLParameters params = new SSLParameters();
    if (cipherSuiteFilter != null) {
        String[] cipherSuites = UnboundSSLUtils.filterStringArray(ssf.getSupportedCipherSuites(), cipherSuiteFilter);
        System.out.println("Client: enabled cipher suites: " + Arrays.toString(cipherSuites));
        params.setCipherSuites(cipherSuites);
    }
    if (sniHostName != null) {
        System.out.println("Client: set SNI hostname: " + sniHostName);
        SNIHostName serverName = new SNIHostName(sniHostName);
        List<SNIServerName> serverNames = new ArrayList<>();
        serverNames.add(serverName);
        params.setServerNames(serverNames);
    }
    socket.setSSLParameters(params);
    return new SSLClient(socket);
}
Also used : SNIServerName(javax.net.ssl.SNIServerName) SSLParameters(javax.net.ssl.SSLParameters) SNIHostName(javax.net.ssl.SNIHostName) SSLSocket(javax.net.ssl.SSLSocket) ArrayList(java.util.ArrayList) SSLContext(javax.net.ssl.SSLContext) SSLSocketFactory(javax.net.ssl.SSLSocketFactory)

Example 20 with SNIHostName

use of javax.net.ssl.SNIHostName in project certmgr by hdecarne.

the class SSLPeer method readCertificatesHelper.

private Certificate[] readCertificatesHelper(SSLProtocalHelper protocolHelper) throws GeneralSecurityException, IOException {
    SSLContext sslContext = SSLContext.getInstance("TLS");
    // Accept as much certificates as possible
    sslContext.init(null, new TrustManager[] { INSECURE_TRUST_MANAGER }, null);
    SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
    // Prepare additional options: SNI server names
    List<SNIServerName> serverNames = Arrays.asList(new SNIHostName(this.address.getHostName()));
    // Start SSL handshake and retrieve certificates
    Certificate[] certificates = null;
    try (SSLSocket sslSocket = protocolHelper.createSSLSocket(sslSocketFactory, this.address, this.port)) {
        sslSocket.setSoTimeout(SOCKET_TIMEOUT);
        SSLParameters sslParams = sslSocket.getSSLParameters();
        sslParams.setServerNames(serverNames);
        sslSocket.setSSLParameters(sslParams);
        sslSocket.startHandshake();
        certificates = sslSocket.getSession().getPeerCertificates();
    }
    return certificates;
}
Also used : SNIServerName(javax.net.ssl.SNIServerName) SSLParameters(javax.net.ssl.SSLParameters) SNIHostName(javax.net.ssl.SNIHostName) SSLSocket(javax.net.ssl.SSLSocket) SSLContext(javax.net.ssl.SSLContext) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

SNIHostName (javax.net.ssl.SNIHostName)29 SNIServerName (javax.net.ssl.SNIServerName)17 SSLParameters (javax.net.ssl.SSLParameters)16 SSLSocket (javax.net.ssl.SSLSocket)10 ArrayList (java.util.ArrayList)8 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)8 X509Certificate (java.security.cert.X509Certificate)6 IOException (java.io.IOException)5 InetSocketAddress (java.net.InetSocketAddress)5 SSLContext (javax.net.ssl.SSLContext)4 SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 Certificate (java.security.cert.Certificate)3 SSLProtocolException (javax.net.ssl.SSLProtocolException)3 Matchers.containsString (org.hamcrest.Matchers.containsString)3 InputStream (java.io.InputStream)2 OutputStream (java.io.OutputStream)2 Socket (java.net.Socket)2 KeyManagementException (java.security.KeyManagementException)2 ExtendedSSLSession (javax.net.ssl.ExtendedSSLSession)2