use of javax.net.ssl.SNIHostName in project mongo-java-driver by mongodb.
the class TlsExplorer method exploreSNIExt.
/*
* struct { NameType name_type; select (name_type) { case host_name:
* HostName; } name; } ServerName;
*
* enum { host_name(0), (255) } NameType;
*
* opaque HostName<1..2^16-1>;
*
* struct { ServerName server_name_list<1..2^16-1> } ServerNameList;
*/
private static Map<Integer, SNIServerName> exploreSNIExt(ByteBuffer input, int extLen) throws SSLProtocolException {
Map<Integer, SNIServerName> sniMap = new HashMap<>();
int remains = extLen;
if (extLen >= 2) {
// "server_name" extension in ClientHello
// length of server_name_list
int listLen = getInt16(input);
if (listLen == 0 || listLen + 2 != extLen)
throw new SSLProtocolException("Invalid server name indication extension");
// 2: the length field of server_name_list
remains -= 2;
while (remains > 0) {
// name_type
int code = getInt8(input);
// length field of server name
int snLen = getInt16(input);
if (snLen > remains)
throw new SSLProtocolException("Not enough data to fill declared vector size");
byte[] encoded = new byte[snLen];
input.get(encoded);
SNIServerName serverName;
switch(code) {
case StandardConstants.SNI_HOST_NAME:
if (encoded.length == 0)
throw new SSLProtocolException("Empty HostName in server name indication");
serverName = new SNIHostName(encoded);
break;
default:
serverName = new UnknownServerName(code, encoded);
}
// check for duplicated server name type
if (sniMap.put(serverName.getType(), serverName) != null)
throw new SSLProtocolException("Duplicated server name of type " + serverName.getType());
// NameType: 1 byte; HostName;
remains -= encoded.length + 3;
// length: 2 bytesProduced
}
} else if (extLen == 0) {
// "server_name" extension in ServerHello
throw new SSLProtocolException("Not server name indication extension in client");
}
if (remains != 0)
throw new SSLProtocolException("Invalid server name indication extension");
return sniMap;
}
use of javax.net.ssl.SNIHostName in project mongo-java-driver by mongodb.
the class SslHelper method enableSni.
/**
* Enable SNI.
*
* @param host the server host
* @param sslParameters the SSL parameters
*/
public static void enableSni(final String host, final SSLParameters sslParameters) {
try {
SNIServerName sniHostName = new SNIHostName(host);
sslParameters.setServerNames(singletonList(sniHostName));
} catch (IllegalArgumentException e) {
// ignore because SNIHostName will throw this for some legit host names for connecting to MongoDB, e.g an IPV6 literal
}
}
use of javax.net.ssl.SNIHostName in project j2objc by google.
the class SSLSocketTest method test_SSLSocket_SNIHostName.
public void test_SSLSocket_SNIHostName() throws Exception {
TestSSLContext c = TestSSLContext.create();
final SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket();
SSLParameters clientParams = client.getSSLParameters();
clientParams.setServerNames(Collections.singletonList((SNIServerName) new SNIHostName("www.example.com")));
client.setSSLParameters(clientParams);
SSLParameters serverParams = c.serverSocket.getSSLParameters();
serverParams.setSNIMatchers(Collections.singletonList(SNIHostName.createSNIMatcher("www\\.example\\.com")));
c.serverSocket.setSSLParameters(serverParams);
client.connect(new InetSocketAddress(c.host, c.port));
final SSLSocket server = (SSLSocket) c.serverSocket.accept();
ExecutorService executor = Executors.newSingleThreadExecutor();
Future<Void> future = executor.submit(new Callable<Void>() {
@Override
public Void call() throws Exception {
client.startHandshake();
return null;
}
});
executor.shutdown();
server.startHandshake();
SSLSession serverSession = server.getSession();
assertTrue(serverSession instanceof ExtendedSSLSession);
ExtendedSSLSession extendedServerSession = (ExtendedSSLSession) serverSession;
List<SNIServerName> requestedNames = extendedServerSession.getRequestedServerNames();
assertNotNull(requestedNames);
assertEquals(1, requestedNames.size());
SNIServerName serverName = requestedNames.get(0);
assertEquals(StandardConstants.SNI_HOST_NAME, serverName.getType());
assertTrue(serverName instanceof SNIHostName);
SNIHostName serverHostName = (SNIHostName) serverName;
assertEquals("www.example.com", serverHostName.getAsciiName());
}
use of javax.net.ssl.SNIHostName in project hono by eclipse.
the class SniExtensionHelperTest method testGetRequestedHostNamesExtractsAllHostNames.
/**
* Verifies that all host names are extracted from a TLS session.
*/
@Test
public void testGetRequestedHostNamesExtractsAllHostNames() {
final ExtendedSSLSession session = mock(ExtendedSSLSession.class);
when(session.getRequestedServerNames()).thenReturn(List.of(new SNIHostName("tenant.hono.eclipse.org"), new UndefinedServerName(new byte[] { 0x01, 0x02, 0x03 }), new SNIHostName("bumlux.eclipse.org")));
final List<String> hostNames = SniExtensionHelper.getHostNames(session);
assertThat(hostNames).containsExactly("tenant.hono.eclipse.org", "bumlux.eclipse.org");
}
Aggregations