Search in sources :

Example 26 with SNIHostName

use of javax.net.ssl.SNIHostName in project mongo-java-driver by mongodb.

the class TlsExplorer method exploreSNIExt.

/*
   * struct { NameType name_type; select (name_type) { case host_name:
   * HostName; } name; } ServerName;
   *
   * enum { host_name(0), (255) } NameType;
   *
   * opaque HostName<1..2^16-1>;
   *
   * struct { ServerName server_name_list<1..2^16-1> } ServerNameList;
   */
private static Map<Integer, SNIServerName> exploreSNIExt(ByteBuffer input, int extLen) throws SSLProtocolException {
    Map<Integer, SNIServerName> sniMap = new HashMap<>();
    int remains = extLen;
    if (extLen >= 2) {
        // "server_name" extension in ClientHello
        // length of server_name_list
        int listLen = getInt16(input);
        if (listLen == 0 || listLen + 2 != extLen)
            throw new SSLProtocolException("Invalid server name indication extension");
        // 2: the length field of server_name_list
        remains -= 2;
        while (remains > 0) {
            // name_type
            int code = getInt8(input);
            // length field of server name
            int snLen = getInt16(input);
            if (snLen > remains)
                throw new SSLProtocolException("Not enough data to fill declared vector size");
            byte[] encoded = new byte[snLen];
            input.get(encoded);
            SNIServerName serverName;
            switch(code) {
                case StandardConstants.SNI_HOST_NAME:
                    if (encoded.length == 0)
                        throw new SSLProtocolException("Empty HostName in server name indication");
                    serverName = new SNIHostName(encoded);
                    break;
                default:
                    serverName = new UnknownServerName(code, encoded);
            }
            // check for duplicated server name type
            if (sniMap.put(serverName.getType(), serverName) != null)
                throw new SSLProtocolException("Duplicated server name of type " + serverName.getType());
            // NameType: 1 byte; HostName;
            remains -= encoded.length + 3;
        // length: 2 bytesProduced
        }
    } else if (extLen == 0) {
        // "server_name" extension in ServerHello
        throw new SSLProtocolException("Not server name indication extension in client");
    }
    if (remains != 0)
        throw new SSLProtocolException("Invalid server name indication extension");
    return sniMap;
}
Also used : SNIServerName(javax.net.ssl.SNIServerName) SSLProtocolException(javax.net.ssl.SSLProtocolException) HashMap(java.util.HashMap) SNIHostName(javax.net.ssl.SNIHostName)

Example 27 with SNIHostName

use of javax.net.ssl.SNIHostName in project mongo-java-driver by mongodb.

the class SslHelper method enableSni.

/**
 * Enable SNI.
 *
 * @param host          the server host
 * @param sslParameters the SSL parameters
 */
public static void enableSni(final String host, final SSLParameters sslParameters) {
    try {
        SNIServerName sniHostName = new SNIHostName(host);
        sslParameters.setServerNames(singletonList(sniHostName));
    } catch (IllegalArgumentException e) {
    // ignore because SNIHostName will throw this for some legit host names for connecting to MongoDB, e.g an IPV6 literal
    }
}
Also used : SNIServerName(javax.net.ssl.SNIServerName) SNIHostName(javax.net.ssl.SNIHostName)

Example 28 with SNIHostName

use of javax.net.ssl.SNIHostName in project j2objc by google.

the class SSLSocketTest method test_SSLSocket_SNIHostName.

public void test_SSLSocket_SNIHostName() throws Exception {
    TestSSLContext c = TestSSLContext.create();
    final SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket();
    SSLParameters clientParams = client.getSSLParameters();
    clientParams.setServerNames(Collections.singletonList((SNIServerName) new SNIHostName("www.example.com")));
    client.setSSLParameters(clientParams);
    SSLParameters serverParams = c.serverSocket.getSSLParameters();
    serverParams.setSNIMatchers(Collections.singletonList(SNIHostName.createSNIMatcher("www\\.example\\.com")));
    c.serverSocket.setSSLParameters(serverParams);
    client.connect(new InetSocketAddress(c.host, c.port));
    final SSLSocket server = (SSLSocket) c.serverSocket.accept();
    ExecutorService executor = Executors.newSingleThreadExecutor();
    Future<Void> future = executor.submit(new Callable<Void>() {

        @Override
        public Void call() throws Exception {
            client.startHandshake();
            return null;
        }
    });
    executor.shutdown();
    server.startHandshake();
    SSLSession serverSession = server.getSession();
    assertTrue(serverSession instanceof ExtendedSSLSession);
    ExtendedSSLSession extendedServerSession = (ExtendedSSLSession) serverSession;
    List<SNIServerName> requestedNames = extendedServerSession.getRequestedServerNames();
    assertNotNull(requestedNames);
    assertEquals(1, requestedNames.size());
    SNIServerName serverName = requestedNames.get(0);
    assertEquals(StandardConstants.SNI_HOST_NAME, serverName.getType());
    assertTrue(serverName instanceof SNIHostName);
    SNIHostName serverHostName = (SNIHostName) serverName;
    assertEquals("www.example.com", serverHostName.getAsciiName());
}
Also used : InetSocketAddress(java.net.InetSocketAddress) SSLSocket(javax.net.ssl.SSLSocket) ExtendedSSLSession(javax.net.ssl.ExtendedSSLSession) ExtendedSSLSession(javax.net.ssl.ExtendedSSLSession) SSLSession(javax.net.ssl.SSLSession) SSLProtocolException(javax.net.ssl.SSLProtocolException) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) KeyManagementException(java.security.KeyManagementException) EOFException(java.io.EOFException) SSLException(javax.net.ssl.SSLException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SocketException(java.net.SocketException) SocketTimeoutException(java.net.SocketTimeoutException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException) SNIServerName(javax.net.ssl.SNIServerName) SSLParameters(javax.net.ssl.SSLParameters) SNIHostName(javax.net.ssl.SNIHostName) ExecutorService(java.util.concurrent.ExecutorService)

Example 29 with SNIHostName

use of javax.net.ssl.SNIHostName in project hono by eclipse.

the class SniExtensionHelperTest method testGetRequestedHostNamesExtractsAllHostNames.

/**
 * Verifies that all host names are extracted from a TLS session.
 */
@Test
public void testGetRequestedHostNamesExtractsAllHostNames() {
    final ExtendedSSLSession session = mock(ExtendedSSLSession.class);
    when(session.getRequestedServerNames()).thenReturn(List.of(new SNIHostName("tenant.hono.eclipse.org"), new UndefinedServerName(new byte[] { 0x01, 0x02, 0x03 }), new SNIHostName("bumlux.eclipse.org")));
    final List<String> hostNames = SniExtensionHelper.getHostNames(session);
    assertThat(hostNames).containsExactly("tenant.hono.eclipse.org", "bumlux.eclipse.org");
}
Also used : SNIHostName(javax.net.ssl.SNIHostName) ExtendedSSLSession(javax.net.ssl.ExtendedSSLSession) Test(org.junit.jupiter.api.Test)

Aggregations

SNIHostName (javax.net.ssl.SNIHostName)29 SNIServerName (javax.net.ssl.SNIServerName)17 SSLParameters (javax.net.ssl.SSLParameters)16 SSLSocket (javax.net.ssl.SSLSocket)10 ArrayList (java.util.ArrayList)8 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)8 X509Certificate (java.security.cert.X509Certificate)6 IOException (java.io.IOException)5 InetSocketAddress (java.net.InetSocketAddress)5 SSLContext (javax.net.ssl.SSLContext)4 SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 Certificate (java.security.cert.Certificate)3 SSLProtocolException (javax.net.ssl.SSLProtocolException)3 Matchers.containsString (org.hamcrest.Matchers.containsString)3 InputStream (java.io.InputStream)2 OutputStream (java.io.OutputStream)2 Socket (java.net.Socket)2 KeyManagementException (java.security.KeyManagementException)2 ExtendedSSLSession (javax.net.ssl.ExtendedSSLSession)2