Example 26 with SSLContext
use of javax.net.ssl.SSLContext in project jetty.project by eclipse.
the class ALPNNegotiationTest method testClientAdvertisingHTTPServerSpeaksHTTP.
@Test
public void testClientAdvertisingHTTPServerSpeaksHTTP() throws Exception {
InetSocketAddress address = prepare();
SslContextFactory sslContextFactory = newSslContextFactory();
sslContextFactory.start();
SSLContext sslContext = sslContextFactory.getSslContext();
try (SSLSocket client = (SSLSocket) sslContext.getSocketFactory().createSocket(address.getAddress(), address.getPort())) {
client.setUseClientMode(true);
client.setSoTimeout(5000);
ALPN.put(client, new ALPN.ClientProvider() {
@Override
public void unsupported() {
}
@Override
public List<String> protocols() {
return Arrays.asList("http/1.1");
}
@Override
public void selected(String protocol) {
Assert.assertEquals("http/1.1", protocol);
}
});
client.startHandshake();
// Verify that the server really speaks http/1.1
OutputStream output = client.getOutputStream();
output.write(("" + "GET / HTTP/1.1\r\n" + "Host: localhost:" + address.getPort() + "\r\n" + "\r\n" + "").getBytes(StandardCharsets.UTF_8));
output.flush();
InputStream input = client.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(input, StandardCharsets.UTF_8));
String line = reader.readLine();
Assert.assertTrue(line.contains(" 404 "));
}
}
Also used :
InputStreamReader(java.io.InputStreamReader)
InetSocketAddress(java.net.InetSocketAddress)
InputStream(java.io.InputStream)
SSLSocket(javax.net.ssl.SSLSocket)
OutputStream(java.io.OutputStream)
SSLContext(javax.net.ssl.SSLContext)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
ALPN(org.eclipse.jetty.alpn.ALPN)
BufferedReader(java.io.BufferedReader)
List(java.util.List)
Test(org.junit.Test)
Example 27 with SSLContext
use of javax.net.ssl.SSLContext in project jetty.project by eclipse.
the class ConnectHandlerSSLTest method wrapSocket.
private SSLSocket wrapSocket(Socket socket) throws Exception {
SSLContext sslContext = sslContextFactory.getSslContext();
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
SSLSocket sslSocket = (SSLSocket) socketFactory.createSocket(socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true);
sslSocket.setUseClientMode(true);
sslSocket.startHandshake();
return sslSocket;
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
SSLContext(javax.net.ssl.SSLContext)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
Example 28 with SSLContext
use of javax.net.ssl.SSLContext in project jetty.project by eclipse.
the class SslContextFactoryReloadTest method testReloadWhileServing.
@Test
public void testReloadWhileServing() throws Exception {
start(new EchoHandler());
Scheduler scheduler = new ScheduledExecutorScheduler();
scheduler.start();
try {
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
ctx.init(null, SslContextFactory.TRUST_ALL_CERTS, null);
SSLSocketFactory socketFactory = ctx.getSocketFactory();
// Perform 4 reloads while connections are being served.
AtomicInteger reloads = new AtomicInteger(4);
long reloadPeriod = 500;
AtomicBoolean running = new AtomicBoolean(true);
scheduler.schedule(new Runnable() {
@Override
public void run() {
if (reloads.decrementAndGet() == 0) {
running.set(false);
} else {
try {
sslContextFactory.reload(sslContextFactory -> {
if (sslContextFactory.getKeyStorePath().endsWith(KEYSTORE_1))
sslContextFactory.setKeyStorePath(KEYSTORE_2);
else
sslContextFactory.setKeyStorePath(KEYSTORE_1);
});
scheduler.schedule(this, reloadPeriod, TimeUnit.MILLISECONDS);
} catch (Exception x) {
running.set(false);
reloads.set(-1);
}
}
}
}, reloadPeriod, TimeUnit.MILLISECONDS);
byte[] content = new byte[16 * 1024];
while (running.get()) {
try (SSLSocket client = (SSLSocket) socketFactory.createSocket("localhost", connector.getLocalPort())) {
// We need to invalidate the session every time we open a new SSLSocket.
// This is because when the client uses session resumption, it caches
// the server certificates and then checks that it is the same during
// a new TLS handshake. If the SslContextFactory is reloaded during the
// TLS handshake, the client will see the new certificate and blow up.
// Note that browsers can handle this case better: they will just not
// use session resumption and fallback to the normal TLS handshake.
client.getSession().invalidate();
String request1 = "" + "POST / HTTP/1.1\r\n" + "Host: localhost\r\n" + "Content-Length: " + content.length + "\r\n" + "\r\n";
OutputStream outputStream = client.getOutputStream();
outputStream.write(request1.getBytes(StandardCharsets.UTF_8));
outputStream.write(content);
outputStream.flush();
InputStream inputStream = client.getInputStream();
HttpTester.Response response1 = HttpTester.parseResponse(HttpTester.from(inputStream));
Assert.assertNotNull(response1);
Assert.assertThat(response1.getStatus(), Matchers.equalTo(HttpStatus.OK_200));
String request2 = "" + "GET / HTTP/1.1\r\n" + "Host: localhost\r\n" + "Connection: close\r\n" + "\r\n";
outputStream.write(request2.getBytes(StandardCharsets.UTF_8));
outputStream.flush();
HttpTester.Response response2 = HttpTester.parseResponse(HttpTester.from(inputStream));
Assert.assertNotNull(response2);
Assert.assertThat(response2.getStatus(), Matchers.equalTo(HttpStatus.OK_200));
}
}
Assert.assertEquals(0, reloads.get());
} finally {
scheduler.stop();
}
}
Also used :
Request(org.eclipse.jetty.server.Request)
HttpTester(org.eclipse.jetty.http.HttpTester)
Handler(org.eclipse.jetty.server.Handler)
HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory)
SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)
SSLContext(javax.net.ssl.SSLContext)
ServletException(javax.servlet.ServletException)
AbstractHandler(org.eclipse.jetty.server.handler.AbstractHandler)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
HttpVersion(org.eclipse.jetty.http.HttpVersion)
Scheduler(org.eclipse.jetty.util.thread.Scheduler)
SSLSocket(javax.net.ssl.SSLSocket)
AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)
SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
After(org.junit.After)
HttpStatus(org.eclipse.jetty.http.HttpStatus)
Server(org.eclipse.jetty.server.Server)
OutputStream(java.io.OutputStream)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ScheduledExecutorScheduler(org.eclipse.jetty.util.thread.ScheduledExecutorScheduler)
Matchers(org.hamcrest.Matchers)
IOException(java.io.IOException)
Test(org.junit.Test)
IO(org.eclipse.jetty.util.IO)
StandardCharsets(java.nio.charset.StandardCharsets)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
TimeUnit(java.util.concurrent.TimeUnit)
HttpMethod(org.eclipse.jetty.http.HttpMethod)
ServerConnector(org.eclipse.jetty.server.ServerConnector)
Assert(org.junit.Assert)
InputStream(java.io.InputStream)
Scheduler(org.eclipse.jetty.util.thread.Scheduler)
ScheduledExecutorScheduler(org.eclipse.jetty.util.thread.ScheduledExecutorScheduler)
InputStream(java.io.InputStream)
SSLSocket(javax.net.ssl.SSLSocket)
OutputStream(java.io.OutputStream)
ScheduledExecutorScheduler(org.eclipse.jetty.util.thread.ScheduledExecutorScheduler)
SSLContext(javax.net.ssl.SSLContext)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
HttpTester(org.eclipse.jetty.http.HttpTester)
AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
Test(org.junit.Test)
Example 29 with SSLContext
use of javax.net.ssl.SSLContext in project jetty.project by eclipse.
the class SslContextFactoryReloadTest method testReload.
@Test
public void testReload() throws Exception {
start(new EchoHandler());
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
ctx.init(null, SslContextFactory.TRUST_ALL_CERTS, null);
SSLSocketFactory socketFactory = ctx.getSocketFactory();
try (SSLSocket client1 = (SSLSocket) socketFactory.createSocket("localhost", connector.getLocalPort())) {
String serverDN1 = client1.getSession().getPeerPrincipal().getName();
Assert.assertThat(serverDN1, Matchers.startsWith("CN=localhost1"));
String request = "" + "GET / HTTP/1.1\r\n" + "Host: localhost\r\n" + "\r\n";
OutputStream output1 = client1.getOutputStream();
output1.write(request.getBytes(StandardCharsets.UTF_8));
output1.flush();
HttpTester.Response response1 = HttpTester.parseResponse(HttpTester.from(client1.getInputStream()));
Assert.assertNotNull(response1);
Assert.assertThat(response1.getStatus(), Matchers.equalTo(HttpStatus.OK_200));
// Reconfigure SslContextFactory.
sslContextFactory.reload(sslContextFactory -> {
sslContextFactory.setKeyStorePath(KEYSTORE_2);
sslContextFactory.setKeyStorePassword("storepwd");
});
// New connection should use the new keystore.
try (SSLSocket client2 = (SSLSocket) socketFactory.createSocket("localhost", connector.getLocalPort())) {
String serverDN2 = client2.getSession().getPeerPrincipal().getName();
Assert.assertThat(serverDN2, Matchers.startsWith("CN=localhost2"));
OutputStream output2 = client1.getOutputStream();
output2.write(request.getBytes(StandardCharsets.UTF_8));
output2.flush();
HttpTester.Response response2 = HttpTester.parseResponse(HttpTester.from(client1.getInputStream()));
Assert.assertNotNull(response2);
Assert.assertThat(response2.getStatus(), Matchers.equalTo(HttpStatus.OK_200));
}
// Must still be possible to make requests with the first connection.
output1.write(request.getBytes(StandardCharsets.UTF_8));
output1.flush();
response1 = HttpTester.parseResponse(HttpTester.from(client1.getInputStream()));
Assert.assertNotNull(response1);
Assert.assertThat(response1.getStatus(), Matchers.equalTo(HttpStatus.OK_200));
}
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
OutputStream(java.io.OutputStream)
SSLContext(javax.net.ssl.SSLContext)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
HttpTester(org.eclipse.jetty.http.HttpTester)
Test(org.junit.Test)
Example 30 with SSLContext
use of javax.net.ssl.SSLContext in project jetty.project by eclipse.
the class SslUploadTest method test.
@Test
@Ignore
public void test() throws Exception {
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
SslContextFactory ctx = connector.getConnectionFactory(SslConnectionFactory.class).getSslContextFactory();
try (InputStream stream = new FileInputStream(ctx.getKeyStorePath())) {
keystore.load(stream, "storepwd".toCharArray());
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystore);
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
final SSLSocket socket = (SSLSocket) sslContext.getSocketFactory().createSocket("localhost", connector.getLocalPort());
// Simulate async close
/*
new Thread()
{
@Override
public void run()
{
try
{
sleep(100);
socket.close();
}
catch (IOException x)
{
x.printStackTrace();
}
catch (InterruptedException x)
{
Thread.currentThread().interrupt();
}
}
}.start();
*/
long start = System.nanoTime();
OutputStream out = socket.getOutputStream();
out.write("POST / HTTP/1.1\r\n".getBytes());
out.write("Host: localhost\r\n".getBytes());
out.write("Content-Length: 16777216\r\n".getBytes());
out.write("Content-Type: bytes\r\n".getBytes());
out.write("Connection: close\r\n".getBytes());
out.write("\r\n".getBytes());
out.flush();
byte[] requestContent = new byte[16777216];
Arrays.fill(requestContent, (byte) 120);
out.write(requestContent);
out.flush();
InputStream in = socket.getInputStream();
String response = IO.toString(in);
assertTrue(response.indexOf("200") > 0);
// System.err.println(response);
// long end = System.nanoTime();
// System.out.println("upload time: " + TimeUnit.NANOSECONDS.toMillis(end - start));
assertEquals(requestContent.length, total);
}
Also used :
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
SSLSocket(javax.net.ssl.SSLSocket)
OutputStream(java.io.OutputStream)
SSLContext(javax.net.ssl.SSLContext)
SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
Ignore(org.junit.Ignore)
Test(org.junit.Test)
Aggregations
SSLContext (javax.net.ssl.SSLContext)660
IOException (java.io.IOException)136
TrustManager (javax.net.ssl.TrustManager)116
KeyStore (java.security.KeyStore)112
SecureRandom (java.security.SecureRandom)97
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)96
X509TrustManager (javax.net.ssl.X509TrustManager)87
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)83
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)81
KeyManagementException (java.security.KeyManagementException)73
X509Certificate (java.security.cert.X509Certificate)68
CertificateException (java.security.cert.CertificateException)66
Test (org.junit.Test)61
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)60
SSLSocket (javax.net.ssl.SSLSocket)59
SSLEngine (javax.net.ssl.SSLEngine)51
FileInputStream (java.io.FileInputStream)48
InputStream (java.io.InputStream)48
KeyManager (javax.net.ssl.KeyManager)43
GeneralSecurityException (java.security.GeneralSecurityException)41
