use of javax.net.ssl.SSLParameters in project jetty.project by eclipse.
the class SniSslConnectionFactoryTest method testSameConnectionRequestsForManyWildDomains.
@Test
public void testSameConnectionRequestsForManyWildDomains() throws Exception {
SslContextFactory clientContextFactory = new SslContextFactory(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
try (SSLSocket sslSocket = (SSLSocket) factory.createSocket("127.0.0.1", _port)) {
SNIHostName serverName = new SNIHostName("www.domain.com");
SSLParameters params = sslSocket.getSSLParameters();
params.setServerNames(Collections.singletonList(serverName));
sslSocket.setSSLParameters(params);
sslSocket.startHandshake();
String request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: www.domain.com\r\n" + "\r\n";
OutputStream output = sslSocket.getOutputStream();
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
InputStream input = sslSocket.getInputStream();
String response = response(input);
Assert.assertTrue(response.startsWith("HTTP/1.1 200 "));
// Now, on the same socket, send a request for a different valid domain.
request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: assets.domain.com\r\n" + "\r\n";
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
response = response(input);
Assert.assertTrue(response.startsWith("HTTP/1.1 200 "));
// Now make a request for an invalid domain for this connection.
request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: www.example.com\r\n" + "\r\n";
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
response = response(input);
Assert.assertTrue(response.startsWith("HTTP/1.1 400 "));
Assert.assertThat(response, Matchers.containsString("Host does not match SNI"));
} finally {
clientContextFactory.stop();
}
}
use of javax.net.ssl.SSLParameters in project jetty.project by eclipse.
the class SniSslConnectionFactoryTest method testSameConnectionRequestsForManyDomains.
@Test
public void testSameConnectionRequestsForManyDomains() throws Exception {
SslContextFactory clientContextFactory = new SslContextFactory(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
try (SSLSocket sslSocket = (SSLSocket) factory.createSocket("127.0.0.1", _port)) {
SNIHostName serverName = new SNIHostName("m.san.com");
SSLParameters params = sslSocket.getSSLParameters();
params.setServerNames(Collections.singletonList(serverName));
sslSocket.setSSLParameters(params);
sslSocket.startHandshake();
// The first request binds the socket to an alias.
String request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: m.san.com\r\n" + "\r\n";
OutputStream output = sslSocket.getOutputStream();
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
InputStream input = sslSocket.getInputStream();
String response = response(input);
Assert.assertTrue(response.startsWith("HTTP/1.1 200 "));
// Same socket, send a request for a different domain but same alias.
request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: www.san.com\r\n" + "\r\n";
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
response = response(input);
Assert.assertTrue(response.startsWith("HTTP/1.1 200 "));
// Same socket, send a request for a different domain but different alias.
request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: www.example.com\r\n" + "\r\n";
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
response = response(input);
assertThat(response, startsWith("HTTP/1.1 400 "));
assertThat(response, containsString("Host does not match SNI"));
} finally {
clientContextFactory.stop();
}
}
use of javax.net.ssl.SSLParameters in project jetty.project by eclipse.
the class JDK9ClientALPNProcessor method configure.
@Override
public void configure(SSLEngine sslEngine, List<String> protocols) {
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setApplicationProtocols(protocols.toArray(new String[0]));
sslEngine.setSSLParameters(sslParameters);
}
use of javax.net.ssl.SSLParameters in project mongo-java-driver by mongodb.
the class SocketStreamHelper method initialize.
static void initialize(final Socket socket, final ServerAddress address, final SocketSettings settings, final SslSettings sslSettings) throws IOException {
socket.setTcpNoDelay(true);
socket.setSoTimeout(settings.getReadTimeout(MILLISECONDS));
socket.setKeepAlive(settings.isKeepAlive());
if (settings.getReceiveBufferSize() > 0) {
socket.setReceiveBufferSize(settings.getReceiveBufferSize());
}
if (settings.getSendBufferSize() > 0) {
socket.setSendBufferSize(settings.getSendBufferSize());
}
if (sslSettings.isEnabled() || socket instanceof SSLSocket) {
if (!(socket instanceof SSLSocket)) {
throw new MongoInternalException("SSL is enabled but the socket is not an instance of javax.net.ssl.SSLSocket");
}
SSLSocket sslSocket = (SSLSocket) socket;
SSLParameters sslParameters = sslSocket.getSSLParameters();
enableSni(address, sslParameters);
if (!sslSettings.isInvalidHostNameAllowed()) {
enableHostNameVerification(sslParameters);
}
sslSocket.setSSLParameters(sslParameters);
}
socket.connect(address.getSocketAddress(), settings.getConnectTimeout(MILLISECONDS));
}
use of javax.net.ssl.SSLParameters in project kafka by apache.
the class SslFactory method createSslEngine.
public SSLEngine createSslEngine(String peerHost, int peerPort) {
SSLEngine sslEngine = sslContext.createSSLEngine(peerHost, peerPort);
if (cipherSuites != null)
sslEngine.setEnabledCipherSuites(cipherSuites);
if (enabledProtocols != null)
sslEngine.setEnabledProtocols(enabledProtocols);
if (mode == Mode.SERVER) {
sslEngine.setUseClientMode(false);
if (needClientAuth)
sslEngine.setNeedClientAuth(needClientAuth);
else
sslEngine.setWantClientAuth(wantClientAuth);
} else {
sslEngine.setUseClientMode(true);
SSLParameters sslParams = sslEngine.getSSLParameters();
sslParams.setEndpointIdentificationAlgorithm(endpointIdentification);
sslEngine.setSSLParameters(sslParams);
}
return sslEngine;
}
Aggregations