Search in sources :

Example 56 with SSLParameters

use of javax.net.ssl.SSLParameters in project jodd by oblac.

the class SocketHttpConnectionProvider method createSSLSocket.

/**
	 * Creates a SSL socket. Enables default secure enabled protocols if specified.
	 */
protected SSLSocket createSSLSocket(String host, int port, int connectionTimeout, boolean trustAll, boolean verifyHttpsHost) throws IOException {
    SocketFactory socketFactory = getSocketFactory(proxy, true, trustAll);
    Socket socket;
    if (connectionTimeout < 0) {
        socket = socketFactory.createSocket(host, port);
    } else {
        // creates unconnected socket
        // unfortunately, this does not work always
        //			sslSocket = (SSLSocket) socketFactory.createSocket();
        //			sslSocket.connect(new InetSocketAddress(host, port), connectionTimeout);
        //
        // Note: SSLSocketFactory has several create() methods.
        // Those that take arguments all connect immediately
        // and have no options for specifying a connection timeout.
        //
        // So, we have to create a socket and connect it (with a
        // connection timeout), then have the SSLSocketFactory wrap
        // the already-connected socket.
        //
        socket = new Socket();
        //sock.setSoTimeout(readTimeout);
        socket.connect(new InetSocketAddress(host, port), connectionTimeout);
    // continue to wrap this plain socket with ssl socket...
    }
    // wrap plain socket in an SSL socket
    SSLSocket sslSocket;
    if (socket instanceof SSLSocket) {
        sslSocket = (SSLSocket) socket;
    } else {
        if (socketFactory instanceof SSLSocketFactory) {
            sslSocket = (SSLSocket) ((SSLSocketFactory) socketFactory).createSocket(socket, host, port, true);
        } else {
            sslSocket = (SSLSocket) (getDefaultSSLSocketFactory(trustAll)).createSocket(socket, host, port, true);
        }
    }
    // sslSocket is now ready
    String enabledProtocols = JoddHttp.defaultSecureEnabledProtocols;
    if (enabledProtocols != null) {
        String[] values = StringUtil.splitc(enabledProtocols, ',');
        StringUtil.trimAll(values);
        sslSocket.setEnabledProtocols(values);
    }
    if (verifyHttpsHost) {
        SSLParameters sslParams = new SSLParameters();
        sslParams.setEndpointIdentificationAlgorithm("HTTPS");
        sslSocket.setSSLParameters(sslParams);
    }
    return sslSocket;
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) SocketFactory(javax.net.SocketFactory) InetSocketAddress(java.net.InetSocketAddress) SSLSocket(javax.net.ssl.SSLSocket) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) Socket(java.net.Socket) SSLSocket(javax.net.ssl.SSLSocket)

Example 57 with SSLParameters

use of javax.net.ssl.SSLParameters in project mongo-java-driver by mongodb.

the class NettyStream method openAsync.

@Override
public void openAsync(final AsyncCompletionHandler<Void> handler) {
    Bootstrap bootstrap = new Bootstrap();
    bootstrap.group(workerGroup);
    bootstrap.channel(socketChannelClass);
    bootstrap.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, settings.getConnectTimeout(MILLISECONDS));
    bootstrap.option(ChannelOption.TCP_NODELAY, true);
    bootstrap.option(ChannelOption.SO_KEEPALIVE, settings.isKeepAlive());
    if (settings.getReceiveBufferSize() > 0) {
        bootstrap.option(ChannelOption.SO_RCVBUF, settings.getReceiveBufferSize());
    }
    if (settings.getSendBufferSize() > 0) {
        bootstrap.option(ChannelOption.SO_SNDBUF, settings.getSendBufferSize());
    }
    bootstrap.option(ChannelOption.ALLOCATOR, allocator);
    bootstrap.handler(new ChannelInitializer<SocketChannel>() {

        @Override
        public void initChannel(final SocketChannel ch) throws Exception {
            if (sslSettings.isEnabled()) {
                SSLEngine engine = SSLContext.getDefault().createSSLEngine(address.getHost(), address.getPort());
                engine.setUseClientMode(true);
                SSLParameters sslParameters = engine.getSSLParameters();
                enableSni(address, sslParameters);
                if (!sslSettings.isInvalidHostNameAllowed()) {
                    enableHostNameVerification(sslParameters);
                }
                engine.setSSLParameters(sslParameters);
                ch.pipeline().addFirst("ssl", new SslHandler(engine, false));
            }
            int readTimeout = settings.getReadTimeout(MILLISECONDS);
            if (readTimeout > 0) {
                ch.pipeline().addLast(READ_HANDLER_NAME, new ReadTimeoutHandler(readTimeout));
            }
            ch.pipeline().addLast(new InboundBufferHandler());
        }
    });
    final ChannelFuture channelFuture = bootstrap.connect(address.getHost(), address.getPort());
    channelFuture.addListener(new ChannelFutureListener() {

        @Override
        public void operationComplete(final ChannelFuture future) throws Exception {
            if (future.isSuccess()) {
                channel = channelFuture.channel();
                channel.closeFuture().addListener(new ChannelFutureListener() {

                    @Override
                    public void operationComplete(final ChannelFuture f2) throws Exception {
                        handleReadResponse(null, new IOException("The connection to the server was closed"));
                    }
                });
                handler.completed(null);
            } else {
                handler.failed(new MongoSocketOpenException("Exception opening socket", getAddress(), future.cause()));
            }
        }
    });
}
Also used : ChannelFuture(io.netty.channel.ChannelFuture) SocketChannel(io.netty.channel.socket.SocketChannel) SSLEngine(javax.net.ssl.SSLEngine) IOException(java.io.IOException) ChannelFutureListener(io.netty.channel.ChannelFutureListener) MongoInternalException(com.mongodb.MongoInternalException) MongoSocketOpenException(com.mongodb.MongoSocketOpenException) ReadTimeoutException(io.netty.handler.timeout.ReadTimeoutException) MongoInterruptedException(com.mongodb.MongoInterruptedException) MongoException(com.mongodb.MongoException) IOException(java.io.IOException) MongoSocketReadTimeoutException(com.mongodb.MongoSocketReadTimeoutException) SslHandler(io.netty.handler.ssl.SslHandler) MongoSocketOpenException(com.mongodb.MongoSocketOpenException) SSLParameters(javax.net.ssl.SSLParameters) Bootstrap(io.netty.bootstrap.Bootstrap)

Example 58 with SSLParameters

use of javax.net.ssl.SSLParameters in project netty by netty.

the class OpenSslEngineTest method testSNIMatchersThrows.

@Test(expected = IllegalArgumentException.class)
public void testSNIMatchersThrows() throws Exception {
    assumeTrue(PlatformDependent.javaVersion() >= 8);
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).build();
    SSLEngine engine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    try {
        SSLParameters parameters = new SSLParameters();
        Java8SslUtils.setSNIMatcher(parameters);
        engine.setSSLParameters(parameters);
    } finally {
        cleanupServerSslEngine(engine);
        ssc.delete();
    }
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) SSLParameters(javax.net.ssl.SSLParameters) SSLEngine(javax.net.ssl.SSLEngine) Test(org.junit.Test)

Example 59 with SSLParameters

use of javax.net.ssl.SSLParameters in project netty by netty.

the class OpenSslEngineTest method testAlgorithmConstraintsThrows.

@Test(expected = IllegalArgumentException.class)
public void testAlgorithmConstraintsThrows() throws Exception {
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).build();
    SSLEngine engine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    try {
        SSLParameters parameters = new SSLParameters();
        parameters.setAlgorithmConstraints(new AlgorithmConstraints() {

            @Override
            public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, AlgorithmParameters parameters) {
                return false;
            }

            @Override
            public boolean permits(Set<CryptoPrimitive> primitives, Key key) {
                return false;
            }

            @Override
            public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters) {
                return false;
            }
        });
        engine.setSSLParameters(parameters);
    } finally {
        cleanupServerSslEngine(engine);
        ssc.delete();
    }
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) CryptoPrimitive(java.security.CryptoPrimitive) SSLParameters(javax.net.ssl.SSLParameters) SSLEngine(javax.net.ssl.SSLEngine) Key(java.security.Key) AlgorithmConstraints(java.security.AlgorithmConstraints) AlgorithmParameters(java.security.AlgorithmParameters) Test(org.junit.Test)

Example 60 with SSLParameters

use of javax.net.ssl.SSLParameters in project jedis by xetorthio.

the class SSLJedisTest method connectWithShardInfoAndCustomSocketFactory.

/**
   * Tests opening an SSL/TLS connection to redis with a custom socket factory.
   */
@Test
public void connectWithShardInfoAndCustomSocketFactory() throws Exception {
    final URI uri = URI.create("rediss://localhost:6390");
    final SSLSocketFactory sslSocketFactory = createTrustStoreSslSocketFactory();
    final SSLParameters sslParameters = new SSLParameters();
    HostnameVerifier hostnameVerifier = new BasicHostnameVerifier();
    JedisShardInfo shardInfo = new JedisShardInfo(uri, sslSocketFactory, sslParameters, hostnameVerifier);
    shardInfo.setPassword("foobared");
    Jedis jedis = new Jedis(shardInfo);
    jedis.get("foo");
    jedis.disconnect();
    jedis.close();
}
Also used : Jedis(redis.clients.jedis.Jedis) SSLParameters(javax.net.ssl.SSLParameters) JedisShardInfo(redis.clients.jedis.JedisShardInfo) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) URI(java.net.URI) HostnameVerifier(javax.net.ssl.HostnameVerifier) Test(org.junit.Test)

Aggregations

SSLParameters (javax.net.ssl.SSLParameters)71 SSLSocket (javax.net.ssl.SSLSocket)16 Test (org.testng.annotations.Test)16 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)14 SSLContext (javax.net.ssl.SSLContext)13 SSLEngine (javax.net.ssl.SSLEngine)10 Test (org.junit.Test)10 ByteString (com.linkedin.data.ByteString)9 AsciiString (io.netty.util.AsciiString)9 InetSocketAddress (java.net.InetSocketAddress)6 SNIHostName (javax.net.ssl.SNIHostName)6 ArrayList (java.util.ArrayList)5 SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)5 IOException (java.io.IOException)4 URI (java.net.URI)4 X509Certificate (java.security.cert.X509Certificate)4 Jedis (redis.clients.jedis.Jedis)4 JedisShardInfo (redis.clients.jedis.JedisShardInfo)4 FutureCallback (com.linkedin.common.callback.FutureCallback)3 HttpsConfigurator (com.sun.net.httpserver.HttpsConfigurator)3