use of javax.net.ssl.SSLParameters in project jodd by oblac.
the class SocketHttpConnectionProvider method createSSLSocket.
/**
* Creates a SSL socket. Enables default secure enabled protocols if specified.
*/
protected SSLSocket createSSLSocket(String host, int port, int connectionTimeout, boolean trustAll, boolean verifyHttpsHost) throws IOException {
SocketFactory socketFactory = getSocketFactory(proxy, true, trustAll);
Socket socket;
if (connectionTimeout < 0) {
socket = socketFactory.createSocket(host, port);
} else {
// creates unconnected socket
// unfortunately, this does not work always
// sslSocket = (SSLSocket) socketFactory.createSocket();
// sslSocket.connect(new InetSocketAddress(host, port), connectionTimeout);
//
// Note: SSLSocketFactory has several create() methods.
// Those that take arguments all connect immediately
// and have no options for specifying a connection timeout.
//
// So, we have to create a socket and connect it (with a
// connection timeout), then have the SSLSocketFactory wrap
// the already-connected socket.
//
socket = new Socket();
//sock.setSoTimeout(readTimeout);
socket.connect(new InetSocketAddress(host, port), connectionTimeout);
// continue to wrap this plain socket with ssl socket...
}
// wrap plain socket in an SSL socket
SSLSocket sslSocket;
if (socket instanceof SSLSocket) {
sslSocket = (SSLSocket) socket;
} else {
if (socketFactory instanceof SSLSocketFactory) {
sslSocket = (SSLSocket) ((SSLSocketFactory) socketFactory).createSocket(socket, host, port, true);
} else {
sslSocket = (SSLSocket) (getDefaultSSLSocketFactory(trustAll)).createSocket(socket, host, port, true);
}
}
// sslSocket is now ready
String enabledProtocols = JoddHttp.defaultSecureEnabledProtocols;
if (enabledProtocols != null) {
String[] values = StringUtil.splitc(enabledProtocols, ',');
StringUtil.trimAll(values);
sslSocket.setEnabledProtocols(values);
}
if (verifyHttpsHost) {
SSLParameters sslParams = new SSLParameters();
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
sslSocket.setSSLParameters(sslParams);
}
return sslSocket;
}
use of javax.net.ssl.SSLParameters in project mongo-java-driver by mongodb.
the class NettyStream method openAsync.
@Override
public void openAsync(final AsyncCompletionHandler<Void> handler) {
Bootstrap bootstrap = new Bootstrap();
bootstrap.group(workerGroup);
bootstrap.channel(socketChannelClass);
bootstrap.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, settings.getConnectTimeout(MILLISECONDS));
bootstrap.option(ChannelOption.TCP_NODELAY, true);
bootstrap.option(ChannelOption.SO_KEEPALIVE, settings.isKeepAlive());
if (settings.getReceiveBufferSize() > 0) {
bootstrap.option(ChannelOption.SO_RCVBUF, settings.getReceiveBufferSize());
}
if (settings.getSendBufferSize() > 0) {
bootstrap.option(ChannelOption.SO_SNDBUF, settings.getSendBufferSize());
}
bootstrap.option(ChannelOption.ALLOCATOR, allocator);
bootstrap.handler(new ChannelInitializer<SocketChannel>() {
@Override
public void initChannel(final SocketChannel ch) throws Exception {
if (sslSettings.isEnabled()) {
SSLEngine engine = SSLContext.getDefault().createSSLEngine(address.getHost(), address.getPort());
engine.setUseClientMode(true);
SSLParameters sslParameters = engine.getSSLParameters();
enableSni(address, sslParameters);
if (!sslSettings.isInvalidHostNameAllowed()) {
enableHostNameVerification(sslParameters);
}
engine.setSSLParameters(sslParameters);
ch.pipeline().addFirst("ssl", new SslHandler(engine, false));
}
int readTimeout = settings.getReadTimeout(MILLISECONDS);
if (readTimeout > 0) {
ch.pipeline().addLast(READ_HANDLER_NAME, new ReadTimeoutHandler(readTimeout));
}
ch.pipeline().addLast(new InboundBufferHandler());
}
});
final ChannelFuture channelFuture = bootstrap.connect(address.getHost(), address.getPort());
channelFuture.addListener(new ChannelFutureListener() {
@Override
public void operationComplete(final ChannelFuture future) throws Exception {
if (future.isSuccess()) {
channel = channelFuture.channel();
channel.closeFuture().addListener(new ChannelFutureListener() {
@Override
public void operationComplete(final ChannelFuture f2) throws Exception {
handleReadResponse(null, new IOException("The connection to the server was closed"));
}
});
handler.completed(null);
} else {
handler.failed(new MongoSocketOpenException("Exception opening socket", getAddress(), future.cause()));
}
}
});
}
use of javax.net.ssl.SSLParameters in project netty by netty.
the class OpenSslEngineTest method testSNIMatchersThrows.
@Test(expected = IllegalArgumentException.class)
public void testSNIMatchersThrows() throws Exception {
assumeTrue(PlatformDependent.javaVersion() >= 8);
SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).build();
SSLEngine engine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
try {
SSLParameters parameters = new SSLParameters();
Java8SslUtils.setSNIMatcher(parameters);
engine.setSSLParameters(parameters);
} finally {
cleanupServerSslEngine(engine);
ssc.delete();
}
}
use of javax.net.ssl.SSLParameters in project netty by netty.
the class OpenSslEngineTest method testAlgorithmConstraintsThrows.
@Test(expected = IllegalArgumentException.class)
public void testAlgorithmConstraintsThrows() throws Exception {
SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).build();
SSLEngine engine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
try {
SSLParameters parameters = new SSLParameters();
parameters.setAlgorithmConstraints(new AlgorithmConstraints() {
@Override
public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, AlgorithmParameters parameters) {
return false;
}
@Override
public boolean permits(Set<CryptoPrimitive> primitives, Key key) {
return false;
}
@Override
public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters) {
return false;
}
});
engine.setSSLParameters(parameters);
} finally {
cleanupServerSslEngine(engine);
ssc.delete();
}
}
use of javax.net.ssl.SSLParameters in project jedis by xetorthio.
the class SSLJedisTest method connectWithShardInfoAndCustomSocketFactory.
/**
* Tests opening an SSL/TLS connection to redis with a custom socket factory.
*/
@Test
public void connectWithShardInfoAndCustomSocketFactory() throws Exception {
final URI uri = URI.create("rediss://localhost:6390");
final SSLSocketFactory sslSocketFactory = createTrustStoreSslSocketFactory();
final SSLParameters sslParameters = new SSLParameters();
HostnameVerifier hostnameVerifier = new BasicHostnameVerifier();
JedisShardInfo shardInfo = new JedisShardInfo(uri, sslSocketFactory, sslParameters, hostnameVerifier);
shardInfo.setPassword("foobared");
Jedis jedis = new Jedis(shardInfo);
jedis.get("foo");
jedis.disconnect();
jedis.close();
}
Aggregations