Search in sources :

Example 61 with SSLParameters

use of javax.net.ssl.SSLParameters in project GNS by MobilityFirst.

the class GNSHttpsServer method tryPort.

/**
   * Try to start the http server at the port.
   *
   * @param port
   * @return true if it was started
   */
@Override
public boolean tryPort(int port) {
    try {
        InetSocketAddress addr = new InetSocketAddress(port);
        httpsServer = HttpsServer.create(addr, 0);
        SSLContext sslContext = createSSLContext();
        httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext) {

            @Override
            public void configure(HttpsParameters parameters) {
                // initialise the SSL context
                SSLContext context = getSSLContext();
                SSLEngine engine = context.createSSLEngine();
                //parameters.setNeedClientAuth(false);
                parameters.setCipherSuites(engine.getEnabledCipherSuites());
                parameters.setProtocols(engine.getEnabledProtocols());
                // get the default parameters
                SSLParameters sslParameters = context.getDefaultSSLParameters();
                sslParameters.setNeedClientAuth(true);
                parameters.setNeedClientAuth(true);
                parameters.setSSLParameters(sslParameters);
            }
        });
        httpsServer.createContext("/", new EchoHttpHandler());
        httpsServer.createContext("/" + GNS_PATH, new DefaultHttpHandler());
        httpsServer.setExecutor(Executors.newCachedThreadPool());
        httpsServer.start();
        // Need to do this for the places where we expose the secure http service to the user
        requestHandler.setHttpsServerPort(port);
        LOG.log(Level.INFO, "HTTPS server is listening on port {0}", port);
        return true;
    } catch (BindException e) {
        LOG.log(Level.FINE, "HTTPS server failed to start on port {0} due to {1}", new Object[] { port, e.getMessage() });
        return false;
    } catch (IOException | NoSuchAlgorithmException | KeyStoreException | CertificateException | UnrecoverableKeyException | KeyManagementException e) {
        LOG.log(Level.FINE, "HTTPS server failed to start on port {0} due to {1}", new Object[] { port, e.getMessage() });
        e.printStackTrace();
        return false;
    }
}
Also used : HttpsConfigurator(com.sun.net.httpserver.HttpsConfigurator) InetSocketAddress(java.net.InetSocketAddress) SSLEngine(javax.net.ssl.SSLEngine) HttpsParameters(com.sun.net.httpserver.HttpsParameters) BindException(java.net.BindException) CertificateException(java.security.cert.CertificateException) SSLContext(javax.net.ssl.SSLContext) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) KeyManagementException(java.security.KeyManagementException) SSLParameters(javax.net.ssl.SSLParameters) UnrecoverableKeyException(java.security.UnrecoverableKeyException)

Example 62 with SSLParameters

use of javax.net.ssl.SSLParameters in project camel by apache.

the class BaseSSLContextParameters method getSSLSocketFactorySSLSocketConfigurers.

/**
     * Returns the list of configurers to apply to an {@link SSLSocket} in order
     * to fully configure it in compliance with the provided configuration
     * options. These configurers are intended for sockets produced by a
     * {@link SSLSocketFactory}, see
     * {@link #getSSLServerSocketFactorySSLServerSocketConfigurers(SSLContext)} for
     * configurers related to sockets produced by a
     * {@link SSLServerSocketFactory}. The configurers are to be applied in
     * the order in which they appear in the list.
     * 
     * @param context the context that serves as the factory for
     *            {@code SSLSocketFactory} instances
     *
     * @return the needed configurers
     */
protected List<Configurer<SSLSocket>> getSSLSocketFactorySSLSocketConfigurers(SSLContext context) {
    final List<String> enabledCipherSuites = this.getCipherSuites() == null ? null : this.parsePropertyValues(this.getCipherSuites().getCipherSuite());
    final Patterns enabledCipherSuitePatterns;
    final Patterns defaultEnabledCipherSuitePatterns = this.getDefaultCipherSuitesFilter().getPatterns();
    if (this.getCipherSuitesFilter() != null) {
        enabledCipherSuitePatterns = this.getCipherSuitesFilter().getPatterns();
    } else {
        enabledCipherSuitePatterns = null;
    }
    ///
    final List<String> enabledSecureSocketProtocols = this.getSecureSocketProtocols() == null ? null : this.parsePropertyValues(this.getSecureSocketProtocols().getSecureSocketProtocol());
    final Patterns enabledSecureSocketProtocolsPatterns;
    final Patterns defaultEnabledSecureSocketProtocolsPatterns = this.getDefaultSecureSocketProcotolFilter().getPatterns();
    if (this.getSecureSocketProtocolsFilter() != null) {
        enabledSecureSocketProtocolsPatterns = this.getSecureSocketProtocolsFilter().getPatterns();
    } else {
        enabledSecureSocketProtocolsPatterns = null;
    }
    //
    final boolean allowPassthrough = getAllowPassthrough();
    //////
    Configurer<SSLSocket> sslSocketConfigurer = new Configurer<SSLSocket>() {

        @Override
        public SSLSocket configure(SSLSocket socket) {
            if (!getSNIHostNames().isEmpty()) {
                SSLParameters sslParameters = socket.getSSLParameters();
                sslParameters.setServerNames(getSNIHostNames());
                socket.setSSLParameters(sslParameters);
            }
            Collection<String> filteredCipherSuites = BaseSSLContextParameters.this.filter(enabledCipherSuites, Arrays.asList(socket.getSSLParameters().getCipherSuites()), Arrays.asList(socket.getEnabledCipherSuites()), enabledCipherSuitePatterns, defaultEnabledCipherSuitePatterns, !allowPassthrough);
            if (LOG.isDebugEnabled()) {
                LOG.debug(SSL_SOCKET_CIPHER_SUITE_LOG_MSG, new Object[] { socket, enabledCipherSuites, enabledCipherSuitePatterns, socket.getSSLParameters().getCipherSuites(), socket.getEnabledCipherSuites(), defaultEnabledCipherSuitePatterns, filteredCipherSuites });
            }
            socket.setEnabledCipherSuites(filteredCipherSuites.toArray(new String[filteredCipherSuites.size()]));
            Collection<String> filteredSecureSocketProtocols = BaseSSLContextParameters.this.filter(enabledSecureSocketProtocols, Arrays.asList(socket.getSSLParameters().getProtocols()), Arrays.asList(socket.getEnabledProtocols()), enabledSecureSocketProtocolsPatterns, defaultEnabledSecureSocketProtocolsPatterns, !allowPassthrough);
            if (LOG.isDebugEnabled()) {
                LOG.debug(SSL_SOCKET_PROTOCOL_LOG_MSG, new Object[] { socket, enabledSecureSocketProtocols, enabledSecureSocketProtocolsPatterns, socket.getSSLParameters().getProtocols(), socket.getEnabledProtocols(), defaultEnabledSecureSocketProtocolsPatterns, filteredSecureSocketProtocols });
            }
            socket.setEnabledProtocols(filteredSecureSocketProtocols.toArray(new String[filteredSecureSocketProtocols.size()]));
            return socket;
        }
    };
    List<Configurer<SSLSocket>> sslSocketConfigurers = new LinkedList<Configurer<SSLSocket>>();
    sslSocketConfigurers.add(sslSocketConfigurer);
    return sslSocketConfigurers;
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) SSLSocket(javax.net.ssl.SSLSocket) CollectionHelper.collectionAsCommaDelimitedString(org.apache.camel.util.CollectionHelper.collectionAsCommaDelimitedString) Patterns(org.apache.camel.util.jsse.FilterParameters.Patterns) LinkedList(java.util.LinkedList)

Example 63 with SSLParameters

use of javax.net.ssl.SSLParameters in project robovm by robovm.

the class SSLSocketTest method test_SSLSocket_getSSLParameters.

public void test_SSLSocket_getSSLParameters() throws Exception {
    SSLSocketFactory sf = (SSLSocketFactory) SSLSocketFactory.getDefault();
    SSLSocket ssl = (SSLSocket) sf.createSocket();
    SSLParameters p = ssl.getSSLParameters();
    assertNotNull(p);
    String[] cipherSuites = p.getCipherSuites();
    StandardNames.assertValidCipherSuites(StandardNames.CIPHER_SUITES, cipherSuites);
    assertNotSame(cipherSuites, ssl.getEnabledCipherSuites());
    assertEquals(Arrays.asList(cipherSuites), Arrays.asList(ssl.getEnabledCipherSuites()));
    String[] protocols = p.getProtocols();
    StandardNames.assertValidProtocols(StandardNames.SSL_SOCKET_PROTOCOLS, protocols);
    assertNotSame(protocols, ssl.getEnabledProtocols());
    assertEquals(Arrays.asList(protocols), Arrays.asList(ssl.getEnabledProtocols()));
    assertEquals(p.getWantClientAuth(), ssl.getWantClientAuth());
    assertEquals(p.getNeedClientAuth(), ssl.getNeedClientAuth());
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) SSLSocket(javax.net.ssl.SSLSocket) SSLSocketFactory(javax.net.ssl.SSLSocketFactory)

Example 64 with SSLParameters

use of javax.net.ssl.SSLParameters in project robovm by robovm.

the class SSLContextTest method test_SSLContext_getDefaultSSLParameters.

public void test_SSLContext_getDefaultSSLParameters() throws Exception {
    for (String protocol : StandardNames.SSL_CONTEXT_PROTOCOLS) {
        SSLContext sslContext = SSLContext.getInstance(protocol);
        if (!protocol.equals(StandardNames.SSL_CONTEXT_PROTOCOLS_DEFAULT)) {
            sslContext.init(null, null, null);
        }
        SSLParameters p = sslContext.getDefaultSSLParameters();
        assertNotNull(p);
        String[] cipherSuites = p.getCipherSuites();
        assertNotNull(cipherSuites);
        StandardNames.assertValidCipherSuites(StandardNames.CIPHER_SUITES, cipherSuites);
        String[] protocols = p.getProtocols();
        assertNotNull(protocols);
        StandardNames.assertValidCipherSuites(StandardNames.SSL_SOCKET_PROTOCOLS, protocols);
        assertFalse(p.getWantClientAuth());
        assertFalse(p.getNeedClientAuth());
    }
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) SSLContext(javax.net.ssl.SSLContext)

Example 65 with SSLParameters

use of javax.net.ssl.SSLParameters in project robovm by robovm.

the class SSLContextTest method test_SSLContext_getSupportedSSLParameters.

public void test_SSLContext_getSupportedSSLParameters() throws Exception {
    for (String protocol : StandardNames.SSL_CONTEXT_PROTOCOLS) {
        SSLContext sslContext = SSLContext.getInstance(protocol);
        if (!protocol.equals(StandardNames.SSL_CONTEXT_PROTOCOLS_DEFAULT)) {
            sslContext.init(null, null, null);
        }
        SSLParameters p = sslContext.getSupportedSSLParameters();
        assertNotNull(p);
        String[] cipherSuites = p.getCipherSuites();
        assertNotNull(cipherSuites);
        StandardNames.assertSupportedCipherSuites(StandardNames.CIPHER_SUITES, cipherSuites);
        String[] protocols = p.getProtocols();
        assertNotNull(protocols);
        StandardNames.assertSupportedProtocols(StandardNames.SSL_SOCKET_PROTOCOLS, protocols);
        assertFalse(p.getWantClientAuth());
        assertFalse(p.getNeedClientAuth());
    }
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) SSLContext(javax.net.ssl.SSLContext)

Aggregations

SSLParameters (javax.net.ssl.SSLParameters)71 SSLSocket (javax.net.ssl.SSLSocket)16 Test (org.testng.annotations.Test)16 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)14 SSLContext (javax.net.ssl.SSLContext)13 SSLEngine (javax.net.ssl.SSLEngine)10 Test (org.junit.Test)10 ByteString (com.linkedin.data.ByteString)9 AsciiString (io.netty.util.AsciiString)9 InetSocketAddress (java.net.InetSocketAddress)6 SNIHostName (javax.net.ssl.SNIHostName)6 ArrayList (java.util.ArrayList)5 SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)5 IOException (java.io.IOException)4 URI (java.net.URI)4 X509Certificate (java.security.cert.X509Certificate)4 Jedis (redis.clients.jedis.Jedis)4 JedisShardInfo (redis.clients.jedis.JedisShardInfo)4 FutureCallback (com.linkedin.common.callback.FutureCallback)3 HttpsConfigurator (com.sun.net.httpserver.HttpsConfigurator)3