Search in sources :

Example 91 with SSLParameters

use of javax.net.ssl.SSLParameters in project languagetool by languagetool-org.

the class HTTPSServer method getConfigurator.

private HttpsConfigurator getConfigurator(SSLContext sslContext) {
    return new HttpsConfigurator(sslContext) {

        @Override
        public void configure(HttpsParameters params) {
            SSLContext context = getSSLContext();
            SSLParameters sslParams = context.getDefaultSSLParameters();
            params.setNeedClientAuth(false);
            params.setSSLParameters(sslParams);
        }
    };
}
Also used : HttpsConfigurator(com.sun.net.httpserver.HttpsConfigurator) SSLParameters(javax.net.ssl.SSLParameters) HttpsParameters(com.sun.net.httpserver.HttpsParameters) SSLContext(javax.net.ssl.SSLContext)

Example 92 with SSLParameters

use of javax.net.ssl.SSLParameters in project jetty.project by eclipse.

the class JDK9ALPNTest method testClientSupportingALPNServerSpeaksNegotiatedProtocol.

@Test
public void testClientSupportingALPNServerSpeaksNegotiatedProtocol() throws Exception {
    startServer(new AbstractHandler.ErrorDispatchHandler() {

        @Override
        protected void doNonErrorHandle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
            baseRequest.setHandled(true);
        }
    });
    SslContextFactory sslContextFactory = new SslContextFactory(true);
    sslContextFactory.start();
    SSLContext sslContext = sslContextFactory.getSslContext();
    try (SSLSocket client = (SSLSocket) sslContext.getSocketFactory().createSocket("localhost", connector.getLocalPort())) {
        client.setUseClientMode(true);
        SSLParameters sslParameters = client.getSSLParameters();
        sslParameters.setApplicationProtocols(new String[] { "unknown/1.0", "http/1.1" });
        client.setSSLParameters(sslParameters);
        client.setSoTimeout(5000);
        client.startHandshake();
        OutputStream output = client.getOutputStream();
        output.write(("" + "GET / HTTP/1.1\r\n" + "Host: localhost\r\n" + "Connection: close\r\n" + "\r\n" + "").getBytes(StandardCharsets.UTF_8));
        output.flush();
        InputStream input = client.getInputStream();
        BufferedReader reader = new BufferedReader(new InputStreamReader(input, StandardCharsets.UTF_8));
        String line = reader.readLine();
        Assert.assertTrue(line.contains(" 200 "));
        while (true) {
            if (reader.readLine() == null)
                break;
        }
    }
}
Also used : InputStreamReader(java.io.InputStreamReader) InputStream(java.io.InputStream) SSLSocket(javax.net.ssl.SSLSocket) OutputStream(java.io.OutputStream) Request(org.eclipse.jetty.server.Request) HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) SSLContext(javax.net.ssl.SSLContext) AbstractHandler(org.eclipse.jetty.server.handler.AbstractHandler) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SSLParameters(javax.net.ssl.SSLParameters) BufferedReader(java.io.BufferedReader) Test(org.junit.Test)

Example 93 with SSLParameters

use of javax.net.ssl.SSLParameters in project jetty.project by eclipse.

the class SslContextFactory method load.

private void load() throws Exception {
    SSLContext context = _setContext;
    KeyStore keyStore = _setKeyStore;
    KeyStore trustStore = _setTrustStore;
    if (context == null) {
        // Is this an empty factory?
        if (keyStore == null && _keyStoreResource == null && trustStore == null && _trustStoreResource == null) {
            TrustManager[] trust_managers = null;
            if (isTrustAll()) {
                if (LOG.isDebugEnabled())
                    LOG.debug("No keystore or trust store configured.  ACCEPTING UNTRUSTED CERTIFICATES!!!!!");
                // Create a trust manager that does not validate certificate chains
                trust_managers = TRUST_ALL_CERTS;
            }
            String algorithm = getSecureRandomAlgorithm();
            SecureRandom secureRandom = algorithm == null ? null : SecureRandom.getInstance(algorithm);
            context = _sslProvider == null ? SSLContext.getInstance(_sslProtocol) : SSLContext.getInstance(_sslProtocol, _sslProvider);
            context.init(null, trust_managers, secureRandom);
        } else {
            if (keyStore == null)
                keyStore = loadKeyStore(_keyStoreResource);
            if (trustStore == null)
                trustStore = loadTrustStore(_trustStoreResource);
            Collection<? extends CRL> crls = loadCRL(getCrlPath());
            // Look for X.509 certificates to create alias map
            if (keyStore != null) {
                for (String alias : Collections.list(keyStore.aliases())) {
                    Certificate certificate = keyStore.getCertificate(alias);
                    if (certificate != null && "X.509".equals(certificate.getType())) {
                        X509Certificate x509C = (X509Certificate) certificate;
                        // Exclude certificates with special uses
                        if (X509.isCertSign(x509C)) {
                            if (LOG.isDebugEnabled())
                                LOG.debug("Skipping " + x509C);
                            continue;
                        }
                        X509 x509 = new X509(alias, x509C);
                        _aliasX509.put(alias, x509);
                        if (isValidateCerts()) {
                            CertificateValidator validator = new CertificateValidator(trustStore, crls);
                            validator.setMaxCertPathLength(getMaxCertPathLength());
                            validator.setEnableCRLDP(isEnableCRLDP());
                            validator.setEnableOCSP(isEnableOCSP());
                            validator.setOcspResponderURL(getOcspResponderURL());
                            // TODO what about truststore?
                            validator.validate(keyStore, x509C);
                        }
                        LOG.info("x509={} for {}", x509, this);
                        for (String h : x509.getHosts()) _certHosts.put(h, x509);
                        for (String w : x509.getWilds()) _certWilds.put(w, x509);
                    }
                }
            }
            // Instantiate key and trust managers
            KeyManager[] keyManagers = getKeyManagers(keyStore);
            TrustManager[] trustManagers = getTrustManagers(trustStore, crls);
            // Initialize context
            SecureRandom secureRandom = (_secureRandomAlgorithm == null) ? null : SecureRandom.getInstance(_secureRandomAlgorithm);
            context = _sslProvider == null ? SSLContext.getInstance(_sslProtocol) : SSLContext.getInstance(_sslProtocol, _sslProvider);
            context.init(keyManagers, trustManagers, secureRandom);
        }
    }
    // Initialize cache
    SSLSessionContext serverContext = context.getServerSessionContext();
    if (serverContext != null) {
        if (getSslSessionCacheSize() > -1)
            serverContext.setSessionCacheSize(getSslSessionCacheSize());
        if (getSslSessionTimeout() > -1)
            serverContext.setSessionTimeout(getSslSessionTimeout());
    }
    // select the protocols and ciphers
    SSLParameters enabled = context.getDefaultSSLParameters();
    SSLParameters supported = context.getSupportedSSLParameters();
    selectCipherSuites(enabled.getCipherSuites(), supported.getCipherSuites());
    selectProtocols(enabled.getProtocols(), supported.getProtocols());
    _factory = new Factory(keyStore, trustStore, context);
    if (LOG.isDebugEnabled()) {
        LOG.debug("Selected Protocols {} of {}", Arrays.asList(_selectedProtocols), Arrays.asList(supported.getProtocols()));
        LOG.debug("Selected Ciphers   {} of {}", Arrays.asList(_selectedCipherSuites), Arrays.asList(supported.getCipherSuites()));
    }
}
Also used : SSLSessionContext(javax.net.ssl.SSLSessionContext) CertificateValidator(org.eclipse.jetty.util.security.CertificateValidator) SecureRandom(java.security.SecureRandom) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) SSLServerSocketFactory(javax.net.ssl.SSLServerSocketFactory) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) SSLParameters(javax.net.ssl.SSLParameters) KeyManager(javax.net.ssl.KeyManager) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 94 with SSLParameters

use of javax.net.ssl.SSLParameters in project jetty.project by eclipse.

the class SslConnectionFactoryTest method getResponse.

private String getResponse(String sniHost, String reqHost, String cn) throws Exception {
    SslContextFactory clientContextFactory = new SslContextFactory(true);
    clientContextFactory.start();
    SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
    SSLSocket sslSocket = (SSLSocket) factory.createSocket("127.0.0.1", _port);
    if (cn != null) {
        SNIHostName serverName = new SNIHostName(sniHost);
        List<SNIServerName> serverNames = new ArrayList<>();
        serverNames.add(serverName);
        SSLParameters params = sslSocket.getSSLParameters();
        params.setServerNames(serverNames);
        sslSocket.setSSLParameters(params);
    }
    sslSocket.startHandshake();
    if (cn != null) {
        X509Certificate cert = ((X509Certificate) sslSocket.getSession().getPeerCertificates()[0]);
        Assert.assertThat(cert.getSubjectX500Principal().getName("CANONICAL"), Matchers.startsWith("cn=" + cn));
    }
    sslSocket.getOutputStream().write(("GET /ctx/path HTTP/1.0\r\nHost: " + reqHost + ":" + _port + "\r\n\r\n").getBytes(StandardCharsets.ISO_8859_1));
    String response = IO.toString(sslSocket.getInputStream());
    sslSocket.close();
    clientContextFactory.stop();
    return response;
}
Also used : SNIServerName(javax.net.ssl.SNIServerName) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SSLParameters(javax.net.ssl.SSLParameters) SNIHostName(javax.net.ssl.SNIHostName) SSLSocket(javax.net.ssl.SSLSocket) ArrayList(java.util.ArrayList) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) X509Certificate(java.security.cert.X509Certificate)

Example 95 with SSLParameters

use of javax.net.ssl.SSLParameters in project cassandra by apache.

the class SSLFactory method prepareSocket.

/** Sets relevant socket options specified in encryption settings */
private static void prepareSocket(SSLSocket socket, EncryptionOptions options) {
    String[] suites = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites);
    if (options.require_endpoint_verification) {
        SSLParameters sslParameters = socket.getSSLParameters();
        sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
        socket.setSSLParameters(sslParameters);
    }
    socket.setEnabledCipherSuites(suites);
}
Also used : SSLParameters(javax.net.ssl.SSLParameters)

Aggregations

SSLParameters (javax.net.ssl.SSLParameters)163 SSLEngine (javax.net.ssl.SSLEngine)48 SSLContext (javax.net.ssl.SSLContext)31 SSLSocket (javax.net.ssl.SSLSocket)31 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)22 InetSocketAddress (java.net.InetSocketAddress)20 IOException (java.io.IOException)19 Test (org.junit.Test)18 Test (org.testng.annotations.Test)18 SNIHostName (javax.net.ssl.SNIHostName)16 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)15 SSLException (javax.net.ssl.SSLException)14 SslHandler (io.netty.handler.ssl.SslHandler)13 CertificateException (java.security.cert.CertificateException)10 ArrayList (java.util.ArrayList)10 X509Certificate (java.security.cert.X509Certificate)9 ByteString (com.linkedin.data.ByteString)8 ChannelPipeline (io.netty.channel.ChannelPipeline)8 SocketChannel (io.netty.channel.socket.SocketChannel)8 SNIServerName (javax.net.ssl.SNIServerName)8