use of javax.net.ssl.SSLParameters in project languagetool by languagetool-org.
the class HTTPSServer method getConfigurator.
private HttpsConfigurator getConfigurator(SSLContext sslContext) {
return new HttpsConfigurator(sslContext) {
@Override
public void configure(HttpsParameters params) {
SSLContext context = getSSLContext();
SSLParameters sslParams = context.getDefaultSSLParameters();
params.setNeedClientAuth(false);
params.setSSLParameters(sslParams);
}
};
}
use of javax.net.ssl.SSLParameters in project jetty.project by eclipse.
the class JDK9ALPNTest method testClientSupportingALPNServerSpeaksNegotiatedProtocol.
@Test
public void testClientSupportingALPNServerSpeaksNegotiatedProtocol() throws Exception {
startServer(new AbstractHandler.ErrorDispatchHandler() {
@Override
protected void doNonErrorHandle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
baseRequest.setHandled(true);
}
});
SslContextFactory sslContextFactory = new SslContextFactory(true);
sslContextFactory.start();
SSLContext sslContext = sslContextFactory.getSslContext();
try (SSLSocket client = (SSLSocket) sslContext.getSocketFactory().createSocket("localhost", connector.getLocalPort())) {
client.setUseClientMode(true);
SSLParameters sslParameters = client.getSSLParameters();
sslParameters.setApplicationProtocols(new String[] { "unknown/1.0", "http/1.1" });
client.setSSLParameters(sslParameters);
client.setSoTimeout(5000);
client.startHandshake();
OutputStream output = client.getOutputStream();
output.write(("" + "GET / HTTP/1.1\r\n" + "Host: localhost\r\n" + "Connection: close\r\n" + "\r\n" + "").getBytes(StandardCharsets.UTF_8));
output.flush();
InputStream input = client.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(input, StandardCharsets.UTF_8));
String line = reader.readLine();
Assert.assertTrue(line.contains(" 200 "));
while (true) {
if (reader.readLine() == null)
break;
}
}
}
use of javax.net.ssl.SSLParameters in project jetty.project by eclipse.
the class SslContextFactory method load.
private void load() throws Exception {
SSLContext context = _setContext;
KeyStore keyStore = _setKeyStore;
KeyStore trustStore = _setTrustStore;
if (context == null) {
// Is this an empty factory?
if (keyStore == null && _keyStoreResource == null && trustStore == null && _trustStoreResource == null) {
TrustManager[] trust_managers = null;
if (isTrustAll()) {
if (LOG.isDebugEnabled())
LOG.debug("No keystore or trust store configured. ACCEPTING UNTRUSTED CERTIFICATES!!!!!");
// Create a trust manager that does not validate certificate chains
trust_managers = TRUST_ALL_CERTS;
}
String algorithm = getSecureRandomAlgorithm();
SecureRandom secureRandom = algorithm == null ? null : SecureRandom.getInstance(algorithm);
context = _sslProvider == null ? SSLContext.getInstance(_sslProtocol) : SSLContext.getInstance(_sslProtocol, _sslProvider);
context.init(null, trust_managers, secureRandom);
} else {
if (keyStore == null)
keyStore = loadKeyStore(_keyStoreResource);
if (trustStore == null)
trustStore = loadTrustStore(_trustStoreResource);
Collection<? extends CRL> crls = loadCRL(getCrlPath());
// Look for X.509 certificates to create alias map
if (keyStore != null) {
for (String alias : Collections.list(keyStore.aliases())) {
Certificate certificate = keyStore.getCertificate(alias);
if (certificate != null && "X.509".equals(certificate.getType())) {
X509Certificate x509C = (X509Certificate) certificate;
// Exclude certificates with special uses
if (X509.isCertSign(x509C)) {
if (LOG.isDebugEnabled())
LOG.debug("Skipping " + x509C);
continue;
}
X509 x509 = new X509(alias, x509C);
_aliasX509.put(alias, x509);
if (isValidateCerts()) {
CertificateValidator validator = new CertificateValidator(trustStore, crls);
validator.setMaxCertPathLength(getMaxCertPathLength());
validator.setEnableCRLDP(isEnableCRLDP());
validator.setEnableOCSP(isEnableOCSP());
validator.setOcspResponderURL(getOcspResponderURL());
// TODO what about truststore?
validator.validate(keyStore, x509C);
}
LOG.info("x509={} for {}", x509, this);
for (String h : x509.getHosts()) _certHosts.put(h, x509);
for (String w : x509.getWilds()) _certWilds.put(w, x509);
}
}
}
// Instantiate key and trust managers
KeyManager[] keyManagers = getKeyManagers(keyStore);
TrustManager[] trustManagers = getTrustManagers(trustStore, crls);
// Initialize context
SecureRandom secureRandom = (_secureRandomAlgorithm == null) ? null : SecureRandom.getInstance(_secureRandomAlgorithm);
context = _sslProvider == null ? SSLContext.getInstance(_sslProtocol) : SSLContext.getInstance(_sslProtocol, _sslProvider);
context.init(keyManagers, trustManagers, secureRandom);
}
}
// Initialize cache
SSLSessionContext serverContext = context.getServerSessionContext();
if (serverContext != null) {
if (getSslSessionCacheSize() > -1)
serverContext.setSessionCacheSize(getSslSessionCacheSize());
if (getSslSessionTimeout() > -1)
serverContext.setSessionTimeout(getSslSessionTimeout());
}
// select the protocols and ciphers
SSLParameters enabled = context.getDefaultSSLParameters();
SSLParameters supported = context.getSupportedSSLParameters();
selectCipherSuites(enabled.getCipherSuites(), supported.getCipherSuites());
selectProtocols(enabled.getProtocols(), supported.getProtocols());
_factory = new Factory(keyStore, trustStore, context);
if (LOG.isDebugEnabled()) {
LOG.debug("Selected Protocols {} of {}", Arrays.asList(_selectedProtocols), Arrays.asList(supported.getProtocols()));
LOG.debug("Selected Ciphers {} of {}", Arrays.asList(_selectedCipherSuites), Arrays.asList(supported.getCipherSuites()));
}
}
use of javax.net.ssl.SSLParameters in project jetty.project by eclipse.
the class SslConnectionFactoryTest method getResponse.
private String getResponse(String sniHost, String reqHost, String cn) throws Exception {
SslContextFactory clientContextFactory = new SslContextFactory(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
SSLSocket sslSocket = (SSLSocket) factory.createSocket("127.0.0.1", _port);
if (cn != null) {
SNIHostName serverName = new SNIHostName(sniHost);
List<SNIServerName> serverNames = new ArrayList<>();
serverNames.add(serverName);
SSLParameters params = sslSocket.getSSLParameters();
params.setServerNames(serverNames);
sslSocket.setSSLParameters(params);
}
sslSocket.startHandshake();
if (cn != null) {
X509Certificate cert = ((X509Certificate) sslSocket.getSession().getPeerCertificates()[0]);
Assert.assertThat(cert.getSubjectX500Principal().getName("CANONICAL"), Matchers.startsWith("cn=" + cn));
}
sslSocket.getOutputStream().write(("GET /ctx/path HTTP/1.0\r\nHost: " + reqHost + ":" + _port + "\r\n\r\n").getBytes(StandardCharsets.ISO_8859_1));
String response = IO.toString(sslSocket.getInputStream());
sslSocket.close();
clientContextFactory.stop();
return response;
}
use of javax.net.ssl.SSLParameters in project cassandra by apache.
the class SSLFactory method prepareSocket.
/** Sets relevant socket options specified in encryption settings */
private static void prepareSocket(SSLSocket socket, EncryptionOptions options) {
String[] suites = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites);
if (options.require_endpoint_verification) {
SSLParameters sslParameters = socket.getSSLParameters();
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
socket.setSSLParameters(sslParameters);
}
socket.setEnabledCipherSuites(suites);
}
Aggregations