Example 6 with SSLParameters
use of javax.net.ssl.SSLParameters in project jetty.project by eclipse.
the class SniSslConnectionFactoryTest method getResponse.
private String getResponse(String sniHost, String reqHost, String cn) throws Exception {
SslContextFactory clientContextFactory = new SslContextFactory(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
try (SSLSocket sslSocket = (SSLSocket) factory.createSocket("127.0.0.1", _port)) {
if (cn != null) {
SNIHostName serverName = new SNIHostName(sniHost);
List<SNIServerName> serverNames = new ArrayList<>();
serverNames.add(serverName);
SSLParameters params = sslSocket.getSSLParameters();
params.setServerNames(serverNames);
sslSocket.setSSLParameters(params);
}
sslSocket.startHandshake();
if (cn != null) {
X509Certificate cert = ((X509Certificate) sslSocket.getSession().getPeerCertificates()[0]);
Assert.assertThat(cert.getSubjectX500Principal().getName("CANONICAL"), Matchers.startsWith("cn=" + cn));
}
String response = "GET /ctx/path HTTP/1.0\r\nHost: " + reqHost + ":" + _port + "\r\n\r\n";
sslSocket.getOutputStream().write(response.getBytes(StandardCharsets.ISO_8859_1));
return IO.toString(sslSocket.getInputStream());
} finally {
clientContextFactory.stop();
}
}
Also used :
SNIServerName(javax.net.ssl.SNIServerName)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
SSLParameters(javax.net.ssl.SSLParameters)
SNIHostName(javax.net.ssl.SNIHostName)
SSLSocket(javax.net.ssl.SSLSocket)
ArrayList(java.util.ArrayList)
Matchers.containsString(org.hamcrest.Matchers.containsString)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
X509Certificate(java.security.cert.X509Certificate)
Example 7 with SSLParameters
use of javax.net.ssl.SSLParameters in project jedis by xetorthio.
the class SSLJedisTest method connectWithShardInfoAndCustomHostnameVerifierByIpAddress.
/**
* Tests opening an SSL/TLS connection to redis with a custom hostname
* verifier. This test should fail because "127.0.0.1" does not match the
* certificate subject common name and there are no subject alternative names
* in the certificate.
*/
@Test
public void connectWithShardInfoAndCustomHostnameVerifierByIpAddress() {
final URI uri = URI.create("rediss://127.0.0.1:6390");
final SSLSocketFactory sslSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
final SSLParameters sslParameters = new SSLParameters();
HostnameVerifier hostnameVerifier = new BasicHostnameVerifier();
JedisShardInfo shardInfo = new JedisShardInfo(uri, sslSocketFactory, sslParameters, hostnameVerifier);
shardInfo.setPassword("foobared");
Jedis jedis = new Jedis(shardInfo);
try {
jedis.get("foo");
Assert.fail("The code did not throw the expected JedisConnectionException.");
} catch (JedisConnectionException e) {
Assert.assertEquals("The JedisConnectionException does not contain the expected message.", "The connection to '127.0.0.1' failed ssl/tls hostname verification.", e.getMessage());
}
try {
jedis.close();
} catch (Throwable e1) {
// Expected.
}
}
Also used :
Jedis(redis.clients.jedis.Jedis)
SSLParameters(javax.net.ssl.SSLParameters)
JedisShardInfo(redis.clients.jedis.JedisShardInfo)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
URI(java.net.URI)
JedisConnectionException(redis.clients.jedis.exceptions.JedisConnectionException)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
Test(org.junit.Test)
Example 8 with SSLParameters
use of javax.net.ssl.SSLParameters in project gerrit by GerritCodeReview.
the class AuthSMTPClient method startTLS.
public boolean startTLS(final String hostname, final int port, final boolean verify) throws SocketException, IOException {
if (sendCommand("STARTTLS") != 220) {
return false;
}
_socket_ = sslFactory(verify).createSocket(_socket_, hostname, port, true);
if (verify) {
SSLParameters sslParams = new SSLParameters();
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
((SSLSocket) _socket_).setSSLParameters(sslParams);
}
// XXX: Can't call _connectAction_() because SMTP server doesn't
// give banner information again after STARTTLS, thus SMTP._connectAction_()
// will wait on __getReply() forever, see source code of commons-net-2.2.
//
// The lines below are copied from SocketClient._connectAction_() and
// SMTP._connectAction_() in commons-net-2.2.
_socket_.setSoTimeout(_timeout_);
_input_ = _socket_.getInputStream();
_output_ = _socket_.getOutputStream();
_reader = new BufferedReader(new InputStreamReader(_input_, UTF_8));
_writer = new BufferedWriter(new OutputStreamWriter(_output_, UTF_8));
return true;
}
Also used :
SSLParameters(javax.net.ssl.SSLParameters)
InputStreamReader(java.io.InputStreamReader)
SSLSocket(javax.net.ssl.SSLSocket)
BufferedReader(java.io.BufferedReader)
OutputStreamWriter(java.io.OutputStreamWriter)
BufferedWriter(java.io.BufferedWriter)
Example 9 with SSLParameters
use of javax.net.ssl.SSLParameters in project robovm by robovm.
the class SSLEngineTest method test_SSLEngine_getSSLParameters.
public void test_SSLEngine_getSSLParameters() throws Exception {
TestSSLContext c = TestSSLContext.create();
SSLEngine e = c.clientContext.createSSLEngine();
SSLParameters p = e.getSSLParameters();
assertNotNull(p);
String[] cipherSuites = p.getCipherSuites();
StandardNames.assertValidCipherSuites(StandardNames.CIPHER_SUITES, cipherSuites);
assertNotSame(cipherSuites, e.getEnabledCipherSuites());
assertEquals(Arrays.asList(cipherSuites), Arrays.asList(e.getEnabledCipherSuites()));
String[] protocols = p.getProtocols();
StandardNames.assertValidProtocols(StandardNames.SSL_SOCKET_PROTOCOLS, protocols);
assertNotSame(protocols, e.getEnabledProtocols());
assertEquals(Arrays.asList(protocols), Arrays.asList(e.getEnabledProtocols()));
assertEquals(p.getWantClientAuth(), e.getWantClientAuth());
assertEquals(p.getNeedClientAuth(), e.getNeedClientAuth());
c.close();
}
Also used :
SSLParameters(javax.net.ssl.SSLParameters)
SSLEngine(javax.net.ssl.SSLEngine)
Example 10 with SSLParameters
use of javax.net.ssl.SSLParameters in project robovm by robovm.
the class SSLParametersTest method test_SSLParameters_cpherSuitesProtocolsConstructor.
public void test_SSLParameters_cpherSuitesProtocolsConstructor() {
String[] cipherSuites = new String[] { "foo", null, "bar" };
String[] protocols = new String[] { "baz", null, "qux" };
SSLParameters p = new SSLParameters(cipherSuites, protocols);
assertNotNull(p.getCipherSuites());
assertNotNull(p.getProtocols());
assertNotSame(cipherSuites, p.getCipherSuites());
assertNotSame(protocols, p.getProtocols());
assertEquals(Arrays.asList(cipherSuites), Arrays.asList(p.getCipherSuites()));
assertEquals(Arrays.asList(protocols), Arrays.asList(p.getProtocols()));
assertFalse(p.getWantClientAuth());
assertFalse(p.getNeedClientAuth());
}
Also used :
SSLParameters(javax.net.ssl.SSLParameters)
Aggregations
SSLParameters (javax.net.ssl.SSLParameters)153
SSLEngine (javax.net.ssl.SSLEngine)41
SSLContext (javax.net.ssl.SSLContext)29
SSLSocket (javax.net.ssl.SSLSocket)29
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)21
IOException (java.io.IOException)19
Test (org.junit.Test)18
Test (org.testng.annotations.Test)18
InetSocketAddress (java.net.InetSocketAddress)17
SNIHostName (javax.net.ssl.SNIHostName)16
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)13
SSLException (javax.net.ssl.SSLException)11
SslHandler (io.netty.handler.ssl.SslHandler)10
ArrayList (java.util.ArrayList)10
CertificateException (java.security.cert.CertificateException)9
ByteString (com.linkedin.data.ByteString)8
SNIServerName (javax.net.ssl.SNIServerName)8
HttpsConfigurator (com.sun.net.httpserver.HttpsConfigurator)7
HttpsParameters (com.sun.net.httpserver.HttpsParameters)7
SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)7
