Example 96 with SSLParameters
use of javax.net.ssl.SSLParameters in project cassandra by apache.
the class SSLFactory method prepareSocket.
/** Sets relevant socket options specified in encryption settings */
private static void prepareSocket(SSLServerSocket serverSocket, EncryptionOptions options) {
String[] suites = filterCipherSuites(serverSocket.getSupportedCipherSuites(), options.cipher_suites);
if (options.require_endpoint_verification) {
SSLParameters sslParameters = serverSocket.getSSLParameters();
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
serverSocket.setSSLParameters(sslParameters);
}
serverSocket.setEnabledCipherSuites(suites);
serverSocket.setNeedClientAuth(options.require_client_auth);
}
Also used :
SSLParameters(javax.net.ssl.SSLParameters)
Example 97 with SSLParameters
use of javax.net.ssl.SSLParameters in project jodd by oblac.
the class SocketHttpConnectionProvider method createSSLSocket.
/**
* Creates a SSL socket. Enables default secure enabled protocols if specified.
*/
protected SSLSocket createSSLSocket(String host, int port, int connectionTimeout, boolean trustAll, boolean verifyHttpsHost) throws IOException {
SocketFactory socketFactory = getSocketFactory(proxy, true, trustAll);
Socket socket;
if (connectionTimeout < 0) {
socket = socketFactory.createSocket(host, port);
} else {
// creates unconnected socket
// unfortunately, this does not work always
// sslSocket = (SSLSocket) socketFactory.createSocket();
// sslSocket.connect(new InetSocketAddress(host, port), connectionTimeout);
//
// Note: SSLSocketFactory has several create() methods.
// Those that take arguments all connect immediately
// and have no options for specifying a connection timeout.
//
// So, we have to create a socket and connect it (with a
// connection timeout), then have the SSLSocketFactory wrap
// the already-connected socket.
//
socket = new Socket();
//sock.setSoTimeout(readTimeout);
socket.connect(new InetSocketAddress(host, port), connectionTimeout);
// continue to wrap this plain socket with ssl socket...
}
// wrap plain socket in an SSL socket
SSLSocket sslSocket;
if (socket instanceof SSLSocket) {
sslSocket = (SSLSocket) socket;
} else {
if (socketFactory instanceof SSLSocketFactory) {
sslSocket = (SSLSocket) ((SSLSocketFactory) socketFactory).createSocket(socket, host, port, true);
} else {
sslSocket = (SSLSocket) (getDefaultSSLSocketFactory(trustAll)).createSocket(socket, host, port, true);
}
}
// sslSocket is now ready
String enabledProtocols = JoddHttp.defaultSecureEnabledProtocols;
if (enabledProtocols != null) {
String[] values = StringUtil.splitc(enabledProtocols, ',');
StringUtil.trimAll(values);
sslSocket.setEnabledProtocols(values);
}
if (verifyHttpsHost) {
SSLParameters sslParams = new SSLParameters();
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
sslSocket.setSSLParameters(sslParams);
}
return sslSocket;
}
Also used :
SSLParameters(javax.net.ssl.SSLParameters)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
SocketFactory(javax.net.SocketFactory)
InetSocketAddress(java.net.InetSocketAddress)
SSLSocket(javax.net.ssl.SSLSocket)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
Socket(java.net.Socket)
SSLSocket(javax.net.ssl.SSLSocket)
Example 98 with SSLParameters
use of javax.net.ssl.SSLParameters in project mongo-java-driver by mongodb.
the class NettyStream method openAsync.
@Override
public void openAsync(final AsyncCompletionHandler<Void> handler) {
Bootstrap bootstrap = new Bootstrap();
bootstrap.group(workerGroup);
bootstrap.channel(socketChannelClass);
bootstrap.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, settings.getConnectTimeout(MILLISECONDS));
bootstrap.option(ChannelOption.TCP_NODELAY, true);
bootstrap.option(ChannelOption.SO_KEEPALIVE, settings.isKeepAlive());
if (settings.getReceiveBufferSize() > 0) {
bootstrap.option(ChannelOption.SO_RCVBUF, settings.getReceiveBufferSize());
}
if (settings.getSendBufferSize() > 0) {
bootstrap.option(ChannelOption.SO_SNDBUF, settings.getSendBufferSize());
}
bootstrap.option(ChannelOption.ALLOCATOR, allocator);
bootstrap.handler(new ChannelInitializer<SocketChannel>() {
@Override
public void initChannel(final SocketChannel ch) throws Exception {
if (sslSettings.isEnabled()) {
SSLEngine engine = SSLContext.getDefault().createSSLEngine(address.getHost(), address.getPort());
engine.setUseClientMode(true);
SSLParameters sslParameters = engine.getSSLParameters();
enableSni(address, sslParameters);
if (!sslSettings.isInvalidHostNameAllowed()) {
enableHostNameVerification(sslParameters);
}
engine.setSSLParameters(sslParameters);
ch.pipeline().addFirst("ssl", new SslHandler(engine, false));
}
int readTimeout = settings.getReadTimeout(MILLISECONDS);
if (readTimeout > 0) {
ch.pipeline().addLast(READ_HANDLER_NAME, new ReadTimeoutHandler(readTimeout));
}
ch.pipeline().addLast(new InboundBufferHandler());
}
});
final ChannelFuture channelFuture = bootstrap.connect(address.getHost(), address.getPort());
channelFuture.addListener(new ChannelFutureListener() {
@Override
public void operationComplete(final ChannelFuture future) throws Exception {
if (future.isSuccess()) {
channel = channelFuture.channel();
channel.closeFuture().addListener(new ChannelFutureListener() {
@Override
public void operationComplete(final ChannelFuture f2) throws Exception {
handleReadResponse(null, new IOException("The connection to the server was closed"));
}
});
handler.completed(null);
} else {
handler.failed(new MongoSocketOpenException("Exception opening socket", getAddress(), future.cause()));
}
}
});
}
Also used :
ChannelFuture(io.netty.channel.ChannelFuture)
SocketChannel(io.netty.channel.socket.SocketChannel)
SSLEngine(javax.net.ssl.SSLEngine)
IOException(java.io.IOException)
ChannelFutureListener(io.netty.channel.ChannelFutureListener)
MongoInternalException(com.mongodb.MongoInternalException)
MongoSocketOpenException(com.mongodb.MongoSocketOpenException)
ReadTimeoutException(io.netty.handler.timeout.ReadTimeoutException)
MongoInterruptedException(com.mongodb.MongoInterruptedException)
MongoException(com.mongodb.MongoException)
IOException(java.io.IOException)
MongoSocketReadTimeoutException(com.mongodb.MongoSocketReadTimeoutException)
SslHandler(io.netty.handler.ssl.SslHandler)
MongoSocketOpenException(com.mongodb.MongoSocketOpenException)
SSLParameters(javax.net.ssl.SSLParameters)
Bootstrap(io.netty.bootstrap.Bootstrap)
Example 99 with SSLParameters
use of javax.net.ssl.SSLParameters in project netty by netty.
the class OpenSslEngineTest method testSNIMatchersThrows.
@Test(expected = IllegalArgumentException.class)
public void testSNIMatchersThrows() throws Exception {
assumeTrue(PlatformDependent.javaVersion() >= 8);
SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).build();
SSLEngine engine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
try {
SSLParameters parameters = new SSLParameters();
Java8SslUtils.setSNIMatcher(parameters);
engine.setSSLParameters(parameters);
} finally {
cleanupServerSslEngine(engine);
ssc.delete();
}
}
Also used :
SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate)
SSLParameters(javax.net.ssl.SSLParameters)
SSLEngine(javax.net.ssl.SSLEngine)
Test(org.junit.Test)
Example 100 with SSLParameters
use of javax.net.ssl.SSLParameters in project netty by netty.
the class OpenSslEngineTest method testAlgorithmConstraintsThrows.
@Test(expected = IllegalArgumentException.class)
public void testAlgorithmConstraintsThrows() throws Exception {
SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).build();
SSLEngine engine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
try {
SSLParameters parameters = new SSLParameters();
parameters.setAlgorithmConstraints(new AlgorithmConstraints() {
@Override
public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, AlgorithmParameters parameters) {
return false;
}
@Override
public boolean permits(Set<CryptoPrimitive> primitives, Key key) {
return false;
}
@Override
public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters) {
return false;
}
});
engine.setSSLParameters(parameters);
} finally {
cleanupServerSslEngine(engine);
ssc.delete();
}
}
Also used :
SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate)
CryptoPrimitive(java.security.CryptoPrimitive)
SSLParameters(javax.net.ssl.SSLParameters)
SSLEngine(javax.net.ssl.SSLEngine)
Key(java.security.Key)
AlgorithmConstraints(java.security.AlgorithmConstraints)
AlgorithmParameters(java.security.AlgorithmParameters)
Test(org.junit.Test)
Aggregations
SSLParameters (javax.net.ssl.SSLParameters)163
SSLEngine (javax.net.ssl.SSLEngine)48
SSLContext (javax.net.ssl.SSLContext)31
SSLSocket (javax.net.ssl.SSLSocket)31
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)22
InetSocketAddress (java.net.InetSocketAddress)20
IOException (java.io.IOException)19
Test (org.junit.Test)18
Test (org.testng.annotations.Test)18
SNIHostName (javax.net.ssl.SNIHostName)16
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)15
SSLException (javax.net.ssl.SSLException)14
SslHandler (io.netty.handler.ssl.SslHandler)13
CertificateException (java.security.cert.CertificateException)10
ArrayList (java.util.ArrayList)10
X509Certificate (java.security.cert.X509Certificate)9
ByteString (com.linkedin.data.ByteString)8
ChannelPipeline (io.netty.channel.ChannelPipeline)8
SocketChannel (io.netty.channel.socket.SocketChannel)8
SNIServerName (javax.net.ssl.SNIServerName)8
