Examples with SSLParameters javax.net.ssl.SSLParameters used on opensource projects

Search in sources :

Example 16 with SSLParameters

use of javax.net.ssl.SSLParameters in project netty by netty.

the class SSLEngineTest method mySetupClientHostnameValidation.

private void mySetupClientHostnameValidation(File serverCrtFile, File serverKeyFile, File clientTrustCrtFile, final boolean failureExpected) throws SSLException, InterruptedException {
    final String expectedHost = "localhost";
    serverSslCtx = SslContextBuilder.forServer(serverCrtFile, serverKeyFile, null).sslProvider(sslServerProvider()).trustManager(InsecureTrustManagerFactory.INSTANCE).ciphers(null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0).sessionTimeout(0).build();
    clientSslCtx = SslContextBuilder.forClient().sslProvider(sslClientProvider()).trustManager(clientTrustCrtFile).ciphers(null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0).sessionTimeout(0).build();
    serverConnectedChannel = null;
    sb = new ServerBootstrap();
    cb = new Bootstrap();
    sb.group(new NioEventLoopGroup(), new NioEventLoopGroup());
    sb.channel(NioServerSocketChannel.class);
    sb.childHandler(new ChannelInitializer<Channel>() {

        @Override
        protected void initChannel(Channel ch) throws Exception {
            ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), type));
            ChannelPipeline p = ch.pipeline();
            p.addLast(serverSslCtx.newHandler(ch.alloc()));
            p.addLast(new MessageDelegatorChannelHandler(serverReceiver, serverLatch));
            p.addLast(new ChannelInboundHandlerAdapter() {

                @Override
                public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
                    if (evt == SslHandshakeCompletionEvent.SUCCESS) {
                        if (failureExpected) {
                            serverException = new IllegalStateException("handshake complete. expected failure");
                        }
                        serverLatch.countDown();
                    } else if (evt instanceof SslHandshakeCompletionEvent) {
                        serverException = ((SslHandshakeCompletionEvent) evt).cause();
                        serverLatch.countDown();
                    }
                    ctx.fireUserEventTriggered(evt);
                }

                @Override
                public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {
                    if (cause.getCause() instanceof SSLHandshakeException) {
                        serverException = cause.getCause();
                        serverLatch.countDown();
                    } else {
                        serverException = cause;
                        ctx.fireExceptionCaught(cause);
                    }
                }
            });
            serverConnectedChannel = ch;
        }
    });
    cb.group(new NioEventLoopGroup());
    cb.channel(NioSocketChannel.class);
    cb.handler(new ChannelInitializer<Channel>() {

        @Override
        protected void initChannel(Channel ch) throws Exception {
            ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), type));
            ChannelPipeline p = ch.pipeline();
            InetSocketAddress remoteAddress = (InetSocketAddress) serverChannel.localAddress();
            SslHandler sslHandler = clientSslCtx.newHandler(ch.alloc(), expectedHost, 0);
            SSLParameters parameters = sslHandler.engine().getSSLParameters();
            parameters.setEndpointIdentificationAlgorithm("HTTPS");
            sslHandler.engine().setSSLParameters(parameters);
            p.addLast(sslHandler);
            p.addLast(new MessageDelegatorChannelHandler(clientReceiver, clientLatch));
            p.addLast(new ChannelInboundHandlerAdapter() {

                @Override
                public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
                    if (evt == SslHandshakeCompletionEvent.SUCCESS) {
                        if (failureExpected) {
                            clientException = new IllegalStateException("handshake complete. expected failure");
                        }
                        clientLatch.countDown();
                    } else if (evt instanceof SslHandshakeCompletionEvent) {
                        clientException = ((SslHandshakeCompletionEvent) evt).cause();
                        clientLatch.countDown();
                    }
                    ctx.fireUserEventTriggered(evt);
                }

                @Override
                public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {
                    if (cause.getCause() instanceof SSLHandshakeException) {
                        clientException = cause.getCause();
                        clientLatch.countDown();
                    } else {
                        ctx.fireExceptionCaught(cause);
                    }
                }
            });
        }
    });
    serverChannel = sb.bind(new InetSocketAddress(expectedHost, 0)).sync().channel();
    final int port = ((InetSocketAddress) serverChannel.localAddress()).getPort();
    ChannelFuture ccf = cb.connect(new InetSocketAddress(expectedHost, port));
    assertTrue(ccf.awaitUninterruptibly().isSuccess());
    clientChannel = ccf.channel();
}
Also used : ChannelFuture(io.netty.channel.ChannelFuture) InetSocketAddress(java.net.InetSocketAddress) SocketChannel(io.netty.channel.socket.SocketChannel) NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) Channel(io.netty.channel.Channel) ChannelHandlerContext(io.netty.channel.ChannelHandlerContext) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) SSLException(javax.net.ssl.SSLException) ClosedChannelException(java.nio.channels.ClosedChannelException) CertificateException(java.security.cert.CertificateException) ExecutionException(java.util.concurrent.ExecutionException) ChannelPipeline(io.netty.channel.ChannelPipeline) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) SSLParameters(javax.net.ssl.SSLParameters) Bootstrap(io.netty.bootstrap.Bootstrap) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) ChannelInboundHandlerAdapter(io.netty.channel.ChannelInboundHandlerAdapter)

Example 17 with SSLParameters

use of javax.net.ssl.SSLParameters in project okhttp by square.

the class Jdk9Platform method configureTlsExtensions.

@Override
public void configureTlsExtensions(SSLSocket sslSocket, String hostname, List<Protocol> protocols) {
    try {
        SSLParameters sslParameters = sslSocket.getSSLParameters();
        List<String> names = alpnProtocolNames(protocols);
        setProtocolMethod.invoke(sslParameters, new Object[] { names.toArray(new String[names.size()]) });
        sslSocket.setSSLParameters(sslParameters);
    } catch (IllegalAccessException | InvocationTargetException e) {
        throw new AssertionError();
    }
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) InvocationTargetException(java.lang.reflect.InvocationTargetException)

Example 18 with SSLParameters

use of javax.net.ssl.SSLParameters in project jedis by xetorthio.

the class SSLJedisTest method connectWithShardInfoByIpAddress.

/**
   * Tests opening an SSL/TLS connection to redis using the loopback address of
   * 127.0.0.1. This test should fail because "127.0.0.1" does not match the
   * certificate subject common name and there are no subject alternative names
   * in the certificate.
   * 
   * NOTE: This test relies on a feature that is only available as of Java 7 and later.
   * It is commented out but not removed in case support for Java 6 is dropped or
   * we find a way to have the CI run a specific set of tests on Java 7 and above.
   */
@Test
public void connectWithShardInfoByIpAddress() throws Exception {
    final URI uri = URI.create("rediss://127.0.0.1:6390");
    final SSLSocketFactory sslSocketFactory = createTrustStoreSslSocketFactory();
    // These SSL parameters ensure that we use the same hostname verifier used
    // for HTTPS.
    // Note: this options is only available in Java 7.
    final SSLParameters sslParameters = new SSLParameters();
    sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
    JedisShardInfo shardInfo = new JedisShardInfo(uri, sslSocketFactory, sslParameters, null);
    shardInfo.setPassword("foobared");
    Jedis jedis = new Jedis(shardInfo);
    try {
        jedis.get("foo");
        Assert.fail("The code did not throw the expected JedisConnectionException.");
    } catch (JedisConnectionException e) {
        Assert.assertEquals("Unexpected first inner exception.", SSLHandshakeException.class, e.getCause().getClass());
        Assert.assertEquals("Unexpected second inner exception.", CertificateException.class, e.getCause().getCause().getClass());
    }
    try {
        jedis.close();
    } catch (Throwable e1) {
    // Expected.
    }
}
Also used : Jedis(redis.clients.jedis.Jedis) SSLParameters(javax.net.ssl.SSLParameters) JedisShardInfo(redis.clients.jedis.JedisShardInfo) CertificateException(java.security.cert.CertificateException) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) URI(java.net.URI) JedisConnectionException(redis.clients.jedis.exceptions.JedisConnectionException) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) Test(org.junit.Test)

Example 19 with SSLParameters

use of javax.net.ssl.SSLParameters in project jedis by xetorthio.

the class SSLJedisTest method connectWithShardInfo.

/**
   * Tests opening an SSL/TLS connection to redis.
   * NOTE: This test relies on a feature that is only available as of Java 7 and later.
   * It is commented out but not removed in case support for Java 6 is dropped or
   * we find a way to have the CI run a specific set of tests on Java 7 and above.
   */
@Test
public void connectWithShardInfo() throws Exception {
    final URI uri = URI.create("rediss://localhost:6390");
    final SSLSocketFactory sslSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
    // These SSL parameters ensure that we use the same hostname verifier used
    // for HTTPS.
    // Note: this options is only available in Java 7.
    final SSLParameters sslParameters = new SSLParameters();
    sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
    JedisShardInfo shardInfo = new JedisShardInfo(uri, sslSocketFactory, sslParameters, null);
    shardInfo.setPassword("foobared");
    Jedis jedis = new Jedis(shardInfo);
    jedis.get("foo");
    jedis.disconnect();
    jedis.close();
}
Also used : Jedis(redis.clients.jedis.Jedis) SSLParameters(javax.net.ssl.SSLParameters) JedisShardInfo(redis.clients.jedis.JedisShardInfo) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) URI(java.net.URI) Test(org.junit.Test)

Example 20 with SSLParameters

use of javax.net.ssl.SSLParameters in project jedis by xetorthio.

the class SSLJedisTest method connectWithShardInfoAndCustomHostnameVerifier.

/**
   * Tests opening an SSL/TLS connection to redis with a custom hostname
   * verifier.
   */
@Test
public void connectWithShardInfoAndCustomHostnameVerifier() {
    final URI uri = URI.create("rediss://localhost:6390");
    final SSLSocketFactory sslSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
    final SSLParameters sslParameters = new SSLParameters();
    HostnameVerifier hostnameVerifier = new BasicHostnameVerifier();
    JedisShardInfo shardInfo = new JedisShardInfo(uri, sslSocketFactory, sslParameters, hostnameVerifier);
    shardInfo.setPassword("foobared");
    Jedis jedis = new Jedis(shardInfo);
    jedis.get("foo");
    jedis.disconnect();
    jedis.close();
}
Also used : Jedis(redis.clients.jedis.Jedis) SSLParameters(javax.net.ssl.SSLParameters) JedisShardInfo(redis.clients.jedis.JedisShardInfo) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) URI(java.net.URI) HostnameVerifier(javax.net.ssl.HostnameVerifier) Test(org.junit.Test)

Aggregations

SSLParameters (javax.net.ssl.SSLParameters)153 SSLEngine (javax.net.ssl.SSLEngine)41 SSLContext (javax.net.ssl.SSLContext)29 SSLSocket (javax.net.ssl.SSLSocket)29 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)21 IOException (java.io.IOException)19 Test (org.junit.Test)18 Test (org.testng.annotations.Test)18 InetSocketAddress (java.net.InetSocketAddress)17 SNIHostName (javax.net.ssl.SNIHostName)16 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)13 SSLException (javax.net.ssl.SSLException)11 SslHandler (io.netty.handler.ssl.SslHandler)10 ArrayList (java.util.ArrayList)10 CertificateException (java.security.cert.CertificateException)9 ByteString (com.linkedin.data.ByteString)8 SNIServerName (javax.net.ssl.SNIServerName)8 HttpsConfigurator (com.sun.net.httpserver.HttpsConfigurator)7 HttpsParameters (com.sun.net.httpserver.HttpsParameters)7 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial