Search in sources :

Example 36 with SSLParameters

use of javax.net.ssl.SSLParameters in project jdk9-jigsaw by AdoptOpenJDK.

the class Server method main.

public static void main(String[] args) throws IOException {
    System.setProperty("javax.net.ssl.keyStore", "C:/Users/Martin/sample.pfx");
    System.setProperty("javax.net.ssl.keyStorePassword", "sample");
    SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
    ServerSocket ss = ssf.createServerSocket(4444);
    while (true) {
        SSLSocket s = (SSLSocket) ss.accept();
        SSLParameters params = s.getSSLParameters();
        s.setSSLParameters(params);
        BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));
        String line = null;
        PrintStream out = new PrintStream(s.getOutputStream());
        while (((line = in.readLine()) != null)) {
            System.out.println(line);
            out.println("Hi, client");
        }
        in.close();
        out.close();
        s.close();
    }
}
Also used : PrintStream(java.io.PrintStream) SSLParameters(javax.net.ssl.SSLParameters) InputStreamReader(java.io.InputStreamReader) SSLSocket(javax.net.ssl.SSLSocket) BufferedReader(java.io.BufferedReader) SSLServerSocketFactory(javax.net.ssl.SSLServerSocketFactory) ServerSocket(java.net.ServerSocket)

Example 37 with SSLParameters

use of javax.net.ssl.SSLParameters in project service-proxy by membrane.

the class SSLContext method applyCiphers.

public void applyCiphers(SSLSocket sslSocket) {
    if (ciphers != null) {
        SSLParameters sslParameters = sslSocket.getSSLParameters();
        applyCipherOrdering(sslParameters);
        sslParameters.setCipherSuites(ciphers);
        sslParameters.setEndpointIdentificationAlgorithm(endpointIdentificationAlgorithm);
        sslSocket.setSSLParameters(sslParameters);
    }
}
Also used : SSLParameters(javax.net.ssl.SSLParameters)

Example 38 with SSLParameters

use of javax.net.ssl.SSLParameters in project activemq-artemis by apache.

the class NettyConnector method start.

@Override
public synchronized void start() {
    if (channelClazz != null) {
        return;
    }
    if (remotingThreads == -1) {
        // Default to number of cores * 3
        remotingThreads = Runtime.getRuntime().availableProcessors() * 3;
    }
    String connectorType;
    if (useEpoll && Epoll.isAvailable()) {
        if (useGlobalWorkerPool) {
            group = SharedEventLoopGroup.getInstance((threadFactory -> new EpollEventLoopGroup(remotingThreads, threadFactory)));
        } else {
            group = new EpollEventLoopGroup(remotingThreads);
        }
        connectorType = EPOLL_CONNECTOR_TYPE;
        channelClazz = EpollSocketChannel.class;
        logger.debug("Connector " + this + " using native epoll");
    } else if (useKQueue && KQueue.isAvailable()) {
        if (useGlobalWorkerPool) {
            group = SharedEventLoopGroup.getInstance((threadFactory -> new KQueueEventLoopGroup(remotingThreads, threadFactory)));
        } else {
            group = new KQueueEventLoopGroup(remotingThreads);
        }
        connectorType = KQUEUE_CONNECTOR_TYPE;
        channelClazz = KQueueSocketChannel.class;
        logger.debug("Connector " + this + " using native kqueue");
    } else {
        if (useGlobalWorkerPool) {
            channelClazz = NioSocketChannel.class;
            group = SharedEventLoopGroup.getInstance((threadFactory -> new NioEventLoopGroup(remotingThreads, threadFactory)));
        } else {
            channelClazz = NioSocketChannel.class;
            group = new NioEventLoopGroup(remotingThreads);
        }
        connectorType = NIO_CONNECTOR_TYPE;
        channelClazz = NioSocketChannel.class;
        logger.debug("Connector + " + this + " using nio");
    }
    // if we are a servlet wrap the socketChannelFactory
    bootstrap = new Bootstrap();
    bootstrap.channel(channelClazz);
    bootstrap.group(group);
    bootstrap.option(ChannelOption.TCP_NODELAY, tcpNoDelay);
    if (connectTimeoutMillis != -1) {
        bootstrap.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, connectTimeoutMillis);
    }
    if (tcpReceiveBufferSize != -1) {
        bootstrap.option(ChannelOption.SO_RCVBUF, tcpReceiveBufferSize);
    }
    if (tcpSendBufferSize != -1) {
        bootstrap.option(ChannelOption.SO_SNDBUF, tcpSendBufferSize);
    }
    final int writeBufferLowWaterMark = this.writeBufferLowWaterMark != -1 ? this.writeBufferLowWaterMark : WriteBufferWaterMark.DEFAULT.low();
    final int writeBufferHighWaterMark = this.writeBufferHighWaterMark != -1 ? this.writeBufferHighWaterMark : WriteBufferWaterMark.DEFAULT.high();
    final WriteBufferWaterMark writeBufferWaterMark = new WriteBufferWaterMark(writeBufferLowWaterMark, writeBufferHighWaterMark);
    bootstrap.option(ChannelOption.WRITE_BUFFER_WATER_MARK, writeBufferWaterMark);
    bootstrap.option(ChannelOption.SO_KEEPALIVE, true);
    bootstrap.option(ChannelOption.SO_REUSEADDR, true);
    channelGroup = new DefaultChannelGroup("activemq-connector", GlobalEventExecutor.INSTANCE);
    final String realKeyStorePath;
    final String realKeyStoreProvider;
    final String realKeyStorePassword;
    final String realTrustStorePath;
    final String realTrustStoreProvider;
    final String realTrustStorePassword;
    if (sslEnabled) {
        // HORNETQ-680 - override the server-side config if client-side system properties are set
        realKeyStorePath = Stream.of(System.getProperty(JAVAX_KEYSTORE_PATH_PROP_NAME), System.getProperty(ACTIVEMQ_KEYSTORE_PATH_PROP_NAME), keyStorePath).map(v -> useDefaultSslContext ? keyStorePath : v).filter(Objects::nonNull).findFirst().orElse(null);
        realKeyStorePassword = Stream.of(System.getProperty(JAVAX_KEYSTORE_PASSWORD_PROP_NAME), System.getProperty(ACTIVEMQ_KEYSTORE_PASSWORD_PROP_NAME), keyStorePassword).map(v -> useDefaultSslContext ? keyStorePassword : v).filter(Objects::nonNull).findFirst().orElse(null);
        realKeyStoreProvider = Stream.of(System.getProperty(ACTIVEMQ_KEYSTORE_PROVIDER_PROP_NAME), keyStoreProvider).map(v -> useDefaultSslContext ? keyStoreProvider : v).filter(Objects::nonNull).findFirst().orElse(null);
        realTrustStorePath = Stream.of(System.getProperty(JAVAX_TRUSTSTORE_PATH_PROP_NAME), System.getProperty(ACTIVEMQ_TRUSTSTORE_PATH_PROP_NAME), trustStorePath).map(v -> useDefaultSslContext ? trustStorePath : v).filter(Objects::nonNull).findFirst().orElse(null);
        realTrustStorePassword = Stream.of(System.getProperty(JAVAX_TRUSTSTORE_PASSWORD_PROP_NAME), System.getProperty(ACTIVEMQ_TRUSTSTORE_PASSWORD_PROP_NAME), trustStorePassword).map(v -> useDefaultSslContext ? trustStorePassword : v).filter(Objects::nonNull).findFirst().orElse(null);
        realTrustStoreProvider = Stream.of(System.getProperty(ACTIVEMQ_TRUSTSTORE_PROVIDER_PROP_NAME), trustStoreProvider).map(v -> useDefaultSslContext ? trustStoreProvider : v).filter(Objects::nonNull).findFirst().orElse(null);
    } else {
        realKeyStorePath = null;
        realKeyStoreProvider = null;
        realKeyStorePassword = null;
        realTrustStorePath = null;
        realTrustStoreProvider = null;
        realTrustStorePassword = null;
    }
    bootstrap.handler(new ChannelInitializer<Channel>() {

        @Override
        public void initChannel(Channel channel) throws Exception {
            final ChannelPipeline pipeline = channel.pipeline();
            if (sslEnabled && !useServlet) {
                SSLEngine engine;
                if (sslProvider.equals(TransportConstants.OPENSSL_PROVIDER)) {
                    engine = loadOpenSslEngine(channel.alloc(), realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
                } else {
                    engine = loadJdkSslEngine(useDefaultSslContext, realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword);
                }
                engine.setUseClientMode(true);
                engine.setWantClientAuth(true);
                // setting the enabled cipher suites resets the enabled protocols so we need
                // to save the enabled protocols so that after the customer cipher suite is enabled
                // we can reset the enabled protocols if a customer protocol isn't specified
                String[] originalProtocols = engine.getEnabledProtocols();
                if (enabledCipherSuites != null) {
                    try {
                        engine.setEnabledCipherSuites(SSLSupport.parseCommaSeparatedListIntoArray(enabledCipherSuites));
                    } catch (IllegalArgumentException e) {
                        ActiveMQClientLogger.LOGGER.invalidCipherSuite(SSLSupport.parseArrayIntoCommandSeparatedList(engine.getSupportedCipherSuites()));
                        throw e;
                    }
                }
                if (enabledProtocols != null) {
                    try {
                        engine.setEnabledProtocols(SSLSupport.parseCommaSeparatedListIntoArray(enabledProtocols));
                    } catch (IllegalArgumentException e) {
                        ActiveMQClientLogger.LOGGER.invalidProtocol(SSLSupport.parseArrayIntoCommandSeparatedList(engine.getSupportedProtocols()));
                        throw e;
                    }
                } else {
                    engine.setEnabledProtocols(originalProtocols);
                }
                if (verifyHost) {
                    SSLParameters sslParameters = engine.getSSLParameters();
                    sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
                    engine.setSSLParameters(sslParameters);
                }
                SslHandler handler = new SslHandler(engine);
                pipeline.addLast("ssl", handler);
            }
            if (httpEnabled) {
                pipeline.addLast(new HttpRequestEncoder());
                pipeline.addLast(new HttpResponseDecoder());
                pipeline.addLast(new HttpObjectAggregator(Integer.MAX_VALUE));
                pipeline.addLast(new HttpHandler());
            }
            if (httpUpgradeEnabled) {
                // prepare to handle a HTTP 101 response to upgrade the protocol.
                final HttpClientCodec httpClientCodec = new HttpClientCodec();
                pipeline.addLast(httpClientCodec);
                pipeline.addLast("http-upgrade", new HttpUpgradeHandler(pipeline, httpClientCodec));
            }
            protocolManager.addChannelHandlers(pipeline);
            pipeline.addLast(new ActiveMQClientChannelHandler(channelGroup, handler, new Listener()));
        }
    });
    if (batchDelay > 0) {
        flusher = new BatchFlusher();
        batchFlusherFuture = scheduledThreadPool.scheduleWithFixedDelay(flusher, batchDelay, batchDelay, TimeUnit.MILLISECONDS);
    }
    ActiveMQClientLogger.LOGGER.startedNettyConnector(connectorType, TransportConstants.NETTY_VERSION, host, port);
}
Also used : AttributeKey(io.netty.util.AttributeKey) SSLContext(javax.net.ssl.SSLContext) HttpResponseDecoder(io.netty.handler.codec.http.HttpResponseDecoder) DefaultChannelGroup(io.netty.channel.group.DefaultChannelGroup) HttpObject(io.netty.handler.codec.http.HttpObject) BaseConnectionLifeCycleListener(org.apache.activemq.artemis.spi.core.remoting.BaseConnectionLifeCycleListener) Base64(io.netty.handler.codec.base64.Base64) HttpClientCodec(io.netty.handler.codec.http.HttpClientCodec) InetAddress(java.net.InetAddress) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) ActiveMQClientProtocolManager(org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQClientProtocolManager) ActiveMQComponent(org.apache.activemq.artemis.core.server.ActiveMQComponent) ActiveMQClientLogger(org.apache.activemq.artemis.core.client.ActiveMQClientLogger) ClientProtocolManager(org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManager) Map(java.util.Map) Level(io.netty.util.ResourceLeakDetector.Level) HttpRequest(io.netty.handler.codec.http.HttpRequest) ChannelPipeline(io.netty.channel.ChannelPipeline) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) Cookie(io.netty.handler.codec.http.cookie.Cookie) FullHttpRequest(io.netty.handler.codec.http.FullHttpRequest) StandardCharsets(java.nio.charset.StandardCharsets) CountDownLatch(java.util.concurrent.CountDownLatch) Stream(java.util.stream.Stream) SslHandler(io.netty.handler.ssl.SslHandler) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) HttpRequestEncoder(io.netty.handler.codec.http.HttpRequestEncoder) ActiveMQClientMessageBundle(org.apache.activemq.artemis.core.client.ActiveMQClientMessageBundle) ActiveMQDefaultConfiguration(org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration) ChannelOption(io.netty.channel.ChannelOption) SSLParameters(javax.net.ssl.SSLParameters) EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel) KQueueSocketChannel(io.netty.channel.kqueue.KQueueSocketChannel) ConfigurationHelper(org.apache.activemq.artemis.utils.ConfigurationHelper) ScheduledExecutorService(java.util.concurrent.ScheduledExecutorService) EpollEventLoopGroup(io.netty.channel.epoll.EpollEventLoopGroup) ConnectException(java.net.ConnectException) BufferHandler(org.apache.activemq.artemis.spi.core.remoting.BufferHandler) SslContext(io.netty.handler.ssl.SslContext) Executor(java.util.concurrent.Executor) ClientConnectionLifeCycleListener(org.apache.activemq.artemis.spi.core.remoting.ClientConnectionLifeCycleListener) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) Channel(io.netty.channel.Channel) Bootstrap(io.netty.bootstrap.Bootstrap) SimpleChannelInboundHandler(io.netty.channel.SimpleChannelInboundHandler) HttpHeaderNames(io.netty.handler.codec.http.HttpHeaderNames) Future(io.netty.util.concurrent.Future) HttpObjectAggregator(io.netty.handler.codec.http.HttpObjectAggregator) ScheduledFuture(java.util.concurrent.ScheduledFuture) SocketAddress(java.net.SocketAddress) DefaultFullHttpRequest(io.netty.handler.codec.http.DefaultFullHttpRequest) ByteBufAllocator(io.netty.buffer.ByteBufAllocator) URISyntaxException(java.net.URISyntaxException) FutureLatch(org.apache.activemq.artemis.utils.FutureLatch) SSLSupport(org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport) Unpooled(io.netty.buffer.Unpooled) GlobalEventExecutor(io.netty.util.concurrent.GlobalEventExecutor) DefaultHttpRequest(io.netty.handler.codec.http.DefaultHttpRequest) ChannelPromise(io.netty.channel.ChannelPromise) URI(java.net.URI) ChannelDuplexHandler(io.netty.channel.ChannelDuplexHandler) ChannelGroup(io.netty.channel.group.ChannelGroup) ChannelInitializer(io.netty.channel.ChannelInitializer) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HttpResponseStatus(io.netty.handler.codec.http.HttpResponseStatus) ResourceLeakDetector(io.netty.util.ResourceLeakDetector) InetSocketAddress(java.net.InetSocketAddress) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) Objects(java.util.Objects) AbstractConnector(org.apache.activemq.artemis.spi.core.remoting.AbstractConnector) List(java.util.List) HttpResponse(io.netty.handler.codec.http.HttpResponse) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) WriteBufferWaterMark(io.netty.channel.WriteBufferWaterMark) HttpVersion(io.netty.handler.codec.http.HttpVersion) MessageDigest(java.security.MessageDigest) IPV6Util(org.apache.activemq.artemis.utils.IPV6Util) Logger(org.jboss.logging.Logger) HashMap(java.util.HashMap) Base64.encodeBytes(org.apache.activemq.artemis.utils.Base64.encodeBytes) LoginContext(javax.security.auth.login.LoginContext) ConcurrentMap(java.util.concurrent.ConcurrentMap) SSLEngine(javax.net.ssl.SSLEngine) LastHttpContent(io.netty.handler.codec.http.LastHttpContent) ChannelHandlerContext(io.netty.channel.ChannelHandlerContext) ByteBuf(io.netty.buffer.ByteBuf) Connection(org.apache.activemq.artemis.spi.core.remoting.Connection) KQueueEventLoopGroup(io.netty.channel.kqueue.KQueueEventLoopGroup) EventLoopGroup(io.netty.channel.EventLoopGroup) HttpMethod(io.netty.handler.codec.http.HttpMethod) Subject(javax.security.auth.Subject) ChannelFuture(io.netty.channel.ChannelFuture) Epoll(io.netty.channel.epoll.Epoll) TimeUnit(java.util.concurrent.TimeUnit) Inet6Address(java.net.Inet6Address) FullHttpResponse(io.netty.handler.codec.http.FullHttpResponse) KQueue(io.netty.channel.kqueue.KQueue) Collections(java.util.Collections) ClientCookieDecoder(io.netty.handler.codec.http.cookie.ClientCookieDecoder) BaseConnectionLifeCycleListener(org.apache.activemq.artemis.spi.core.remoting.BaseConnectionLifeCycleListener) ClientConnectionLifeCycleListener(org.apache.activemq.artemis.spi.core.remoting.ClientConnectionLifeCycleListener) SSLEngine(javax.net.ssl.SSLEngine) HttpClientCodec(io.netty.handler.codec.http.HttpClientCodec) KQueueSocketChannel(io.netty.channel.kqueue.KQueueSocketChannel) SSLParameters(javax.net.ssl.SSLParameters) Bootstrap(io.netty.bootstrap.Bootstrap) WriteBufferWaterMark(io.netty.channel.WriteBufferWaterMark) HttpResponseDecoder(io.netty.handler.codec.http.HttpResponseDecoder) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) DefaultChannelGroup(io.netty.channel.group.DefaultChannelGroup) EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel) KQueueSocketChannel(io.netty.channel.kqueue.KQueueSocketChannel) Channel(io.netty.channel.Channel) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) ActiveMQException(org.apache.activemq.artemis.api.core.ActiveMQException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ConnectException(java.net.ConnectException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) URISyntaxException(java.net.URISyntaxException) ChannelPipeline(io.netty.channel.ChannelPipeline) SslHandler(io.netty.handler.ssl.SslHandler) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) HttpObjectAggregator(io.netty.handler.codec.http.HttpObjectAggregator) EpollEventLoopGroup(io.netty.channel.epoll.EpollEventLoopGroup) KQueueEventLoopGroup(io.netty.channel.kqueue.KQueueEventLoopGroup) HttpRequestEncoder(io.netty.handler.codec.http.HttpRequestEncoder)

Example 39 with SSLParameters

use of javax.net.ssl.SSLParameters in project activemq-artemis by apache.

the class NettyTransportSupport method createSslEngine.

/**
 * Create a new SSLEngine instance in client mode from the given SSLContext and
 * TransportSslOptions instances.
 *
 * @param remote
 *        the URI of the remote peer that will be used to initialize the engine, may be null
 *        if none should.
 * @param context
 *        the SSLContext to use when creating the engine.
 * @param options
 *        the TransportSslOptions to use to configure the new SSLEngine.
 *
 * @return a new SSLEngine instance in client mode.
 *
 * @throws Exception
 *         if an error occurs while creating the new SSLEngine.
 */
public static SSLEngine createSslEngine(URI remote, SSLContext context, NettyTransportSslOptions options) throws Exception {
    SSLEngine engine = null;
    if (remote == null) {
        engine = context.createSSLEngine();
    } else {
        engine = context.createSSLEngine(remote.getHost(), remote.getPort());
    }
    engine.setEnabledProtocols(buildEnabledProtocols(engine, options));
    engine.setEnabledCipherSuites(buildEnabledCipherSuites(engine, options));
    engine.setUseClientMode(true);
    if (options.isVerifyHost()) {
        SSLParameters sslParameters = engine.getSSLParameters();
        sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
        engine.setSSLParameters(sslParameters);
    }
    return engine;
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) SSLEngine(javax.net.ssl.SSLEngine)

Example 40 with SSLParameters

use of javax.net.ssl.SSLParameters in project cassandra by apache.

the class SocketFactory method newSslHandler.

/**
 * Creates a new {@link SslHandler} from provided SslContext.
 * @param peer enables endpoint verification for remote address when not null
 */
static SslHandler newSslHandler(Channel channel, SslContext sslContext, @Nullable InetSocketAddress peer) {
    if (peer == null)
        return sslContext.newHandler(channel.alloc());
    logger.debug("Creating SSL handler for {}:{}", peer.getHostString(), peer.getPort());
    SslHandler sslHandler = sslContext.newHandler(channel.alloc(), peer.getHostString(), peer.getPort());
    SSLEngine engine = sslHandler.engine();
    SSLParameters sslParameters = engine.getSSLParameters();
    sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
    engine.setSSLParameters(sslParameters);
    return sslHandler;
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) SSLEngine(javax.net.ssl.SSLEngine) SslHandler(io.netty.handler.ssl.SslHandler)

Aggregations

SSLParameters (javax.net.ssl.SSLParameters)153 SSLEngine (javax.net.ssl.SSLEngine)41 SSLContext (javax.net.ssl.SSLContext)29 SSLSocket (javax.net.ssl.SSLSocket)29 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)21 IOException (java.io.IOException)19 Test (org.junit.Test)18 Test (org.testng.annotations.Test)18 InetSocketAddress (java.net.InetSocketAddress)17 SNIHostName (javax.net.ssl.SNIHostName)16 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)13 SSLException (javax.net.ssl.SSLException)11 SslHandler (io.netty.handler.ssl.SslHandler)10 ArrayList (java.util.ArrayList)10 CertificateException (java.security.cert.CertificateException)9 ByteString (com.linkedin.data.ByteString)8 SNIServerName (javax.net.ssl.SNIServerName)8 HttpsConfigurator (com.sun.net.httpserver.HttpsConfigurator)7 HttpsParameters (com.sun.net.httpserver.HttpsParameters)7 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)7