use of javax.net.ssl.SSLParameters in project neo4j by neo4j.
the class ClientSideHostnameVerificationEngineModification method apply.
/**
* Apply modifications to engine to enable hostname verification (client side only)
*
* @param sslEngine the engine used for handling TLS. Will be mutated by this method
* @return the updated sslEngine that allows client side hostname verification
*/
@Override
public SSLEngine apply(SSLEngine sslEngine) {
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setEndpointIdentificationAlgorithm(VerificationAlgorithm.HTTPS.getValue());
sslEngine.setSSLParameters(sslParameters);
return sslEngine;
}
use of javax.net.ssl.SSLParameters in project jedis by xetorthio.
the class SSLACLJedisClusterTest method connectToNodesFailsWithSSLParametersAndNoHostMapping.
@Test
public void connectToNodesFailsWithSSLParametersAndNoHostMapping() {
final SSLParameters sslParameters = new SSLParameters();
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
try (JedisCluster jc = new JedisCluster(new HostAndPort("localhost", 8379), DefaultJedisClientConfig.builder().user("default").password("cluster").ssl(true).sslParameters(sslParameters).hostAndPortMapper(portMap).build(), DEFAULT_REDIRECTIONS, DEFAULT_POOL_CONFIG)) {
jc.get("foo");
Assert.fail("It should fail after all cluster attempts.");
// } catch (JedisClusterMaxAttemptsException e) {
} catch (JedisClusterOperationException e) {
// initial connection to localhost works, but subsequent connections to nodes use 127.0.0.1
// and fail hostname verification
assertEquals("No more cluster attempts left.", e.getMessage());
}
}
use of javax.net.ssl.SSLParameters in project jedis by xetorthio.
the class SSLACLJedisClusterTest method connectToNodesSucceedsWithSSLParametersAndHostMapping.
@Test
public void connectToNodesSucceedsWithSSLParametersAndHostMapping() {
final SSLParameters sslParameters = new SSLParameters();
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
try (JedisCluster jc = new JedisCluster(new HostAndPort("localhost", 8379), DefaultJedisClientConfig.builder().user("default").password("cluster").ssl(true).sslParameters(sslParameters).hostAndPortMapper(hostAndPortMap).build(), DEFAULT_REDIRECTIONS, DEFAULT_POOL_CONFIG)) {
jc.get("foo");
}
}
use of javax.net.ssl.SSLParameters in project jedis by xetorthio.
the class SSLACLJedisClusterTest method connectByIpAddressFailsWithSSLParameters.
@Test
public void connectByIpAddressFailsWithSSLParameters() {
final SSLParameters sslParameters = new SSLParameters();
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
try (JedisCluster jc = new JedisCluster(new HostAndPort("127.0.0.1", 8379), DefaultJedisClientConfig.builder().user("default").password("cluster").ssl(true).sslParameters(sslParameters).hostAndPortMapper(hostAndPortMap).build(), DEFAULT_REDIRECTIONS, DEFAULT_POOL_CONFIG)) {
// jc.get("key");
// Assert.fail("There should be no reachable node in cluster.");
// // } catch (JedisNoReachableClusterNodeException e) {
} catch (JedisClusterOperationException e) {
// assertEquals("No reachable node in cluster.", e.getMessage());
assertEquals("Could not initialize cluster slots cache.", e.getMessage());
}
}
use of javax.net.ssl.SSLParameters in project kafka by apache.
the class DefaultSslEngineFactory method createSslEngine.
private SSLEngine createSslEngine(Mode mode, String peerHost, int peerPort, String endpointIdentification) {
SSLEngine sslEngine = sslContext.createSSLEngine(peerHost, peerPort);
if (cipherSuites != null)
sslEngine.setEnabledCipherSuites(cipherSuites);
if (enabledProtocols != null)
sslEngine.setEnabledProtocols(enabledProtocols);
if (mode == Mode.SERVER) {
sslEngine.setUseClientMode(false);
switch(sslClientAuth) {
case REQUIRED:
sslEngine.setNeedClientAuth(true);
break;
case REQUESTED:
sslEngine.setWantClientAuth(true);
break;
case NONE:
break;
}
sslEngine.setUseClientMode(false);
} else {
sslEngine.setUseClientMode(true);
SSLParameters sslParams = sslEngine.getSSLParameters();
// SSLParameters#setEndpointIdentificationAlgorithm enables endpoint validation
// only in client mode. Hence, validation is enabled only for clients.
sslParams.setEndpointIdentificationAlgorithm(endpointIdentification);
sslEngine.setSSLParameters(sslParams);
}
return sslEngine;
}
Aggregations