Search in sources :

Example 41 with SSLParameters

use of javax.net.ssl.SSLParameters in project neo4j by neo4j.

the class ClientSideHostnameVerificationEngineModification method apply.

/**
 * Apply modifications to engine to enable hostname verification (client side only)
 *
 * @param sslEngine the engine used for handling TLS. Will be mutated by this method
 * @return the updated sslEngine that allows client side hostname verification
 */
@Override
public SSLEngine apply(SSLEngine sslEngine) {
    SSLParameters sslParameters = sslEngine.getSSLParameters();
    sslParameters.setEndpointIdentificationAlgorithm(VerificationAlgorithm.HTTPS.getValue());
    sslEngine.setSSLParameters(sslParameters);
    return sslEngine;
}
Also used : SSLParameters(javax.net.ssl.SSLParameters)

Example 42 with SSLParameters

use of javax.net.ssl.SSLParameters in project jedis by xetorthio.

the class SSLACLJedisClusterTest method connectToNodesFailsWithSSLParametersAndNoHostMapping.

@Test
public void connectToNodesFailsWithSSLParametersAndNoHostMapping() {
    final SSLParameters sslParameters = new SSLParameters();
    sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
    try (JedisCluster jc = new JedisCluster(new HostAndPort("localhost", 8379), DefaultJedisClientConfig.builder().user("default").password("cluster").ssl(true).sslParameters(sslParameters).hostAndPortMapper(portMap).build(), DEFAULT_REDIRECTIONS, DEFAULT_POOL_CONFIG)) {
        jc.get("foo");
        Assert.fail("It should fail after all cluster attempts.");
    // } catch (JedisClusterMaxAttemptsException e) {
    } catch (JedisClusterOperationException e) {
        // initial connection to localhost works, but subsequent connections to nodes use 127.0.0.1
        // and fail hostname verification
        assertEquals("No more cluster attempts left.", e.getMessage());
    }
}
Also used : JedisClusterOperationException(redis.clients.jedis.exceptions.JedisClusterOperationException) SSLParameters(javax.net.ssl.SSLParameters) Test(org.junit.Test)

Example 43 with SSLParameters

use of javax.net.ssl.SSLParameters in project jedis by xetorthio.

the class SSLACLJedisClusterTest method connectToNodesSucceedsWithSSLParametersAndHostMapping.

@Test
public void connectToNodesSucceedsWithSSLParametersAndHostMapping() {
    final SSLParameters sslParameters = new SSLParameters();
    sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
    try (JedisCluster jc = new JedisCluster(new HostAndPort("localhost", 8379), DefaultJedisClientConfig.builder().user("default").password("cluster").ssl(true).sslParameters(sslParameters).hostAndPortMapper(hostAndPortMap).build(), DEFAULT_REDIRECTIONS, DEFAULT_POOL_CONFIG)) {
        jc.get("foo");
    }
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) Test(org.junit.Test)

Example 44 with SSLParameters

use of javax.net.ssl.SSLParameters in project jedis by xetorthio.

the class SSLACLJedisClusterTest method connectByIpAddressFailsWithSSLParameters.

@Test
public void connectByIpAddressFailsWithSSLParameters() {
    final SSLParameters sslParameters = new SSLParameters();
    sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
    try (JedisCluster jc = new JedisCluster(new HostAndPort("127.0.0.1", 8379), DefaultJedisClientConfig.builder().user("default").password("cluster").ssl(true).sslParameters(sslParameters).hostAndPortMapper(hostAndPortMap).build(), DEFAULT_REDIRECTIONS, DEFAULT_POOL_CONFIG)) {
    // jc.get("key");
    // Assert.fail("There should be no reachable node in cluster.");
    // //    } catch (JedisNoReachableClusterNodeException e) {
    } catch (JedisClusterOperationException e) {
        // assertEquals("No reachable node in cluster.", e.getMessage());
        assertEquals("Could not initialize cluster slots cache.", e.getMessage());
    }
}
Also used : JedisClusterOperationException(redis.clients.jedis.exceptions.JedisClusterOperationException) SSLParameters(javax.net.ssl.SSLParameters) Test(org.junit.Test)

Example 45 with SSLParameters

use of javax.net.ssl.SSLParameters in project kafka by apache.

the class DefaultSslEngineFactory method createSslEngine.

private SSLEngine createSslEngine(Mode mode, String peerHost, int peerPort, String endpointIdentification) {
    SSLEngine sslEngine = sslContext.createSSLEngine(peerHost, peerPort);
    if (cipherSuites != null)
        sslEngine.setEnabledCipherSuites(cipherSuites);
    if (enabledProtocols != null)
        sslEngine.setEnabledProtocols(enabledProtocols);
    if (mode == Mode.SERVER) {
        sslEngine.setUseClientMode(false);
        switch(sslClientAuth) {
            case REQUIRED:
                sslEngine.setNeedClientAuth(true);
                break;
            case REQUESTED:
                sslEngine.setWantClientAuth(true);
                break;
            case NONE:
                break;
        }
        sslEngine.setUseClientMode(false);
    } else {
        sslEngine.setUseClientMode(true);
        SSLParameters sslParams = sslEngine.getSSLParameters();
        // SSLParameters#setEndpointIdentificationAlgorithm enables endpoint validation
        // only in client mode. Hence, validation is enabled only for clients.
        sslParams.setEndpointIdentificationAlgorithm(endpointIdentification);
        sslEngine.setSSLParameters(sslParams);
    }
    return sslEngine;
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) SSLEngine(javax.net.ssl.SSLEngine)

Aggregations

SSLParameters (javax.net.ssl.SSLParameters)153 SSLEngine (javax.net.ssl.SSLEngine)41 SSLContext (javax.net.ssl.SSLContext)29 SSLSocket (javax.net.ssl.SSLSocket)29 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)21 IOException (java.io.IOException)19 Test (org.junit.Test)18 Test (org.testng.annotations.Test)18 InetSocketAddress (java.net.InetSocketAddress)17 SNIHostName (javax.net.ssl.SNIHostName)16 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)13 SSLException (javax.net.ssl.SSLException)11 SslHandler (io.netty.handler.ssl.SslHandler)10 ArrayList (java.util.ArrayList)10 CertificateException (java.security.cert.CertificateException)9 ByteString (com.linkedin.data.ByteString)8 SNIServerName (javax.net.ssl.SNIServerName)8 HttpsConfigurator (com.sun.net.httpserver.HttpsConfigurator)7 HttpsParameters (com.sun.net.httpserver.HttpsParameters)7 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)7