Examples with SSLSocket - javax.net.ssl.SSLSocket

Example 11 with SSLSocket

use of javax.net.ssl.SSLSocket in project jetty.project by eclipse.

the class SniX509ExtendedKeyManager method chooseServerAlias.

@Override
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
    SSLSocket sslSocket = (SSLSocket) socket;
    String alias = chooseServerAlias(keyType, issuers, sslSocket.getSSLParameters().getSNIMatchers(), sslSocket.getHandshakeSession());
    if (alias == NO_MATCHERS)
        alias = _delegate.chooseServerAlias(keyType, issuers, socket);
    if (LOG.isDebugEnabled())
        LOG.debug("Chose alias {}/{} on {}", alias, keyType, socket);
    return alias;
}

Also used : SSLSocket(javax.net.ssl.SSLSocket)

Example 12 with SSLSocket

use of javax.net.ssl.SSLSocket in project jetty.project by eclipse.

the class TLSServerConnectionCloseTest method testServerSendsConnectionClose.

private void testServerSendsConnectionClose(boolean chunked, String content) throws Exception {
    ServerSocket server = new ServerSocket(0);
    int port = server.getLocalPort();
    startClient();
    Request request = client.newRequest("localhost", port).scheme("https").path("/ctx/path");
    FutureResponseListener listener = new FutureResponseListener(request);
    request.send(listener);
    Socket socket = server.accept();
    SSLContext sslContext = client.getSslContextFactory().getSslContext();
    SSLSocket sslSocket = (SSLSocket) sslContext.getSocketFactory().createSocket(socket, "localhost", port, false);
    sslSocket.setUseClientMode(false);
    sslSocket.startHandshake();
    InputStream input = sslSocket.getInputStream();
    consumeRequest(input);
    OutputStream output = sslSocket.getOutputStream();
    String serverResponse = "" + "HTTP/1.1 200 OK\r\n" + "Connection: close\r\n";
    if (chunked) {
        serverResponse += "" + "Transfer-Encoding: chunked\r\n" + "\r\n";
        for (int i = 0; i < 2; ++i) {
            serverResponse += Integer.toHexString(content.length()) + "\r\n" + content + "\r\n";
        }
        serverResponse += "" + "0\r\n" + "\r\n";
    } else {
        serverResponse += "Content-Length: " + content.length() + "\r\n";
        serverResponse += "\r\n";
        serverResponse += content;
    }
    output.write(serverResponse.getBytes("UTF-8"));
    output.flush();
    switch(closeMode) {
        case NONE:
            {
                break;
            }
        case CLOSE:
            {
                sslSocket.close();
                break;
            }
        case ABRUPT:
            {
                socket.shutdownOutput();
                break;
            }
        default:
            {
                throw new IllegalStateException();
            }
    }
    ContentResponse response = listener.get(5, TimeUnit.SECONDS);
    Assert.assertEquals(HttpStatus.OK_200, response.getStatus());
    // Give some time to process the connection.
    Thread.sleep(1000);
    // Connection should have been removed from pool.
    HttpDestinationOverHTTP destination = (HttpDestinationOverHTTP) client.getDestination("http", "localhost", port);
    DuplexConnectionPool connectionPool = (DuplexConnectionPool) destination.getConnectionPool();
    Assert.assertEquals(0, connectionPool.getConnectionCount());
    Assert.assertEquals(0, connectionPool.getIdleConnectionCount());
    Assert.assertEquals(0, connectionPool.getActiveConnectionCount());
}

Also used : ContentResponse(org.eclipse.jetty.client.api.ContentResponse) InputStream(java.io.InputStream) SSLSocket(javax.net.ssl.SSLSocket) OutputStream(java.io.OutputStream) Request(org.eclipse.jetty.client.api.Request) ServerSocket(java.net.ServerSocket) SSLContext(javax.net.ssl.SSLContext) HttpDestinationOverHTTP(org.eclipse.jetty.client.http.HttpDestinationOverHTTP) Socket(java.net.Socket) SSLSocket(javax.net.ssl.SSLSocket) ServerSocket(java.net.ServerSocket) FutureResponseListener(org.eclipse.jetty.client.util.FutureResponseListener)

Example 13 with SSLSocket

use of javax.net.ssl.SSLSocket in project jetty.project by eclipse.

the class SslBytesServerTest method testRequestConcurrentWithIdleExpiration.

@Test(timeout = 60000)
public void testRequestConcurrentWithIdleExpiration() throws Exception {
    final SSLSocket client = newClient();
    final OutputStream clientOutput = client.getOutputStream();
    final CountDownLatch latch = new CountDownLatch(1);
    idleHook = () -> {
        if (latch.getCount() == 0)
            return;
        try {
            // Send request
            clientOutput.write(("" + "GET / HTTP/1.1\r\n" + "Host: localhost\r\n" + "\r\n").getBytes(StandardCharsets.UTF_8));
            clientOutput.flush();
            latch.countDown();
        } catch (Exception x) {
            // Latch won't trigger and test will fail
            x.printStackTrace();
        }
    };
    SimpleProxy.AutomaticFlow automaticProxyFlow = proxy.startAutomaticFlow();
    client.startHandshake();
    Assert.assertTrue(automaticProxyFlow.stop(5, TimeUnit.SECONDS));
    Assert.assertTrue(latch.await(idleTimeout * 2, TimeUnit.MILLISECONDS));
    // Be sure that the server sent a SSL close alert
    TLSRecord record = proxy.readFromServer();
    Assert.assertNotNull(record);
    Assert.assertEquals(TLSRecord.Type.ALERT, record.getType());
    // Write the request to the server, to simulate a request
    // concurrent with the SSL close alert
    record = proxy.readFromClient();
    Assert.assertEquals(TLSRecord.Type.APPLICATION, record.getType());
    proxy.flushToServer(record, 0);
    // Check that we did not spin
    TimeUnit.MILLISECONDS.sleep(500);
    Assert.assertThat(sslFills.get(), Matchers.lessThan(20));
    Assert.assertThat(sslFlushes.get(), Matchers.lessThan(20));
    Assert.assertThat(httpParses.get(), Matchers.lessThan(50));
    record = proxy.readFromServer();
    Assert.assertNull(record);
    TimeUnit.MILLISECONDS.sleep(200);
    Assert.assertThat(((Dumpable) server.getConnectors()[0]).dump(), Matchers.not(Matchers.containsString("SCEP@")));
}

Also used : SSLSocket(javax.net.ssl.SSLSocket) ServletOutputStream(javax.servlet.ServletOutputStream) OutputStream(java.io.OutputStream) CountDownLatch(java.util.concurrent.CountDownLatch) ServletException(javax.servlet.ServletException) EOFException(java.io.EOFException) SocketTimeoutException(java.net.SocketTimeoutException) IOException(java.io.IOException) Test(org.junit.Test)

Example 14 with SSLSocket

use of javax.net.ssl.SSLSocket in project jetty.project by eclipse.

the class SslBytesServerTest method testRequestWithCloseAlert.

@Test(timeout = 60000)
public void testRequestWithCloseAlert() throws Exception {
    // Currently we are ignoring this test on anything other then linux
    // http://tools.ietf.org/html/rfc2246#section-7.2.1
    // TODO (react to this portion which seems to allow win/mac behavior)
    // It is required that the other party respond with a close_notify alert of its own
    // and close down the connection immediately, discarding any pending writes. It is not
    // required for the initiator of the close to wait for the responding
    // close_notify alert before closing the read side of the connection.
    Assume.assumeTrue(OS.IS_LINUX);
    final SSLSocket client = newClient();
    SimpleProxy.AutomaticFlow automaticProxyFlow = proxy.startAutomaticFlow();
    client.startHandshake();
    Assert.assertTrue(automaticProxyFlow.stop(5, TimeUnit.SECONDS));
    Future<Object> request = threadPool.submit(() -> {
        OutputStream clientOutput = client.getOutputStream();
        clientOutput.write(("" + "GET / HTTP/1.1\r\n" + "Host: localhost\r\n" + "\r\n").getBytes(StandardCharsets.UTF_8));
        clientOutput.flush();
        return null;
    });
    // Application data
    TLSRecord record = proxy.readFromClient();
    Assert.assertEquals(TLSRecord.Type.APPLICATION, record.getType());
    proxy.flushToServer(record);
    Assert.assertNull(request.get(5, TimeUnit.SECONDS));
    client.close();
    // Close Alert
    record = proxy.readFromClient();
    Assert.assertEquals(TLSRecord.Type.ALERT, record.getType());
    proxy.flushToServer(record);
    // Do not close the raw socket yet
    // Expect response from server
    // SSLSocket is limited and we cannot read the response, but we make sure
    // it is application data and not a close alert
    record = proxy.readFromServer();
    Assert.assertNotNull(record);
    Assert.assertEquals(TLSRecord.Type.APPLICATION, record.getType());
    proxy.flushToClient(record);
    // Socket close
    record = proxy.readFromServer();
    if (record != null) {
        Assert.assertEquals(record.getType(), Type.ALERT);
        // Now should be a raw close
        record = proxy.readFromServer();
        Assert.assertNull(String.valueOf(record), record);
    }
    // Check that we did not spin
    TimeUnit.MILLISECONDS.sleep(500);
    Assert.assertThat(sslFills.get(), Matchers.lessThan(20));
    Assert.assertThat(sslFlushes.get(), Matchers.lessThan(20));
    Assert.assertThat(httpParses.get(), Matchers.lessThan(20));
    // Socket close
    record = proxy.readFromClient();
    Assert.assertNull(String.valueOf(record), record);
    proxy.flushToServer(record);
}

Also used : SSLSocket(javax.net.ssl.SSLSocket) ServletOutputStream(javax.servlet.ServletOutputStream) OutputStream(java.io.OutputStream) Test(org.junit.Test)

Example 15 with SSLSocket

use of javax.net.ssl.SSLSocket in project jetty.project by eclipse.

the class SslBytesServerTest method testHandshake.

@Test(timeout = 10000)
public void testHandshake() throws Exception {
    final SSLSocket client = newClient();
    Future<Object> handshake = threadPool.submit(() -> {
        client.startHandshake();
        return null;
    });
    // Client Hello
    TLSRecord record = proxy.readFromClient();
    Assert.assertNotNull(record);
    proxy.flushToServer(record);
    // Server Hello + Certificate + Server Done
    record = proxy.readFromServer();
    Assert.assertNotNull(record);
    proxy.flushToClient(record);
    // Client Key Exchange
    record = proxy.readFromClient();
    Assert.assertNotNull(record);
    proxy.flushToServer(record);
    // Change Cipher Spec
    record = proxy.readFromClient();
    Assert.assertNotNull(record);
    proxy.flushToServer(record);
    // Client Done
    record = proxy.readFromClient();
    Assert.assertNotNull(record);
    proxy.flushToServer(record);
    // Change Cipher Spec
    record = proxy.readFromServer();
    Assert.assertNotNull(record);
    proxy.flushToClient(record);
    // Server Done
    record = proxy.readFromServer();
    Assert.assertNotNull(record);
    proxy.flushToClient(record);
    Assert.assertNull(handshake.get(5, TimeUnit.SECONDS));
    // Check that we did not spin
    TimeUnit.MILLISECONDS.sleep(500);
    Assert.assertThat(sslFills.get(), Matchers.lessThan(20));
    Assert.assertThat(sslFlushes.get(), Matchers.lessThan(20));
    Assert.assertThat(httpParses.get(), Matchers.lessThan(20));
    closeClient(client);
}

Also used : SSLSocket(javax.net.ssl.SSLSocket) Test(org.junit.Test)

Aggregations

SSLSocket (javax.net.ssl.SSLSocket)326 IOException (java.io.IOException)101 Test (org.junit.Test)62 SSLContext (javax.net.ssl.SSLContext)59 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)59 Socket (java.net.Socket)57 OutputStream (java.io.OutputStream)50 InetSocketAddress (java.net.InetSocketAddress)39 CertificateException (java.security.cert.CertificateException)33 SSLException (javax.net.ssl.SSLException)32 SSLSession (javax.net.ssl.SSLSession)31 InputStream (java.io.InputStream)30 SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)30 SSLServerSocket (javax.net.ssl.SSLServerSocket)27 SocketTimeoutException (java.net.SocketTimeoutException)24 SocketException (java.net.SocketException)23 ServerSocket (java.net.ServerSocket)22 UnknownHostException (java.net.UnknownHostException)21 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)21 InputStreamReader (java.io.InputStreamReader)19