Example 36 with SSLSocket
use of javax.net.ssl.SSLSocket in project jetty.project by eclipse.
the class SslUploadTest method test.
@Test
@Ignore
public void test() throws Exception {
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
SslContextFactory ctx = connector.getConnectionFactory(SslConnectionFactory.class).getSslContextFactory();
try (InputStream stream = new FileInputStream(ctx.getKeyStorePath())) {
keystore.load(stream, "storepwd".toCharArray());
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystore);
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
final SSLSocket socket = (SSLSocket) sslContext.getSocketFactory().createSocket("localhost", connector.getLocalPort());
// Simulate async close
/*
new Thread()
{
@Override
public void run()
{
try
{
sleep(100);
socket.close();
}
catch (IOException x)
{
x.printStackTrace();
}
catch (InterruptedException x)
{
Thread.currentThread().interrupt();
}
}
}.start();
*/
long start = System.nanoTime();
OutputStream out = socket.getOutputStream();
out.write("POST / HTTP/1.1\r\n".getBytes());
out.write("Host: localhost\r\n".getBytes());
out.write("Content-Length: 16777216\r\n".getBytes());
out.write("Content-Type: bytes\r\n".getBytes());
out.write("Connection: close\r\n".getBytes());
out.write("\r\n".getBytes());
out.flush();
byte[] requestContent = new byte[16777216];
Arrays.fill(requestContent, (byte) 120);
out.write(requestContent);
out.flush();
InputStream in = socket.getInputStream();
String response = IO.toString(in);
assertTrue(response.indexOf("200") > 0);
// System.err.println(response);
// long end = System.nanoTime();
// System.out.println("upload time: " + TimeUnit.NANOSECONDS.toMillis(end - start));
assertEquals(requestContent.length, total);
}
Also used :
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
SSLSocket(javax.net.ssl.SSLSocket)
OutputStream(java.io.OutputStream)
SSLContext(javax.net.ssl.SSLContext)
SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
Ignore(org.junit.Ignore)
Test(org.junit.Test)
Example 37 with SSLSocket
use of javax.net.ssl.SSLSocket in project jetty.project by eclipse.
the class SlowClientsTest method testSlowClientsWithSmallThreadPool.
@Test(timeout = 10000)
public void testSlowClientsWithSmallThreadPool() throws Exception {
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");
int maxThreads = 6;
int contentLength = 8 * 1024 * 1024;
QueuedThreadPool serverThreads = new QueuedThreadPool(maxThreads);
serverThreads.setDetailedDump(true);
Server server = new Server(serverThreads);
try {
ServerConnector connector = new ServerConnector(server, 1, 1, sslContextFactory);
connector.setPort(8888);
server.addConnector(connector);
server.setHandler(new AbstractHandler() {
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
baseRequest.setHandled(true);
logger.info("SERVING {}", target);
// Write some big content.
response.getOutputStream().write(new byte[contentLength]);
logger.info("SERVED {}", target);
}
});
server.start();
SSLContext sslContext = sslContextFactory.getSslContext();
CompletableFuture[] futures = new CompletableFuture[2 * maxThreads];
ExecutorService executor = Executors.newFixedThreadPool(futures.length);
for (int i = 0; i < futures.length; i++) {
int k = i;
futures[i] = CompletableFuture.runAsync(() -> {
try (SSLSocket socket = (SSLSocket) sslContext.getSocketFactory().createSocket("localhost", connector.getLocalPort())) {
socket.setSoTimeout(contentLength / 1024);
OutputStream output = socket.getOutputStream();
String target = "/" + k;
String request = "GET " + target + " HTTP/1.1\r\n" + "Host: localhost\r\n" + "Connection: close\r\n" + "\r\n";
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
while (serverThreads.getIdleThreads() > 0) Thread.sleep(50);
InputStream input = socket.getInputStream();
while (true) {
int read = input.read();
if (read < 0)
break;
}
logger.info("FINISHED {}", target);
} catch (IOException x) {
throw new UncheckedIOException(x);
} catch (InterruptedException x) {
throw new UncheckedIOException(new InterruptedIOException());
}
}, executor);
}
CompletableFuture.allOf(futures).join();
} finally {
server.stop();
}
}
Also used :
InterruptedIOException(java.io.InterruptedIOException)
Server(org.eclipse.jetty.server.Server)
InputStream(java.io.InputStream)
SSLSocket(javax.net.ssl.SSLSocket)
OutputStream(java.io.OutputStream)
Request(org.eclipse.jetty.server.Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
UncheckedIOException(java.io.UncheckedIOException)
InterruptedIOException(java.io.InterruptedIOException)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
SSLContext(javax.net.ssl.SSLContext)
AbstractHandler(org.eclipse.jetty.server.handler.AbstractHandler)
ServerConnector(org.eclipse.jetty.server.ServerConnector)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
CompletableFuture(java.util.concurrent.CompletableFuture)
QueuedThreadPool(org.eclipse.jetty.util.thread.QueuedThreadPool)
ExecutorService(java.util.concurrent.ExecutorService)
File(java.io.File)
Test(org.junit.Test)
Example 38 with SSLSocket
use of javax.net.ssl.SSLSocket in project jetty.project by eclipse.
the class SniSslConnectionFactoryTest method testSameConnectionRequestsForManyWildDomains.
@Test
public void testSameConnectionRequestsForManyWildDomains() throws Exception {
SslContextFactory clientContextFactory = new SslContextFactory(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
try (SSLSocket sslSocket = (SSLSocket) factory.createSocket("127.0.0.1", _port)) {
SNIHostName serverName = new SNIHostName("www.domain.com");
SSLParameters params = sslSocket.getSSLParameters();
params.setServerNames(Collections.singletonList(serverName));
sslSocket.setSSLParameters(params);
sslSocket.startHandshake();
String request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: www.domain.com\r\n" + "\r\n";
OutputStream output = sslSocket.getOutputStream();
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
InputStream input = sslSocket.getInputStream();
String response = response(input);
Assert.assertTrue(response.startsWith("HTTP/1.1 200 "));
// Now, on the same socket, send a request for a different valid domain.
request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: assets.domain.com\r\n" + "\r\n";
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
response = response(input);
Assert.assertTrue(response.startsWith("HTTP/1.1 200 "));
// Now make a request for an invalid domain for this connection.
request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: www.example.com\r\n" + "\r\n";
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
response = response(input);
Assert.assertTrue(response.startsWith("HTTP/1.1 400 "));
Assert.assertThat(response, Matchers.containsString("Host does not match SNI"));
} finally {
clientContextFactory.stop();
}
}
Also used :
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
SSLParameters(javax.net.ssl.SSLParameters)
SNIHostName(javax.net.ssl.SNIHostName)
InputStream(java.io.InputStream)
SSLSocket(javax.net.ssl.SSLSocket)
OutputStream(java.io.OutputStream)
Matchers.containsString(org.hamcrest.Matchers.containsString)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
Test(org.junit.Test)
Example 39 with SSLSocket
use of javax.net.ssl.SSLSocket in project jetty.project by eclipse.
the class SniSslConnectionFactoryTest method testSameConnectionRequestsForManyDomains.
@Test
public void testSameConnectionRequestsForManyDomains() throws Exception {
SslContextFactory clientContextFactory = new SslContextFactory(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
try (SSLSocket sslSocket = (SSLSocket) factory.createSocket("127.0.0.1", _port)) {
SNIHostName serverName = new SNIHostName("m.san.com");
SSLParameters params = sslSocket.getSSLParameters();
params.setServerNames(Collections.singletonList(serverName));
sslSocket.setSSLParameters(params);
sslSocket.startHandshake();
// The first request binds the socket to an alias.
String request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: m.san.com\r\n" + "\r\n";
OutputStream output = sslSocket.getOutputStream();
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
InputStream input = sslSocket.getInputStream();
String response = response(input);
Assert.assertTrue(response.startsWith("HTTP/1.1 200 "));
// Same socket, send a request for a different domain but same alias.
request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: www.san.com\r\n" + "\r\n";
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
response = response(input);
Assert.assertTrue(response.startsWith("HTTP/1.1 200 "));
// Same socket, send a request for a different domain but different alias.
request = "" + "GET /ctx/path HTTP/1.1\r\n" + "Host: www.example.com\r\n" + "\r\n";
output.write(request.getBytes(StandardCharsets.UTF_8));
output.flush();
response = response(input);
assertThat(response, startsWith("HTTP/1.1 400 "));
assertThat(response, containsString("Host does not match SNI"));
} finally {
clientContextFactory.stop();
}
}
Also used :
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
SSLParameters(javax.net.ssl.SSLParameters)
SNIHostName(javax.net.ssl.SNIHostName)
InputStream(java.io.InputStream)
SSLSocket(javax.net.ssl.SSLSocket)
OutputStream(java.io.OutputStream)
Matchers.containsString(org.hamcrest.Matchers.containsString)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
Test(org.junit.Test)
Example 40 with SSLSocket
use of javax.net.ssl.SSLSocket in project android_frameworks_base by ParanoidAndroid.
the class SSLCertificateSocketFactory method verifyHostname.
/**
* Verify the hostname of the certificate used by the other end of a
* connected socket. You MUST call this if you did not supply a hostname
* to {@link #createSocket()}. It is harmless to call this method
* redundantly if the hostname has already been verified.
*
* <p>Wildcard certificates are allowed to verify any matching hostname,
* so "foo.bar.example.com" is verified if the peer has a certificate
* for "*.example.com".
*
* @param socket An SSL socket which has been connected to a server
* @param hostname The expected hostname of the remote server
* @throws IOException if something goes wrong handshaking with the server
* @throws SSLPeerUnverifiedException if the server cannot prove its identity
*
* @hide
*/
public static void verifyHostname(Socket socket, String hostname) throws IOException {
if (!(socket instanceof SSLSocket)) {
throw new IllegalArgumentException("Attempt to verify non-SSL socket");
}
if (!isSslCheckRelaxed()) {
// The code at the start of OpenSSLSocketImpl.startHandshake()
// ensures that the call is idempotent, so we can safely call it.
SSLSocket ssl = (SSLSocket) socket;
ssl.startHandshake();
SSLSession session = ssl.getSession();
if (session == null) {
throw new SSLException("Cannot verify SSL socket without session");
}
if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) {
throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
}
}
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
SSLSession(javax.net.ssl.SSLSession)
SSLException(javax.net.ssl.SSLException)
Aggregations
SSLSocket (javax.net.ssl.SSLSocket)326
IOException (java.io.IOException)101
Test (org.junit.Test)62
SSLContext (javax.net.ssl.SSLContext)59
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)59
Socket (java.net.Socket)57
OutputStream (java.io.OutputStream)50
InetSocketAddress (java.net.InetSocketAddress)39
CertificateException (java.security.cert.CertificateException)33
SSLException (javax.net.ssl.SSLException)32
SSLSession (javax.net.ssl.SSLSession)31
InputStream (java.io.InputStream)30
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)30
SSLServerSocket (javax.net.ssl.SSLServerSocket)27
SocketTimeoutException (java.net.SocketTimeoutException)24
SocketException (java.net.SocketException)23
ServerSocket (java.net.ServerSocket)22
UnknownHostException (java.net.UnknownHostException)21
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)21
InputStreamReader (java.io.InputStreamReader)19
