private String[] filterCipherSuits(SSLEngine result) { if (null==cipherSuits) { //TODO: rewrite with recursive count... String[] enabledCipherSuites = result.getSupportedCipherSuites(); int count = 0; int i = enabledCipherSuites.length; while (--i>=0) { if (containsPerfectForward(enabledCipherSuites, i)) { if (doesNotContainWeakCipher(enabledCipherSuites, i)) { count++; } } } String[] temp = new String[count]; i = enabledCipherSuites.length; int j = 0; while (--i>=0) { if (containsPerfectForward(enabledCipherSuites, i)) { if (doesNotContainWeakCipher(enabledCipherSuites, i)) { if (LOG_CYPHERS) { logger.info("enable cipher suite: {}",enabledCipherSuites[i]); } temp[j++]=enabledCipherSuites[i]; } } } cipherSuits = temp; } return cipherSuits; }
public SSLEngine createSSLEngineServer() { SSLEngine result = context.createSSLEngine(); result.setEnabledCipherSuites(filterCipherSuits(result)); result.setEnabledProtocols(protocols); return result; }
private TLSService(KeyManagerFactory keyManagerFactory, TrustManagerFactory trustManagerFactory, boolean trustAll, SecureRandom secureRandom) { try { this.protocols = selectSupportedProtocols(); KeyManager[] keyManagers = keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null; TrustManager[] trustManagers = null; if (trustAll) { trustManagers = TLSCertificateTrust.trustManagerFactoryTrustAllCerts(); } else if (trustManagerFactory != null) { trustManagers = trustManagerFactory.getTrustManagers(); } context = SSLContext.getInstance(this.protocols[0]); context.init(keyManagers, trustManagers, secureRandom); } catch (Exception e) { throw new RuntimeException(e); } //run once first to determine which cypher suites we will be using. createSSLEngineServer(); }
SSLEngine createSSLEngine() { return getService().createSSLEngineServer(); }
public static TLSService make(InputStream keyStoreInputStream, String keystorePassword, InputStream trustStoreInputStream, String keyPassword, boolean trustAll) { KeyManagerFactory keyManagerFactory=null; TrustManagerFactory trustManagerFactory=null; try { keyManagerFactory = keyStoreInputStream != null ? TLSCertificateTrust.createKeyManagers(keyStoreInputStream, keystorePassword, keyPassword) : null; } catch (Exception e) { throw new RuntimeException(e); } try { trustManagerFactory = trustStoreInputStream != null ? TLSCertificateTrust.createTrustManagers(trustStoreInputStream, keystorePassword) : null; } catch (Exception e) { throw new RuntimeException(e); } return new TLSService(keyManagerFactory, trustManagerFactory, trustAll, null); }
int maxEncryptedContentLength() { return getService().maxEncryptedContentLength(); }
public SSLEngine createSSLEngine(String host, int port) { return getService().createSSLEngineClient(host, port); }
privateService = TLSService.make(identityStoreInputStream, certificates.keyStorePassword(), trustInputStream,
private TLSService(KeyManagerFactory keyManagerFactory, TrustManagerFactory trustManagerFactory, boolean trustAll, SecureRandom secureRandom) { try { this.protocols = selectSupportedProtocols(); KeyManager[] keyManagers = keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null; TrustManager[] trustManagers = null; if (trustAll) { trustManagers = TLSCertificateTrust.trustManagerFactoryTrustAllCerts(); } else if (trustManagerFactory != null) { trustManagers = trustManagerFactory.getTrustManagers(); } context = SSLContext.getInstance(this.protocols[0]); context.init(keyManagers, trustManagers, secureRandom); } catch (Exception e) { throw new RuntimeException(e); } //run once first to determine which cypher suites we will be using. createSSLEngineServer(); }
private TLSService(KeyManagerFactory keyManagerFactory, TrustManagerFactory trustManagerFactory, boolean trustAll, SecureRandom secureRandom) { try { //protocol The SSL/TLS protocol to be used. Java 1.6 will only run with up to TLSv1 protocol. Java 1.7 or higher also supports TLSv1.1 and TLSv1.2 protocols. final String PROTOCOL = "TLSv1.2"; final String PROTOCOL1_3 = "TLSv1.3"; //check Java version and move up to this ASAP. this.protocols = new String[]{PROTOCOL}; //[SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2] KeyManager[] keyManagers = keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null; TrustManager[] trustManagers = null; if (trustAll) { trustManagers = TLSCertificateTrust.trustManagerFactoryTrustAllCerts(); } else if (trustManagerFactory != null) { trustManagers = trustManagerFactory.getTrustManagers(); } context = SSLContext.getInstance(PROTOCOL); context.init(keyManagers, trustManagers, secureRandom); } catch (Exception e) { throw new RuntimeException(e); } //run once first to determine which cypher suites we will be using. createSSLEngineServer(); }
public static TLSService make(InputStream keyStoreInputStream, String keystorePassword, InputStream trustStoreInputStream, String keyPassword, boolean trustAll) { KeyManagerFactory keyManagerFactory=null; TrustManagerFactory trustManagerFactory=null; try { keyManagerFactory = keyStoreInputStream != null ? TLSCertificateTrust.createKeyManagers(keyStoreInputStream, keystorePassword, keyPassword) : null; } catch (Exception e) { throw new RuntimeException(e); } try { trustManagerFactory = trustStoreInputStream != null ? TLSCertificateTrust.createTrustManagers(trustStoreInputStream, keystorePassword) : null; } catch (Exception e) { throw new RuntimeException(e); } return new TLSService(keyManagerFactory, trustManagerFactory, trustAll, null); }
private String[] filterCipherSuits(SSLEngine result) { if (null==cipherSuits) { //TODO: rewrite with recursive count... String[] enabledCipherSuites = result.getSupportedCipherSuites(); int count = 0; int i = enabledCipherSuites.length; while (--i>=0) { if (containsPerfectForward(enabledCipherSuites, i)) { if (doesNotContainWeakCipher(enabledCipherSuites, i)) { count++; } } } String[] temp = new String[count]; i = enabledCipherSuites.length; int j = 0; while (--i>=0) { if (containsPerfectForward(enabledCipherSuites, i)) { if (doesNotContainWeakCipher(enabledCipherSuites, i)) { if (LOG_CYPHERS) { logger.info("enable cipher suite: {}",enabledCipherSuites[i]); } temp[j++]=enabledCipherSuites[i]; } } } cipherSuits = temp; } return cipherSuits; }
public SSLEngine createSSLEngineClient(String host, int port) { SSLEngine result = context.createSSLEngine(host, port); result.setEnabledCipherSuites(filterCipherSuits(result)); result.setEnabledProtocols(protocols); return result; }
public static TLSService make(InputStream keyStoreInputStream, String keystorePassword, InputStream trustStoreInputStream, String keyPassword, boolean trustAll) { KeyManagerFactory keyManagerFactory=null; TrustManagerFactory trustManagerFactory=null; try { keyManagerFactory = keyStoreInputStream != null ? TLSCertificateTrust.createKeyManagers(keyStoreInputStream, keystorePassword, keyPassword) : null; } catch (Exception e) { throw new RuntimeException(e); } try { trustManagerFactory = trustStoreInputStream != null ? TLSCertificateTrust.createTrustManagers(trustStoreInputStream, keystorePassword) : null; } catch (Exception e) { throw new RuntimeException(e); } return new TLSService(keyManagerFactory, trustManagerFactory, trustAll, null); }
private String[] filterCipherSuits(SSLEngine result) { if (null==cipherSuits) { //TODO: rewrite with recursive count... String[] enabledCipherSuites = result.getSupportedCipherSuites(); int count = 0; int i = enabledCipherSuites.length; while (--i>=0) { if (containsPerfectForward(enabledCipherSuites, i)) { if (doesNotContainWeakCipher(enabledCipherSuites, i)) { count++; } } } String[] temp = new String[count]; i = enabledCipherSuites.length; int j = 0; while (--i>=0) { if (containsPerfectForward(enabledCipherSuites, i)) { if (doesNotContainWeakCipher(enabledCipherSuites, i)) { if (LOG_CYPHERS) { logger.info("enable cipher suite: {}",enabledCipherSuites[i]); } temp[j++]=enabledCipherSuites[i]; } } } cipherSuits = temp; } return cipherSuits; }
public SSLEngine createSSLEngineClient(String host, int port) { SSLEngine result = context.createSSLEngine(host, port); result.setEnabledCipherSuites(filterCipherSuits(result)); result.setEnabledProtocols(protocols); return result; }
public SSLEngine createSSLEngineServer() { SSLEngine result = context.createSSLEngine(); result.setEnabledCipherSuites(filterCipherSuits(result)); result.setEnabledProtocols(protocols); return result; }
public SSLEngine createSSLEngineClient(String host, int port) { SSLEngine result = context.createSSLEngine(host, port); result.setEnabledCipherSuites(filterCipherSuits(result)); result.setEnabledProtocols(protocols); return result; }
public SSLEngine createSSLEngineServer() { SSLEngine result = context.createSSLEngine(); result.setEnabledCipherSuites(filterCipherSuits(result)); result.setEnabledProtocols(protocols); return result; }