@Override public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException { if (!option.isAuthPeer()) { return; } String ip = null; if (socket != null && socket.isConnected() && socket instanceof SSLSocket) { InetAddress inetAddress = socket.getInetAddress(); if (inetAddress != null) { ip = inetAddress.getHostAddress(); } } checkTrustedCustom(chain, ip); trustManager.checkClientTrusted(chain, authType, socket); }
@Override public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException { if (!option.isAuthPeer()) { return; } String ip = null; if (socket != null && socket.isConnected() && socket instanceof SSLSocket) { InetAddress inetAddress = socket.getInetAddress(); if (inetAddress != null) { ip = inetAddress.getHostAddress(); } } checkTrustedCustom(chain, ip); trustManager.checkServerTrusted(chain, authType, socket); }
public static SSLEngine createSSLEngine(SSLOption option, SSLCustom custom, String peerHost, int peerPort) { SSLContext context = createSSLContext(option, custom); SSLEngine engine = context.createSSLEngine(peerHost, peerPort); engine.setEnabledProtocols(option.getProtocols().split(",")); String[] supported = engine.getSupportedCipherSuites(); String[] eanbled = option.getCiphers().split(","); engine.setEnabledCipherSuites(getEnabledCiphers(supported, eanbled)); engine.setNeedClientAuth(option.isAuthPeer()); return engine; }
@Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { if (!option.isAuthPeer()) { return; } checkTrustedCustom(chain, null); trustManager.checkClientTrusted(chain, authType); }
public static SSLEngine createSSLEngine(SSLOption option, SSLCustom custom) { SSLContext context = createSSLContext(option, custom); SSLEngine engine = context.createSSLEngine(); engine.setEnabledProtocols(option.getProtocols().split(",")); String[] supported = engine.getSupportedCipherSuites(); String[] eanbled = option.getCiphers().split(","); engine.setEnabledCipherSuites(getEnabledCiphers(supported, eanbled)); engine.setNeedClientAuth(option.isAuthPeer()); return engine; }
@Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { if (!option.isAuthPeer()) { return; } checkTrustedCustom(chain, null); trustManager.checkServerTrusted(chain, authType); }
public static ClientOptionsBase buildClientOptionsBase(SSLOption sslOption, SSLCustom sslCustom, ClientOptionsBase clientOptionsBase) { buildTCPSSLOptions(sslOption, sslCustom, clientOptionsBase); if (sslOption.isAuthPeer()) { clientOptionsBase.setTrustAll(false); } else { clientOptionsBase.setTrustAll(true); } return clientOptionsBase; }
public static NetServerOptions buildNetServerOptions(SSLOption sslOption, SSLCustom sslCustom, NetServerOptions netServerOptions) { buildTCPSSLOptions(sslOption, sslCustom, netServerOptions); if (sslOption.isAuthPeer()) { netServerOptions.setClientAuth(ClientAuth.REQUIRED); } else { netServerOptions.setClientAuth(ClientAuth.REQUEST); } return netServerOptions; }
public static SSLServerSocket createSSLServerSocket(SSLOption option, SSLCustom custom) { try { SSLContext context = createSSLContext(option, custom); SSLServerSocketFactory factory = context.getServerSocketFactory(); SSLServerSocket socket = (SSLServerSocket) factory.createServerSocket(); socket.setEnabledProtocols(option.getProtocols().split(",")); String[] supported = socket.getSupportedCipherSuites(); String[] eanbled = option.getCiphers().split(","); socket.setEnabledCipherSuites(getEnabledCiphers(supported, eanbled)); socket.setNeedClientAuth(option.isAuthPeer()); return socket; } catch (UnknownHostException e) { throw new IllegalArgumentException("unkown host"); } catch (IOException e) { throw new IllegalArgumentException("unable create socket"); } }
@Override public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { if (!option.isAuthPeer()) { return; } String ip = null; if (engine != null) { SSLSession session = engine.getHandshakeSession(); ip = session.getPeerHost(); } checkTrustedCustom(chain, ip); trustManager.checkServerTrusted(chain, authType, engine); }
@Override public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { if (!option.isAuthPeer()) { return; } String ip = null; if (engine != null) { SSLSession session = engine.getHandshakeSession(); ip = session.getPeerHost(); } checkTrustedCustom(chain, ip); trustManager.checkClientTrusted(chain, authType, engine); }
getStringProperty(configSource, DEFAULT_OPTION.getCiphers(), "ssl." + tag + ".ciphers", "ssl.ciphers"); option.authPeer = getBooleanProperty(configSource, DEFAULT_OPTION.isAuthPeer(), "ssl." + tag + ".authPeer", "ssl.authPeer"); option.checkCNHost = getBooleanProperty(configSource,