@Override public SSLParameters getSSLParameters() { return engine.getSSLParameters(); }
@Override public SSLParameters getSSLParameters() { return delegate.getSSLParameters(); }
@Override public SSLParameters getSSLParameters() { return engine.getSSLParameters(); }
public SSLParameters getSSLParameters() { return delegate.getSSLParameters(); }
@Override public SSLParameters getSSLParameters() { return engine.getSSLParameters(); }
public SSLParameters getSSLParameters() { return currentRef.get().getSSLParameters(); }
public SSLParameters getSSLParameters() { return currentRef.get().getSSLParameters(); }
public SSLParameters getSSLParameters() { return currentRef.get().getSSLParameters(); }
static void setApplicationProtocols(SSLEngine engine, List<String> supportedProtocols) { SSLParameters parameters = engine.getSSLParameters(); String[] protocolArray = supportedProtocols.toArray(EmptyArrays.EMPTY_STRINGS); try { SET_APPLICATION_PROTOCOLS.invoke(parameters, new Object[]{protocolArray}); } catch (UnsupportedOperationException ex) { throw ex; } catch (Exception ex) { throw new IllegalStateException(ex); } engine.setSSLParameters(parameters); }
static void setApplicationProtocols(SSLEngine engine, List<String> supportedProtocols) { SSLParameters parameters = engine.getSSLParameters(); String[] protocolArray = supportedProtocols.toArray(EmptyArrays.EMPTY_STRINGS); try { SET_APPLICATION_PROTOCOLS.invoke(parameters, new Object[]{protocolArray}); } catch (UnsupportedOperationException ex) { throw ex; } catch (Exception ex) { throw new IllegalStateException(ex); } engine.setSSLParameters(parameters); }
private SSLEngine createSslEngine(SSLContext sslContext, String peerHost, int peerPort) { SSLEngine sslEngine = sslContext.createSSLEngine(peerHost, peerPort); if (cipherSuites != null) sslEngine.setEnabledCipherSuites(cipherSuites); if (enabledProtocols != null) sslEngine.setEnabledProtocols(enabledProtocols); // SSLParameters#setEndpointIdentificationAlgorithm enables endpoint validation // only in client mode. Hence, validation is enabled only for clients. if (mode == Mode.SERVER) { sslEngine.setUseClientMode(false); if (needClientAuth) sslEngine.setNeedClientAuth(needClientAuth); else sslEngine.setWantClientAuth(wantClientAuth); } else { sslEngine.setUseClientMode(true); SSLParameters sslParams = sslEngine.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm(endpointIdentification); sslEngine.setSSLParameters(sslParams); } return sslEngine; }
@Override public SSLEngine setProtocols(SSLEngine engine, String[] protocols) { SSLParameters sslParameters = engine.getSSLParameters(); try { JDK_9_ALPN_METHODS.setApplicationProtocols().invoke(sslParameters, (Object) protocols); } catch (IllegalAccessException | InvocationTargetException e) { throw new RuntimeException(e); } engine.setSSLParameters(sslParameters); return engine; }
protected void configureSslEngine(SSLEngine sslEngine, AsyncHttpClientConfig config) { sslEngine.setUseClientMode(true); if (!config.isDisableHttpsEndpointIdentificationAlgorithm()) { SSLParameters params = sslEngine.getSSLParameters(); params.setEndpointIdentificationAlgorithm("HTTPS"); sslEngine.setSSLParameters(params); } } }
/** * Apply modifications to engine to enable hostname verification (client side only) * * @param sslEngine the engine used for handling TLS. Will be mutated by this method * @return the updated sslEngine that allows client side hostname verification */ @Override public SSLEngine apply( SSLEngine sslEngine ) { SSLParameters sslParameters = sslEngine.getSSLParameters(); sslParameters.setEndpointIdentificationAlgorithm( VerificationAlgorithm.HTTPS.getValue() ); sslEngine.setSSLParameters( sslParameters ); return sslEngine; }
@Override public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { // The Netty client we use for the internal client does not provide an option to disable the standard hostname // validation. When using custom certificate checks, we want to allow that option, so we change the endpoint // identification algorithm here. This is not needed for the server-side, since the Jetty server does provide // an option for enabling/disabling standard hostname validation. if (!validateServerHostnames) { SSLParameters params = engine.getSSLParameters(); params.setEndpointIdentificationAlgorithm(null); engine.setSSLParameters(params); } certificateChecker.checkServer(chain, authType, engine, delegate); } }
public void configure(final SSLContext context, final SSLEngine sslEngine) { sslEngine.setUseClientMode(clientMode); final SSLParameters sslParameters = sslEngine.getSSLParameters(); configure(sslParameters, sslEngine.getSupportedProtocols(), sslEngine.getSupportedCipherSuites()); sslEngine.setSSLParameters(sslParameters); }
/** * Configures the specified {@link SslHandler} with common settings. */ private static SslHandler configureSslHandler(SslHandler sslHandler) { // Set endpoint identification algorithm so that JDK's default X509TrustManager implementation // performs host name checks. Without this, the X509TrustManager implementation will never raise // a CertificateException even if the domain name or IP address mismatches. final SSLEngine engine = sslHandler.engine(); final SSLParameters params = engine.getSSLParameters(); params.setEndpointIdentificationAlgorithm("HTTPS"); engine.setSSLParameters(params); return sslHandler; }
@Override protected TestSslTransportLayer newTransportLayer(String id, SelectionKey key, SSLEngine sslEngine) throws IOException { SSLParameters sslParams = sslEngine.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm("HTTPS"); sslEngine.setSSLParameters(sslParams); return super.newTransportLayer(id, key, sslEngine); } };
public void handleEvent(final StreamConnection connection) { try { SSLEngine sslEngine = JsseSslUtils.createSSLEngine(sslContext, optionMap, destination); SSLParameters params = sslEngine.getSSLParameters(); params.setServerNames(Collections.singletonList(new SNIHostName(destination.getHostString()))); sslEngine.setSSLParameters(params); final SslConnection wrappedConnection = new UndertowSslConnection(connection, sslEngine, bufferPool); if (!futureResult.setResult(wrappedConnection)) { IoUtils.safeClose(connection); } else { ChannelListeners.invokeChannelListener(wrappedConnection, openListener); } } catch (Throwable e) { futureResult.setException(new IOException(e)); } } }
@Override public final synchronized SSLParameters getSSLParameters() { SSLParameters sslParameters = super.getSSLParameters(); int version = PlatformDependent.javaVersion(); if (version >= 7) { sslParameters.setEndpointIdentificationAlgorithm(endPointIdentificationAlgorithm); Java7SslParametersUtils.setAlgorithmConstraints(sslParameters, algorithmConstraints); if (version >= 8) { if (sniHostNames != null) { Java8SslUtils.setSniHostNames(sslParameters, sniHostNames); } if (!isDestroyed()) { Java8SslUtils.setUseCipherSuitesOrder( sslParameters, (SSL.getOptions(ssl) & SSL.SSL_OP_CIPHER_SERVER_PREFERENCE) != 0); } Java8SslUtils.setSNIMatchers(sslParameters, matchers); } } return sslParameters; }