public SSLParameters getSSLParameters() { return delegate.getSSLParameters(); }
@Override public void configureTlsExtensions(SSLSocket sslSocket, String hostname, List<Protocol> protocols) { try { SSLParameters sslParameters = sslSocket.getSSLParameters(); List<String> names = alpnProtocolNames(protocols); setProtocolMethod.invoke(sslParameters, new Object[] {names.toArray(new String[names.size()])}); sslSocket.setSSLParameters(sslParameters); } catch (IllegalAccessException | InvocationTargetException e) { throw new AssertionError("failed to set SSL parameters", e); } }
@Override public void configureTlsExtensions(SSLSocket sslSocket, String hostname, List<Protocol> protocols) { try { SSLParameters sslParameters = sslSocket.getSSLParameters(); List<String> names = alpnProtocolNames(protocols); setProtocolMethod.invoke(sslParameters, new Object[] {names.toArray(new String[names.size()])}); sslSocket.setSSLParameters(sslParameters); } catch (IllegalAccessException | InvocationTargetException e) { throw assertionError("unable to set ssl parameters", e); } }
@Override public void configureTlsExtensions(SSLSocket sslSocket, String hostname, List<Protocol> protocols) { try { SSLParameters sslParameters = sslSocket.getSSLParameters(); List<String> names = alpnProtocolNames(protocols); setProtocolMethod.invoke(sslParameters, new Object[] {names.toArray(new String[names.size()])}); sslSocket.setSSLParameters(sslParameters); } catch (IllegalAccessException | InvocationTargetException e) { throw new AssertionError("failed to set SSL parameters", e); } }
static void setServerNames(Socket socket, String[] hostnames) { if ((socket instanceof SSLSocket) == false) { return; } if (hostnames == null) { return; } SSLParameters parameters = ((SSLSocket)socket).getSSLParameters(); if (parameters == null) { return; } // Call SSLParameters.setServerNames(List<SNIServerName>) method. setServerNames(parameters, hostnames); } }
private static TSocket getSSLSocketWithHttps(TSocket tSSLSocket) throws TTransportException { SSLSocket sslSocket = (SSLSocket) tSSLSocket.getSocket(); SSLParameters sslParams = sslSocket.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm("HTTPS"); sslSocket.setSSLParameters(sslParams); return new TSocket(sslSocket); } }
private static TSocket getSSLSocketWithHttps(TSocket tSSLSocket) throws TTransportException { SSLSocket sslSocket = (SSLSocket) tSSLSocket.getSocket(); SSLParameters sslParams = sslSocket.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm("HTTPS"); sslSocket.setSSLParameters(sslParams); return new TSocket(sslSocket); }
private SSLSocket configureSSLSocket(SSLSocket socket, boolean isClientSocket) { SSLParameters sslParameters = socket.getSSLParameters(); configureSslParameters(sslParameters, isClientSocket); socket.setSSLParameters(sslParameters); socket.setUseClientMode(isClientSocket); return socket; }
public void configure(final SSLContext context, final SSLSocket sslSocket) { sslSocket.setUseClientMode(clientMode); final SSLParameters sslParameters = sslSocket.getSSLParameters(); configure(sslParameters, sslSocket.getSupportedProtocols(), sslSocket.getSupportedCipherSuites()); sslSocket.setSSLParameters(sslParameters); }
SSLParameters sslParameters = sslSocket.getSSLParameters(); sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); sslSocket.setSSLParameters(sslParameters);
@SuppressWarnings("deprecation") static void initialize(final Socket socket, final InetSocketAddress inetSocketAddress, final SocketSettings settings, final SslSettings sslSettings) throws IOException { socket.setTcpNoDelay(true); socket.setSoTimeout(settings.getReadTimeout(MILLISECONDS)); socket.setKeepAlive(settings.isKeepAlive()); if (settings.getReceiveBufferSize() > 0) { socket.setReceiveBufferSize(settings.getReceiveBufferSize()); } if (settings.getSendBufferSize() > 0) { socket.setSendBufferSize(settings.getSendBufferSize()); } if (sslSettings.isEnabled() || socket instanceof SSLSocket) { if (!(socket instanceof SSLSocket)) { throw new MongoInternalException("SSL is enabled but the socket is not an instance of javax.net.ssl.SSLSocket"); } SSLSocket sslSocket = (SSLSocket) socket; SSLParameters sslParameters = sslSocket.getSSLParameters(); if (sslParameters == null) { sslParameters = new SSLParameters(); } enableSni(inetSocketAddress.getHostName(), sslParameters); if (!sslSettings.isInvalidHostNameAllowed()) { enableHostNameVerification(sslParameters); } sslSocket.setSSLParameters(sslParameters); } socket.connect(inetSocketAddress, settings.getConnectTimeout(MILLISECONDS)); }
/** * Enables host verification for SSL, if so configured. */ @Override public void postProcessSocket(Socket socket) { if (this.sslVerifyHost && socket instanceof SSLSocket) { SSLSocket sslSocket = (SSLSocket) socket; SSLParameters sslParameters = sslSocket.getSSLParameters(); // HTTPS works for any TCP connection. // It checks SAN (Subject Alternative Name) as well as CN. sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); sslSocket.setSSLParameters(sslParameters); } }
public SSLSocket newSslSocket() throws IOException { checkIsStarted(); SSLContext context = getSslContext(); SSLSocketFactory factory = context.getSocketFactory(); SSLSocket socket = (SSLSocket)factory.createSocket(); socket.setSSLParameters(customize(socket.getSSLParameters())); return socket; }
@Override public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { SSLSocket sslSocket = (SSLSocket)socket; String alias = socket==null?NO_MATCHERS:chooseServerAlias(keyType,issuers,sslSocket.getSSLParameters().getSNIMatchers(),sslSocket.getHandshakeSession()); if (alias==NO_MATCHERS) alias=_delegate.chooseServerAlias(keyType,issuers,socket); if (LOG.isDebugEnabled()) LOG.debug("Chose alias {}/{} on {}",alias,keyType,socket); return alias; }
private void disableSNI(SSLSocket socket) { // effectively disable SNI by passing an empty server name list (works only in Java 8 or higher) SSLParameters sslParameters = socket.getSSLParameters(); Method setServerNamesMethod; try { setServerNamesMethod = sslParameters.getClass().getMethod("setServerNames", List.class); setServerNamesMethod.invoke(sslParameters, new ArrayList<Object>()); socket.setSSLParameters(sslParameters); } catch (Exception e) { // Java 6/7, nothing we can do here (setting jsse.enableSNIExtension wouldn't work here anymore) } }
protected void prepareSocketForSni(SSLSocket socket) { if(!sniHostNames.isEmpty()) { List<SNIServerName> sniNames = new ArrayList<>(sniHostNames.size()); for(String sniHostName : sniHostNames) { sniNames.add(new SNIHostName(sniHostName)); } SSLParameters sslParameters = socket.getSSLParameters(); sslParameters.setServerNames(sniNames); socket.setSSLParameters(sslParameters); } }
@Override public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException { SSLSession session = null; SSLParameters parameters = null; if (socket instanceof SSLSocket) { SSLSocket sslSocket = (SSLSocket) socket; session = getHandshakeSessionOrThrow(sslSocket); parameters = sslSocket.getSSLParameters(); } checkTrusted(chain, authType, session, parameters, true /* client auth */); }
private Socket overrideHostname(final Socket socket, String hostname) { if (hostname == null) { return socket; } final SSLSocket sslSocket = (SSLSocket) socket; final SSLParameters params = sslSocket.getSSLParameters(); params.setServerNames(Collections.<SNIServerName>singletonList(new SNIHostName(hostname))); sslSocket.setSSLParameters(params); return sslSocket; } }
/** Sets relevant socket options specified in encryption settings */ private static void prepareSocket(SSLSocket socket, EncryptionOptions options) { String[] suites = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites); if(options.require_endpoint_verification) { SSLParameters sslParameters = socket.getSSLParameters(); sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); socket.setSSLParameters(sslParameters); } socket.setEnabledCipherSuites(suites); }
@Override protected void prepareSocket(SSLSocket socket) throws IOException { if(sniHostName.isPresent()) { SSLParameters sslParameters = socket.getSSLParameters(); sslParameters.setServerNames(Arrays.asList(new SNIHostName(sniHostName.get()))); socket.setSSLParameters(sslParameters); } } }).build();