protected SSLEngine engineCreateSSLEngine() { final SSLEngine sslEngine = super.engineCreateSSLEngine(); final SSLConfigurator sslConfigurator = this.sslConfigurator; sslConfigurator.configure(getDelegate(), sslEngine); return wrap ? new ConfiguredSSLEngine(sslEngine, getDelegate(), sslConfigurator) : sslEngine; }
/** * Remove the given protocol. Matching protocols may be re-added by a later rule. * * @param protocolName the name of the protocol to remove * @return a new selector which includes the new rule */ public ProtocolSelector remove(final String protocolName) { return remove(Protocol.forName(protocolName)); }
/** * Push all cipher suites which are matched by the given predicate to the end of the enabled ciphers list. Only * cipher suites which are already enabled will be moved; no cipher suites are added by this transformation. * * @param predicate the predicate to match * @return a new selector which includes the new rule */ public CipherSuiteSelector pushToEnd(final CipherSuitePredicate predicate) { return predicate == null || predicate.isAlwaysFalse() || predicate.isAlwaysTrue() ? this : new PushToEndCipherSuiteSelector(this, predicate); }
/** * Permanently delete the given protocol. Matching protocols cannot * be re-added by a later rule (such rules will be ignored). * * @param protocolName the name of the protocol to remove * @return a new selector which includes the new rule */ public ProtocolSelector deleteFully(final String protocolName) { return deleteFully(Protocol.forName(protocolName)); }
/** * A convenience method to permanently delete a cipher suite by name. This is a shortcut for calling * {@code deleteFully(Predicate.matchName(cipherSuiteName))}. The cipher suite name must be a standard or OpenSSL-style * mechanism name identifying a single mechanism. * * @param cipherSuiteName the cipher suite name * @return a new selector which includes the new rule */ public CipherSuiteSelector deleteFully(final String cipherSuiteName) { return deleteFully(CipherSuitePredicate.matchName(cipherSuiteName)); }
/** * Add all cipher suites which are matched by the given predicate. The cipher suites are added in a reasonably * logical order. Any suites which are not supported by the underlying socket layer will not be added. * * @param predicate the predicate to match * @return a new selector which includes the new rule */ public CipherSuiteSelector add(final CipherSuitePredicate predicate) { return predicate == null || predicate.isAlwaysFalse() ? this : new AddingCipherSuiteSelector(this, predicate); }
/** * Match all of the given predicates. * * @param predicates the predicates * @return a predicate that is {@code true} when all nested predicates are {@code true} */ public static CipherSuitePredicate matchAll(CipherSuitePredicate... predicates) { return optimize(new AndCipherSuitePredicate(predicates)); }
/** * Match any of the given predicates. * * @param predicates the predicates * @return a predicate that is {@code true} when any nested predicate is {@code true} */ public static CipherSuitePredicate matchAny(CipherSuitePredicate... predicates) { return optimize(new OrCipherSuitePredicate(predicates)); }
private Socket wrap(Socket orig) { if (orig instanceof SSLSocket) { final SSLSocket sslSocket = (SSLSocket) orig; final SSLContext sslContext = this.sslContext; final SSLConfigurator sslConfigurator = this.sslConfigurator; sslConfigurator.configure(sslContext, sslSocket); return wrap ? new ConfiguredSSLSocket(sslSocket, sslContext, sslConfigurator) : sslSocket; } else { return orig; } } }
private ServerSocket wrap(ServerSocket original) throws IOException { if (original instanceof SSLServerSocket) { final SSLServerSocket sslServerSocket = (SSLServerSocket) original; final SSLContext sslContext = this.sslContext; final SSLConfigurator sslConfigurator = this.sslConfigurator; sslConfigurator.configure(sslContext, sslServerSocket); return wrap ? new ConfiguredSSLServerSocket(sslServerSocket, sslContext, sslConfigurator) : sslServerSocket; } else { return original; } } }
/** * Remove all cipher suites which are matched by the given predicate. Matching ciphers may be re-added by a later * rule. * * @param predicate the predicate to match * @return a new selector which includes the new rule */ public CipherSuiteSelector remove(final CipherSuitePredicate predicate) { return predicate == null || predicate.isAlwaysFalse() ? this : new RemovingCipherSuiteSelector(this, predicate); }
/** * A convenience method to remove a cipher suite by name. This is a shortcut for calling * {@code remove(Predicate.matchName(cipherSuiteName))}. The cipher suite name must be a standard or OpenSSL-style * mechanism name identifying a single mechanism. * * @param cipherSuiteName the cipher suite name * @return a new selector which includes the new rule */ public CipherSuiteSelector remove(final String cipherSuiteName) { return remove(CipherSuitePredicate.matchName(cipherSuiteName)); }
/** * A convenience method to push a cipher suite by name to the end of the enabled ciphers list. This is a shortcut * for calling {@code pushToEnd(Predicate.matchName(cipherSuiteName))}. In particular, no cipher suites are added * by this transformation. The cipher suite name must be a standard or OpenSSL-style mechanism name identifying a * single mechanism. * * @param cipherSuiteName the cipher suite name * @return a new selector which includes the new rule */ public CipherSuiteSelector pushToEnd(final String cipherSuiteName) { return pushToEnd(CipherSuitePredicate.matchName(cipherSuiteName)); }
/** * A convenience method to add a cipher suite by name. If the underlying socket layer does not support the named * cipher suite, or if the cipher suite is invalid, it will not be added. This is a shortcut for calling * {@code add(Predicate.matchName(cipherSuiteName))}. The cipher suite name must be a standard or OpenSSL-style * mechanism name identifying a single mechanism. * * @param cipherSuiteName the cipher suite name * @return a new selector which includes the new rule */ public CipherSuiteSelector add(final String cipherSuiteName) { return add(CipherSuitePredicate.matchName(cipherSuiteName)); }
/** * Invert the given predicate. * * @param predicate the predicate * @return a predicate which is {@code true} when the nested predicate is {@code false}, and vice-versa */ public static CipherSuitePredicate matchNot(CipherSuitePredicate predicate) { return optimize(new NotCipherSuitePredicate(predicate)); }
/** * Create a configured SSL context from an outside SSL context. * * @param original the original SSL context * @param sslConfigurator the SSL configurator * @param wrap should the resulting SSLEngine, SSLSocket, and SSLServerSocket instances be wrapped using the configurator. * @return the configured SSL context */ public static SSLContext createConfiguredSslContext(SSLContext original, final SSLConfigurator sslConfigurator, final boolean wrap) { return new DelegatingSSLContext(new ConfiguredSSLContextSpi(original, sslConfigurator, wrap)); }
public void setEnableSessionCreation(final boolean enabled) { sslConfigurator.setEnableSessionCreation(sslContext, getDelegate(), enabled); } }
protected SSLEngine engineCreateSSLEngine(final String host, final int port) { final SSLEngine sslEngine = super.engineCreateSSLEngine(host, port); final SSLConfigurator sslConfigurator = this.sslConfigurator; sslConfigurator.configure(getDelegate(), sslEngine); return wrap ? new ConfiguredSSLEngine(sslEngine, getDelegate(), sslConfigurator) : sslEngine; }