/** * {@inheritDoc} */ @Override protected ServerSocketFactory getServerSocketFactory() throws Exception { if (socketFactory == null) { SSLContext sslContext = getSsl().createContext(this); SSLParametersConfiguration parameters = getSsl().getParameters(); parameters.setContext(getContext()); socketFactory = new ConfigurableSSLServerSocketFactory(parameters, sslContext.getServerSocketFactory()); } return socketFactory; }
/** * {@inheritDoc} */ @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { SSLSocket socket = (SSLSocket) delegate.createSocket(address, port, localAddress, localPort); parameters.configure(new SSLConfigurableSocket(socket)); return socket; }
/** * Creates a new server using a custom SSL context. * @param lc logger context for received events * @param port port on which the server is to listen * @param sslContext custom SSL context */ public SimpleSSLSocketServer(LoggerContext lc, int port, SSLContext sslContext) { super(lc, port); if (sslContext == null) { throw new NullPointerException("SSL context required"); } SSLParametersConfiguration parameters = new SSLParametersConfiguration(); parameters.setContext(lc); this.socketFactory = new ConfigurableSSLServerSocketFactory(parameters, sslContext.getServerSocketFactory()); }
/** * Gets the set of enabled cipher suites based on the configuration. * @param supportedCipherSuites cipher suites supported by the SSL engine * @param defaultCipherSuites default cipher suites enabled by the SSL engine * @return enabled cipher suites */ private String[] enabledCipherSuites(String[] supportedCipherSuites, String[] defaultCipherSuites) { if (enabledCipherSuites == null) { // we're assuming that the same engine is used for all configurables // so once we determine the enabled set, we won't do it again if (OptionHelper.isEmpty(getIncludedCipherSuites()) && OptionHelper.isEmpty(getExcludedCipherSuites())) { enabledCipherSuites = Arrays.copyOf(defaultCipherSuites, defaultCipherSuites.length); } else { enabledCipherSuites = includedStrings(supportedCipherSuites, getIncludedCipherSuites(), getExcludedCipherSuites()); } for (String cipherSuite : enabledCipherSuites) { addInfo("enabled cipher suite: " + cipherSuite); } } return enabledCipherSuites; }
/** * Gets the set of enabled protocols based on the configuration. * @param supportedProtocols protocols supported by the SSL engine * @param defaultProtocols default protocols enabled by the SSL engine * @return enabled protocols */ private String[] enabledProtocols(String[] supportedProtocols, String[] defaultProtocols) { if (enabledProtocols == null) { // we're assuming that the same engine is used for all configurables // so once we determine the enabled set, we won't do it again if (OptionHelper.isEmpty(getIncludedProtocols()) && OptionHelper.isEmpty(getExcludedProtocols())) { enabledProtocols = Arrays.copyOf(defaultProtocols, defaultProtocols.length); } else { enabledProtocols = includedStrings(supportedProtocols, getIncludedProtocols(), getExcludedProtocols()); } for (String protocol : enabledProtocols) { addInfo("enabled protocol: " + protocol); } } return enabledProtocols; }
/** * Configures SSL parameters on an {@link SSLConfigurable}. * @param socket the subject configurable */ public void configure(SSLConfigurable socket) { socket.setEnabledProtocols(enabledProtocols( socket.getSupportedProtocols(), socket.getDefaultProtocols())); socket.setEnabledCipherSuites(enabledCipherSuites( socket.getSupportedCipherSuites(), socket.getDefaultCipherSuites())); if (isNeedClientAuth() != null) { socket.setNeedClientAuth(isNeedClientAuth()); } if (isWantClientAuth() != null) { socket.setWantClientAuth(isWantClientAuth()); } }
/** * Gets the SSL parameters configuration. * @return parameters configuration; if no parameters object was * configured, a default parameters object is returned */ public SSLParametersConfiguration getParameters() { if (parameters == null) { parameters = new SSLParametersConfiguration(); } return parameters; }
@Test public void testSetIncludedAndExcludedProtocols() throws Exception { configurable.setSupportedProtocols(new String[] { "A", "B", "C" }); configuration.setIncludedProtocols("A, B"); configuration.setExcludedProtocols("B"); configuration.configure(configurable); assertTrue(Arrays.equals(new String[] { "A" }, configurable.getEnabledProtocols())); }
@Test public void testSetExcludedAndIncludedCipherSuites() throws Exception { configurable.setSupportedCipherSuites(new String[] { "A", "B", "C" }); configuration.setIncludedCipherSuites("A, B"); configuration.setExcludedCipherSuites("B"); configuration.configure(configurable); assertTrue(Arrays.equals(new String[] { "A" }, configurable.getEnabledCipherSuites())); }
@Test public void testSetNeedClientAuth() throws Exception { configuration.setNeedClientAuth(true); configuration.configure(configurable); assertTrue(configurable.isNeedClientAuth()); }
@Test public void testSetWantClientAuth() throws Exception { configuration.setWantClientAuth(true); configuration.configure(configurable); assertTrue(configurable.isWantClientAuth()); }
@Test public void testSetExcludedCipherSuites() throws Exception { configurable.setSupportedCipherSuites(new String[] { "A", "B" }); configuration.setExcludedCipherSuites("A"); configuration.configure(configurable); assertTrue(Arrays.equals(new String[]{ "B" }, configurable.getEnabledCipherSuites())); }
@Test public void testSetIncludedCipherSuites() throws Exception { configurable.setSupportedCipherSuites(new String[] { "A", "B", "C", "D" }); configuration.setIncludedCipherSuites("A,B ,C, D"); configuration.configure(configurable); assertTrue(Arrays.equals(new String[] { "A", "B", "C", "D" }, configurable.getEnabledCipherSuites())); }
@Test public void testSetExcludedProtocols() throws Exception { configurable.setSupportedProtocols(new String[] { "A", "B" }); configuration.setExcludedProtocols("A"); configuration.configure(configurable); assertTrue(Arrays.equals(new String[] { "B" }, configurable.getEnabledProtocols())); }
@Test public void testSetIncludedProtocols() throws Exception { configurable.setSupportedProtocols(new String[] { "A", "B", "C", "D" }); configuration.setIncludedProtocols("A,B ,C, D"); configuration.configure(configurable); assertTrue(Arrays.equals(new String[] { "A", "B", "C", "D" }, configurable.getEnabledProtocols())); }
/** * Configures SSL parameters on an {@link SSLConfigurable}. * @param socket the subject configurable */ public void configure(SSLConfigurable socket) { socket.setEnabledProtocols(enabledProtocols(socket.getSupportedProtocols(), socket.getDefaultProtocols())); socket.setEnabledCipherSuites(enabledCipherSuites(socket.getSupportedCipherSuites(), socket.getDefaultCipherSuites())); if (isNeedClientAuth() != null) { socket.setNeedClientAuth(isNeedClientAuth()); } if (isWantClientAuth() != null) { socket.setWantClientAuth(isWantClientAuth()); } }
/** * Gets the set of enabled cipher suites based on the configuration. * @param supportedCipherSuites cipher suites supported by the SSL engine * @param defaultCipherSuites default cipher suites enabled by the SSL engine * @return enabled cipher suites */ private String[] enabledCipherSuites(String[] supportedCipherSuites, String[] defaultCipherSuites) { if (enabledCipherSuites == null) { // we're assuming that the same engine is used for all configurables // so once we determine the enabled set, we won't do it again if (OptionHelper.isEmpty(getIncludedCipherSuites()) && OptionHelper.isEmpty(getExcludedCipherSuites())) { enabledCipherSuites = Arrays.copyOf(defaultCipherSuites, defaultCipherSuites.length); } else { enabledCipherSuites = includedStrings(supportedCipherSuites, getIncludedCipherSuites(), getExcludedCipherSuites()); } for (String cipherSuite : enabledCipherSuites) { addInfo("enabled cipher suite: " + cipherSuite); } } return enabledCipherSuites; }
/** * Gets the set of enabled protocols based on the configuration. * @param supportedProtocols protocols supported by the SSL engine * @param defaultProtocols default protocols enabled by the SSL engine * @return enabled protocols */ private String[] enabledProtocols(String[] supportedProtocols, String[] defaultProtocols) { if (enabledProtocols == null) { // we're assuming that the same engine is used for all configurables // so once we determine the enabled set, we won't do it again if (OptionHelper.isEmpty(getIncludedProtocols()) && OptionHelper.isEmpty(getExcludedProtocols())) { enabledProtocols = Arrays.copyOf(defaultProtocols, defaultProtocols.length); } else { enabledProtocols = includedStrings(supportedProtocols, getIncludedProtocols(), getExcludedProtocols()); } for (String protocol : enabledProtocols) { addInfo("enabled protocol: " + protocol); } } return enabledProtocols; }
/** * Gets the SSL parameters configuration. * @return parameters configuration; if no parameters object was * configured, a default parameters object is returned */ public SSLParametersConfiguration getParameters() { if (parameters == null) { parameters = new SSLParametersConfiguration(); } return parameters; }
/** * Configures SSL parameters on an {@link SSLConfigurable}. * @param socket the subject configurable */ public void configure(SSLConfigurable socket) { socket.setEnabledProtocols(enabledProtocols(socket.getSupportedProtocols(), socket.getDefaultProtocols())); socket.setEnabledCipherSuites(enabledCipherSuites(socket.getSupportedCipherSuites(), socket.getDefaultCipherSuites())); if (isNeedClientAuth() != null) { socket.setNeedClientAuth(isNeedClientAuth()); } if (isWantClientAuth() != null) { socket.setWantClientAuth(isWantClientAuth()); } }