/** * Returns a ssl config initialized with the supplied config. * * @param config ssl config to read properties from * * @return ssl config */ public static SslConfig newSslConfig(final SslConfig config) { final SslConfig sc = new SslConfig(); sc.setCredentialConfig(config.getCredentialConfig()); sc.setTrustManagers(config.getTrustManagers()); sc.setHostnameVerifier(config.getHostnameVerifier()); sc.setHostnameVerifierConfig(config.getHostnameVerifierConfig()); sc.setEnabledCipherSuites(config.getEnabledCipherSuites()); sc.setEnabledProtocols(config.getEnabledProtocols()); sc.setHandshakeCompletedListeners(config.getHandshakeCompletedListeners()); return sc; }
/** * Sets the credential config. * * @param config credential config */ public void setCredentialConfig(final CredentialConfig config) { checkImmutable(); logger.trace("setting credentialConfig: {}", config); credentialConfig = config; }
/** * Returns a ssl config initialized with the supplied config. * * @param config ssl config to read properties from * * @return ssl config */ public static SslConfig newSslConfig(final SslConfig config) { final SslConfig sc = new SslConfig(); sc.setCredentialConfig(config.getCredentialConfig()); sc.setTrustManagers(config.getTrustManagers()); sc.setEnabledCipherSuites(config.getEnabledCipherSuites()); sc.setEnabledProtocols(config.getEnabledProtocols()); sc.setHandshakeCompletedListeners(config.getHandshakeCompletedListeners()); return sc; }
if (config != null && !config.isEmpty()) { sf.setSslConfig(SslConfig.newSslConfig(config)); } else { sf.setSslConfig(new SslConfig()); final CertificateHostnameVerifier verifier = sf.getSslConfig().getHostnameVerifier(); if (verifier == null) { sf.getSslConfig().setHostnameVerifierConfig(new HostnameVerifierConfig(new DefaultHostnameVerifier(), names)); } else { sf.getSslConfig().setHostnameVerifierConfig(new HostnameVerifierConfig(verifier, names));
/** * Adds a {@link HostnameVerifyingTrustManager} to the supplied config if no trust managers have been configured. A * {@link DefaultTrustManager} is also added in no {@link CredentialConfig} has been configured. * * @param config to modify * @param names of the hosts to verify */ protected static void addHostnameVerifyingTrustManager(final SslConfig config, final String[] names) { if (config.getTrustManagers() == null) { if (config.getCredentialConfig() == null) { config.setTrustManagers( new DefaultTrustManager(), new HostnameVerifyingTrustManager(new DefaultHostnameVerifier(), names)); } else { config.setTrustManagers(new HostnameVerifyingTrustManager(new DefaultHostnameVerifier(), names)); } } }
/** * Returns an instance of this socket factory configured with a hostname verifying trust manager. If the supplied ssl * config does not contain trust managers, {@link HostnameVerifyingTrustManager} with {@link DefaultHostnameVerifier} * is set. See {@link #addHostnameVerifyingTrustManager(SslConfig, String[])}. * * @param config to set on the socket factory * @param names to use for hostname verification * * @return socket factory */ public static SSLSocketFactory getHostnameVerifierFactory(final SslConfig config, final String[] names) { final ThreadLocalTLSSocketFactory sf = new ThreadLocalTLSSocketFactory(); if (config != null && !config.isEmpty()) { sf.setSslConfig(SslConfig.newSslConfig(config)); } else { sf.setSslConfig(new SslConfig()); } addHostnameVerifyingTrustManager(sf.getSslConfig(), names); try { sf.initialize(); } catch (GeneralSecurityException e) { throw new IllegalArgumentException(e); } return sf; }
if (sslC.getEnabledCipherSuites() != null) { socket.setEnabledCipherSuites(sslC.getEnabledCipherSuites()); if (sslC.getEnabledProtocols() != null) { socket.setEnabledProtocols(sslC.getEnabledProtocols()); if (sslC.getHandshakeCompletedListeners() != null) { for (HandshakeCompletedListener listener : sslC.getHandshakeCompletedListeners()) { socket.addHandshakeCompletedListener(listener);
if (cc.getSslConfig() != null && !cc.getSslConfig().isEmpty()) { final CredentialConfig credConfig = cc.getSslConfig().getCredentialConfig(); final TrustManager[] managers = cc.getSslConfig().getTrustManagers(); final CertificateHostnameVerifier verifier = cc.getSslConfig().getHostnameVerifier(); if (credConfig != null) { try {
final SslConfig sslConfig = getSslConfig(); if (sslConfig != null) { final CredentialConfig credConfig = sslConfig.getCredentialConfig(); final TrustManager[] managers = sslConfig.getTrustManagers(); final HostnameVerifierConfig verifierConfig = sslConfig.getHostnameVerifierConfig(); if (credConfig != null) { contextInitializer = credConfig.createSSLContextInitializer();
if (factory == null && cc.getSslConfig() != null && !cc.getSslConfig().isEmpty()) { final TLSSocketFactory sf = new TLSSocketFactory(); sf.setSslConfig(SslConfig.newSslConfig(cc.getSslConfig())); try { sf.initialize(); if (verifier == null && cc.getSslConfig() != null && !cc.getSslConfig().isEmpty()) { if (cc.getSslConfig().getHostnameVerifier() != null) { verifier = new HostnameVerifierAdapter(cc.getSslConfig().getHostnameVerifier());
private void configureSSL(final Ldap ldap, final ConnectionConfig userConnectionConfig) { if (ldap.getX509() != null) { final X509CredentialConfig x509CredentialConfig = new X509CredentialConfig(); x509CredentialConfig.setTrustCertificates(ldap.getX509()); // file:/path/to/trust.pem final SslConfig config = new SslConfig(x509CredentialConfig); userConnectionConfig.setSslConfig(config); userConnectionConfig.setUseSSL(ldap.isSsl()); } else { userConnectionConfig.setUseSSL(ldap.isSsl()); } }
final SslConfig sslConfig = getSslConfig(); if (sslConfig != null) { final CredentialConfig credConfig = sslConfig.getCredentialConfig(); final TrustManager[] managers = sslConfig.getTrustManagers(); if (credConfig != null) { contextInitializer = credConfig.createSSLContextInitializer();
lcc.setTrustManagers(trustManagers); lcc.setKeyManagers(keyManagers); if (cc.getSslConfig() != null && cc.getSslConfig().getEnabledCipherSuites() != null) { lcc.setEnabledCipherSuites(cc.getSslConfig().getEnabledCipherSuites()); if (cc.getSslConfig() != null && cc.getSslConfig().getEnabledProtocols() != null) { lcc.setSslProtocol(cc.getSslConfig().getEnabledProtocols()[0]);
final SslConfig sslConfig = connConfig.getSslConfig(); if (sslConfig != null) { final SSLContextInitializer cxtInit = sslConfig.getCredentialConfig() != null ? sslConfig.getCredentialConfig().createSSLContextInitializer() : null; if (cxtInit instanceof X509SSLContextInitializer) { if (((X509SSLContextInitializer) cxtInit).getTrustCertificates() == null) {
if (factory == null && cc.getSslConfig() != null && !cc.getSslConfig().isEmpty()) { final TLSSocketFactory sf = new TLSSocketFactory(); sf.setSslConfig(cc.getSslConfig());
if (config != null && !config.isEmpty()) { sf.setSslConfig(SslConfig.newSslConfig(config)); } else { sf.setSslConfig(new SslConfig()); final CertificateHostnameVerifier verifier = sf.getSslConfig().getHostnameVerifier(); if (verifier == null) { sf.getSslConfig().setHostnameVerifierConfig(new HostnameVerifierConfig(new DefaultHostnameVerifier(), names)); } else { sf.getSslConfig().setHostnameVerifierConfig(new HostnameVerifierConfig(verifier, names));
/** * Adds a {@link HostnameVerifyingTrustManager} to the supplied config if no trust managers have been configured. A * {@link DefaultTrustManager} is also added in no {@link CredentialConfig} has been configured. * * @deprecated {@link HostnameVerifierConfig} should be used for hostname verification * * @param config to modify * @param names of the hosts to verify */ @Deprecated protected static void addHostnameVerifyingTrustManager(final SslConfig config, final String[] names) { if (config.getTrustManagers() == null) { if (config.getCredentialConfig() == null) { config.setTrustManagers( new DefaultTrustManager(), new HostnameVerifyingTrustManager(new DefaultHostnameVerifier(), names)); } else { config.setTrustManagers(new HostnameVerifyingTrustManager(new DefaultHostnameVerifier(), names)); } } }
/** * Returns an instance of this socket factory configured with a hostname verifying trust manager. If the supplied ssl * config does not contain trust managers, {@link HostnameVerifyingTrustManager} with {@link DefaultHostnameVerifier} * is set. See {@link #addHostnameVerifyingTrustManager(SslConfig, String[])}. * * @param config to set on the socket factory * @param names to use for hostname verification * * @return socket factory */ @SuppressWarnings("RedundantArrayCreation") public static SSLSocketFactory getHostnameVerifierFactory(final SslConfig config, final String[] names) { final TLSSocketFactory sf = new TLSSocketFactory(); if (config != null && !config.isEmpty()) { sf.setSslConfig(SslConfig.newSslConfig(config)); } else { sf.setSslConfig(new SslConfig()); } addHostnameVerifyingTrustManager(sf.getSslConfig(), names); try { sf.initialize(); } catch (GeneralSecurityException e) { throw new IllegalArgumentException(e); } return sf; }
if (sslC.getEnabledCipherSuites() != null) { socket.setEnabledCipherSuites(sslC.getEnabledCipherSuites()); if (sslC.getEnabledProtocols() != null) { socket.setEnabledProtocols(sslC.getEnabledProtocols()); if (sslC.getHandshakeCompletedListeners() != null) { for (HandshakeCompletedListener listener : sslC.getHandshakeCompletedListeners()) { socket.addHandshakeCompletedListener(listener);