private static void setLegacyAlgorithmsSilently(String legacyAlgorithms) { if (legacyAlgorithms == null) { return; } try { Security.setProperty(LEGACY_ALGORITHMS_SECURITY_KEY, legacyAlgorithms); } catch (SecurityException e) { // ignore } }
@Override public Void run() { Security.setProperty(key, value); return null; } }
Security.setProperty("ssl.SocketFactory.provider", "com.ibm.jsse2.SSLSocketFactoryImpl"); Security.setProperty("ssl.ServerSocketFactory.provider", "com.ibm.jsse2.SSLServerSocketFactoryImpl");
java.security.Security.setProperty("networkaddress.cache.ttl" , "0")
@Override public void setNegativeDNSCacheTimeout(int timeout, TimeUnit timeUnit) { try { Class<?> inetAddressCachePolicyClass = Class.forName("sun.net.InetAddressCachePolicy"); Field negativeCacheTimeoutSeconds = inetAddressCachePolicyClass.getDeclaredField("negativeCachePolicy"); negativeCacheTimeoutSeconds.setAccessible(true); if (timeout < 0) { negativeCacheTimeoutSeconds.setInt(null, -1); java.security.Security.setProperty("networkaddress.cache.negative.ttl", "-1"); } else { negativeCacheTimeoutSeconds.setInt(null, (int) TimeUnit.SECONDS.convert(timeout, timeUnit)); java.security.Security.setProperty("networkaddress.cache.negative.ttl", Long.toString(TimeUnit.SECONDS.convert(timeout, timeUnit))); } } catch (ClassNotFoundException | NoSuchFieldException | IllegalAccessException e) { log.warn("Unable to modify native JVM DNS cache timeouts", e); } } }
@Override public void setPositiveDNSCacheTimeout(int timeout, TimeUnit timeUnit) { try { Class<?> inetAddressCachePolicyClass = Class.forName("sun.net.InetAddressCachePolicy"); Field positiveCacheTimeoutSeconds = inetAddressCachePolicyClass.getDeclaredField("cachePolicy"); positiveCacheTimeoutSeconds.setAccessible(true); if (timeout < 0) { positiveCacheTimeoutSeconds.setInt(null, -1); java.security.Security.setProperty("networkaddress.cache.ttl", "-1"); } else { positiveCacheTimeoutSeconds.setInt(null, (int) TimeUnit.SECONDS.convert(timeout, timeUnit)); java.security.Security.setProperty("networkaddress.cache.ttl", Long.toString(TimeUnit.SECONDS.convert(timeout, timeUnit))); } } catch (ClassNotFoundException | NoSuchFieldException | IllegalAccessException e) { log.warn("Unable to modify native JVM DNS cache timeouts", e); } }
/** * Creates a Javamail session. */ private synchronized void createSession() { if (host == null) { throw new IllegalArgumentException("Host cannot be null."); } Properties mailProps = new Properties(); mailProps.setProperty("mail.smtp.host", host); mailProps.setProperty("mail.smtp.port", String.valueOf(port)); // Allow messages with a mix of valid and invalid recipients to still be sent. mailProps.setProperty("mail.smtp.sendpartial", "true"); mailProps.setProperty("mail.debug", String.valueOf(debugEnabled)); // Methology from an article on www.javaworld.com (Java Tip 115) // We will attempt to failback to an insecure connection // if the secure one cannot be made if (sslEnabled) { // Register with security provider. Security.setProperty("ssl.SocketFactory.provider", SSL_FACTORY); mailProps.setProperty("mail.smtp.socketFactory.class", SSL_FACTORY); mailProps.setProperty("mail.smtp.socketFactory.fallback", "true"); } // If a username is defined, use SMTP authentication. if (username != null) { mailProps.put("mail.smtp.auth", "true"); } session = Session.getInstance(mailProps, null); }
private void adjustDNSCacheTTL() { try { Security.setProperty("networkaddress.cache.ttl", "0"); } catch (Exception e) { Timber.w(e, "Could not set DNS ttl to 0 for %s", getLogId()); } try { Security.setProperty("networkaddress.cache.negative.ttl", "0"); } catch (Exception e) { Timber.w(e, "Could not set DNS negative ttl to 0 for %s", getLogId()); } }
/** * Loops through the login.config.url.1,login.config.url.2 properties looking for the * login configuration. If it is not set, it will be set to the last available * login.config.url.X property. * */ private void configureJaasUsingLoop() throws IOException { String loginConfigUrl = convertLoginConfigToUrl(); boolean alreadySet = false; int n = 1; final String prefix = "login.config.url."; String existing; while ((existing = Security.getProperty(prefix + n)) != null) { alreadySet = existing.equals(loginConfigUrl); if (alreadySet) { break; } n++; } if (!alreadySet) { String key = prefix + n; log.debug("Setting security property [" + key + "] to: " + loginConfigUrl); Security.setProperty(key, loginConfigUrl); } }
/** * Loops through the login.config.url.1,login.config.url.2 properties looking for the * login configuration. If it is not set, it will be set to the last available * login.config.url.X property. * */ private void configureJaasUsingLoop() throws IOException { String loginConfigUrl = convertLoginConfigToUrl(); boolean alreadySet = false; int n = 1; final String prefix = "login.config.url."; String existing; while ((existing = Security.getProperty(prefix + n)) != null) { alreadySet = existing.equals(loginConfigUrl); if (alreadySet) { break; } n++; } if (!alreadySet) { String key = prefix + n; log.debug("Setting security property [" + key + "] to: " + loginConfigUrl); Security.setProperty(key, loginConfigUrl); } }
@BeforeClass public static void key() { Security.setProperty("crypto.policy", "unlimited"); }
@BeforeClass public static void key() { Security.setProperty("crypto.policy", "unlimited"); }
@Test public void testConfigurationLoop() throws Exception { String resName = "/" + getClass().getName().replace('.', '/') + ".conf"; URL url = getClass().getResource(resName); Security.setProperty("login.config.url.1", url.toString()); setUp(); testFull(); }
@BeforeClass public static void key() { Security.setProperty("crypto.policy", "unlimited"); }
@After public void cleanUp() { x509TestContext.clearSystemProperties(x509Util); System.clearProperty(x509Util.getSslOcspEnabledProperty()); System.clearProperty(x509Util.getSslCrlEnabledProperty()); System.clearProperty(x509Util.getCipherSuitesProperty()); System.clearProperty(x509Util.getSslProtocolProperty()); System.clearProperty(x509Util.getSslHandshakeDetectionTimeoutMillisProperty()); System.clearProperty("com.sun.net.ssl.checkRevocation"); System.clearProperty("com.sun.security.enableCRLDP"); Security.setProperty("ocsp.enable", Boolean.FALSE.toString()); Security.setProperty("com.sun.security.enableCRLDP", Boolean.FALSE.toString()); System.clearProperty(ServerCnxnFactory.ZOOKEEPER_SERVER_CNXN_FACTORY); System.clearProperty(ZKClientConfig.ZOOKEEPER_CLIENT_CNXN_SOCKET); x509Util.close(); }
public void testPackageAccess() { String script = "new javax.print.PrintException();"; Security.setProperty("package.access", "javax.print"); //This should throw an ACE because its codeBase does not allow access to javax.print assertExecute(script, "/groovy/security/javax/print/deny", new RuntimePermission("accessClassInPackage.javax.print")); //This should not throw an ACE because groovy.policy grants the codeBase access to javax.print assertExecute(script, "/groovy/security/javax/print/allow", null); }
System.setProperty("com.sun.security.enableCRLDP", "true"); if (ocspEnabled) { Security.setProperty("ocsp.enable", "true");
(PKIXParameters or PKIXParameterBuilder) params.setRevocationEnabled(true); Security.setProperty("ocsp.enable", "true");
private static void overrideDnsCachePolicyProperties() { for (final String property : new String[] {"networkaddress.cache.ttl", "networkaddress.cache.negative.ttl" }) { final String overrideProperty = "es." + property; final String overrideValue = System.getProperty(overrideProperty); if (overrideValue != null) { try { // round-trip the property to an integer and back to a string to ensure that it parses properly Security.setProperty(property, Integer.toString(Integer.valueOf(overrideValue))); } catch (final NumberFormatException e) { throw new IllegalArgumentException( "failed to parse [" + overrideProperty + "] with value [" + overrideValue + "]", e); } } } }
Security.setProperty("ssl.SocketFactory.provider", DummySSLSocketFactory.class.getName()); GreenMail mailServer = new GreenMail(ServerSetupTest.SMTPS); mailServer.start();