Refine search
private SSLEngine createServerEngine() { SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(false); return engine; }
private static SSLEngine defaultSSLEngineFactory(final SSLContext sslContext) { SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(true); return engine; }
@Override public ByteChannel wrapChannel(SocketChannel channel, SelectionKey key) throws IOException { SSLEngine e = sslcontext.createSSLEngine(); if (enabledProtocols != null) { e.setEnabledProtocols(enabledProtocols); } if (enabledCiphersuites != null) { e.setEnabledCipherSuites(enabledCiphersuites); } e.setUseClientMode(false); return new SSLSocketChannel2(channel, e, exec, key); }
/** * Adds the ssl handler * * @param pipeline - channel pipeline */ protected void addSslHandler(ChannelPipeline pipeline) { if (sslContext != null) { SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(false); pipeline.addLast(SSL_HANDLER, new SslHandler(engine)); } }
private ChannelHandler createSslHandler(SSLContext sslContext) { SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(true); return new SslHandler(sslEngine); }
private ChannelHandler createSslHandler(SSLContext sslContext, boolean needsClientAuth) { SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(false); if (needsClientAuth) { sslEngine.setNeedClientAuth(true); } return new SslHandler(sslEngine); }
@Override public ByteChannel wrapChannel( SocketChannel channel, SelectionKey key ) throws IOException { SSLEngine e = sslcontext.createSSLEngine(); /* * See https://github.com/TooTallNate/Java-WebSocket/issues/466 * * We remove TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 from the enabled ciphers since it is just available when you patch your java installation directly. * E.g. firefox requests this cipher and this causes some dcs/instable connections */ List<String> ciphers = new ArrayList<String>( Arrays.asList(e.getEnabledCipherSuites())); ciphers.remove("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); e.setEnabledCipherSuites( ciphers.toArray( new String[ciphers.size()] ) ); e.setUseClientMode( false ); return new SSLSocketChannel2( channel, e, exec, key ); }
@Override public ByteChannel wrapChannel(SocketChannel channel, SelectionKey key) throws IOException { SSLEngine e = sslcontext.createSSLEngine(); e.setUseClientMode(false); e.setSSLParameters(sslParameters); return new SSLSocketChannel2(channel, e, exec, key); } }
private PeerChannel createPeerChannel(final SocketChannel channel, final String peerDescription) { if (sslContext == null) { logger.debug("No SSL Context is available so will not perform SSL Handshake with Peer {}", peerDescription); return new PeerChannel(channel, null, peerDescription); } logger.debug("Performing SSL Handshake with Peer {}", peerDescription); final SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(true); sslEngine.setNeedClientAuth(true); return new PeerChannel(channel, sslEngine, peerDescription); }
private ChannelInitializer<SocketChannel> createChannelInitializer() { final RequestDispatcher dispatcher = createRequestDispatcher(); if (sslContext == null) { return new ChannelInitializer<SocketChannel>() { @Override public void initChannel(SocketChannel ch) throws Exception { setupHandlers(ch, dispatcher, HTTP); } }; } else { final SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(false); return new ChannelInitializer<SocketChannel>() { @Override public void initChannel(SocketChannel ch) throws Exception { ch.pipeline().addFirst(new SslHandler(engine)); setupHandlers(ch, dispatcher, HTTPS); } }; } }
private ChannelInitializer<SocketChannel> createChannelInitializer() { final RequestDispatcher dispatcher = createRequestDispatcher(); if (sslContext == null) { return new ChannelInitializer<SocketChannel>() { @Override public void initChannel(SocketChannel ch) throws Exception { setupHandlers(ch, dispatcher, HTTP); } }; } else { final SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(false); return new ChannelInitializer<SocketChannel>() { @Override public void initChannel(SocketChannel ch) throws Exception { ch.pipeline().addFirst(new SslHandler(engine)); setupHandlers(ch, dispatcher, HTTPS); } }; } }
private SSLEngine createSslEngine(SSLContext sslContext, String peerHost, int peerPort) { SSLEngine sslEngine = sslContext.createSSLEngine(peerHost, peerPort); if (cipherSuites != null) sslEngine.setEnabledCipherSuites(cipherSuites); if (enabledProtocols != null) sslEngine.setEnabledProtocols(enabledProtocols); // SSLParameters#setEndpointIdentificationAlgorithm enables endpoint validation // only in client mode. Hence, validation is enabled only for clients. if (mode == Mode.SERVER) { sslEngine.setUseClientMode(false); if (needClientAuth) sslEngine.setNeedClientAuth(needClientAuth); else sslEngine.setWantClientAuth(wantClientAuth); } else { sslEngine.setUseClientMode(true); SSLParameters sslParams = sslEngine.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm(endpointIdentification); sslEngine.setSSLParameters(sslParams); } return sslEngine; }
@Override public SSLEngine newSslEngine(String remoteHost, int remotePort) { SSLEngine sslEngine = sslContext .createSSLEngine(remoteHost, remotePort); sslEngine.setUseClientMode(true); if (!tryHostNameVerificationJava7(sslEngine)) { LOG.debug("Host Name Verification is not supported, causes insecure HTTPS connection"); } filterWeakCipherSuites(sslEngine); return sslEngine; }
private synchronized void initSSL(ChannelPipeline pipeline) throws SSLContextException { if (sslContext == null || sslEngine == null) { try (X509Util x509Util = new ClientX509Util()) { sslContext = x509Util.createSSLContext(clientConfig); sslEngine = sslContext.createSSLEngine(host, port); sslEngine.setUseClientMode(true); } } pipeline.addLast("ssl", new SslHandler(sslEngine)); LOG.info("SSL handler added for channel: {}", pipeline.channel()); } }
/** * Returns a configured SSLEngine. * * @return the configured SSLEngine. * @throws GeneralSecurityException thrown if the SSL engine could not * be initialized. * @throws IOException thrown if and IO error occurred while loading * the server keystore. */ public SSLEngine createSSLEngine() throws GeneralSecurityException, IOException { SSLEngine sslEngine = context.createSSLEngine(); if (mode == Mode.CLIENT) { sslEngine.setUseClientMode(true); } else { sslEngine.setUseClientMode(false); sslEngine.setNeedClientAuth(requireClientCert); disableExcludedCiphers(sslEngine); } sslEngine.setEnabledProtocols(enabledProtocols); return sslEngine; }
public SSLSocketChannel(final SSLContext sslContext, final String hostname, final int port, final InetAddress localAddress, final boolean client) throws IOException { this.socketAddress = new InetSocketAddress(hostname, port); this.channel = SocketChannel.open(); if (localAddress != null) { final SocketAddress localSocketAddress = new InetSocketAddress(localAddress, 0); this.channel.bind(localSocketAddress); } this.hostname = hostname; this.port = port; this.engine = sslContext.createSSLEngine(); this.engine.setUseClientMode(client); engine.setNeedClientAuth(true); streamInManager = new BufferStateManager(ByteBuffer.allocate(engine.getSession().getPacketBufferSize())); streamOutManager = new BufferStateManager(ByteBuffer.allocate(engine.getSession().getPacketBufferSize())); appDataManager = new BufferStateManager(ByteBuffer.allocate(engine.getSession().getApplicationBufferSize())); }
@Override public final SSLEngine newEngine() { SSLEngine engine = context().createSSLEngine(); engine.setEnabledCipherSuites(cipherSuites); engine.setEnabledProtocols(PROTOCOLS); engine.setUseClientMode(isClient()); return wrapEngine(engine); }
@Override public final SSLEngine newEngine(String peerHost, int peerPort) { SSLEngine engine = context().createSSLEngine(peerHost, peerPort); engine.setEnabledCipherSuites(cipherSuites); engine.setEnabledProtocols(PROTOCOLS); engine.setUseClientMode(isClient()); return wrapEngine(engine); }
public SSLSocketChannel(final SSLContext sslContext, final SocketChannel socketChannel, final boolean client) throws IOException { if (!socketChannel.isConnected()) { throw new IllegalArgumentException("Cannot pass an un-connected SocketChannel"); } this.channel = socketChannel; this.socketAddress = socketChannel.getRemoteAddress(); final Socket socket = socketChannel.socket(); this.hostname = socket.getInetAddress().getHostName(); this.port = socket.getPort(); this.engine = sslContext.createSSLEngine(); this.engine.setUseClientMode(client); this.engine.setNeedClientAuth(true); streamInManager = new BufferStateManager(ByteBuffer.allocate(engine.getSession().getPacketBufferSize())); streamOutManager = new BufferStateManager(ByteBuffer.allocate(engine.getSession().getPacketBufferSize())); appDataManager = new BufferStateManager(ByteBuffer.allocate(engine.getSession().getApplicationBufferSize())); }
private Optional<SSLEngine> getSslEngine(boolean useClientMode) { return getSslContext().map(sslContext -> { SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(useClientMode); sslEngine.setEnabledProtocols( getFilteredProtocols(sslEngine.getEnabledProtocols())); sslEngine.setEnabledCipherSuites( getFilteredCipherSuites(sslEngine.getEnabledCipherSuites())); return sslEngine; }); }