/** {@inheritDoc} */ @Override protected SSLParameters engineGetDefaultSSLParameters() { return delegate.getDefaultSSLParameters(); }
protected SSLParameters engineGetDefaultSSLParameters() { return delegate.getDefaultSSLParameters(); }
public static SSLContext createSslContext(boolean allowInsecureConnection, Certificate[] trustCertficates, Certificate[] certificates, PrivateKey privateKey) throws GeneralSecurityException { KeyStoreHolder ksh = new KeyStoreHolder(); TrustManager[] trustManagers = null; KeyManager[] keyManagers = null; trustManagers = setupTrustCerts(ksh, allowInsecureConnection, trustCertficates); keyManagers = setupKeyManager(ksh, privateKey, certificates); SSLContext sslCtx = SSLContext.getInstance("TLS"); sslCtx.init(keyManagers, trustManagers, new SecureRandom()); sslCtx.getDefaultSSLParameters(); return sslCtx; }
/** * Creates a SSLContext instance using the given information. * * * @return a SSLContext instance * @throws java.security.KeyStoreException if problem with keystore * @throws java.io.IOException if unable to create context * @throws java.security.NoSuchAlgorithmException if algorithm isn't known * @throws java.security.cert.CertificateException if certificate is invalid * @throws java.security.UnrecoverableKeyException if the key cannot be recovered * @throws java.security.KeyManagementException if the key is improper */ public SSLContext createSslContext() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException { // initialize the ssl context final SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagers, trustManagers, new SecureRandom()); sslContext.getDefaultSSLParameters().setNeedClientAuth(true); return sslContext; } }
protected SSLParameters engineGetDefaultSSLParameters() { final SSLContext delegate = getDelegate(); return sslConfigurator.getDefaultSSLParameters(delegate, delegate.getDefaultSSLParameters()); }
private Client createHttpClient(Config config) { boolean isSSLEnabled = config.getBoolean(SSL_ENABLED); SSLContext sslContext = null; SSLParameters sslParameters = null; if (isSSLEnabled) { sslContext = SSLContextFactory.createInstance(config); sslParameters = sslContext.getDefaultSSLParameters(); } Map<String, Object> properties = new HashMap<>(); properties.put(HttpClientFactory.HTTP_SSL_CONTEXT, sslContext); properties.put(HttpClientFactory.HTTP_SSL_PARAMS, sslParameters); if (config.hasPath(PROPERTIES)) { properties.putAll(toMap(config.getConfig(PROPERTIES))); } return new R2HttpClientProxy(new HttpClientFactory(), properties); }
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom()); if (ClientAuth.REQUIRED == clientAuth) { sslContext.getDefaultSSLParameters().setNeedClientAuth(true); } else if (ClientAuth.WANT == clientAuth) { sslContext.getDefaultSSLParameters().setWantClientAuth(true); } else { sslContext.getDefaultSSLParameters().setWantClientAuth(false);
final SSLContext sslContext = SSLContext.getInstance(getProtocol()); sslContext.init(keyManagers, trustManagers, new SecureRandom()); sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
/** * Initializes the factory. * * @throws GeneralSecurityException thrown if an SSL initialization error * happened. * @throws IOException thrown if an IO error happened while reading the SSL * configuration. */ public void init() throws GeneralSecurityException, IOException { keystoresFactory.init(mode); context = SSLContext.getInstance("TLS"); context.init(keystoresFactory.getKeyManagers(), keystoresFactory.getTrustManagers(), null); context.getDefaultSSLParameters().setProtocols(enabledProtocols); hostnameVerifier = getHostnameVerifier(conf); }
@Override public void configure(HttpsParameters params) { SSLContext context = getSSLContext(); SSLEngine engine = context.createSSLEngine(); params.setNeedClientAuth(false); params.setCipherSuites(engine.getEnabledCipherSuites()); params.setProtocols(engine.getEnabledProtocols()); params.setSSLParameters(context.getDefaultSSLParameters()); } });
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
SSLParameters defaultSSLParameters = c.getDefaultSSLParameters (); params.setSSLParameters ( defaultSSLParameters );
private Client createD2Client(Config config) { String zkhosts = config.getString(ZOOKEEPER_HOSTS); if (zkhosts == null || zkhosts.length() == 0) { throw new ConfigException.Missing(ZOOKEEPER_HOSTS); } D2ClientBuilder d2Builder = new D2ClientBuilder().setZkHosts(zkhosts); boolean isSSLEnabled = config.getBoolean(SSL_ENABLED); if (isSSLEnabled) { d2Builder.setIsSSLEnabled(true); SSLContext sslContext = SSLContextFactory.createInstance(config); d2Builder.setSSLContext(sslContext); d2Builder.setSSLParameters(sslContext.getDefaultSSLParameters()); } if (config.hasPath(CLIENT_SERVICES_CONFIG)) { Config clientServiceConfig = config.getConfig(CLIENT_SERVICES_CONFIG); Map<String, Map<String, Object>> result = new HashMap<>(); for (String key: clientServiceConfig.root().keySet()) { Config value = clientServiceConfig.getConfig(key); result.put(key, toMap(value)); } d2Builder.setClientServicesConfig(result); } return new D2ClientProxy(d2Builder, isSSLEnabled); }
/** * Tests that connections cannot be made with unsupported TLS cipher suites */ @Test public void testUnsupportedCiphers() throws Exception { String node = "0"; SSLContext context = SSLContext.getInstance("TLSv1.2"); context.init(null, null, null); String[] cipherSuites = context.getDefaultSSLParameters().getCipherSuites(); sslServerConfigs.put(SslConfigs.SSL_CIPHER_SUITES_CONFIG, Arrays.asList(cipherSuites[0])); server = createEchoServer(SecurityProtocol.SSL); sslClientConfigs.put(SslConfigs.SSL_CIPHER_SUITES_CONFIG, Arrays.asList(cipherSuites[1])); createSelector(sslClientConfigs); InetSocketAddress addr = new InetSocketAddress("localhost", server.port()); selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE); NetworkTestUtils.waitForChannelClose(selector, node, ChannelState.State.AUTHENTICATION_FAILED); server.verifyAuthenticationMetrics(0, 1); }
public void configure(HttpsParameters params) { try { SSLContext c = SSLContext.getDefault(); SSLEngine engine = c.createSSLEngine(); params.setNeedClientAuth(false); params.setCipherSuites(engine.getEnabledCipherSuites()); params.setProtocols(engine.getEnabledProtocols()); SSLParameters defaultSSLParameters = c.getDefaultSSLParameters(); params.setSSLParameters(defaultSSLParameters); } catch (Exception ex) { throw new IllegalStateException(ex); } } });
SSLParameters sslParameters = sslContext.getDefaultSSLParameters(); filter.setEnabledProtocols(getFilteredProtocols(sslParameters)); filter.setEnabledCipherSuites(getFilteredCipherSuites(sslParameters));
log.debug("SSL provider is: {}", sslContext.getProvider()); SSLParameters params = sslContext.getDefaultSSLParameters(); if (log.isDebugEnabled()) { log.debug("SSL context params - need client auth: {} want client auth: {} endpoint id algorithm: {}", params.getNeedClientAuth(), params.getWantClientAuth(), params.getEndpointIdentificationAlgorithm());
@Override public void configure(HttpsParameters params) { // get the remote address if needed InetSocketAddress remote = params.getClientAddress(); SSLContext c = getSSLContext(); // get the default parameters SSLParameters sslparams = c.getDefaultSSLParameters(); params.setSSLParameters(sslparams); params.setProtocols(SSLUtils.getRecommendedProtocols()); params.setCipherSuites(SSLUtils.getRecommendedCiphers()); // statement above could throw IAE if any params invalid. // eg. if app has a UI and parameters supplied by a user. } });
/** {@inheritDoc} */ public void configure(HttpsParameters params) { // initialise the SSL context SSLEngine engine = context.createSSLEngine(); // get the default parameters SSLParameters defaultSSLParameters = context.getDefaultSSLParameters(); // Cert authentication is delayed later to the ClientCertAuthenticator params.setWantClientAuth(serverConfig.useSslClientAuthentication()); defaultSSLParameters.setWantClientAuth(serverConfig.useSslClientAuthentication()); // Cipher Suites params.setCipherSuites(serverConfig.getSSLCipherSuites()); defaultSSLParameters.setCipherSuites(serverConfig.getSSLCipherSuites()); // Protocols params.setProtocols(serverConfig.getSSLProtocols()); defaultSSLParameters.setProtocols(serverConfig.getSSLProtocols()); params.setSSLParameters(defaultSSLParameters); } }