Refine search
private ChannelHandler createSslHandler(SSLContext sslContext, boolean needsClientAuth) { SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(false); if (needsClientAuth) { sslEngine.setNeedClientAuth(true); } return new SslHandler(sslEngine); }
private PeerChannel createPeerChannel(final SocketChannel channel, final String peerDescription) { if (sslContext == null) { logger.debug("No SSL Context is available so will not perform SSL Handshake with Peer {}", peerDescription); return new PeerChannel(channel, null, peerDescription); } logger.debug("Performing SSL Handshake with Peer {}", peerDescription); final SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(true); sslEngine.setNeedClientAuth(true); return new PeerChannel(channel, sslEngine, peerDescription); }
private SSLEngine createSslEngine(SSLContext sslContext, String peerHost, int peerPort) { SSLEngine sslEngine = sslContext.createSSLEngine(peerHost, peerPort); if (cipherSuites != null) sslEngine.setEnabledCipherSuites(cipherSuites); if (enabledProtocols != null) sslEngine.setEnabledProtocols(enabledProtocols); // SSLParameters#setEndpointIdentificationAlgorithm enables endpoint validation // only in client mode. Hence, validation is enabled only for clients. if (mode == Mode.SERVER) { sslEngine.setUseClientMode(false); if (needClientAuth) sslEngine.setNeedClientAuth(needClientAuth); else sslEngine.setWantClientAuth(wantClientAuth); } else { sslEngine.setUseClientMode(true); SSLParameters sslParams = sslEngine.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm(endpointIdentification); sslEngine.setSSLParameters(sslParams); } return sslEngine; }
/** * Returns a configured SSLEngine. * * @return the configured SSLEngine. * @throws GeneralSecurityException thrown if the SSL engine could not * be initialized. * @throws IOException thrown if and IO error occurred while loading * the server keystore. */ public SSLEngine createSSLEngine() throws GeneralSecurityException, IOException { SSLEngine sslEngine = context.createSSLEngine(); if (mode == Mode.CLIENT) { sslEngine.setUseClientMode(true); } else { sslEngine.setUseClientMode(false); sslEngine.setNeedClientAuth(requireClientCert); disableExcludedCiphers(sslEngine); } sslEngine.setEnabledProtocols(enabledProtocols); return sslEngine; }
public SSLSocketChannel(final SSLContext sslContext, final String hostname, final int port, final InetAddress localAddress, final boolean client) throws IOException { this.socketAddress = new InetSocketAddress(hostname, port); this.channel = SocketChannel.open(); if (localAddress != null) { final SocketAddress localSocketAddress = new InetSocketAddress(localAddress, 0); this.channel.bind(localSocketAddress); } this.hostname = hostname; this.port = port; this.engine = sslContext.createSSLEngine(); this.engine.setUseClientMode(client); engine.setNeedClientAuth(true); streamInManager = new BufferStateManager(ByteBuffer.allocate(engine.getSession().getPacketBufferSize())); streamOutManager = new BufferStateManager(ByteBuffer.allocate(engine.getSession().getPacketBufferSize())); appDataManager = new BufferStateManager(ByteBuffer.allocate(engine.getSession().getApplicationBufferSize())); }
public SSLSocketChannel(final SSLContext sslContext, final SocketChannel socketChannel, final boolean client) throws IOException { if (!socketChannel.isConnected()) { throw new IllegalArgumentException("Cannot pass an un-connected SocketChannel"); } this.channel = socketChannel; this.socketAddress = socketChannel.getRemoteAddress(); final Socket socket = socketChannel.socket(); this.hostname = socket.getInetAddress().getHostName(); this.port = socket.getPort(); this.engine = sslContext.createSSLEngine(); this.engine.setUseClientMode(client); this.engine.setNeedClientAuth(true); streamInManager = new BufferStateManager(ByteBuffer.allocate(engine.getSession().getPacketBufferSize())); streamOutManager = new BufferStateManager(ByteBuffer.allocate(engine.getSession().getPacketBufferSize())); appDataManager = new BufferStateManager(ByteBuffer.allocate(engine.getSession().getApplicationBufferSize())); }
engine.setEnabledCipherSuites(toUse); engine.setUseClientMode(client); Set<String> protocols = new LinkedHashSet<>(enabledProtocols); protocols.retainAll(Arrays.asList(engine.getSupportedProtocols())); engine.setNeedClientAuth(true); break; engine.setNeedClientAuth(false); break;
private ChannelHandler createSslHandler(SocketChannel channel, SslContext sslContext, boolean needsClientAuth) { SSLEngine sslEngine = sslContext.newEngine( channel.alloc(), channel.remoteAddress().getHostString(), channel.remoteAddress().getPort()); sslEngine.setUseClientMode(false); if (needsClientAuth) { sslEngine.setNeedClientAuth(true); } return new SslHandler(sslEngine); } }
private synchronized void initSSL(ChannelPipeline p) throws X509Exception, KeyManagementException, NoSuchAlgorithmException { String authProviderProp = System.getProperty(x509Util.getSslAuthProviderProperty()); SSLContext sslContext; if (authProviderProp == null) { sslContext = x509Util.getDefaultSSLContext(); } else { sslContext = SSLContext.getInstance("TLSv1"); X509AuthenticationProvider authProvider = (X509AuthenticationProvider)ProviderRegistry.getProvider( System.getProperty(x509Util.getSslAuthProviderProperty(), "x509")); if (authProvider == null) { LOG.error("Auth provider not found: {}", authProviderProp); throw new SSLContextException( "Could not create SSLContext with specified auth provider: " + authProviderProp); } sslContext.init(new X509KeyManager[] { authProvider.getKeyManager() }, new X509TrustManager[] { authProvider.getTrustManager() }, null); } SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(false); sslEngine.setNeedClientAuth(true); p.addLast("ssl", new SslHandler(sslEngine)); LOG.info("SSL handler added for channel: {}", p.channel()); }
final SSLEngine engine = sslContext.createSSLEngine(peerAddress.getHostString(), peerAddress.getPort()); final boolean clientMode = useClientMode != 0; engine.setUseClientMode(clientMode); if (! clientMode) { final SslClientAuthMode clientAuthMode = AbstractAcceptingSslChannel.this.clientAuthMode; if (clientAuthMode != null) switch (clientAuthMode) { case NOT_REQUESTED: engine.setNeedClientAuth(false); engine.setWantClientAuth(false); break; break; case REQUIRED: engine.setNeedClientAuth(true); break; default: throw new IllegalStateException();
next.setUseClientMode(false); final int flagsVal = flags.get(); if ((flagsVal & FL_WANT_C_AUTH) != 0) { next.setWantClientAuth(true); } else if ((flagsVal & FL_NEED_C_AUTH) != 0) { next.setNeedClientAuth(true);
next.setEnabledProtocols(enabledProtocols); next.setUseClientMode(false); final int flagsVal = flags.get(); if ((flagsVal & FL_WANT_C_AUTH) != 0) { next.setWantClientAuth(true); } else if ((flagsVal & FL_NEED_C_AUTH) != 0) { next.setNeedClientAuth(true);
next.setEnabledProtocols(enabledProtocols); next.setUseClientMode(false); final int flagsVal = flags.get(); if ((flagsVal & FL_WANT_C_AUTH) != 0) { next.setWantClientAuth(true); } else if ((flagsVal & FL_NEED_C_AUTH) != 0) { next.setNeedClientAuth(true);
@SuppressWarnings("deprecation") private SSLEngine configureAndWrapEngine(SSLEngine engine, ByteBufAllocator alloc) { engine.setEnabledCipherSuites(cipherSuites); engine.setEnabledProtocols(protocols); engine.setUseClientMode(isClient()); if (isServer()) { switch (clientAuth) { case OPTIONAL: engine.setWantClientAuth(true); break; case REQUIRE: engine.setNeedClientAuth(true); break; case NONE: break; // exhaustive cases default: throw new Error("Unknown auth " + clientAuth); } } JdkApplicationProtocolNegotiator.SslEngineWrapperFactory factory = apn.wrapperFactory(); if (factory instanceof JdkApplicationProtocolNegotiator.AllocatorAwareSslEngineWrapperFactory) { return ((JdkApplicationProtocolNegotiator.AllocatorAwareSslEngineWrapperFactory) factory) .wrapSslEngine(engine, alloc, apn, isServer()); } return factory.wrapSslEngine(engine, apn, isServer()); }
if (sslContext != null) { final SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(false); sslEngine.setNeedClientAuth(true); break; case WANT: break; case NONE: sslEngine.setNeedClientAuth(false); sslEngine.setWantClientAuth(false); break;
engine.setUseClientMode(clientMode); if (!clientMode) { final SslClientAuthMode clientAuthMode = UndertowAcceptingSslChannel.this.clientAuthMode; if (clientAuthMode != null) switch (clientAuthMode) { case NOT_REQUESTED: engine.setNeedClientAuth(false); engine.setWantClientAuth(false); break; break; case REQUIRED: engine.setNeedClientAuth(true); break; default:
} else { final SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(false); sslEngine.setNeedClientAuth(true); break; case WANT: break; case NONE: sslEngine.setNeedClientAuth(false); sslEngine.setWantClientAuth(false); break;
/** * Creates a new SSL Engine that is configured to use server mode when handshaking. * * For Openfire, an engine is of this mode used for most purposes (as Openfire is a server by nature). * * @return A new, initialized SSLEngine instance (never null). */ public SSLEngine createServerModeSSLEngine() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException { final SSLEngine sslEngine = createSSLEngine( ); sslEngine.setUseClientMode( false ); switch ( configuration.getClientAuth() ) { case needed: sslEngine.setNeedClientAuth( true ); break; case wanted: sslEngine.setWantClientAuth( true ); break; case disabled: sslEngine.setWantClientAuth( false ); break; } return sslEngine; }
@SuppressWarnings("deprecation") private SSLEngine configureAndWrapEngine(SSLEngine engine, ByteBufAllocator alloc) { engine.setEnabledCipherSuites(cipherSuites); engine.setEnabledProtocols(protocols); engine.setUseClientMode(isClient()); if (isServer()) { switch (clientAuth) { case OPTIONAL: engine.setWantClientAuth(true); break; case REQUIRE: engine.setNeedClientAuth(true); break; case NONE: break; // exhaustive cases default: throw new Error("Unknown auth " + clientAuth); } } JdkApplicationProtocolNegotiator.SslEngineWrapperFactory factory = apn.wrapperFactory(); if (factory instanceof JdkApplicationProtocolNegotiator.AllocatorAwareSslEngineWrapperFactory) { return ((JdkApplicationProtocolNegotiator.AllocatorAwareSslEngineWrapperFactory) factory) .wrapSslEngine(engine, alloc, apn, isServer()); } return factory.wrapSslEngine(engine, apn, isServer()); }
sslEngine.setUseClientMode(false); if (enabledCipherSuites != null) { sslEngine.setEnabledCipherSuites(enabledCipherSuites); sslEngine.setNeedClientAuth(needClientAuth);