public String[] getProtocols() { return delegate.getProtocols(); }
protected String[] getFilteredProtocols(SSLParameters sslParameters) { return getFilteredProtocols(sslParameters.getProtocols()); }
public SSLParameters getDefaultSSLParameters(final SSLContext sslContext, final SSLParameters original) { final SSLParameters supportedSSLParameters = sslContext.getSupportedSSLParameters(); configure(original, supportedSSLParameters.getProtocols(), supportedSSLParameters.getCipherSuites()); return original; }
/** * Sets various SSL handshake parameters based on the SSLParameter * argument. Specifically, sets the SSLEngine's enabled cipher * suites if the parameter's cipher suites are non-null. Similarly * sets the enabled protocols. If the parameters specify the want * or need for client authentication, those requirements are set * on the SSLEngine, otherwise both are set to false. * @since 1.6 */ public void setSSLParameters(SSLParameters p) { String[] cipherSuites = p.getCipherSuites(); if (cipherSuites != null) { setEnabledCipherSuites(cipherSuites); } String[] protocols = p.getProtocols(); if (protocols != null) { setEnabledProtocols(protocols); } if (p.getNeedClientAuth()) { setNeedClientAuth(true); } else if (p.getWantClientAuth()) { setWantClientAuth(true); } else { setWantClientAuth(false); } } }
/** * Sets various SSL handshake parameters based on the SSLParameter * argument. Specifically, sets the SSLSocket's enabled cipher * suites if the parameter's cipher suites are non-null. Similarly * sets the enabled protocols. If the parameters specify the want * or need for client authentication, those requirements are set * on the SSLSocket, otherwise both are set to false. * @since 1.6 */ public void setSSLParameters(SSLParameters p) { String[] cipherSuites = p.getCipherSuites(); if (cipherSuites != null) { setEnabledCipherSuites(cipherSuites); } String[] protocols = p.getProtocols(); if (protocols != null) { setEnabledProtocols(protocols); } if (p.getNeedClientAuth()) { setNeedClientAuth(true); } else if (p.getWantClientAuth()) { setWantClientAuth(true); } else { setWantClientAuth(false); } } }
if (log.isDebugEnabled()) { log.debug("SSL context params - need client auth: {} want client auth: {} endpoint id algorithm: {}", params.getNeedClientAuth(), params.getWantClientAuth(), params.getEndpointIdentificationAlgorithm()); String[] supportedProtocols = params.getProtocols(); for (String protocol : supportedProtocols) { log.debug("SSL context supported protocol: {}", protocol);
sslProtocols = parameters.getProtocols(); } else { List<String> supportedProtocols = Arrays.asList(parameters.getProtocols()); List<String> sslProtocolsList = new ArrayList<String>(Arrays.asList(sslProtocols));
protected void secureConfigurationCheck() { if (isTrustAll()) LOG_CONFIG.warn("Trusting all certificates configured for {}",this); if (getEndpointIdentificationAlgorithm()==null) LOG_CONFIG.warn("No Client EndPointIdentificationAlgorithm configured for {}",this); SSLEngine engine = _factory._context.createSSLEngine(); customize(engine); SSLParameters supported = engine.getSSLParameters(); for (String protocol : supported.getProtocols()) { for (String excluded : DEFAULT_EXCLUDED_PROTOCOLS) { if (excluded.equals(protocol)) LOG_CONFIG.warn("Protocol {} not excluded for {}", protocol, this); } } for (String suite : supported.getCipherSuites()) { for (String excludedSuiteRegex : DEFAULT_EXCLUDED_CIPHER_SUITES) { if (suite.matches(excludedSuiteRegex)) LOG_CONFIG.warn("Weak cipher suite {} enabled for {}", suite, this); } } }
SSLParameters supported = context.getSupportedSSLParameters(); selectCipherSuites(enabled.getCipherSuites(), supported.getCipherSuites()); selectProtocols(enabled.getProtocols(), supported.getProtocols()); LOG.debug("Selected Protocols {} of {}", Arrays.asList(_selectedProtocols), Arrays.asList(supported.getProtocols())); LOG.debug("Selected Ciphers {} of {}", Arrays.asList(_selectedCipherSuites), Arrays.asList(supported.getCipherSuites()));
private static String[] getDefaultProtocols() { try { return SSLContext.getDefault().getDefaultSSLParameters().getProtocols(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } }
private static String[] getDefaultProtocols() { try { return SSLContext.getDefault().getDefaultSSLParameters().getProtocols(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } }
public SSLSocketDecorator(@NotNull final Socket socket, @NotNull final SSLContext sslContext) { this.socket = socket; this.sslSocketFactory = sslContext.getSocketFactory(); contextSupportedProtocols = sslContext.getSupportedSSLParameters().getProtocols(); contextEnabledProtocols = sslContext.getDefaultSSLParameters().getProtocols(); }
/** * @return the list of supported ssl protocols by the default * {@link SSLContext} */ private String[] getSupportedSslProtocols() { try { SSLContext sslContext = SSLContext.getDefault(); return sslContext.getSupportedSSLParameters().getProtocols(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(sm.getString("jndiRealm.exception"), e); } }
/** * * @param context . */ private static void printSupportedParameters(final SSLContext context) { final SSLParameters params = context.getSupportedSSLParameters(); if (debugEnabled) log.debug("supported protocols: {}, supported cipher suites: {}", Arrays.asList(params.getProtocols()), Arrays.asList(params.getCipherSuites())); } }
/** * @return the list of supported ssl protocols by the default * {@link SSLContext} */ private String[] getSupportedSslProtocols() { try { SSLContext sslContext = SSLContext.getDefault(); return sslContext.getSupportedSSLParameters().getProtocols(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(sm.getString("jndiRealm.exception"), e); } }
public RestrictedSSLSocketFactory(SSLContext sslContext, String[] cipherSuites, String[] protocols) { this.sslSocketFactory = sslContext.getSocketFactory(); if (cipherSuites == null) { cipherSuites = sslSocketFactory.getDefaultCipherSuites(); } this.enabledCipherSuites = ArrayUtils.intersection(cipherSuites, sslSocketFactory.getSupportedCipherSuites()); this.defaultCipherSuites = ArrayUtils.intersection(cipherSuites, sslSocketFactory.getDefaultCipherSuites()); if (protocols == null) { protocols = sslContext.getDefaultSSLParameters().getProtocols(); } this.enabledProtocols = ArrayUtils.intersection(protocols, sslContext.getSupportedSSLParameters().getProtocols()); }
public SSLParameters getDefaultSSLParameters(final SSLContext sslContext, final SSLParameters original) { final SSLParameters supportedSSLParameters = sslContext.getSupportedSSLParameters(); configure(original, supportedSSLParameters.getProtocols(), supportedSSLParameters.getCipherSuites()); return original; }
public SSLParameters getDefaultSSLParameters(final SSLContext sslContext, final SSLParameters original) { final SSLParameters supportedSSLParameters = sslContext.getSupportedSSLParameters(); configure(original, supportedSSLParameters.getProtocols(), supportedSSLParameters.getCipherSuites()); return original; }
public SSLParameters getDefaultSSLParameters(final SSLContext sslContext, final SSLParameters original) { final SSLParameters supportedSSLParameters = sslContext.getSupportedSSLParameters(); configure(original, supportedSSLParameters.getProtocols(), supportedSSLParameters.getCipherSuites()); return original; }
/** * Print the specified SSL parameters into a string. * @param params the parameters to print. * @return a formatted string describing the SSL parameters. */ public static String dumpSSLParameters(final SSLParameters params) { return String.format("protocols=%s, needCLientAuth=%b, wantClientAuth=%b, cipher suites=%s", StringUtils.arrayToString(params.getProtocols()), params.getNeedClientAuth(), params.getWantClientAuth(), StringUtils.arrayToString(params.getCipherSuites())); }