public static Handshake get(SSLSession session) throws IOException { String cipherSuiteString = session.getCipherSuite(); if (cipherSuiteString == null) throw new IllegalStateException("cipherSuite == null"); if ("SSL_NULL_WITH_NULL_NULL".equals(cipherSuiteString)) { throw new IOException("cipherSuite == SSL_NULL_WITH_NULL_NULL"); } CipherSuite cipherSuite = CipherSuite.forJavaName(cipherSuiteString); String tlsVersionString = session.getProtocol(); if (tlsVersionString == null) throw new IllegalStateException("tlsVersion == null"); if ("NONE".equals(tlsVersionString)) throw new IOException("tlsVersion == NONE"); TlsVersion tlsVersion = TlsVersion.forJavaName(tlsVersionString); Certificate[] peerCertificates; try { peerCertificates = session.getPeerCertificates(); } catch (SSLPeerUnverifiedException ignored) { peerCertificates = null; } List<Certificate> peerCertificatesList = peerCertificates != null ? Util.immutableList(peerCertificates) : Collections.emptyList(); Certificate[] localCertificates = session.getLocalCertificates(); List<Certificate> localCertificatesList = localCertificates != null ? Util.immutableList(localCertificates) : Collections.emptyList(); return new Handshake(tlsVersion, cipherSuite, peerCertificatesList, localCertificatesList); }
public String getProtocol() { final String protocol = unwrap().getProtocol(); final String applicationProtocol = this.applicationProtocol; if (applicationProtocol == null) { if (protocol != null) { return protocol.replace(':', '_'); } else { return null; } } final StringBuilder buf = new StringBuilder(32); if (protocol != null) { buf.append(protocol.replace(':', '_')); buf.append(':'); } else { buf.append("null:"); } buf.append(applicationProtocol); return buf.toString(); }
if (log.isDebugEnabled()) { log.debug("Verifying HostName for {}, Cipher {}, Protocols {}", hostname, sslSession.getCipherSuite(), sslSession.getProtocol());
public static Handshake get(SSLSession session) { String cipherSuiteString = session.getCipherSuite(); if (cipherSuiteString == null) throw new IllegalStateException("cipherSuite == null"); CipherSuite cipherSuite = CipherSuite.forJavaName(cipherSuiteString); String tlsVersionString = session.getProtocol(); if (tlsVersionString == null) throw new IllegalStateException("tlsVersion == null"); TlsVersion tlsVersion = TlsVersion.forJavaName(tlsVersionString); Certificate[] peerCertificates; try { peerCertificates = session.getPeerCertificates(); } catch (SSLPeerUnverifiedException ignored) { peerCertificates = null; } List<Certificate> peerCertificatesList = peerCertificates != null ? Util.immutableList(peerCertificates) : Collections.<Certificate>emptyList(); Certificate[] localCertificates = session.getLocalCertificates(); List<Certificate> localCertificatesList = localCertificates != null ? Util.immutableList(localCertificates) : Collections.<Certificate>emptyList(); return new Handshake(tlsVersion, cipherSuite, peerCertificatesList, localCertificatesList); }
private static SSLEngine wrapEngine(final SSLEngine engine) { final SSLSession session = engine.getHandshakeSession(); if (session != null && SslUtils.PROTOCOL_TLS_V1_3.equals(session.getProtocol())) { return new JdkSslEngine(engine) { @Override
@Override public void userEventTriggered( ChannelHandlerContext ctx, Object evt ) throws Exception { if ( evt instanceof SslHandshakeCompletionEvent ) { SslHandshakeCompletionEvent sslHandshakeEvent = (SslHandshakeCompletionEvent) evt; if ( sslHandshakeEvent.cause() == null ) { SslHandler sslHandler = ctx.pipeline().get( SslHandler.class ); String ciphers = sslHandler.engine().getSession().getCipherSuite(); String protocols = sslHandler.engine().getSession().getProtocol(); ctx.fireUserEventTriggered( new SslHandlerDetailsRegisteredEvent( ciphers, protocols ) ); } } ctx.fireUserEventTriggered( evt ); } }
public static Handshake get(SSLSession session) throws IOException { String cipherSuiteString = session.getCipherSuite(); if (cipherSuiteString == null) throw new IllegalStateException("cipherSuite == null"); if ("SSL_NULL_WITH_NULL_NULL".equals(cipherSuiteString)) { throw new IOException("cipherSuite == SSL_NULL_WITH_NULL_NULL"); } CipherSuite cipherSuite = CipherSuite.forJavaName(cipherSuiteString); String tlsVersionString = session.getProtocol(); if (tlsVersionString == null) throw new IllegalStateException("tlsVersion == null"); if ("NONE".equals(tlsVersionString)) throw new IOException("tlsVersion == NONE"); TlsVersion tlsVersion = TlsVersion.forJavaName(tlsVersionString); Certificate[] peerCertificates; try { peerCertificates = session.getPeerCertificates(); } catch (SSLPeerUnverifiedException ignored) { peerCertificates = null; } List<Certificate> peerCertificatesList = peerCertificates != null ? Util.immutableList(peerCertificates) : Collections.emptyList(); Certificate[] localCertificates = session.getLocalCertificates(); List<Certificate> localCertificatesList = localCertificates != null ? Util.immutableList(localCertificates) : Collections.emptyList(); return new Handshake(tlsVersion, cipherSuite, peerCertificatesList, localCertificatesList); }
private static SSLSession newSslSession() { final SSLSession sslSession = mock(SSLSession.class); when(sslSession.getId()).thenReturn(new byte[] { 1, 1, 2, 3, 5, 8, 13, 21 }); when(sslSession.getProtocol()).thenReturn("TLSv1.2"); when(sslSession.getCipherSuite()).thenReturn("some-cipher"); return sslSession; }
private void exportTlsProperties(Map<String, String> out, RequestContext ctx) { final SSLSession s = ctx.sslSession(); if (s != null) { if (builtIns.contains(TLS_SESSION_ID)) { final byte[] id = s.getId(); if (id != null) { out.put(TLS_SESSION_ID.mdcKey, lowerCasedBase16.encode(id)); } } if (builtIns.contains(TLS_CIPHER)) { final String cs = s.getCipherSuite(); if (cs != null) { out.put(TLS_CIPHER.mdcKey, cs); } } if (builtIns.contains(TLS_PROTO)) { final String p = s.getProtocol(); if (p != null) { out.put(TLS_PROTO.mdcKey, p); } } } }
protected SSLSocket createSocketTo(Address target) throws Exception { SSLContext ctx=getContext(); SSLSocketFactory sslSocketFactory=ctx.getSocketFactory(); IpAddress dest=(IpAddress)down_prot.down(new Event(Event.GET_PHYSICAL_ADDRESS, target)); SSLSocket sock=null; for(int i=0; i < port_range; i++) { try { sock=(SSLSocket)sslSocketFactory.createSocket(dest.getIpAddress(), port+i); sock.setSoTimeout(socket_timeout); sock.setEnabledCipherSuites(sock.getSupportedCipherSuites()); sock.startHandshake(); SSLSession sslSession=sock.getSession(); log.debug("%s: created SSL connection to %s (%s); protocol: %s, cipher suite: %s", local_addr, target, sock.getRemoteSocketAddress(), sslSession.getProtocol(), sslSession.getCipherSuite()); if(session_verifier != null) session_verifier.verify(sslSession); return sock; } catch(SecurityException sec_ex) { throw sec_ex; } catch(Throwable t) { } } throw new IllegalStateException(String.format("failed connecting to %s (port range [%d - %d])", dest.getIpAddress(), port, port+port_range)); }
local_addr, client_sock.getRemoteSocketAddress(), sslSession.getProtocol(), sslSession.getCipherSuite());
SslHandshakeInfo info = new SslHandshakeInfo(isSSlFromIntermediary, session.getProtocol(), session.getCipherSuite(), clientAuth, serverCert, peerCert); ctx.channel().attr(ATTR_SSL_INFO).set(info);
SslHandshakeInfo info = new SslHandshakeInfo(isSSlFromIntermediary, session.getProtocol(), session.getCipherSuite(), clientAuth, serverCert, peerCert); ctx.channel().attr(ATTR_SSL_INFO).set(info);
log.debug("Finished ssl handshake [protocol=" + sslSes.getProtocol() + ", cipherSuite=" + sslSes.getCipherSuite() + ", ses=" + ses + ']');
private static SSLEngine wrapEngine(final SSLEngine engine) { final SSLSession session = engine.getHandshakeSession(); if (session != null && SslUtils.PROTOCOL_TLS_V1_3.equals(session.getProtocol())) { return new JdkSslEngine(engine) { @Override
@Override public String getProtocol() { return _sslEngine.getSession().getProtocol(); }
@Override public String getProtocol() { return _sslEngine.getSession().getProtocol(); }
private boolean isTLS13() { String protocol = _sslEngine.getSession().getProtocol(); return TLS_1_3.equals(protocol); }
public class MyHandshakeCompletedListener implements HandshakeCompletedListener { @Override public void handshakeCompleted(HandshakeCompletedEvent event) { SSLSession session = event.getSession(); String protocol = session.getProtocol(); String cipherSuite = session.getCipherSuite(); String peerName = null; try { peerName = session.getPeerPrincipal().getName(); } catch (SSLPeerUnverifiedException e) { } }
@Override public void handshakeCompleted(final HandshakeCompletedEvent event) { log.info(String.format("Completed handshake with %s and negotiated cipher suite %s", event.getSession().getProtocol(), event.getCipherSuite())); ((SSLSocket) socket).removeHandshakeCompletedListener(this); } });