javax.net.ssl.SSLSessionContext Java Examples

The following examples show how to use javax.net.ssl.SSLSessionContext. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SSLSessionImpl.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * For server sessions, this returns the set of sessions which
 * are currently valid in this process.  For client sessions,
 * this returns null.
 */
@Override
public SSLSessionContext getSessionContext() {
    /*
     * An interim security policy until we can do something
     * more specific in 1.2. Only allow trusted code (code which
     * can set system properties) to get an
     * SSLSessionContext. This is to limit the ability of code to
     * look up specific sessions or enumerate over them. Otherwise,
     * code can only get session objects from successful SSL
     * connections which implies that they must have had permission
     * to make the network connection in the first place.
     */
    SecurityManager sm;
    if ((sm = System.getSecurityManager()) != null) {
        sm.checkPermission(new SSLPermission("getSSLSessionContext"));
    }

    return context;
}
 
Example #2
Source File: SSLSessionImpl.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * For server sessions, this returns the set of sessions which
 * are currently valid in this process.  For client sessions,
 * this returns null.
 */
@Override
public SSLSessionContext getSessionContext() {
    /*
     * An interim security policy until we can do something
     * more specific in 1.2. Only allow trusted code (code which
     * can set system properties) to get an
     * SSLSessionContext. This is to limit the ability of code to
     * look up specific sessions or enumerate over them. Otherwise,
     * code can only get session objects from successful SSL
     * connections which implies that they must have had permission
     * to make the network connection in the first place.
     */
    SecurityManager sm;
    if ((sm = System.getSecurityManager()) != null) {
        sm.checkPermission(new SSLPermission("getSSLSessionContext"));
    }

    return context;
}
 
Example #3
Source File: SSLSessionImpl.java    From jdk8u_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * For server sessions, this returns the set of sessions which
 * are currently valid in this process.  For client sessions,
 * this returns null.
 */
@Override
public SSLSessionContext getSessionContext() {
    /*
     * An interim security policy until we can do something
     * more specific in 1.2. Only allow trusted code (code which
     * can set system properties) to get an
     * SSLSessionContext. This is to limit the ability of code to
     * look up specific sessions or enumerate over them. Otherwise,
     * code can only get session objects from successful SSL
     * connections which implies that they must have had permission
     * to make the network connection in the first place.
     */
    SecurityManager sm;
    if ((sm = System.getSecurityManager()) != null) {
        sm.checkPermission(new SSLPermission("getSSLSessionContext"));
    }

    return context;
}
 
Example #4
Source File: JSSESocketFactory.java    From tomcatsrc with Apache License 2.0 6 votes vote down vote up
@Override
public void configureSessionContext(SSLSessionContext sslSessionContext) {
    int sessionCacheSize;
    if (endpoint.getSessionCacheSize() != null) {
        sessionCacheSize = Integer.parseInt(
                endpoint.getSessionCacheSize());
    } else {
        sessionCacheSize = defaultSessionCacheSize;
    }

    int sessionTimeout;
    if (endpoint.getSessionTimeout() != null) {
        sessionTimeout = Integer.parseInt(endpoint.getSessionTimeout());
    } else {
        sessionTimeout = defaultSessionTimeout;
    }

    sslSessionContext.setSessionCacheSize(sessionCacheSize);
    sslSessionContext.setSessionTimeout(sessionTimeout);
}
 
Example #5
Source File: SSLSessionImpl.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
/**
 * For server sessions, this returns the set of sessions which
 * are currently valid in this process.  For client sessions,
 * this returns null.
 */
@Override
public SSLSessionContext getSessionContext() {
    /*
     * An interim security policy until we can do something
     * more specific in 1.2. Only allow trusted code (code which
     * can set system properties) to get an
     * SSLSessionContext. This is to limit the ability of code to
     * look up specific sessions or enumerate over them. Otherwise,
     * code can only get session objects from successful SSL
     * connections which implies that they must have had permission
     * to make the network connection in the first place.
     */
    SecurityManager sm;
    if ((sm = System.getSecurityManager()) != null) {
        sm.checkPermission(new SSLPermission("getSSLSessionContext"));
    }

    return context;
}
 
Example #6
Source File: SSLSessionImpl.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
/**
 * For server sessions, this returns the set of sessions which
 * are currently valid in this process.  For client sessions,
 * this returns null.
 */
@Override
public SSLSessionContext getSessionContext() {
    /*
     * An interim security policy until we can do something
     * more specific in 1.2. Only allow trusted code (code which
     * can set system properties) to get an
     * SSLSessionContext. This is to limit the ability of code to
     * look up specific sessions or enumerate over them. Otherwise,
     * code can only get session objects from successful SSL
     * connections which implies that they must have had permission
     * to make the network connection in the first place.
     */
    SecurityManager sm;
    if ((sm = System.getSecurityManager()) != null) {
        sm.checkPermission(new SSLPermission("getSSLSessionContext"));
    }

    return context;
}
 
Example #7
Source File: AmqpPortImpl.java    From qpid-broker-j with Apache License 2.0 6 votes vote down vote up
private SSLContext createSslContext()
{
    KeyStore keyStore = getKeyStore();
    Collection<TrustStore> trustStores = getTrustStores();

    boolean needClientCert = (Boolean)getAttribute(NEED_CLIENT_AUTH) || (Boolean)getAttribute(WANT_CLIENT_AUTH);
    if (needClientCert && trustStores.isEmpty())
    {
        throw new IllegalConfigurationException("Client certificate authentication is enabled on AMQP port '"
                + this.getName() + "' but no trust store defined");
    }

    SSLContext sslContext = SSLUtil.createSslContext(keyStore, trustStores, getName());
    SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
    if (getTLSSessionCacheSize() > 0)
    {
        serverSessionContext.setSessionCacheSize(getTLSSessionCacheSize());
    }
    if (getTLSSessionTimeout() > 0)
    {
        serverSessionContext.setSessionTimeout(getTLSSessionTimeout());
    }

    return sslContext;
}
 
Example #8
Source File: SslContexts.java    From styx with Apache License 2.0 6 votes vote down vote up
private static void registerOpenSslStats(SslContext sslContext, MetricRegistry metricRegistry) {
    SSLSessionContext sslSessionContext = sslContext.sessionContext();
    if (sslSessionContext instanceof OpenSslSessionContext) {
        OpenSslSessionStats stats = ((OpenSslSessionContext) sslSessionContext).stats();
        MetricRegistry sessionStatsRegistry = metricRegistry.scope("connections.openssl.session");
        sessionStatsRegistry.register("number", (Gauge<Long>) stats::number);
        sessionStatsRegistry.register("accept", (Gauge<Long>) stats::accept);
        sessionStatsRegistry.register("acceptGood", (Gauge<Long>) stats::acceptGood);
        sessionStatsRegistry.register("acceptRenegotiate", (Gauge<Long>) stats::acceptRenegotiate);
        sessionStatsRegistry.register("hits", (Gauge<Long>) stats::hits);
        sessionStatsRegistry.register("misses", (Gauge<Long>) stats::misses);
        sessionStatsRegistry.register("cbHits", (Gauge<Long>) stats::cbHits);
        sessionStatsRegistry.register("cacheFull", (Gauge<Long>) stats::cacheFull);
        sessionStatsRegistry.register("timeouts", (Gauge<Long>) stats::timeouts);
    }
}
 
Example #9
Source File: SSLSessionImpl.java    From Bytecoder with Apache License 2.0 6 votes vote down vote up
/**
 * For server sessions, this returns the set of sessions which
 * are currently valid in this process.  For client sessions,
 * this returns null.
 */
@Override
public SSLSessionContext getSessionContext() {
    /*
     * An interim security policy until we can do something
     * more specific in 1.2. Only allow trusted code (code which
     * can set system properties) to get an
     * SSLSessionContext. This is to limit the ability of code to
     * look up specific sessions or enumerate over them. Otherwise,
     * code can only get session objects from successful SSL
     * connections which implies that they must have had permission
     * to make the network connection in the first place.
     */
    SecurityManager sm;
    if ((sm = System.getSecurityManager()) != null) {
        sm.checkPermission(new SSLPermission("getSSLSessionContext"));
    }

    return context;
}
 
Example #10
Source File: SSLSessionImpl.java    From openjsse with GNU General Public License v2.0 6 votes vote down vote up
/**
 * For server sessions, this returns the set of sessions which
 * are currently valid in this process.  For client sessions,
 * this returns null.
 */
@Override
public SSLSessionContext getSessionContext() {
    /*
     * An interim security policy until we can do something
     * more specific in 1.2. Only allow trusted code (code which
     * can set system properties) to get an
     * SSLSessionContext. This is to limit the ability of code to
     * look up specific sessions or enumerate over them. Otherwise,
     * code can only get session objects from successful SSL
     * connections which implies that they must have had permission
     * to make the network connection in the first place.
     */
    SecurityManager sm;
    if ((sm = System.getSecurityManager()) != null) {
        sm.checkPermission(new SSLPermission("getSSLSessionContext"));
    }

    return context;
}
 
Example #11
Source File: SSLSessionImpl.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
/**
 * For server sessions, this returns the set of sessions which
 * are currently valid in this process.  For client sessions,
 * this returns null.
 */
@Override
public SSLSessionContext getSessionContext() {
    /*
     * An interim security policy until we can do something
     * more specific in 1.2. Only allow trusted code (code which
     * can set system properties) to get an
     * SSLSessionContext. This is to limit the ability of code to
     * look up specific sessions or enumerate over them. Otherwise,
     * code can only get session objects from successful SSL
     * connections which implies that they must have had permission
     * to make the network connection in the first place.
     */
    SecurityManager sm;
    if ((sm = System.getSecurityManager()) != null) {
        sm.checkPermission(new SSLPermission("getSSLSessionContext"));
    }

    return context;
}
 
Example #12
Source File: SSLSessionImpl.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * For server sessions, this returns the set of sessions which
 * are currently valid in this process.  For client sessions,
 * this returns null.
 */
@Override
public SSLSessionContext getSessionContext() {
    /*
     * An interim security policy until we can do something
     * more specific in 1.2. Only allow trusted code (code which
     * can set system properties) to get an
     * SSLSessionContext. This is to limit the ability of code to
     * look up specific sessions or enumerate over them. Otherwise,
     * code can only get session objects from successful SSL
     * connections which implies that they must have had permission
     * to make the network connection in the first place.
     */
    SecurityManager sm;
    if ((sm = System.getSecurityManager()) != null) {
        sm.checkPermission(new SSLPermission("getSSLSessionContext"));
    }

    return context;
}
 
Example #13
Source File: SSLSessionImpl.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * For server sessions, this returns the set of sessions which
 * are currently valid in this process.  For client sessions,
 * this returns null.
 */
@Override
public SSLSessionContext getSessionContext() {
    /*
     * An interim security policy until we can do something
     * more specific in 1.2. Only allow trusted code (code which
     * can set system properties) to get an
     * SSLSessionContext. This is to limit the ability of code to
     * look up specific sessions or enumerate over them. Otherwise,
     * code can only get session objects from successful SSL
     * connections which implies that they must have had permission
     * to make the network connection in the first place.
     */
    SecurityManager sm;
    if ((sm = System.getSecurityManager()) != null) {
        sm.checkPermission(new SSLPermission("getSSLSessionContext"));
    }

    return context;
}
 
Example #14
Source File: RestClientTest.java    From hugegraph-common with Apache License 2.0 6 votes vote down vote up
@Test
public void testHostNameVerifier() {
    BiFunction<String, String, Boolean> verifer = (url, hostname) -> {
        AbstractRestClient.HostNameVerifier verifier;
        SSLSession session;
        try {
            SSLSessionContext sc = SSLContext.getDefault()
                                             .getClientSessionContext();
            session = sc.getSession(new byte[]{11});
            verifier = new AbstractRestClient.HostNameVerifier(url);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
        return verifier.verify(hostname, session);
    };

    Assert.assertTrue(verifer.apply("http://baidu.com", "baidu.com"));
    Assert.assertTrue(verifer.apply("http://test1.baidu.com", "baidu.com"));
    Assert.assertTrue(verifer.apply("http://test2.baidu.com", "baidu.com"));
    Assert.assertFalse(verifer.apply("http://baidu2.com", "baidu.com"));
    Assert.assertTrue(verifer.apply("http://baidu.com", ""));
    Assert.assertTrue(verifer.apply("baidu.com", "baidu.com"));
    Assert.assertTrue(verifer.apply("http://baidu.com/test", "baidu.com"));
    Assert.assertTrue(verifer.apply("baidu.com/test/abc", "baidu.com"));
    Assert.assertFalse(verifer.apply("baidu.com.sina.com", "baidu.com"));
}
 
Example #15
Source File: SSLSessionImpl.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * For server sessions, this returns the set of sessions which
 * are currently valid in this process.  For client sessions,
 * this returns null.
 */
@Override
public SSLSessionContext getSessionContext() {
    /*
     * An interim security policy until we can do something
     * more specific in 1.2. Only allow trusted code (code which
     * can set system properties) to get an
     * SSLSessionContext. This is to limit the ability of code to
     * look up specific sessions or enumerate over them. Otherwise,
     * code can only get session objects from successful SSL
     * connections which implies that they must have had permission
     * to make the network connection in the first place.
     */
    SecurityManager sm;
    if ((sm = System.getSecurityManager()) != null) {
        sm.checkPermission(new SSLPermission("getSSLSessionContext"));
    }

    return context;
}
 
Example #16
Source File: SdkTLSSocketFactory.java    From ibm-cos-sdk-java with Apache License 2.0 6 votes vote down vote up
/**
 * Invalidates all SSL/TLS sessions in {@code sessionContext} associated with {@code remoteAddress}.
 *
 * @param sessionContext collection of SSL/TLS sessions to be (potentially) invalidated
 * @param remoteAddress  associated with sessions to invalidate
 */
private void clearSessionCache(final SSLSessionContext sessionContext, final InetSocketAddress remoteAddress) {
    final String hostName = remoteAddress.getHostName();
    final int port = remoteAddress.getPort();
    final Enumeration<byte[]> ids = sessionContext.getIds();

    if (ids == null) {
        return;
    }

    while (ids.hasMoreElements()) {
        final byte[] id = ids.nextElement();
        final SSLSession session = sessionContext.getSession(id);
        if (session != null && session.getPeerHost() != null && session.getPeerHost().equalsIgnoreCase(hostName)
                && session.getPeerPort() == port) {
            session.invalidate();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Invalidated session " + session);
            }
        }
    }
}
 
Example #17
Source File: SSLContextResource.java    From wildfly-core with GNU Lesser General Public License v2.1 5 votes vote down vote up
/**
 * Check if the {@link SSLContext} has any active sessions.
 *
 * @return {@code true} if the {@link SSLContext} is available and has at least one session, {@code false} otherwise.
 */
private boolean hasActiveSessions() {
    final SSLContext sslContext = getSSLContext(sslContextServiceController);
    if (sslContext == null) return false;
    SSLSessionContext sslSessionContext = server ? sslContext.getServerSessionContext() : sslContext.getClientSessionContext();
    return sslSessionContext.getIds().hasMoreElements();
}
 
Example #18
Source File: Timeout.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
//        try {
            SSLServerSocketFactory ssf =
                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
            SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
            String[] protocols = ss.getSupportedProtocols();
            for (int i = 0; i < protocols.length; i++) {
//                try {
                    if (protocols[i].equals("SSLv2Hello")) {
                        continue;
                    }
                    SSLContext sslc = SSLContext.getInstance(protocols[i]);
                    SSLSessionContext sslsc = sslc.getServerSessionContext();
                    System.out.println("Protocol: " + protocols[i]);
                    sslsc.setSessionTimeout(Integer.MAX_VALUE);
                    int newtime = sslsc.getSessionTimeout();
                    if (newtime != Integer.MAX_VALUE) {
                        throw new Exception ("Expected timeout: " +
                            Integer.MAX_VALUE + ", got instead: " +
                            newtime);
                    }
//                } catch (Exception e) {
//                }
            }
//        } catch (Exception e) {
//            System.out.println(e);
//        }
        System.out.println("Finished");
    }
 
Example #19
Source File: DefautlCacheSize.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    SSLServerSocketFactory sssf =
            (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

    try (SSLServerSocket serverSocket =
                (SSLServerSocket)sssf.createServerSocket()) {

        String[] protocols = serverSocket.getSupportedProtocols();
        for (int i = 0; i < protocols.length; i++) {
            if (protocols[i].equals("SSLv2Hello")) {
                continue;
            }
            SSLContext sslContext = SSLContext.getInstance(protocols[i]);
            SSLSessionContext sessionContext =
                    sslContext.getServerSessionContext();
            if (sessionContext.getSessionCacheSize() == 0) {
                throw new Exception(
                    "the default server session cache size is infinite");
            }

            sessionContext = sslContext.getClientSessionContext();
            if (sessionContext.getSessionCacheSize() == 0) {
                throw new Exception(
                    "the default client session cache size is infinite");
            }
        }
    }
}
 
Example #20
Source File: JdkSslContext.java    From netty4.0.27Learn with Apache License 2.0 5 votes vote down vote up
/**
 * Returns the JDK {@link SSLSessionContext} object held by this context.
 */
public final SSLSessionContext sessionContext() {
    if (isServer()) {
        return context().getServerSessionContext();
    } else {
        return context().getClientSessionContext();
    }
}
 
Example #21
Source File: DefautlCacheSize.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    SSLServerSocketFactory sssf =
            (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

    try (SSLServerSocket serverSocket =
                (SSLServerSocket)sssf.createServerSocket()) {

        String[] protocols = serverSocket.getSupportedProtocols();
        for (int i = 0; i < protocols.length; i++) {
            if (protocols[i].equals("SSLv2Hello")) {
                continue;
            }
            SSLContext sslContext = SSLContext.getInstance(protocols[i]);
            SSLSessionContext sessionContext =
                    sslContext.getServerSessionContext();
            if (sessionContext.getSessionCacheSize() == 0) {
                throw new Exception(
                    "the default server session cache size is infinite");
            }

            sessionContext = sslContext.getClientSessionContext();
            if (sessionContext.getSessionCacheSize() == 0) {
                throw new Exception(
                    "the default client session cache size is infinite");
            }
        }
    }
}
 
Example #22
Source File: Timeout.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
//        try {
            SSLServerSocketFactory ssf =
                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
            SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
            String[] protocols = ss.getSupportedProtocols();
            for (int i = 0; i < protocols.length; i++) {
//                try {
                    if (protocols[i].equals("SSLv2Hello")) {
                        continue;
                    }
                    SSLContext sslc = SSLContext.getInstance(protocols[i]);
                    SSLSessionContext sslsc = sslc.getServerSessionContext();
                    System.out.println("Protocol: " + protocols[i]);
                    sslsc.setSessionTimeout(Integer.MAX_VALUE);
                    int newtime = sslsc.getSessionTimeout();
                    if (newtime != Integer.MAX_VALUE) {
                        throw new Exception ("Expected timeout: " +
                            Integer.MAX_VALUE + ", got instead: " +
                            newtime);
                    }
//                } catch (Exception e) {
//                }
            }
//        } catch (Exception e) {
//            System.out.println(e);
//        }
        System.out.println("Finished");
    }
 
Example #23
Source File: Timeout.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
//        try {
            SSLServerSocketFactory ssf =
                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
            SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
            String[] protocols = ss.getSupportedProtocols();
            for (int i = 0; i < protocols.length; i++) {
//                try {
                    if (protocols[i].equals("SSLv2Hello")) {
                        continue;
                    }
                    SSLContext sslc = SSLContext.getInstance(protocols[i]);
                    SSLSessionContext sslsc = sslc.getServerSessionContext();
                    System.out.println("Protocol: " + protocols[i]);
                    sslsc.setSessionTimeout(Integer.MAX_VALUE);
                    int newtime = sslsc.getSessionTimeout();
                    if (newtime != Integer.MAX_VALUE) {
                        throw new Exception ("Expected timeout: " +
                            Integer.MAX_VALUE + ", got instead: " +
                            newtime);
                    }
//                } catch (Exception e) {
//                }
            }
//        } catch (Exception e) {
//            System.out.println(e);
//        }
        System.out.println("Finished");
    }
 
Example #24
Source File: SSLContextResource.java    From wildfly-core with GNU Lesser General Public License v2.1 5 votes vote down vote up
@Override
public boolean hasChild(PathElement element) {
    SSLContext sslContext;
    if (ElytronDescriptionConstants.SSL_SESSION.equals(element.getKey()) && (sslContext = getSSLContext(sslContextServiceController)) != null) {
        byte[] sessionId = ByteIterator.ofBytes(element.getValue().getBytes(StandardCharsets.UTF_8)).asUtf8String().hexDecode().drain();
        SSLSessionContext sslSessionContext = server ? sslContext.getServerSessionContext() : sslContext.getClientSessionContext();
        return sslSessionContext.getSession(sessionId) != null;
    }
    return false;
}
 
Example #25
Source File: Timeout.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
//        try {
            SSLServerSocketFactory ssf =
                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
            SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
            String[] protocols = ss.getSupportedProtocols();
            for (int i = 0; i < protocols.length; i++) {
//                try {
                    if (protocols[i].equals("SSLv2Hello")) {
                        continue;
                    }
                    SSLContext sslc = SSLContext.getInstance(protocols[i]);
                    SSLSessionContext sslsc = sslc.getServerSessionContext();
                    System.out.println("Protocol: " + protocols[i]);
                    sslsc.setSessionTimeout(Integer.MAX_VALUE);
                    int newtime = sslsc.getSessionTimeout();
                    if (newtime != Integer.MAX_VALUE) {
                        throw new Exception ("Expected timeout: " +
                            Integer.MAX_VALUE + ", got instead: " +
                            newtime);
                    }
//                } catch (Exception e) {
//                }
            }
//        } catch (Exception e) {
//            System.out.println(e);
//        }
        System.out.println("Finished");
    }
 
Example #26
Source File: SSLUtilBase.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public void configureSessionContext(SSLSessionContext sslSessionContext) {
    // <0 - don't set anything - use the implementation default
    if (sslHostConfig.getSessionCacheSize() >= 0) {
        sslSessionContext.setSessionCacheSize(sslHostConfig.getSessionCacheSize());
    }

    // <0 - don't set anything - use the implementation default
    if (sslHostConfig.getSessionTimeout() >= 0) {
        sslSessionContext.setSessionTimeout(sslHostConfig.getSessionTimeout());
    }
}
 
Example #27
Source File: Timeout.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
//        try {
            SSLServerSocketFactory ssf =
                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
            SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
            String[] protocols = ss.getSupportedProtocols();
            for (int i = 0; i < protocols.length; i++) {
//                try {
                    if (protocols[i].equals("SSLv2Hello")) {
                        continue;
                    }
                    SSLContext sslc = SSLContext.getInstance(protocols[i]);
                    SSLSessionContext sslsc = sslc.getServerSessionContext();
                    System.out.println("Protocol: " + protocols[i]);
                    sslsc.setSessionTimeout(Integer.MAX_VALUE);
                    int newtime = sslsc.getSessionTimeout();
                    if (newtime != Integer.MAX_VALUE) {
                        throw new Exception ("Expected timeout: " +
                            Integer.MAX_VALUE + ", got instead: " +
                            newtime);
                    }
//                } catch (Exception e) {
//                }
            }
//        } catch (Exception e) {
//            System.out.println(e);
//        }
        System.out.println("Finished");
    }
 
Example #28
Source File: Timeout.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
//        try {
            SSLServerSocketFactory ssf =
                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
            SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
            String[] protocols = ss.getSupportedProtocols();
            for (int i = 0; i < protocols.length; i++) {
//                try {
                    if (protocols[i].equals("SSLv2Hello")) {
                        continue;
                    }
                    SSLContext sslc = SSLContext.getInstance(protocols[i]);
                    SSLSessionContext sslsc = sslc.getServerSessionContext();
                    System.out.println("Protocol: " + protocols[i]);
                    sslsc.setSessionTimeout(Integer.MAX_VALUE);
                    int newtime = sslsc.getSessionTimeout();
                    if (newtime != Integer.MAX_VALUE) {
                        throw new Exception ("Expected timeout: " +
                            Integer.MAX_VALUE + ", got instead: " +
                            newtime);
                    }
//                } catch (Exception e) {
//                }
            }
//        } catch (Exception e) {
//            System.out.println(e);
//        }
        System.out.println("Finished");
    }
 
Example #29
Source File: SSLSessionDefinition.java    From wildfly-core with GNU Lesser General Public License v2.1 5 votes vote down vote up
@Override
protected void performRuntime(ModelNode result, ModelNode operation, SSLContext sslContext) throws OperationFailedException {
    SSLSessionContext sslSessionContext = server ? sslContext.getServerSessionContext() : sslContext.getClientSessionContext();
    SSLSession sslSession = sslSessionContext.getSession(sessionId(operation));
    if (sslSession != null) {
        performRuntime(result, operation, sslSession);
    }
}
 
Example #30
Source File: HttpManagement.java    From qpid-broker-j with Apache License 2.0 5 votes vote down vote up
private SSLContext createSslContext(final HttpPort<?> port)
{
    KeyStore keyStore = port.getKeyStore();
    if (keyStore == null)
    {
        throw new IllegalConfigurationException(
                "Key store is not configured. Cannot start management on HTTPS port without keystore");
    }

    final boolean needClientCert = port.getNeedClientAuth() || port.getWantClientAuth();
    final Collection<TrustStore> trustStores = port.getTrustStores();

    if (needClientCert && trustStores.isEmpty())
    {
        throw new IllegalConfigurationException(String.format(
                "Client certificate authentication is enabled on HTTPS port '%s' but no trust store defined",
                this.getName()));
    }

    final SSLContext sslContext = SSLUtil.createSslContext(port.getKeyStore(), trustStores, port.getName());
    final SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
    if (port.getTLSSessionCacheSize() > 0)
    {
        serverSessionContext.setSessionCacheSize(port.getTLSSessionCacheSize());
    }
    if (port.getTLSSessionTimeout() > 0)
    {
        serverSessionContext.setSessionTimeout(port.getTLSSessionTimeout());
    }
    return sslContext;
}