Java Code Examples for javax.net.ssl.SSLServerSocket#setNeedClientAuth()

The following examples show how to use javax.net.ssl.SSLServerSocket#setNeedClientAuth() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SslContextFactory.java    From IoTgo_Android_App with MIT License 6 votes vote down vote up
public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException
{
    SSLServerSocketFactory factory = _context.getServerSocketFactory();

    SSLServerSocket socket =
        (SSLServerSocket) (host==null ?
                    factory.createServerSocket(port,backlog):
                    factory.createServerSocket(port,backlog,InetAddress.getByName(host)));

    if (getWantClientAuth())
        socket.setWantClientAuth(getWantClientAuth());
    if (getNeedClientAuth())
        socket.setNeedClientAuth(getNeedClientAuth());

    socket.setEnabledCipherSuites(selectCipherSuites(
                                        socket.getEnabledCipherSuites(),
                                        socket.getSupportedCipherSuites()));
    socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));

    return socket;
}
 
Example 2
Source File: HandshakeCompletedEventTest.java    From j2objc with Apache License 2.0 6 votes vote down vote up
public TestServer(boolean provideKeys, int clientAuth, String keys) throws Exception {
    this.keys = keys;
    this.clientAuth = clientAuth;
    this.provideKeys = provideKeys;

    trustManager = new TestTrustManager();

    KeyManager[] keyManagers = provideKeys ? getKeyManagers(keys) : null;
    TrustManager[] trustManagers = new TrustManager[] { trustManager };

    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(keyManagers, trustManagers, null);

    serverSocket = (SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket();

    if (clientAuth == CLIENT_AUTH_WANTED) {
        serverSocket.setWantClientAuth(true);
    } else if (clientAuth == CLIENT_AUTH_NEEDED) {
        serverSocket.setNeedClientAuth(true);
    } else {
        serverSocket.setWantClientAuth(false);
    }

    serverSocket.bind(new InetSocketAddress(0));
}
 
Example 3
Source File: GfxdTSSLServerSocketFactory.java    From gemfirexd-oss with Apache License 2.0 6 votes vote down vote up
private static GfxdTSSLServerSocket createServer(
    SSLServerSocketFactory factory, InetSocketAddress bindAddress,
    SocketParameters params) throws TTransportException {
  try {
    SSLServerSocket serverSocket = (SSLServerSocket)factory
        .createServerSocket(bindAddress.getPort(), 100,
            bindAddress.getAddress());
    if (params != null) {
      if (params.getSSLEnabledProtocols() != null) {
        serverSocket.setEnabledProtocols(params.getSSLEnabledProtocols());
      }
      if (params.getSSLCipherSuites() != null) {
        serverSocket.setEnabledCipherSuites(params.getSSLCipherSuites());
      }
      serverSocket.setNeedClientAuth(params.getSSLClientAuth());
    }
    return new GfxdTSSLServerSocket(serverSocket, bindAddress, params);
  } catch (Exception e) {
    throw new TTransportException(TTransportException.NOT_OPEN,
        "Could not bind to host:port " + bindAddress.toString(), e);
  }
}
 
Example 4
Source File: SocketFactory.java    From dacapobench with Apache License 2.0 6 votes vote down vote up
/**
 * Set the server socket configuration to our required
 * QOS values.
 *
 * A small experiment shows that setting either (want, need) parameter to either true or false sets the
 * other parameter to false.
 *
 * @param serverSocket
 *               The newly created SSLServerSocket.
 *
 * @throws IOException if server socket can't be configured
 */
private void configureServerSocket(SSLServerSocket serverSocket) throws IOException {
    // set the authentication value and cipher suite info.
    serverSocket.setEnabledCipherSuites(cipherSuites);
    if (clientAuthRequired) {
        serverSocket.setNeedClientAuth(true);
    } else if (clientAuthSupported) {
        serverSocket.setWantClientAuth(true);
    } else {
        serverSocket.setNeedClientAuth(false); //could set want with the same effect
    }
    serverSocket.setSoTimeout(SOCKET_TIMEOUT_MS);

    if (log.isDebugEnabled()) {
        log.debug("Created SSL server socket on port " + serverSocket.getLocalPort());
        log.debug("    client authentication " + (clientAuthSupported ? "SUPPORTED" : "UNSUPPORTED"));
        log.debug("    client authentication " + (clientAuthRequired ? "REQUIRED" : "OPTIONAL"));
        log.debug("    cipher suites:");

        for (int i = 0; i < cipherSuites.length; i++) {
            log.debug("    " + cipherSuites[i]);
        }
    }
}
 
Example 5
Source File: TSSLTransportFactory.java    From incubator-retired-blur with Apache License 2.0 5 votes vote down vote up
private static TServerSocket createServer(SSLServerSocketFactory factory, int port, int timeout, boolean clientAuth,
                                  InetAddress ifAddress, TSSLTransportParameters params) throws TTransportException {
  try {
    SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(port, 100, ifAddress);
    serverSocket.setSoTimeout(timeout);
    serverSocket.setNeedClientAuth(clientAuth);
    if (params != null && params.cipherSuites != null) {
      serverSocket.setEnabledCipherSuites(params.cipherSuites);
    }
    return new TServerSocket(serverSocket, timeout);
  } catch (Exception e) {
    throw new TTransportException("Could not bind to port " + port, e);
  }
}
 
Example 6
Source File: NetworkServerControlImpl.java    From spliceengine with GNU Affero General Public License v3.0 5 votes vote down vote up
/**
 * Create the right kind of server socket
 */

private ServerSocket createServerSocket()
	throws IOException
{
	if (hostAddress == null)
		hostAddress = InetAddress.getByName(hostArg);
	// Make a list of valid
	// InetAddresses for NetworkServerControl
	// admin commands.
	buildLocalAddressList(hostAddress);
										
	// Create the right kind of socket
	switch (getSSLMode()) {
	case SSL_OFF:
	default:
		ServerSocketFactory sf =
			ServerSocketFactory.getDefault();
		return sf.createServerSocket(portNumber
									 ,0,
									 hostAddress);
	case SSL_BASIC:
		SSLServerSocketFactory ssf =
			(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
		return (SSLServerSocket)ssf.createServerSocket(portNumber,
													   0,
													   hostAddress);
	case SSL_PEER_AUTHENTICATION:
		SSLServerSocketFactory ssf2 =
			(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
		SSLServerSocket sss2= 
			(SSLServerSocket)ssf2.createServerSocket(portNumber,
													 0,
													 hostAddress);
		sss2.setNeedClientAuth(true);
		return sss2;
	}
}
 
Example 7
Source File: JSSESocketFactory.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
/**
 * Configure Client authentication for this version of JSSE.  The
 * JSSE included in Java 1.4 supports the 'want' value.  Prior
 * versions of JSSE will treat 'want' as 'false'.
 * @param socket the SSLServerSocket
 */
protected void configureClientAuth(SSLServerSocket socket){
    if (wantClientAuth){
        socket.setWantClientAuth(wantClientAuth);
    } else {
        socket.setNeedClientAuth(requireClientAuth);
    }
}
 
Example 8
Source File: JmxRemoteLifecycleListener.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
@Override
public ServerSocket createServerSocket(int port) throws IOException  {
    SSLServerSocket sslServerSocket =
            (SSLServerSocket) sslServerSocketFactory.createServerSocket(port, 0, bindAddress);
    if (getEnabledCipherSuites() != null) {
        sslServerSocket.setEnabledCipherSuites(getEnabledCipherSuites());
    }
    if (getEnabledProtocols() == null) {
        sslServerSocket.setEnabledProtocols(defaultProtocols);
    } else {
        sslServerSocket.setEnabledProtocols(getEnabledProtocols());
    }
    sslServerSocket.setNeedClientAuth(getNeedClientAuth());
    return sslServerSocket;
}
 
Example 9
Source File: SSLUtils.java    From hasting with MIT License 5 votes vote down vote up
private static void postSSLServerSocket(SSLServerSocket sslServerSocket,int sslmode){
       String[] pwdsuits = sslServerSocket.getSupportedCipherSuites();  
        sslServerSocket.setEnabledCipherSuites(pwdsuits);  
        sslServerSocket.setUseClientMode(false);  
        if(sslmode == 2){  
            sslServerSocket.setNeedClientAuth(true);  
        }else{  
            sslServerSocket.setWantClientAuth(true);  
        }
}
 
Example 10
Source File: SSLSocksProxyServer.java    From sockslib with Apache License 2.0 5 votes vote down vote up
public ServerSocket createSSLServer(int port, InetAddress bindAddr) throws Exception {
  SSLServerSocket serverSocket =
      (SSLServerSocket) configuration.getSSLServerSocketFactory().createServerSocket(port, 50, bindAddr);
  if (configuration.isNeedClientAuth()) {
    serverSocket.setNeedClientAuth(true);
  } else {
    serverSocket.setNeedClientAuth(false);
  }
  return serverSocket;
}
 
Example 11
Source File: NetworkServerControlImpl.java    From gemfirexd-oss with Apache License 2.0 5 votes vote down vote up
/**
 * Create the right kind of server socket
 */

private ServerSocket createServerSocket()
	throws IOException
{
	if (hostAddress == null)
		hostAddress = InetAddress.getByName(hostArg);
	// Make a list of valid
	// InetAddresses for NetworkServerControl
	// admin commands.
	buildLocalAddressList(hostAddress);
										
	// Create the right kind of socket
	switch (getSSLMode()) {
	case SSL_OFF:
	default:
		ServerSocketFactory sf =
			ServerSocketFactory.getDefault();
		return sf.createServerSocket(portNumber
									 ,0,
									 hostAddress);
	case SSL_BASIC:
		SSLServerSocketFactory ssf =
			(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
		return (SSLServerSocket)ssf.createServerSocket(portNumber,
													   0,
													   hostAddress);
	case SSL_PEER_AUTHENTICATION:
		SSLServerSocketFactory ssf2 =
			(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
		SSLServerSocket sss2= 
			(SSLServerSocket)ssf2.createServerSocket(portNumber,
													 0,
													 hostAddress);
		sss2.setNeedClientAuth(true);
		return sss2;
	}
}
 
Example 12
Source File: TSSLTransportFactory.java    From galaxy-sdk-java with Apache License 2.0 5 votes vote down vote up
private static TServerSocket createServer(SSLServerSocketFactory factory, int port, int timeout, boolean clientAuth,
                                  InetAddress ifAddress, TSSLTransportParameters params) throws TTransportException {
  try {
    SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(port, 100, ifAddress);
    serverSocket.setSoTimeout(timeout);
    serverSocket.setNeedClientAuth(clientAuth);
    if (params != null && params.cipherSuites != null) {
      serverSocket.setEnabledCipherSuites(params.cipherSuites);
    }
    return new TServerSocket(serverSocket, timeout);
  } catch (Exception e) {
    throw new TTransportException("Could not bind to port " + port, e);
  }
}
 
Example 13
Source File: JSSEServer.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public JSSEServer(SSLContext context, String constraint,
        boolean needClientAuth) throws Exception {
    TLSRestrictions.setConstraint("Server", constraint);

    SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
    server = (SSLServerSocket) serverFactory.createServerSocket(0);
    server.setSoTimeout(TLSRestrictions.TIMEOUT);
    server.setNeedClientAuth(needClientAuth); // for dual authentication
    System.out.println("Server: port=" + getPort());
}
 
Example 14
Source File: JSSEServer.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
public JSSEServer(SSLContext context,
        boolean needClientAuth) throws Exception {
    SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
    server = (SSLServerSocket) serverFactory.createServerSocket(0);
    server.setSoTimeout(TLSRestrictions.TIMEOUT);
    server.setNeedClientAuth(needClientAuth); // for dual authentication
    System.out.println("Server: port=" + getPort());
}
 
Example 15
Source File: JSSEServer.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
public JSSEServer(SSLContext context,
        boolean needClientAuth) throws Exception {
    SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
    server = (SSLServerSocket) serverFactory.createServerSocket(0);
    server.setSoTimeout(TLSRestrictions.TIMEOUT);
    server.setNeedClientAuth(needClientAuth); // for dual authentication
    System.out.println("Server: port=" + getPort());
}
 
Example 16
Source File: JSSEServer.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
public JSSEServer(SSLContext context,
        boolean needClientAuth) throws Exception {
    SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
    server = (SSLServerSocket) serverFactory.createServerSocket(0);
    server.setSoTimeout(TLSRestrictions.TIMEOUT);
    server.setNeedClientAuth(needClientAuth); // for dual authentication
    System.out.println("Server: port=" + getPort());
}
 
Example 17
Source File: JSSEServer.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
public JSSEServer(SSLContext context,
        boolean needClientAuth) throws Exception {
    SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
    server = (SSLServerSocket) serverFactory.createServerSocket(0);
    server.setSoTimeout(TLSRestrictions.TIMEOUT);
    server.setNeedClientAuth(needClientAuth); // for dual authentication
    System.out.println("Server: port=" + getPort());
}
 
Example 18
Source File: NetworkServerControlImpl.java    From gemfirexd-oss with Apache License 2.0 5 votes vote down vote up
/**
 * Create the right kind of server socket
 */

private ServerSocket createServerSocket()
	throws IOException
{
	if (hostAddress == null)
		hostAddress = InetAddress.getByName(hostArg);
	// Make a list of valid
	// InetAddresses for NetworkServerControl
	// admin commands.
	buildLocalAddressList(hostAddress);
										
	// Create the right kind of socket
	switch (getSSLMode()) {
	case SSL_OFF:
	default:
		ServerSocketFactory sf =
			ServerSocketFactory.getDefault();
		return sf.createServerSocket(portNumber
									 ,0,
									 hostAddress);
	case SSL_BASIC:
		SSLServerSocketFactory ssf =
			(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
		return (SSLServerSocket)ssf.createServerSocket(portNumber,
													   0,
													   hostAddress);
	case SSL_PEER_AUTHENTICATION:
		SSLServerSocketFactory ssf2 =
			(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
		SSLServerSocket sss2= 
			(SSLServerSocket)ssf2.createServerSocket(portNumber,
													 0,
													 hostAddress);
		sss2.setNeedClientAuth(true);
		return sss2;
	}
}
 
Example 19
Source File: ConnectorServerFactory.java    From activemq-artemis with Apache License 2.0 4 votes vote down vote up
@Override
public ServerSocket createServerSocket(int port) throws IOException {
   SSLServerSocket ss = (SSLServerSocket) sssf.createServerSocket(port, 50, InetAddress.getByName(rmiServerHost));
   ss.setNeedClientAuth(clientAuth);
   return ss;
}
 
Example 20
Source File: ServerSocketRunner.java    From davmail with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] argv) throws NoSuchAlgorithmException, KeyManagementException, IOException, KeyStoreException, CertificateException, UnrecoverableKeyException {
    // SSL debug levels
    //System.setProperty("javax.net.debug", "ssl,handshake");
    System.setProperty("javax.net.debug", "all");

    // local truststore
    System.setProperty("javax.net.ssl.trustStore", "cacerts");
    System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
    System.setProperty("javax.net.ssl.trustStoreType", "JKS");

    // access windows client certificates
    //System.setProperty("javax.net.ssl.trustStoreProvider", "SunMSCAPI");
    //System.setProperty("javax.net.ssl.trustStoreType", "Windows-ROOT");

    // load default trustmanager factory
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    System.out.println(trustManagerFactory.getProvider());

    // load server keystore
    KeyStore keystore = KeyStore.getInstance("PKCS12");
    try(FileInputStream keyStoreInputStream = new FileInputStream("davmail.p12")) {
        keystore.load(keyStoreInputStream, "password".toCharArray());
    }

    // KeyManagerFactory to create key managers
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

    // initialize KMF to work with keystore
    kmf.init(keystore, "password".toCharArray());

    // SSLContext is environment for implementing JSSE...
    // create ServerSocketFactory
    SSLContext sslContext = SSLContext.getInstance("TLS");

    // initialize sslContext to work with key managers and default trust manager
    sslContext.init(kmf.getKeyManagers(), null, null);

    // create ServerSocketFactory from sslContext
    ServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();
    SSLServerSocket serverSocket = (SSLServerSocket) serverSocketFactory.createServerSocket(443);
    serverSocket.setNeedClientAuth(true);
    int count = 100;
    while (count-- > 0) {
        SSLSocket socket = (SSLSocket) serverSocket.accept();
        SSLSession session = socket.getSession();
        System.out.println("SubjectDN " + ((X509Certificate) session.getPeerCertificates()[0]).getSubjectDN());
    }
}