Java Code Examples for javax.net.ssl.SSLServerSocket#setEnabledCipherSuites()

The following examples show how to use javax.net.ssl.SSLServerSocket#setEnabledCipherSuites() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: JSSEServer.java    From jdk8u_jdk with GNU General Public License v2.0 6 votes vote down vote up
JSSEServer(CipherTestUtils cipherTest, int serverPort,
        String protocol, String cipherSuite) throws Exception {
    super(cipherTest);
    this.serverPort = serverPort;
    SSLContext serverContext = SSLContext.getInstance("TLS");
    serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
            new TrustManager[]{cipherTest.getServerTrustManager()},
            CipherTestUtils.secureRandom);
    SSLServerSocketFactory factory =
            (SSLServerSocketFactory)serverContext.getServerSocketFactory();
    serverSocket =
            (SSLServerSocket) factory.createServerSocket(serverPort);
    serverSocket.setEnabledProtocols(protocol.split(","));
    serverSocket.setEnabledCipherSuites(cipherSuite.split(","));

    CipherTestUtils.printInfo(serverSocket);
}
 
Example 2
Source File: SocketFactory.java    From dacapobench with Apache License 2.0 6 votes vote down vote up
/**
 * Set the server socket configuration to our required
 * QOS values.
 *
 * A small experiment shows that setting either (want, need) parameter to either true or false sets the
 * other parameter to false.
 *
 * @param serverSocket
 *               The newly created SSLServerSocket.
 *
 * @throws IOException if server socket can't be configured
 */
private void configureServerSocket(SSLServerSocket serverSocket) throws IOException {
    // set the authentication value and cipher suite info.
    serverSocket.setEnabledCipherSuites(cipherSuites);
    if (clientAuthRequired) {
        serverSocket.setNeedClientAuth(true);
    } else if (clientAuthSupported) {
        serverSocket.setWantClientAuth(true);
    } else {
        serverSocket.setNeedClientAuth(false); //could set want with the same effect
    }
    serverSocket.setSoTimeout(SOCKET_TIMEOUT_MS);

    if (log.isDebugEnabled()) {
        log.debug("Created SSL server socket on port " + serverSocket.getLocalPort());
        log.debug("    client authentication " + (clientAuthSupported ? "SUPPORTED" : "UNSUPPORTED"));
        log.debug("    client authentication " + (clientAuthRequired ? "REQUIRED" : "OPTIONAL"));
        log.debug("    cipher suites:");

        for (int i = 0; i < cipherSuites.length; i++) {
            log.debug("    " + cipherSuites[i]);
        }
    }
}
 
Example 3
Source File: Http2TestServer.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
final ServerSocket initSecure(int port) throws Exception {
    ServerSocketFactory fac;
    if (sslContext != null) {
        fac = sslContext.getServerSocketFactory();
    } else {
        fac = SSLServerSocketFactory.getDefault();
    }
    SSLServerSocket se = (SSLServerSocket) fac.createServerSocket(port);
    SSLParameters sslp = se.getSSLParameters();
    sslp.setApplicationProtocols(new String[]{"h2"});
    se.setSSLParameters(sslp);
    se.setEnabledCipherSuites(se.getSupportedCipherSuites());
    se.setEnabledProtocols(se.getSupportedProtocols());
    // other initialisation here
    return se;
}
 
Example 4
Source File: JSSEServer.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
JSSEServer(CipherTestUtils cipherTest, int serverPort,
        String protocol, String cipherSuite) throws Exception {
    super(cipherTest);
    this.serverPort = serverPort;
    SSLContext serverContext = SSLContext.getInstance("TLS");
    serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
            new TrustManager[]{cipherTest.getServerTrustManager()},
            CipherTestUtils.secureRandom);
    SSLServerSocketFactory factory =
            (SSLServerSocketFactory)serverContext.getServerSocketFactory();
    serverSocket =
            (SSLServerSocket) factory.createServerSocket(serverPort);
    serverSocket.setEnabledProtocols(protocol.split(","));
    serverSocket.setEnabledCipherSuites(cipherSuite.split(","));

    CipherTestUtils.printInfo(serverSocket);
}
 
Example 5
Source File: JSSEServer.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
JSSEServer(CipherTestUtils cipherTest, int serverPort,
        String protocol, String cipherSuite) throws Exception {
    super(cipherTest);
    this.serverPort = serverPort;
    SSLContext serverContext = SSLContext.getInstance("TLS");
    serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
            new TrustManager[]{cipherTest.getServerTrustManager()},
            CipherTestUtils.secureRandom);
    SSLServerSocketFactory factory =
            (SSLServerSocketFactory)serverContext.getServerSocketFactory();
    serverSocket =
            (SSLServerSocket) factory.createServerSocket(serverPort);
    serverSocket.setEnabledProtocols(protocol.split(","));
    serverSocket.setEnabledCipherSuites(cipherSuite.split(","));

    CipherTestUtils.printInfo(serverSocket);
}
 
Example 6
Source File: SslContextFactory.java    From cloudhopper-commons with Apache License 2.0 6 votes vote down vote up
public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException {
    SSLServerSocketFactory factory = sslContext.getServerSocketFactory();

    SSLServerSocket socket = 
        (SSLServerSocket) (host==null ?
      factory.createServerSocket(port, backlog):
      factory.createServerSocket(port, backlog, InetAddress.getByName(host)));

    if (sslConfig.getWantClientAuth())
        socket.setWantClientAuth(sslConfig.getWantClientAuth());
    if (sslConfig.getNeedClientAuth())
        socket.setNeedClientAuth(sslConfig.getNeedClientAuth());

    socket.setEnabledCipherSuites(selectCipherSuites(socket.getEnabledCipherSuites(),
			 socket.getSupportedCipherSuites()));
    socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));
	
    return socket;
}
 
Example 7
Source File: JSSEServer.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
JSSEServer(CipherTestUtils cipherTest, int serverPort,
        String protocol, String cipherSuite) throws Exception {
    super(cipherTest);
    SSLContext serverContext = SSLContext.getInstance("TLS");
    serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
            new TrustManager[]{cipherTest.getServerTrustManager()},
            CipherTestUtils.secureRandom);
    SSLServerSocketFactory factory =
            (SSLServerSocketFactory)serverContext.getServerSocketFactory();
    serverSocket =
            (SSLServerSocket) factory.createServerSocket(serverPort);
    serverSocket.setEnabledProtocols(protocol.split(","));
    serverSocket.setEnabledCipherSuites(cipherSuite.split(","));

    CipherTestUtils.printInfo(serverSocket);
}
 
Example 8
Source File: DisabledAlgorithms.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
static SSLServer init(String[] ciphersuites)
        throws IOException {
    SSLServerSocketFactory ssf = (SSLServerSocketFactory)
            SSLServerSocketFactory.getDefault();
    SSLServerSocket ssocket = (SSLServerSocket)
            ssf.createServerSocket(0);

    if (ciphersuites != null) {
        System.out.println("Server: enable cipher suites: "
                + java.util.Arrays.toString(ciphersuites));
        ssocket.setEnabledCipherSuites(ciphersuites);
    }

    return new SSLServer(ssocket);
}
 
Example 9
Source File: UnboundSSLUtils.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
static SSLEchoServer init(String cipherSuiteFilter,
        String sniPattern) throws NoSuchAlgorithmException, IOException {
    SSLContext context = SSLContext.getDefault();
    SSLServerSocketFactory ssf =
            (SSLServerSocketFactory) context.getServerSocketFactory();
    SSLServerSocket ssocket =
            (SSLServerSocket) ssf.createServerSocket(0);

    // specify enabled cipher suites
    if (cipherSuiteFilter != null) {
        String[] ciphersuites = UnboundSSLUtils.filterStringArray(
                ssf.getSupportedCipherSuites(), cipherSuiteFilter);
        System.out.println("Server: enabled cipher suites: "
                + Arrays.toString(ciphersuites));
        ssocket.setEnabledCipherSuites(ciphersuites);
    }

    // specify SNI matcher pattern
    if (sniPattern != null) {
        System.out.println("Server: set SNI matcher: " + sniPattern);
        SNIMatcher matcher = SNIHostName.createSNIMatcher(sniPattern);
        List<SNIMatcher> matchers = new ArrayList<>();
        matchers.add(matcher);
        SSLParameters params = ssocket.getSSLParameters();
        params.setSNIMatchers(matchers);
        ssocket.setSSLParameters(params);
    }

    return new SSLEchoServer(ssocket);
}
 
Example 10
Source File: JSSESocketFactory.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
/**
 * Configures the given SSL server socket with the requested cipher suites,
 * protocol versions, and need for client authentication
 */
private void initServerSocket(ServerSocket ssocket) {

    SSLServerSocket socket = (SSLServerSocket) ssocket;

    socket.setEnabledCipherSuites(enabledCiphers);
    socket.setEnabledProtocols(enabledProtocols);
    
    // we don't know if client auth is needed -
    // after parsing the request we may re-handshake
    configureClientAuth(socket);
    configureUseServerCipherSuitesOrder(socket);
}
 
Example 11
Source File: JmxRemoteLifecycleListener.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
@Override
public ServerSocket createServerSocket(int port) throws IOException  {
    SSLServerSocket sslServerSocket =
            (SSLServerSocket) sslServerSocketFactory.createServerSocket(port, 0, bindAddress);
    if (getEnabledCipherSuites() != null) {
        sslServerSocket.setEnabledCipherSuites(getEnabledCipherSuites());
    }
    if (getEnabledProtocols() == null) {
        sslServerSocket.setEnabledProtocols(defaultProtocols);
    } else {
        sslServerSocket.setEnabledProtocols(getEnabledProtocols());
    }
    sslServerSocket.setNeedClientAuth(getNeedClientAuth());
    return sslServerSocket;
}
 
Example 12
Source File: DisabledAlgorithms.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
static SSLServer init(String[] ciphersuites)
        throws IOException {
    SSLServerSocketFactory ssf = (SSLServerSocketFactory)
            SSLServerSocketFactory.getDefault();
    SSLServerSocket ssocket = (SSLServerSocket)
            ssf.createServerSocket(0);

    if (ciphersuites != null) {
        System.out.println("Server: enable cipher suites: "
                + java.util.Arrays.toString(ciphersuites));
        ssocket.setEnabledCipherSuites(ciphersuites);
    }

    return new SSLServer(ssocket);
}
 
Example 13
Source File: DisabledAlgorithms.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
static SSLServer init(String[] ciphersuites)
        throws IOException {
    SSLServerSocketFactory ssf = (SSLServerSocketFactory)
            SSLServerSocketFactory.getDefault();
    SSLServerSocket ssocket = (SSLServerSocket)
            ssf.createServerSocket(0);

    if (ciphersuites != null) {
        System.out.println("Server: enable cipher suites: "
                + java.util.Arrays.toString(ciphersuites));
        ssocket.setEnabledCipherSuites(ciphersuites);
    }

    return new SSLServer(ssocket);
}
 
Example 14
Source File: UnboundSSLUtils.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
static SSLEchoServer init(String cipherSuiteFilter,
        String sniPattern) throws NoSuchAlgorithmException, IOException {
    SSLContext context = SSLContext.getDefault();
    SSLServerSocketFactory ssf =
            (SSLServerSocketFactory) context.getServerSocketFactory();
    SSLServerSocket ssocket =
            (SSLServerSocket) ssf.createServerSocket(0);

    // specify enabled cipher suites
    if (cipherSuiteFilter != null) {
        String[] ciphersuites = UnboundSSLUtils.filterStringArray(
                ssf.getSupportedCipherSuites(), cipherSuiteFilter);
        System.out.println("Server: enabled cipher suites: "
                + Arrays.toString(ciphersuites));
        ssocket.setEnabledCipherSuites(ciphersuites);
    }

    // specify SNI matcher pattern
    if (sniPattern != null) {
        System.out.println("Server: set SNI matcher: " + sniPattern);
        SNIMatcher matcher = SNIHostName.createSNIMatcher(sniPattern);
        List<SNIMatcher> matchers = new ArrayList<>();
        matchers.add(matcher);
        SSLParameters params = ssocket.getSSLParameters();
        params.setSNIMatchers(matchers);
        ssocket.setSSLParameters(params);
    }

    return new SSLEchoServer(ssocket);
}
 
Example 15
Source File: TSSLTransportFactory.java    From incubator-retired-blur with Apache License 2.0 5 votes vote down vote up
private static TServerSocket createServer(SSLServerSocketFactory factory, int port, int timeout, boolean clientAuth,
                                  InetAddress ifAddress, TSSLTransportParameters params) throws TTransportException {
  try {
    SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(port, 100, ifAddress);
    serverSocket.setSoTimeout(timeout);
    serverSocket.setNeedClientAuth(clientAuth);
    if (params != null && params.cipherSuites != null) {
      serverSocket.setEnabledCipherSuites(params.cipherSuites);
    }
    return new TServerSocket(serverSocket, timeout);
  } catch (Exception e) {
    throw new TTransportException("Could not bind to port " + port, e);
  }
}
 
Example 16
Source File: ConsoleProxySecureServerFactoryImpl.java    From cosmic with Apache License 2.0 5 votes vote down vote up
@Override
public SSLServerSocket createSSLServerSocket(final int port) throws IOException {
    try {
        final SSLServerSocketFactory ssf = this.sslContext.getServerSocketFactory();
        final SSLServerSocket srvSock = (SSLServerSocket) ssf.createServerSocket(port);
        srvSock.setEnabledProtocols(SSLUtils.getRecommendedProtocols());
        srvSock.setEnabledCipherSuites(SSLUtils.getRecommendedCiphers());

        s_logger.info("create SSL server socket on port: " + port);
        return srvSock;
    } catch (final Exception ioe) {
        s_logger.error(ioe.toString(), ioe);
    }
    return null;
}
 
Example 17
Source File: DisabledAlgorithms.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
static SSLServer init(String[] ciphersuites)
        throws IOException {
    SSLServerSocketFactory ssf = (SSLServerSocketFactory)
            SSLServerSocketFactory.getDefault();
    SSLServerSocket ssocket = (SSLServerSocket)
            ssf.createServerSocket(0);

    if (ciphersuites != null) {
        System.out.println("Server: enable cipher suites: "
                + java.util.Arrays.toString(ciphersuites));
        ssocket.setEnabledCipherSuites(ciphersuites);
    }

    return new SSLServer(ssocket);
}
 
Example 18
Source File: UnboundSSLUtils.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
static SSLEchoServer init(String cipherSuiteFilter,
        String sniPattern) throws NoSuchAlgorithmException, IOException {
    SSLContext context = SSLContext.getDefault();
    SSLServerSocketFactory ssf =
            (SSLServerSocketFactory) context.getServerSocketFactory();
    SSLServerSocket ssocket =
            (SSLServerSocket) ssf.createServerSocket(0);

    // specify enabled cipher suites
    if (cipherSuiteFilter != null) {
        String[] ciphersuites = UnboundSSLUtils.filterStringArray(
                ssf.getSupportedCipherSuites(), cipherSuiteFilter);
        System.out.println("Server: enabled cipher suites: "
                + Arrays.toString(ciphersuites));
        ssocket.setEnabledCipherSuites(ciphersuites);
    }

    // specify SNI matcher pattern
    if (sniPattern != null) {
        System.out.println("Server: set SNI matcher: " + sniPattern);
        SNIMatcher matcher = SNIHostName.createSNIMatcher(sniPattern);
        List<SNIMatcher> matchers = new ArrayList<>();
        matchers.add(matcher);
        SSLParameters params = ssocket.getSSLParameters();
        params.setSNIMatchers(matchers);
        ssocket.setSSLParameters(params);
    }

    return new SSLEchoServer(ssocket);
}
 
Example 19
Source File: TCPThriftAuthenticationService.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up
public void start() throws TTransportException, UnknownHostException {
    InetAddress inetAddress = InetAddress.getByName(hostName);

    TSSLTransportFactory.TSSLTransportParameters params =
            new TSSLTransportFactory.TSSLTransportParameters();
    params.setKeyStore(keyStore, keyStorePassword);

    TServerSocket serverTransport;

    serverTransport = TSSLTransportFactory.getServerSocket(port, clientTimeout, inetAddress, params);
    SSLServerSocket sslServerSocket = (javax.net.ssl.SSLServerSocket) serverTransport.getServerSocket();

    OMElement sslEnabledProtocolsElement = ThriftAuthenticationConfigParser.getInstance()
            .getConfigElement(ThriftAuthenticationConstants.CONFIG_SSL_ENABLED_PROTOCOLS);
    if (sslEnabledProtocolsElement != null) {
        String sslEnabledProtocols = sslEnabledProtocolsElement.getText();
        if (StringUtils.isNotBlank(sslEnabledProtocols)) {
            String[] sslProtocolsArray = sslEnabledProtocols.split(",");
            sslServerSocket.setEnabledProtocols(sslProtocolsArray);
        }
    }

    OMElement ciphersElement = ThriftAuthenticationConfigParser.getInstance()
            .getConfigElement(ThriftAuthenticationConstants.CONFIG_CIPHERS);
    if (ciphersElement != null) {
        String ciphers = ciphersElement.getText();
        if (StringUtils.isNotBlank(ciphers)) {
            String[] ciphersArray = ciphers.split(",");
            sslServerSocket.setEnabledCipherSuites(ciphersArray);
        }
    }

    AuthenticatorService.Processor<AuthenticatorServiceImpl> processor =
            new AuthenticatorService.Processor<AuthenticatorServiceImpl>(
                    new AuthenticatorServiceImpl(thriftAuthenticatorService));
    authenticationServer = new TThreadPoolServer(
            new TThreadPoolServer.Args(serverTransport).processor(processor));
    Thread thread = new Thread(new ServerRunnable(authenticationServer));
    if (log.isDebugEnabled()) {
        log.debug("Thrift Authentication Service started at ssl://" + hostName + ":" + port);
    }
    thread.start();
}
 
Example 20
Source File: SSLUtils.java    From flink with Apache License 2.0 4 votes vote down vote up
private void configureServerSocket(SSLServerSocket socket) {
	socket.setEnabledProtocols(protocols);
	socket.setEnabledCipherSuites(cipherSuites);
	socket.setNeedClientAuth(true);
}