public static void main(String[] args) throws Exception { // reserve the security properties String reservedSSFacProvider = Security.getProperty("ssl.ServerSocketFactory.provider"); try { Security.setProperty("ssl.ServerSocketFactory.provider", "oops"); ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault(); SSLServerSocket sslServerSocket = (SSLServerSocket)ssocketFactory.createServerSocket(); } catch (Exception e) { if (!(e.getCause() instanceof ClassNotFoundException)) { throw e; } // get the expected exception } finally { // restore the security properties if (reservedSSFacProvider == null) { reservedSSFacProvider = ""; } Security.setProperty("ssl.ServerSocketFactory.provider", reservedSSFacProvider); } }
private static TServerSocket createServerTransport(boolean secure) throws TTransportException { if (!secure) { return new TServerSocket(0); } try { SSLContext serverSslContext = ClientTestUtils.getServerSslContext(); SSLServerSocket serverSocket = (SSLServerSocket) serverSslContext.getServerSocketFactory().createServerSocket(0); return new TServerSocket(serverSocket); } catch (Exception e) { throw new TTransportException("Error initializing secure socket", e); } }
private TServerTransport getSSLServerTransport() { try { TServerTransport transport; TSSLTransportFactory.TSSLTransportParameters params = new TSSLTransportFactory.TSSLTransportParameters(); params.setKeyStore(keystore, keystorePassword, getkeyManagerAlgorithm(), keystoreType); transport = TSSLTransportFactory.getServerSocket( port, 120000, InetAddress.getByName(bindAddress), params); ServerSocket serverSock = ((TServerSocket) transport).getServerSocket(); if (serverSock instanceof SSLServerSocket) { SSLServerSocket sslServerSock = (SSLServerSocket) serverSock; List<String> enabledProtocols = new ArrayList<String>(); for (String protocol : sslServerSock.getEnabledProtocols()) { if (!excludeProtocols.contains(protocol)) { enabledProtocols.add(protocol); } } sslServerSock.setEnabledProtocols(enabledProtocols.toArray(new String[0])); } return transport; } catch (Throwable throwable) { throw new FlumeException("Cannot start Thrift source.", throwable); } }
/** * Configures the given SSL server socket with the requested cipher suites, * protocol versions, and need for client authentication */ private void initServerSocket(ServerSocket ssocket) { SSLServerSocket socket = (SSLServerSocket) ssocket; if (enabledCiphers != null) { socket.setEnabledCipherSuites(enabledCiphers); } String requestedProtocols = (String) attributes.get("protocols"); setEnabledProtocols(socket, getEnabledProtocols(socket, requestedProtocols)); // we don't know if client auth is needed - // after parsing the request we may re-handshake configureClientAuth(socket); }
/** * Configure the SSLServerSocket based on this SocketCreator's settings. */ private void finishServerSocket(SSLServerSocket serverSocket) throws IOException { serverSocket.setUseClientMode(false); if (this.sslConfig.isRequireAuth()) { // serverSocket.setWantClientAuth( true ); serverSocket.setNeedClientAuth(true); } serverSocket.setEnableSessionCreation(true); // restrict protocols String[] protocols = this.sslConfig.getProtocolsAsStringArray(); if (!"any".equalsIgnoreCase(protocols[0])) { serverSocket.setEnabledProtocols(protocols); } // restrict ciphers String[] ciphers = this.sslConfig.getCiphersAsStringArray(); if (!"any".equalsIgnoreCase(ciphers[0])) { serverSocket.setEnabledCipherSuites(ciphers); } }
/** * Create a server socket listening on the given port. * * @param port The target listening port. * @param backlog The desired backlog value. * * @return An appropriate server socket for this connection. * @exception IOException * @exception ConnectException */ public ServerSocket createServerSocket(int port, int backlog) throws IOException { try { // if no protection is required, just create a plain socket. if ((NoProtection.value & requires) == NoProtection.value) { if (log.isDebugEnabled()) log.debug("Created plain server socket for port " + port); return new ServerSocket(port, backlog); } else { // SSL is required. Create one from the SSLServerFactory retrieved from the config. This will // require additional QOS configuration after creation. SSLServerSocket serverSocket = (SSLServerSocket)getServerSocketFactory().createServerSocket(port, backlog); configureServerSocket(serverSocket); return serverSocket; } } catch (IOException ex) { log.error("Exception creating a server socket for port " + port, ex); throw ex; } }
/** * Create a server socket for this connection. * * @param port The target listener port. * @param backlog The requested backlog value for the connection. * @param address The host address information we're publishing under. * * @return An appropriately configured ServerSocket for this * connection. * @exception IOException * @exception ConnectException */ public ServerSocket createServerSocket(int port, int backlog, InetAddress address) throws IOException { try { // if no protection is required, just create a plain socket. if ((NoProtection.value & requires) == NoProtection.value) { if (log.isDebugEnabled()) log.debug("Created plain server socket for port " + port); return new ServerSocket(port, backlog, address); } else { // SSL is required. Create one from the SSLServerFactory retrieved from the config. This will // require additional QOS configuration after creation. SSLServerSocket serverSocket = (SSLServerSocket)getServerSocketFactory().createServerSocket(port, backlog, address); configureServerSocket(serverSocket); return serverSocket; } } catch (IOException ex) { log.error("Exception creating a client socket to " + address.getHostName() + ":" + port, ex); throw ex; } }
/** * Set the server socket configuration to our required * QOS values. * * A small experiment shows that setting either (want, need) parameter to either true or false sets the * other parameter to false. * * @param serverSocket * The newly created SSLServerSocket. * * @throws IOException if server socket can't be configured */ private void configureServerSocket(SSLServerSocket serverSocket) throws IOException { // set the authentication value and cipher suite info. serverSocket.setEnabledCipherSuites(cipherSuites); if (clientAuthRequired) { serverSocket.setNeedClientAuth(true); } else if (clientAuthSupported) { serverSocket.setWantClientAuth(true); } else { serverSocket.setNeedClientAuth(false); //could set want with the same effect } serverSocket.setSoTimeout(SOCKET_TIMEOUT_MS); if (log.isDebugEnabled()) { log.debug("Created SSL server socket on port " + serverSocket.getLocalPort()); log.debug(" client authentication " + (clientAuthSupported ? "SUPPORTED" : "UNSUPPORTED")); log.debug(" client authentication " + (clientAuthRequired ? "REQUIRED" : "OPTIONAL")); log.debug(" cipher suites:"); for (int i = 0; i < cipherSuites.length; i++) { log.debug(" " + cipherSuites[i]); } } }
public static void printInfo(SSLServerSocket socket) { System.out.println(); System.out.println("--- SSL ServerSocket Info ---"); System.out.print("SupportedProtocols : "); printStringArray(socket.getSupportedProtocols()); System.out.print("SupportedCipherSuites : "); printStringArray(socket.getSupportedCipherSuites()); System.out.print("EnabledProtocols : "); printStringArray(socket.getEnabledProtocols()); System.out.print("EnabledCipherSuites : "); String[] supportedCipherSuites = socket.getEnabledCipherSuites(); Arrays.sort(supportedCipherSuites); printStringArray(supportedCipherSuites); System.out.println("NeedClientAuth : " + socket.getNeedClientAuth()); System.out.println("WantClientAuth : " + socket.getWantClientAuth()); System.out.println("-----------------------"); }
JSSEServer(CipherTestUtils cipherTest, int serverPort, String protocol, String cipherSuite) throws Exception { super(cipherTest); this.serverPort = serverPort; SSLContext serverContext = SSLContext.getInstance("TLS"); serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()}, new TrustManager[]{cipherTest.getServerTrustManager()}, CipherTestUtils.secureRandom); SSLServerSocketFactory factory = (SSLServerSocketFactory)serverContext.getServerSocketFactory(); serverSocket = (SSLServerSocket) factory.createServerSocket(serverPort); serverSocket.setEnabledProtocols(protocol.split(",")); serverSocket.setEnabledCipherSuites(cipherSuite.split(",")); CipherTestUtils.printInfo(serverSocket); }
public void start() throws IOException { if (this.status.compareAndSet(Status.READY, Status.ACTIVE)) { this.serverSocket = this.serverSocketFactory.createServerSocket( this.port, this.socketConfig.getBacklogSize(), this.ifAddress); this.serverSocket.setReuseAddress(this.socketConfig.isSoReuseAddress()); if (this.socketConfig.getRcvBufSize() > 0) { this.serverSocket.setReceiveBufferSize(this.socketConfig.getRcvBufSize()); } if (this.sslSetupHandler != null && this.serverSocket instanceof SSLServerSocket) { this.sslSetupHandler.initialize((SSLServerSocket) this.serverSocket); } this.requestListener = new RequestListener( this.socketConfig, this.serverSocket, this.httpService, this.connectionFactory, this.exceptionLogger, this.workerExecutorService); this.listenerExecutorService.execute(this.requestListener); } }
final ServerSocket initSecure(int port) throws Exception { ServerSocketFactory fac; if (sslContext != null) { fac = sslContext.getServerSocketFactory(); } else { fac = SSLServerSocketFactory.getDefault(); } SSLServerSocket se = (SSLServerSocket) fac.createServerSocket(port); SSLParameters sslp = se.getSSLParameters(); sslp.setApplicationProtocols(new String[]{"h2"}); se.setSSLParameters(sslp); se.setEnabledCipherSuites(se.getSupportedCipherSuites()); se.setEnabledProtocols(se.getSupportedProtocols()); // other initialisation here return se; }
void doServerSide() throws Exception { SSLServerSocketFactory sslssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort); serverPort = sslServerSocket.getLocalPort(); /* * Signal Client, we're ready for his connect. */ serverReady = true; while (serverReady) { SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); // System.out.printf(" accept: %s%n", sslSocket); InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); sslIS.read(); sslOS.write(85); sslOS.flush(); sslSocket.close(); } }
void doServerSide() throws Exception { SSLServerSocketFactory sslssf = getSSLServerSF(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort); // require client authentication. sslServerSocket.setNeedClientAuth(true); serverPort = sslServerSocket.getLocalPort(); /* * Signal Client, we're ready for his connect. */ serverReady = true; SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); sslIS.read(); sslOS.write('A'); sslOS.flush(); sslSocket.close(); }
void doServerSide() throws Exception { SSLServerSocketFactory sslssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort); serverPort = sslServerSocket.getLocalPort(); /* * Signal Client, we're ready for his connect. */ serverReady = true; SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); sslIS.read(); sslOS.write('A'); sslOS.flush(); sslSocket.close(); }
JSSEServer(CipherTestUtils cipherTest, int serverPort, String protocol, String cipherSuite) throws Exception { super(cipherTest); SSLContext serverContext = SSLContext.getInstance("TLS"); serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()}, new TrustManager[]{cipherTest.getServerTrustManager()}, CipherTestUtils.secureRandom); SSLServerSocketFactory factory = (SSLServerSocketFactory)serverContext.getServerSocketFactory(); serverSocket = (SSLServerSocket) factory.createServerSocket(serverPort); serverSocket.setEnabledProtocols(protocol.split(",")); serverSocket.setEnabledCipherSuites(cipherSuite.split(",")); CipherTestUtils.printInfo(serverSocket); }
public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException { SSLServerSocketFactory factory = sslContext.getServerSocketFactory(); SSLServerSocket socket = (SSLServerSocket) (host==null ? factory.createServerSocket(port, backlog): factory.createServerSocket(port, backlog, InetAddress.getByName(host))); if (sslConfig.getWantClientAuth()) socket.setWantClientAuth(sslConfig.getWantClientAuth()); if (sslConfig.getNeedClientAuth()) socket.setNeedClientAuth(sslConfig.getNeedClientAuth()); socket.setEnabledCipherSuites(selectCipherSuites(socket.getEnabledCipherSuites(), socket.getSupportedCipherSuites())); socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols())); return socket; }
/** * Starts this test server. */ public void start() throws Exception { Asserts.check(servicedSocket == null, "Already running"); final ServerSocket ssock; if (sslcontext != null) { final SSLServerSocketFactory sf = sslcontext.getServerSocketFactory(); final SSLServerSocket sslsock = (SSLServerSocket) sf.createServerSocket(); if (forceSSLAuth) { sslsock.setNeedClientAuth(true); } else { sslsock.setWantClientAuth(true); } ssock = sslsock; } else { ssock = new ServerSocket(); } ssock.setReuseAddress(true); // probably pointless for port '0' ssock.bind(TEST_SERVER_ADDR); servicedSocket = ssock; listenerThread = new ListenerThread(); listenerThread.setDaemon(false); listenerThread.start(); }
private static GfxdTSSLServerSocket createServer( SSLServerSocketFactory factory, InetSocketAddress bindAddress, SocketParameters params) throws TTransportException { try { SSLServerSocket serverSocket = (SSLServerSocket)factory .createServerSocket(bindAddress.getPort(), 100, bindAddress.getAddress()); if (params != null) { if (params.getSSLEnabledProtocols() != null) { serverSocket.setEnabledProtocols(params.getSSLEnabledProtocols()); } if (params.getSSLCipherSuites() != null) { serverSocket.setEnabledCipherSuites(params.getSSLCipherSuites()); } serverSocket.setNeedClientAuth(params.getSSLClientAuth()); } return new GfxdTSSLServerSocket(serverSocket, bindAddress, params); } catch (Exception e) { throw new TTransportException(TTransportException.NOT_OPEN, "Could not bind to host:port " + bindAddress.toString(), e); } }
/** * Asserts that {@link SSLServerSocketFactory}'s configuration matches {@code SSLContext}'s * configuration, and that {@link SSLServerSocket} instances obtained from the factory match * this * configuration as well. */ private static void assertSSLServerSocketFactoryConfigSameAsSSLContext( SSLServerSocketFactory sslServerSocketFactory, SSLContext sslContext) throws IOException { assertCipherSuitesEqual(sslContext.getDefaultSSLParameters().getCipherSuites(), sslServerSocketFactory.getDefaultCipherSuites()); assertCipherSuitesEqual(sslContext.getSupportedSSLParameters().getCipherSuites(), sslServerSocketFactory.getSupportedCipherSuites()); SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketFactory.createServerSocket(); try { assertFalse(sslServerSocket.getUseClientMode()); assertTrue(sslServerSocket.getEnableSessionCreation()); assertSSLServerSocketConfigSameAsSSLContext(sslServerSocket, sslContext); } finally { sslServerSocket.close(); } }
/** * Asserts that {@link SSLServerSocket}'s configuration matches {@code SSLContext's} * configuration. */ private static void assertSSLServerSocketConfigSameAsSSLContext( SSLServerSocket sslServerSocket, SSLContext sslContext) { assertCipherSuitesEqual(sslServerSocket.getEnabledCipherSuites(), sslContext.getDefaultSSLParameters().getCipherSuites()); assertProtocolsEqual(sslServerSocket.getEnabledProtocols(), sslContext.getDefaultSSLParameters().getProtocols()); assertCipherSuitesEqual(sslServerSocket.getSupportedCipherSuites(), sslContext.getSupportedSSLParameters().getCipherSuites()); assertProtocolsEqual(sslServerSocket.getSupportedProtocols(), sslContext.getSupportedSSLParameters().getProtocols()); assertEquals(sslServerSocket.getNeedClientAuth(), sslContext.getDefaultSSLParameters().getNeedClientAuth()); assertEquals(sslServerSocket.getWantClientAuth(), sslContext.getDefaultSSLParameters().getWantClientAuth()); }
private TestSSLContext(KeyStore clientKeyStore, char[] clientStorePassword, KeyStore serverKeyStore, char[] serverStorePassword, KeyManager[] clientKeyManagers, KeyManager[] serverKeyManagers, X509TrustManager clientTrustManager, X509TrustManager serverTrustManager, SSLContext clientContext, SSLContext serverContext, SSLServerSocket serverSocket, InetAddress host, int port) { this.clientKeyStore = clientKeyStore; this.clientStorePassword = clientStorePassword; this.serverKeyStore = serverKeyStore; this.serverStorePassword = serverStorePassword; this.clientKeyManagers = clientKeyManagers; this.serverKeyManagers = serverKeyManagers; this.clientTrustManager = clientTrustManager; this.serverTrustManager = serverTrustManager; this.clientContext = clientContext; this.serverContext = serverContext; this.serverSocket = serverSocket; this.host = host; this.port = port; }
@Test public void test_SSLContext_init_correctProtocolVersionsEnabled() throws Exception { for (String tlsVersion : StandardNames.SSL_CONTEXT_PROTOCOLS) { // Don't test the "Default" instance. if (StandardNames.SSL_CONTEXT_PROTOCOLS_DEFAULT.equals(tlsVersion)) { continue; } SSLContext context = SSLContext.getInstance(tlsVersion); context.init(null, null, null); StandardNames.assertSSLContextEnabledProtocols( tlsVersion, ((SSLSocket) (context.getSocketFactory().createSocket())) .getEnabledProtocols()); StandardNames.assertSSLContextEnabledProtocols(tlsVersion, ((SSLServerSocket) (context.getServerSocketFactory().createServerSocket())) .getEnabledProtocols()); StandardNames.assertSSLContextEnabledProtocols( tlsVersion, context.getDefaultSSLParameters().getProtocols()); StandardNames.assertSSLContextEnabledProtocols( tlsVersion, context.createSSLEngine().getEnabledProtocols()); } }
/** * Initializes the SSL server socket. Configures the certificate request * (need or want) and the enabled cipher suites. * * @param sslServerSocket * The server socket to initialize. * @return The initialized server socket. */ protected SSLServerSocket initSslServerSocket( SSLServerSocket sslServerSocket) { if (getContextFactory().isNeedClientAuthentication()) { sslServerSocket.setNeedClientAuth(true); } else if (getContextFactory().isWantClientAuthentication()) { sslServerSocket.setWantClientAuth(true); } if ((getContextFactory().getEnabledCipherSuites() != null) || (getContextFactory().getDisabledCipherSuites() != null)) { sslServerSocket.setEnabledCipherSuites(getContextFactory() .getSelectedCipherSuites( sslServerSocket.getSupportedCipherSuites())); } if ((getContextFactory().getEnabledProtocols() != null) || (getContextFactory().getDisabledProtocols() != null)) { sslServerSocket.setEnabledProtocols(getContextFactory() .getSelectedSslProtocols( sslServerSocket.getSupportedProtocols())); } return sslServerSocket; }
BlockingServletEngine(FilterChain dispatcher, ServletEngineConfiguration config) throws InterruptedException, IOException { this.config = config; if (config.isSecure()) { SSLServerSocketFactory factory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault(); SSLServerSocket sslServerSocket = (SSLServerSocket)factory.createServerSocket(config.getPort()); sslServerSocket.setEnabledCipherSuites(config.getEnabledCipherSuites()); serverSocket = sslServerSocket; } else { serverSocket = new ServerSocket(config.getPort()); } int nthreads = config.getMaxThreads(); queue = new DispatchQueueImpl(nthreads); handler = new HttpRequestHandlerAdapter(dispatcher); socketHandler = new HttpSocketHandler(handler); for (int i = 0; i < nthreads; ++i) { queue.addRunnable(new AcceptSocketAndHandleRequest(socketHandler, serverSocket)); } }
/** * Sets SSl version and cipher suites for SSLServerSocket. * @param socket * Socket to be handled * @param config * The application configuration */ public static void setSSLVerAndCipherSuites(ServerSocket socket, Configuration config) { if (socket instanceof SSLServerSocket) { final String[] protocols = config.getString(SecurityOptions.SSL_PROTOCOL).split(","); final String[] cipherSuites = config.getString(SecurityOptions.SSL_ALGORITHMS).split(","); if (LOG.isDebugEnabled()) { LOG.debug("Configuring TLS version and cipher suites on SSL socket {} / {}", Arrays.toString(protocols), Arrays.toString(cipherSuites)); } ((SSLServerSocket) socket).setEnabledProtocols(protocols); ((SSLServerSocket) socket).setEnabledCipherSuites(cipherSuites); } }
/** * Returns the list of configurers to apply to an {@link SSLServerSocketFactory} in order * to fully configure it in compliance with the provided configuration options. * The configurers are to be applied in the order in which they appear in the list. * <p/> * It is preferred to use {@link #getSSLServerSocketFactorySSLServerSocketConfigurers(SSLContext)} instead * of this method as {@code SSLServerSocketFactory} does not contain any configuration options that * are non-proprietary. * * @param context the context that serves as the factory for {@code SSLServerSocketFactory} instances * * @return the needed configurers * * @see #getSSLServerSocketFactorySSLServerSocketConfigurers(SSLContext) */ protected List<Configurer<SSLServerSocketFactory>> getSSLServerSocketFactoryConfigurers(SSLContext context) { final List<Configurer<SSLServerSocket>> sslServerSocketConfigurers = this.getSSLServerSocketFactorySSLServerSocketConfigurers(context); Configurer<SSLServerSocketFactory> sslServerSocketFactoryConfigurer = new Configurer<SSLServerSocketFactory>() { @Override public SSLServerSocketFactory configure(SSLServerSocketFactory factory) { return new SSLServerSocketFactoryDecorator( factory, sslServerSocketConfigurers); } }; List<Configurer<SSLServerSocketFactory>> sslServerSocketFactoryConfigurers = new LinkedList<Configurer<SSLServerSocketFactory>>(); sslServerSocketFactoryConfigurers.add(sslServerSocketFactoryConfigurer); return sslServerSocketFactoryConfigurers; }
public void testDefaultSecureSocketProtocol() throws Exception { SSLContextParameters scp = new SSLContextParameters(); SSLContext context = scp.createSSLContext(); assertEquals("TLS", context.getProtocol()); SSLEngine engine = context.createSSLEngine(); SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket(); SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); // default disable the SSL* protocols assertStartsWith(engine.getEnabledProtocols(), "TLS"); assertStartsWith(socket.getEnabledProtocols(), "TLS"); assertStartsWith(serverSocket.getEnabledProtocols(), "TLS"); }
