Java Code Examples for org.apache.tomcat.jni.SSL

The following are top voted examples for showing how to use org.apache.tomcat.jni.SSL. These examples are extracted from open source projects. You can vote up the examples you like and your votes will be used in our system to generate more good examples.
Example 1
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 6 votes vote down vote up
/**
 * Creates a new instance
 *
 * @param sslCtx an OpenSSL {@code SSL_CTX} object
 * @param alloc the {@link ByteBufAllocator} that will be used by this engine
 * @param clientMode {@code true} if this is used for clients, {@code false} otherwise
 * @param sessionContext the {@link OpenSslSessionContext} this {@link SSLEngine} belongs to.
 */
OpenSslEngine(long sslCtx, ByteBufAllocator alloc, String fallbackApplicationProtocol,
              boolean clientMode, OpenSslSessionContext sessionContext, OpenSslEngineMap engineMap) {
    OpenSsl.ensureAvailability();
    if (sslCtx == 0) {
        throw new NullPointerException("sslCtx");
    }

    this.alloc = ObjectUtil.checkNotNull(alloc, "alloc");
    ssl = SSL.newSSL(sslCtx, !clientMode);
    networkBIO = SSL.makeNetworkBIO(ssl);
    this.fallbackApplicationProtocol = fallbackApplicationProtocol;
    this.clientMode = clientMode;
    this.sessionContext = sessionContext;
    this.engineMap = engineMap;
}
 
Example 2
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 6 votes vote down vote up
@Override
public synchronized void closeOutbound() {
    if (isOutboundDone) {
        return;
    }

    isOutboundDone = true;
    engineClosed = true;

    if (accepted != 0 && destroyed == 0) {
        int mode = SSL.getShutdown(ssl);
        if ((mode & SSL.SSL_SENT_SHUTDOWN) != SSL.SSL_SENT_SHUTDOWN) {
            SSL.shutdownSSL(ssl);
        }
    } else {
        // engine closing before initial handshake
        shutdown();
    }
}
 
Example 3
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 6 votes vote down vote up
private void handshake() throws SSLException {
    int code = SSL.doHandshake(ssl);
    if (code <= 0) {
        // Check for OpenSSL errors caused by the handshake
        long error = SSL.getLastErrorNumber();
        if (OpenSsl.isError(error)) {
            String err = SSL.getErrorString(error);
            if (logger.isDebugEnabled()) {
                logger.debug(
                        "SSL_do_handshake failed: OpenSSL error: '" + err + '\'');
            }

            // There was an internal error -- shutdown
            shutdown();
            throw new SSLException(err);
        }
    } else {
        // if SSL_do_handshake returns > 0 it means the handshake was finished. This means we can update
        // handshakeFinished directly and so eliminate uncessary calls to SSL.isInInit(...)
        handshakeFinished = true;
    }
}
 
Example 4
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 6 votes vote down vote up
private void setClientAuth(ClientAuthMode mode) {
    if (clientMode) {
        return;
    }
    synchronized (this) {
        if (clientAuth == mode) {
            // No need to issue any JNI calls if the mode is the same
            return;
        }
        switch (mode) {
            case NONE:
                SSL.setVerify(ssl, SSL.SSL_CVERIFY_NONE, OpenSslContext.VERIFY_DEPTH);
                break;
            case REQUIRE:
                SSL.setVerify(ssl, SSL.SSL_CVERIFY_REQUIRE, OpenSslContext.VERIFY_DEPTH);
                break;
            case OPTIONAL:
                SSL.setVerify(ssl, SSL.SSL_CVERIFY_OPTIONAL, OpenSslContext.VERIFY_DEPTH);
                break;
        }
        clientAuth = mode;
    }
}
 
Example 5
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 6 votes vote down vote up
@Override
public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
    // these are lazy created to reduce memory overhead
    X509Certificate[] c = x509PeerCerts;
    if (c == null) {
        if (SSL.isInInit(ssl) != 0) {
            throw new SSLPeerUnverifiedException("peer not verified");
        }
        byte[][] chain = SSL.getPeerCertChain(ssl);
        if (chain == null) {
            throw new SSLPeerUnverifiedException("peer not verified");
        }
        X509Certificate[] peerCerts = new X509Certificate[chain.length];
        for (int i = 0; i < peerCerts.length; i++) {
            try {
                peerCerts[i] = X509Certificate.getInstance(chain[i]);
            } catch (CertificateException e) {
                throw new IllegalStateException(e);
            }
        }
        c = x509PeerCerts = peerCerts;
    }
    return c;
}
 
Example 6
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 6 votes vote down vote up
@Override
public String getProtocol() {
    String applicationProtocol = OpenSslEngine.this.applicationProtocol;
    if (applicationProtocol == null) {
        applicationProtocol = SSL.getNextProtoNegotiated(ssl);
        if (applicationProtocol == null) {
            applicationProtocol = fallbackApplicationProtocol;
        }
        if (applicationProtocol != null) {
            OpenSslEngine.this.applicationProtocol = applicationProtocol.replace(':', '_');
        } else {
            OpenSslEngine.this.applicationProtocol = applicationProtocol = "";
        }
    }
    String version = SSL.getVersion(ssl);
    if (applicationProtocol.isEmpty()) {
        return version;
    } else {
        return version + ':' + applicationProtocol;
    }
}
 
Example 7
Project: apache-tomcat-7.0.57   File: AprEndpoint.java   Source Code and License 6 votes vote down vote up
/**
 * Process the specified connection.
 */
protected boolean setSocketOptions(long socket) {
    // Process the connection
    int step = 1;
    try {

        // 1: Set socket options: timeout, linger, etc
        if (socketProperties.getSoLingerOn() && socketProperties.getSoLingerTime() >= 0)
            Socket.optSet(socket, Socket.APR_SO_LINGER, socketProperties.getSoLingerTime());
        if (socketProperties.getTcpNoDelay())
            Socket.optSet(socket, Socket.APR_TCP_NODELAY, (socketProperties.getTcpNoDelay() ? 1 : 0));
        Socket.timeoutSet(socket, socketProperties.getSoTimeout() * 1000);

        // 2: SSL handshake
        step = 2;
        if (sslContext != 0) {
            SSLSocket.attach(sslContext, socket);
            if (SSLSocket.handshake(socket) != 0) {
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("endpoint.err.handshake") + ": " + SSL.getLastError());
                }
                return false;
            }
        }

    } catch (Throwable t) {
        ExceptionUtils.handleThrowable(t);
        if (log.isDebugEnabled()) {
            if (step == 2) {
                log.debug(sm.getString("endpoint.err.handshake"), t);
            } else {
                log.debug(sm.getString("endpoint.err.unexpected"), t);
            }
        }
        // Tell to close the socket
        return false;
    }
    return true;
}
 
Example 8
Project: WBSAirback   File: AprEndpoint.java   Source Code and License 6 votes vote down vote up
/**
 * Process the specified connection.
 */
protected boolean setSocketOptions(long socket) {
    // Process the connection
    int step = 1;
    try {

        // 1: Set socket options: timeout, linger, etc
        if (socketProperties.getSoLingerOn() && socketProperties.getSoLingerTime() >= 0)
            Socket.optSet(socket, Socket.APR_SO_LINGER, socketProperties.getSoLingerTime());
        if (socketProperties.getTcpNoDelay())
            Socket.optSet(socket, Socket.APR_TCP_NODELAY, (socketProperties.getTcpNoDelay() ? 1 : 0));
        Socket.timeoutSet(socket, socketProperties.getSoTimeout() * 1000);

        // 2: SSL handshake
        step = 2;
        if (sslContext != 0) {
            SSLSocket.attach(sslContext, socket);
            if (SSLSocket.handshake(socket) != 0) {
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("endpoint.err.handshake") + ": " + SSL.getLastError());
                }
                return false;
            }
        }

    } catch (Throwable t) {
        ExceptionUtils.handleThrowable(t);
        if (log.isDebugEnabled()) {
            if (step == 2) {
                log.debug(sm.getString("endpoint.err.handshake"), t);
            } else {
                log.debug(sm.getString("endpoint.err.unexpected"), t);
            }
        }
        // Tell to close the socket
        return false;
    }
    return true;
}
 
Example 9
Project: tomcat7   File: AprEndpoint.java   Source Code and License 5 votes vote down vote up
/**
 * Process the specified connection.
 */
protected boolean setSocketOptions(long socket) {
    // Process the connection
    int step = 1;
    try {

        // 1: Set socket options: timeout, linger, etc
        if (socketProperties.getSoLingerOn() && socketProperties.getSoLingerTime() >= 0)
            Socket.optSet(socket, Socket.APR_SO_LINGER, socketProperties.getSoLingerTime());
        if (socketProperties.getTcpNoDelay())
            Socket.optSet(socket, Socket.APR_TCP_NODELAY, (socketProperties.getTcpNoDelay() ? 1 : 0));
        Socket.timeoutSet(socket, socketProperties.getSoTimeout() * 1000);

        // 2: SSL handshake
        step = 2;
        if (sslContext != 0) {
            SSLSocket.attach(sslContext, socket);
            if (SSLSocket.handshake(socket) != 0) {
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("endpoint.err.handshake") + ": " + SSL.getLastError());
                }
                return false;
            }
        }

    } catch (Throwable t) {
        ExceptionUtils.handleThrowable(t);
        if (log.isDebugEnabled()) {
            if (step == 2) {
                log.debug(sm.getString("endpoint.err.handshake"), t);
            } else {
                log.debug(sm.getString("endpoint.err.unexpected"), t);
            }
        }
        // Tell to close the socket
        return false;
    }
    return true;
}
 
Example 10
Project: lams   File: AprEndpoint.java   Source Code and License 5 votes vote down vote up
/**
 * Process the specified connection.
 */
protected boolean setSocketOptions(long socket) {
    // Process the connection
    int step = 1;
    try {

        // 1: Set socket options: timeout, linger, etc
        if (soLinger >= 0)
            Socket.optSet(socket, Socket.APR_SO_LINGER, soLinger);
        if (tcpNoDelay)
            Socket.optSet(socket, Socket.APR_TCP_NODELAY, (tcpNoDelay ? 1 : 0));
        if (soTimeout > 0)
            Socket.timeoutSet(socket, soTimeout * 1000);

        // 2: SSL handshake
        step = 2;
        if (sslContext != 0) {
            SSLSocket.attach(sslContext, socket);
            if (SSLSocket.handshake(socket) != 0) {
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("endpoint.err.handshake") + ": " + SSL.getLastError());
                }
                return false;
            }
        }

    } catch (Throwable t) {
        if (log.isDebugEnabled()) {
            if (step == 2) {
                log.debug(sm.getString("endpoint.err.handshake"), t);
            } else {
                log.debug(sm.getString("endpoint.err.unexpected"), t);
            }
        }
        // Tell to close the socket
        return false;
    }
    return true;
}
 
Example 11
Project: apache-tomcat-7.0.73-with-comment   File: AprEndpoint.java   Source Code and License 5 votes vote down vote up
/**
 * Process the specified connection.
 */
protected boolean setSocketOptions(long socket) {
    // Process the connection
    int step = 1;
    try {

        // 1: Set socket options: timeout, linger, etc
        if (socketProperties.getSoLingerOn() && socketProperties.getSoLingerTime() >= 0)
            Socket.optSet(socket, Socket.APR_SO_LINGER, socketProperties.getSoLingerTime());
        if (socketProperties.getTcpNoDelay())
            Socket.optSet(socket, Socket.APR_TCP_NODELAY, (socketProperties.getTcpNoDelay() ? 1 : 0));
        Socket.timeoutSet(socket, socketProperties.getSoTimeout() * 1000);

        // 2: SSL handshake
        step = 2;
        if (sslContext != 0) {
            SSLSocket.attach(sslContext, socket);
            if (SSLSocket.handshake(socket) != 0) {
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("endpoint.err.handshake") + ": " + SSL.getLastError());
                }
                return false;
            }
        }

    } catch (Throwable t) {
        ExceptionUtils.handleThrowable(t);
        if (log.isDebugEnabled()) {
            if (step == 2) {
                log.debug(sm.getString("endpoint.err.handshake"), t);
            } else {
                log.debug(sm.getString("endpoint.err.unexpected"), t);
            }
        }
        // Tell to close the socket
        return false;
    }
    return true;
}
 
Example 12
Project: lazycat   File: AprEndpoint.java   Source Code and License 5 votes vote down vote up
/**
 * Process the specified connection.
 */
protected boolean setSocketOptions(long socket) {
	// Process the connection
	int step = 1;
	try {

		// 1: Set socket options: timeout, linger, etc
		if (socketProperties.getSoLingerOn() && socketProperties.getSoLingerTime() >= 0)
			Socket.optSet(socket, Socket.APR_SO_LINGER, socketProperties.getSoLingerTime());
		if (socketProperties.getTcpNoDelay())
			Socket.optSet(socket, Socket.APR_TCP_NODELAY, (socketProperties.getTcpNoDelay() ? 1 : 0));
		Socket.timeoutSet(socket, socketProperties.getSoTimeout() * 1000);

		// 2: SSL handshake
		step = 2;
		if (sslContext != 0) {
			SSLSocket.attach(sslContext, socket);
			if (SSLSocket.handshake(socket) != 0) {
				if (log.isDebugEnabled()) {
					log.debug(sm.getString("endpoint.err.handshake") + ": " + SSL.getLastError());
				}
				return false;
			}
		}

	} catch (Throwable t) {
		ExceptionUtils.handleThrowable(t);
		if (log.isDebugEnabled()) {
			if (step == 2) {
				log.debug(sm.getString("endpoint.err.handshake"), t);
			} else {
				log.debug(sm.getString("endpoint.err.unexpected"), t);
			}
		}
		// Tell to close the socket
		return false;
	}
	return true;
}
 
Example 13
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 5 votes vote down vote up
/**
 * Destroys this engine.
 */
public synchronized void shutdown() {
    if (DESTROYED_UPDATER.compareAndSet(this, 0, 1)) {
        engineMap.remove(ssl);
        SSL.freeSSL(ssl);
        SSL.freeBIO(networkBIO);
        ssl = networkBIO = 0;

        // internal errors can cause shutdown without marking the engine closed
        isInboundDone = isOutboundDone = engineClosed = true;
    }
}
 
Example 14
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 5 votes vote down vote up
@Override
public String[] getEnabledCipherSuites() {
    String[] enabled = SSL.getCiphers(ssl);
    if (enabled == null) {
        return EmptyArrays.EMPTY_STRINGS;
    } else {
        for (int i = 0; i < enabled.length; i++) {
            String mapped = toJavaCipherSuite(enabled[i]);
            if (mapped != null) {
                enabled[i] = mapped;
            }
        }
        return enabled;
    }
}
 
Example 15
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 5 votes vote down vote up
@Override
public void setEnabledCipherSuites(String[] cipherSuites) {
    ObjectUtil.checkNotNull(cipherSuites, "cipherSuites");

    final StringBuilder buf = new StringBuilder();
    for (String c: cipherSuites) {
        if (c == null) {
            break;
        }

        String converted = CipherSuiteConverter.toOpenSsl(c);
        if (converted == null) {
            converted = c;
        }

        if (!OpenSsl.isCipherSuiteAvailable(converted)) {
            throw new IllegalArgumentException("unsupported cipher suite: " + c + '(' + converted + ')');
        }

        buf.append(converted);
        buf.append(':');
    }

    if (buf.length() == 0) {
        throw new IllegalArgumentException("empty cipher suites");
    }
    buf.setLength(buf.length() - 1);

    final String cipherSuiteSpec = buf.toString();
    try {
        SSL.setCipherSuites(ssl, cipherSuiteSpec);
    } catch (Exception e) {
        throw new IllegalStateException("failed to enable cipher suites: " + cipherSuiteSpec, e);
    }
}
 
Example 16
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 5 votes vote down vote up
@Override
public String[] getEnabledProtocols() {
    List<String> enabled = new ArrayList<String>();
    // Seems like there is no way to explict disable SSLv2Hello in openssl so it is always enabled
    enabled.add(PROTOCOL_SSL_V2_HELLO);
    int opts = SSL.getOptions(ssl);
    if ((opts & SSL.SSL_OP_NO_TLSv1) == 0) {
        enabled.add(PROTOCOL_TLS_V1);
    }
    if ((opts & SSL.SSL_OP_NO_TLSv1_1) == 0) {
        enabled.add(PROTOCOL_TLS_V1_1);
    }
    if ((opts & SSL.SSL_OP_NO_TLSv1_2) == 0) {
        enabled.add(PROTOCOL_TLS_V1_2);
    }
    if ((opts & SSL.SSL_OP_NO_SSLv2) == 0) {
        enabled.add(PROTOCOL_SSL_V2);
    }
    if ((opts & SSL.SSL_OP_NO_SSLv3) == 0) {
        enabled.add(PROTOCOL_SSL_V3);
    }
    int size = enabled.size();
    if (size == 0) {
        return EmptyArrays.EMPTY_STRINGS;
    } else {
        return enabled.toArray(new String[size]);
    }
}
 
Example 17
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 5 votes vote down vote up
@Override
public synchronized SSLEngineResult.HandshakeStatus getHandshakeStatus() {
    if (accepted == 0 || destroyed != 0) {
        return NOT_HANDSHAKING;
    }

    // Check if we are in the initial handshake phase
    if (!handshakeFinished) {
        // There is pending data in the network BIO -- call wrap
        if (SSL.pendingWrittenBytesInBIO(networkBIO) != 0) {
            return NEED_WRAP;
        }

        // No pending data to be sent to the peer
        // Check to see if we have finished handshaking
        if (SSL.isInInit(ssl) == 0) {
            handshakeFinished = true;
            return FINISHED;
        }

        // No pending data and still handshaking
        // Must be waiting on the peer to send more data
        return NEED_UNWRAP;
    }

    // Check if we are in the shutdown phase
    if (engineClosed) {
        // Waiting to send the close_notify message
        if (SSL.pendingWrittenBytesInBIO(networkBIO) != 0) {
            return NEED_WRAP;
        }

        // Must be waiting to receive the close_notify message
        return NEED_UNWRAP;
    }

    return NOT_HANDSHAKING;
}
 
Example 18
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 5 votes vote down vote up
/**
 * Converts the specified OpenSSL cipher suite to the Java cipher suite.
 */
private String toJavaCipherSuite(String openSslCipherSuite) {
    if (openSslCipherSuite == null) {
        return null;
    }

    String prefix = toJavaCipherSuitePrefix(SSL.getVersion(ssl));
    return CipherSuiteConverter.toJava(openSslCipherSuite, prefix);
}
 
Example 19
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 5 votes vote down vote up
@Override
public byte[] getId() {
    // We don't cache that to keep memory usage to a minimum.
    byte[] id = SSL.getSessionId(ssl);
    if (id == null) {
        // The id should never be null, if it was null then the SESSION itself was not valid.
        throw new IllegalStateException("SSL session ID not available");
    }
    return id;
}
 
Example 20
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 5 votes vote down vote up
@Override
public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
    // these are lazy created to reduce memory overhead
    Certificate[] c = peerCerts;
    if (c == null) {
        if (SSL.isInInit(ssl) != 0) {
            throw new SSLPeerUnverifiedException("peer not verified");
        }
        c = peerCerts = initPeerCertChain();
    }
    return c;
}
 
Example 21
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 5 votes vote down vote up
private Certificate[] initPeerCertChain() throws SSLPeerUnverifiedException {
    byte[][] chain = SSL.getPeerCertChain(ssl);
    byte[] clientCert;
    if (!clientMode) {
        // if used on the server side SSL_get_peer_cert_chain(...) will not include the remote peer certificate.
        // We use SSL_get_peer_certificate to get it in this case and add it to our array later.
        //
        // See https://www.openssl.org/docs/ssl/SSL_get_peer_cert_chain.html
        clientCert = SSL.getPeerCertificate(ssl);
    } else {
        clientCert = null;
    }

    if (chain == null && clientCert == null) {
        throw new SSLPeerUnverifiedException("peer not verified");
    }
    int len = 0;
    if (chain != null) {
        len += chain.length;
    }

    int i = 0;
    Certificate[] peerCerts;
    if (clientCert != null) {
        len++;
        peerCerts = new Certificate[len];
        peerCerts[i++] = new OpenSslX509Certificate(clientCert);
    } else {
        peerCerts = new Certificate[len];
    }
    if (chain != null) {
        int a = 0;
        for (; i < peerCerts.length; i++) {
            peerCerts[i] = new OpenSslX509Certificate(chain[a++]);
        }
    }
    return peerCerts;
}
 
Example 22
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 5 votes vote down vote up
@Override
public String getCipherSuite() {
    if (!handshakeFinished) {
        return INVALID_CIPHER;
    }
    if (cipher == null) {
        String c = toJavaCipherSuite(SSL.getCipherForSSL(ssl));
        if (c != null) {
            cipher = c;
        }
    }
    return cipher;
}
 
Example 23
Project: class-guard   File: AprEndpoint.java   Source Code and License 5 votes vote down vote up
/**
 * Process the specified connection.
 */
protected boolean setSocketOptions(long socket) {
    // Process the connection
    int step = 1;
    try {

        // 1: Set socket options: timeout, linger, etc
        if (socketProperties.getSoLingerOn() && socketProperties.getSoLingerTime() >= 0)
            Socket.optSet(socket, Socket.APR_SO_LINGER, socketProperties.getSoLingerTime());
        if (socketProperties.getTcpNoDelay())
            Socket.optSet(socket, Socket.APR_TCP_NODELAY, (socketProperties.getTcpNoDelay() ? 1 : 0));
        Socket.timeoutSet(socket, socketProperties.getSoTimeout() * 1000);

        // 2: SSL handshake
        step = 2;
        if (sslContext != 0) {
            SSLSocket.attach(sslContext, socket);
            if (SSLSocket.handshake(socket) != 0) {
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("endpoint.err.handshake") + ": " + SSL.getLastError());
                }
                return false;
            }
        }

    } catch (Throwable t) {
        ExceptionUtils.handleThrowable(t);
        if (log.isDebugEnabled()) {
            if (step == 2) {
                log.debug(sm.getString("endpoint.err.handshake"), t);
            } else {
                log.debug(sm.getString("endpoint.err.unexpected"), t);
            }
        }
        // Tell to close the socket
        return false;
    }
    return true;
}
 
Example 24
Project: apache-tomcat-7.0.57   File: AprEndpoint.java   Source Code and License 5 votes vote down vote up
/**
 * Process the specified connection.
 */
protected boolean setSocketOptions(long socket) {
    // Process the connection
    int step = 1;
    try {

        // 1: Set socket options: timeout, linger, etc
        if (socketProperties.getSoLingerOn() && socketProperties.getSoLingerTime() >= 0)
            Socket.optSet(socket, Socket.APR_SO_LINGER, socketProperties.getSoLingerTime());
        if (socketProperties.getTcpNoDelay())
            Socket.optSet(socket, Socket.APR_TCP_NODELAY, (socketProperties.getTcpNoDelay() ? 1 : 0));
        Socket.timeoutSet(socket, socketProperties.getSoTimeout() * 1000);

        // 2: SSL handshake
        step = 2;
        if (sslContext != 0) {
            SSLSocket.attach(sslContext, socket);
            if (SSLSocket.handshake(socket) != 0) {
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("endpoint.err.handshake") + ": " + SSL.getLastError());
                }
                return false;
            }
        }

    } catch (Throwable t) {
        ExceptionUtils.handleThrowable(t);
        if (log.isDebugEnabled()) {
            if (step == 2) {
                log.debug(sm.getString("endpoint.err.handshake"), t);
            } else {
                log.debug(sm.getString("endpoint.err.unexpected"), t);
            }
        }
        // Tell to close the socket
        return false;
    }
    return true;
}
 
Example 25
Project: netty4.0.27Learn   File: OpenSsl.java   Source Code and License 4 votes vote down vote up
static boolean isError(long errorCode) {
    return errorCode != SSL.SSL_ERROR_NONE;
}
 
Example 26
Project: netty4.0.27Learn   File: OpenSslServerSessionContext.java   Source Code and License 4 votes vote down vote up
@Override
public void setSessionCacheEnabled(boolean enabled) {
    long mode = enabled ? SSL.SSL_SESS_CACHE_SERVER : SSL.SSL_SESS_CACHE_OFF;
    SSLContext.setSessionCacheMode(context, mode);
}
 
Example 27
Project: netty4.0.27Learn   File: OpenSslServerSessionContext.java   Source Code and License 4 votes vote down vote up
@Override
public boolean isSessionCacheEnabled() {
    return SSLContext.getSessionCacheMode(context) == SSL.SSL_SESS_CACHE_SERVER;
}
 
Example 28
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 4 votes vote down vote up
@Override
public void setEnabledProtocols(String[] protocols) {
    if (protocols == null) {
        // This is correct from the API docs
        throw new IllegalArgumentException();
    }
    boolean sslv2 = false;
    boolean sslv3 = false;
    boolean tlsv1 = false;
    boolean tlsv1_1 = false;
    boolean tlsv1_2 = false;
    for (String p: protocols) {
        if (!SUPPORTED_PROTOCOLS_SET.contains(p)) {
            throw new IllegalArgumentException("Protocol " + p + " is not supported.");
        }
        if (p.equals(PROTOCOL_SSL_V2)) {
            sslv2 = true;
        } else if (p.equals(PROTOCOL_SSL_V3)) {
            sslv3 = true;
        } else if (p.equals(PROTOCOL_TLS_V1)) {
            tlsv1 = true;
        } else if (p.equals(PROTOCOL_TLS_V1_1)) {
            tlsv1_1 = true;
        } else if (p.equals(PROTOCOL_TLS_V1_2)) {
            tlsv1_2 = true;
        }
    }
    // Enable all and then disable what we not want
    SSL.setOptions(ssl, SSL.SSL_OP_ALL);

    if (!sslv2) {
        SSL.setOptions(ssl, SSL.SSL_OP_NO_SSLv2);
    }
    if (!sslv3) {
        SSL.setOptions(ssl, SSL.SSL_OP_NO_SSLv3);
    }
    if (!tlsv1) {
        SSL.setOptions(ssl, SSL.SSL_OP_NO_TLSv1);
    }
    if (!tlsv1_1) {
        SSL.setOptions(ssl, SSL.SSL_OP_NO_TLSv1_1);
    }
    if (!tlsv1_2) {
        SSL.setOptions(ssl, SSL.SSL_OP_NO_TLSv1_2);
    }
}
 
Example 29
Project: netty4.0.27Learn   File: OpenSslEngine.java   Source Code and License 4 votes vote down vote up
@Override
public long getCreationTime() {
    // We need ot multiple by 1000 as openssl uses seconds and we need milli-seconds.
    return SSL.getTime(ssl) * 1000L;
}
 
Example 30
Project: netty4.0.27Learn   File: OpenSslContext.java   Source Code and License 4 votes vote down vote up
OpenSslContext(Iterable<String> ciphers, ApplicationProtocolConfig apnCfg, long sessionCacheSize,
               long sessionTimeout, int mode) throws SSLException {
    this(ciphers, toNegotiator(apnCfg, mode == SSL.SSL_MODE_SERVER), sessionCacheSize, sessionTimeout, mode);
}
 
Example 31
Project: netty4.0.27Learn   File: OpenSslContext.java   Source Code and License 4 votes vote down vote up
@Override
public final boolean isClient() {
    return mode == SSL.SSL_MODE_CLIENT;
}
 
Example 32
Project: class-guard   File: AprLifecycleListener.java   Source Code and License 4 votes vote down vote up
private static void initializeSSL()
    throws ClassNotFoundException, NoSuchMethodException,
           IllegalAccessException, InvocationTargetException
{

    if ("off".equalsIgnoreCase(SSLEngine)) {
        return;
    }
    if (sslInitialized) {
         //only once per VM
        return;
    }

    sslInitialized = true;

    String methodName = "randSet";
    Class<?> paramTypes[] = new Class[1];
    paramTypes[0] = String.class;
    Object paramValues[] = new Object[1];
    paramValues[0] = SSLRandomSeed;
    Class<?> clazz = Class.forName("org.apache.tomcat.jni.SSL");
    Method method = clazz.getMethod(methodName, paramTypes);
    method.invoke(null, paramValues);


    methodName = "initialize";
    paramValues[0] = "on".equalsIgnoreCase(SSLEngine)?null:SSLEngine;
    method = clazz.getMethod(methodName, paramTypes);
    method.invoke(null, paramValues);

    if("on".equalsIgnoreCase(FIPSMode)) {
        log.info(sm.getString("aprListener.initializingFIPS"));

        int result = SSL.fipsModeSet(1);

        // success is defined as return value = 1
        if(1 == result) {
            fipsModeActive = true;

            log.info(sm.getString("aprListener.initializeFIPSSuccess"));
        } else {
            // This case should be handled by the native method,
            // but we'll make absolutely sure, here.
            String message = sm.getString("aprListener.initializeFIPSFailed");
            log.error(message);
            throw new IllegalStateException(message);
        }
    }

    log.info(sm.getString("aprListener.initializedOpenSSL", SSL.versionString()));

    sslAvailable = true;
}