Java Code Examples for javax.net.ssl.SSLEngine

The following examples show how to use javax.net.ssl.SSLEngine. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
/**
 * Initialize the channel.
 *
 * @param channel the channel.
 */
@Override
public void initChannel(SocketChannel channel) {
    ChannelPipeline pipeline = channel.pipeline();
    if (ssl) {
        try {
            SSLContext sslContext = SSLContext.getDefault();
            SSLEngine sslEngine = sslContext.createSSLEngine();
            sslEngine.setUseClientMode(false);
            pipeline.addLast(new SslHandler(sslEngine));
        } catch (NoSuchAlgorithmException e) {
            if (LOGGER.isLoggable(SEVERE)) {
                LOGGER.log(WARNING, "Unable to match SSL algorithm", e);
            }
        }
    }
    pipeline.addLast(new HttpRequestDecoder());
    pipeline.addLast(new HttpResponseEncoder());
    pipeline.addLast(new HttpObjectAggregator(10*1024*1024));
    pipeline.addLast(new NettyHttpServerHandler(httpServerProcessor));
}
 
Example 2
Source Project: qpid-jms   Source File: TransportSupportTest.java    License: Apache License 2.0 7 votes vote down vote up
@Test
public void testCreateSslEngineFromJksStoreWithExplicitEnabledAndDisabledProtocolsJDK() throws Exception {
    // Discover the default enabled protocols
    TransportOptions options = createJksSslOptions();
    SSLEngine directEngine = createSSLEngineDirectly(options);
    String[] protocols = directEngine.getEnabledProtocols();
    assertTrue("There were no initial protocols to choose from!", protocols.length > 1);

    // Pull out two to enable, and one to disable specifically
    String protocol1 = protocols[0];
    String protocol2 = protocols[1];
    String[] enabledProtocols = new String[] { protocol1, protocol2 };
    String[] disabledProtocol = new String[] { protocol1 };
    String[] remainingProtocols = new String[] { protocol2 };
    options.setEnabledProtocols(enabledProtocols);
    options.setDisabledProtocols(disabledProtocol);
    SSLContext context = TransportSupport.createJdkSslContext(options);
    SSLEngine engine = TransportSupport.createJdkSslEngine(null, context, options);

    // verify the option took effect, that the disabled protocols were removed from the enabled list.
    assertNotNull(engine);
    assertArrayEquals("Enabled protocols not as expected", remainingProtocols, engine.getEnabledProtocols());
}
 
Example 3
Source Project: j2objc   Source File: TestTrustManager.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine)
        throws CertificateException {
    if (extendedTrustManager == null) {
        out.print("(fallback to X509TrustManager) ");
        checkServerTrusted(chain, authType);
        return;
    }
    out.print("TestTrustManager.checkServerTrusted "
            + "chain=" + chain.length + " "
            + "authType=" + authType + " "
            + "engine=" + engine.toString() + " ");
    try {
        assertServerAuthType(authType);
        extendedTrustManager.checkServerTrusted(chain, authType, engine);
        out.println("OK");
    } catch (CertificateException e) {
        e.printStackTrace(out);
        throw e;
    }
}
 
Example 4
Source Project: activemq-artemis   Source File: NettyTransportSupport.java    License: Apache License 2.0 6 votes vote down vote up
private static String[] buildEnabledCipherSuites(SSLEngine engine, NettyTransportSslOptions options) {
   List<String> enabledCipherSuites = new ArrayList<>();

   if (options.getEnabledCipherSuites() != null) {
      List<String> configuredCipherSuites = Arrays.asList(options.getEnabledCipherSuites());
      LOG.trace("Configured cipher suites from transport options: {}", configuredCipherSuites);
      enabledCipherSuites.addAll(configuredCipherSuites);
   } else {
      List<String> engineCipherSuites = Arrays.asList(engine.getEnabledCipherSuites());
      LOG.trace("Default cipher suites from the SSLEngine: {}", engineCipherSuites);
      enabledCipherSuites.addAll(engineCipherSuites);
   }

   String[] disabledCipherSuites = options.getDisabledCipherSuites();
   if (disabledCipherSuites != null) {
      List<String> disabled = Arrays.asList(disabledCipherSuites);
      LOG.trace("Disabled cipher suites: {}", disabled);
      enabledCipherSuites.removeAll(disabled);
   }

   LOG.trace("Enabled cipher suites: {}", enabledCipherSuites);

   return enabledCipherSuites.toArray(new String[0]);
}
 
Example 5
Source Project: qpid-jms   Source File: TransportSupportTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testLegacySslProtocolsDisabledByDefaultOpenSSL() throws Exception {
    assumeTrue(OpenSsl.isAvailable());
    assumeTrue(OpenSsl.supportsKeyManagerFactory());

    TransportOptions options = createJksSslOptions(null);

    SslContext context = TransportSupport.createOpenSslContext(options);
    assertNotNull(context);

    SSLEngine engine = TransportSupport.createOpenSslEngine(PooledByteBufAllocator.DEFAULT, null, context, options);
    assertNotNull(engine);

    List<String> engineProtocols = Arrays.asList(engine.getEnabledProtocols());
    assertFalse("SSLv3 should not be enabled by default", engineProtocols.contains("SSLv3"));

    // TODO - Netty is currently unable to disable OpenSSL SSLv2Hello so we are stuck with it for now.
    // assertFalse("SSLv2Hello should not be enabled by default", engineProtocols.contains("SSLv2Hello"));
}
 
Example 6
@Override
protected void testOneCipher(String cipher) throws SSLException {
    SSLContext context = getContext();
    int maxPacketSize = getMaxPacketSize();
    boolean useSNI = !TEST_MODE.equals("norm");
    SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
    SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
    clientEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setEnabledCipherSuites(new String[]{cipher});
    serverEngine.setNeedClientAuth(!cipher.contains("anon"));
    doHandshake(clientEngine, serverEngine, maxPacketSize,
            HandshakeMode.INITIAL_HANDSHAKE);
    checkBufferOverflowOnWrap(clientEngine);
    checkBufferOverflowOnWrap(serverEngine);
    checkBufferOverflowOnUnWrap(clientEngine, serverEngine);
    checkBufferOverflowOnUnWrap(serverEngine, clientEngine);
    checkBufferUnderflowOnUnWrap(serverEngine, clientEngine);
    checkBufferUnderflowOnUnWrap(clientEngine, serverEngine);
}
 
Example 7
Source Project: activemq-artemis   Source File: NettyTransportSupport.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Create a new SSLEngine instance in client mode from the given SSLContext and
 * TransportSslOptions instances.
 *
 * @param remote
 *        the URI of the remote peer that will be used to initialize the engine, may be null
 *        if none should.
 * @param context
 *        the SSLContext to use when creating the engine.
 * @param options
 *        the TransportSslOptions to use to configure the new SSLEngine.
 *
 * @return a new SSLEngine instance in client mode.
 *
 * @throws Exception
 *         if an error occurs while creating the new SSLEngine.
 */
public static SSLEngine createSslEngine(URI remote, SSLContext context, NettyTransportSslOptions options) throws Exception {
   SSLEngine engine = null;
   if (remote == null) {
      engine = context.createSSLEngine();
   } else {
      engine = context.createSSLEngine(remote.getHost(), remote.getPort());
   }

   engine.setEnabledProtocols(buildEnabledProtocols(engine, options));
   engine.setEnabledCipherSuites(buildEnabledCipherSuites(engine, options));
   engine.setUseClientMode(true);

   if (options.isVerifyHost()) {
      SSLParameters sslParameters = engine.getSSLParameters();
      sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
      engine.setSSLParameters(sslParameters);
   }

   return engine;
}
 
Example 8
Source Project: netty-4.1.22   Source File: SSLEngineTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testCloseInboundAfterBeginHandshake() throws Exception {
    SelfSignedCertificate cert = new SelfSignedCertificate();

    clientSslCtx = SslContextBuilder
            .forClient()
            .sslProvider(sslClientProvider())
            .build();
    SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);

    serverSslCtx = SslContextBuilder
            .forServer(cert.certificate(), cert.privateKey())
            .sslProvider(sslServerProvider())
            .build();
    SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);

    try {
        testCloseInboundAfterBeginHandshake(client);
        testCloseInboundAfterBeginHandshake(server);
    } finally {
        cleanupClientSslEngine(client);
        cleanupServerSslEngine(server);
        cert.delete();
    }
}
 
Example 9
Source Project: AndroidHttpCapture   Source File: BouncyCastleSslEngineSource.java    License: MIT License 6 votes vote down vote up
@Override
public SSLEngine newSslEngine(String remoteHost, int remotePort) {
    SSLEngine sslEngine = sslContext
            .createSSLEngine(remoteHost, remotePort);
    sslEngine.setUseClientMode(true);
    if (!tryHostNameVerificationJava7(sslEngine)) {
        LOG.debug("Host Name Verification is not supported, causes insecure HTTPS connection");
    }
    filterWeakCipherSuites(sslEngine);
    return sslEngine;
}
 
Example 10
Source Project: openjdk-jdk9   Source File: CipherSuite.java    License: GNU General Public License v2.0 6 votes vote down vote up
@Override
SSLEngine createSSLEngine(boolean isClient) throws Exception {
    SSLEngine engine = super.createSSLEngine(isClient);

    if (isClient) {
        engine.setEnabledCipherSuites(new String[]{cipherSuite});
    }

    return engine;
}
 
Example 11
Source Project: datacollector   Source File: TlsConfigBean.java    License: Apache License 2.0 6 votes vote down vote up
@NotNull
private String[] determineFinalCipherSuites(SSLEngine sslEngine) {
  Collection<String> filteredCipherSuites;
  if (useDefaultCiperSuites) {
    filteredCipherSuites = getSupportedValuesFromSpecified(
        Arrays.asList(sslEngine.getSupportedCipherSuites()),
        Arrays.asList(MODERN_CIPHER_SUITES),
        "Cipher suite"
    );
  } else {
    filteredCipherSuites = getSupportedValuesFromSpecified(Arrays.asList(sslEngine.getSupportedCipherSuites()),
        cipherSuites,
        "Cipher suite"
    );
  }
  return filteredCipherSuites.toArray(new String[0]);
}
 
Example 12
Source Project: swim   Source File: TlsSocket.java    License: Apache License 2.0 6 votes vote down vote up
TlsSocket(InetSocketAddress localAddress, InetSocketAddress remoteAddress, SocketChannel channel,
          SSLEngine sslEngine, IpSettings ipSettings, boolean isClient) {
  if (sslEngine == null) {
    throw new NullPointerException();
  }
  this.localAddress = localAddress;
  this.remoteAddress = remoteAddress;
  this.channel = channel;
  this.sslEngine = sslEngine;
  this.ipSettings = ipSettings;
  this.flowControl = FlowControl.WAIT;
  this.status = isClient ? CLIENT : SERVER;

  final SSLSession sslSession = this.sslEngine.getSession();
  final TcpSettings tcpSettings = this.ipSettings.tcpSettings();
  final int readBufferSize = Math.max(tcpSettings.readBufferSize(), sslSession.getApplicationBufferSize());
  final int writeBufferSize = Math.max(tcpSettings.writeBufferSize(), sslSession.getPacketBufferSize());
  this.readBuffer = ByteBuffer.allocate(readBufferSize);
  this.writeBuffer = ByteBuffer.allocate(writeBufferSize);
  ((Buffer) this.writeBuffer).position(this.writeBuffer.capacity());
  this.inputBuffer = ByteBuffer.allocate(readBufferSize);
  this.outputBuffer = ByteBuffer.allocate(writeBufferSize);
  ((Buffer) this.outputBuffer).position(this.outputBuffer.capacity());
  this.reader = Binary.inputBuffer(inputBuffer);
  this.writer = Binary.outputBuffer(outputBuffer);
}
 
Example 13
Source Project: netty-4.1.22   Source File: ConscryptAlpnSslEngine.java    License: Apache License 2.0 6 votes vote down vote up
ServerEngine(SSLEngine engine, ByteBufAllocator alloc,
             JdkApplicationProtocolNegotiator applicationNegotiator) {
    super(engine, alloc, applicationNegotiator.protocols());

    // Register for completion of the handshake.
    Conscrypt.setHandshakeListener(engine, new HandshakeListener() {
        @Override
        public void onHandshakeFinished() throws SSLException {
            selectProtocol();
        }
    });

    protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory()
                    .newSelector(this,
                            new LinkedHashSet<String>(applicationNegotiator.protocols())),
            "protocolSelector");
}
 
Example 14
public static void main (String[] args) throws Exception {
    SSLContext context = SSLContext.getDefault();

    // set the property before initialization SSLEngine.
    System.setProperty("jsse.SSLEngine.acceptLargeFragments", "true");

    SSLEngine cliEngine = context.createSSLEngine();
    cliEngine.setUseClientMode(true);

    SSLEngine srvEngine = context.createSSLEngine();
    srvEngine.setUseClientMode(false);

    SSLSession cliSession = cliEngine.getSession();
    SSLSession srvSession = srvEngine.getSession();

    // check packet buffer sizes.
    if (cliSession.getPacketBufferSize() < 33049 ||
        srvSession.getPacketBufferSize() < 33049) {
            throw new Exception("Don't accept large SSL/TLS fragments");
    }

    // check application data buffer sizes.
    if (cliSession.getApplicationBufferSize() < 32768 ||
        srvSession.getApplicationBufferSize() < 32768) {
            throw new Exception(
                    "Don't accept large SSL/TLS application data ");
    }
}
 
Example 15
Source Project: pravega   Source File: ConnectionPoolImpl.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a Channel Initializer which is to to setup {@link ChannelPipeline}.
 */
@VisibleForTesting
ChannelInitializer<SocketChannel> getChannelInitializer(final PravegaNodeUri location,
                                                                final FlowHandler handler) {
    final SslContext sslCtx = getSslContext();

    return new ChannelInitializer<SocketChannel>() {
        @Override
        public void initChannel(SocketChannel ch) throws Exception {
            ChannelPipeline p = ch.pipeline();
            if (sslCtx != null) {
                SslHandler sslHandler = sslCtx.newHandler(ch.alloc(), location.getEndpoint(), location.getPort());

                if (clientConfig.isValidateHostName()) {
                    SSLEngine sslEngine = sslHandler.engine();
                    SSLParameters sslParameters = sslEngine.getSSLParameters();
                    sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
                    sslEngine.setSSLParameters(sslParameters);
                }
                p.addLast(sslHandler);
            }
            p.addLast(
                    new ExceptionLoggingHandler(location.getEndpoint()),
                    new CommandEncoder(handler::getAppendBatchSizeTracker, metricNotifier),
                    new LengthFieldBasedFrameDecoder(WireCommands.MAX_WIRECOMMAND_SIZE, 4, 4),
                    new CommandDecoder(),
                    handler);
        }
    };
}
 
Example 16
Source Project: netty-4.1.22   Source File: SSLEngineTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testSSLSessionId() throws Exception {
    clientSslCtx = SslContextBuilder.forClient()
            .trustManager(InsecureTrustManagerFactory.INSTANCE)
            .sslProvider(sslClientProvider())
            .sslContextProvider(clientSslContextProvider())
            .build();
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
            .sslProvider(sslServerProvider())
            .sslContextProvider(serverSslContextProvider())
            .build();
    SSLEngine clientEngine = null;
    SSLEngine serverEngine = null;
    try {
        clientEngine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
        serverEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);

        // Before the handshake the id should have length == 0
        assertEquals(0, clientEngine.getSession().getId().length);
        assertEquals(0, serverEngine.getSession().getId().length);

        handshake(clientEngine, serverEngine);

        // After the handshake the id should have length > 0
        assertNotEquals(0, clientEngine.getSession().getId().length);
        assertNotEquals(0, serverEngine.getSession().getId().length);
        assertArrayEquals(clientEngine.getSession().getId(), serverEngine.getSession().getId());
    } finally {
        cleanupClientSslEngine(clientEngine);
        cleanupServerSslEngine(serverEngine);
        ssc.delete();
    }
}
 
Example 17
Source Project: pgadba   Source File: ClientTlsChannel.java    License: BSD 2-Clause "Simplified" License 5 votes vote down vote up
private ClientTlsChannel(
    ByteChannel underlying,
    SSLEngine engine,
    Consumer<SSLSession> sessionInitCallback,
    boolean runTasks,
    BufferAllocator plainBufAllocator,
    BufferAllocator encryptedBufAllocator,
    boolean releaseBuffers,
    boolean waitForCloseNotifyOnClose) {
  if (!engine.getUseClientMode()) {
    throw new IllegalArgumentException("SSLEngine must be in client mode");
  }
  this.underlying = underlying;
  TrackingAllocator trackingPlainBufAllocator = new TrackingAllocator(plainBufAllocator);
  TrackingAllocator trackingEncryptedAllocator = new TrackingAllocator(encryptedBufAllocator);
  impl = new TlsChannelImpl(underlying, underlying, engine, Optional.empty(), sessionInitCallback, runTasks,
      trackingPlainBufAllocator, trackingEncryptedAllocator, releaseBuffers, waitForCloseNotifyOnClose);
}
 
Example 18
Source Project: Tomcat8-Source-Read   Source File: Nio2Endpoint.java    License: MIT License 5 votes vote down vote up
@Override
public void doClientAuth(SSLSupport sslSupport) throws IOException {
    SecureNio2Channel sslChannel = (SecureNio2Channel) getSocket();
    SSLEngine engine = sslChannel.getSslEngine();
    if (!engine.getNeedClientAuth()) {
        // Need to re-negotiate SSL connection
        engine.setNeedClientAuth(true);
        sslChannel.rehandshake();
        ((JSSESupport) sslSupport).setSession(engine.getSession());
    }
}
 
Example 19
Source Project: ovsdb   Source File: OvsdbConnectionService.java    License: Eclipse Public License 1.0 5 votes vote down vote up
@Override
public void initChannel(final SocketChannel channel) throws Exception {
    SSLContext sslContext = certManagerSrv.getServerContext();
    if (sslContext != null) {
        /* First add ssl handler if ssl context is given */
        SSLEngine engine = sslContext.createSSLEngine(address.toString(), port);
        engine.setUseClientMode(true);
        channel.pipeline().addLast("ssl", new SslHandler(engine));
    }

    super.initChannel(channel);
}
 
Example 20
Source Project: Tomcat8-Source-Read   Source File: OpenSSLContext.java    License: MIT License 5 votes vote down vote up
@Override
public SSLEngine createSSLEngine() {
    return new OpenSSLEngine(ctx, defaultProtocol, false, sessionContext,
            (negotiableProtocols != null && negotiableProtocols.size() > 0), initialized,
            sslHostConfig.getCertificateVerificationDepth(),
            sslHostConfig.getCertificateVerification() == CertificateVerification.OPTIONAL_NO_CA);
}
 
Example 21
Source Project: servicecomb-java-chassis   Source File: TrustManagerExt.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType,
    SSLEngine engine) throws CertificateException {
  if (!option.isAuthPeer()) {
    return;
  }

  String ip = null;
  if (engine != null) {
    SSLSession session = engine.getHandshakeSession();
    ip = session.getPeerHost();
  }
  checkTrustedCustom(chain, ip);
  trustManager.checkClientTrusted(chain, authType, engine);
}
 
Example 22
@Ignore("connecting to the outside world makes this test flaky")
@Test(expected = SSLHandshakeException.class)
public void testCommonClientUsesExtensibleTrustManagerFailure() throws Throwable {
    doThrow(new CertificateException()).when(extensibleTrustManager).checkServerTrusted(
            ArgumentMatchers.any(X509Certificate[].class), anyString(), ArgumentMatchers.any(SSLEngine.class));
    HttpClient httpClient = webClientFactory.getCommonHttpClient();

    try {
        httpClient.GET(TEST_URL);
    } catch (ExecutionException e) {
        throw e.getCause();
    }
}
 
Example 23
Source Project: jmqtt   Source File: NettySslHandler.java    License: Apache License 2.0 5 votes vote down vote up
public static ChannelHandler getSslHandler(SocketChannel channel, boolean useClientCA, String sslKeyStoreType, String sslKeyFilePath, String sslManagerPwd, String sslStorePwd) {

        SslContext sslContext = createSSLContext(useClientCA, sslKeyStoreType, sslKeyFilePath, sslManagerPwd, sslStorePwd);
        SSLEngine sslEngine = sslContext.newEngine(
                channel.alloc(),
                channel.remoteAddress().getHostString(),
                channel.remoteAddress().getPort());
        sslEngine.setUseClientMode(false); // server mode
        if (useClientCA) {
            sslEngine.setNeedClientAuth(true);
        }
        return new SslHandler(sslEngine);
    }
 
Example 24
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
        throws CertificateException {
    X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain, sslEngine);
    if (linkedTrustManager == null) {
        logger.trace("No specific trust manager found, falling back to default");
        defaultTrustManager.checkServerTrusted(chain, authType, sslEngine);
    } else {
        linkedTrustManager.checkServerTrusted(chain, authType, sslEngine);
    }
}
 
Example 25
Source Project: netty-4.1.22   Source File: SslContextBuilderTest.java    License: Apache License 2.0 5 votes vote down vote up
private static void testServerContext(SslProvider provider) throws Exception {
    SelfSignedCertificate cert = new SelfSignedCertificate();
    SslContextBuilder builder = SslContextBuilder.forServer(cert.key(), cert.cert())
                                                 .sslProvider(provider)
                                                 .trustManager(cert.cert())
                                                 .clientAuth(ClientAuth.REQUIRE);
    SslContext context = builder.build();
    SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
    assertFalse(engine.getWantClientAuth());
    assertTrue(engine.getNeedClientAuth());
    engine.closeInbound();
    engine.closeOutbound();
}
 
Example 26
private SSLEngine createSSLEngine() {
  try {
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init((KeyStore) null);

    return SslContextBuilder
        .forClient()
        .trustManager(trustManagerFactory)
        .build()
        .newEngine(getAllocator());
  } catch (Exception e) {
    throw new RuntimeException("Could not create SSLEngine", e);
  }
}
 
Example 27
Source Project: MediaSDK   Source File: SSLEngineSNIConfigurator.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void configureEngine(SSLEngine engine, AsyncHttpClientMiddleware.GetSocketData data, String host, int port) {
    if (useSni == null || skipReflection)
        return;
    try {
        peerHost.set(engine, host);
        peerPort.set(engine, port);
        Object sslp = sslParameters.get(engine);
        useSni.set(sslp, true);
    }
    catch (IllegalAccessException e) {
    }
}
 
Example 28
Source Project: ambry   Source File: NettySslHttp2Factory.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public SSLEngine createSSLEngine(String peerHost, int peerPort, Mode mode) {
  SslContext context = mode == Mode.CLIENT ? nettyClientSslContext : nettyServerSslContext;
  SSLEngine sslEngine = context.newEngine(ByteBufAllocator.DEFAULT, peerHost, peerPort);

  if (mode == Mode.CLIENT) {
    SSLParameters sslParams = sslEngine.getSSLParameters();
    sslParams.setEndpointIdentificationAlgorithm(endpointIdentification);
    sslEngine.setSSLParameters(sslParams);
  }
  return sslEngine;
}
 
Example 29
Source Project: lams   Source File: JDK9AlpnProvider.java    License: GNU General Public License v2.0 5 votes vote down vote up
@Override
public JDK9ALPNMethods run() {
    try {
        Method setApplicationProtocols = SSLParameters.class.getMethod("setApplicationProtocols", String[].class);
        Method getApplicationProtocol = SSLEngine.class.getMethod("getApplicationProtocol");
        UndertowLogger.ROOT_LOGGER.debug("Using JDK9 ALPN");
        return new JDK9ALPNMethods(setApplicationProtocols, getApplicationProtocol);
    } catch (Exception e) {
        UndertowLogger.ROOT_LOGGER.debug("JDK9 ALPN not supported");
        return null;
    }
}
 
Example 30
Source Project: openjdk-jdk9   Source File: CipherTestUtils.java    License: GNU General Public License v2.0 5 votes vote down vote up
@Override
public String chooseEngineClientAlias(String[] keyType,
        Principal[] issuers, SSLEngine engine) {
    if (authType == null) {
        return null;
    }
    return keyManager.chooseEngineClientAlias(new String[]{authType},
            issuers, engine);
}