Java Code Examples for javax.net.ssl.SSLContext#getServerSessionContext()

The following examples show how to use javax.net.ssl.SSLContext#getServerSessionContext() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AmqpPortImpl.java    From qpid-broker-j with Apache License 2.0 6 votes vote down vote up
private SSLContext createSslContext()
{
    KeyStore keyStore = getKeyStore();
    Collection<TrustStore> trustStores = getTrustStores();

    boolean needClientCert = (Boolean)getAttribute(NEED_CLIENT_AUTH) || (Boolean)getAttribute(WANT_CLIENT_AUTH);
    if (needClientCert && trustStores.isEmpty())
    {
        throw new IllegalConfigurationException("Client certificate authentication is enabled on AMQP port '"
                + this.getName() + "' but no trust store defined");
    }

    SSLContext sslContext = SSLUtil.createSslContext(keyStore, trustStores, getName());
    SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
    if (getTLSSessionCacheSize() > 0)
    {
        serverSessionContext.setSessionCacheSize(getTLSSessionCacheSize());
    }
    if (getTLSSessionTimeout() > 0)
    {
        serverSessionContext.setSessionTimeout(getTLSSessionTimeout());
    }

    return sslContext;
}
 
Example 2
Source File: DefautlCacheSize.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    SSLServerSocketFactory sssf =
            (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

    try (SSLServerSocket serverSocket =
                (SSLServerSocket)sssf.createServerSocket()) {

        String[] protocols = serverSocket.getSupportedProtocols();
        for (int i = 0; i < protocols.length; i++) {
            if (protocols[i].equals("SSLv2Hello")) {
                continue;
            }
            SSLContext sslContext = SSLContext.getInstance(protocols[i]);
            SSLSessionContext sessionContext =
                    sslContext.getServerSessionContext();
            if (sessionContext.getSessionCacheSize() == 0) {
                throw new Exception(
                    "the default server session cache size is infinite");
            }

            sessionContext = sslContext.getClientSessionContext();
            if (sessionContext.getSessionCacheSize() == 0) {
                throw new Exception(
                    "the default client session cache size is infinite");
            }
        }
    }
}
 
Example 3
Source File: SSLContextResource.java    From wildfly-core with GNU Lesser General Public License v2.1 5 votes vote down vote up
/**
 * Check if the {@link SSLContext} has any active sessions.
 *
 * @return {@code true} if the {@link SSLContext} is available and has at least one session, {@code false} otherwise.
 */
private boolean hasActiveSessions() {
    final SSLContext sslContext = getSSLContext(sslContextServiceController);
    if (sslContext == null) return false;
    SSLSessionContext sslSessionContext = server ? sslContext.getServerSessionContext() : sslContext.getClientSessionContext();
    return sslSessionContext.getIds().hasMoreElements();
}
 
Example 4
Source File: JdkSslServerContext.java    From netty-4.1.22 with Apache License 2.0 5 votes vote down vote up
private static SSLContext newSSLContext(Provider sslContextProvider, X509Certificate[] trustCertCollection,
                                 TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain,
                                 PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
                                 long sessionCacheSize, long sessionTimeout)
        throws SSLException {
    if (key == null && keyManagerFactory == null) {
        throw new NullPointerException("key, keyManagerFactory");
    }

    try {
        if (trustCertCollection != null) {
            trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
        }
        if (key != null) {
            keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory);
        }

        // Initialize the SSLContext to work with our key managers.
        SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL)
            : SSLContext.getInstance(PROTOCOL, sslContextProvider);
        ctx.init(keyManagerFactory.getKeyManagers(),
                 trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
                 null);

        SSLSessionContext sessCtx = ctx.getServerSessionContext();
        if (sessionCacheSize > 0) {
            sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
        }
        if (sessionTimeout > 0) {
            sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
        }
        return ctx;
    } catch (Exception e) {
        if (e instanceof SSLException) {
            throw (SSLException) e;
        }
        throw new SSLException("failed to initialize the server-side SSL context", e);
    }
}
 
Example 5
Source File: SSLContextResource.java    From wildfly-core with GNU Lesser General Public License v2.1 5 votes vote down vote up
@Override
public Set<String> getChildrenNames(String childType) {
    SSLContext sslContext;
    if (ElytronDescriptionConstants.SSL_SESSION.equals(childType) && (sslContext = getSSLContext(sslContextServiceController)) != null) {
        SSLSessionContext sslSessionContext = server ? sslContext.getServerSessionContext() : sslContext.getClientSessionContext();
        Set<String> set = new HashSet<>();
        for (byte[] b : Collections.list(sslSessionContext.getIds())) {
            String s = ByteIterator.ofBytes(b).hexEncode(true).drainToString();
            set.add(s);
        }
        return set;
    }
    return Collections.emptySet();
}
 
Example 6
Source File: Timeout.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
//        try {
            SSLServerSocketFactory ssf =
                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
            SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
            String[] protocols = ss.getSupportedProtocols();
            for (int i = 0; i < protocols.length; i++) {
//                try {
                    if (protocols[i].equals("SSLv2Hello")) {
                        continue;
                    }
                    SSLContext sslc = SSLContext.getInstance(protocols[i]);
                    SSLSessionContext sslsc = sslc.getServerSessionContext();
                    System.out.println("Protocol: " + protocols[i]);
                    sslsc.setSessionTimeout(Integer.MAX_VALUE);
                    int newtime = sslsc.getSessionTimeout();
                    if (newtime != Integer.MAX_VALUE) {
                        throw new Exception ("Expected timeout: " +
                            Integer.MAX_VALUE + ", got instead: " +
                            newtime);
                    }
//                } catch (Exception e) {
//                }
            }
//        } catch (Exception e) {
//            System.out.println(e);
//        }
        System.out.println("Finished");
    }
 
Example 7
Source File: DefautlCacheSize.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    SSLServerSocketFactory sssf =
            (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

    try (SSLServerSocket serverSocket =
                (SSLServerSocket)sssf.createServerSocket()) {

        String[] protocols = serverSocket.getSupportedProtocols();
        for (int i = 0; i < protocols.length; i++) {
            if (protocols[i].equals("SSLv2Hello")) {
                continue;
            }
            SSLContext sslContext = SSLContext.getInstance(protocols[i]);
            SSLSessionContext sessionContext =
                    sslContext.getServerSessionContext();
            if (sessionContext.getSessionCacheSize() == 0) {
                throw new Exception(
                    "the default server session cache size is infinite");
            }

            sessionContext = sslContext.getClientSessionContext();
            if (sessionContext.getSessionCacheSize() == 0) {
                throw new Exception(
                    "the default client session cache size is infinite");
            }
        }
    }
}
 
Example 8
Source File: Timeout.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
//        try {
            SSLServerSocketFactory ssf =
                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
            SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
            String[] protocols = ss.getSupportedProtocols();
            for (int i = 0; i < protocols.length; i++) {
//                try {
                    if (protocols[i].equals("SSLv2Hello")) {
                        continue;
                    }
                    SSLContext sslc = SSLContext.getInstance(protocols[i]);
                    SSLSessionContext sslsc = sslc.getServerSessionContext();
                    System.out.println("Protocol: " + protocols[i]);
                    sslsc.setSessionTimeout(Integer.MAX_VALUE);
                    int newtime = sslsc.getSessionTimeout();
                    if (newtime != Integer.MAX_VALUE) {
                        throw new Exception ("Expected timeout: " +
                            Integer.MAX_VALUE + ", got instead: " +
                            newtime);
                    }
//                } catch (Exception e) {
//                }
            }
//        } catch (Exception e) {
//            System.out.println(e);
//        }
        System.out.println("Finished");
    }
 
Example 9
Source File: Timeout.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
//        try {
            SSLServerSocketFactory ssf =
                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
            SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
            String[] protocols = ss.getSupportedProtocols();
            for (int i = 0; i < protocols.length; i++) {
//                try {
                    if (protocols[i].equals("SSLv2Hello")) {
                        continue;
                    }
                    SSLContext sslc = SSLContext.getInstance(protocols[i]);
                    SSLSessionContext sslsc = sslc.getServerSessionContext();
                    System.out.println("Protocol: " + protocols[i]);
                    sslsc.setSessionTimeout(Integer.MAX_VALUE);
                    int newtime = sslsc.getSessionTimeout();
                    if (newtime != Integer.MAX_VALUE) {
                        throw new Exception ("Expected timeout: " +
                            Integer.MAX_VALUE + ", got instead: " +
                            newtime);
                    }
//                } catch (Exception e) {
//                }
            }
//        } catch (Exception e) {
//            System.out.println(e);
//        }
        System.out.println("Finished");
    }
 
Example 10
Source File: Timeout.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
//        try {
            SSLServerSocketFactory ssf =
                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
            SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
            String[] protocols = ss.getSupportedProtocols();
            for (int i = 0; i < protocols.length; i++) {
//                try {
                    if (protocols[i].equals("SSLv2Hello")) {
                        continue;
                    }
                    SSLContext sslc = SSLContext.getInstance(protocols[i]);
                    SSLSessionContext sslsc = sslc.getServerSessionContext();
                    System.out.println("Protocol: " + protocols[i]);
                    sslsc.setSessionTimeout(Integer.MAX_VALUE);
                    int newtime = sslsc.getSessionTimeout();
                    if (newtime != Integer.MAX_VALUE) {
                        throw new Exception ("Expected timeout: " +
                            Integer.MAX_VALUE + ", got instead: " +
                            newtime);
                    }
//                } catch (Exception e) {
//                }
            }
//        } catch (Exception e) {
//            System.out.println(e);
//        }
        System.out.println("Finished");
    }
 
Example 11
Source File: Timeout.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
//        try {
            SSLServerSocketFactory ssf =
                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
            SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
            String[] protocols = ss.getSupportedProtocols();
            for (int i = 0; i < protocols.length; i++) {
//                try {
                    if (protocols[i].equals("SSLv2Hello")) {
                        continue;
                    }
                    SSLContext sslc = SSLContext.getInstance(protocols[i]);
                    SSLSessionContext sslsc = sslc.getServerSessionContext();
                    System.out.println("Protocol: " + protocols[i]);
                    sslsc.setSessionTimeout(Integer.MAX_VALUE);
                    int newtime = sslsc.getSessionTimeout();
                    if (newtime != Integer.MAX_VALUE) {
                        throw new Exception ("Expected timeout: " +
                            Integer.MAX_VALUE + ", got instead: " +
                            newtime);
                    }
//                } catch (Exception e) {
//                }
            }
//        } catch (Exception e) {
//            System.out.println(e);
//        }
        System.out.println("Finished");
    }
 
Example 12
Source File: HttpManagement.java    From qpid-broker-j with Apache License 2.0 5 votes vote down vote up
private SSLContext createSslContext(final HttpPort<?> port)
{
    KeyStore keyStore = port.getKeyStore();
    if (keyStore == null)
    {
        throw new IllegalConfigurationException(
                "Key store is not configured. Cannot start management on HTTPS port without keystore");
    }

    final boolean needClientCert = port.getNeedClientAuth() || port.getWantClientAuth();
    final Collection<TrustStore> trustStores = port.getTrustStores();

    if (needClientCert && trustStores.isEmpty())
    {
        throw new IllegalConfigurationException(String.format(
                "Client certificate authentication is enabled on HTTPS port '%s' but no trust store defined",
                this.getName()));
    }

    final SSLContext sslContext = SSLUtil.createSslContext(port.getKeyStore(), trustStores, port.getName());
    final SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
    if (port.getTLSSessionCacheSize() > 0)
    {
        serverSessionContext.setSessionCacheSize(port.getTLSSessionCacheSize());
    }
    if (port.getTLSSessionTimeout() > 0)
    {
        serverSessionContext.setSessionTimeout(port.getTLSSessionTimeout());
    }
    return sslContext;
}
 
Example 13
Source File: Timeout.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
//        try {
            SSLServerSocketFactory ssf =
                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
            SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
            String[] protocols = ss.getSupportedProtocols();
            for (int i = 0; i < protocols.length; i++) {
//                try {
                    if (protocols[i].equals("SSLv2Hello")) {
                        continue;
                    }
                    SSLContext sslc = SSLContext.getInstance(protocols[i]);
                    SSLSessionContext sslsc = sslc.getServerSessionContext();
                    System.out.println("Protocol: " + protocols[i]);
                    sslsc.setSessionTimeout(Integer.MAX_VALUE);
                    int newtime = sslsc.getSessionTimeout();
                    if (newtime != Integer.MAX_VALUE) {
                        throw new Exception ("Expected timeout: " +
                            Integer.MAX_VALUE + ", got instead: " +
                            newtime);
                    }
//                } catch (Exception e) {
//                }
            }
//        } catch (Exception e) {
//            System.out.println(e);
//        }
        System.out.println("Finished");
    }
 
Example 14
Source File: SSLSessionDefinition.java    From wildfly-core with GNU Lesser General Public License v2.1 5 votes vote down vote up
@Override
protected void performRuntime(ModelNode result, ModelNode operation, SSLContext sslContext) throws OperationFailedException {
    SSLSessionContext sslSessionContext = server ? sslContext.getServerSessionContext() : sslContext.getClientSessionContext();
    SSLSession sslSession = sslSessionContext.getSession(sessionId(operation));
    if (sslSession != null) {
        performRuntime(result, operation, sslSession);
    }
}
 
Example 15
Source File: Timeout.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
//        try {
            SSLServerSocketFactory ssf =
                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
            SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
            String[] protocols = ss.getSupportedProtocols();
            for (int i = 0; i < protocols.length; i++) {
//                try {
                    if (protocols[i].equals("SSLv2Hello")) {
                        continue;
                    }
                    SSLContext sslc = SSLContext.getInstance(protocols[i]);
                    SSLSessionContext sslsc = sslc.getServerSessionContext();
                    System.out.println("Protocol: " + protocols[i]);
                    sslsc.setSessionTimeout(Integer.MAX_VALUE);
                    int newtime = sslsc.getSessionTimeout();
                    if (newtime != Integer.MAX_VALUE) {
                        throw new Exception ("Expected timeout: " +
                            Integer.MAX_VALUE + ", got instead: " +
                            newtime);
                    }
//                } catch (Exception e) {
//                }
            }
//        } catch (Exception e) {
//            System.out.println(e);
//        }
        System.out.println("Finished");
    }
 
Example 16
Source File: DefautlCacheSize.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    SSLServerSocketFactory sssf =
            (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

    try (SSLServerSocket serverSocket =
                (SSLServerSocket)sssf.createServerSocket()) {

        String[] protocols = serverSocket.getSupportedProtocols();
        for (int i = 0; i < protocols.length; i++) {
            if (protocols[i].equals("SSLv2Hello")) {
                continue;
            }
            SSLContext sslContext = SSLContext.getInstance(protocols[i]);
            SSLSessionContext sessionContext =
                    sslContext.getServerSessionContext();
            if (sessionContext.getSessionCacheSize() == 0) {
                throw new Exception(
                    "the default server session cache size is infinite");
            }

            sessionContext = sslContext.getClientSessionContext();
            if (sessionContext.getSessionCacheSize() == 0) {
                throw new Exception(
                    "the default client session cache size is infinite");
            }
        }
    }
}
 
Example 17
Source File: Timeout.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
//        try {
            SSLServerSocketFactory ssf =
                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
            SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
            String[] protocols = ss.getSupportedProtocols();
            for (int i = 0; i < protocols.length; i++) {
//                try {
                    if (protocols[i].equals("SSLv2Hello")) {
                        continue;
                    }
                    SSLContext sslc = SSLContext.getInstance(protocols[i]);
                    SSLSessionContext sslsc = sslc.getServerSessionContext();
                    System.out.println("Protocol: " + protocols[i]);
                    sslsc.setSessionTimeout(Integer.MAX_VALUE);
                    int newtime = sslsc.getSessionTimeout();
                    if (newtime != Integer.MAX_VALUE) {
                        throw new Exception ("Expected timeout: " +
                            Integer.MAX_VALUE + ", got instead: " +
                            newtime);
                    }
//                } catch (Exception e) {
//                }
            }
//        } catch (Exception e) {
//            System.out.println(e);
//        }
        System.out.println("Finished");
    }
 
Example 18
Source File: VMwareUtil.java    From cloudstack with Apache License 2.0 4 votes vote down vote up
private static void trustAllHttpsCertificates() throws Exception {
   // Create a trust manager that does not validate certificate chains:
   TrustManager[] trustAllCerts = new TrustManager[1];

   TrustManager tm = new TrustAllTrustManager();

   trustAllCerts[0] = tm;

   SSLContext sc = SSLContext.getInstance("SSL");

   SSLSessionContext sslsc = sc.getServerSessionContext();

   sslsc.setSessionTimeout(0);

   sc.init(null, trustAllCerts, null);

   HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
 
Example 19
Source File: JSSESocketFactory.java    From Tomcat7.0.67 with Apache License 2.0 4 votes vote down vote up
/**
 * Reads the keystore and initializes the SSL socket factory.
 */
void init() throws IOException {
    try {

        String clientAuthStr = endpoint.getClientAuth();
        if("true".equalsIgnoreCase(clientAuthStr) ||
           "yes".equalsIgnoreCase(clientAuthStr)) {
            requireClientAuth = true;
        } else if("want".equalsIgnoreCase(clientAuthStr)) {
            wantClientAuth = true;
        }

        SSLContext context = createSSLContext();
        context.init(getKeyManagers(), getTrustManagers(), null);

        // Configure SSL session cache
        SSLSessionContext sessionContext =
            context.getServerSessionContext();
        if (sessionContext != null) {
            configureSessionContext(sessionContext);
        }

        // create proxy
        sslProxy = context.getServerSocketFactory();

        // Determine which cipher suites to enable
        enabledCiphers = getEnableableCiphers(context);
        enabledProtocols = getEnableableProtocols(context);

        allowUnsafeLegacyRenegotiation = "true".equals(
                endpoint.getAllowUnsafeLegacyRenegotiation());

        // Check the SSL config is OK
        checkConfig();

    } catch(Exception e) {
        if( e instanceof IOException )
            throw (IOException)e;
        throw new IOException(e.getMessage(), e);
    }
}
 
Example 20
Source File: JSSESocketFactory.java    From tomcatsrc with Apache License 2.0 4 votes vote down vote up
/**
 * Reads the keystore and initializes the SSL socket factory.
 */
void init() throws IOException {
    try {

        String clientAuthStr = endpoint.getClientAuth();
        if("true".equalsIgnoreCase(clientAuthStr) ||
           "yes".equalsIgnoreCase(clientAuthStr)) {
            requireClientAuth = true;
        } else if("want".equalsIgnoreCase(clientAuthStr)) {
            wantClientAuth = true;
        }

        SSLContext context = createSSLContext();
        context.init(getKeyManagers(), getTrustManagers(), null);

        // Configure SSL session cache
        SSLSessionContext sessionContext =
            context.getServerSessionContext();
        if (sessionContext != null) {
            configureSessionContext(sessionContext);
        }

        // create proxy
        sslProxy = context.getServerSocketFactory();

        // Determine which cipher suites to enable
        enabledCiphers = getEnableableCiphers(context);
        enabledProtocols = getEnableableProtocols(context);

        allowUnsafeLegacyRenegotiation = "true".equals(
                endpoint.getAllowUnsafeLegacyRenegotiation());

        // Check the SSL config is OK
        checkConfig();

    } catch(Exception e) {
        if( e instanceof IOException )
            throw (IOException)e;
        throw new IOException(e.getMessage(), e);
    }
}