Java Code Examples for javax.net.ssl.SSLSessionContext#setSessionCacheSize()
The following examples show how to use
javax.net.ssl.SSLSessionContext#setSessionCacheSize() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: JSSESocketFactory.java From Tomcat7.0.67 with Apache License 2.0 | 6 votes |
|
@Override
public void configureSessionContext(SSLSessionContext sslSessionContext) {
int sessionCacheSize;
if (endpoint.getSessionCacheSize() != null) {
sessionCacheSize = Integer.parseInt(
endpoint.getSessionCacheSize());
} else {
sessionCacheSize = defaultSessionCacheSize;
}
int sessionTimeout;
if (endpoint.getSessionTimeout() != null) {
sessionTimeout = Integer.parseInt(endpoint.getSessionTimeout());
} else {
sessionTimeout = defaultSessionTimeout;
}
sslSessionContext.setSessionCacheSize(sessionCacheSize);
sslSessionContext.setSessionTimeout(sessionTimeout);
}
Example 2
| Source File: AmqpPortImpl.java From qpid-broker-j with Apache License 2.0 | 6 votes |
|
private SSLContext createSslContext()
{
KeyStore keyStore = getKeyStore();
Collection<TrustStore> trustStores = getTrustStores();
boolean needClientCert = (Boolean)getAttribute(NEED_CLIENT_AUTH) || (Boolean)getAttribute(WANT_CLIENT_AUTH);
if (needClientCert && trustStores.isEmpty())
{
throw new IllegalConfigurationException("Client certificate authentication is enabled on AMQP port '"
+ this.getName() + "' but no trust store defined");
}
SSLContext sslContext = SSLUtil.createSslContext(keyStore, trustStores, getName());
SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
if (getTLSSessionCacheSize() > 0)
{
serverSessionContext.setSessionCacheSize(getTLSSessionCacheSize());
}
if (getTLSSessionTimeout() > 0)
{
serverSessionContext.setSessionTimeout(getTLSSessionTimeout());
}
return sslContext;
}
Example 3
| Source File: JSSESocketFactory.java From tomcatsrc with Apache License 2.0 | 6 votes |
|
@Override
public void configureSessionContext(SSLSessionContext sslSessionContext) {
int sessionCacheSize;
if (endpoint.getSessionCacheSize() != null) {
sessionCacheSize = Integer.parseInt(
endpoint.getSessionCacheSize());
} else {
sessionCacheSize = defaultSessionCacheSize;
}
int sessionTimeout;
if (endpoint.getSessionTimeout() != null) {
sessionTimeout = Integer.parseInt(endpoint.getSessionTimeout());
} else {
sessionTimeout = defaultSessionTimeout;
}
sslSessionContext.setSessionCacheSize(sessionCacheSize);
sslSessionContext.setSessionTimeout(sessionTimeout);
}
Example 4
| Source File: SSLUtilBase.java From Tomcat8-Source-Read with MIT License | 5 votes |
|
@Override
public void configureSessionContext(SSLSessionContext sslSessionContext) {
// <0 - don't set anything - use the implementation default
if (sslHostConfig.getSessionCacheSize() >= 0) {
sslSessionContext.setSessionCacheSize(sslHostConfig.getSessionCacheSize());
}
// <0 - don't set anything - use the implementation default
if (sslHostConfig.getSessionTimeout() >= 0) {
sslSessionContext.setSessionTimeout(sslHostConfig.getSessionTimeout());
}
}
Example 5
| Source File: JdkSslServerContext.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
|
private static SSLContext newSSLContext(Provider sslContextProvider, X509Certificate[] trustCertCollection,
TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain,
PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
long sessionCacheSize, long sessionTimeout)
throws SSLException {
if (key == null && keyManagerFactory == null) {
throw new NullPointerException("key, keyManagerFactory");
}
try {
if (trustCertCollection != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
}
if (key != null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory);
}
// Initialize the SSLContext to work with our key managers.
SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL)
: SSLContext.getInstance(PROTOCOL, sslContextProvider);
ctx.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
null);
SSLSessionContext sessCtx = ctx.getServerSessionContext();
if (sessionCacheSize > 0) {
sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
}
if (sessionTimeout > 0) {
sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
}
return ctx;
} catch (Exception e) {
if (e instanceof SSLException) {
throw (SSLException) e;
}
throw new SSLException("failed to initialize the server-side SSL context", e);
}
}
Example 6
| Source File: JdkSslClientContext.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
|
private static SSLContext newSSLContext(Provider sslContextProvider,
X509Certificate[] trustCertCollection,
TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain,
PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
long sessionCacheSize, long sessionTimeout) throws SSLException {
try {
if (trustCertCollection != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
}
if (keyCertChain != null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory);
}
SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL)
: SSLContext.getInstance(PROTOCOL, sslContextProvider);
ctx.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(),
trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
null);
SSLSessionContext sessCtx = ctx.getClientSessionContext();
if (sessionCacheSize > 0) {
sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
}
if (sessionTimeout > 0) {
sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
}
return ctx;
} catch (Exception e) {
if (e instanceof SSLException) {
throw (SSLException) e;
}
throw new SSLException("failed to initialize the client-side SSL context", e);
}
}
Example 7
| Source File: HttpManagement.java From qpid-broker-j with Apache License 2.0 | 5 votes |
|
private SSLContext createSslContext(final HttpPort<?> port)
{
KeyStore keyStore = port.getKeyStore();
if (keyStore == null)
{
throw new IllegalConfigurationException(
"Key store is not configured. Cannot start management on HTTPS port without keystore");
}
final boolean needClientCert = port.getNeedClientAuth() || port.getWantClientAuth();
final Collection<TrustStore> trustStores = port.getTrustStores();
if (needClientCert && trustStores.isEmpty())
{
throw new IllegalConfigurationException(String.format(
"Client certificate authentication is enabled on HTTPS port '%s' but no trust store defined",
this.getName()));
}
final SSLContext sslContext = SSLUtil.createSslContext(port.getKeyStore(), trustStores, port.getName());
final SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
if (port.getTLSSessionCacheSize() > 0)
{
serverSessionContext.setSessionCacheSize(port.getTLSSessionCacheSize());
}
if (port.getTLSSessionTimeout() > 0)
{
serverSessionContext.setSessionTimeout(port.getTLSSessionTimeout());
}
return sslContext;
}
Example 8
| Source File: JdkSslServerContext.java From netty4.0.27Learn with Apache License 2.0 | 5 votes |
|
/**
* Creates a new instance.
* @param trustCertChainFile an X.509 certificate chain file in PEM format.
* This provides the certificate chains used for mutual authentication.
* {@code null} to use the system default
* @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
* that verifies the certificates sent from clients.
* {@code null} to use the default or the results of parsing {@code trustCertChainFile}
* @param keyCertChainFile an X.509 certificate chain file in PEM format
* @param keyFile a PKCS#8 private key file in PEM format
* @param keyPassword the password of the {@code keyFile}.
* {@code null} if it's not password-protected.
* @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s
* that is used to encrypt data being sent to clients.
* {@code null} to use the default or the results of parsing
* {@code keyCertChainFile} and {@code keyFile}.
* @param ciphers the cipher suites to enable, in the order of preference.
* {@code null} to use the default cipher suites.
* @param cipherFilter a filter to apply over the supplied list of ciphers
* Only required if {@code provider} is {@link SslProvider#JDK}
* @param apn Application Protocol Negotiator object.
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
* {@code 0} to use the default value.
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
* {@code 0} to use the default value.
*/
public JdkSslServerContext(File trustCertChainFile, TrustManagerFactory trustManagerFactory,
File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn,
long sessionCacheSize, long sessionTimeout) throws SSLException {
super(ciphers, cipherFilter, apn);
if (keyFile == null && keyManagerFactory == null) {
throw new NullPointerException("keyFile, keyManagerFactory");
}
try {
if (trustCertChainFile != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertChainFile, trustManagerFactory);
}
if (keyFile != null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChainFile, keyFile, keyPassword, keyManagerFactory);
}
// Initialize the SSLContext to work with our key managers.
ctx = SSLContext.getInstance(PROTOCOL);
ctx.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
null);
SSLSessionContext sessCtx = ctx.getServerSessionContext();
if (sessionCacheSize > 0) {
sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
}
if (sessionTimeout > 0) {
sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
}
} catch (Exception e) {
throw new SSLException("failed to initialize the server-side SSL context", e);
}
}
Example 9
| Source File: JdkSslClientContext.java From netty4.0.27Learn with Apache License 2.0 | 5 votes |
|
/**
* Creates a new instance.
* @param trustCertChainFile an X.509 certificate chain file in PEM format.
* {@code null} to use the system default
* @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
* that verifies the certificates sent from servers.
* {@code null} to use the default or the results of parsing {@code trustCertChainFile}
* @param keyCertChainFile an X.509 certificate chain file in PEM format.
* This provides the public key for mutual authentication.
* {@code null} to use the system default
* @param keyFile a PKCS#8 private key file in PEM format.
* This provides the private key for mutual authentication.
* {@code null} for no mutual authentication.
* @param keyPassword the password of the {@code keyFile}.
* {@code null} if it's not password-protected.
* Ignored if {@code keyFile} is {@code null}.
* @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s
* that is used to encrypt data being sent to servers.
* {@code null} to use the default or the results of parsing
* {@code keyCertChainFile} and {@code keyFile}.
* @param ciphers the cipher suites to enable, in the order of preference.
* {@code null} to use the default cipher suites.
* @param cipherFilter a filter to apply over the supplied list of ciphers
* @param apn Application Protocol Negotiator object.
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
* {@code 0} to use the default value.
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
* {@code 0} to use the default value.
*/
public JdkSslClientContext(File trustCertChainFile, TrustManagerFactory trustManagerFactory,
File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn,
long sessionCacheSize, long sessionTimeout) throws SSLException {
super(ciphers, cipherFilter, apn);
try {
if (trustCertChainFile != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertChainFile, trustManagerFactory);
}
if (keyFile != null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChainFile, keyFile, keyPassword, keyManagerFactory);
}
ctx = SSLContext.getInstance(PROTOCOL);
ctx.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(),
trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
null);
SSLSessionContext sessCtx = ctx.getClientSessionContext();
if (sessionCacheSize > 0) {
sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
}
if (sessionTimeout > 0) {
sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
}
} catch (Exception e) {
throw new SSLException("failed to initialize the client-side SSL context", e);
}
}
Example 10
| Source File: ClientSessionTest.java From wildfly-openssl with Apache License 2.0 | 4 votes |
|
@Test
public void testSessionSize() throws Exception {
final int port1 = SSLTestUtils.PORT;
final int port2 = SSLTestUtils.SECONDARY_PORT;
try (
ServerSocket serverSocket1 = SSLTestUtils.createServerSocket(port1);
ServerSocket serverSocket2 = SSLTestUtils.createServerSocket(port2)
) {
final Thread acceptThread1 = startServer(serverSocket1);
final Thread acceptThread2 = startServer(serverSocket2);
SSLContext clientContext = SSLTestUtils.createClientSSLContext("openssl.TLSv1");
final SSLSessionContext clientSession = clientContext.getClientSessionContext();
byte[] host1SessionId = connectAndWrite(clientContext, port1);
byte[] host2SessionId = connectAndWrite(clientContext, port2);
// No cache limit was set, id's should be identical
Assert.assertArrayEquals(host1SessionId, connectAndWrite(clientContext, port1));
Assert.assertArrayEquals(host2SessionId, connectAndWrite(clientContext, port2));
// Set the cache size to 1
clientSession.setSessionCacheSize(1);
// The second session id should be the one kept as it was the last one used
Assert.assertArrayEquals(host2SessionId, connectAndWrite(clientContext, port2));
// Connect again to the first host, this should not match the initial session id for the first host
byte[] nextId = connectAndWrite(clientContext, port1);
Assert.assertFalse(Arrays.equals(host1SessionId, nextId));
// Once more connect to the first host and this should match the previous session id
Assert.assertArrayEquals(nextId, connectAndWrite(clientContext, port1));
// Connect to the second host which should be purged at this point
Assert.assertFalse(Arrays.equals(nextId, connectAndWrite(clientContext, port2)));
// Reset the cache limit and ensure both sessions are cached
clientSession.setSessionCacheSize(0);
host1SessionId = connectAndWrite(clientContext, port1);
host2SessionId = connectAndWrite(clientContext, port2);
// No cache limit was set, id's should be identical
Assert.assertArrayEquals(host1SessionId, connectAndWrite(clientContext, port1));
Assert.assertArrayEquals(host2SessionId, connectAndWrite(clientContext, port2));
serverSocket1.close();
serverSocket2.close();
acceptThread1.join();
acceptThread2.join();
}
}
