javax.net.ssl.ExtendedSSLSession Java Examples

The following examples show how to use javax.net.ssl.ExtendedSSLSession. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SSLContextImpl.java    From openjsse with GNU General Public License v2.0 5 votes vote down vote up 
private void checkAdditionalTrust(X509Certificate[] chain,
        String authType, javax.net.ssl.SSLEngine engine,
        boolean checkClientTrusted) throws CertificateException {
    if (engine != null) {
        SSLSession session = engine.getHandshakeSession();
        if (session == null) {
            throw new CertificateException("No handshake session");
        }

        // check endpoint identity
        String identityAlg = engine.getSSLParameters().
                                    getEndpointIdentificationAlgorithm();
        if (identityAlg != null && identityAlg.length() != 0) {
            X509TrustManagerImpl.checkIdentity(session, chain,
                                identityAlg, checkClientTrusted);
        }

        // try the best to check the algorithm constraints
        AlgorithmConstraints constraints;
        if (ProtocolVersion.useTLS12PlusSpec(session.getProtocol())) {
            if (session instanceof ExtendedSSLSession) {
                ExtendedSSLSession extSession =
                                (ExtendedSSLSession)session;
                String[] peerSupportedSignAlgs =
                        extSession.getLocalSupportedSignatureAlgorithms();

                constraints = new SSLAlgorithmConstraints(
                                (org.openjsse.javax.net.ssl.SSLEngine)engine, peerSupportedSignAlgs, true);
            } else {
                constraints =
                        new SSLAlgorithmConstraints((org.openjsse.javax.net.ssl.SSLEngine)engine, true);
            }
        } else {
            constraints = new SSLAlgorithmConstraints((org.openjsse.javax.net.ssl.SSLEngine)engine, true);
        }

        checkAlgorithmConstraints(chain, constraints, checkClientTrusted);
    }
}
Example #2
Source File: SSLSocketTest.java    From j2objc with Apache License 2.0 5 votes vote down vote up 
public void test_SSLSocket_SNIHostName() throws Exception {
    TestSSLContext c = TestSSLContext.create();

    final SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket();
    SSLParameters clientParams = client.getSSLParameters();
    clientParams.setServerNames(Collections.singletonList(
            (SNIServerName) new SNIHostName("www.example.com")));
    client.setSSLParameters(clientParams);

    SSLParameters serverParams = c.serverSocket.getSSLParameters();
    serverParams.setSNIMatchers(Collections.singletonList(
            SNIHostName.createSNIMatcher("www\\.example\\.com")));
    c.serverSocket.setSSLParameters(serverParams);

    client.connect(new InetSocketAddress(c.host, c.port));
    final SSLSocket server = (SSLSocket) c.serverSocket.accept();

    ExecutorService executor = Executors.newSingleThreadExecutor();
    Future<Void> future = executor.submit(new Callable<Void>() {
        @Override public Void call() throws Exception {
            client.startHandshake();
            return null;
        }
    });
    executor.shutdown();
    server.startHandshake();

    SSLSession serverSession = server.getSession();
    assertTrue(serverSession instanceof ExtendedSSLSession);
    ExtendedSSLSession extendedServerSession = (ExtendedSSLSession) serverSession;
    List<SNIServerName> requestedNames = extendedServerSession.getRequestedServerNames();
    assertNotNull(requestedNames);
    assertEquals(1, requestedNames.size());
    SNIServerName serverName = requestedNames.get(0);
    assertEquals(StandardConstants.SNI_HOST_NAME, serverName.getType());
    assertTrue(serverName instanceof SNIHostName);
    SNIHostName serverHostName = (SNIHostName) serverName;
    assertEquals("www.example.com", serverHostName.getAsciiName());
}
Example #3
Source File: SSLContextImpl.java    From openjsse with GNU General Public License v2.0 4 votes vote down vote up 
private void checkAdditionalTrust(X509Certificate[] chain,
        String authType, Socket socket,
        boolean checkClientTrusted) throws CertificateException {
    if (socket != null && socket.isConnected() &&
                                socket instanceof SSLSocket) {

        SSLSocket sslSocket = (SSLSocket)socket;
        SSLSession session = sslSocket.getHandshakeSession();
        if (session == null) {
            throw new CertificateException("No handshake session");
        }

        // check endpoint identity
        String identityAlg = sslSocket.getSSLParameters().
                                    getEndpointIdentificationAlgorithm();
        if (identityAlg != null && identityAlg.length() != 0) {
            X509TrustManagerImpl.checkIdentity(session, chain,
                                identityAlg, checkClientTrusted);
        }

        // try the best to check the algorithm constraints
        AlgorithmConstraints constraints;
        if (ProtocolVersion.useTLS12PlusSpec(session.getProtocol())) {
            if (session instanceof ExtendedSSLSession) {
                ExtendedSSLSession extSession =
                                (ExtendedSSLSession)session;
                String[] peerSupportedSignAlgs =
                        extSession.getLocalSupportedSignatureAlgorithms();

                constraints = new SSLAlgorithmConstraints(
                                sslSocket, peerSupportedSignAlgs, true);
            } else {
                constraints =
                        new SSLAlgorithmConstraints(sslSocket, true);
            }
        } else {
            constraints = new SSLAlgorithmConstraints(sslSocket, true);
        }

        checkAlgorithmConstraints(chain, constraints, checkClientTrusted);
    }
}