Java Code Examples for javax.net.ssl.SSLParameters#setSNIMatchers()

The following examples show how to use javax.net.ssl.SSLParameters#setSNIMatchers() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SSLEngineTestCase.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Returns server ssl engine.
 *
 * @param context - SSLContext to get SSLEngine from.
 * @param useSNI  - flag used to enable or disable using SNI extension.
 *                Needed for Kerberos.
 */
public static SSLEngine getServerSSLEngine(
        SSLContext context, boolean useSNI) {

    SSLEngine serverEngine = context.createSSLEngine();
    serverEngine.setUseClientMode(false);
    if (useSNI) {
        SNIMatcher matcher = SNIHostName.createSNIMatcher(SNI_PATTERN);
        List<SNIMatcher> matchers = new ArrayList<>();
        matchers.add(matcher);
        SSLParameters params = serverEngine.getSSLParameters();
        params.setSNIMatchers(matchers);
        serverEngine.setSSLParameters(params);
    }
    return serverEngine;
}
 
Example 2
Source File: Utils.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
public static SSLParameters copySSLParameters(SSLParameters p) {
    SSLParameters p1 = new SSLParameters();
    p1.setAlgorithmConstraints(p.getAlgorithmConstraints());
    p1.setCipherSuites(p.getCipherSuites());
    // JDK 8 EXCL START
    p1.setEnableRetransmissions(p.getEnableRetransmissions());
    p1.setMaximumPacketSize(p.getMaximumPacketSize());
    // JDK 8 EXCL END
    p1.setEndpointIdentificationAlgorithm(p.getEndpointIdentificationAlgorithm());
    p1.setNeedClientAuth(p.getNeedClientAuth());
    String[] protocols = p.getProtocols();
    if (protocols != null) {
        p1.setProtocols(protocols.clone());
    }
    p1.setSNIMatchers(p.getSNIMatchers());
    p1.setServerNames(p.getServerNames());
    p1.setUseCipherSuitesOrder(p.getUseCipherSuitesOrder());
    p1.setWantClientAuth(p.getWantClientAuth());
    return p1;
}
 
Example 3
Source File: UnboundSSLUtils.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
static SSLEchoServer init(String cipherSuiteFilter,
        String sniPattern) throws NoSuchAlgorithmException, IOException {
    SSLContext context = SSLContext.getDefault();
    SSLServerSocketFactory ssf =
            (SSLServerSocketFactory) context.getServerSocketFactory();
    SSLServerSocket ssocket =
            (SSLServerSocket) ssf.createServerSocket(0);

    // specify enabled cipher suites
    if (cipherSuiteFilter != null) {
        String[] ciphersuites = UnboundSSLUtils.filterStringArray(
                ssf.getSupportedCipherSuites(), cipherSuiteFilter);
        System.out.println("Server: enabled cipher suites: "
                + Arrays.toString(ciphersuites));
        ssocket.setEnabledCipherSuites(ciphersuites);
    }

    // specify SNI matcher pattern
    if (sniPattern != null) {
        System.out.println("Server: set SNI matcher: " + sniPattern);
        SNIMatcher matcher = SNIHostName.createSNIMatcher(sniPattern);
        List<SNIMatcher> matchers = new ArrayList<>();
        matchers.add(matcher);
        SSLParameters params = ssocket.getSSLParameters();
        params.setSNIMatchers(matchers);
        ssocket.setSSLParameters(params);
    }

    return new SSLEchoServer(ssocket);
}
 
Example 4
Source File: SSLServerSocketImpl.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returns the SSLParameters in effect for newly accepted connections.
 */
@Override
synchronized public SSLParameters getSSLParameters() {
    SSLParameters params = super.getSSLParameters();

    // the super implementation does not handle the following parameters
    params.setEndpointIdentificationAlgorithm(identificationProtocol);
    params.setAlgorithmConstraints(algorithmConstraints);
    params.setSNIMatchers(sniMatchers);
    params.setUseCipherSuitesOrder(preferLocalCipherSuites);


    return params;
}
 
Example 5
Source File: SSLServerSocketImpl.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returns the SSLParameters in effect for newly accepted connections.
 */
@Override
synchronized public SSLParameters getSSLParameters() {
    SSLParameters params = super.getSSLParameters();

    // the super implementation does not handle the following parameters
    params.setEndpointIdentificationAlgorithm(identificationProtocol);
    params.setAlgorithmConstraints(algorithmConstraints);
    params.setSNIMatchers(sniMatchers);
    params.setUseCipherSuitesOrder(preferLocalCipherSuites);


    return params;
}
 
Example 6
Source File: UnboundSSLUtils.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
static SSLEchoServer init(String cipherSuiteFilter,
        String sniPattern) throws NoSuchAlgorithmException, IOException {
    SSLContext context = SSLContext.getDefault();
    SSLServerSocketFactory ssf =
            (SSLServerSocketFactory) context.getServerSocketFactory();
    SSLServerSocket ssocket =
            (SSLServerSocket) ssf.createServerSocket(0);

    // specify enabled cipher suites
    if (cipherSuiteFilter != null) {
        String[] ciphersuites = UnboundSSLUtils.filterStringArray(
                ssf.getSupportedCipherSuites(), cipherSuiteFilter);
        System.out.println("Server: enabled cipher suites: "
                + Arrays.toString(ciphersuites));
        ssocket.setEnabledCipherSuites(ciphersuites);
    }

    // specify SNI matcher pattern
    if (sniPattern != null) {
        System.out.println("Server: set SNI matcher: " + sniPattern);
        SNIMatcher matcher = SNIHostName.createSNIMatcher(sniPattern);
        List<SNIMatcher> matchers = new ArrayList<>();
        matchers.add(matcher);
        SSLParameters params = ssocket.getSSLParameters();
        params.setSNIMatchers(matchers);
        ssocket.setSSLParameters(params);
    }

    return new SSLEchoServer(ssocket);
}
 
Example 7
Source File: SSLSocketTest.java    From j2objc with Apache License 2.0 5 votes vote down vote up
public void test_SSLSocket_SNIHostName() throws Exception {
    TestSSLContext c = TestSSLContext.create();

    final SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket();
    SSLParameters clientParams = client.getSSLParameters();
    clientParams.setServerNames(Collections.singletonList(
            (SNIServerName) new SNIHostName("www.example.com")));
    client.setSSLParameters(clientParams);

    SSLParameters serverParams = c.serverSocket.getSSLParameters();
    serverParams.setSNIMatchers(Collections.singletonList(
            SNIHostName.createSNIMatcher("www\\.example\\.com")));
    c.serverSocket.setSSLParameters(serverParams);

    client.connect(new InetSocketAddress(c.host, c.port));
    final SSLSocket server = (SSLSocket) c.serverSocket.accept();

    ExecutorService executor = Executors.newSingleThreadExecutor();
    Future<Void> future = executor.submit(new Callable<Void>() {
        @Override public Void call() throws Exception {
            client.startHandshake();
            return null;
        }
    });
    executor.shutdown();
    server.startHandshake();

    SSLSession serverSession = server.getSession();
    assertTrue(serverSession instanceof ExtendedSSLSession);
    ExtendedSSLSession extendedServerSession = (ExtendedSSLSession) serverSession;
    List<SNIServerName> requestedNames = extendedServerSession.getRequestedServerNames();
    assertNotNull(requestedNames);
    assertEquals(1, requestedNames.size());
    SNIServerName serverName = requestedNames.get(0);
    assertEquals(StandardConstants.SNI_HOST_NAME, serverName.getType());
    assertTrue(serverName instanceof SNIHostName);
    SNIHostName serverHostName = (SNIHostName) serverName;
    assertEquals("www.example.com", serverHostName.getAsciiName());
}
 
Example 8
Source File: SSLServerSocketImpl.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returns the SSLParameters in effect for newly accepted connections.
 */
@Override
synchronized public SSLParameters getSSLParameters() {
    SSLParameters params = super.getSSLParameters();

    // the super implementation does not handle the following parameters
    params.setEndpointIdentificationAlgorithm(identificationProtocol);
    params.setAlgorithmConstraints(algorithmConstraints);
    params.setSNIMatchers(sniMatchers);
    params.setUseCipherSuitesOrder(preferLocalCipherSuites);


    return params;
}
 
Example 9
Source File: SSLServerSocketImpl.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returns the SSLParameters in effect for newly accepted connections.
 */
@Override
public synchronized SSLParameters getSSLParameters() {
    SSLParameters params = super.getSSLParameters();

    // the super implementation does not handle the following parameters
    params.setEndpointIdentificationAlgorithm(identificationProtocol);
    params.setAlgorithmConstraints(algorithmConstraints);
    params.setSNIMatchers(sniMatchers);
    params.setUseCipherSuitesOrder(preferLocalCipherSuites);
    params.setApplicationProtocols(applicationProtocols);

    return params;
}
 
Example 10
Source File: SSLConfiguration.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
SSLParameters getSSLParameters() {
    SSLParameters params = new SSLParameters();

    params.setAlgorithmConstraints(this.algorithmConstraints);
    params.setProtocols(ProtocolVersion.toStringArray(enabledProtocols));
    params.setCipherSuites(CipherSuite.namesOf(enabledCipherSuites));
    switch (this.clientAuthType) {
        case CLIENT_AUTH_REQUIRED:
            params.setNeedClientAuth(true);
            break;
        case CLIENT_AUTH_REQUESTED:
            params.setWantClientAuth(true);
            break;
        default:
            params.setWantClientAuth(false);
    }
    params.setEndpointIdentificationAlgorithm(this.identificationProtocol);

    if (serverNames.isEmpty() && !noSniExtension) {
        // 'null' indicates none has been set
        params.setServerNames(null);
    } else {
        params.setServerNames(this.serverNames);
    }

    if (sniMatchers.isEmpty() && !noSniMatcher) {
        // 'null' indicates none has been set
        params.setSNIMatchers(null);
    } else {
        params.setSNIMatchers(this.sniMatchers);
    }

    params.setApplicationProtocols(this.applicationProtocols);
    params.setUseCipherSuitesOrder(this.preferLocalCipherSuites);
    params.setEnableRetransmissions(this.enableRetransmissions);
    params.setMaximumPacketSize(this.maximumPacketSize);

    return params;
}
 
Example 11
Source File: SSLServerSocketImpl.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returns the SSLParameters in effect for newly accepted connections.
 */
@Override
synchronized public SSLParameters getSSLParameters() {
    SSLParameters params = super.getSSLParameters();

    // the super implementation does not handle the following parameters
    params.setEndpointIdentificationAlgorithm(identificationProtocol);
    params.setAlgorithmConstraints(algorithmConstraints);
    params.setSNIMatchers(sniMatchers);
    params.setUseCipherSuitesOrder(preferLocalCipherSuites);


    return params;
}
 
Example 12
Source File: SSLServerSocketImpl.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returns the SSLParameters in effect for newly accepted connections.
 */
@Override
synchronized public SSLParameters getSSLParameters() {
    SSLParameters params = super.getSSLParameters();

    // the super implementation does not handle the following parameters
    params.setEndpointIdentificationAlgorithm(identificationProtocol);
    params.setAlgorithmConstraints(algorithmConstraints);
    params.setSNIMatchers(sniMatchers);
    params.setUseCipherSuitesOrder(preferLocalCipherSuites);


    return params;
}
 
Example 13
Source File: SSLServerSocketImpl.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returns the SSLParameters in effect for newly accepted connections.
 */
@Override
synchronized public SSLParameters getSSLParameters() {
    SSLParameters params = super.getSSLParameters();

    // the super implementation does not handle the following parameters
    params.setEndpointIdentificationAlgorithm(identificationProtocol);
    params.setAlgorithmConstraints(algorithmConstraints);
    params.setSNIMatchers(sniMatchers);
    params.setUseCipherSuitesOrder(preferLocalCipherSuites);
    params.setApplicationProtocols(applicationProtocols);

    return params;
}
 
Example 14
Source File: SSLServerSocketImpl.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returns the SSLParameters in effect for newly accepted connections.
 */
@Override
synchronized public SSLParameters getSSLParameters() {
    SSLParameters params = super.getSSLParameters();

    // the super implementation does not handle the following parameters
    params.setEndpointIdentificationAlgorithm(identificationProtocol);
    params.setAlgorithmConstraints(algorithmConstraints);
    params.setSNIMatchers(sniMatchers);
    params.setUseCipherSuitesOrder(preferLocalCipherSuites);


    return params;
}
 
Example 15
Source File: SSLServerSocketImpl.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returns the SSLParameters in effect for newly accepted connections.
 */
@Override
synchronized public SSLParameters getSSLParameters() {
    SSLParameters params = super.getSSLParameters();

    // the super implementation does not handle the following parameters
    params.setEndpointIdentificationAlgorithm(identificationProtocol);
    params.setAlgorithmConstraints(algorithmConstraints);
    params.setSNIMatchers(sniMatchers);
    params.setUseCipherSuitesOrder(preferLocalCipherSuites);


    return params;
}
 
Example 16
Source File: UnboundSSLUtils.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
static SSLEchoServer init(String cipherSuiteFilter,
        String sniPattern) throws NoSuchAlgorithmException, IOException {
    SSLContext context = SSLContext.getDefault();
    SSLServerSocketFactory ssf =
            (SSLServerSocketFactory) context.getServerSocketFactory();
    SSLServerSocket ssocket =
            (SSLServerSocket) ssf.createServerSocket(0);

    // specify enabled cipher suites
    if (cipherSuiteFilter != null) {
        String[] ciphersuites = UnboundSSLUtils.filterStringArray(
                ssf.getSupportedCipherSuites(), cipherSuiteFilter);
        System.out.println("Server: enabled cipher suites: "
                + Arrays.toString(ciphersuites));
        ssocket.setEnabledCipherSuites(ciphersuites);
    }

    // specify SNI matcher pattern
    if (sniPattern != null) {
        System.out.println("Server: set SNI matcher: " + sniPattern);
        SNIMatcher matcher = SNIHostName.createSNIMatcher(sniPattern);
        List<SNIMatcher> matchers = new ArrayList<>();
        matchers.add(matcher);
        SSLParameters params = ssocket.getSSLParameters();
        params.setSNIMatchers(matchers);
        ssocket.setSSLParameters(params);
    }

    return new SSLEchoServer(ssocket);
}
 
Example 17
Source File: SSLServerSocketImpl.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returns the SSLParameters in effect for newly accepted connections.
 */
@Override
synchronized public SSLParameters getSSLParameters() {
    SSLParameters params = super.getSSLParameters();

    // the super implementation does not handle the following parameters
    params.setEndpointIdentificationAlgorithm(identificationProtocol);
    params.setAlgorithmConstraints(algorithmConstraints);
    params.setSNIMatchers(sniMatchers);
    params.setUseCipherSuitesOrder(preferLocalCipherSuites);


    return params;
}
 
Example 18
Source File: Java8SslTestUtils.java    From netty-4.1.22 with Apache License 2.0 5 votes vote down vote up
static void setSNIMatcher(SSLParameters parameters) {
    SNIMatcher matcher = new SNIMatcher(0) {
        @Override
        public boolean matches(SNIServerName sniServerName) {
            return false;
        }
    };
    parameters.setSNIMatchers(Collections.singleton(matcher));
}
 
Example 19
Source File: UnboundSSLUtils.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
static SSLEchoServer init(String cipherSuiteFilter,
        String sniPattern) throws NoSuchAlgorithmException, IOException {
    SSLContext context = SSLContext.getDefault();
    SSLServerSocketFactory ssf =
            (SSLServerSocketFactory) context.getServerSocketFactory();
    SSLServerSocket ssocket =
            (SSLServerSocket) ssf.createServerSocket(0);

    // specify enabled cipher suites
    if (cipherSuiteFilter != null) {
        String[] ciphersuites = UnboundSSLUtils.filterStringArray(
                ssf.getSupportedCipherSuites(), cipherSuiteFilter);
        System.out.println("Server: enabled cipher suites: "
                + Arrays.toString(ciphersuites));
        ssocket.setEnabledCipherSuites(ciphersuites);
    }

    // specify SNI matcher pattern
    if (sniPattern != null) {
        System.out.println("Server: set SNI matcher: " + sniPattern);
        SNIMatcher matcher = SNIHostName.createSNIMatcher(sniPattern);
        List<SNIMatcher> matchers = new ArrayList<>();
        matchers.add(matcher);
        SSLParameters params = ssocket.getSSLParameters();
        params.setSNIMatchers(matchers);
        ssocket.setSSLParameters(params);
    }

    return new SSLEchoServer(ssocket);
}
 
Example 20
Source File: Java8SslUtils.java    From netty-4.1.22 with Apache License 2.0 4 votes vote down vote up
@SuppressWarnings("unchecked")
static void setSNIMatchers(SSLParameters sslParameters, Collection<?> matchers) {
    sslParameters.setSNIMatchers((Collection<SNIMatcher>) matchers);
}