下面列出了javax.net.ssl.SSLContext#getDefault ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private static void initialize(String[] args) throws Exception {
keystore = args[0];
hostname = args[1];
String password = "changeit";
String keyFilename =
System.getProperty("test.src", ".") + "/" + keystore;
String trustFilename =
System.getProperty("test.src", ".") + "/" + keystore;
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", password);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
System.setProperty("javax.net.ssl.trustStorePassword", password);
context = SSLContext.getDefault();
HttpsURLConnection.setDefaultSSLSocketFactory(
context.getSocketFactory());
}
@Test
public void typical() throws NoSuchAlgorithmException, IOException {
SdkTlsSocketFactory f = new SdkTlsSocketFactory(SSLContext.getDefault(), null);
try (SSLSocket socket = new TestSSLSocket() {
@Override
public String[] getSupportedProtocols() {
return shuffle(new String[] {"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"});
}
@Override
public String[] getEnabledProtocols() {
return shuffle(new String[] {"SSLv3", "TLSv1"});
}
@Override
public void setEnabledProtocols(String[] protocols) {
assertTrue(Arrays.equals(protocols, new String[] {"TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3"}));
}
}) {
f.prepareSocket(socket);
}
}
@Test
public void typical() throws NoSuchAlgorithmException {
SdkTLSSocketFactory f = new SdkTLSSocketFactory(SSLContext.getDefault(), null);
f.prepareSocket(new TestSSLSocket() {
@Override
public String[] getSupportedProtocols() {
return shuffle(new String[]{"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"});
}
@Override
public String[] getEnabledProtocols() {
return shuffle(new String[]{"SSLv3", "TLSv1"});
}
@Override
public void setEnabledProtocols(String[] protocols) {
assertTrue(Arrays.equals(protocols, new String[] {"TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3" }));
}
});
}
/**
* The parameter passed is the user enforced protocol. Does not catch
* NoSuchAlgorithmException, WrongProperty test will use it.
*/
public void test(String expectedContextProto,
String[] expectedDefaultProtos) throws NoSuchAlgorithmException {
SSLContext context = null;
try {
if (expectedContextProto != null) {
context = SSLContext.getInstance(expectedContextProto);
context.init(null, null, null);
} else {
context = SSLContext.getDefault();
}
printContextDetails(context);
} catch (KeyManagementException ex) {
error(null, ex);
}
validateContext(expectedContextProto, expectedDefaultProtos, context);
}
/**
* Test when the edge case when the both supported and enabled protocols are null.
*/
@Test
public void preparedSocket_NullProtocols() throws NoSuchAlgorithmException, IOException {
SdkTlsSocketFactory f = new SdkTlsSocketFactory(SSLContext.getDefault(), null);
try (SSLSocket socket = new TestSSLSocket() {
@Override
public String[] getSupportedProtocols() {
return null;
}
@Override
public String[] getEnabledProtocols() {
return null;
}
@Override
public void setEnabledProtocols(String[] protocols) {
fail();
}
}) {
f.prepareSocket(socket);
}
}
static SSLEchoServer init(String cipherSuiteFilter,
String sniPattern) throws NoSuchAlgorithmException, IOException {
SSLContext context = SSLContext.getDefault();
SSLServerSocketFactory ssf =
(SSLServerSocketFactory) context.getServerSocketFactory();
SSLServerSocket ssocket =
(SSLServerSocket) ssf.createServerSocket(0);
// specify enabled cipher suites
if (cipherSuiteFilter != null) {
String[] ciphersuites = UnboundSSLUtils.filterStringArray(
ssf.getSupportedCipherSuites(), cipherSuiteFilter);
System.out.println("Server: enabled cipher suites: "
+ Arrays.toString(ciphersuites));
ssocket.setEnabledCipherSuites(ciphersuites);
}
// specify SNI matcher pattern
if (sniPattern != null) {
System.out.println("Server: set SNI matcher: " + sniPattern);
SNIMatcher matcher = SNIHostName.createSNIMatcher(sniPattern);
List<SNIMatcher> matchers = new ArrayList<>();
matchers.add(matcher);
SSLParameters params = ssocket.getSSLParameters();
params.setSNIMatchers(matchers);
ssocket.setSSLParameters(params);
}
return new SSLEchoServer(ssocket);
}
public static void main (String[] args) throws Exception {
SSLContext context = SSLContext.getDefault();
// set the property before initialization SSLEngine.
System.setProperty("jsse.SSLEngine.acceptLargeFragments", "true");
SSLEngine cliEngine = context.createSSLEngine();
cliEngine.setUseClientMode(true);
SSLEngine srvEngine = context.createSSLEngine();
srvEngine.setUseClientMode(false);
SSLSession cliSession = cliEngine.getSession();
SSLSession srvSession = srvEngine.getSession();
// check packet buffer sizes.
if (cliSession.getPacketBufferSize() < 33049 ||
srvSession.getPacketBufferSize() < 33049) {
throw new Exception("Don't accept large SSL/TLS fragments");
}
// check application data buffer sizes.
if (cliSession.getApplicationBufferSize() < 32768 ||
srvSession.getApplicationBufferSize() < 32768) {
throw new Exception(
"Don't accept large SSL/TLS application data ");
}
}
public static void main (String[] args) throws Exception {
SSLContext context = SSLContext.getDefault();
// set the property before initialization SSLEngine.
System.setProperty("jsse.SSLEngine.acceptLargeFragments", "true");
SSLEngine cliEngine = context.createSSLEngine();
cliEngine.setUseClientMode(true);
SSLEngine srvEngine = context.createSSLEngine();
srvEngine.setUseClientMode(false);
SSLSession cliSession = cliEngine.getSession();
SSLSession srvSession = srvEngine.getSession();
// check packet buffer sizes.
if (cliSession.getPacketBufferSize() < 33049 ||
srvSession.getPacketBufferSize() < 33049) {
throw new Exception("Don't accept large SSL/TLS fragments");
}
// check application data buffer sizes.
if (cliSession.getApplicationBufferSize() < 32768 ||
srvSession.getApplicationBufferSize() < 32768) {
throw new Exception(
"Don't accept large SSL/TLS application data ");
}
}
/**
* @throws Exception If failed.
*/
@Test
public void testDefaultContext() throws Exception {
// Store exists default SSL context to restore after test.
final SSLContext dfltSslCtx = SSLContext.getDefault();
// Setup default context
SSLContext.setDefault(getTestSslContextFactory().create());
setSslCtxFactoryToCli = true;
// Factory return default SSL context
sslCtxFactory = new Factory<SSLContext>() {
@Override public SSLContext create() {
try {
return SSLContext.getDefault();
}
catch (NoSuchAlgorithmException e) {
throw new IgniteException(e);
}
}
};
startGrids(1);
try (Connection conn = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require")) {
checkConnection(conn);
}
finally {
stopAllGrids();
// Restore SSL context.
SSLContext.setDefault(dfltSslCtx);
}
}
public static void main (String[] args) throws Exception {
SSLContext context = SSLContext.getDefault();
// set the property before initialization SSLEngine.
System.setProperty("jsse.SSLEngine.acceptLargeFragments", "true");
SSLEngine cliEngine = context.createSSLEngine();
cliEngine.setUseClientMode(true);
SSLEngine srvEngine = context.createSSLEngine();
srvEngine.setUseClientMode(false);
SSLSession cliSession = cliEngine.getSession();
SSLSession srvSession = srvEngine.getSession();
// check packet buffer sizes.
if (cliSession.getPacketBufferSize() < 33049 ||
srvSession.getPacketBufferSize() < 33049) {
throw new Exception("Don't accept large SSL/TLS fragments");
}
// check application data buffer sizes.
if (cliSession.getApplicationBufferSize() < 32768 ||
srvSession.getApplicationBufferSize() < 32768) {
throw new Exception(
"Don't accept large SSL/TLS application data ");
}
}
static SSLEchoServer init(String cipherSuiteFilter,
String sniPattern) throws NoSuchAlgorithmException, IOException {
SSLContext context = SSLContext.getDefault();
SSLServerSocketFactory ssf =
(SSLServerSocketFactory) context.getServerSocketFactory();
SSLServerSocket ssocket =
(SSLServerSocket) ssf.createServerSocket(0);
// specify enabled cipher suites
if (cipherSuiteFilter != null) {
String[] ciphersuites = UnboundSSLUtils.filterStringArray(
ssf.getSupportedCipherSuites(), cipherSuiteFilter);
System.out.println("Server: enabled cipher suites: "
+ Arrays.toString(ciphersuites));
ssocket.setEnabledCipherSuites(ciphersuites);
}
// specify SNI matcher pattern
if (sniPattern != null) {
System.out.println("Server: set SNI matcher: " + sniPattern);
SNIMatcher matcher = SNIHostName.createSNIMatcher(sniPattern);
List<SNIMatcher> matchers = new ArrayList<>();
matchers.add(matcher);
SSLParameters params = ssocket.getSSLParameters();
params.setSNIMatchers(matchers);
ssocket.setSSLParameters(params);
}
return new SSLEchoServer(ssocket);
}
public static void main(String[] args) throws IOException, NoSuchAlgorithmException {
// initialize the SSLContext, a configuration holder, reusable object
SSLContext sslContext = SSLContext.getDefault();
// connect raw socket channel normally
try (SocketChannel rawChannel = SocketChannel.open()) {
rawChannel.connect(new InetSocketAddress(domain, 443));
// create TlsChannel builder, combining the raw channel and the SSLEngine, using minimal
// options
ClientTlsChannel.Builder builder = ClientTlsChannel.newBuilder(rawChannel, sslContext);
// instantiate TlsChannel
try (TlsChannel tlsChannel = builder.build()) {
// do HTTP interaction and print result
tlsChannel.write(ByteBuffer.wrap(httpLine.getBytes(StandardCharsets.US_ASCII)));
ByteBuffer res = ByteBuffer.allocate(10000);
// being HTTP 1.0, the server will just close the connection at the end
while (tlsChannel.read(res) != -1) ;
res.flip();
System.out.println(utf8.decode(res).toString());
}
}
}
public static void main (String[] args) throws Exception {
SSLContext context = SSLContext.getDefault();
// set the property before initialization SSLEngine.
System.setProperty("jsse.SSLEngine.acceptLargeFragments", "true");
SSLEngine cliEngine = context.createSSLEngine();
cliEngine.setUseClientMode(true);
SSLEngine srvEngine = context.createSSLEngine();
srvEngine.setUseClientMode(false);
SSLSession cliSession = cliEngine.getSession();
SSLSession srvSession = srvEngine.getSession();
// check packet buffer sizes.
if (cliSession.getPacketBufferSize() < 33049 ||
srvSession.getPacketBufferSize() < 33049) {
throw new Exception("Don't accept large SSL/TLS fragments");
}
// check application data buffer sizes.
if (cliSession.getApplicationBufferSize() < 32768 ||
srvSession.getApplicationBufferSize() < 32768) {
throw new Exception(
"Don't accept large SSL/TLS application data ");
}
}
/**
* @return the list of supported ssl protocols by the default
* {@link SSLContext}
*/
private String[] getSupportedSslProtocols() {
try {
SSLContext sslContext = SSLContext.getDefault();
return sslContext.getSupportedSSLParameters().getProtocols();
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(sm.getString("jndiRealm.exception"), e);
}
}
static SSLClient init(int port, String ciphersuite)
throws NoSuchAlgorithmException, IOException {
SSLContext context = SSLContext.getDefault();
SSLSocketFactory ssf = (SSLSocketFactory)
context.getSocketFactory();
SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port);
if (ciphersuite != null) {
System.out.println("Client: enable cipher suite: "
+ ciphersuite);
socket.setEnabledCipherSuites(new String[] { ciphersuite });
}
return new SSLClient(socket);
}
static SSLClient init(String host, int port, String cipherSuiteFilter,
String sniHostName) throws NoSuchAlgorithmException, IOException {
SSLContext sslContext = SSLContext.getDefault();
SSLSocketFactory ssf = (SSLSocketFactory) sslContext.getSocketFactory();
SSLSocket socket = (SSLSocket) ssf.createSocket(host, port);
SSLParameters params = new SSLParameters();
if (cipherSuiteFilter != null) {
String[] cipherSuites = UnboundSSLUtils.filterStringArray(
ssf.getSupportedCipherSuites(), cipherSuiteFilter);
System.out.println("Client: enabled cipher suites: "
+ Arrays.toString(cipherSuites));
params.setCipherSuites(cipherSuites);
}
if (sniHostName != null) {
System.out.println("Client: set SNI hostname: " + sniHostName);
SNIHostName serverName = new SNIHostName(sniHostName);
List<SNIServerName> serverNames = new ArrayList<>();
serverNames.add(serverName);
params.setServerNames(serverNames);
}
socket.setSSLParameters(params);
return new SSLClient(socket);
}
public static void main (String[] args) throws Exception {
SSLContext context = SSLContext.getDefault();
// set the property before initialization SSLEngine.
System.setProperty("jsse.SSLEngine.acceptLargeFragments", "true");
SSLEngine cliEngine = context.createSSLEngine();
cliEngine.setUseClientMode(true);
SSLEngine srvEngine = context.createSSLEngine();
srvEngine.setUseClientMode(false);
SSLSession cliSession = cliEngine.getSession();
SSLSession srvSession = srvEngine.getSession();
// check packet buffer sizes.
if (cliSession.getPacketBufferSize() < 33049 ||
srvSession.getPacketBufferSize() < 33049) {
throw new Exception("Don't accept large SSL/TLS fragments");
}
// check application data buffer sizes.
if (cliSession.getApplicationBufferSize() < 32768 ||
srvSession.getApplicationBufferSize() < 32768) {
throw new Exception(
"Don't accept large SSL/TLS application data ");
}
}
public KeyStoreAwareSocketFactory(X509HostnameVerifier hostnameVerifier) throws NoSuchAlgorithmException, KeyStoreException{
super(SSLContext.getDefault(), hostnameVerifier);
this.keyStore = null;
this.trustStore = null;
}
@Before
public void setUp() throws Exception {
SlaveConnectionManager.reset();
defaultContext = SSLContext.getDefault();
}
/**
* Creates default SSL context based on system properties. This method obtains
* default SSL context by calling {@code SSLContext.getInstance("Default")}.
* Please note that {@code Default} algorithm is supported as of Java 6.
* This method will fall back onto {@link #createDefault()} when
* {@code Default} algorithm is not available.
*
* @return default system SSL context
*/
public static SSLContext createSystemDefault() throws SSLInitializationException {
try {
return SSLContext.getDefault();
} catch (final NoSuchAlgorithmException ex) {
return createDefault();
}
}