下面列出了javax.net.ssl.SSLContext#getServerSessionContext ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private SSLContext createSslContext()
{
KeyStore keyStore = getKeyStore();
Collection<TrustStore> trustStores = getTrustStores();
boolean needClientCert = (Boolean)getAttribute(NEED_CLIENT_AUTH) || (Boolean)getAttribute(WANT_CLIENT_AUTH);
if (needClientCert && trustStores.isEmpty())
{
throw new IllegalConfigurationException("Client certificate authentication is enabled on AMQP port '"
+ this.getName() + "' but no trust store defined");
}
SSLContext sslContext = SSLUtil.createSslContext(keyStore, trustStores, getName());
SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
if (getTLSSessionCacheSize() > 0)
{
serverSessionContext.setSessionCacheSize(getTLSSessionCacheSize());
}
if (getTLSSessionTimeout() > 0)
{
serverSessionContext.setSessionTimeout(getTLSSessionTimeout());
}
return sslContext;
}
public static void main(String[] args) throws Exception {
SSLServerSocketFactory sssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
try (SSLServerSocket serverSocket =
(SSLServerSocket)sssf.createServerSocket()) {
String[] protocols = serverSocket.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslContext = SSLContext.getInstance(protocols[i]);
SSLSessionContext sessionContext =
sslContext.getServerSessionContext();
if (sessionContext.getSessionCacheSize() == 0) {
throw new Exception(
"the default server session cache size is infinite");
}
sessionContext = sslContext.getClientSessionContext();
if (sessionContext.getSessionCacheSize() == 0) {
throw new Exception(
"the default client session cache size is infinite");
}
}
}
}
/**
* Check if the {@link SSLContext} has any active sessions.
*
* @return {@code true} if the {@link SSLContext} is available and has at least one session, {@code false} otherwise.
*/
private boolean hasActiveSessions() {
final SSLContext sslContext = getSSLContext(sslContextServiceController);
if (sslContext == null) return false;
SSLSessionContext sslSessionContext = server ? sslContext.getServerSessionContext() : sslContext.getClientSessionContext();
return sslSessionContext.getIds().hasMoreElements();
}
private static SSLContext newSSLContext(Provider sslContextProvider, X509Certificate[] trustCertCollection,
TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain,
PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
long sessionCacheSize, long sessionTimeout)
throws SSLException {
if (key == null && keyManagerFactory == null) {
throw new NullPointerException("key, keyManagerFactory");
}
try {
if (trustCertCollection != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
}
if (key != null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory);
}
// Initialize the SSLContext to work with our key managers.
SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL)
: SSLContext.getInstance(PROTOCOL, sslContextProvider);
ctx.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
null);
SSLSessionContext sessCtx = ctx.getServerSessionContext();
if (sessionCacheSize > 0) {
sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
}
if (sessionTimeout > 0) {
sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
}
return ctx;
} catch (Exception e) {
if (e instanceof SSLException) {
throw (SSLException) e;
}
throw new SSLException("failed to initialize the server-side SSL context", e);
}
}
@Override
public Set<String> getChildrenNames(String childType) {
SSLContext sslContext;
if (ElytronDescriptionConstants.SSL_SESSION.equals(childType) && (sslContext = getSSLContext(sslContextServiceController)) != null) {
SSLSessionContext sslSessionContext = server ? sslContext.getServerSessionContext() : sslContext.getClientSessionContext();
Set<String> set = new HashSet<>();
for (byte[] b : Collections.list(sslSessionContext.getIds())) {
String s = ByteIterator.ofBytes(b).hexEncode(true).drainToString();
set.add(s);
}
return set;
}
return Collections.emptySet();
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
public static void main(String[] args) throws Exception {
SSLServerSocketFactory sssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
try (SSLServerSocket serverSocket =
(SSLServerSocket)sssf.createServerSocket()) {
String[] protocols = serverSocket.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslContext = SSLContext.getInstance(protocols[i]);
SSLSessionContext sessionContext =
sslContext.getServerSessionContext();
if (sessionContext.getSessionCacheSize() == 0) {
throw new Exception(
"the default server session cache size is infinite");
}
sessionContext = sslContext.getClientSessionContext();
if (sessionContext.getSessionCacheSize() == 0) {
throw new Exception(
"the default client session cache size is infinite");
}
}
}
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
private SSLContext createSslContext(final HttpPort<?> port)
{
KeyStore keyStore = port.getKeyStore();
if (keyStore == null)
{
throw new IllegalConfigurationException(
"Key store is not configured. Cannot start management on HTTPS port without keystore");
}
final boolean needClientCert = port.getNeedClientAuth() || port.getWantClientAuth();
final Collection<TrustStore> trustStores = port.getTrustStores();
if (needClientCert && trustStores.isEmpty())
{
throw new IllegalConfigurationException(String.format(
"Client certificate authentication is enabled on HTTPS port '%s' but no trust store defined",
this.getName()));
}
final SSLContext sslContext = SSLUtil.createSslContext(port.getKeyStore(), trustStores, port.getName());
final SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
if (port.getTLSSessionCacheSize() > 0)
{
serverSessionContext.setSessionCacheSize(port.getTLSSessionCacheSize());
}
if (port.getTLSSessionTimeout() > 0)
{
serverSessionContext.setSessionTimeout(port.getTLSSessionTimeout());
}
return sslContext;
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
@Override
protected void performRuntime(ModelNode result, ModelNode operation, SSLContext sslContext) throws OperationFailedException {
SSLSessionContext sslSessionContext = server ? sslContext.getServerSessionContext() : sslContext.getClientSessionContext();
SSLSession sslSession = sslSessionContext.getSession(sessionId(operation));
if (sslSession != null) {
performRuntime(result, operation, sslSession);
}
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
public static void main(String[] args) throws Exception {
SSLServerSocketFactory sssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
try (SSLServerSocket serverSocket =
(SSLServerSocket)sssf.createServerSocket()) {
String[] protocols = serverSocket.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslContext = SSLContext.getInstance(protocols[i]);
SSLSessionContext sessionContext =
sslContext.getServerSessionContext();
if (sessionContext.getSessionCacheSize() == 0) {
throw new Exception(
"the default server session cache size is infinite");
}
sessionContext = sslContext.getClientSessionContext();
if (sessionContext.getSessionCacheSize() == 0) {
throw new Exception(
"the default client session cache size is infinite");
}
}
}
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
private static void trustAllHttpsCertificates() throws Exception {
// Create a trust manager that does not validate certificate chains:
TrustManager[] trustAllCerts = new TrustManager[1];
TrustManager tm = new TrustAllTrustManager();
trustAllCerts[0] = tm;
SSLContext sc = SSLContext.getInstance("SSL");
SSLSessionContext sslsc = sc.getServerSessionContext();
sslsc.setSessionTimeout(0);
sc.init(null, trustAllCerts, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
/**
* Reads the keystore and initializes the SSL socket factory.
*/
void init() throws IOException {
try {
String clientAuthStr = endpoint.getClientAuth();
if("true".equalsIgnoreCase(clientAuthStr) ||
"yes".equalsIgnoreCase(clientAuthStr)) {
requireClientAuth = true;
} else if("want".equalsIgnoreCase(clientAuthStr)) {
wantClientAuth = true;
}
SSLContext context = createSSLContext();
context.init(getKeyManagers(), getTrustManagers(), null);
// Configure SSL session cache
SSLSessionContext sessionContext =
context.getServerSessionContext();
if (sessionContext != null) {
configureSessionContext(sessionContext);
}
// create proxy
sslProxy = context.getServerSocketFactory();
// Determine which cipher suites to enable
enabledCiphers = getEnableableCiphers(context);
enabledProtocols = getEnableableProtocols(context);
allowUnsafeLegacyRenegotiation = "true".equals(
endpoint.getAllowUnsafeLegacyRenegotiation());
// Check the SSL config is OK
checkConfig();
} catch(Exception e) {
if( e instanceof IOException )
throw (IOException)e;
throw new IOException(e.getMessage(), e);
}
}
/**
* Reads the keystore and initializes the SSL socket factory.
*/
void init() throws IOException {
try {
String clientAuthStr = endpoint.getClientAuth();
if("true".equalsIgnoreCase(clientAuthStr) ||
"yes".equalsIgnoreCase(clientAuthStr)) {
requireClientAuth = true;
} else if("want".equalsIgnoreCase(clientAuthStr)) {
wantClientAuth = true;
}
SSLContext context = createSSLContext();
context.init(getKeyManagers(), getTrustManagers(), null);
// Configure SSL session cache
SSLSessionContext sessionContext =
context.getServerSessionContext();
if (sessionContext != null) {
configureSessionContext(sessionContext);
}
// create proxy
sslProxy = context.getServerSocketFactory();
// Determine which cipher suites to enable
enabledCiphers = getEnableableCiphers(context);
enabledProtocols = getEnableableProtocols(context);
allowUnsafeLegacyRenegotiation = "true".equals(
endpoint.getAllowUnsafeLegacyRenegotiation());
// Check the SSL config is OK
checkConfig();
} catch(Exception e) {
if( e instanceof IOException )
throw (IOException)e;
throw new IOException(e.getMessage(), e);
}
}