下面列出了javax.net.ssl.SSLSocket#setUseClientMode ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
public Socket accept() throws IOException {
final SSLSocketFactory sslSocketFactory =
context == null ?
getDefaultSSLSocketFactory() : context.getSocketFactory();
Socket socket = super.accept();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostName(),
socket.getPort(), true);
sslSocket.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols != null) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
sslSocket.setNeedClientAuth(needClientAuth);
return sslSocket;
}
protected void processSSLMessage() throws IOException {
OutputStream raw = messenger.getOutputStream();
if (System.getProperty("javax.net.ssl.keyStore") == null) {
// JSSE doesn't have a keystore; TLSv1 handshake is gonna fail. Deny support.
raw.write('N');
raw.flush();
}
else {
// Someone seems to have configured for SSL. Wrap the
// socket and start server mode negotiation. Client should
// then use SSL socket to start regular server protocol.
raw.write('S');
raw.flush();
SSLSocketFactory sslFactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket sslSocket = (SSLSocket)sslFactory.createSocket(socket, socket.getLocalAddress().toString(), socket.getLocalPort(), true);
socket = sslSocket;
createMessenger();
sslSocket.setUseClientMode(false);
sslSocket.startHandshake();
}
}
/**
* <p>Creates a server socket that accepts SSL connections
* configured according to this factory's SSL socket configuration
* parameters.</p>
*/
public ServerSocket createServerSocket(int port) throws IOException {
final SSLSocketFactory sslSocketFactory =
context == null ?
getDefaultSSLSocketFactory() : context.getSocketFactory();
return new ServerSocket(port) {
public Socket accept() throws IOException {
Socket socket = super.accept();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostName(),
socket.getPort(), true);
sslSocket.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols != null) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
sslSocket.setNeedClientAuth(needClientAuth);
return sslSocket;
}
};
}
@Override
public Socket accept() throws IOException {
final SSLSocketFactory sslSocketFactory =
context == null ?
getDefaultSSLSocketFactory() : context.getSocketFactory();
Socket socket = super.accept();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostName(),
socket.getPort(), true);
sslSocket.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols != null) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
sslSocket.setNeedClientAuth(needClientAuth);
return sslSocket;
}
/**
* <p>Creates a server socket that accepts SSL connections
* configured according to this factory's SSL socket configuration
* parameters.</p>
*/
public ServerSocket createServerSocket(int port) throws IOException {
final SSLSocketFactory sslSocketFactory =
context == null ?
getDefaultSSLSocketFactory() : context.getSocketFactory();
return new ServerSocket(port) {
public Socket accept() throws IOException {
Socket socket = super.accept();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostName(),
socket.getPort(), true);
sslSocket.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols != null) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
sslSocket.setNeedClientAuth(needClientAuth);
return sslSocket;
}
};
}
@Override
public ServerSocket createServerSocket(int port) throws IOException {
return new ServerSocket(port) {
@Override
public Socket accept() throws IOException {
Socket socket = super.accept();
SSLSocketFactory sslSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSocket =
(SSLSocket) sslSocketFactory.createSocket(socket,
socket.getInetAddress().getHostName(), socket.getPort(), true);
sslSocket.setUseClientMode(false);
sslSocket.setNeedClientAuth(false);
ArrayList<String> secureProtocols = new ArrayList<>();
for (String p : sslSocket.getEnabledProtocols()) {
if (!p.contains("SSLv3")) {
secureProtocols.add(p);
}
}
sslSocket.setEnabledProtocols(secureProtocols.toArray(new String[secureProtocols.size()]));
return sslSocket;
}
};
}
/**
* <p>Creates a server socket that accepts SSL connections
* configured according to this factory's SSL socket configuration
* parameters.</p>
*/
public ServerSocket createServerSocket(int port) throws IOException {
final SSLSocketFactory sslSocketFactory =
context == null ?
getDefaultSSLSocketFactory() : context.getSocketFactory();
return new ServerSocket(port) {
public Socket accept() throws IOException {
Socket socket = super.accept();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostName(),
socket.getPort(), true);
sslSocket.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols != null) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
sslSocket.setNeedClientAuth(needClientAuth);
return sslSocket;
}
};
}
@Override
public Socket accept() throws IOException {
final SSLSocketFactory sslSocketFactory =
context == null ?
getDefaultSSLSocketFactory() : context.getSocketFactory();
Socket socket = super.accept();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostName(),
socket.getPort(), true);
sslSocket.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols != null) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
sslSocket.setNeedClientAuth(needClientAuth);
return sslSocket;
}
/**
* <p>Creates a server socket that accepts SSL connections
* configured according to this factory's SSL socket configuration
* parameters.</p>
*/
public ServerSocket createServerSocket(int port) throws IOException {
final SSLSocketFactory sslSocketFactory =
context == null ?
getDefaultSSLSocketFactory() : context.getSocketFactory();
return new ServerSocket(port) {
public Socket accept() throws IOException {
Socket socket = super.accept();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostName(),
socket.getPort(), true);
sslSocket.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols != null) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
sslSocket.setNeedClientAuth(needClientAuth);
return sslSocket;
}
};
}
/**
* <p>Creates a server socket that accepts SSL connections
* configured according to this factory's SSL socket configuration
* parameters.</p>
*/
public ServerSocket createServerSocket(int port) throws IOException {
final SSLSocketFactory sslSocketFactory =
context == null ?
getDefaultSSLSocketFactory() : context.getSocketFactory();
return new ServerSocket(port) {
public Socket accept() throws IOException {
Socket socket = super.accept();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostName(),
socket.getPort(), true);
sslSocket.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols != null) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
sslSocket.setNeedClientAuth(needClientAuth);
return sslSocket;
}
};
}
/**
* <p>Creates a server socket that accepts SSL connections
* configured according to this factory's SSL socket configuration
* parameters.</p>
*/
public ServerSocket createServerSocket(int port) throws IOException {
final SSLSocketFactory sslSocketFactory =
context == null ?
getDefaultSSLSocketFactory() : context.getSocketFactory();
return new ServerSocket(port) {
public Socket accept() throws IOException {
Socket socket = super.accept();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostName(),
socket.getPort(), true);
sslSocket.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols != null) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
sslSocket.setNeedClientAuth(needClientAuth);
return sslSocket;
}
};
}
@Override
public Socket accept() throws IOException {
final SSLSocketFactory sslSocketFactory =
context == null ?
getDefaultSSLSocketFactory() : context.getSocketFactory();
Socket socket = super.accept();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostName(),
socket.getPort(), true);
sslSocket.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols != null) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
sslSocket.setNeedClientAuth(needClientAuth);
return sslSocket;
}
@Override
public Socket accept() throws IOException {
final SSLSocketFactory sslSocketFactory =
context == null ?
getDefaultSSLSocketFactory() : context.getSocketFactory();
Socket socket = super.accept();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostName(),
socket.getPort(), true);
sslSocket.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols != null) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
sslSocket.setNeedClientAuth(needClientAuth);
return sslSocket;
}
/**
* <p>Creates a server socket that accepts SSL connections
* configured according to this factory's SSL socket configuration
* parameters.</p>
*/
public ServerSocket createServerSocket(int port) throws IOException {
final SSLSocketFactory sslSocketFactory =
context == null ?
getDefaultSSLSocketFactory() : context.getSocketFactory();
return new ServerSocket(port) {
public Socket accept() throws IOException {
Socket socket = super.accept();
SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
socket, socket.getInetAddress().getHostName(),
socket.getPort(), true);
sslSocket.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols != null) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
sslSocket.setNeedClientAuth(needClientAuth);
return sslSocket;
}
};
}
@Override
public SSLSocket createSSLSocket(Socket socket) throws IOException {
if (!enabled)
throw new IllegalStateException();
InetSocketAddress remoteAddress =
(InetSocketAddress) socket.getRemoteSocketAddress();
SSLSocket sslSocket =
(SSLSocket) socketFactory.createSocket(socket,
remoteAddress.getHostName(), socket.getPort(), true);
sslSocket.setUseClientMode(false);
return sslSocket;
}
/**
* Create a SSL socket that wraps the existing socket. This method
* is called after the client issued the STARTTLS command.
* <p>
* Subclasses may override this method to configure the key stores, enabled protocols/
* cipher suites, enforce client authentication, etc.
*
* @param socket the existing socket as created by {@link #createServerSocket()} (not null)
* @return a SSLSocket
* @throws IOException when creating the socket failed
*/
public SSLSocket createSSLSocket(Socket socket) throws IOException
{
SSLSocketFactory sf = ((SSLSocketFactory) SSLSocketFactory.getDefault());
InetSocketAddress remoteAddress = (InetSocketAddress) socket.getRemoteSocketAddress();
SSLSocket s = (SSLSocket) (sf.createSocket(socket, remoteAddress.getHostName(), socket.getPort(), true));
// we are a server
s.setUseClientMode(false);
// allow all supported cipher suites
s.setEnabledCipherSuites(s.getSupportedCipherSuites());
return s;
}
private void sslWrapper(
final String host,
final Socket socket,
final Options options,
final long serverCapabilities,
long clientCapabilities,
final byte exchangeCharset,
long serverThreadId)
throws SQLException, IOException {
if (Boolean.TRUE.equals(options.useSsl)) {
if ((serverCapabilities & MariaDbServerCapabilities.SSL) == 0) {
exceptionFactory.create(
"Trying to connect with ssl, but ssl not enabled in the server", "08000");
}
clientCapabilities |= MariaDbServerCapabilities.SSL;
SendSslConnectionRequestPacket.send(writer, clientCapabilities, exchangeCharset);
TlsSocketPlugin socketPlugin = TlsSocketPluginLoader.get(options.tlsSocketType);
SSLSocketFactory sslSocketFactory = socketPlugin.getSocketFactory(options);
SSLSocket sslSocket = socketPlugin.createSocket(socket, sslSocketFactory);
enabledSslProtocolSuites(sslSocket, options);
enabledSslCipherSuites(sslSocket, options);
sslSocket.setUseClientMode(true);
sslSocket.startHandshake();
// perform hostname verification
// (rfc2818 indicate that if "client has external information as to the expected identity of
// the server, the hostname check MAY be omitted")
if (!options.disableSslHostnameVerification && !options.trustServerCertificate) {
SSLSession session = sslSocket.getSession();
try {
socketPlugin.verify(host, session, options, serverThreadId);
} catch (SSLException ex) {
throw exceptionFactory.create(
"SSL hostname verification failed : "
+ ex.getMessage()
+ "\nThis verification can be disabled using the option \"disableSslHostnameVerification\" "
+ "but won't prevent man-in-the-middle attacks anymore",
"08006");
}
}
assignStream(sslSocket, options);
}
}
public Socket connect(String[] cipherSuites, String[] sslProtocols, int bufferSize) throws IOException {
// bufferSize has already been set on the ServerSocket
// just need to accept this param to comply with the Connection class
if (_serverSocket == null) {
// can happen if abort() is called before connect()
throw new SocketException(
"abort() was called before connect()");
}
Socket sock = null;
try {
sock = _serverSocket.accept();
} finally {
if (_serverSocket != null) {
_serverSocket.close();
}
_serverSocket = null;
}
if (sock == null) {
// can happen if abort() is called while serverSocket.accept() is
// waiting
throw new SocketException(
"abort() was called while waiting for accept()");
}
setSockOpts(sock);
if (sock instanceof SSLSocket) {
SSLSocket sslsock = (SSLSocket) sock;
if (cipherSuites != null && cipherSuites.length != 0) {
sslsock.setEnabledCipherSuites(cipherSuites);
}
if (sslProtocols != null && sslProtocols.length != 0) {
sslsock.setEnabledProtocols(sslProtocols);
}
sslsock.setUseClientMode(_useSSLClientMode);
sslsock.startHandshake();
}
return sock;
}
/**
* SSL/TLS negotiation. Acquires an SSL socket of a control
* connection and carries out handshake processing.
*
* @throws IOException If server negotiation fails
*/
protected void sslNegotiation() throws IOException {
plainSocket = _socket_;
initSslContext();
SSLSocketFactory ssf = context.getSocketFactory();
String host = (_hostname_ != null) ? _hostname_ : getRemoteAddress().getHostAddress();
int port = _socket_.getPort();
SSLSocket socket = (SSLSocket) ssf.createSocket(_socket_, host, port, false);
socket.setEnableSessionCreation(isCreation);
socket.setUseClientMode(isClientMode);
// client mode
if (isClientMode) {
if (tlsEndpointChecking) {
SSLSocketUtils.enableEndpointNameVerification(socket);
}
} else { // server mode
socket.setNeedClientAuth(isNeedClientAuth);
socket.setWantClientAuth(isWantClientAuth);
}
if (protocols != null) {
socket.setEnabledProtocols(protocols);
}
if (suites != null) {
socket.setEnabledCipherSuites(suites);
}
socket.startHandshake();
// TODO the following setup appears to duplicate that in the super class methods
_socket_ = socket;
_controlInput_ =
new BufferedReader(new InputStreamReader(socket.getInputStream(), getControlEncoding()));
_controlOutput_ =
new BufferedWriter(new OutputStreamWriter(socket.getOutputStream(), getControlEncoding()));
if (isClientMode) {
if (hostnameVerifier != null && !hostnameVerifier.verify(host, socket.getSession())) {
throw new SSLHandshakeException("Hostname doesn't match certificate");
}
}
}
/** Create SSL socket. */
SSLSocket create() throws IOException {
InetSocketAddress addr = cfg.getAddress();
SSLSocket sock = (SSLSocket)getSslSocketFactory(cfg).createSocket(addr.getHostName(), addr.getPort());
sock.setUseClientMode(true);
sock.startHandshake();
return sock;
}