下面列出了javax.net.ssl.SSLSocket#getSSLParameters ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@RequiresApi(api = Build.VERSION_CODES.KITKAT)
@Override
public void configureTlsExtensions(SSLSocket sslSocket, String hostname,
List<Protocol> protocols) {
try {
SSLParameters sslParameters = sslSocket.getSSLParameters();
List<String> names = alpnProtocolNames(protocols);
setProtocolMethod.invoke(sslParameters,
new Object[] {names.toArray(new String[names.size()])});
sslSocket.setSSLParameters(sslParameters);
} catch (IllegalAccessException | InvocationTargetException e) {
throw new AssertionError();
}
}
@Override
public void configureTlsExtensions(SSLSocket sslSocket, String hostname,
List<Protocol> protocols) {
try {
SSLParameters sslParameters = sslSocket.getSSLParameters();
List<String> names = alpnProtocolNames(protocols);
setProtocolMethod.invoke(sslParameters,
new Object[] {names.toArray(new String[names.size()])});
sslSocket.setSSLParameters(sslParameters);
} catch (IllegalAccessException | InvocationTargetException e) {
throw new AssertionError();
}
}
public static void main(String[] args) throws IOException{
System.setProperty("javax.net.ssl.keyStore", "C:/Users/Martin/sample.pfx");
System.setProperty("javax.net.ssl.keyStorePassword", "sample");
SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
ServerSocket ss = ssf.createServerSocket(4444);
while (true) {
SSLSocket s = (SSLSocket) ss.accept();
SSLParameters params = s.getSSLParameters();
s.setSSLParameters(params);
BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));
String line = null;
PrintStream out = new PrintStream(s.getOutputStream());
while (((line = in.readLine()) != null)) {
System.out.println(line);
out.println("Hi, client");
}
in.close();
out.close();
s.close();
}
}
public static void main(String[] args) throws InterruptedException {
try {
System.setProperty("javax.net.ssl.trustStore", "C:/Users/Martin/sample.pfx");
System.setProperty("javax.net.ssl.trustStorePassword", "sample");
SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket s = (SSLSocket) ssf.createSocket("127.0.0.1", 4444);
SSLParameters params = s.getSSLParameters();
s.setSSLParameters(params);
PrintWriter out = new PrintWriter(s.getOutputStream(), true);
out.println("Hi, server.");
BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));
String x = in.readLine();
System.out.println(x);
System.out.println("Used protocol: " + s.getApplicationProtocol());
out.close();
in.close();
s.close();
} catch (Exception ex) {
ex.printStackTrace();
}
}
public static void main(String[] args) throws IOException{
System.setProperty("javax.net.ssl.keyStore", "C:/Users/Martin/sample.pfx");
System.setProperty("javax.net.ssl.keyStorePassword", "sample");
SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
ServerSocket ss = ssf.createServerSocket(4444);
while (true) {
SSLSocket s = (SSLSocket) ss.accept();
SSLParameters params = s.getSSLParameters();
s.setSSLParameters(params);
BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));
String line = null;
PrintStream out = new PrintStream(s.getOutputStream());
while (((line = in.readLine()) != null)) {
System.out.println(line);
out.println("Hi, client");
}
in.close();
out.close();
s.close();
}
}
public static void main(String[] args) throws InterruptedException {
try {
System.setProperty("javax.net.ssl.trustStore", "C:/Users/Martin/sample.pfx");
System.setProperty("javax.net.ssl.trustStorePassword", "sample");
SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket s = (SSLSocket) ssf.createSocket("127.0.0.1", 4444);
SSLParameters params = s.getSSLParameters();
s.setSSLParameters(params);
PrintWriter out = new PrintWriter(s.getOutputStream(), true);
out.println("Hi, server.");
BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));
String x = in.readLine();
System.out.println(x);
System.out.println("Used protocol: " + s.getApplicationProtocol());
out.close();
in.close();
s.close();
} catch (Exception ex) {
ex.printStackTrace();
}
}
public void test_SSLSocket_getSSLParameters() throws Exception {
SSLSocketFactory sf = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket ssl = (SSLSocket) sf.createSocket();
SSLParameters p = ssl.getSSLParameters();
assertNotNull(p);
String[] cipherSuites = p.getCipherSuites();
assertNotSame(cipherSuites, ssl.getEnabledCipherSuites());
assertEquals(Arrays.asList(cipherSuites), Arrays.asList(ssl.getEnabledCipherSuites()));
String[] protocols = p.getProtocols();
assertNotSame(protocols, ssl.getEnabledProtocols());
assertEquals(Arrays.asList(protocols), Arrays.asList(ssl.getEnabledProtocols()));
assertEquals(p.getWantClientAuth(), ssl.getWantClientAuth());
assertEquals(p.getNeedClientAuth(), ssl.getNeedClientAuth());
assertNull(p.getEndpointIdentificationAlgorithm());
p.setEndpointIdentificationAlgorithm(null);
assertNull(p.getEndpointIdentificationAlgorithm());
p.setEndpointIdentificationAlgorithm("HTTPS");
assertEquals("HTTPS", p.getEndpointIdentificationAlgorithm());
p.setEndpointIdentificationAlgorithm("FOO");
assertEquals("FOO", p.getEndpointIdentificationAlgorithm());
}
public static SSLSocket convertToServerSSLSocket(Socket socket, String commonName, CA ca, InputStream is) throws Exception {
SSLContext sslContext = createSSLContext(commonName, ca);
SSLSocketFactory ssf = sslContext.getSocketFactory();
SSLSocket ssl_socket = (SSLSocket)ssf.createSocket(socket, is, true);
ssl_socket.setUseClientMode(false);
SSLParameters sslp = ssl_socket.getSSLParameters();
String[] serverAPs ={ "h2", "http/1.1", "http/1.0" };
sslp.setApplicationProtocols(serverAPs);
ssl_socket.setSSLParameters(sslp);
ssl_socket.startHandshake();
return ssl_socket;
}
public static SSLSocket convertToClientSSLSocket(Socket socket, String alpn) throws Exception {
SSLSocketFactory ssf = createSSLSocketFactory();
SSLSocket sock = (SSLSocket) ssf.createSocket(socket, null, socket.getPort(), false);
SSLParameters sslp = sock.getSSLParameters();
String[] clientAPs;
if (alpn != null && alpn.length() > 0) {
clientAPs = new String[]{ alpn };
} else {
clientAPs = new String[]{ "h2", "http/1.1", "http/1.0" };
}
sslp.setApplicationProtocols(clientAPs);
sock.setSSLParameters(sslp);
sock.startHandshake();
return sock;
}
public static SSLSocket createClientSSLSocket(InetSocketAddress addr, String alpn) throws Exception {
SSLSocketFactory ssf = createSSLSocketFactory();
SSLSocket sock = (SSLSocket) ssf.createSocket(addr.getAddress(), addr.getPort());
SSLParameters sslp = sock.getSSLParameters();
String[] clientAPs;
if (alpn != null && alpn.length() > 0) {
clientAPs = new String[]{ alpn };
} else {
clientAPs = new String[]{ "h2", "http/1.1", "http/1.0" };
}
sslp.setApplicationProtocols(clientAPs);
sock.setSSLParameters(sslp);
sock.startHandshake();
return sock;
}
public static SSLSocket createClientSSLSocket(InetSocketAddress addr, String SNIServerName, String alpn) throws Exception {
/* SNI */
SNIHostName serverName = new SNIHostName(SNIServerName);
/* Fetch Client Certificate from ClientKeyManager */
Server server = Servers.getInstance().queryByAddress(addr);
clientKeyManagers = ClientKeyManager.getKeyManagers(server);
SSLSocketFactory ssf = createSSLSocketFactory();
SSLSocket sock = (SSLSocket) ssf.createSocket(addr.getAddress(), addr.getPort());
SSLParameters sslp = sock.getSSLParameters();
String[] clientAPs;
if (alpn != null && alpn.length() > 0) {
clientAPs = new String[]{ alpn };
} else {
clientAPs = new String[]{ "h2", "http/1.1", "http/1.0" };
}
sslp.setApplicationProtocols(clientAPs);
sock.setSSLParameters(sslp);
List<SNIServerName> serverNames = new ArrayList<>();
serverNames.add(serverName);
SSLParameters params = sock.getSSLParameters();
params.setServerNames(serverNames);
sock.setSSLParameters(params);
sock.startHandshake();
return sock;
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
throws CertificateException {
SSLSession session = null;
SSLParameters parameters = null;
if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket;
session = getHandshakeSessionOrThrow(sslSocket);
parameters = sslSocket.getSSLParameters();
}
checkTrusted(chain, authType, session, parameters, true /* client auth */);
}
/**
* Returns the full trusted certificate chain found from {@code certs}.
*
* Throws {@link CertificateException} when no trusted chain can be found from {@code certs}.
*/
public List<X509Certificate> getTrustedChainForServer(X509Certificate[] certs,
String authType, Socket socket) throws CertificateException {
SSLSession session = null;
SSLParameters parameters = null;
if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket;
session = getHandshakeSessionOrThrow(sslSocket);
parameters = sslSocket.getSSLParameters();
}
return checkTrusted(certs, authType, session, parameters, false /* client auth */);
}
private void overrideHostnameVerificationForClient(Socket socket) {
if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket;
SSLParameters params = sslSocket.getSSLParameters();
if (overrideHostnameVerificationForClient(params)) {
sslSocket.setSSLParameters(params);
}
}
}
private void disableSNI(SSLSocket socket) {
// effectively disable SNI by passing an empty server name list (works only in Java 8 or higher)
SSLParameters sslParameters = socket.getSSLParameters();
Method setServerNamesMethod;
try {
setServerNamesMethod = sslParameters.getClass().getMethod("setServerNames", List.class);
setServerNamesMethod.invoke(sslParameters, new ArrayList<Object>());
socket.setSSLParameters(sslParameters);
} catch (Exception e) {
// Java 6/7, nothing we can do here (setting jsse.enableSNIExtension wouldn't work here anymore)
}
}
private Socket prepareSocket(Socket socket) {
SSLSocket sslSocket = (SSLSocket)socket;
SSLParameters parameters = sslSocket.getSSLParameters();
parameters.setEndpointIdentificationAlgorithm("LDAPS");
sslSocket.setSSLParameters(parameters);
return sslSocket;
}
public void test_SSLSocket_SNIHostName() throws Exception {
TestSSLContext c = TestSSLContext.create();
final SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket();
SSLParameters clientParams = client.getSSLParameters();
clientParams.setServerNames(Collections.singletonList(
(SNIServerName) new SNIHostName("www.example.com")));
client.setSSLParameters(clientParams);
SSLParameters serverParams = c.serverSocket.getSSLParameters();
serverParams.setSNIMatchers(Collections.singletonList(
SNIHostName.createSNIMatcher("www\\.example\\.com")));
c.serverSocket.setSSLParameters(serverParams);
client.connect(new InetSocketAddress(c.host, c.port));
final SSLSocket server = (SSLSocket) c.serverSocket.accept();
ExecutorService executor = Executors.newSingleThreadExecutor();
Future<Void> future = executor.submit(new Callable<Void>() {
@Override public Void call() throws Exception {
client.startHandshake();
return null;
}
});
executor.shutdown();
server.startHandshake();
SSLSession serverSession = server.getSession();
assertTrue(serverSession instanceof ExtendedSSLSession);
ExtendedSSLSession extendedServerSession = (ExtendedSSLSession) serverSession;
List<SNIServerName> requestedNames = extendedServerSession.getRequestedServerNames();
assertNotNull(requestedNames);
assertEquals(1, requestedNames.size());
SNIServerName serverName = requestedNames.get(0);
assertEquals(StandardConstants.SNI_HOST_NAME, serverName.getType());
assertTrue(serverName instanceof SNIHostName);
SNIHostName serverHostName = (SNIHostName) serverName;
assertEquals("www.example.com", serverHostName.getAsciiName());
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
throws CertificateException {
if (socket instanceof SSLSocket) {
SSLSocket sslSocket = (SSLSocket) socket;
SSLParameters sslParams = sslSocket.getSSLParameters();
if (sslParams != null) {
sslParams.setEndpointIdentificationAlgorithm(null);
sslSocket.setSSLParameters(sslParams);
}
}
delegate.checkServerTrusted(chain, authType, socket);
verifySubjectAltNameInChain(chain);
}