下面列出了javax.net.ssl.SSLParameters#getCipherSuites ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/**
* Returns an array of anonym cipher suits supported by the default {@link SSLContext} or
* {@code null}, if accessing the default SSLContext fails.
* <p>
* {@link SslRMIClientSocketFactory} and {@link SslRMIServerSocketFactory} and therefore
* {@link AnonSslClientSocketFactory} and {@link AnonSslServerSocketFactory} use the
* default SSLContext to create SSL sockets (unless it is set explicitly).
* The default SSLContext is therefore used to access the supported chipher suites and filter
* the anonym ones.
* </p>
* Note: Getting the default SSLContext only works, if the system properties for keystore and
* truststore are not set or if they are set and the corresponding files exist.
*
* @return An array of anonym cipher suits supported by the default ssl context or {@code null},
* if accessing the default SSLContext fails.
*/
@Nullable
public static String[] getAnonymousCipherSuites() {
try {
SSLParameters parameters = SSLContext.getDefault().getSupportedSSLParameters();
List<String> anonymousCipherSuites = new ArrayList<>();
for (String supportedCipherSuite : parameters.getCipherSuites()) {
if (supportedCipherSuite.toLowerCase().contains("anon")) {
anonymousCipherSuites.add(supportedCipherSuite);
}
}
return anonymousCipherSuites.toArray(new String[anonymousCipherSuites.size()]);
}
catch (NoSuchAlgorithmException ex) {
LOG.error("Error accessing the default SSLContext.", ex);
return null;
}
}
public void test_SSLSocket_getSSLParameters() throws Exception {
SSLSocketFactory sf = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket ssl = (SSLSocket) sf.createSocket();
SSLParameters p = ssl.getSSLParameters();
assertNotNull(p);
String[] cipherSuites = p.getCipherSuites();
assertNotSame(cipherSuites, ssl.getEnabledCipherSuites());
assertEquals(Arrays.asList(cipherSuites), Arrays.asList(ssl.getEnabledCipherSuites()));
String[] protocols = p.getProtocols();
assertNotSame(protocols, ssl.getEnabledProtocols());
assertEquals(Arrays.asList(protocols), Arrays.asList(ssl.getEnabledProtocols()));
assertEquals(p.getWantClientAuth(), ssl.getWantClientAuth());
assertEquals(p.getNeedClientAuth(), ssl.getNeedClientAuth());
assertNull(p.getEndpointIdentificationAlgorithm());
p.setEndpointIdentificationAlgorithm(null);
assertNull(p.getEndpointIdentificationAlgorithm());
p.setEndpointIdentificationAlgorithm("HTTPS");
assertEquals("HTTPS", p.getEndpointIdentificationAlgorithm());
p.setEndpointIdentificationAlgorithm("FOO");
assertEquals("FOO", p.getEndpointIdentificationAlgorithm());
}
@Override
public RMIServerSocketFactory getServerSocketFactory() {
SSLContext context = secureSslContextFactory.createServerContext();
SSLParameters param = context.getSupportedSSLParameters();
return new SslRMIServerSocketFactory(context,
param.getCipherSuites(),
param.getProtocols(),
param.getWantClientAuth());
}
private String getConnectionDebugInfo() {
String msg = "";
msg += "\nSystem properties\n";
for (Object key : System.getProperties().keySet()) {
msg += key + ": \t" + System.getProperty(key.toString()) + "\n";
}
try {
SSLParameters sslParams = SSLContext.getDefault().getSupportedSSLParameters();
msg += "\nProtocols\n";
for (String protocol : sslParams.getProtocols()) {
msg += protocol + "\n";
}
msg += "\nCipher suites\n";
for (String cipher : sslParams.getCipherSuites()) {
msg += cipher + "\n";
}
} catch (NoSuchAlgorithmException e) {
logger.error("failed to get ssl debug info", e);
msg += "failed to get ssl debug info\n";
}
return msg;
}
void setSSLParameters(SSLParameters params) {
AlgorithmConstraints ac = params.getAlgorithmConstraints();
if (ac != null) {
this.userSpecifiedAlgorithmConstraints = ac;
} // otherwise, use the default value
String[] sa = params.getCipherSuites();
if (sa != null) {
this.enabledCipherSuites = CipherSuite.validValuesOf(sa);
} // otherwise, use the default values
sa = params.getProtocols();
if (sa != null) {
this.enabledProtocols = ProtocolVersion.namesOf(sa);
this.maximumProtocolVersion = ProtocolVersion.NONE;
for (ProtocolVersion pv : enabledProtocols) {
if (pv.compareTo(maximumProtocolVersion) > 0) {
this.maximumProtocolVersion = pv;
}
}
} // otherwise, use the default values
if (params.getNeedClientAuth()) {
this.clientAuthType = ClientAuthType.CLIENT_AUTH_REQUIRED;
} else if (params.getWantClientAuth()) {
this.clientAuthType = ClientAuthType.CLIENT_AUTH_REQUESTED;
} else {
this.clientAuthType = ClientAuthType.CLIENT_AUTH_NONE;
}
String s = params.getEndpointIdentificationAlgorithm();
if (s != null) {
this.identificationProtocol = s;
} // otherwise, use the default value
List<SNIServerName> sniNames = params.getServerNames();
if (sniNames != null) {
this.noSniExtension = sniNames.isEmpty();
this.serverNames = sniNames;
} // null if none has been set
Collection<SNIMatcher> matchers = params.getSNIMatchers();
if (matchers != null) {
this.noSniMatcher = matchers.isEmpty();
this.sniMatchers = matchers;
} // null if none has been set
if (params instanceof org.openjsse.javax.net.ssl.SSLParameters) {
sa = ((org.openjsse.javax.net.ssl.SSLParameters)params).getApplicationProtocols();
if (sa != null) {
this.applicationProtocols = sa;
} // otherwise, use the default values
this.enableRetransmissions = ((org.openjsse.javax.net.ssl.SSLParameters)params).getEnableRetransmissions();
this.maximumPacketSize = ((org.openjsse.javax.net.ssl.SSLParameters)params).getMaximumPacketSize();
}
this.preferLocalCipherSuites = params.getUseCipherSuitesOrder();
}
void setSSLParameters(SSLParameters params) {
AlgorithmConstraints ac = params.getAlgorithmConstraints();
if (ac != null) {
this.algorithmConstraints = ac;
} // otherwise, use the default value
String[] sa = params.getCipherSuites();
if (sa != null) {
this.enabledCipherSuites = CipherSuite.validValuesOf(sa);
} // otherwise, use the default values
sa = params.getProtocols();
if (sa != null) {
this.enabledProtocols = ProtocolVersion.namesOf(sa);
this.maximumProtocolVersion = ProtocolVersion.NONE;
for (ProtocolVersion pv : enabledProtocols) {
if (pv.compareTo(maximumProtocolVersion) > 0) {
this.maximumProtocolVersion = pv;
}
}
} // otherwise, use the default values
if (params.getNeedClientAuth()) {
this.clientAuthType = ClientAuthType.CLIENT_AUTH_REQUIRED;
} else if (params.getWantClientAuth()) {
this.clientAuthType = ClientAuthType.CLIENT_AUTH_REQUESTED;
} else {
this.clientAuthType = ClientAuthType.CLIENT_AUTH_NONE;
}
String s = params.getEndpointIdentificationAlgorithm();
if (s != null) {
this.identificationProtocol = s;
} // otherwise, use the default value
List<SNIServerName> sniNames = params.getServerNames();
if (sniNames != null) {
this.noSniExtension = sniNames.isEmpty();
this.serverNames = sniNames;
} // null if none has been set
Collection<SNIMatcher> matchers = params.getSNIMatchers();
if (matchers != null) {
this.noSniMatcher = matchers.isEmpty();
this.sniMatchers = matchers;
} // null if none has been set
sa = params.getApplicationProtocols();
if (sa != null) {
this.applicationProtocols = sa;
} // otherwise, use the default values
this.preferLocalCipherSuites = params.getUseCipherSuitesOrder();
this.enableRetransmissions = params.getEnableRetransmissions();
this.maximumPacketSize = params.getMaximumPacketSize();
}
private static SSLConnectionSocketFactory createSslSocketFactory(TlsContext tlsContext) {
SSLParameters parameters = tlsContext.parameters();
return new SSLConnectionSocketFactory(tlsContext.context(), parameters.getProtocols(), parameters.getCipherSuites(), new NoopHostnameVerifier());
}