下面列出了javax.net.ssl.SSLServerSocket#setEnabledCipherSuites ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/**
* Set the server socket configuration to our required
* QOS values.
*
* A small experiment shows that setting either (want, need) parameter to either true or false sets the
* other parameter to false.
*
* @param serverSocket
* The newly created SSLServerSocket.
*
* @throws IOException if server socket can't be configured
*/
private void configureServerSocket(SSLServerSocket serverSocket) throws IOException {
// set the authentication value and cipher suite info.
serverSocket.setEnabledCipherSuites(cipherSuites);
if (clientAuthRequired) {
serverSocket.setNeedClientAuth(true);
} else if (clientAuthSupported) {
serverSocket.setWantClientAuth(true);
} else {
serverSocket.setNeedClientAuth(false); //could set want with the same effect
}
serverSocket.setSoTimeout(SOCKET_TIMEOUT_MS);
if (log.isDebugEnabled()) {
log.debug("Created SSL server socket on port " + serverSocket.getLocalPort());
log.debug(" client authentication " + (clientAuthSupported ? "SUPPORTED" : "UNSUPPORTED"));
log.debug(" client authentication " + (clientAuthRequired ? "REQUIRED" : "OPTIONAL"));
log.debug(" cipher suites:");
for (int i = 0; i < cipherSuites.length; i++) {
log.debug(" " + cipherSuites[i]);
}
}
}
JSSEServer(CipherTestUtils cipherTest, int serverPort,
String protocol, String cipherSuite) throws Exception {
super(cipherTest);
this.serverPort = serverPort;
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
new TrustManager[]{cipherTest.getServerTrustManager()},
CipherTestUtils.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory)serverContext.getServerSocketFactory();
serverSocket =
(SSLServerSocket) factory.createServerSocket(serverPort);
serverSocket.setEnabledProtocols(protocol.split(","));
serverSocket.setEnabledCipherSuites(cipherSuite.split(","));
CipherTestUtils.printInfo(serverSocket);
}
public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException {
SSLServerSocketFactory factory = sslContext.getServerSocketFactory();
SSLServerSocket socket =
(SSLServerSocket) (host==null ?
factory.createServerSocket(port, backlog):
factory.createServerSocket(port, backlog, InetAddress.getByName(host)));
if (sslConfig.getWantClientAuth())
socket.setWantClientAuth(sslConfig.getWantClientAuth());
if (sslConfig.getNeedClientAuth())
socket.setNeedClientAuth(sslConfig.getNeedClientAuth());
socket.setEnabledCipherSuites(selectCipherSuites(socket.getEnabledCipherSuites(),
socket.getSupportedCipherSuites()));
socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));
return socket;
}
JSSEServer(CipherTestUtils cipherTest, int serverPort,
String protocol, String cipherSuite) throws Exception {
super(cipherTest);
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
new TrustManager[]{cipherTest.getServerTrustManager()},
CipherTestUtils.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory)serverContext.getServerSocketFactory();
serverSocket =
(SSLServerSocket) factory.createServerSocket(serverPort);
serverSocket.setEnabledProtocols(protocol.split(","));
serverSocket.setEnabledCipherSuites(cipherSuite.split(","));
CipherTestUtils.printInfo(serverSocket);
}
JSSEServer(CipherTestUtils cipherTest, int serverPort,
String protocol, String cipherSuite) throws Exception {
super(cipherTest);
this.serverPort = serverPort;
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
new TrustManager[]{cipherTest.getServerTrustManager()},
CipherTestUtils.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory)serverContext.getServerSocketFactory();
serverSocket =
(SSLServerSocket) factory.createServerSocket(serverPort);
serverSocket.setEnabledProtocols(protocol.split(","));
serverSocket.setEnabledCipherSuites(cipherSuite.split(","));
CipherTestUtils.printInfo(serverSocket);
}
JSSEServer(CipherTestUtils cipherTest, int serverPort,
String protocol, String cipherSuite) throws Exception {
super(cipherTest);
this.serverPort = serverPort;
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
new TrustManager[]{cipherTest.getServerTrustManager()},
CipherTestUtils.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory)serverContext.getServerSocketFactory();
serverSocket =
(SSLServerSocket) factory.createServerSocket(serverPort);
serverSocket.setEnabledProtocols(protocol.split(","));
serverSocket.setEnabledCipherSuites(cipherSuite.split(","));
CipherTestUtils.printInfo(serverSocket);
}
final ServerSocket initSecure(int port) throws Exception {
ServerSocketFactory fac;
if (sslContext != null) {
fac = sslContext.getServerSocketFactory();
} else {
fac = SSLServerSocketFactory.getDefault();
}
SSLServerSocket se = (SSLServerSocket) fac.createServerSocket(port);
SSLParameters sslp = se.getSSLParameters();
sslp.setApplicationProtocols(new String[]{"h2"});
se.setSSLParameters(sslp);
se.setEnabledCipherSuites(se.getSupportedCipherSuites());
se.setEnabledProtocols(se.getSupportedProtocols());
// other initialisation here
return se;
}
static SSLEchoServer init(String cipherSuiteFilter,
String sniPattern) throws NoSuchAlgorithmException, IOException {
SSLContext context = SSLContext.getDefault();
SSLServerSocketFactory ssf =
(SSLServerSocketFactory) context.getServerSocketFactory();
SSLServerSocket ssocket =
(SSLServerSocket) ssf.createServerSocket(0);
// specify enabled cipher suites
if (cipherSuiteFilter != null) {
String[] ciphersuites = UnboundSSLUtils.filterStringArray(
ssf.getSupportedCipherSuites(), cipherSuiteFilter);
System.out.println("Server: enabled cipher suites: "
+ Arrays.toString(ciphersuites));
ssocket.setEnabledCipherSuites(ciphersuites);
}
// specify SNI matcher pattern
if (sniPattern != null) {
System.out.println("Server: set SNI matcher: " + sniPattern);
SNIMatcher matcher = SNIHostName.createSNIMatcher(sniPattern);
List<SNIMatcher> matchers = new ArrayList<>();
matchers.add(matcher);
SSLParameters params = ssocket.getSSLParameters();
params.setSNIMatchers(matchers);
ssocket.setSSLParameters(params);
}
return new SSLEchoServer(ssocket);
}
static SSLServer init(String[] ciphersuites)
throws IOException {
SSLServerSocketFactory ssf = (SSLServerSocketFactory)
SSLServerSocketFactory.getDefault();
SSLServerSocket ssocket = (SSLServerSocket)
ssf.createServerSocket(0);
if (ciphersuites != null) {
System.out.println("Server: enable cipher suites: "
+ java.util.Arrays.toString(ciphersuites));
ssocket.setEnabledCipherSuites(ciphersuites);
}
return new SSLServer(ssocket);
}
@Override
public SSLServerSocket createSSLServerSocket(final int port) throws IOException {
try {
final SSLServerSocketFactory ssf = this.sslContext.getServerSocketFactory();
final SSLServerSocket srvSock = (SSLServerSocket) ssf.createServerSocket(port);
srvSock.setEnabledProtocols(SSLUtils.getRecommendedProtocols());
srvSock.setEnabledCipherSuites(SSLUtils.getRecommendedCiphers());
s_logger.info("create SSL server socket on port: " + port);
return srvSock;
} catch (final Exception ioe) {
s_logger.error(ioe.toString(), ioe);
}
return null;
}
private static TServerSocket createServer(SSLServerSocketFactory factory, int port, int timeout, boolean clientAuth,
InetAddress ifAddress, TSSLTransportParameters params) throws TTransportException {
try {
SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(port, 100, ifAddress);
serverSocket.setSoTimeout(timeout);
serverSocket.setNeedClientAuth(clientAuth);
if (params != null && params.cipherSuites != null) {
serverSocket.setEnabledCipherSuites(params.cipherSuites);
}
return new TServerSocket(serverSocket, timeout);
} catch (Exception e) {
throw new TTransportException("Could not bind to port " + port, e);
}
}
static SSLEchoServer init(String cipherSuiteFilter,
String sniPattern) throws NoSuchAlgorithmException, IOException {
SSLContext context = SSLContext.getDefault();
SSLServerSocketFactory ssf =
(SSLServerSocketFactory) context.getServerSocketFactory();
SSLServerSocket ssocket =
(SSLServerSocket) ssf.createServerSocket(0);
// specify enabled cipher suites
if (cipherSuiteFilter != null) {
String[] ciphersuites = UnboundSSLUtils.filterStringArray(
ssf.getSupportedCipherSuites(), cipherSuiteFilter);
System.out.println("Server: enabled cipher suites: "
+ Arrays.toString(ciphersuites));
ssocket.setEnabledCipherSuites(ciphersuites);
}
// specify SNI matcher pattern
if (sniPattern != null) {
System.out.println("Server: set SNI matcher: " + sniPattern);
SNIMatcher matcher = SNIHostName.createSNIMatcher(sniPattern);
List<SNIMatcher> matchers = new ArrayList<>();
matchers.add(matcher);
SSLParameters params = ssocket.getSSLParameters();
params.setSNIMatchers(matchers);
ssocket.setSSLParameters(params);
}
return new SSLEchoServer(ssocket);
}
static SSLServer init(String[] ciphersuites)
throws IOException {
SSLServerSocketFactory ssf = (SSLServerSocketFactory)
SSLServerSocketFactory.getDefault();
SSLServerSocket ssocket = (SSLServerSocket)
ssf.createServerSocket(0);
if (ciphersuites != null) {
System.out.println("Server: enable cipher suites: "
+ java.util.Arrays.toString(ciphersuites));
ssocket.setEnabledCipherSuites(ciphersuites);
}
return new SSLServer(ssocket);
}
static SSLServer init(String[] ciphersuites)
throws IOException {
SSLServerSocketFactory ssf = (SSLServerSocketFactory)
SSLServerSocketFactory.getDefault();
SSLServerSocket ssocket = (SSLServerSocket)
ssf.createServerSocket(0);
if (ciphersuites != null) {
System.out.println("Server: enable cipher suites: "
+ java.util.Arrays.toString(ciphersuites));
ssocket.setEnabledCipherSuites(ciphersuites);
}
return new SSLServer(ssocket);
}
@Override
public ServerSocket createServerSocket(int port) throws IOException {
SSLServerSocket sslServerSocket =
(SSLServerSocket) sslServerSocketFactory.createServerSocket(port, 0, bindAddress);
if (getEnabledCipherSuites() != null) {
sslServerSocket.setEnabledCipherSuites(getEnabledCipherSuites());
}
if (getEnabledProtocols() == null) {
sslServerSocket.setEnabledProtocols(defaultProtocols);
} else {
sslServerSocket.setEnabledProtocols(getEnabledProtocols());
}
sslServerSocket.setNeedClientAuth(getNeedClientAuth());
return sslServerSocket;
}
/**
* Configures the given SSL server socket with the requested cipher suites,
* protocol versions, and need for client authentication
*/
private void initServerSocket(ServerSocket ssocket) {
SSLServerSocket socket = (SSLServerSocket) ssocket;
socket.setEnabledCipherSuites(enabledCiphers);
socket.setEnabledProtocols(enabledProtocols);
// we don't know if client auth is needed -
// after parsing the request we may re-handshake
configureClientAuth(socket);
configureUseServerCipherSuitesOrder(socket);
}
static SSLEchoServer init(String cipherSuiteFilter,
String sniPattern) throws NoSuchAlgorithmException, IOException {
SSLContext context = SSLContext.getDefault();
SSLServerSocketFactory ssf =
(SSLServerSocketFactory) context.getServerSocketFactory();
SSLServerSocket ssocket =
(SSLServerSocket) ssf.createServerSocket(0);
// specify enabled cipher suites
if (cipherSuiteFilter != null) {
String[] ciphersuites = UnboundSSLUtils.filterStringArray(
ssf.getSupportedCipherSuites(), cipherSuiteFilter);
System.out.println("Server: enabled cipher suites: "
+ Arrays.toString(ciphersuites));
ssocket.setEnabledCipherSuites(ciphersuites);
}
// specify SNI matcher pattern
if (sniPattern != null) {
System.out.println("Server: set SNI matcher: " + sniPattern);
SNIMatcher matcher = SNIHostName.createSNIMatcher(sniPattern);
List<SNIMatcher> matchers = new ArrayList<>();
matchers.add(matcher);
SSLParameters params = ssocket.getSSLParameters();
params.setSNIMatchers(matchers);
ssocket.setSSLParameters(params);
}
return new SSLEchoServer(ssocket);
}
static SSLServer init(String[] ciphersuites)
throws IOException {
SSLServerSocketFactory ssf = (SSLServerSocketFactory)
SSLServerSocketFactory.getDefault();
SSLServerSocket ssocket = (SSLServerSocket)
ssf.createServerSocket(0);
if (ciphersuites != null) {
System.out.println("Server: enable cipher suites: "
+ java.util.Arrays.toString(ciphersuites));
ssocket.setEnabledCipherSuites(ciphersuites);
}
return new SSLServer(ssocket);
}
private void configureServerSocket(SSLServerSocket socket) {
socket.setEnabledProtocols(protocols);
socket.setEnabledCipherSuites(cipherSuites);
socket.setNeedClientAuth(true);
}
public void start() throws TTransportException, UnknownHostException {
InetAddress inetAddress = InetAddress.getByName(hostName);
TSSLTransportFactory.TSSLTransportParameters params =
new TSSLTransportFactory.TSSLTransportParameters();
params.setKeyStore(keyStore, keyStorePassword);
TServerSocket serverTransport;
serverTransport = TSSLTransportFactory.getServerSocket(port, clientTimeout, inetAddress, params);
SSLServerSocket sslServerSocket = (javax.net.ssl.SSLServerSocket) serverTransport.getServerSocket();
OMElement sslEnabledProtocolsElement = ThriftAuthenticationConfigParser.getInstance()
.getConfigElement(ThriftAuthenticationConstants.CONFIG_SSL_ENABLED_PROTOCOLS);
if (sslEnabledProtocolsElement != null) {
String sslEnabledProtocols = sslEnabledProtocolsElement.getText();
if (StringUtils.isNotBlank(sslEnabledProtocols)) {
String[] sslProtocolsArray = sslEnabledProtocols.split(",");
sslServerSocket.setEnabledProtocols(sslProtocolsArray);
}
}
OMElement ciphersElement = ThriftAuthenticationConfigParser.getInstance()
.getConfigElement(ThriftAuthenticationConstants.CONFIG_CIPHERS);
if (ciphersElement != null) {
String ciphers = ciphersElement.getText();
if (StringUtils.isNotBlank(ciphers)) {
String[] ciphersArray = ciphers.split(",");
sslServerSocket.setEnabledCipherSuites(ciphersArray);
}
}
AuthenticatorService.Processor<AuthenticatorServiceImpl> processor =
new AuthenticatorService.Processor<AuthenticatorServiceImpl>(
new AuthenticatorServiceImpl(thriftAuthenticatorService));
authenticationServer = new TThreadPoolServer(
new TThreadPoolServer.Args(serverTransport).processor(processor));
Thread thread = new Thread(new ServerRunnable(authenticationServer));
if (log.isDebugEnabled()) {
log.debug("Thrift Authentication Service started at ssl://" + hostName + ":" + port);
}
thread.start();
}