下面列出了javax.net.ssl.SSLServerSocket#setEnabledProtocols ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
JSSEServer(CipherTestUtils cipherTest, int serverPort,
String protocol, String cipherSuite) throws Exception {
super(cipherTest);
this.serverPort = serverPort;
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
new TrustManager[]{cipherTest.getServerTrustManager()},
CipherTestUtils.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory)serverContext.getServerSocketFactory();
serverSocket =
(SSLServerSocket) factory.createServerSocket(serverPort);
serverSocket.setEnabledProtocols(protocol.split(","));
serverSocket.setEnabledCipherSuites(cipherSuite.split(","));
CipherTestUtils.printInfo(serverSocket);
}
JSSEServer(CipherTestUtils cipherTest, int serverPort,
String protocol, String cipherSuite) throws Exception {
super(cipherTest);
this.serverPort = serverPort;
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
new TrustManager[]{cipherTest.getServerTrustManager()},
CipherTestUtils.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory)serverContext.getServerSocketFactory();
serverSocket =
(SSLServerSocket) factory.createServerSocket(serverPort);
serverSocket.setEnabledProtocols(protocol.split(","));
serverSocket.setEnabledCipherSuites(cipherSuite.split(","));
CipherTestUtils.printInfo(serverSocket);
}
public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException
{
SSLServerSocketFactory factory = _context.getServerSocketFactory();
SSLServerSocket socket =
(SSLServerSocket) (host==null ?
factory.createServerSocket(port,backlog):
factory.createServerSocket(port,backlog,InetAddress.getByName(host)));
if (getWantClientAuth())
socket.setWantClientAuth(getWantClientAuth());
if (getNeedClientAuth())
socket.setNeedClientAuth(getNeedClientAuth());
socket.setEnabledCipherSuites(selectCipherSuites(
socket.getEnabledCipherSuites(),
socket.getSupportedCipherSuites()));
socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));
return socket;
}
final ServerSocket initSecure(int port) throws Exception {
ServerSocketFactory fac;
if (sslContext != null) {
fac = sslContext.getServerSocketFactory();
} else {
fac = SSLServerSocketFactory.getDefault();
}
SSLServerSocket se = (SSLServerSocket) fac.createServerSocket(port);
SSLParameters sslp = se.getSSLParameters();
sslp.setApplicationProtocols(new String[]{"h2"});
se.setSSLParameters(sslp);
se.setEnabledCipherSuites(se.getSupportedCipherSuites());
se.setEnabledProtocols(se.getSupportedProtocols());
// other initialisation here
return se;
}
public static SSLServerSocket createSSLServerSocket(Context context, int port) throws IOException {
// get ssl context
SSLContext sslcontext = null;
try {
sslcontext = initSSLContext(context);
} catch (Exception e) {
e.printStackTrace();
}
// make secure Connection
SSLServerSocketFactory factory = (SSLServerSocketFactory) sslcontext.getServerSocketFactory();
SSLServerSocket sslServerSocket = (SSLServerSocket) factory.createServerSocket(port);
if( Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN ) {
sslServerSocket.setEnabledProtocols(new String[] {"TLSv1","TLSv1.1","TLSv1.2"});
}
else {
sslServerSocket.setEnabledProtocols(new String[] {"TLSv1"});
}
sslServerSocket.setReuseAddress(true);
return sslServerSocket;
}
JSSEServer(CipherTestUtils cipherTest, int serverPort,
String protocol, String cipherSuite) throws Exception {
super(cipherTest);
this.serverPort = serverPort;
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
new TrustManager[]{cipherTest.getServerTrustManager()},
CipherTestUtils.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory)serverContext.getServerSocketFactory();
serverSocket =
(SSLServerSocket) factory.createServerSocket(serverPort);
serverSocket.setEnabledProtocols(protocol.split(","));
serverSocket.setEnabledCipherSuites(cipherSuite.split(","));
CipherTestUtils.printInfo(serverSocket);
}
JSSEServer(CipherTestUtils cipherTest, int serverPort,
String protocol, String cipherSuite) throws Exception {
super(cipherTest);
this.serverPort = serverPort;
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
new TrustManager[]{cipherTest.getServerTrustManager()},
CipherTestUtils.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory)serverContext.getServerSocketFactory();
serverSocket =
(SSLServerSocket) factory.createServerSocket(serverPort);
serverSocket.setEnabledProtocols(protocol.split(","));
serverSocket.setEnabledCipherSuites(cipherSuite.split(","));
CipherTestUtils.printInfo(serverSocket);
}
public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException {
SSLServerSocketFactory factory = sslContext.getServerSocketFactory();
SSLServerSocket socket =
(SSLServerSocket) (host==null ?
factory.createServerSocket(port, backlog):
factory.createServerSocket(port, backlog, InetAddress.getByName(host)));
if (sslConfig.getWantClientAuth())
socket.setWantClientAuth(sslConfig.getWantClientAuth());
if (sslConfig.getNeedClientAuth())
socket.setNeedClientAuth(sslConfig.getNeedClientAuth());
socket.setEnabledCipherSuites(selectCipherSuites(socket.getEnabledCipherSuites(),
socket.getSupportedCipherSuites()));
socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));
return socket;
}
JSSEServer(CipherTestUtils cipherTest, int serverPort,
String protocol, String cipherSuite) throws Exception {
super(cipherTest);
this.serverPort = serverPort;
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(new KeyManager[]{cipherTest.getServerKeyManager()},
new TrustManager[]{cipherTest.getServerTrustManager()},
CipherTestUtils.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory)serverContext.getServerSocketFactory();
serverSocket =
(SSLServerSocket) factory.createServerSocket(serverPort);
serverSocket.setEnabledProtocols(protocol.split(","));
serverSocket.setEnabledCipherSuites(cipherSuite.split(","));
CipherTestUtils.printInfo(serverSocket);
}
private ServerSocket createServerSocket() throws IOException {
final InetAddress inetAddress = hostname == null ? null : InetAddress.getByName(hostname);
if (sslContext == null) {
return new ServerSocket(port, 50, InetAddress.getByName(hostname));
} else {
final SSLServerSocket serverSocket = (SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket(port, 50, inetAddress);
serverSocket.setNeedClientAuth(true);
// Enforce custom protocols on socket
serverSocket.setEnabledProtocols(CertificateUtils.getCurrentSupportedTlsProtocolVersions());
return serverSocket;
}
}
@Override
public ServerSocket createServerSocket(int port) throws IOException {
SSLServerSocket sslServerSocket =
(SSLServerSocket) sslServerSocketFactory.createServerSocket(port, 0, bindAddress);
if (getEnabledCipherSuites() != null) {
sslServerSocket.setEnabledCipherSuites(getEnabledCipherSuites());
}
if (getEnabledProtocols() == null) {
sslServerSocket.setEnabledProtocols(defaultProtocols);
} else {
sslServerSocket.setEnabledProtocols(getEnabledProtocols());
}
sslServerSocket.setNeedClientAuth(getNeedClientAuth());
return sslServerSocket;
}
/**
* Configures the given SSL server socket with the requested cipher suites,
* protocol versions, and need for client authentication
*/
private void initServerSocket(ServerSocket ssocket) {
SSLServerSocket socket = (SSLServerSocket) ssocket;
socket.setEnabledCipherSuites(enabledCiphers);
socket.setEnabledProtocols(enabledProtocols);
// we don't know if client auth is needed -
// after parsing the request we may re-handshake
configureClientAuth(socket);
configureUseServerCipherSuitesOrder(socket);
}
private void setSslParams(final ServerSocket socket) {
if (socket instanceof SSLServerSocket) {
SSLServerSocket sslSocket = (SSLServerSocket) socket;
if (enabledCipherSuites.length > 0) {
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
}
if (enabledProtocols.length > 0) {
sslSocket.setEnabledProtocols(enabledProtocols);
}
}
}
/**
* Create a new ServerSocket that will not accept SSLv3 connections,
* but will accept TLSv1.x connections.
*/
protected ServerSocket newServerSocket(String host, int port,int backlog)
throws IOException {
SSLServerSocket socket = (SSLServerSocket)
super.newServerSocket(host, port, backlog);
ArrayList<String> nonSSLProtocols = new ArrayList<String>();
for (String p : socket.getEnabledProtocols()) {
if (!p.contains("SSLv3")) {
nonSSLProtocols.add(p);
}
}
socket.setEnabledProtocols(nonSSLProtocols.toArray(
new String[nonSSLProtocols.size()]));
return socket;
}
/**
* Create a new ServerSocket that will not accept SSLv3 connections,
* but will accept TLSv1.x connections.
*/
protected ServerSocket newServerSocket(String host, int port,int backlog)
throws IOException {
SSLServerSocket socket = (SSLServerSocket)
super.newServerSocket(host, port, backlog);
ArrayList<String> nonSSLProtocols = new ArrayList<String>();
for (String p : socket.getEnabledProtocols()) {
if (!p.contains("SSLv3")) {
nonSSLProtocols.add(p);
}
}
socket.setEnabledProtocols(nonSSLProtocols.toArray(
new String[nonSSLProtocols.size()]));
return socket;
}
private void configureServerSocket(SSLServerSocket socket) {
socket.setEnabledProtocols(protocols);
socket.setEnabledCipherSuites(cipherSuites);
socket.setNeedClientAuth(true);
}
private void configureServerSocket(SSLServerSocket socket) {
socket.setEnabledProtocols(protocols);
socket.setEnabledCipherSuites(cipherSuites);
socket.setNeedClientAuth(true);
}
public void start() throws TTransportException, UnknownHostException {
InetAddress inetAddress = InetAddress.getByName(hostName);
TSSLTransportFactory.TSSLTransportParameters params =
new TSSLTransportFactory.TSSLTransportParameters();
params.setKeyStore(keyStore, keyStorePassword);
TServerSocket serverTransport;
serverTransport = TSSLTransportFactory.getServerSocket(port, clientTimeout, inetAddress, params);
SSLServerSocket sslServerSocket = (javax.net.ssl.SSLServerSocket) serverTransport.getServerSocket();
OMElement sslEnabledProtocolsElement = ThriftAuthenticationConfigParser.getInstance()
.getConfigElement(ThriftAuthenticationConstants.CONFIG_SSL_ENABLED_PROTOCOLS);
if (sslEnabledProtocolsElement != null) {
String sslEnabledProtocols = sslEnabledProtocolsElement.getText();
if (StringUtils.isNotBlank(sslEnabledProtocols)) {
String[] sslProtocolsArray = sslEnabledProtocols.split(",");
sslServerSocket.setEnabledProtocols(sslProtocolsArray);
}
}
OMElement ciphersElement = ThriftAuthenticationConfigParser.getInstance()
.getConfigElement(ThriftAuthenticationConstants.CONFIG_CIPHERS);
if (ciphersElement != null) {
String ciphers = ciphersElement.getText();
if (StringUtils.isNotBlank(ciphers)) {
String[] ciphersArray = ciphers.split(",");
sslServerSocket.setEnabledCipherSuites(ciphersArray);
}
}
AuthenticatorService.Processor<AuthenticatorServiceImpl> processor =
new AuthenticatorService.Processor<AuthenticatorServiceImpl>(
new AuthenticatorServiceImpl(thriftAuthenticatorService));
authenticationServer = new TThreadPoolServer(
new TThreadPoolServer.Args(serverTransport).processor(processor));
Thread thread = new Thread(new ServerRunnable(authenticationServer));
if (log.isDebugEnabled()) {
log.debug("Thrift Authentication Service started at ssl://" + hostName + ":" + port);
}
thread.start();
}
public TServer buildTServer(Args args)
{
final InetSocketAddress addr = args.addr;
TServerTransport serverTransport;
try
{
final ClientEncryptionOptions clientEnc = DatabaseDescriptor.getClientEncryptionOptions();
if (clientEnc.enabled)
{
logger.info("enabling encrypted thrift connections between client and server");
TSSLTransportParameters params = new TSSLTransportParameters(clientEnc.protocol, clientEnc.cipher_suites);
params.setKeyStore(clientEnc.keystore, clientEnc.keystore_password);
if (clientEnc.require_client_auth)
{
params.setTrustStore(clientEnc.truststore, clientEnc.truststore_password);
params.requireClientAuth(true);
}
TServerSocket sslServer = TSSLTransportFactory.getServerSocket(addr.getPort(), 0, addr.getAddress(), params);
SSLServerSocket sslServerSocket = (SSLServerSocket) sslServer.getServerSocket();
sslServerSocket.setEnabledProtocols(SSLFactory.ACCEPTED_PROTOCOLS);
serverTransport = new TCustomServerSocket(sslServer.getServerSocket(), args.keepAlive, args.sendBufferSize, args.recvBufferSize);
}
else
{
serverTransport = new TCustomServerSocket(addr, args.keepAlive, args.sendBufferSize, args.recvBufferSize, args.listenBacklog);
}
}
catch (TTransportException e)
{
throw new RuntimeException(String.format("Unable to create thrift socket to %s:%s", addr.getAddress(), addr.getPort()), e);
}
// ThreadPool Server and will be invocation per connection basis...
TThreadPoolServer.Args serverArgs = new TThreadPoolServer.Args(serverTransport)
.minWorkerThreads(DatabaseDescriptor.getRpcMinThreads())
.maxWorkerThreads(DatabaseDescriptor.getRpcMaxThreads())
.inputTransportFactory(args.inTransportFactory)
.outputTransportFactory(args.outTransportFactory)
.inputProtocolFactory(args.tProtocolFactory)
.outputProtocolFactory(args.tProtocolFactory)
.processor(args.processor);
ExecutorService executorService = new ThreadPoolExecutor(serverArgs.minWorkerThreads,
serverArgs.maxWorkerThreads,
60,
TimeUnit.SECONDS,
new SynchronousQueue<Runnable>(),
new NamedThreadFactory("Thrift"));
return new CustomTThreadPoolServer(serverArgs, executorService);
}
/**
* Creates the SSL ServerSocket.
*/
public ServerSocketBar create(InetAddress host, int port)
throws IOException, GeneralSecurityException
{
SSLServerSocketFactory ssFactory = null;
if (_keyStore != null) {
SSLContext sslContext = SSLContext.getInstance(_sslContext);
KeyManagerFactory kmf
= KeyManagerFactory.getInstance(keyManagerFactory());
kmf.init(_keyStore, keyStorePassword().toCharArray());
sslContext.init(kmf.getKeyManagers(), null, null);
/*
if (_cipherSuites != null)
sslContext.createSSLEngine().setEnabledCipherSuites(_cipherSuites);
if (_protocols != null)
sslContext.createSSLEngine().setEnabledProtocols(_protocols);
*/
SSLEngine engine = sslContext.createSSLEngine();
engine.setEnabledProtocols(enabledProtocols(engine.getSupportedProtocols()));
ssFactory = sslContext.getServerSocketFactory();
}
else {
ssFactory = createAnonymousServerFactory(host, port);
}
ServerSocket serverSocket;
int listen = 100;
if (host == null)
serverSocket = ssFactory.createServerSocket(port, listen);
else
serverSocket = ssFactory.createServerSocket(port, listen, host);
SSLServerSocket sslServerSocket = (SSLServerSocket) serverSocket;
if (_cipherSuites != null) {
sslServerSocket.setEnabledCipherSuites(_cipherSuites);
}
if (_cipherSuitesForbidden != null) {
String []cipherSuites = sslServerSocket.getEnabledCipherSuites();
if (cipherSuites == null)
cipherSuites = sslServerSocket.getSupportedCipherSuites();
ArrayList<String> cipherList = new ArrayList<String>();
for (String cipher : cipherSuites) {
if (! isCipherForbidden(cipher, _cipherSuitesForbidden)) {
cipherList.add(cipher);
}
}
cipherSuites = new String[cipherList.size()];
cipherList.toArray(cipherSuites);
sslServerSocket.setEnabledCipherSuites(cipherSuites);
}
sslServerSocket.setEnabledProtocols(enabledProtocols(sslServerSocket.getSupportedProtocols()));
if ("required".equals(_verifyClient))
sslServerSocket.setNeedClientAuth(true);
else if ("optional".equals(_verifyClient))
sslServerSocket.setWantClientAuth(true);
return new ServerSocketWrapper(serverSocket);
}