下面列出了javax.net.ssl.SSLServerSocket#setNeedClientAuth ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException
{
SSLServerSocketFactory factory = _context.getServerSocketFactory();
SSLServerSocket socket =
(SSLServerSocket) (host==null ?
factory.createServerSocket(port,backlog):
factory.createServerSocket(port,backlog,InetAddress.getByName(host)));
if (getWantClientAuth())
socket.setWantClientAuth(getWantClientAuth());
if (getNeedClientAuth())
socket.setNeedClientAuth(getNeedClientAuth());
socket.setEnabledCipherSuites(selectCipherSuites(
socket.getEnabledCipherSuites(),
socket.getSupportedCipherSuites()));
socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));
return socket;
}
public TestServer(boolean provideKeys, int clientAuth, String keys) throws Exception {
this.keys = keys;
this.clientAuth = clientAuth;
this.provideKeys = provideKeys;
trustManager = new TestTrustManager();
KeyManager[] keyManagers = provideKeys ? getKeyManagers(keys) : null;
TrustManager[] trustManagers = new TrustManager[] { trustManager };
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, null);
serverSocket = (SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket();
if (clientAuth == CLIENT_AUTH_WANTED) {
serverSocket.setWantClientAuth(true);
} else if (clientAuth == CLIENT_AUTH_NEEDED) {
serverSocket.setNeedClientAuth(true);
} else {
serverSocket.setWantClientAuth(false);
}
serverSocket.bind(new InetSocketAddress(0));
}
/**
* Set the server socket configuration to our required
* QOS values.
*
* A small experiment shows that setting either (want, need) parameter to either true or false sets the
* other parameter to false.
*
* @param serverSocket
* The newly created SSLServerSocket.
*
* @throws IOException if server socket can't be configured
*/
private void configureServerSocket(SSLServerSocket serverSocket) throws IOException {
// set the authentication value and cipher suite info.
serverSocket.setEnabledCipherSuites(cipherSuites);
if (clientAuthRequired) {
serverSocket.setNeedClientAuth(true);
} else if (clientAuthSupported) {
serverSocket.setWantClientAuth(true);
} else {
serverSocket.setNeedClientAuth(false); //could set want with the same effect
}
serverSocket.setSoTimeout(SOCKET_TIMEOUT_MS);
if (log.isDebugEnabled()) {
log.debug("Created SSL server socket on port " + serverSocket.getLocalPort());
log.debug(" client authentication " + (clientAuthSupported ? "SUPPORTED" : "UNSUPPORTED"));
log.debug(" client authentication " + (clientAuthRequired ? "REQUIRED" : "OPTIONAL"));
log.debug(" cipher suites:");
for (int i = 0; i < cipherSuites.length; i++) {
log.debug(" " + cipherSuites[i]);
}
}
}
private static GfxdTSSLServerSocket createServer(
SSLServerSocketFactory factory, InetSocketAddress bindAddress,
SocketParameters params) throws TTransportException {
try {
SSLServerSocket serverSocket = (SSLServerSocket)factory
.createServerSocket(bindAddress.getPort(), 100,
bindAddress.getAddress());
if (params != null) {
if (params.getSSLEnabledProtocols() != null) {
serverSocket.setEnabledProtocols(params.getSSLEnabledProtocols());
}
if (params.getSSLCipherSuites() != null) {
serverSocket.setEnabledCipherSuites(params.getSSLCipherSuites());
}
serverSocket.setNeedClientAuth(params.getSSLClientAuth());
}
return new GfxdTSSLServerSocket(serverSocket, bindAddress, params);
} catch (Exception e) {
throw new TTransportException(TTransportException.NOT_OPEN,
"Could not bind to host:port " + bindAddress.toString(), e);
}
}
/**
* Create the right kind of server socket
*/
private ServerSocket createServerSocket()
throws IOException
{
if (hostAddress == null)
hostAddress = InetAddress.getByName(hostArg);
// Make a list of valid
// InetAddresses for NetworkServerControl
// admin commands.
buildLocalAddressList(hostAddress);
// Create the right kind of socket
switch (getSSLMode()) {
case SSL_OFF:
default:
ServerSocketFactory sf =
ServerSocketFactory.getDefault();
return sf.createServerSocket(portNumber
,0,
hostAddress);
case SSL_BASIC:
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
return (SSLServerSocket)ssf.createServerSocket(portNumber,
0,
hostAddress);
case SSL_PEER_AUTHENTICATION:
SSLServerSocketFactory ssf2 =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket sss2=
(SSLServerSocket)ssf2.createServerSocket(portNumber,
0,
hostAddress);
sss2.setNeedClientAuth(true);
return sss2;
}
}
/**
* Create the right kind of server socket
*/
private ServerSocket createServerSocket()
throws IOException
{
if (hostAddress == null)
hostAddress = InetAddress.getByName(hostArg);
// Make a list of valid
// InetAddresses for NetworkServerControl
// admin commands.
buildLocalAddressList(hostAddress);
// Create the right kind of socket
switch (getSSLMode()) {
case SSL_OFF:
default:
ServerSocketFactory sf =
ServerSocketFactory.getDefault();
return sf.createServerSocket(portNumber
,0,
hostAddress);
case SSL_BASIC:
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
return (SSLServerSocket)ssf.createServerSocket(portNumber,
0,
hostAddress);
case SSL_PEER_AUTHENTICATION:
SSLServerSocketFactory ssf2 =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket sss2=
(SSLServerSocket)ssf2.createServerSocket(portNumber,
0,
hostAddress);
sss2.setNeedClientAuth(true);
return sss2;
}
}
public JSSEServer(SSLContext context,
boolean needClientAuth) throws Exception {
SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
server = (SSLServerSocket) serverFactory.createServerSocket(0);
server.setSoTimeout(TLSRestrictions.TIMEOUT);
server.setNeedClientAuth(needClientAuth); // for dual authentication
System.out.println("Server: port=" + getPort());
}
public JSSEServer(SSLContext context,
boolean needClientAuth) throws Exception {
SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
server = (SSLServerSocket) serverFactory.createServerSocket(0);
server.setSoTimeout(TLSRestrictions.TIMEOUT);
server.setNeedClientAuth(needClientAuth); // for dual authentication
System.out.println("Server: port=" + getPort());
}
public JSSEServer(SSLContext context,
boolean needClientAuth) throws Exception {
SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
server = (SSLServerSocket) serverFactory.createServerSocket(0);
server.setSoTimeout(TLSRestrictions.TIMEOUT);
server.setNeedClientAuth(needClientAuth); // for dual authentication
System.out.println("Server: port=" + getPort());
}
public JSSEServer(SSLContext context,
boolean needClientAuth) throws Exception {
SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
server = (SSLServerSocket) serverFactory.createServerSocket(0);
server.setSoTimeout(TLSRestrictions.TIMEOUT);
server.setNeedClientAuth(needClientAuth); // for dual authentication
System.out.println("Server: port=" + getPort());
}
public JSSEServer(SSLContext context, String constraint,
boolean needClientAuth) throws Exception {
TLSRestrictions.setConstraint("Server", constraint);
SSLServerSocketFactory serverFactory = context.getServerSocketFactory();
server = (SSLServerSocket) serverFactory.createServerSocket(0);
server.setSoTimeout(TLSRestrictions.TIMEOUT);
server.setNeedClientAuth(needClientAuth); // for dual authentication
System.out.println("Server: port=" + getPort());
}
private static TServerSocket createServer(SSLServerSocketFactory factory, int port, int timeout, boolean clientAuth,
InetAddress ifAddress, TSSLTransportParameters params) throws TTransportException {
try {
SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(port, 100, ifAddress);
serverSocket.setSoTimeout(timeout);
serverSocket.setNeedClientAuth(clientAuth);
if (params != null && params.cipherSuites != null) {
serverSocket.setEnabledCipherSuites(params.cipherSuites);
}
return new TServerSocket(serverSocket, timeout);
} catch (Exception e) {
throw new TTransportException("Could not bind to port " + port, e);
}
}
/**
* Create the right kind of server socket
*/
private ServerSocket createServerSocket()
throws IOException
{
if (hostAddress == null)
hostAddress = InetAddress.getByName(hostArg);
// Make a list of valid
// InetAddresses for NetworkServerControl
// admin commands.
buildLocalAddressList(hostAddress);
// Create the right kind of socket
switch (getSSLMode()) {
case SSL_OFF:
default:
ServerSocketFactory sf =
ServerSocketFactory.getDefault();
return sf.createServerSocket(portNumber
,0,
hostAddress);
case SSL_BASIC:
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
return (SSLServerSocket)ssf.createServerSocket(portNumber,
0,
hostAddress);
case SSL_PEER_AUTHENTICATION:
SSLServerSocketFactory ssf2 =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket sss2=
(SSLServerSocket)ssf2.createServerSocket(portNumber,
0,
hostAddress);
sss2.setNeedClientAuth(true);
return sss2;
}
}
public ServerSocket createSSLServer(int port, InetAddress bindAddr) throws Exception {
SSLServerSocket serverSocket =
(SSLServerSocket) configuration.getSSLServerSocketFactory().createServerSocket(port, 50, bindAddr);
if (configuration.isNeedClientAuth()) {
serverSocket.setNeedClientAuth(true);
} else {
serverSocket.setNeedClientAuth(false);
}
return serverSocket;
}
private static void postSSLServerSocket(SSLServerSocket sslServerSocket,int sslmode){
String[] pwdsuits = sslServerSocket.getSupportedCipherSuites();
sslServerSocket.setEnabledCipherSuites(pwdsuits);
sslServerSocket.setUseClientMode(false);
if(sslmode == 2){
sslServerSocket.setNeedClientAuth(true);
}else{
sslServerSocket.setWantClientAuth(true);
}
}
@Override
public ServerSocket createServerSocket(int port) throws IOException {
SSLServerSocket sslServerSocket =
(SSLServerSocket) sslServerSocketFactory.createServerSocket(port, 0, bindAddress);
if (getEnabledCipherSuites() != null) {
sslServerSocket.setEnabledCipherSuites(getEnabledCipherSuites());
}
if (getEnabledProtocols() == null) {
sslServerSocket.setEnabledProtocols(defaultProtocols);
} else {
sslServerSocket.setEnabledProtocols(getEnabledProtocols());
}
sslServerSocket.setNeedClientAuth(getNeedClientAuth());
return sslServerSocket;
}
/**
* Configure Client authentication for this version of JSSE. The
* JSSE included in Java 1.4 supports the 'want' value. Prior
* versions of JSSE will treat 'want' as 'false'.
* @param socket the SSLServerSocket
*/
protected void configureClientAuth(SSLServerSocket socket){
if (wantClientAuth){
socket.setWantClientAuth(wantClientAuth);
} else {
socket.setNeedClientAuth(requireClientAuth);
}
}
private static TServerSocket createServer(SSLServerSocketFactory factory, int port, int timeout, boolean clientAuth,
InetAddress ifAddress, TSSLTransportParameters params) throws TTransportException {
try {
SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(port, 100, ifAddress);
serverSocket.setSoTimeout(timeout);
serverSocket.setNeedClientAuth(clientAuth);
if (params != null && params.cipherSuites != null) {
serverSocket.setEnabledCipherSuites(params.cipherSuites);
}
return new TServerSocket(serverSocket, timeout);
} catch (Exception e) {
throw new TTransportException("Could not bind to port " + port, e);
}
}
public static void main(String[] argv) throws NoSuchAlgorithmException, KeyManagementException, IOException, KeyStoreException, CertificateException, UnrecoverableKeyException {
// SSL debug levels
//System.setProperty("javax.net.debug", "ssl,handshake");
System.setProperty("javax.net.debug", "all");
// local truststore
System.setProperty("javax.net.ssl.trustStore", "cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
// access windows client certificates
//System.setProperty("javax.net.ssl.trustStoreProvider", "SunMSCAPI");
//System.setProperty("javax.net.ssl.trustStoreType", "Windows-ROOT");
// load default trustmanager factory
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
System.out.println(trustManagerFactory.getProvider());
// load server keystore
KeyStore keystore = KeyStore.getInstance("PKCS12");
try(FileInputStream keyStoreInputStream = new FileInputStream("davmail.p12")) {
keystore.load(keyStoreInputStream, "password".toCharArray());
}
// KeyManagerFactory to create key managers
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
// initialize KMF to work with keystore
kmf.init(keystore, "password".toCharArray());
// SSLContext is environment for implementing JSSE...
// create ServerSocketFactory
SSLContext sslContext = SSLContext.getInstance("TLS");
// initialize sslContext to work with key managers and default trust manager
sslContext.init(kmf.getKeyManagers(), null, null);
// create ServerSocketFactory from sslContext
ServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();
SSLServerSocket serverSocket = (SSLServerSocket) serverSocketFactory.createServerSocket(443);
serverSocket.setNeedClientAuth(true);
int count = 100;
while (count-- > 0) {
SSLSocket socket = (SSLSocket) serverSocket.accept();
SSLSession session = socket.getSession();
System.out.println("SubjectDN " + ((X509Certificate) session.getPeerCertificates()[0]).getSubjectDN());
}
}
@Override
public ServerSocket createServerSocket(int port) throws IOException {
SSLServerSocket ss = (SSLServerSocket) sssf.createServerSocket(port, 50, InetAddress.getByName(rmiServerHost));
ss.setNeedClientAuth(clientAuth);
return ss;
}