下面列出了javax.net.ssl.SSLSessionContext#setSessionTimeout ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private SSLContext createSslContext()
{
KeyStore keyStore = getKeyStore();
Collection<TrustStore> trustStores = getTrustStores();
boolean needClientCert = (Boolean)getAttribute(NEED_CLIENT_AUTH) || (Boolean)getAttribute(WANT_CLIENT_AUTH);
if (needClientCert && trustStores.isEmpty())
{
throw new IllegalConfigurationException("Client certificate authentication is enabled on AMQP port '"
+ this.getName() + "' but no trust store defined");
}
SSLContext sslContext = SSLUtil.createSslContext(keyStore, trustStores, getName());
SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
if (getTLSSessionCacheSize() > 0)
{
serverSessionContext.setSessionCacheSize(getTLSSessionCacheSize());
}
if (getTLSSessionTimeout() > 0)
{
serverSessionContext.setSessionTimeout(getTLSSessionTimeout());
}
return sslContext;
}
@Override
public void configureSessionContext(SSLSessionContext sslSessionContext) {
int sessionCacheSize;
if (endpoint.getSessionCacheSize() != null) {
sessionCacheSize = Integer.parseInt(
endpoint.getSessionCacheSize());
} else {
sessionCacheSize = defaultSessionCacheSize;
}
int sessionTimeout;
if (endpoint.getSessionTimeout() != null) {
sessionTimeout = Integer.parseInt(endpoint.getSessionTimeout());
} else {
sessionTimeout = defaultSessionTimeout;
}
sslSessionContext.setSessionCacheSize(sessionCacheSize);
sslSessionContext.setSessionTimeout(sessionTimeout);
}
/**
* Creates a new instance.
* @param trustCertChainFile an X.509 certificate chain file in PEM format.
* {@code null} to use the system default
* @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
* that verifies the certificates sent from servers.
* {@code null} to use the default or the results of parsing {@code trustCertChainFile}
* @param keyCertChainFile an X.509 certificate chain file in PEM format.
* This provides the public key for mutual authentication.
* {@code null} to use the system default
* @param keyFile a PKCS#8 private key file in PEM format.
* This provides the private key for mutual authentication.
* {@code null} for no mutual authentication.
* @param keyPassword the password of the {@code keyFile}.
* {@code null} if it's not password-protected.
* Ignored if {@code keyFile} is {@code null}.
* @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s
* that is used to encrypt data being sent to servers.
* {@code null} to use the default or the results of parsing
* {@code keyCertChainFile} and {@code keyFile}.
* @param ciphers the cipher suites to enable, in the order of preference.
* {@code null} to use the default cipher suites.
* @param cipherFilter a filter to apply over the supplied list of ciphers
* @param apn Application Protocol Negotiator object.
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
* {@code 0} to use the default value.
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
* {@code 0} to use the default value.
*/
public JdkSslClientContext(File trustCertChainFile, TrustManagerFactory trustManagerFactory,
File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn,
long sessionCacheSize, long sessionTimeout) throws SSLException {
super(ciphers, cipherFilter, apn);
try {
if (trustCertChainFile != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertChainFile, trustManagerFactory);
}
if (keyFile != null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChainFile, keyFile, keyPassword, keyManagerFactory);
}
ctx = SSLContext.getInstance(PROTOCOL);
ctx.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(),
trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
null);
SSLSessionContext sessCtx = ctx.getClientSessionContext();
if (sessionCacheSize > 0) {
sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
}
if (sessionTimeout > 0) {
sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
}
} catch (Exception e) {
throw new SSLException("failed to initialize the client-side SSL context", e);
}
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
private static SSLContext newSSLContext(Provider sslContextProvider, X509Certificate[] trustCertCollection,
TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain,
PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
long sessionCacheSize, long sessionTimeout)
throws SSLException {
if (key == null && keyManagerFactory == null) {
throw new NullPointerException("key, keyManagerFactory");
}
try {
if (trustCertCollection != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
}
if (key != null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory);
}
// Initialize the SSLContext to work with our key managers.
SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL)
: SSLContext.getInstance(PROTOCOL, sslContextProvider);
ctx.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
null);
SSLSessionContext sessCtx = ctx.getServerSessionContext();
if (sessionCacheSize > 0) {
sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
}
if (sessionTimeout > 0) {
sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
}
return ctx;
} catch (Exception e) {
if (e instanceof SSLException) {
throw (SSLException) e;
}
throw new SSLException("failed to initialize the server-side SSL context", e);
}
}
private static SSLContext newSSLContext(Provider sslContextProvider,
X509Certificate[] trustCertCollection,
TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain,
PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
long sessionCacheSize, long sessionTimeout) throws SSLException {
try {
if (trustCertCollection != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
}
if (keyCertChain != null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory);
}
SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL)
: SSLContext.getInstance(PROTOCOL, sslContextProvider);
ctx.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(),
trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
null);
SSLSessionContext sessCtx = ctx.getClientSessionContext();
if (sessionCacheSize > 0) {
sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
}
if (sessionTimeout > 0) {
sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
}
return ctx;
} catch (Exception e) {
if (e instanceof SSLException) {
throw (SSLException) e;
}
throw new SSLException("failed to initialize the client-side SSL context", e);
}
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
private SSLContext createSslContext(final HttpPort<?> port)
{
KeyStore keyStore = port.getKeyStore();
if (keyStore == null)
{
throw new IllegalConfigurationException(
"Key store is not configured. Cannot start management on HTTPS port without keystore");
}
final boolean needClientCert = port.getNeedClientAuth() || port.getWantClientAuth();
final Collection<TrustStore> trustStores = port.getTrustStores();
if (needClientCert && trustStores.isEmpty())
{
throw new IllegalConfigurationException(String.format(
"Client certificate authentication is enabled on HTTPS port '%s' but no trust store defined",
this.getName()));
}
final SSLContext sslContext = SSLUtil.createSslContext(port.getKeyStore(), trustStores, port.getName());
final SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
if (port.getTLSSessionCacheSize() > 0)
{
serverSessionContext.setSessionCacheSize(port.getTLSSessionCacheSize());
}
if (port.getTLSSessionTimeout() > 0)
{
serverSessionContext.setSessionTimeout(port.getTLSSessionTimeout());
}
return sslContext;
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
public static void main(String[] args) throws Exception {
// try {
SSLServerSocketFactory ssf =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket();
String[] protocols = ss.getSupportedProtocols();
for (int i = 0; i < protocols.length; i++) {
// try {
if (protocols[i].equals("SSLv2Hello")) {
continue;
}
SSLContext sslc = SSLContext.getInstance(protocols[i]);
SSLSessionContext sslsc = sslc.getServerSessionContext();
System.out.println("Protocol: " + protocols[i]);
sslsc.setSessionTimeout(Integer.MAX_VALUE);
int newtime = sslsc.getSessionTimeout();
if (newtime != Integer.MAX_VALUE) {
throw new Exception ("Expected timeout: " +
Integer.MAX_VALUE + ", got instead: " +
newtime);
}
// } catch (Exception e) {
// }
}
// } catch (Exception e) {
// System.out.println(e);
// }
System.out.println("Finished");
}
/**
* Creates a new instance.
* @param trustCertChainFile an X.509 certificate chain file in PEM format.
* This provides the certificate chains used for mutual authentication.
* {@code null} to use the system default
* @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
* that verifies the certificates sent from clients.
* {@code null} to use the default or the results of parsing {@code trustCertChainFile}
* @param keyCertChainFile an X.509 certificate chain file in PEM format
* @param keyFile a PKCS#8 private key file in PEM format
* @param keyPassword the password of the {@code keyFile}.
* {@code null} if it's not password-protected.
* @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s
* that is used to encrypt data being sent to clients.
* {@code null} to use the default or the results of parsing
* {@code keyCertChainFile} and {@code keyFile}.
* @param ciphers the cipher suites to enable, in the order of preference.
* {@code null} to use the default cipher suites.
* @param cipherFilter a filter to apply over the supplied list of ciphers
* Only required if {@code provider} is {@link SslProvider#JDK}
* @param apn Application Protocol Negotiator object.
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
* {@code 0} to use the default value.
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
* {@code 0} to use the default value.
*/
public JdkSslServerContext(File trustCertChainFile, TrustManagerFactory trustManagerFactory,
File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn,
long sessionCacheSize, long sessionTimeout) throws SSLException {
super(ciphers, cipherFilter, apn);
if (keyFile == null && keyManagerFactory == null) {
throw new NullPointerException("keyFile, keyManagerFactory");
}
try {
if (trustCertChainFile != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertChainFile, trustManagerFactory);
}
if (keyFile != null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChainFile, keyFile, keyPassword, keyManagerFactory);
}
// Initialize the SSLContext to work with our key managers.
ctx = SSLContext.getInstance(PROTOCOL);
ctx.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
null);
SSLSessionContext sessCtx = ctx.getServerSessionContext();
if (sessionCacheSize > 0) {
sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
}
if (sessionTimeout > 0) {
sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
}
} catch (Exception e) {
throw new SSLException("failed to initialize the server-side SSL context", e);
}
}
private static void trustAllHttpsCertificates() throws Exception {
// Create a trust manager that does not validate certificate chains:
TrustManager[] trustAllCerts = new TrustManager[1];
TrustManager tm = new TrustAllTrustManager();
trustAllCerts[0] = tm;
SSLContext sc = SSLContext.getInstance("SSL");
SSLSessionContext sslsc = sc.getServerSessionContext();
sslsc.setSessionTimeout(0);
sc.init(null, trustAllCerts, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}