下面列出了javax.net.ssl.SSLSessionContext#setSessionCacheSize ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
public void configureSessionContext(SSLSessionContext sslSessionContext) {
int sessionCacheSize;
if (endpoint.getSessionCacheSize() != null) {
sessionCacheSize = Integer.parseInt(
endpoint.getSessionCacheSize());
} else {
sessionCacheSize = defaultSessionCacheSize;
}
int sessionTimeout;
if (endpoint.getSessionTimeout() != null) {
sessionTimeout = Integer.parseInt(endpoint.getSessionTimeout());
} else {
sessionTimeout = defaultSessionTimeout;
}
sslSessionContext.setSessionCacheSize(sessionCacheSize);
sslSessionContext.setSessionTimeout(sessionTimeout);
}
private SSLContext createSslContext()
{
KeyStore keyStore = getKeyStore();
Collection<TrustStore> trustStores = getTrustStores();
boolean needClientCert = (Boolean)getAttribute(NEED_CLIENT_AUTH) || (Boolean)getAttribute(WANT_CLIENT_AUTH);
if (needClientCert && trustStores.isEmpty())
{
throw new IllegalConfigurationException("Client certificate authentication is enabled on AMQP port '"
+ this.getName() + "' but no trust store defined");
}
SSLContext sslContext = SSLUtil.createSslContext(keyStore, trustStores, getName());
SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
if (getTLSSessionCacheSize() > 0)
{
serverSessionContext.setSessionCacheSize(getTLSSessionCacheSize());
}
if (getTLSSessionTimeout() > 0)
{
serverSessionContext.setSessionTimeout(getTLSSessionTimeout());
}
return sslContext;
}
@Override
public void configureSessionContext(SSLSessionContext sslSessionContext) {
int sessionCacheSize;
if (endpoint.getSessionCacheSize() != null) {
sessionCacheSize = Integer.parseInt(
endpoint.getSessionCacheSize());
} else {
sessionCacheSize = defaultSessionCacheSize;
}
int sessionTimeout;
if (endpoint.getSessionTimeout() != null) {
sessionTimeout = Integer.parseInt(endpoint.getSessionTimeout());
} else {
sessionTimeout = defaultSessionTimeout;
}
sslSessionContext.setSessionCacheSize(sessionCacheSize);
sslSessionContext.setSessionTimeout(sessionTimeout);
}
@Override
public void configureSessionContext(SSLSessionContext sslSessionContext) {
// <0 - don't set anything - use the implementation default
if (sslHostConfig.getSessionCacheSize() >= 0) {
sslSessionContext.setSessionCacheSize(sslHostConfig.getSessionCacheSize());
}
// <0 - don't set anything - use the implementation default
if (sslHostConfig.getSessionTimeout() >= 0) {
sslSessionContext.setSessionTimeout(sslHostConfig.getSessionTimeout());
}
}
private static SSLContext newSSLContext(Provider sslContextProvider, X509Certificate[] trustCertCollection,
TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain,
PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
long sessionCacheSize, long sessionTimeout)
throws SSLException {
if (key == null && keyManagerFactory == null) {
throw new NullPointerException("key, keyManagerFactory");
}
try {
if (trustCertCollection != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
}
if (key != null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory);
}
// Initialize the SSLContext to work with our key managers.
SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL)
: SSLContext.getInstance(PROTOCOL, sslContextProvider);
ctx.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
null);
SSLSessionContext sessCtx = ctx.getServerSessionContext();
if (sessionCacheSize > 0) {
sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
}
if (sessionTimeout > 0) {
sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
}
return ctx;
} catch (Exception e) {
if (e instanceof SSLException) {
throw (SSLException) e;
}
throw new SSLException("failed to initialize the server-side SSL context", e);
}
}
private static SSLContext newSSLContext(Provider sslContextProvider,
X509Certificate[] trustCertCollection,
TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain,
PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
long sessionCacheSize, long sessionTimeout) throws SSLException {
try {
if (trustCertCollection != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
}
if (keyCertChain != null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory);
}
SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL)
: SSLContext.getInstance(PROTOCOL, sslContextProvider);
ctx.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(),
trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
null);
SSLSessionContext sessCtx = ctx.getClientSessionContext();
if (sessionCacheSize > 0) {
sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
}
if (sessionTimeout > 0) {
sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
}
return ctx;
} catch (Exception e) {
if (e instanceof SSLException) {
throw (SSLException) e;
}
throw new SSLException("failed to initialize the client-side SSL context", e);
}
}
private SSLContext createSslContext(final HttpPort<?> port)
{
KeyStore keyStore = port.getKeyStore();
if (keyStore == null)
{
throw new IllegalConfigurationException(
"Key store is not configured. Cannot start management on HTTPS port without keystore");
}
final boolean needClientCert = port.getNeedClientAuth() || port.getWantClientAuth();
final Collection<TrustStore> trustStores = port.getTrustStores();
if (needClientCert && trustStores.isEmpty())
{
throw new IllegalConfigurationException(String.format(
"Client certificate authentication is enabled on HTTPS port '%s' but no trust store defined",
this.getName()));
}
final SSLContext sslContext = SSLUtil.createSslContext(port.getKeyStore(), trustStores, port.getName());
final SSLSessionContext serverSessionContext = sslContext.getServerSessionContext();
if (port.getTLSSessionCacheSize() > 0)
{
serverSessionContext.setSessionCacheSize(port.getTLSSessionCacheSize());
}
if (port.getTLSSessionTimeout() > 0)
{
serverSessionContext.setSessionTimeout(port.getTLSSessionTimeout());
}
return sslContext;
}
/**
* Creates a new instance.
* @param trustCertChainFile an X.509 certificate chain file in PEM format.
* This provides the certificate chains used for mutual authentication.
* {@code null} to use the system default
* @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
* that verifies the certificates sent from clients.
* {@code null} to use the default or the results of parsing {@code trustCertChainFile}
* @param keyCertChainFile an X.509 certificate chain file in PEM format
* @param keyFile a PKCS#8 private key file in PEM format
* @param keyPassword the password of the {@code keyFile}.
* {@code null} if it's not password-protected.
* @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s
* that is used to encrypt data being sent to clients.
* {@code null} to use the default or the results of parsing
* {@code keyCertChainFile} and {@code keyFile}.
* @param ciphers the cipher suites to enable, in the order of preference.
* {@code null} to use the default cipher suites.
* @param cipherFilter a filter to apply over the supplied list of ciphers
* Only required if {@code provider} is {@link SslProvider#JDK}
* @param apn Application Protocol Negotiator object.
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
* {@code 0} to use the default value.
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
* {@code 0} to use the default value.
*/
public JdkSslServerContext(File trustCertChainFile, TrustManagerFactory trustManagerFactory,
File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn,
long sessionCacheSize, long sessionTimeout) throws SSLException {
super(ciphers, cipherFilter, apn);
if (keyFile == null && keyManagerFactory == null) {
throw new NullPointerException("keyFile, keyManagerFactory");
}
try {
if (trustCertChainFile != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertChainFile, trustManagerFactory);
}
if (keyFile != null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChainFile, keyFile, keyPassword, keyManagerFactory);
}
// Initialize the SSLContext to work with our key managers.
ctx = SSLContext.getInstance(PROTOCOL);
ctx.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
null);
SSLSessionContext sessCtx = ctx.getServerSessionContext();
if (sessionCacheSize > 0) {
sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
}
if (sessionTimeout > 0) {
sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
}
} catch (Exception e) {
throw new SSLException("failed to initialize the server-side SSL context", e);
}
}
/**
* Creates a new instance.
* @param trustCertChainFile an X.509 certificate chain file in PEM format.
* {@code null} to use the system default
* @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
* that verifies the certificates sent from servers.
* {@code null} to use the default or the results of parsing {@code trustCertChainFile}
* @param keyCertChainFile an X.509 certificate chain file in PEM format.
* This provides the public key for mutual authentication.
* {@code null} to use the system default
* @param keyFile a PKCS#8 private key file in PEM format.
* This provides the private key for mutual authentication.
* {@code null} for no mutual authentication.
* @param keyPassword the password of the {@code keyFile}.
* {@code null} if it's not password-protected.
* Ignored if {@code keyFile} is {@code null}.
* @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s
* that is used to encrypt data being sent to servers.
* {@code null} to use the default or the results of parsing
* {@code keyCertChainFile} and {@code keyFile}.
* @param ciphers the cipher suites to enable, in the order of preference.
* {@code null} to use the default cipher suites.
* @param cipherFilter a filter to apply over the supplied list of ciphers
* @param apn Application Protocol Negotiator object.
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
* {@code 0} to use the default value.
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
* {@code 0} to use the default value.
*/
public JdkSslClientContext(File trustCertChainFile, TrustManagerFactory trustManagerFactory,
File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn,
long sessionCacheSize, long sessionTimeout) throws SSLException {
super(ciphers, cipherFilter, apn);
try {
if (trustCertChainFile != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertChainFile, trustManagerFactory);
}
if (keyFile != null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChainFile, keyFile, keyPassword, keyManagerFactory);
}
ctx = SSLContext.getInstance(PROTOCOL);
ctx.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(),
trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
null);
SSLSessionContext sessCtx = ctx.getClientSessionContext();
if (sessionCacheSize > 0) {
sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
}
if (sessionTimeout > 0) {
sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
}
} catch (Exception e) {
throw new SSLException("failed to initialize the client-side SSL context", e);
}
}
@Test
public void testSessionSize() throws Exception {
final int port1 = SSLTestUtils.PORT;
final int port2 = SSLTestUtils.SECONDARY_PORT;
try (
ServerSocket serverSocket1 = SSLTestUtils.createServerSocket(port1);
ServerSocket serverSocket2 = SSLTestUtils.createServerSocket(port2)
) {
final Thread acceptThread1 = startServer(serverSocket1);
final Thread acceptThread2 = startServer(serverSocket2);
SSLContext clientContext = SSLTestUtils.createClientSSLContext("openssl.TLSv1");
final SSLSessionContext clientSession = clientContext.getClientSessionContext();
byte[] host1SessionId = connectAndWrite(clientContext, port1);
byte[] host2SessionId = connectAndWrite(clientContext, port2);
// No cache limit was set, id's should be identical
Assert.assertArrayEquals(host1SessionId, connectAndWrite(clientContext, port1));
Assert.assertArrayEquals(host2SessionId, connectAndWrite(clientContext, port2));
// Set the cache size to 1
clientSession.setSessionCacheSize(1);
// The second session id should be the one kept as it was the last one used
Assert.assertArrayEquals(host2SessionId, connectAndWrite(clientContext, port2));
// Connect again to the first host, this should not match the initial session id for the first host
byte[] nextId = connectAndWrite(clientContext, port1);
Assert.assertFalse(Arrays.equals(host1SessionId, nextId));
// Once more connect to the first host and this should match the previous session id
Assert.assertArrayEquals(nextId, connectAndWrite(clientContext, port1));
// Connect to the second host which should be purged at this point
Assert.assertFalse(Arrays.equals(nextId, connectAndWrite(clientContext, port2)));
// Reset the cache limit and ensure both sessions are cached
clientSession.setSessionCacheSize(0);
host1SessionId = connectAndWrite(clientContext, port1);
host2SessionId = connectAndWrite(clientContext, port2);
// No cache limit was set, id's should be identical
Assert.assertArrayEquals(host1SessionId, connectAndWrite(clientContext, port1));
Assert.assertArrayEquals(host2SessionId, connectAndWrite(clientContext, port2));
serverSocket1.close();
serverSocket2.close();
acceptThread1.join();
acceptThread2.join();
}
}