下面列出了javax.net.ssl.SSLContext#getSupportedSSLParameters ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
public RMIServerSocketFactory getServerSocketFactory() {
SSLContext context = secureSslContextFactory.createServerContext();
SSLParameters param = context.getSupportedSSLParameters();
return new SslRMIServerSocketFactory(context,
param.getCipherSuites(),
param.getProtocols(),
param.getWantClientAuth());
}
@Override
public Socket createSocket(String host, int port)
throws IOException {
SSLContext context = secureSslContextFactory.createClientContext();
SSLSocketFactory sf = context.getSocketFactory();
SSLSocket socket = (SSLSocket) sf.createSocket(host, port);
SSLParameters param = context.getSupportedSSLParameters();
socket.setEnabledCipherSuites(param.getCipherSuites());
socket.setEnabledProtocols(param.getProtocols());
return socket;
}
/**
* Asserts that the provided {@link SSLContext} has the expected default configuration, and that
* {@link SSLSocketFactory}, {@link SSLServerSocketFactory}, {@link SSLSocket},
* {@link SSLServerSocket} and {@link SSLEngine} instances created from the context match the
* configuration.
*/
public static void assertSSLContextDefaultConfiguration(SSLContext sslContext)
throws IOException {
SSLParameters defaultParameters = sslContext.getDefaultSSLParameters();
StandardNames.assertSSLContextEnabledProtocols(sslContext.getProtocol(),
defaultParameters.getProtocols());
StandardNames.assertDefaultCipherSuites(defaultParameters.getCipherSuites());
assertFalse(defaultParameters.getWantClientAuth());
assertFalse(defaultParameters.getNeedClientAuth());
SSLParameters supportedParameters = sslContext.getSupportedSSLParameters();
StandardNames.assertSupportedCipherSuites(supportedParameters.getCipherSuites());
StandardNames.assertSupportedProtocols(supportedParameters.getProtocols());
assertFalse(supportedParameters.getWantClientAuth());
assertFalse(supportedParameters.getNeedClientAuth());
assertContainsAll("Unsupported enabled cipher suites", supportedParameters.getCipherSuites(),
defaultParameters.getCipherSuites());
assertContainsAll("Unsupported enabled protocols", supportedParameters.getProtocols(),
defaultParameters.getProtocols());
assertSSLSocketFactoryConfigSameAsSSLContext(sslContext.getSocketFactory(), sslContext);
assertSSLServerSocketFactoryConfigSameAsSSLContext(sslContext.getServerSocketFactory(),
sslContext);
SSLEngine sslEngine = sslContext.createSSLEngine();
assertFalse(sslEngine.getUseClientMode());
assertSSLEngineConfigSameAsSSLContext(sslEngine, sslContext);
}
protected static SSLContext wrapSslContext(SSLContext sslContext, Set<String> enabledCipherSuites, Set<String> enabledProtocols) throws StartException {
if (enabledCipherSuites.isEmpty() != true || enabledProtocols.isEmpty() != true) {
SSLParameters parameters = sslContext.getSupportedSSLParameters();
String[] commonCiphers;
if (enabledCipherSuites.isEmpty()) {
commonCiphers = new String[0];
} else {
commonCiphers = calculateCommon(parameters.getCipherSuites(), enabledCipherSuites);
// Not valid to be empty now as there was an attempt to find a common set.
if (commonCiphers.length == 0) {
throw DomainManagementLogger.ROOT_LOGGER.noCipherSuitesInCommon(
Arrays.asList(parameters.getCipherSuites()).toString(), enabledCipherSuites.toString());
}
}
String[] commonProtocols;
if (enabledProtocols.isEmpty()) {
commonProtocols = new String[0];
} else {
commonProtocols = calculateCommon(parameters.getProtocols(), enabledProtocols);
// Not valid to be empty now as there was an attempt to find a common set.
if (commonProtocols.length == 0) {
throw DomainManagementLogger.ROOT_LOGGER.noProtocolsInCommon(Arrays.asList(parameters.getProtocols())
.toString(), enabledProtocols.toString());
}
}
sslContext = new WrapperSSLContext(sslContext, commonCiphers, commonProtocols);
}
return sslContext;
}
private static SSLParameters getDefaultParams(SSLContext ctx) {
SSLParameters params = ctx.getSupportedSSLParameters();
params.setProtocols(new String[]{"TLSv1.2"});
return params;
}
@Test
public void test() throws Exception {
SSLContext sslContext = (new SimpleSSLContext()).get();
ExecutorService exec = Executors.newCachedThreadPool();
HttpClient client = HttpClient.newBuilder()
.executor(exec)
.sslContext(sslContext)
.sslParameters(new SSLParameters(CIPHER_SUITES))
.version(HTTP_2)
.build();
Http2TestServer httpsServer = null;
try {
SSLContext serverContext = (new SimpleSSLContext()).get();
SSLParameters p = serverContext.getSupportedSSLParameters();
p.setApplicationProtocols(new String[]{"h2"});
httpsServer = new Http2TestServer(true,
0,
exec,
serverContext);
httpsServer.addHandler(new Http2EchoHandler(), "/");
int httpsPort = httpsServer.getAddress().getPort();
String httpsURIString = "https://127.0.0.1:" + httpsPort + "/bar/";
httpsServer.start();
URI uri = URI.create(httpsURIString);
System.err.println("Request to " + uri);
HttpRequest req = HttpRequest.newBuilder(uri)
.POST(fromString(SIMPLE_STRING))
.build();
HttpResponse response;
try {
response = client.send(req, discard(null));
throw new RuntimeException("Unexpected response: " + response);
} catch (IOException e) {
System.err.println("Caught Expected IOException: " + e);
}
System.err.println("DONE");
} finally {
if (httpsServer != null ) { httpsServer.stop(); }
exec.shutdownNow();
}
}