Example usage for javax.net.ssl SSLEngine setSSLParameters

List of usage examples for javax.net.ssl SSLEngine setSSLParameters

  1. HOME
  2. Java
  3. javax
  4. javax.net.ssl.*
  5. SSLEngine
  6. setSSLParameters

Introduction

In this page you can find the example usage for javax.net.ssl SSLEngine setSSLParameters.

Prototype

public void setSSLParameters(SSLParameters params)

Source Link

Document

Applies SSLParameters to this engine.

Usage

From source file:mitm.BouncyCastleSslEngineSource.java

private boolean tryHostNameVerificationJava7(SSLEngine sslEngine) {
    for (Method method : SSLParameters.class.getMethods()) {
        // method is available since Java 7
        if ("setEndpointIdentificationAlgorithm".equals(method.getName())) {
            SSLParameters sslParams = new SSLParameters();
            try {
                method.invoke(sslParams, "HTTPS");
            } catch (IllegalAccessException e) {
                LOG.debug("SSLParameters#setEndpointIdentificationAlgorithm", e);
                return false;
            } catch (InvocationTargetException e) {
                LOG.debug("SSLParameters#setEndpointIdentificationAlgorithm", e);
                return false;
            }/*from  w w  w  .j  a va 2s.  co m*/
            sslEngine.setSSLParameters(sslParams);
            return true;
        }
    }
    return false;
}

From source file:org.elasticsearch.xpack.core.ssl.SSLService.java

/**
 * Creates an {@link SSLEngine} based on the provided configuration. This SSLEngine can be used for a connection that requires
 * hostname verification assuming the provided
 * host and port are correct. The SSLEngine created by this method is most useful for clients with hostname verification enabled
 * @param configuration the ssl configuration
 * @param host the host of the remote endpoint. If using hostname verification, this should match what is in the remote endpoint's
 *             certificate/*from w  ww  .j a v  a2  s .  c o m*/
 * @param port the port of the remote endpoint
 * @return {@link SSLEngine}
 * @see #sslConfiguration(Settings, Settings)
 */
public SSLEngine createSSLEngine(SSLConfiguration configuration, String host, int port) {
    SSLContext sslContext = sslContext(configuration);
    SSLEngine sslEngine = sslContext.createSSLEngine(host, port);
    String[] ciphers = supportedCiphers(sslEngine.getSupportedCipherSuites(), configuration.cipherSuites(),
            false);
    String[] supportedProtocols = configuration.supportedProtocols().toArray(Strings.EMPTY_ARRAY);
    SSLParameters parameters = new SSLParameters(ciphers, supportedProtocols);
    if (configuration.verificationMode().isHostnameVerificationEnabled() && host != null) {
        // By default, a SSLEngine will not perform hostname verification. In order to perform hostname verification
        // we need to specify a EndpointIdentificationAlgorithm. We use the HTTPS algorithm to prevent against
        // man in the middle attacks for all of our connections.
        parameters.setEndpointIdentificationAlgorithm("HTTPS");
    }
    // we use the cipher suite order so that we can prefer the ciphers we set first in the list
    parameters.setUseCipherSuitesOrder(true);
    configuration.sslClientAuth().configure(parameters);

    // many SSLEngine options can be configured using either SSLParameters or direct methods on the engine itself, but there is one
    // tricky aspect; if you set a value directly on the engine and then later set the SSLParameters the value set directly on the
    // engine will be overwritten by the value in the SSLParameters
    sslEngine.setSSLParameters(parameters);
    return sslEngine;
}