Example usage for javax.net.ssl SSLServerSocket setEnabledProtocols

List of usage examples for javax.net.ssl SSLServerSocket setEnabledProtocols

  1. HOME
  2. Java
  3. javax
  4. javax.net.ssl.*
  5. SSLServerSocket
  6. setEnabledProtocols

Introduction

In this page you can find the example usage for javax.net.ssl SSLServerSocket setEnabledProtocols.

Prototype

public abstract void setEnabledProtocols(String protocols[]);

Source Link

Document

Controls which particular protocols are enabled for use by accepted connections.

Usage

From source file:net.i2p.util.I2PSSLSocketFactory.java

/**
 * Select protocols and cipher suites to be used
 * based on configured inclusion and exclusion lists
 * as well as enabled and supported protocols and cipher suites.
 *
 * Adapted from Jetty SslContextFactory.java
 *
 * @since 0.9.16/*from  ww w  .  j  av  a2s  .  c  om*/
 */
public static void setProtocolsAndCiphers(SSLServerSocket socket) {
    String[] p = selectProtocols(socket.getEnabledProtocols(), socket.getSupportedProtocols());
    for (int i = 0; i < p.length; i++) {
        // if we left SSLv3 in there, we don't support TLS,
        // so we should't remove the SSL ciphers
        if (p[i].equals("SSLv3"))
            return;
    }
    socket.setEnabledProtocols(p);
    socket.setEnabledCipherSuites(
            selectCipherSuites(socket.getEnabledCipherSuites(), socket.getSupportedCipherSuites()));
}

From source file:com.predic8.membrane.core.transport.ssl.SSLContext.java

public ServerSocket createServerSocket(int port, int backlog, InetAddress bindAddress) throws IOException {
    SSLServerSocketFactory sslssf = sslc.getServerSocketFactory();
    SSLServerSocket sslss = (SSLServerSocket) sslssf.createServerSocket(port, backlog, bindAddress);
    applyCiphers(sslss);//from  ww  w  . ja  v a 2 s.c o  m
    if (protocols != null) {
        sslss.setEnabledProtocols(protocols);
    } else {
        String[] protocols = sslss.getEnabledProtocols();
        Set<String> set = new HashSet<String>();
        for (String protocol : protocols) {
            if (protocol.equals("SSLv3") || protocol.equals("SSLv2Hello")) {
                continue;
            }
            set.add(protocol);
        }
        sslss.setEnabledProtocols(set.toArray(new String[0]));
    }
    sslss.setWantClientAuth(wantClientAuth);
    sslss.setNeedClientAuth(needClientAuth);
    return sslss;
}

From source file:org.nectarframework.base.service.nanohttp.NanoHttpService.java

/**
 * Creates an SSLSocketFactory for HTTPS. Pass a KeyStore resource with your
 * certificate and passphrase/*ww  w  . j  a v  a 2  s .  c om*/
 */
public ServerSocket makeSSLServerSocket(String keyAndTrustStoreClasspathPath, char[] passphrase)
        throws IOException {
    try {
        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream keystoreStream = new FileInputStream(new File(keyAndTrustStoreClasspathPath));

        keystore.load(keystoreStream, passphrase);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory
                .getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keystore, passphrase);

        SSLServerSocketFactory res = null;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory
                    .getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keystore);
            SSLContext ctx = SSLContext.getInstance("TLS");
            ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            res = ctx.getServerSocketFactory();

        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }

        SSLServerSocket ss = null;
        ss = (SSLServerSocket) res.createServerSocket();
        ss.setEnabledProtocols(ss.getSupportedProtocols());
        ss.setUseClientMode(false);
        ss.setWantClientAuth(false);
        ss.setNeedClientAuth(false);

        return ss;

    } catch (Exception e) {
        throw new IOException(e.getMessage());
    }
}

From source file:net.jradius.server.TCPListener.java

public void setConfiguration(ListenerConfigurationItem cfg, boolean noKeepAlive)
        throws KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException,
        KeyManagementException, IOException {
    keepAlive = !noKeepAlive;/*from w ww  .j  av a2s .  c  om*/
    config = cfg;

    Map props = config.getProperties();

    String s = (String) props.get("port");
    if (s != null)
        port = new Integer(s).intValue();

    s = (String) props.get("backlog");
    if (s != null)
        backlog = new Integer(s).intValue();

    if (keepAlive) {
        s = (String) props.get("keepAlive");
        if (s != null)
            keepAlive = new Boolean(s).booleanValue();
    }

    String useSSL = (String) props.get("useSSL");
    String trustAll = (String) props.get("trustAll");

    if (requiresSSL || "true".equalsIgnoreCase(useSSL)) {
        KeyManager[] keyManagers = null;
        TrustManager[] trustManagers = null;

        String keyManager = (String) props.get("keyManager");

        if (keyManager != null && keyManager.length() > 0) {
            try {
                KeyManager manager = (KeyManager) Configuration.getBean(keyManager);
                keyManagers = new KeyManager[] { manager };
            } catch (Exception e) {
                e.printStackTrace();
            }
        } else {
            String keystore = (String) props.get("keyStore");
            String keystoreType = (String) props.get("keyStoreType");
            String keystorePassword = (String) props.get("keyStorePassword");
            String keyPassword = (String) props.get("keyPassword");

            if (keystore != null) {
                if (keystoreType == null)
                    keystoreType = "pkcs12";

                KeyStore ks = KeyStore.getInstance(keystoreType);
                ks.load(new FileInputStream(keystore),
                        keystorePassword == null ? null : keystorePassword.toCharArray());

                KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
                kmf.init(ks, keyPassword == null ? null : keyPassword.toCharArray());
                keyManagers = kmf.getKeyManagers();
            }
        }

        String trustManager = (String) props.get("trustManager");

        if (trustManager != null && trustManager.length() > 0) {
            try {
                TrustManager manager = (TrustManager) Configuration.getBean(trustManager);
                trustManagers = new TrustManager[] { manager };
            } catch (Exception e) {
                e.printStackTrace();
            }
        } else if ("true".equalsIgnoreCase(trustAll)) {
            trustManagers = new TrustManager[] { new X509TrustManager() {
                public void checkClientTrusted(X509Certificate[] chain, String authType) {

                }

                public void checkServerTrusted(X509Certificate[] chain, String authType) {

                }

                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            } };
        } else {
            String keystore = (String) props.get("caStore");
            String keystoreType = (String) props.get("caStoreType");
            String keystorePassword = (String) props.get("caStorePassword");

            if (keystore != null) {
                if (keystoreType == null)
                    keystoreType = "pkcs12";

                KeyStore caKeys = KeyStore.getInstance(keystoreType);
                caKeys.load(new FileInputStream(keystore),
                        keystorePassword == null ? null : keystorePassword.toCharArray());
                TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
                tmf.init(caKeys);
                trustManagers = tmf.getTrustManagers();
            }
        }

        SSLContext sslContext = SSLContext.getInstance("SSLv3");
        sslContext.init(keyManagers, trustManagers, null);

        ServerSocketFactory socketFactory = sslContext.getServerSocketFactory();
        SSLServerSocket sslServerSocket = (SSLServerSocket) socketFactory.createServerSocket(port, backlog);
        serverSocket = sslServerSocket;

        if (sslWantClientAuth)
            sslServerSocket.setWantClientAuth(true);

        if (sslNeedClientAuth)
            sslServerSocket.setNeedClientAuth(true);

        if (sslEnabledProtocols != null)
            sslServerSocket.setEnabledProtocols(sslEnabledProtocols);

        if (sslEnabledCiphers != null)
            sslServerSocket.setEnabledCipherSuites(sslEnabledCiphers);

        usingSSL = true;
    } else {
        serverSocket = new ServerSocket(port, backlog);
    }

    serverSocket.setReuseAddress(true);
    setActive(true);
}

From source file:com.adito.server.jetty.CustomJsseListener.java

protected ServerSocket newServerSocket(InetAddrPort p_address, int p_acceptQueueSize) throws IOException {
    SSLServerSocket serverSocket = (SSLServerSocket) super.newServerSocket(p_address, p_acceptQueueSize);
    if (serverSocket.getNeedClientAuth()) {

        serverSocket.setNeedClientAuth(require);
        setNeedClientAuth(require);/*from   w w w  . j  a  v a 2 s  .c  o  m*/
        if (!require)
            serverSocket.setWantClientAuth(true);
    }

    String[] ciphers = serverSocket.getSupportedCipherSuites();
    String[] protocols = serverSocket.getSupportedProtocols();

    if (log.isInfoEnabled()) {
        log.info("The following protocols are supported:");
        for (int i = 0; i < protocols.length; i++) {
            log.info("     " + protocols[i]);
        }
    }

    if (createAvailableCipherSuitesList) {
        File f = new File(ContextHolder.getContext().getTempDirectory(), "availableCipherSuites.txt");
        BufferedWriter writer = null;

        try {
            writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(f)));
            if (log.isInfoEnabled())
                log.info("The following cipher suites are supported:");
            for (int i = 0; i < ciphers.length; i++) {
                if (log.isInfoEnabled())
                    log.info("     " + ciphers[i]);
                writer.write(ciphers[i]);
                writer.newLine();
            }
        } catch (Throwable e) {
            log.error("Could not create cipher list!", e);
            configureContext = false;
        } finally {
            if (writer != null)
                writer.close();
        }
        createAvailableCipherSuitesList = false;
    }

    if (configureContext) {

        PropertyList list = ContextHolder.getContext().getConfig()
                .retrievePropertyList(new ContextKey("ssl.supportedProtocols"));

        if (!list.isEmpty()) {
            serverSocket.setEnabledProtocols(list.asArray());
        }

        list = ContextHolder.getContext().getConfig()
                .retrievePropertyList(new ContextKey("ssl.supportedCiphers"));

        if (!list.isEmpty()) {
            serverSocket.setEnabledCipherSuites(list.asArray());
        }
    }

    protocols = serverSocket.getEnabledProtocols();

    if (log.isInfoEnabled()) {
        log.info("The following protocols are enabled:");
        for (int i = 0; i < protocols.length; i++) {
            log.info("     " + protocols[i]);
        }
    }

    ciphers = serverSocket.getEnabledCipherSuites();
    if (log.isInfoEnabled()) {
        log.info("The following cipher suites are enabled:");
        for (int i = 0; i < ciphers.length; i++) {
            log.info("     " + ciphers[i]);
        }
    }

    return serverSocket;
}

From source file:org.apache.cassandra.security.SSLFactory.java

public static SSLServerSocket getServerSocket(EncryptionOptions options, InetAddress address, int port)
        throws IOException {
    SSLContext ctx = createSSLContext(options, true);
    SSLServerSocket serverSocket = (SSLServerSocket) ctx.getServerSocketFactory().createServerSocket();
    serverSocket.setReuseAddress(true);/*from  ww  w.j a  v  a2s.  c o m*/
    String[] suits = filterCipherSuites(serverSocket.getSupportedCipherSuites(), options.cipher_suites);
    serverSocket.setEnabledCipherSuites(suits);
    serverSocket.setNeedClientAuth(options.require_client_auth);
    serverSocket.setEnabledProtocols(ACCEPTED_PROTOCOLS);
    serverSocket.bind(new InetSocketAddress(address, port), 500);
    return serverSocket;
}

From source file:org.apache.geode.internal.net.SocketCreator.java

/**
 * Configure the SSLServerSocket based on this SocketCreator's settings.
 *///from w  ww . j  av a  2 s.  c  o m
private void finishServerSocket(SSLServerSocket serverSocket) throws IOException {
    serverSocket.setUseClientMode(false);
    if (this.sslConfig.isRequireAuth()) {
        // serverSocket.setWantClientAuth( true );
        serverSocket.setNeedClientAuth(true);
    }
    serverSocket.setEnableSessionCreation(true);

    // restrict protocols
    String[] protocols = this.sslConfig.getProtocolsAsStringArray();
    if (!"any".equalsIgnoreCase(protocols[0])) {
        serverSocket.setEnabledProtocols(protocols);
    }
    // restrict ciphers
    String[] ciphers = this.sslConfig.getCiphersAsStringArray();
    if (!"any".equalsIgnoreCase(ciphers[0])) {
        serverSocket.setEnabledCipherSuites(ciphers);
    }
}

From source file:org.glite.security.trustmanager.tomcat.TMSSLServerSocketFactory.java

/**
 * DOCUMENT ME!//from   www  .  ja  v a2  s .  c om
 *
 * @param socket DOCUMENT ME!
 * @param protocols DOCUMENT ME!
 */
protected void setEnabledProtocols(SSLServerSocket socket, String[] protocols) {
    LOGGER.debug("TMSSLServerSocketFactory.setEnabledProtocols:");

    if (protocols != null) {
        socket.setEnabledProtocols(protocols);
    }
}

From source file:org.jsslutils.extra.apachetomcat5.JSSLutilsJSSESocketFactory.java

/**
 * Set the SSL protocol variants to be enabled.
 * //from   ww  w .j  ava  2 s . c o  m
 * @param socket
 *            the SSLServerSocket.
 * @param protocols
 *            the protocols to use.
 */
protected void setEnabledProtocols(SSLServerSocket socket, String[] protocols) {
    if (protocols != null) {
        socket.setEnabledProtocols(protocols);
    }
}

From source file:org.lockss.protocol.BlockingStreamComm.java

private void disableSelectedProtocols(SSLServerSocket sock) {
    if (paramDisableSslServerProtocols == null)
        return;//from  ww  w.jav  a2 s. c  o  m
    Set<String> enaprotos = new HashSet<String>();
    for (String s : sock.getEnabledProtocols()) {
        if (paramDisableSslServerProtocols.contains(s)) {
            continue;
        }
        enaprotos.add(s);
    }
    sock.setEnabledProtocols(enaprotos.toArray(new String[0]));
}