Example usage for javax.net.ssl SSLSocket setEnabledProtocols

List of usage examples for javax.net.ssl SSLSocket setEnabledProtocols

  1. HOME
  2. Java
  3. javax
  4. javax.net.ssl.*
  5. SSLSocket
  6. setEnabledProtocols

Introduction

In this page you can find the example usage for javax.net.ssl SSLSocket setEnabledProtocols.

Prototype

public abstract void setEnabledProtocols(String protocols[]);

Source Link

Document

Sets the protocol versions enabled for use on this connection.

Usage

From source file:com.digitalpebble.storm.crawler.protocol.http.HttpResponse.java

/**
 * Default public constructor./*from  ww w .jav  a2 s.  c om*/
 * 
 * @param http
 * @param url
 * @param knownMetadata
 * @throws IOException
 * @throws HttpException
 */
public HttpResponse(HttpProtocol http, URL url, Metadata knownMetadata) throws IOException, HttpException {

    this.http = http;
    this.url = url;

    Scheme scheme = null;

    if ("http".equals(url.getProtocol())) {
        scheme = Scheme.HTTP;
    } else if ("https".equals(url.getProtocol())) {
        scheme = Scheme.HTTPS;
    } else {
        throw new IOException("Unknown scheme (not http/https) for url:" + url);
    }

    String path = "".equals(url.getFile()) ? "/" : url.getFile();

    // some servers will redirect a request with a host line like
    // "Host: <hostname>:80" to "http://<hpstname>/<orig_path>"- they
    // don't want the :80...

    String host = url.getHost();
    int port;
    String portString;
    if (url.getPort() == -1) {
        if (scheme == Scheme.HTTP) {
            port = 80;
        } else {
            port = 443;
        }
        portString = "";
    } else {
        port = url.getPort();
        portString = ":" + port;
    }
    Socket socket = null;

    try {
        socket = new Socket(); // create the socket
        socket.setSoTimeout(http.getTimeout());

        // connect
        String sockHost = http.useProxy() ? http.getProxyHost() : host;
        int sockPort = http.useProxy() ? http.getProxyPort() : port;
        InetSocketAddress sockAddr = new InetSocketAddress(sockHost, sockPort);
        socket.connect(sockAddr, http.getTimeout());

        if (scheme == Scheme.HTTPS) {
            SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
            SSLSocket sslsocket = (SSLSocket) factory.createSocket(socket, sockHost, sockPort, true);
            sslsocket.setUseClientMode(true);

            // Get the protocols and ciphers supported by this JVM
            Set<String> protocols = new HashSet<String>(Arrays.asList(sslsocket.getSupportedProtocols()));
            Set<String> ciphers = new HashSet<String>(Arrays.asList(sslsocket.getSupportedCipherSuites()));

            // Intersect with preferred protocols and ciphers
            protocols.retainAll(http.getTlsPreferredProtocols());
            ciphers.retainAll(http.getTlsPreferredCipherSuites());

            sslsocket.setEnabledProtocols(protocols.toArray(new String[protocols.size()]));
            sslsocket.setEnabledCipherSuites(ciphers.toArray(new String[ciphers.size()]));

            sslsocket.startHandshake();
            socket = sslsocket;
        }

        this.conf = http.getConf();
        if (ConfUtils.getBoolean(conf, "store.ip.address", false) == true) {
            headers.setValue("_ip_", sockAddr.getAddress().getHostAddress());
        }

        // make request
        OutputStream req = socket.getOutputStream();

        StringBuffer reqStr = new StringBuffer("GET ");
        if (http.useProxy()) {
            reqStr.append(url.getProtocol() + "://" + host + portString + path);
        } else {
            reqStr.append(path);
        }

        reqStr.append(" HTTP/1.0\r\n");

        reqStr.append("Host: ");
        reqStr.append(host);
        reqStr.append(portString);
        reqStr.append("\r\n");

        reqStr.append("Accept-Encoding: x-gzip, gzip, deflate\r\n");

        String userAgent = http.getUserAgent();
        if ((userAgent == null) || (userAgent.length() == 0)) {
            if (HttpProtocol.LOGGER.isErrorEnabled()) {
                HttpProtocol.LOGGER.error("User-agent is not set!");
            }
        } else {
            reqStr.append("User-Agent: ");
            reqStr.append(userAgent);
            reqStr.append("\r\n");
        }

        reqStr.append("Accept-Language: ");
        reqStr.append(this.http.getAcceptLanguage());
        reqStr.append("\r\n");

        reqStr.append("Accept: ");
        reqStr.append(this.http.getAccept());
        reqStr.append("\r\n");

        if (knownMetadata != null) {
            String ifModifiedSince = knownMetadata.getFirstValue("cachedLastModified");
            if (StringUtils.isNotBlank(ifModifiedSince)) {
                reqStr.append("If-Modified-Since: ");
                reqStr.append(ifModifiedSince);
                reqStr.append("\r\n");
            }

            String ifNoneMatch = knownMetadata.getFirstValue("cachedEtag");
            if (StringUtils.isNotBlank(ifNoneMatch)) {
                reqStr.append("If-None-Match: ");
                reqStr.append(ifNoneMatch);
                reqStr.append("\r\n");
            }
        }

        reqStr.append("\r\n");

        // @see http://www.w3.org/Protocols/rfc2068/rfc2068.txt for default
        // charset
        // TODO use UTF-8 and set a charset value explicitely
        byte[] reqBytes = reqStr.toString().getBytes(StandardCharsets.ISO_8859_1);

        req.write(reqBytes);
        req.flush();

        PushbackInputStream in = // process response
                new PushbackInputStream(
                        new BufferedInputStream(socket.getInputStream(), HttpProtocol.BUFFER_SIZE),
                        HttpProtocol.BUFFER_SIZE);

        StringBuffer line = new StringBuffer();

        boolean haveSeenNonContinueStatus = false;
        while (!haveSeenNonContinueStatus) {
            // parse status code line
            this.code = parseStatusLine(in, line);
            // parse headers
            parseHeaders(in, line);
            haveSeenNonContinueStatus = code != 100; // 100 is
                                                     // "Continue"
        }
        String transferEncoding = getHeader(HttpHeaders.TRANSFER_ENCODING);
        if (transferEncoding != null && "chunked".equalsIgnoreCase(transferEncoding.trim())) {
            readChunkedContent(in, line);
        } else {
            readPlainContent(in);
        }

        String contentEncoding = getHeader(HttpHeaders.CONTENT_ENCODING);
        if ("gzip".equals(contentEncoding) || "x-gzip".equals(contentEncoding)) {
            content = http.processGzipEncoded(content, url);
        } else if ("deflate".equals(contentEncoding)) {
            content = http.processDeflateEncoded(content, url);
        } else {
            HttpProtocol.LOGGER.trace("fetched {}  bytes from {}", content.length, url);
        }

    } finally {
        if (socket != null)
            socket.close();
    }

}

From source file:com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.java

/**
 * {@inheritDoc}/*from  w  w  w.  j a v  a2  s.  c  o m*/
 * 
 * Used to enforce the preferred TLS protocol during SSL handshake.
 */
@Override
protected final void prepareSocket(final SSLSocket socket) {
    String[] supported = socket.getSupportedProtocols();
    String[] enabled = socket.getEnabledProtocols();
    if (log.isDebugEnabled()) {
        log.debug("socket.getSupportedProtocols(): " + Arrays.toString(supported)
                + ", socket.getEnabledProtocols(): " + Arrays.toString(enabled));
    }
    List<String> target = new ArrayList<String>();
    if (supported != null) {
        // Append the preferred protocols in descending order of preference
        // but only do so if the protocols are supported
        TLSProtocol[] values = TLSProtocol.values();
        for (int i = 0; i < values.length; i++) {
            final String pname = values[i].getProtocolName();
            if (existsIn(pname, supported))
                target.add(pname);
        }
    }
    if (enabled != null) {
        // Append the rest of the already enabled protocols to the end
        // if not already included in the list
        for (String pname : enabled) {
            if (!target.contains(pname))
                target.add(pname);
        }
    }
    if (target.size() > 0) {
        String[] enabling = target.toArray(new String[target.size()]);
        socket.setEnabledProtocols(enabling);
        if (log.isDebugEnabled()) {
            log.debug("TLS protocol enabled for SSL handshake: " + Arrays.toString(enabling));
        }
    }
}

From source file:com.joyent.manta.http.MantaSSLConnectionSocketFactory.java

@Override
protected void prepareSocket(final SSLSocket socket) throws IOException {
    final Set<String> enabledProtocols = new LinkedHashSet<>(Arrays.asList(socket.getEnabledProtocols()));
    final Set<String> enabledCipherSuites = new LinkedHashSet<>(Arrays.asList(socket.getEnabledCipherSuites()));

    if (LOG.isDebugEnabled()) {
        LOG.debug("Enabled TLS protocols: {}", MantaUtils.asString(enabledProtocols));
        LOG.debug("Enabled cipher suites: {}", MantaUtils.asString(enabledCipherSuites));
    }//from w  w  w . j  a  v  a2 s  . c o m

    supportedCipherSuites.retainAll(enabledCipherSuites);

    if (!supportedCipherSuites.isEmpty()) {
        try {
            String[] supportedCiphers = new String[supportedCipherSuites.size()];
            supportedCipherSuites.toArray(supportedCiphers);
            socket.setEnabledCipherSuites(supportedCiphers);
        } catch (IllegalArgumentException e) {
            String msg = String.format("Unsupported encryption provider. Supported providers: %s",
                    MantaUtils.asString(socket.getEnabledCipherSuites()));
            throw new ConfigurationException(msg, e);
        }
    }

    supportedProtocols.retainAll(enabledProtocols);

    if (!supportedProtocols.isEmpty()) {
        String[] supportedProtos = new String[supportedProtocols.size()];
        supportedProtocols.toArray(supportedProtos);
        socket.setEnabledProtocols(supportedProtos);
    }

    if (LOG.isDebugEnabled()) {
        LOG.debug("Supported TLS protocols: {}", MantaUtils.asString(supportedProtocols));
        LOG.debug("Supported cipher suites: {}", MantaUtils.asString(supportedCipherSuites));
    }
}

From source file:com.ksc.http.conn.ssl.SdkTLSSocketFactory.java

/**
 * {@inheritDoc} Used to enforce the preferred TLS protocol during SSL handshake.
 */// w  w w .j  a  v  a 2  s. c o m
@Override
protected final void prepareSocket(final SSLSocket socket) {
    String[] supported = socket.getSupportedProtocols();
    String[] enabled = socket.getEnabledProtocols();
    if (LOG.isDebugEnabled()) {
        LOG.debug("socket.getSupportedProtocols(): " + Arrays.toString(supported)
                + ", socket.getEnabledProtocols(): " + Arrays.toString(enabled));
    }
    List<String> target = new ArrayList<String>();
    if (supported != null) {
        // Append the preferred protocols in descending order of preference
        // but only do so if the protocols are supported
        TLSProtocol[] values = TLSProtocol.values();
        for (int i = 0; i < values.length; i++) {
            final String pname = values[i].getProtocolName();
            if (existsIn(pname, supported)) {
                target.add(pname);
            }
        }
    }
    if (enabled != null) {
        // Append the rest of the already enabled protocols to the end
        // if not already included in the list
        for (String pname : enabled) {
            if (!target.contains(pname)) {
                target.add(pname);
            }
        }
    }
    if (target.size() > 0) {
        String[] enabling = target.toArray(new String[target.size()]);
        socket.setEnabledProtocols(enabling);
        if (LOG.isDebugEnabled()) {
            LOG.debug("TLS protocol enabled for SSL handshake: " + Arrays.toString(enabling));
        }
    }
}

From source file:org.apache.axis2.transport.http.SSLProtocolSocketFactory.java

private Socket enableSocketProtocols(Socket socket) {
    if (!(socket instanceof SSLSocket)) {
        return socket;
    }/*  w  w w .j  a  va 2s.  co m*/
    // check the system property(https.protocols). if not set returns the default socket
    String httpsProtocols = System.getProperty(HTTPS_PROTOCOLS_KEY);
    if (httpsProtocols == null) {
        return socket;
    }

    // set https protocols to the socket.
    SSLSocket sslSocket = (SSLSocket) socket;
    sslSocket.setEnabledProtocols(httpsProtocols.split(PROTOCOLS_SEPARATOR));
    return sslSocket;
}

From source file:org.apache.cassandra.security.SSLFactory.java

/** Create a socket and connect */
public static SSLSocket getSocket(EncryptionOptions options, InetAddress address, int port,
        InetAddress localAddress, int localPort) throws IOException {
    SSLContext ctx = createSSLContext(options, true);
    SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket(address, port, localAddress, localPort);
    String[] suits = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites);
    socket.setEnabledCipherSuites(suits);
    socket.setEnabledProtocols(ACCEPTED_PROTOCOLS);
    return socket;
}

From source file:org.apache.cassandra.security.SSLFactory.java

/** Create a socket and connect, using any local address */
public static SSLSocket getSocket(EncryptionOptions options, InetAddress address, int port) throws IOException {
    SSLContext ctx = createSSLContext(options, true);
    SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket(address, port);
    String[] suits = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites);
    socket.setEnabledCipherSuites(suits);
    socket.setEnabledProtocols(ACCEPTED_PROTOCOLS);
    return socket;
}

From source file:org.apache.cassandra.security.SSLFactory.java

/** Just create a socket */
public static SSLSocket getSocket(EncryptionOptions options) throws IOException {
    SSLContext ctx = createSSLContext(options, true);
    SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket();
    String[] suits = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites);
    socket.setEnabledCipherSuites(suits);
    socket.setEnabledProtocols(ACCEPTED_PROTOCOLS);
    return socket;
}

From source file:org.apache.geode.internal.net.SocketCreator.java

/**
 * When a socket is accepted from a server socket, it should be passed to this method for SSL
 * configuration./*from w  w  w  . ja v  a2 s.  c om*/
 */
private void configureClientSSLSocket(Socket socket, int timeout) throws IOException {
    if (socket instanceof SSLSocket) {
        SSLSocket sslSocket = (SSLSocket) socket;

        sslSocket.setUseClientMode(true);
        sslSocket.setEnableSessionCreation(true);

        String[] protocols = this.sslConfig.getProtocolsAsStringArray();

        // restrict cyphers
        if (protocols != null && !"any".equalsIgnoreCase(protocols[0])) {
            sslSocket.setEnabledProtocols(protocols);
        }
        String[] ciphers = this.sslConfig.getCiphersAsStringArray();
        if (ciphers != null && !"any".equalsIgnoreCase(ciphers[0])) {
            sslSocket.setEnabledCipherSuites(ciphers);
        }

        try {
            if (timeout > 0) {
                sslSocket.setSoTimeout(timeout);
            }
            sslSocket.startHandshake();
            SSLSession session = sslSocket.getSession();
            Certificate[] peer = session.getPeerCertificates();
            if (logger.isDebugEnabled()) {
                logger.debug(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_CONNECTION_FROM_PEER_0,
                        ((X509Certificate) peer[0]).getSubjectDN()));
            }
        } catch (SSLHandshakeException ex) {
            logger.fatal(
                    LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1,
                            new Object[] { socket.getInetAddress(), Integer.valueOf(socket.getPort()) }),
                    ex);
            throw ex;
        } catch (SSLPeerUnverifiedException ex) {
            if (this.sslConfig.isRequireAuth()) {
                logger.fatal(LocalizedMessage
                        .create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER), ex);
                throw ex;
            }
        } catch (SSLException ex) {
            logger.fatal(
                    LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1,
                            new Object[] { socket.getInetAddress(), Integer.valueOf(socket.getPort()) }),
                    ex);
            throw ex;
        }

    }
}

From source file:org.apache.jmeter.util.HttpSSLProtocolSocketFactory.java

private void setSocket(Socket socket) {
    if (!(socket instanceof SSLSocket)) {
        throw new IllegalArgumentException("Expected SSLSocket");
    }//from   ww  w  .  j  a v a  2 s  .com
    SSLSocket sock = (SSLSocket) socket;
    if (protocolList.length() > 0) {
        try {
            sock.setEnabledProtocols(protocols);
        } catch (IllegalArgumentException e) {
            log.warn("Could not set protocol list: " + protocolList + ".");
            log.warn("Valid protocols are: " + join(sock.getSupportedProtocols()));
        }
    }
}