public void testSetEnabledProtocolsAffectsGetter() throws Exception {
   SSLServerSocket socket =
       (SSLServerSocket) SSLServerSocketFactory.getDefault().createServerSocket();
   String[] protocols = new String[] {socket.getSupportedProtocols()[0]};
   socket.setEnabledProtocols(protocols);
   assertEquals(Arrays.asList(protocols), Arrays.asList(socket.getEnabledProtocols()));
 }
  /**
   * Configures the given SSL server socket with the requested cipher suites, protocol versions, and
   * need for client authentication
   */
  private void initServerSocket(ServerSocket ssocket) {

    SSLServerSocket socket = (SSLServerSocket) ssocket;

    socket.setEnabledCipherSuites(enabledCiphers);
    socket.setEnabledProtocols(enabledProtocols);

    // we don't know if client auth is needed -
    // after parsing the request we may re-handshake
    configureClientAuth(socket);
    configureUseServerCipherSuitesOrder(socket);
  }
 public static TServerSocket getServerSSLSocket(
     String hiveHost,
     int portNum,
     String keyStorePath,
     String keyStorePassWord,
     List<String> sslVersionBlacklist,
     int socketTimeout,
     boolean keepAlive)
     throws TTransportException, UnknownHostException {
   TSSLTransportFactory.TSSLTransportParameters params =
       new TSSLTransportFactory.TSSLTransportParameters();
   params.setKeyStore(keyStorePath, keyStorePassWord);
   InetSocketAddress serverAddress;
   if (hiveHost == null || hiveHost.isEmpty()) {
     // Wildcard bind
     serverAddress = new InetSocketAddress(portNum);
   } else {
     serverAddress = new InetSocketAddress(hiveHost, portNum);
   }
   TServerSocket thriftServerSocket =
       TSSLTransportFactory.getServerSocket(
           portNum, socketTimeout, serverAddress.getAddress(), params);
   if (thriftServerSocket.getServerSocket() instanceof SSLServerSocket) {
     List<String> sslVersionBlacklistLocal = new ArrayList<String>();
     for (String sslVersion : sslVersionBlacklist) {
       sslVersionBlacklistLocal.add(sslVersion.trim().toLowerCase());
     }
     SSLServerSocket sslServerSocket = (SSLServerSocket) thriftServerSocket.getServerSocket();
     List<String> enabledProtocols = new ArrayList<String>();
     for (String protocol : sslServerSocket.getEnabledProtocols()) {
       if (sslVersionBlacklistLocal.contains(protocol.toLowerCase())) {
         LOG.debug("Disabling SSL Protocol: " + protocol);
       } else {
         enabledProtocols.add(protocol);
       }
     }
     sslServerSocket.setEnabledProtocols(enabledProtocols.toArray(new String[0]));
     LOG.info(
         "SSL Server Socket Enabled Protocols: "
             + Arrays.toString(sslServerSocket.getEnabledProtocols()));
   }
   if (keepAlive) {
     thriftServerSocket = new TServerSocketKeepAlive(thriftServerSocket.getServerSocket());
   }
   return thriftServerSocket;
 }
 public void setEnabledProtocols(String[] protocols) {
   s.setEnabledProtocols(protocols);
 }
 protected void setEnabledProtocols(SSLServerSocket socket, String[] protocols) {
   if (protocols != null) {
     socket.setEnabledProtocols(protocols);
   }
 }
  public void setConfiguration(ListenerConfigurationItem cfg, boolean noKeepAlive)
      throws KeyStoreException, NoSuchAlgorithmException, CertificateException,
          UnrecoverableKeyException, KeyManagementException, IOException {
    keepAlive = !noKeepAlive;
    config = cfg;

    Map props = config.getProperties();

    String s = (String) props.get("port");
    if (s != null) port = new Integer(s).intValue();

    s = (String) props.get("backlog");
    if (s != null) backlog = new Integer(s).intValue();

    if (keepAlive) {
      s = (String) props.get("keepAlive");
      if (s != null) keepAlive = new Boolean(s).booleanValue();
    }

    String useSSL = (String) props.get("useSSL");
    String trustAll = (String) props.get("trustAll");

    if (requiresSSL || "true".equalsIgnoreCase(useSSL)) {
      KeyManager[] keyManagers = null;
      TrustManager[] trustManagers = null;

      String keyManager = (String) props.get("keyManager");

      if (keyManager != null && keyManager.length() > 0) {
        try {
          KeyManager manager = (KeyManager) Configuration.getBean(keyManager);
          keyManagers = new KeyManager[] {manager};
        } catch (Exception e) {
          e.printStackTrace();
        }
      } else {
        String keystore = (String) props.get("keyStore");
        String keystoreType = (String) props.get("keyStoreType");
        String keystorePassword = (String) props.get("keyStorePassword");
        String keyPassword = (String) props.get("keyPassword");

        if (keystore != null) {
          if (keystoreType == null) keystoreType = "pkcs12";

          KeyStore ks = KeyStore.getInstance(keystoreType);
          ks.load(
              new FileInputStream(keystore),
              keystorePassword == null ? null : keystorePassword.toCharArray());

          KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
          kmf.init(ks, keyPassword == null ? null : keyPassword.toCharArray());
          keyManagers = kmf.getKeyManagers();
        }
      }

      String trustManager = (String) props.get("trustManager");

      if (trustManager != null && trustManager.length() > 0) {
        try {
          TrustManager manager = (TrustManager) Configuration.getBean(trustManager);
          trustManagers = new TrustManager[] {manager};
        } catch (Exception e) {
          e.printStackTrace();
        }
      } else if ("true".equalsIgnoreCase(trustAll)) {
        trustManagers =
            new TrustManager[] {
              new X509TrustManager() {
                public void checkClientTrusted(X509Certificate[] chain, String authType) {}

                public void checkServerTrusted(X509Certificate[] chain, String authType) {}

                public X509Certificate[] getAcceptedIssuers() {
                  return new X509Certificate[0];
                }
              }
            };
      } else {
        String keystore = (String) props.get("caStore");
        String keystoreType = (String) props.get("caStoreType");
        String keystorePassword = (String) props.get("caStorePassword");

        if (keystore != null) {
          if (keystoreType == null) keystoreType = "pkcs12";

          KeyStore caKeys = KeyStore.getInstance(keystoreType);
          caKeys.load(
              new FileInputStream(keystore),
              keystorePassword == null ? null : keystorePassword.toCharArray());
          TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
          tmf.init(caKeys);
          trustManagers = tmf.getTrustManagers();
        }
      }

      SSLContext sslContext = SSLContext.getInstance("SSLv3");
      sslContext.init(keyManagers, trustManagers, null);

      ServerSocketFactory socketFactory = sslContext.getServerSocketFactory();
      SSLServerSocket sslServerSocket =
          (SSLServerSocket) socketFactory.createServerSocket(port, backlog);
      serverSocket = sslServerSocket;

      if (sslWantClientAuth) sslServerSocket.setWantClientAuth(true);

      if (sslNeedClientAuth) sslServerSocket.setNeedClientAuth(true);

      if (sslEnabledProtocols != null) sslServerSocket.setEnabledProtocols(sslEnabledProtocols);

      if (sslEnabledCiphers != null) sslServerSocket.setEnabledCipherSuites(sslEnabledCiphers);

      usingSSL = true;
    } else {
      serverSocket = new ServerSocket(port, backlog);
    }

    serverSocket.setReuseAddress(true);
    setActive(true);
  }