/** * Configure Client authentication for this version of JSSE. The JSSE included in Java 1.4 * supports the 'want' value. Prior versions of JSSE will treat 'want' as 'false'. * * @param socket the SSLServerSocket */ protected void configureClientAuth(SSLServerSocket socket) { if (wantClientAuth) { socket.setWantClientAuth(wantClientAuth); } else { socket.setNeedClientAuth(requireClientAuth); } }
public static void main(String[] args) throws Exception { SSLContext sslContext = createSSLContext(); SSLServerSocketFactory fact = sslContext.getServerSocketFactory(); SSLServerSocket sSock = (SSLServerSocket) fact.createServerSocket(Utils.PORT_NO); // client authenticate where possible sSock.setWantClientAuth(true); for (; ; ) { SSLSocket sslSock = (SSLSocket) sSock.accept(); try { sslSock.startHandshake(); } catch (IOException e) { continue; } readRequest(sslSock.getInputStream()); SSLSession session = sslSock.getSession(); try { Principal clientID = session.getPeerPrincipal(); System.out.println("client identified as: " + clientID); } catch (SSLPeerUnverifiedException e) { System.out.println("client not authenticated"); } sendResponse(sslSock.getOutputStream()); sslSock.close(); } }
public void run() { try { store = provideKeys ? getKeyStore(keys) : null; KeyManager[] keyManagers = store != null ? getKeyManagers(store) : null; TrustManager[] trustManagers = new TrustManager[] {trustManager}; SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagers, trustManagers, null); SSLServerSocket serverSocket = (SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket(); if (clientAuth == CLIENT_AUTH_WANTED) { serverSocket.setWantClientAuth(true); } else if (clientAuth == CLIENT_AUTH_NEEDED) { serverSocket.setNeedClientAuth(true); } else { serverSocket.setWantClientAuth(false); } serverSocket.bind(new InetSocketAddress(port)); SSLSocket clientSocket = (SSLSocket) serverSocket.accept(); InputStream istream = clientSocket.getInputStream(); byte[] buffer = new byte[1024]; istream.read(buffer); OutputStream ostream = clientSocket.getOutputStream(); ostream.write(testData.getBytes()); ostream.flush(); while (notFinished) { Thread.currentThread().sleep(500); } clientSocket.close(); serverSocket.close(); } catch (Exception ex) { exception = ex; } }
/** * Gets a server socket - this gets as SSL socket instead of the standard socket returned in the * base class. */ protected ServerSocket getServerSocket() throws IOException { // Just to make sure it's set before we start SSLContext context = getSSLContext(this.keystore, this.password); SSLServerSocketFactory factory = context.getServerSocketFactory(); SSLServerSocket ss = (SSLServerSocket) (this.listenAddress == null ? factory.createServerSocket(this.listenPort, BACKLOG_COUNT) : factory.createServerSocket( this.listenPort, BACKLOG_COUNT, InetAddress.getByName(this.listenAddress))); ss.setEnableSessionCreation(true); ss.setWantClientAuth(true); return ss; }
JSSEServer(CipherTest cipherTest) throws Exception { super(cipherTest); SSLContext serverContext = SSLContext.getInstance("TLS"); serverContext.init( new KeyManager[] {cipherTest.keyManager}, new TrustManager[] {cipherTest.trustManager}, cipherTest.secureRandom); SSLServerSocketFactory factory = (SSLServerSocketFactory) serverContext.getServerSocketFactory(); serverSocket = (SSLServerSocket) factory.createServerSocket(cipherTest.serverPort); cipherTest.serverPort = serverSocket.getLocalPort(); serverSocket.setEnabledCipherSuites(factory.getSupportedCipherSuites()); serverSocket.setWantClientAuth(true); }
private void doQRPCGTest(boolean sendTLS, boolean settingOn, boolean listenTLS) throws Exception { if(settingOn) networkManagerStub.setOutgoingTLSEnabled(true); setAccepted(false); BlockingConnectionUtils.drain(testUP[0]); // make sure leaf is sharing assertEquals(2, gnutellaFileView.size()); assertEquals(1, connectionManager.getNumConnections()); // send a query that should be answered QueryRequest query = queryRequestFactory.createQueryRequest(GUID.makeGuid(), (byte) 1, "berkeley", null, null, null, false, Network.UNKNOWN, false, 0); testUP[0].send(query); testUP[0].flush(); // await a response Message m; do { m = testUP[0].receive(TIMEOUT); } while (!(m instanceof QueryReply)); // confirm it has proxy info QueryReply reply = (QueryReply) m; assertNotNull(reply.getPushProxies()); // check out PushProxy info Set proxies = reply.getPushProxies(); assertEquals(1, proxies.size()); Iterator iter = proxies.iterator(); IpPort ppi = (IpPort) iter.next(); assertEquals(ppi.getPort(), 6355); assertTrue(ppi.getInetAddress().equals(testUP[0].getInetAddress())); // set up a ServerSocket to get give on ServerSocket ss; if(listenTLS) { SSLContext context = SSLUtils.getTLSContext(); SSLServerSocket sslServer = (SSLServerSocket)context.getServerSocketFactory().createServerSocket(); sslServer.setNeedClientAuth(false); sslServer.setWantClientAuth(false); sslServer.setEnabledCipherSuites(new String[] {"TLS_DH_anon_WITH_AES_128_CBC_SHA"}); ss = sslServer; } else { ss = new ServerSocket(); } try { ss.setReuseAddress(true); ss.setSoTimeout(TIMEOUT); ss.bind(new InetSocketAddress(9000)); // test that the client responds to a PushRequest PushRequest pr = new PushRequestImpl(GUID.makeGuid(), (byte) 1, applicationServices.getMyGUID(), 0, InetAddress.getLocalHost().getAddress(), 9000, Network.TCP, sendTLS); // send the PR off testUP[0].send(pr); testUP[0].flush(); // we should get a incoming GIV Socket givSock = ss.accept(); try { assertNotNull(givSock); // start reading and confirming the HTTP request String currLine; BufferedReader reader = new BufferedReader( new InputStreamReader(givSock.getInputStream())); // confirm a GIV currLine = reader.readLine(); GUID guid = new GUID( applicationServices.getMyGUID()); String givLine = "GIV 0:" + guid.toHexString(); assertTrue(currLine.startsWith(givLine)); } finally { givSock.close(); } } finally { ss.close(); } }
public void setWantClientAuth(boolean flag) { if (ss instanceof SSLServerSocket) { ((SSLServerSocket) ss).setWantClientAuth(flag); } }
public void setWantClientAuth(boolean want) { s.setWantClientAuth(want); }
public void setConfiguration(ListenerConfigurationItem cfg, boolean noKeepAlive) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException, IOException { keepAlive = !noKeepAlive; config = cfg; Map props = config.getProperties(); String s = (String) props.get("port"); if (s != null) port = new Integer(s).intValue(); s = (String) props.get("backlog"); if (s != null) backlog = new Integer(s).intValue(); if (keepAlive) { s = (String) props.get("keepAlive"); if (s != null) keepAlive = new Boolean(s).booleanValue(); } String useSSL = (String) props.get("useSSL"); String trustAll = (String) props.get("trustAll"); if (requiresSSL || "true".equalsIgnoreCase(useSSL)) { KeyManager[] keyManagers = null; TrustManager[] trustManagers = null; String keyManager = (String) props.get("keyManager"); if (keyManager != null && keyManager.length() > 0) { try { KeyManager manager = (KeyManager) Configuration.getBean(keyManager); keyManagers = new KeyManager[] {manager}; } catch (Exception e) { e.printStackTrace(); } } else { String keystore = (String) props.get("keyStore"); String keystoreType = (String) props.get("keyStoreType"); String keystorePassword = (String) props.get("keyStorePassword"); String keyPassword = (String) props.get("keyPassword"); if (keystore != null) { if (keystoreType == null) keystoreType = "pkcs12"; KeyStore ks = KeyStore.getInstance(keystoreType); ks.load( new FileInputStream(keystore), keystorePassword == null ? null : keystorePassword.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, keyPassword == null ? null : keyPassword.toCharArray()); keyManagers = kmf.getKeyManagers(); } } String trustManager = (String) props.get("trustManager"); if (trustManager != null && trustManager.length() > 0) { try { TrustManager manager = (TrustManager) Configuration.getBean(trustManager); trustManagers = new TrustManager[] {manager}; } catch (Exception e) { e.printStackTrace(); } } else if ("true".equalsIgnoreCase(trustAll)) { trustManagers = new TrustManager[] { new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) {} public void checkServerTrusted(X509Certificate[] chain, String authType) {} public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } } }; } else { String keystore = (String) props.get("caStore"); String keystoreType = (String) props.get("caStoreType"); String keystorePassword = (String) props.get("caStorePassword"); if (keystore != null) { if (keystoreType == null) keystoreType = "pkcs12"; KeyStore caKeys = KeyStore.getInstance(keystoreType); caKeys.load( new FileInputStream(keystore), keystorePassword == null ? null : keystorePassword.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(caKeys); trustManagers = tmf.getTrustManagers(); } } SSLContext sslContext = SSLContext.getInstance("SSLv3"); sslContext.init(keyManagers, trustManagers, null); ServerSocketFactory socketFactory = sslContext.getServerSocketFactory(); SSLServerSocket sslServerSocket = (SSLServerSocket) socketFactory.createServerSocket(port, backlog); serverSocket = sslServerSocket; if (sslWantClientAuth) sslServerSocket.setWantClientAuth(true); if (sslNeedClientAuth) sslServerSocket.setNeedClientAuth(true); if (sslEnabledProtocols != null) sslServerSocket.setEnabledProtocols(sslEnabledProtocols); if (sslEnabledCiphers != null) sslServerSocket.setEnabledCipherSuites(sslEnabledCiphers); usingSSL = true; } else { serverSocket = new ServerSocket(port, backlog); } serverSocket.setReuseAddress(true); setActive(true); }