예제 #1
0
  public void testServerParametersClientAuthentication() throws Exception {
    SSLContext controlContext = SSLContext.getInstance("TLS");
    controlContext.init(null, null, null);
    SSLEngine controlEngine = controlContext.createSSLEngine();
    SSLServerSocket controlServerSocket =
        (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();

    SSLContextParameters scp = new SSLContextParameters();
    SSLContextServerParameters scsp = new SSLContextServerParameters();

    scp.setServerParameters(scsp);
    SSLContext context = scp.createSSLContext();

    SSLEngine engine = context.createSSLEngine();
    SSLServerSocket serverSocket =
        (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertEquals(controlServerSocket.getWantClientAuth(), serverSocket.getWantClientAuth());
    assertEquals(controlServerSocket.getNeedClientAuth(), serverSocket.getNeedClientAuth());
    assertEquals(controlEngine.getWantClientAuth(), engine.getWantClientAuth());
    assertEquals(controlEngine.getNeedClientAuth(), engine.getNeedClientAuth());

    // ClientAuthentication - NONE
    scsp.setClientAuthentication(ClientAuthentication.NONE.name());
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertEquals(false, serverSocket.getWantClientAuth());
    assertEquals(false, serverSocket.getNeedClientAuth());
    assertEquals(false, engine.getWantClientAuth());
    assertEquals(false, engine.getNeedClientAuth());

    // ClientAuthentication - WANT
    scsp.setClientAuthentication(ClientAuthentication.WANT.name());
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertEquals(true, serverSocket.getWantClientAuth());
    assertEquals(false, serverSocket.getNeedClientAuth());
    assertEquals(true, engine.getWantClientAuth());
    assertEquals(false, engine.getNeedClientAuth());

    // ClientAuthentication - REQUIRE
    scsp.setClientAuthentication(ClientAuthentication.REQUIRE.name());
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertEquals(false, serverSocket.getWantClientAuth());
    assertEquals(true, serverSocket.getNeedClientAuth());
    assertEquals(false, engine.getWantClientAuth());
    assertEquals(true, engine.getNeedClientAuth());
  }
예제 #2
0
 /** {@inheritDoc} */
 @Override
 public <T> T getOption(final Option<T> option) throws IOException {
   if (option == Options.SSL_CLIENT_AUTH_MODE) {
     return option.cast(
         engine.getNeedClientAuth()
             ? SslClientAuthMode.REQUIRED
             : engine.getWantClientAuth()
                 ? SslClientAuthMode.REQUESTED
                 : SslClientAuthMode.NOT_REQUESTED);
   } else {
     return option == Options.SECURE ? (T) Boolean.TRUE : delegate.getOption(option);
   }
 }
예제 #3
0
 /**
  * Start a new handshake operation for this channel.
  *
  * @see #handshake()
  * @throws SSLException
  */
 protected void reHandshake() throws SSLException {
   if (sslEngine.getWantClientAuth()) {
     CoyoteLogger.UTIL_LOGGER.debug("No client cert sent for want");
   } else {
     if (!sslEngine.getNeedClientAuth()) {
       sslEngine.setNeedClientAuth(true);
     } else {
       CoyoteLogger.UTIL_LOGGER.debug("Already need client cert");
     }
   }
   handshakeComplete = false;
   handshakeStatus = sslEngine.getHandshakeStatus();
   try {
     doHandshake();
   } catch (Exception e) {
     throw new SSLException(e);
   }
 }
예제 #4
0
 /** {@inheritDoc} */
 @Override
 public <T> T setOption(final Option<T> option, final T value)
     throws IllegalArgumentException, IOException {
   if (option == Options.SSL_CLIENT_AUTH_MODE) {
     try {
       return option.cast(
           engine.getNeedClientAuth()
               ? SslClientAuthMode.REQUIRED
               : engine.getWantClientAuth()
                   ? SslClientAuthMode.REQUESTED
                   : SslClientAuthMode.NOT_REQUESTED);
     } finally {
       engine.setNeedClientAuth(value == SslClientAuthMode.REQUIRED);
       engine.setWantClientAuth(value == SslClientAuthMode.REQUESTED);
     }
   } else if (option == Options.SECURE) {
     throw new IllegalArgumentException();
   } else {
     return delegate.setOption(option, value);
   }
 }