// Method for creating a socket private static SSLServerSocket createSecureSocket() throws Exception { // Generate a generic server SSLServerSocket server = (SSLServerSocket) SSLServerSocketFactory.getDefault().createServerSocket(2877); // Enable ciphers server.setEnabledCipherSuites(server.getSupportedCipherSuites()); // Return the socket return server; /*//Key password and file char[] keyPass = "******".toCharArray(); InputStream keyStream = HID.class.getResourceAsStream( "/com/arkazex/frc2877/signin/ssl.key"); //Load the key store KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(keyStream, keyPass); //Initialize the key manager factory KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keyPass); //Get the key managers KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); //Initialize the SSL context SSLContext sslContext = SSLContext.getDefault(); sslContext.init(keyManagers, null, new SecureRandom()); //Get the socket factory SSLServerSocketFactory factory = sslContext.getServerSocketFactory(); //Get the socket return (SSLServerSocket) factory.createServerSocket(2877); */ }
public void testSetEnabledCipherSuitesAffectsGetter() throws Exception { SSLServerSocket socket = (SSLServerSocket) SSLServerSocketFactory.getDefault().createServerSocket(); String[] cipherSuites = new String[] {socket.getSupportedCipherSuites()[0]}; socket.setEnabledCipherSuites(cipherSuites); assertEquals(Arrays.asList(cipherSuites), Arrays.asList(socket.getEnabledCipherSuites())); }
public static void main(String[] args) throws Exception { try { Class.forName("javax.security.auth.kerberos.KerberosPrincipal"); System.out.println("Kerberos is present, nothing to test"); return; } catch (ClassNotFoundException okay) { } // test SSLSocket try (Socket s = SSLSocketFactory.getDefault().createSocket()) { SSLSocket sslSocket = (SSLSocket) s; checkNotSupported(sslSocket.getSupportedCipherSuites()); // attempt to enable each of the Kerberos cipher suites for (String kcs : KERBEROS_CIPHER_SUITES) { String[] suites = {kcs}; try { sslSocket.setEnabledCipherSuites(suites); throw new RuntimeException( "SSLSocket.setEnabledCipherSuitessuites allowed " + kcs + " but Kerberos not supported"); } catch (IllegalArgumentException expected) { } } } // test SSLServerSocket try (ServerSocket ss = SSLServerSocketFactory.getDefault().createServerSocket()) { SSLServerSocket sslSocket = (SSLServerSocket) ss; checkNotSupported(sslSocket.getSupportedCipherSuites()); // attempt to enable each of the Kerberos cipher suites for (String kcs : KERBEROS_CIPHER_SUITES) { String[] suites = {kcs}; try { sslSocket.setEnabledCipherSuites(suites); throw new RuntimeException( "SSLSocket.setEnabledCipherSuitessuites allowed " + kcs + " but Kerberos not supported"); } catch (IllegalArgumentException expected) { } } } }
public String[] getSupportedCipherSuites() { return s.getSupportedCipherSuites(); }
public void testCipherSuitesFilter() throws Exception { SSLContext controlContext = SSLContext.getInstance("TLS"); controlContext.init(null, null, null); SSLEngine controlEngine = controlContext.createSSLEngine(); SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket(); SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); // default SSLContextParameters scp = new SSLContextParameters(); SSLContext context = scp.createSSLContext(); CipherSuitesParameters csp = new CipherSuitesParameters(); scp.setCipherSuites(csp); SSLEngine engine = context.createSSLEngine(); SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket(); SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertTrue( Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertTrue( Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites())); assertTrue( Arrays.equals( this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites())); // empty filter FilterParameters filter = new FilterParameters(); scp.setCipherSuitesFilter(filter); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertEquals(0, engine.getEnabledCipherSuites().length); assertEquals(0, socket.getEnabledCipherSuites().length); assertEquals(0, serverSocket.getEnabledCipherSuites().length); // explicit filter filter.getInclude().add(".*"); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertEquals(0, engine.getEnabledCipherSuites().length); assertEquals(0, socket.getEnabledCipherSuites().length); assertEquals(0, serverSocket.getEnabledCipherSuites().length); // explicit filter with excludes (excludes overrides) filter.getExclude().add(".*"); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertEquals(0, engine.getEnabledCipherSuites().length); assertEquals(0, socket.getEnabledCipherSuites().length); assertEquals(0, serverSocket.getEnabledCipherSuites().length); // explicit filter single include filter.getInclude().clear(); filter.getExclude().clear(); csp.getCipherSuite().add("TLS_RSA_WITH_AES_128_CBC_SHA"); filter.getInclude().add("TLS.*"); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); // not all platforms/JDKs have these cipher suites if (!isPlatform("aix")) { assertTrue(engine.getEnabledCipherSuites().length >= 1); assertStartsWith(engine.getEnabledCipherSuites(), "TLS"); assertTrue(socket.getEnabledCipherSuites().length >= 1); assertStartsWith(socket.getEnabledCipherSuites(), "TLS"); assertTrue(serverSocket.getEnabledCipherSuites().length >= 1); assertStartsWith(serverSocket.getEnabledCipherSuites(), "TLS"); } }
public void testCipherSuites() throws Exception { SSLContext controlContext = SSLContext.getInstance("TLS"); controlContext.init(null, null, null); SSLEngine controlEngine = controlContext.createSSLEngine(); SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket(); SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); // default SSLContextParameters scp = new SSLContextParameters(); SSLContext context = scp.createSSLContext(); SSLEngine engine = context.createSSLEngine(); SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket(); SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertTrue( Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertTrue( Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites())); assertTrue( Arrays.equals( this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites())); // empty csp CipherSuitesParameters csp = new CipherSuitesParameters(); scp.setCipherSuites(csp); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertEquals(0, engine.getEnabledCipherSuites().length); assertEquals(0, socket.getEnabledCipherSuites().length); assertEquals(0, serverSocket.getEnabledCipherSuites().length); // explicit csp csp.getCipherSuite().add(controlEngine.getEnabledCipherSuites()[0]); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertEquals(1, engine.getEnabledCipherSuites().length); assertEquals(controlEngine.getEnabledCipherSuites()[0], engine.getEnabledCipherSuites()[0]); assertEquals(1, socket.getEnabledCipherSuites().length); assertEquals(controlEngine.getEnabledCipherSuites()[0], socket.getEnabledCipherSuites()[0]); assertEquals(1, serverSocket.getEnabledCipherSuites().length); assertEquals( controlEngine.getEnabledCipherSuites()[0], serverSocket.getEnabledCipherSuites()[0]); // explicit csp overrides filter FilterParameters filter = new FilterParameters(); filter.getInclude().add(".*"); scp.setCipherSuitesFilter(filter); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertEquals(1, engine.getEnabledCipherSuites().length); assertEquals(controlEngine.getEnabledCipherSuites()[0], engine.getEnabledCipherSuites()[0]); assertEquals(1, socket.getEnabledCipherSuites().length); assertEquals(controlEngine.getEnabledCipherSuites()[0], socket.getEnabledCipherSuites()[0]); assertEquals(1, socket.getEnabledCipherSuites().length); assertEquals( controlEngine.getEnabledCipherSuites()[0], serverSocket.getEnabledCipherSuites()[0]); }
public void testClientParameters() throws Exception { SSLContext controlContext = SSLContext.getInstance("TLS"); controlContext.init(null, null, null); SSLEngine controlEngine = controlContext.createSSLEngine(); SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket(); SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); SSLContextParameters scp = new SSLContextParameters(); SSLContextClientParameters sccp = new SSLContextClientParameters(); scp.setClientParameters(sccp); SSLContext context = scp.createSSLContext(); SSLEngine engine = context.createSSLEngine(); SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket(); SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertTrue( Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertTrue( Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites())); assertTrue( Arrays.equals( this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites())); // No csp or filter on client params passes through shared config scp.setCipherSuites(new CipherSuitesParameters()); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertEquals(0, socket.getEnabledCipherSuites().length); // Csp on client params scp.setCipherSuites(null); CipherSuitesParameters csp = new CipherSuitesParameters(); sccp.setCipherSuites(csp); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertTrue( Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertEquals(0, socket.getEnabledCipherSuites().length); assertTrue( Arrays.equals( this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites())); // Cipher suites filter on client params FilterParameters filter = new FilterParameters(); filter.getExclude().add(".*"); sccp.setCipherSuites(null); sccp.setCipherSuitesFilter(filter); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertTrue( Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertEquals(0, socket.getEnabledCipherSuites().length); assertTrue( Arrays.equals( this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites())); // Csp on client overrides cipher suites filter on client filter.getInclude().add(".*"); filter.getExclude().clear(); sccp.setCipherSuites(csp); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertTrue( Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertEquals(0, socket.getEnabledCipherSuites().length); assertTrue( Arrays.equals( this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites())); // Sspp on client params SecureSocketProtocolsParameters sspp = new SecureSocketProtocolsParameters(); sccp.setSecureSocketProtocols(sspp); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertTrue(Arrays.equals(controlEngine.getEnabledProtocols(), engine.getEnabledProtocols())); assertEquals(0, socket.getEnabledProtocols().length); checkProtocols(controlServerSocket.getEnabledProtocols(), serverSocket.getEnabledProtocols()); // Secure socket protocols filter on client params filter = new FilterParameters(); filter.getExclude().add(".*"); sccp.setSecureSocketProtocols(null); sccp.setSecureSocketProtocolsFilter(filter); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertTrue(Arrays.equals(controlEngine.getEnabledProtocols(), engine.getEnabledProtocols())); assertEquals(0, socket.getEnabledProtocols().length); checkProtocols(controlServerSocket.getEnabledProtocols(), serverSocket.getEnabledProtocols()); // Sspp on client params overrides secure socket protocols filter on client filter.getInclude().add(".*"); filter.getExclude().clear(); sccp.setSecureSocketProtocols(sspp); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertTrue(Arrays.equals(controlEngine.getEnabledProtocols(), engine.getEnabledProtocols())); assertEquals(0, socket.getEnabledProtocols().length); checkProtocols(controlServerSocket.getEnabledProtocols(), serverSocket.getEnabledProtocols()); // Client session timeout only affects client session configuration sccp.setSessionTimeout("12345"); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertEquals( controlContext.getServerSessionContext().getSessionTimeout(), context.getServerSessionContext().getSessionTimeout()); assertEquals(12345, context.getClientSessionContext().getSessionTimeout()); }