Example usage for javax.net.ssl SSLParameters getCipherSuites

List of usage examples for javax.net.ssl SSLParameters getCipherSuites

Introduction

In this page you can find the example usage for javax.net.ssl SSLParameters getCipherSuites.

Prototype

public String[] getCipherSuites() 

Source Link

Document

Returns a copy of the array of ciphersuites or null if none have been set.

Usage

From source file:org.elasticsearch.xpack.core.ssl.SSLServiceTests.java

public void testSSLStrategy() {
    // this just exhaustively verifies that the right things are called and that it uses the right parameters
    VerificationMode mode = randomFrom(VerificationMode.values());
    Settings settings = Settings.builder().put("supported_protocols", "protocols").put("cipher_suites", "")
            .put("verification_mode", mode.name()).build();
    SSLService sslService = mock(SSLService.class);
    SSLConfiguration sslConfig = new SSLConfiguration(settings);
    SSLParameters sslParameters = mock(SSLParameters.class);
    SSLContext sslContext = mock(SSLContext.class);
    String[] protocols = new String[] { "protocols" };
    String[] ciphers = new String[] { "ciphers!!!" };
    String[] supportedCiphers = new String[] { "supported ciphers" };
    List<String> requestedCiphers = new ArrayList<>(0);
    ArgumentCaptor<HostnameVerifier> verifier = ArgumentCaptor.forClass(HostnameVerifier.class);
    SSLIOSessionStrategy sslStrategy = mock(SSLIOSessionStrategy.class);

    when(sslService.sslConfiguration(settings)).thenReturn(sslConfig);
    when(sslService.sslContext(sslConfig)).thenReturn(sslContext);
    when(sslService.supportedCiphers(supportedCiphers, requestedCiphers, false)).thenReturn(ciphers);
    when(sslService.sslParameters(sslContext)).thenReturn(sslParameters);
    when(sslParameters.getCipherSuites()).thenReturn(supportedCiphers);
    when(sslService.sslIOSessionStrategy(eq(sslContext), eq(protocols), eq(ciphers), verifier.capture()))
            .thenReturn(sslStrategy);// www  . ja  v  a2  s .  co  m

    // ensure it actually goes through and calls the real method
    when(sslService.sslIOSessionStrategy(settings)).thenCallRealMethod();

    assertThat(sslService.sslIOSessionStrategy(settings), sameInstance(sslStrategy));

    if (mode.isHostnameVerificationEnabled()) {
        assertThat(verifier.getValue(), instanceOf(DefaultHostnameVerifier.class));
    } else {
        assertThat(verifier.getValue(), sameInstance(NoopHostnameVerifier.INSTANCE));
    }
}

From source file:org.wso2.carbon.security.tls.CarbonTLSDump.java

/**
 * //  w  w w  . j a v a 2 s. com
 * @param ctxt
 */
protected void activate(ComponentContext context) {

    try {

        // returns an array containing all the installed providers. the order of the providers in the array is their
        // preference order.
        Provider providers[] = Security.getProviders();

        StringBuilder buffer = new StringBuilder();

        buffer.append(System.lineSeparator());
        buffer.append(System.lineSeparator());
        buffer.append("[The list of crypto providers available in the system]" + System.lineSeparator());
        buffer.append(System.lineSeparator());

        for (int i = 0; i < providers.length; i++) {
            buffer.append((providers[i].getName() + ":" + providers[i].getClass().getName()
                    + System.lineSeparator()));
        }

        // returns the default SSL server socket factory.
        // the first time this method is called, the security property "ssl.ServerSocketFactory.provider" is
        // examined. if it is non-null, a class by that name is loaded and instantiated. if that is successful and
        // the object is an instance of SSLServerSocketFactory, it is made the default SSL server socket factory.
        // otherwise, this method returns SSLContext.getDefault().getServerSocketFactory(). if that call fails, an
        // inoperative factory is returned.
        SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();

        buffer.append(System.lineSeparator());

        buffer.append("[Java Secure Socket Extension (JSSE)]" + System.lineSeparator());
        buffer.append(System.lineSeparator());

        buffer.append("JSSE provider name: " + SSLContext.getDefault().getProvider().getName()
                + System.lineSeparator());
        buffer.append("JSSE provider info: " + SSLContext.getDefault().getProvider().getInfo()
                + System.lineSeparator());
        buffer.append("JSSE implementation class name: "
                + SSLContext.getDefault().getProvider().getClass().getName() + System.lineSeparator());
        buffer.append(System.lineSeparator());

        // returns a copy of the SSLParameters indicating the default settings for this SSL context.
        // the parameters will always have the cipher suites and protocols arrays set to non-null values.
        SSLParameters sslParams = SSLContext.getDefault().getDefaultSSLParameters();

        buffer.append("[Configuration data from catalina-server.xml]" + System.lineSeparator());
        buffer.append(System.lineSeparator());

        buffer.append("Cipher suites configured in the system: " + System.lineSeparator());
        loadFromArray(sslParams.getCipherSuites(), buffer);
        buffer.append(System.lineSeparator());

        buffer.append("TLS/SSL protocols configured in the system: " + System.lineSeparator());
        loadFromArray(sslParams.getProtocols(), buffer);
        buffer.append(System.lineSeparator());

        buffer.append("Client authentication is required ? " + sslParams.getNeedClientAuth()
                + System.lineSeparator());
        buffer.append(
                "Client authentication is optional? " + sslParams.getWantClientAuth() + System.lineSeparator());
        buffer.append(System.lineSeparator());

        buffer.append("[Runtime SSL/TLS details]" + System.lineSeparator());
        buffer.append(System.lineSeparator());

        // returns the names of the cipher suites which could be enabled for use on an SSL connection created by
        // this factory. normally, only a subset of these will actually be enabled by default, since this list may
        // include cipher suites which do not meet quality of service requirements for those defaults. such cipher
        // suites are useful in specialized applications.
        String[] availableCiphers = ssf.getSupportedCipherSuites();

        buffer.append(
                "All available cipher suites from the JSSE provider in the system:" + System.lineSeparator());

        boolean isJdkPatched = false;

        for (int i = 0; i < availableCiphers.length; ++i) {

            if (JAVA_VERSION.equals("1.8")
                    && Java8CipherUtil.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384.equals(availableCiphers[i])) {
                isJdkPatched = true;
            } else if (JAVA_VERSION.equals("1.7")
                    && Java7CipherUtil.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384.equals(availableCiphers[i])) {
                isJdkPatched = true;
            }

            buffer.append("\t" + "\t" + availableCiphers[i] + System.lineSeparator());
        }

        buffer.append(System.lineSeparator());

        // returns the list of cipher suites which are enabled by default. unless a different list is enabled,
        // handshaking on an SSL connection will use one of these cipher suites. The minimum quality of service for
        // these defaults requires confidentiality protection and server authentication (that is, no anonymous
        // cipher suites).
        String[] defaultCiphers = ssf.getDefaultCipherSuites();

        buffer.append("The list of cipher suites functional in the system with the JSSE provider:"
                + System.lineSeparator());

        for (int i = 0; i < defaultCiphers.length; ++i) {
            buffer.append("\t" + "\t" + defaultCiphers[i] + System.lineSeparator());
        }

        buffer.append(System.lineSeparator());

        buffer.append("Is the JDK patched with JCE unlimited strength jurisdiction policy files ? "
                + isJdkPatched + System.lineSeparator());

        log.info(buffer.toString());

    } catch (Throwable e) {
        log.error(e);
    }

}