List of usage examples for javax.net.ssl SSLServerSocket setNeedClientAuth
public abstract void setNeedClientAuth(boolean need);
accepted server-mode SSLSockets will be initially configured to require client authentication. From source file:org.apache.ftpserver.ssl.Ssl.java
/** * Create secure server socket./* w ww.j a va2 s. c om*/ */ public ServerSocket createServerSocket(String protocol, InetAddress addr, int port) throws Exception { // get server socket factory SSLContext ctx = getSSLContext(protocol); SSLServerSocketFactory ssocketFactory = ctx.getServerSocketFactory(); // create server socket SSLServerSocket serverSocket = null; if (addr == null) { serverSocket = (SSLServerSocket) ssocketFactory.createServerSocket(port, 100); } else { serverSocket = (SSLServerSocket) ssocketFactory.createServerSocket(port, 100, addr); } // initialize server socket String cipherSuites[] = serverSocket.getSupportedCipherSuites(); serverSocket.setEnabledCipherSuites(cipherSuites); serverSocket.setNeedClientAuth(m_clientAuthReqd); return serverSocket; }
From source file:org.apache.geode.internal.net.SocketCreator.java
/** * Configure the SSLServerSocket based on this SocketCreator's settings. *//*from w ww. j ava2s .c o m*/ private void finishServerSocket(SSLServerSocket serverSocket) throws IOException { serverSocket.setUseClientMode(false); if (this.sslConfig.isRequireAuth()) { // serverSocket.setWantClientAuth( true ); serverSocket.setNeedClientAuth(true); } serverSocket.setEnableSessionCreation(true); // restrict protocols String[] protocols = this.sslConfig.getProtocolsAsStringArray(); if (!"any".equalsIgnoreCase(protocols[0])) { serverSocket.setEnabledProtocols(protocols); } // restrict ciphers String[] ciphers = this.sslConfig.getCiphersAsStringArray(); if (!"any".equalsIgnoreCase(ciphers[0])) { serverSocket.setEnabledCipherSuites(ciphers); } }
From source file:org.apache.hadoop.security.Krb5AndCertsSslSocketConnector.java
@Override protected ServerSocket newServerSocket(String host, int port, int backlog) throws IOException { logIfDebug("Creating new KrbServerSocket for: " + host); SSLServerSocket ss = null; if (useCerts) // Get the server socket from the SSL super impl ss = (SSLServerSocket) super.newServerSocket(host, port, backlog); else { // Create a default server socket try {/*from w w w.j a va 2 s . c om*/ ss = (SSLServerSocket) (host == null ? createFactory().createServerSocket(port, backlog) : createFactory().createServerSocket(port, backlog, InetAddress.getByName(host))); } catch (Exception e) { LOG.warn("Could not create KRB5 Listener", e); throw new IOException("Could not create KRB5 Listener: " + e.toString()); } } // Add Kerberos ciphers to this socket server if needed. if (useKrb) { ss.setNeedClientAuth(true); String[] combined; if (useCerts) { // combine the cipher suites String[] certs = ss.getEnabledCipherSuites(); combined = new String[certs.length + KRB5_CIPHER_SUITES.size()]; System.arraycopy(certs, 0, combined, 0, certs.length); System.arraycopy(KRB5_CIPHER_SUITES.toArray(new String[0]), 0, combined, certs.length, KRB5_CIPHER_SUITES.size()); } else { // Just enable Kerberos auth combined = KRB5_CIPHER_SUITES.toArray(new String[0]); } ss.setEnabledCipherSuites(combined); } return ss; }
From source file:org.apache.tomcat.util.net.jsse.JSSESocketFactory.java
/** * Configures the given SSL server socket with the requested cipher suites, * protocol versions, and need for client authentication *//*from w w w .ja v a2s .c om*/ private void initServerSocket(ServerSocket ssocket) { SSLServerSocket socket = (SSLServerSocket) ssocket; if (attributes.get("ciphers") != null) { socket.setEnabledCipherSuites(enabledCiphers); } String requestedProtocols = (String) attributes.get("protocols"); setEnabledProtocols(socket, getEnabledProtocols(socket, requestedProtocols)); // we don't know if client auth is needed - // after parsing the request we may re-handshake socket.setNeedClientAuth(clientAuth); }
From source file:org.glite.security.trustmanager.tomcat.TMSSLServerSocketFactory.java
/** * DOCUMENT ME!// w w w . j a v a 2 s . c o m * * @param socket DOCUMENT ME! */ protected void configureClientAuth(SSLServerSocket socket) { LOGGER.debug("TMSSLServerSocketFactory.configureClientAuth:"); if (wantClientAuth) { socket.setWantClientAuth(wantClientAuth); } else { socket.setNeedClientAuth(requireClientAuth); } }
From source file:org.jgentleframework.integration.remoting.rmi.customsocket.SSLSocket_RMIServerSocketFactory.java
public ServerSocket createServerSocket(int port) { try {// w ww.j av a2 s . co m java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); SSLServerSocketFactory socketFactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); SSLServerSocket returnValue = (SSLServerSocket) socketFactory.createServerSocket(port); returnValue.setEnabledCipherSuites(Ciphers); returnValue.setNeedClientAuth(false); return returnValue; } catch (Exception ignored) { if (log.isFatalEnabled()) { log.fatal("Could not create SSL Socket !! ", ignored); } } return null; }
From source file:org.jsslutils.extra.apachetomcat5.JSSLutilsJSSESocketFactory.java
/** * Configure Client authentication for this version of JSSE. The JSSE * included in Java 1.4 supports the 'want' value. Prior versions of JSSE * will treat 'want' as 'false'.//from w w w. j a v a2 s . c om * * @param socket * the SSLServerSocket */ protected void configureClientAuth(SSLServerSocket socket) { if (wantClientAuth) { socket.setWantClientAuth(wantClientAuth); } else { socket.setNeedClientAuth(requireClientAuth); } }
From source file:org.openhealthtools.openatna.net.SecureSocketFactory.java
/** * Extra socket creation for servers only. *///from w ww. ja va 2 s . c o m public ServerSocket createServerSocket(int port) { javax.net.ssl.SSLServerSocket ss = null; try { ss = (javax.net.ssl.SSLServerSocket) getSSLContext().getServerSocketFactory().createServerSocket(port); ss.setNeedClientAuth(true); String[] strings = { "SSL_RSA_WITH_NULL_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA" }; ss.setEnabledCipherSuites(strings); } catch (IOException e) { log.error("I/O problem creating server socket.", e); } return ss; }
From source file:org.openhealthtools.openexchange.actorconfig.net.SecureSocketFactory.java
/** * Extra socket creation for servers only. *//* w ww . j a va 2s .c om*/ public ServerSocket createServerSocket(int port) { javax.net.ssl.SSLServerSocket ss = null; try { ss = (javax.net.ssl.SSLServerSocket) getSSLContext().getServerSocketFactory().createServerSocket(port); ss.setNeedClientAuth(true); String[] strings = { //retired per CP 478 "SSL_RSA_WITH_NULL_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA" }; ss.setEnabledCipherSuites(strings); } catch (IOException e) { LOG.error("I/O problem creating server socket.", e); } return ss; }
From source file:org.openqa.jetty.http.JsseListener.java
/** * @param p_address/*w ww .j a v a2 s.c o m*/ * @param p_acceptQueueSize * @return A ServerSocket object using the passed parameters to set it up * from an SSLServerSocketFactory. * @exception IOException */ @Override protected ServerSocket newServerSocket(InetAddrPort p_address, int p_acceptQueueSize) throws IOException { SSLServerSocketFactory factory = null; SSLServerSocket socket = null; try { factory = createFactory(); if (p_address == null) { socket = (SSLServerSocket) factory.createServerSocket(0, p_acceptQueueSize); } else { socket = (SSLServerSocket) factory.createServerSocket(p_address.getPort(), p_acceptQueueSize, p_address.getInetAddress()); } socket.setNeedClientAuth(_needClientAuth); log.info("JsseListener.needClientAuth=" + _needClientAuth); } catch (IOException e) { throw e; } catch (Exception e) { log.warn(LogSupport.EXCEPTION, e); throw new IOException("Could not create JsseListener: " + e.toString()); } return socket; }