Example usage for javax.net.ssl SSLSocket getSupportedCipherSuites

Introduction

In this page you can find the example usage for javax.net.ssl SSLSocket getSupportedCipherSuites.

Prototype

public abstract String[] getSupportedCipherSuites();

Source Link

Document

Returns the names of the cipher suites which could be enabled for use on this connection.

Usage

From source file:org.beepcore.beep.profile.tls.jsse.TLSProfileJSSE.java

/**
 * start a channel for the TLS profile.  Besides issuing the
 * channel start request, it also performs the initiator side
 * chores necessary to begin encrypted communication using TLS
 * over a session.  Parameters regarding the type of encryption
 * and whether or not authentication is required are specified
 * using the profile configuration passed to the <code>init</code>
 * method Upon returning, all traffic over the session will be
 * entrusted as per these parameters.<p>
 *
 * @see #init init - profile configuration
 * @param session The session to encrypt communcation for
 *
 * @return new <code>Session</code> with TLS negotiated.
 * @throws BEEPException an error occurs during the channel start
 * request or the TLS handshake (such as trying to negotiate an
 * anonymous connection with a peer that doesn't support an
 * anonymous cipher suite).//from w w w.  java 2  s.  c o m
 */
public TCPSession startTLS(TCPSession session) throws BEEPException {
    Channel ch = startChannel(session, uri, false, READY2, null);

    // See if we got start data back
    String data = ch.getStartData();

    if (log.isDebugEnabled()) {
        log.debug("Got start data of " + data);
    }

    // Consider the data (see if it's proceed)
    if ((data == null) || (!data.equals(PROCEED1) && !data.equals(PROCEED2))) {
        log.error("Invalid reply: " + data);
        throw new BEEPException(ERR_EXPECTED_PROCEED);
    }

    // Freeze IO and get the socket and reset it to TLS
    Socket oldSocket = session.getSocket();
    SSLSocket newSocket = null;
    TLSHandshake l = new TLSHandshake();

    // create the SSL Socket
    try {
        newSocket = (SSLSocket) socketFactory.createSocket(oldSocket, oldSocket.getInetAddress().getHostName(),
                oldSocket.getPort(), true);

        newSocket.addHandshakeCompletedListener(l);
        newSocket.setUseClientMode(true);
        newSocket.setNeedClientAuth(needClientAuth);
        newSocket.setEnabledCipherSuites(newSocket.getSupportedCipherSuites());
        if (this.sslProtocols != null) {
            newSocket.setEnabledProtocols(sslProtocols);
        }

        // set up so the handshake listeners will be called
        l.session = session;

        log.debug("Handshake starting");
        newSocket.startHandshake();
        log.debug("Handshake returned");

        synchronized (l) {
            if (!l.notifiedHandshake) {
                l.waitingForHandshake = true;

                l.wait();

                l.waitingForHandshake = false;
            }
        }
        log.debug("Handshake done waiting");
    } catch (javax.net.ssl.SSLException e) {
        log.error(e);
        throw new BEEPException(e);
    } catch (java.io.IOException e) {
        log.error(e);
        throw new BEEPException(ERR_TLS_SOCKET);
    } catch (InterruptedException e) {
        log.error(e);
        throw new BEEPException(ERR_TLS_HANDSHAKE_WAIT);
    }

    // swap it out for the new one with TLS enabled.
    if (abortSession) {
        session.close();

        throw new BEEPException(ERR_TLS_NO_AUTHENTICATION);
    } else {
        Hashtable hash = new Hashtable();

        hash.put(SessionTuningProperties.ENCRYPTION, "true");

        SessionTuningProperties tuning = new SessionTuningProperties(hash);

        return (TCPSession) reset(session, generateCredential(), l.cred, tuning, session.getProfileRegistry(),
                newSocket);
    }
}

From source file:org.wso2.carbon.databridge.agent.endpoint.binary.BinarySecureClientPoolFactory.java

@Override
public Object createClient(String protocol, String hostName, int port)
        throws DataEndpointException, DataEndpointSecurityException, DataEndpointAgentConfigurationException {
    if (protocol.equalsIgnoreCase(DataEndpointConfiguration.Protocol.SSL.toString())) {
        int timeout = AgentHolder.getInstance()
                .getDataEndpointAgent(DataEndpointConstants.BINARY_DATA_AGENT_TYPE).getAgentConfiguration()
                .getSocketTimeoutMS();/* ww w  .j  a  v  a  2s.c o m*/
        String sslProtocols = AgentHolder.getInstance()
                .getDataEndpointAgent(DataEndpointConstants.BINARY_DATA_AGENT_TYPE).getAgentConfiguration()
                .getSslEnabledProtocols();
        String ciphers = AgentHolder.getInstance()
                .getDataEndpointAgent(DataEndpointConstants.BINARY_DATA_AGENT_TYPE).getAgentConfiguration()
                .getCiphers();

        try {
            SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
            SSLSocket sslSocket = (SSLSocket) sslsocketfactory.createSocket(hostName, port);
            sslSocket.setSoTimeout(timeout);

            if (sslProtocols != null && sslProtocols.length() != 0) {
                String[] sslProtocolsArray = sslProtocols.split(",");
                sslSocket.setEnabledProtocols(sslProtocolsArray);
            }

            if (ciphers != null && ciphers.length() != 0) {
                String[] ciphersArray = ciphers.split(",");
                sslSocket.setEnabledCipherSuites(ciphersArray);
            } else {
                sslSocket.setEnabledCipherSuites(sslSocket.getSupportedCipherSuites());
            }
            return sslSocket;
        } catch (IOException e) {
            throw new DataEndpointException(
                    "Error while opening socket to " + hostName + ":" + port + ". " + e.getMessage(), e);
        }
    } else {
        throw new DataEndpointException("Unsupported protocol: " + protocol + ". Currently only "
                + DataEndpointConfiguration.Protocol.SSL.toString() + " supported.");
    }
}