List of usage examples for org.apache.http.nio.reactor.ssl SSLSetupHandler SSLSetupHandler
SSLSetupHandler
From source file:org.aevans.goat.net.SSLStrategyGetter.java
public static SchemeIOSessionStrategy getSchemeIOSessionStrategy() { DefaultHostnameVerifier hostnameVerifier = new DefaultHostnameVerifier( PublicSuffixMatcherLoader.getDefault()); SchemeIOSessionStrategy sioss = new SchemeIOSessionStrategy() { @Override/* ww w . ja va 2s . c o m*/ public boolean isLayeringRequired() { return true; } @Override public IOSession upgrade(final HttpHost host, final IOSession iosession) throws IOException { SSLSetupHandler handler = new SSLSetupHandler() { @Override public void initalize(SSLEngine sslengine) throws SSLException { } @Override public void verify(IOSession iosession, SSLSession sslsession) throws SSLException { if (!hostnameVerifier.verify(host.getHostName(), sslsession)) { final java.security.cert.Certificate[] certs = sslsession.getPeerCertificates(); final X509Certificate x509 = (X509Certificate) certs[0]; final X500Principal x500Principal = x509.getSubjectX500Principal(); throw new SSLPeerUnverifiedException("Host name '" + host.getHostName() + "' does not match " + "the certificate subject provided by the peer (" + x500Principal.toString() + ")"); } } }; SSLBufferManagementStrategy sslbm = new ReleasableSSLBufferManagementStrategy(); SSLIOSession ssio = new SSLIOSession(iosession, SSLMode.CLIENT, host, SSLContexts.createDefault(), handler, sslbm); iosession.setAttribute(SSLIOSession.SESSION_KEY, ssio); ssio.initialize(); return ssio; } }; return sioss; }
From source file:org.opcfoundation.ua.transport.https.HttpsServer.java
protected void initReactor() throws ServiceResultException { boolean https = false, http = false; for (SocketHandle sh : socketHandles.values()) { https |= sh.scheme.equals(UriUtil.SCHEME_HTTPS); http |= sh.scheme.equals(UriUtil.SCHEME_HTTP); }// w ww .ja va2 s .c o m try { if (https && sslSetupHandler == null) { SSLContext sslcontext = SSLContext.getInstance("TLS"); sslcontext.init(application.getHttpsSettings().getKeyManagers(), application.getHttpsSettings().getTrustManagers(), null); // SSL Setup Handler sslSetupHandler = new SSLSetupHandler() { public void verify(IOSession iosession, SSLSession sslsession) throws SSLException { } public void initalize(SSLEngine sslengine) throws SSLException { //sslengine.setEnabledCipherSuites( calcCipherSuites() ); } }; // Create HTTP connection factory sslConnFactory = new SSLNHttpServerConnectionFactory(sslcontext, sslSetupHandler, getHttpParams()); // Create server-side I/O event dispatch sslIoEventDispatch = new DefaultHttpServerIODispatch(protocolHandler, sslConnFactory); // Create ssl engine sslEngine = sslcontext.createSSLEngine(); log.info("Enabled protocols in SSL Engine are {}", Arrays.toString(sslEngine.getEnabledProtocols())); enabledCipherSuites = sslEngine.getEnabledCipherSuites(); log.info("Enabled CipherSuites in SSL Engine are {}", Arrays.toString(enabledCipherSuites)); } if (https) { // Create list of cipher suites String[] oldCipherSuiteSelection = cipherSuites; cipherSuitePatterns = calcCipherSuitePatterns(); //securityPolicies = calcSecurityPolicies().toArray( new SecurityPolicy[0] ); cipherSuites = CryptoUtil.filterCipherSuiteList(enabledCipherSuites, cipherSuitePatterns); sslEngine.setEnabledCipherSuites(cipherSuites); if (oldCipherSuiteSelection == null || !Arrays.equals(oldCipherSuiteSelection, cipherSuites)) { log.info("CipherSuites for policies ({}) are {}", Arrays.toString(securityPolicies), Arrays.toString(cipherSuites)); } } if (http && plainConnFactory == null) { plainConnFactory = new DefaultNHttpServerConnectionFactory(getHttpParams()); // Create server-side I/O event dispatch plainIoEventDispatch = new DefaultHttpServerIODispatch(protocolHandler, plainConnFactory); } if (ioReactor == null) { // Create server-side I/O reactor ioReactor = new DefaultListeningIOReactor(ioConfig, null); } } catch (KeyManagementException e1) { throw new ServiceResultException(e1); } catch (NoSuchAlgorithmException e1) { throw new ServiceResultException(e1); } catch (IOReactorException e1) { throw new ServiceResultException(e1); } }
From source file:org.apache.synapse.transport.nhttp.HttpCoreNIOSSLListener.java
/** * Create the SSLIOSessionHandler to initialize the SSL session / engine, and request for * client authentication at the following levels, through an Axis2 transport configuration * parameter as follows:// w ww. j a va 2 s .c om * SSLVerifyClient - none, optional, require * * @param transportIn the Axis2 transport configuration * @return the SSLIOSessionHandler to be used * @throws AxisFault if a configuration error occurs */ protected SSLSetupHandler getSSLIOSessionHandler(TransportInDescription transportIn) throws AxisFault { final Parameter clientAuth = transportIn.getParameter("SSLVerifyClient"); return new SSLSetupHandler() { public void initalize(SSLEngine sslengine) { if (clientAuth != null) { if ("optional".equals(clientAuth.getValue())) { sslengine.setWantClientAuth(true); } else if ("require".equals(clientAuth.getValue())) { sslengine.setNeedClientAuth(true); } } } public void verify(IOSession ioSession, SSLSession sslSession) throws SSLException { } }; }
From source file:org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender.java
private SSLSetupHandler createSSLSetupHandler(final String hostnameVerifier, final CertificateVerificationConfig cvConfig) throws AxisFault { return new SSLSetupHandler() { public void initalize(SSLEngine sslengine) { }/*from w w w .j a v a 2s . com*/ public void verify(IOSession ioSession, SSLSession session) throws SSLException { SocketAddress remoteAddress = ioSession.getRemoteAddress(); String address; if (remoteAddress instanceof InetSocketAddress) { address = ((InetSocketAddress) remoteAddress).getHostName(); } else { address = remoteAddress.toString(); } boolean valid = false; //Do HostName verification. if (hostnameVerifier != null) { if ("Strict".equals(hostnameVerifier)) { valid = HostnameVerifier.STRICT.verify(address, session); } else if ("AllowAll".equals(hostnameVerifier)) { valid = HostnameVerifier.ALLOW_ALL.verify(address, session); } else if ("DefaultAndLocalhost".equals(hostnameVerifier)) { valid = HostnameVerifier.DEFAULT_AND_LOCALHOST.verify(address, session); } } else { valid = HostnameVerifier.DEFAULT.verify(address, session); } if (!valid) { throw new SSLException("Host name verification failed for host : " + address); } if (cvConfig != null) { try { ocspCrl.verifyRevocationStatus(session.getPeerCertificateChain(), cvConfig.getCacheSize(), cvConfig.getCacheDuration()); } catch (CertificateVerificationException e) { throw new SSLException("Certificate chain validation failed for host : " + address, e); } } } }; }