Java Code Examples for io.netty.handler.ssl.SslContextBuilder#sslProvider()
The following examples show how to use
io.netty.handler.ssl.SslContextBuilder#sslProvider() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: LoadBalancedClusterMessageSender.java From txle with Apache License 2.0 | 6 votes |
|
private static SslContext buildSslContext(AlphaClusterConfig clusterConfig) throws SSLException {
SslContextBuilder builder = GrpcSslContexts.forClient();
// openssl must be used because some older JDk does not support cipher suites required by http2,
// and the performance of JDK ssl is pretty low compared to openssl.
builder.sslProvider(SslProvider.OPENSSL);
Properties prop = new Properties();
try {
prop.load(LoadBalancedClusterMessageSender.class.getClassLoader().getResourceAsStream("ssl.properties"));
} catch (IOException e) {
throw new IllegalArgumentException("Unable to read ssl.properties.", e);
}
builder.protocols(prop.getProperty("protocols").split(","));
builder.ciphers(Arrays.asList(prop.getProperty("ciphers").split(",")));
builder.trustManager(new File(clusterConfig.getCertChain()));
if (clusterConfig.isEnableMutualAuth()) {
builder.keyManager(new File(clusterConfig.getCert()), new File(clusterConfig.getKey()));
}
return builder.build();
}
Example 2
| Source File: TwoWaySSLOpenSSLIT.java From timely with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side.
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
Assert.assertTrue(ctx instanceof JdkSslContext);
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example 3
| Source File: WebSocketClientIT.java From timely with Apache License 2.0 | 5 votes |
|
private void setupSslCtx() throws Exception {
Assert.assertNotNull(clientTrustStoreFile);
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
Assert.assertTrue(ctx instanceof JdkSslContext);
JdkSslContext jdk = (JdkSslContext) ctx;
sslCtx = jdk.context();
}
Example 4
| Source File: TwoWaySSLIT.java From timely with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side.
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
Assert.assertTrue(ctx instanceof JdkSslContext);
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example 5
| Source File: TwoWaySSLFailureIT.java From timely with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
Assert.assertTrue(ctx instanceof JdkSslContext);
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example 6
| Source File: Server.java From timely with Apache License 2.0 | 5 votes |
|
protected SslContext createSSLContext(Configuration config) throws Exception {
ServerSsl sslCfg = config.getSecurity().getServerSsl();
Boolean generate = sslCfg.isUseGeneratedKeypair();
SslContextBuilder ssl;
if (generate) {
LOG.warn("Using generated self signed server certificate");
Date begin = new Date();
Date end = new Date(begin.getTime() + TimeUnit.DAYS.toMillis(7));
SelfSignedCertificate ssc = new SelfSignedCertificate("localhost", begin, end);
ssl = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
} else {
String cert = sslCfg.getCertificateFile();
String key = sslCfg.getKeyFile();
String keyPass = sslCfg.getKeyPassword();
if (null == cert || null == key) {
throw new IllegalArgumentException("Check your SSL properties, something is wrong.");
}
ssl = SslContextBuilder.forServer(new File(cert), new File(key), keyPass);
}
ssl.ciphers(sslCfg.getUseCiphers());
// Can't set to REQUIRE because the CORS pre-flight requests will fail.
ssl.clientAuth(ClientAuth.OPTIONAL);
Boolean useOpenSSL = sslCfg.isUseOpenssl();
if (useOpenSSL) {
ssl.sslProvider(SslProvider.OPENSSL);
} else {
ssl.sslProvider(SslProvider.JDK);
}
String trustStore = sslCfg.getTrustStoreFile();
if (null != trustStore) {
if (!trustStore.isEmpty()) {
ssl.trustManager(new File(trustStore));
}
}
return ssl.build();
}
Example 7
| Source File: GrafanaAuth.java From timely with Apache License 2.0 | 5 votes |
|
protected SslContext createSSLContext(GrafanaAuthConfiguration config) throws Exception {
ServerSsl sslCfg = config.getSecurity().getServerSsl();
Boolean generate = sslCfg.isUseGeneratedKeypair();
SslContextBuilder ssl;
if (generate) {
LOG.warn("Using generated self signed server certificate");
Date begin = new Date();
Date end = new Date(begin.getTime() + 86400000);
SelfSignedCertificate ssc = new SelfSignedCertificate("localhost", begin, end);
ssl = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
} else {
String cert = sslCfg.getCertificateFile();
String key = sslCfg.getKeyFile();
String keyPass = sslCfg.getKeyPassword();
if (null == cert || null == key) {
throw new IllegalArgumentException("Check your SSL properties, something is wrong.");
}
ssl = SslContextBuilder.forServer(new File(cert), new File(key), keyPass);
}
ssl.ciphers(sslCfg.getUseCiphers());
// Can't set to REQUIRE because the CORS pre-flight requests will fail.
ssl.clientAuth(ClientAuth.OPTIONAL);
Boolean useOpenSSL = sslCfg.isUseOpenssl();
if (useOpenSSL) {
ssl.sslProvider(SslProvider.OPENSSL);
} else {
ssl.sslProvider(SslProvider.JDK);
}
String trustStore = sslCfg.getTrustStoreFile();
if (null != trustStore) {
if (!trustStore.isEmpty()) {
ssl.trustManager(new File(trustStore));
}
}
return ssl.build();
}
Example 8
| Source File: Balancer.java From timely with Apache License 2.0 | 5 votes |
|
protected SslContext createSSLContext(BalancerConfiguration config) throws Exception {
ServerSsl sslCfg = config.getSecurity().getServerSsl();
Boolean generate = sslCfg.isUseGeneratedKeypair();
SslContextBuilder ssl;
if (generate) {
LOG.warn("Using generated self signed server certificate");
Date begin = new Date();
Date end = new Date(begin.getTime() + 86400000);
SelfSignedCertificate ssc = new SelfSignedCertificate("localhost", begin, end);
ssl = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
} else {
String cert = sslCfg.getCertificateFile();
String key = sslCfg.getKeyFile();
String keyPass = sslCfg.getKeyPassword();
if (null == cert || null == key) {
throw new IllegalArgumentException("Check your SSL properties, something is wrong.");
}
ssl = SslContextBuilder.forServer(new File(cert), new File(key), keyPass);
}
ssl.ciphers(sslCfg.getUseCiphers());
// Can't set to REQUIRE because the CORS pre-flight requests will fail.
ssl.clientAuth(ClientAuth.OPTIONAL);
Boolean useOpenSSL = sslCfg.isUseOpenssl();
if (useOpenSSL) {
ssl.sslProvider(SslProvider.OPENSSL);
} else {
ssl.sslProvider(SslProvider.JDK);
}
String trustStore = sslCfg.getTrustStoreFile();
if (null != trustStore) {
if (!trustStore.isEmpty()) {
ssl.trustManager(new File(trustStore));
}
}
return ssl.build();
}
Example 9
| Source File: OneWaySSLBase.java From qonduit with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example 10
| Source File: TwoWaySSLOpenSSLIT.java From qonduit with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side.
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example 11
| Source File: WebSocketClientIT.java From qonduit with Apache License 2.0 | 5 votes |
|
private void setupSslCtx() throws Exception {
Assert.assertNotNull(clientTrustStoreFile);
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
JdkSslContext jdk = (JdkSslContext) ctx;
sslCtx = jdk.context();
}
Example 12
| Source File: TwoWaySSLIT.java From qonduit with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side.
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example 13
| Source File: TwoWaySSLFailureIT.java From qonduit with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example 14
| Source File: Server.java From qonduit with Apache License 2.0 | 5 votes |
|
protected SslContext createSSLContext(Configuration config) throws Exception {
Configuration.Ssl sslCfg = config.getSecurity().getSsl();
Boolean generate = sslCfg.isUseGeneratedKeypair();
SslContextBuilder ssl;
if (generate) {
LOG.warn("Using generated self signed server certificate");
Date begin = new Date();
Date end = new Date(begin.getTime() + 86400000);
SelfSignedCertificate ssc = new SelfSignedCertificate("localhost", begin, end);
ssl = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
} else {
String cert = sslCfg.getCertificateFile();
String key = sslCfg.getKeyFile();
String keyPass = sslCfg.getKeyPassword();
if (null == cert || null == key) {
throw new IllegalArgumentException("Check your SSL properties, something is wrong.");
}
ssl = SslContextBuilder.forServer(new File(cert), new File(key), keyPass);
}
ssl.ciphers(sslCfg.getUseCiphers());
// Can't set to REQUIRE because the CORS pre-flight requests will fail.
ssl.clientAuth(ClientAuth.OPTIONAL);
Boolean useOpenSSL = sslCfg.isUseOpenssl();
if (useOpenSSL) {
ssl.sslProvider(SslProvider.OPENSSL);
} else {
ssl.sslProvider(SslProvider.JDK);
}
String trustStore = sslCfg.getTrustStoreFile();
if (null != trustStore) {
if (!trustStore.isEmpty()) {
ssl.trustManager(new File(trustStore));
}
}
return ssl.build();
}
Example 15
| Source File: MqttSslContextCreator.java From spring-boot-protocol with Apache License 2.0 | 5 votes |
|
public SslContext initSSLContext() {
logger.info("Checking SSL configuration properties...");
final String keyPassword = props.getProperty(BrokerConstants.KEY_MANAGER_PASSWORD_PROPERTY_NAME);
if (keyPassword == null || keyPassword.isEmpty()) {
logger.warn("The key manager password is null or empty. The SSL context won't be initialized.");
return null;
}
try {
SslProvider sslProvider = getSSLProvider();
KeyStore ks = loadKeyStore();
SslContextBuilder contextBuilder;
switch (sslProvider) {
case JDK:
contextBuilder = builderWithJdkProvider(ks, keyPassword);
break;
case OPENSSL:
case OPENSSL_REFCNT:
contextBuilder = builderWithOpenSSLProvider(ks, keyPassword);
break;
default:
logger.error("unsupported SSL provider "+ sslProvider);
return null;
}
// if client authentification is enabled a trustmanager needs to be added to the ServerContext
String sNeedsClientAuth = props.getProperty(BrokerConstants.NEED_CLIENT_AUTH, "false");
if (Boolean.valueOf(sNeedsClientAuth)) {
addClientAuthentication(ks, contextBuilder);
}
contextBuilder.sslProvider(sslProvider);
SslContext sslContext = contextBuilder.build();
logger.info("The SSL context has been initialized successfully.");
return sslContext;
} catch (GeneralSecurityException | IOException ex) {
logger.error("Unable to initialize SSL context.", ex);
return null;
}
}
Example 16
| Source File: OneWaySSLBase.java From timely with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
Assert.assertTrue(ctx instanceof JdkSslContext);
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example 17
| Source File: SslContextFactory.java From servicetalk with Apache License 2.0 | 5 votes |
|
/**
* A new context for a client using the passed {@code config}.
*
* @param config SSL config.
* @param supportedAlpnProtocols the list of supported ALPN protocols.
* @return A new {@link SslContext} for a client.
*/
public static SslContext forClient(ReadOnlyClientSecurityConfig config, List<String> supportedAlpnProtocols) {
requireNonNull(config);
SslContextBuilder builder = SslContextBuilder.forClient()
.sessionCacheSize(config.sessionCacheSize()).sessionTimeout(config.sessionTimeout());
configureTrustManager(config, builder);
KeyManagerFactory keyManagerFactory = config.keyManagerFactory();
if (keyManagerFactory != null) {
builder.keyManager(keyManagerFactory);
} else {
InputStream keyCertChainSupplier = null;
InputStream keySupplier = null;
try {
keyCertChainSupplier = config.keyCertChainSupplier().get();
keySupplier = config.keySupplier().get();
builder.keyManager(keyCertChainSupplier, keySupplier, config.keyPassword());
} finally {
try {
closeAndRethrowUnchecked(keyCertChainSupplier);
} finally {
closeAndRethrowUnchecked(keySupplier);
}
}
}
builder.sslProvider(toNettySslProvider(config.provider(), !supportedAlpnProtocols.isEmpty()));
builder.protocols(config.protocols());
builder.ciphers(config.ciphers());
builder.applicationProtocolConfig(nettyApplicationProtocol(supportedAlpnProtocols));
try {
return builder.build();
} catch (SSLException e) {
throw new IllegalArgumentException(e);
}
}
Example 18
| Source File: NettySSLOptionsFactory.java From dropwizard-cassandra with Apache License 2.0 | 4 votes |
|
@Override
public SSLOptions build() {
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
if (provider != null) {
sslContextBuilder.sslProvider(provider);
}
if (ciphers != null) {
sslContextBuilder.ciphers(ciphers);
}
if (clientAuth != null) {
sslContextBuilder.clientAuth(clientAuth);
}
if (sessionCacheSize != null) {
sslContextBuilder.sessionCacheSize(sessionCacheSize);
}
if (sessionTimeout != null) {
sslContextBuilder.sessionTimeout(sessionTimeout.toSeconds());
}
if (trustCertChainFile != null) {
sslContextBuilder.trustManager(trustCertChainFile);
}
if (keyManager != null) {
sslContextBuilder.keyManager(
keyManager.getKeyCertChainFile(),
keyManager.getKeyFile(),
keyManager.getKeyPassword());
}
SslContext sslContext;
try {
sslContext = sslContextBuilder.build();
} catch (SSLException e) {
throw new RuntimeException("Unable to build Netty SslContext", e);
}
return new NettySSLOptions(sslContext);
}
Example 19
| Source File: SslContextFactory.java From servicetalk with Apache License 2.0 | 4 votes |
|
/**
* A new context for a server using the passed {@code config}.
*
* @param config SSL config.
* @param supportedAlpnProtocols the list of supported ALPN protocols.
* @return A new {@link SslContext} for a server.
*/
public static SslContext forServer(ReadOnlyServerSecurityConfig config, List<String> supportedAlpnProtocols) {
requireNonNull(config);
SslContextBuilder builder;
KeyManagerFactory keyManagerFactory = config.keyManagerFactory();
if (keyManagerFactory != null) {
builder = SslContextBuilder.forServer(keyManagerFactory);
} else {
InputStream keyCertChainSupplier = null;
InputStream keySupplier = null;
try {
keyCertChainSupplier = config.keyCertChainSupplier().get();
keySupplier = config.keySupplier().get();
builder = SslContextBuilder.forServer(keyCertChainSupplier, keySupplier, config.keyPassword());
} finally {
try {
closeAndRethrowUnchecked(keyCertChainSupplier);
} finally {
closeAndRethrowUnchecked(keySupplier);
}
}
}
builder.sessionCacheSize(config.sessionCacheSize()).sessionTimeout(config.sessionTimeout())
.applicationProtocolConfig(nettyApplicationProtocol(supportedAlpnProtocols));
switch (config.clientAuth()) {
case NONE:
builder.clientAuth(ClientAuth.NONE);
break;
case OPTIONAL:
builder.clientAuth(ClientAuth.OPTIONAL);
break;
case REQUIRE:
builder.clientAuth(ClientAuth.REQUIRE);
break;
default:
throw new IllegalArgumentException("Unsupported ClientAuth value: " + config.clientAuth());
}
configureTrustManager(config, builder);
builder.protocols(config.protocols());
builder.ciphers(config.ciphers());
builder.sslProvider(toNettySslProvider(config.provider(), !supportedAlpnProtocols.isEmpty()));
try {
return builder.build();
} catch (SSLException e) {
throw new IllegalArgumentException(e);
}
}
Example 20
| Source File: DefaultCassandanaSslContextCreator.java From cassandana with Apache License 2.0 | 4 votes |
|
@Override
public SslContext initSSLContext() {
LOG.info("Checking SSL configuration properties...");
final String keyPassword = conf.certKeyManagerPassword;// props.getProperty(BrokerConstants.KEY_MANAGER_PASSWORD_PROPERTY_NAME);
if (keyPassword == null || keyPassword.isEmpty()) {
LOG.warn("The key manager password is null or empty. The SSL context won't be initialized.");
return null;
}
try {
SslProvider sslProvider = getSSLProvider();
KeyStore ks = loadKeyStore();
SslContextBuilder contextBuilder;
switch (sslProvider) {
case JDK:
contextBuilder = builderWithJdkProvider(ks, keyPassword);
break;
case OPENSSL:
case OPENSSL_REFCNT:
contextBuilder = builderWithOpenSSLProvider(ks, keyPassword);
break;
default:
LOG.error("unsupported SSL provider {}", sslProvider);
return null;
}
// if client authentification is enabled a trustmanager needs to be added to the ServerContext
/*String sNeedsClientAuth = props.getProperty(BrokerConstants.NEED_CLIENT_AUTH, "false");
if (Boolean.valueOf(sNeedsClientAuth)) {
addClientAuthentication(ks, contextBuilder);
}*/
if(conf.certClientAuth) {
addClientAuthentication(ks, contextBuilder);
}
contextBuilder.sslProvider(sslProvider);
SslContext sslContext = contextBuilder.build();
LOG.info("The SSL context has been initialized successfully.");
return sslContext;
} catch (GeneralSecurityException | IOException ex) {
LOG.error("Unable to initialize SSL context.", ex);
return null;
}
}
