Java Code Examples for io.netty.handler.ssl.ClientAuth#REQUIRE
The following examples show how to use
io.netty.handler.ssl.ClientAuth#REQUIRE .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ArmeriaReactiveWebServerFactory.java From armeria with Apache License 2.0 | 5 votes |
|
private static com.linecorp.armeria.spring.Ssl toArmeriaSslConfiguration(Ssl ssl) {
if (!ssl.isEnabled()) {
return new com.linecorp.armeria.spring.Ssl();
}
ClientAuth clientAuth = null;
if (ssl.getClientAuth() != null) {
switch (ssl.getClientAuth()) {
case NEED:
clientAuth = ClientAuth.REQUIRE;
break;
case WANT:
clientAuth = ClientAuth.OPTIONAL;
break;
}
}
return new com.linecorp.armeria.spring.Ssl()
.setEnabled(ssl.isEnabled())
.setClientAuth(clientAuth)
.setCiphers(ssl.getCiphers() != null ? ImmutableList.copyOf(ssl.getCiphers()) : null)
.setEnabledProtocols(ssl.getEnabledProtocols() != null ? ImmutableList.copyOf(
ssl.getEnabledProtocols()) : null)
.setKeyAlias(ssl.getKeyAlias())
.setKeyPassword(ssl.getKeyPassword())
.setKeyStore(ssl.getKeyStore())
.setKeyStorePassword(ssl.getKeyStorePassword())
.setKeyStoreType(ssl.getKeyStoreType())
.setKeyStoreProvider(ssl.getKeyStoreProvider())
.setTrustStore(ssl.getTrustStore())
.setTrustStorePassword(ssl.getTrustStorePassword())
.setTrustStoreType(ssl.getTrustStoreType())
.setTrustStoreProvider(ssl.getTrustStoreProvider());
}
Example 2
| Source File: NettySslFactory.java From ambry with Apache License 2.0 | 5 votes |
|
/**
* @param config the {@link SSLConfig}.
* @return the {@link ClientAuth} setting.
*/
static ClientAuth getClientAuth(SSLConfig config) {
switch (config.sslClientAuthentication) {
case "required":
return ClientAuth.REQUIRE;
case "requested":
return ClientAuth.OPTIONAL;
default:
return ClientAuth.NONE;
}
}
Example 3
| Source File: BaseSslContextFactory.java From zuul with Apache License 2.0 | 5 votes |
|
protected ArrayList<X509Certificate> getTrustedX509Certificates() throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {
ArrayList<X509Certificate> trustedCerts = new ArrayList<>();
// Add the certificates from the JKS truststore - ie. the CA's of the client cert that peer Zuul's will use.
if (serverSslConfig.getClientAuth() == ClientAuth.REQUIRE || serverSslConfig.getClientAuth() == ClientAuth.OPTIONAL) {
// Get the encrypted bytes of the truststore password.
byte[] trustStorePwdBytes;
if (serverSslConfig.getClientAuthTrustStorePassword() != null) {
trustStorePwdBytes = Base64.getDecoder().decode(serverSslConfig.getClientAuthTrustStorePassword());
}
else if (serverSslConfig.getClientAuthTrustStorePasswordFile() != null) {
trustStorePwdBytes = Files.readAllBytes(serverSslConfig.getClientAuthTrustStorePasswordFile().toPath());
}
else {
throw new IllegalArgumentException("Must specify either ClientAuthTrustStorePassword or ClientAuthTrustStorePasswordFile!");
}
// Decrypt the truststore password.
String trustStorePassword = getTruststorePassword(trustStorePwdBytes);
boolean dumpDecryptedTrustStorePassword = false;
if (dumpDecryptedTrustStorePassword) {
LOG.debug("X509Cert Trust Store Password " + trustStorePassword);
}
final KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream(serverSslConfig.getClientAuthTrustStoreFile()),
trustStorePassword.toCharArray());
Enumeration<String> aliases = trustStore.aliases();
while (aliases.hasMoreElements()) {
X509Certificate cert = (X509Certificate) trustStore.getCertificate(aliases.nextElement());
trustedCerts.add(cert);
}
}
return trustedCerts;
}
Example 4
| Source File: SslHandshakeInfoHandler.java From zuul with Apache License 2.0 | 5 votes |
|
private ClientAuth whichClientAuthEnum(SslHandler sslhandler)
{
ClientAuth clientAuth;
if (sslhandler.engine().getNeedClientAuth()) {
clientAuth = ClientAuth.REQUIRE;
}
else if (sslhandler.engine().getWantClientAuth()) {
clientAuth = ClientAuth.OPTIONAL;
}
else {
clientAuth = ClientAuth.NONE;
}
return clientAuth;
}
Example 5
| Source File: StripUntrustedProxyHeadersHandler.java From zuul with Apache License 2.0 | 5 votes |
|
@VisibleForTesting
boolean connectionIsUsingMutualSSLWithAuthEnforced(Channel ch)
{
boolean is = false;
SslHandshakeInfo sslHandshakeInfo = ch.attr(SslHandshakeInfoHandler.ATTR_SSL_INFO).get();
if (sslHandshakeInfo != null) {
if (sslHandshakeInfo.getClientAuthRequirement() == ClientAuth.REQUIRE) {
is = true;
}
}
return is;
}
Example 6
| Source File: GremlinServerSslIntegrateTest.java From tinkerpop with Apache License 2.0 | 4 votes |
|
/**
* Configure specific Gremlin Server settings for specific tests.
*/
@Override
public Settings overrideSettings(final Settings settings) {
final String nameOfTest = name.getMethodName();
switch (nameOfTest) {
case "shouldEnableSsl":
case "shouldEnableSslButFailIfClientConnectsWithoutIt":
settings.ssl = new Settings.SslSettings();
settings.ssl.enabled = true;
settings.ssl.keyStore = JKS_SERVER_KEY;
settings.ssl.keyStorePassword = KEY_PASS;
settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
break;
case "shouldEnableSslWithSslContextProgrammaticallySpecified":
settings.ssl = new Settings.SslSettings();
settings.ssl.enabled = true;
settings.ssl.overrideSslContext(createServerSslContext());
break;
case "shouldEnableSslAndClientCertificateAuthWithPkcs12":
settings.ssl = new Settings.SslSettings();
settings.ssl.enabled = true;
settings.ssl.needClientAuth = ClientAuth.REQUIRE;
settings.ssl.keyStore = P12_SERVER_KEY;
settings.ssl.keyStorePassword = KEY_PASS;
settings.ssl.keyStoreType = KEYSTORE_TYPE_PKCS12;
settings.ssl.trustStore = P12_SERVER_TRUST;
settings.ssl.trustStorePassword = KEY_PASS;
break;
case "shouldEnableSslAndClientCertificateAuth":
case "shouldEnableSslAndClientCertificateAuthAndFailWithoutCert":
settings.ssl = new Settings.SslSettings();
settings.ssl.enabled = true;
settings.ssl.needClientAuth = ClientAuth.REQUIRE;
settings.ssl.keyStore = JKS_SERVER_KEY;
settings.ssl.keyStorePassword = KEY_PASS;
settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
settings.ssl.trustStore = JKS_SERVER_TRUST;
settings.ssl.trustStorePassword = KEY_PASS;
break;
case "shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCert":
settings.ssl = new Settings.SslSettings();
settings.ssl.enabled = true;
settings.ssl.needClientAuth = ClientAuth.REQUIRE;
settings.ssl.keyStore = JKS_SERVER_KEY;
settings.ssl.keyStorePassword = KEY_PASS;
settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
break;
case "shouldEnableSslAndFailIfProtocolsDontMatch":
settings.ssl = new Settings.SslSettings();
settings.ssl.enabled = true;
settings.ssl.keyStore = JKS_SERVER_KEY;
settings.ssl.keyStorePassword = KEY_PASS;
settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
settings.ssl.sslEnabledProtocols = Collections.singletonList("TLSv1.1");
break;
case "shouldEnableSslAndFailIfCiphersDontMatch":
settings.ssl = new Settings.SslSettings();
settings.ssl.enabled = true;
settings.ssl.keyStore = JKS_SERVER_KEY;
settings.ssl.keyStorePassword = KEY_PASS;
settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
settings.ssl.sslCipherSuites = Collections.singletonList("TLS_DHE_RSA_WITH_AES_128_CBC_SHA");
break;
case "shouldEnableSslAndClientCertificateAuthWithDifferentStoreType":
case "shouldEnableSslAndClientCertificateAuthAndFailWithIncorrectKeyStoreType":
case "shouldEnableSslAndClientCertificateAuthAndFailWithIncorrectTrustStoreType":
settings.ssl = new Settings.SslSettings();
settings.ssl.enabled = true;
settings.ssl.needClientAuth = ClientAuth.REQUIRE;
settings.ssl.keyStore = JKS_SERVER_KEY;
settings.ssl.keyStorePassword = KEY_PASS;
settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
settings.ssl.trustStore = P12_SERVER_TRUST;
settings.ssl.trustStorePassword = KEY_PASS;
settings.ssl.trustStoreType = TRUSTSTORE_TYPE_PKCS12;
break;
}
return settings;
}
Example 7
| Source File: NettySSLOptionsFactory.java From dropwizard-cassandra with Apache License 2.0 | 4 votes |
|
@ValidationMethod(message = "must define keyManager when clientAuth is REQUIRE")
public boolean isClientAuthConfigValid() {
return clientAuth != ClientAuth.REQUIRE || keyManager != null;
}
