io.netty.handler.ssl.JdkSslContext Java Examples
The following examples show how to use
io.netty.handler.ssl.JdkSslContext.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: DockerServiceFactory.java From haven-platform with Apache License 2.0 | 6 votes |
|
private void initSsl(String addr, NettyRequestFactory factory) throws Exception {
SSLContext sslc = SSLContext.getInstance("TLS");
if(!checkSsl) {
log.debug("disable any SSL check on {} address", addr);
sslc.init(null, new TrustManager[]{new SSLUtil.NullX509TrustManager()}, null);
} else if(StringUtils.hasText(keystore)) {
log.debug("use SSL trusted store {} on {} address", keystore, addr);
final String alg = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory def = TrustManagerFactory.getInstance(alg);
def.init((KeyStore)null);// initialize default list of trust managers
Resource resource = resourceLoader.getResource(keystore);
if(!resource.exists()) {
log.warn("Specified JKS {} is not exists.", keystore);
return;
}
KeyStore ks = KeyStore.getInstance("JKS");
try(InputStream is = resource.getInputStream()) {
ks.load(is, storepass == null? new char[0] : storepass.toCharArray());
}
TrustManagerFactory local = TrustManagerFactory.getInstance(alg);
local.init(ks);
TrustManager tm = SSLUtil.combineX509TrustManagers(local.getTrustManagers(), def.getTrustManagers());
sslc.init(null, new TrustManager[]{tm}, null);
}
factory.setSslContext(new JdkSslContext(sslc, true, ClientAuth.OPTIONAL));
}
Example #2
| Source File: SslUtilTest.java From hivemq-community-edition with Apache License 2.0 | 5 votes |
|
@Test
public void test_java_ssl_tls_1_1_context_created() throws Exception {
final KeyManagerFactory kmf = createKeyManagerFactory();
final SslContext sslServerContext =
sslUtil.createSslServerContext(kmf, null, null, Lists.newArrayList("TLSv1.1"));
assertTrue(sslServerContext instanceof JdkSslContext);
final List<String> protocols = getProtocolsFromContext(sslServerContext);
assertEquals(1, protocols.size());
assertEquals("TLSv1.1", protocols.get(0));
}
Example #3
| Source File: SslProviderTests.java From reactor-netty with Apache License 2.0 | 5 votes |
|
@Test
public void testSslConfigurationProtocolH2_2() {
DisposableServer disposableServer =
server.protocol(HttpProtocol.HTTP11)
.secure(spec -> spec.sslContext(builder))
.protocol(HttpProtocol.H2)
.bindNow();
assertEquals(2, protocols.size());
assertTrue(protocols.contains("h2"));
assertTrue(io.netty.handler.ssl.SslProvider.isAlpnSupported(io.netty.handler.ssl.SslProvider.OPENSSL) ?
sslContext instanceof OpenSslContext :
sslContext instanceof JdkSslContext);
disposableServer.disposeNow();
}
Example #4
| Source File: SslProviderTests.java From reactor-netty with Apache License 2.0 | 5 votes |
|
@Test
public void testSslConfigurationProtocolH2_1() {
DisposableServer disposableServer =
server.secure(spec -> spec.sslContext(builder))
.protocol(HttpProtocol.H2)
.bindNow();
assertEquals(2, protocols.size());
assertTrue(protocols.contains("h2"));
assertTrue(io.netty.handler.ssl.SslProvider.isAlpnSupported(io.netty.handler.ssl.SslProvider.OPENSSL) ?
sslContext instanceof OpenSslContext :
sslContext instanceof JdkSslContext);
disposableServer.disposeNow();
}
Example #5
| Source File: SslProviderTests.java From reactor-netty with Apache License 2.0 | 5 votes |
|
@Test
public void testProtocolH2SslConfiguration() {
DisposableServer disposableServer =
server.protocol(HttpProtocol.H2)
.secure(spec -> spec.sslContext(builder))
.bindNow();
assertEquals(2, protocols.size());
assertTrue(protocols.contains("h2"));
assertTrue(io.netty.handler.ssl.SslProvider.isAlpnSupported(io.netty.handler.ssl.SslProvider.OPENSSL) ?
sslContext instanceof OpenSslContext :
sslContext instanceof JdkSslContext);
disposableServer.disposeNow();
}
Example #6
| Source File: SslProviderTests.java From reactor-netty with Apache License 2.0 | 5 votes |
|
@Test
public void testSslConfigurationProtocolHttp11_2() {
DisposableServer disposableServer =
server.protocol(HttpProtocol.H2)
.secure(spec -> spec.sslContext(builder))
.protocol(HttpProtocol.HTTP11)
.bindNow();
assertTrue(protocols.isEmpty());
assertTrue(OpenSsl.isAvailable() ? sslContext instanceof OpenSslContext :
sslContext instanceof JdkSslContext);
disposableServer.disposeNow();
}
Example #7
| Source File: SslProviderTests.java From reactor-netty with Apache License 2.0 | 5 votes |
|
@Test
public void testSslConfigurationProtocolHttp11_1() {
DisposableServer disposableServer =
server.secure(spec -> spec.sslContext(builder))
.protocol(HttpProtocol.HTTP11)
.bindNow();
assertTrue(protocols.isEmpty());
assertTrue(OpenSsl.isAvailable() ? sslContext instanceof OpenSslContext :
sslContext instanceof JdkSslContext);
disposableServer.disposeNow();
}
Example #8
| Source File: SslProviderTests.java From reactor-netty with Apache License 2.0 | 5 votes |
|
@Test
public void testProtocolHttp11SslConfiguration() {
DisposableServer disposableServer =
server.protocol(HttpProtocol.HTTP11)
.secure(spec -> spec.sslContext(builder))
.bindNow();
assertTrue(protocols.isEmpty());
assertTrue(OpenSsl.isAvailable() ? sslContext instanceof OpenSslContext :
sslContext instanceof JdkSslContext);
disposableServer.disposeNow();
}
Example #9
| Source File: OneWaySSLBase.java From timely with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
Assert.assertTrue(ctx instanceof JdkSslContext);
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example #10
| Source File: TwoWaySSLOpenSSLIT.java From timely with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side.
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
Assert.assertTrue(ctx instanceof JdkSslContext);
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example #11
| Source File: WebSocketClientIT.java From timely with Apache License 2.0 | 5 votes |
|
private void setupSslCtx() throws Exception {
Assert.assertNotNull(clientTrustStoreFile);
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
Assert.assertTrue(ctx instanceof JdkSslContext);
JdkSslContext jdk = (JdkSslContext) ctx;
sslCtx = jdk.context();
}
Example #12
| Source File: TwoWaySSLIT.java From timely with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side.
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
Assert.assertTrue(ctx instanceof JdkSslContext);
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example #13
| Source File: TwoWaySSLFailureIT.java From timely with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
Assert.assertTrue(ctx instanceof JdkSslContext);
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example #14
| Source File: ClientHttpConnectorFactory.java From spring-credhub with Apache License 2.0 | 5 votes |
|
/**
* Create a {@link ClientHttpConnector} for the given {@link ClientOptions}.
* @param options must not be {@literal null}
* @return a new {@link ClientHttpConnector}.
*/
public static ClientHttpConnector create(ClientOptions options) {
HttpClient httpClient = HttpClient.create();
if (usingCustomCerts(options)) {
TrustManagerFactory trustManagerFactory = sslCertificateUtils
.createTrustManagerFactory(options.getCaCertFiles());
httpClient = httpClient.secure((sslContextSpec) -> sslContextSpec.sslContext(
SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(trustManagerFactory)));
}
else {
httpClient = httpClient.secure((sslContextSpec) -> {
try {
sslContextSpec.sslContext(new JdkSslContext(SSLContext.getDefault(), true, null,
IdentityCipherSuiteFilter.INSTANCE, null, ClientAuth.REQUIRE, null, false));
}
catch (NoSuchAlgorithmException ex) {
logger.error("Error configuring HTTP connections", ex);
throw new RuntimeException("Error configuring HTTP connections", ex);
}
});
}
if (options.getConnectionTimeout() != null) {
httpClient = httpClient
.tcpConfiguration((tcpClient) -> tcpClient.option(ChannelOption.CONNECT_TIMEOUT_MILLIS,
Math.toIntExact(options.getConnectionTimeout().toMillis())));
}
return new ReactorClientHttpConnector(httpClient);
}
Example #15
| Source File: FakeTlsContext.java From NioSmtpClient with Apache License 2.0 | 5 votes |
|
public static SSLContext createContext() {
try {
JdkSslContext nettyContext = (JdkSslContext) SslContextBuilder
.forServer(getKeyManagerFactory())
.sslProvider(SslProvider.JDK)
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.build();
return nettyContext.context();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Example #16
| Source File: HttpApiHandler.java From component-runtime with Apache License 2.0 | 5 votes |
|
public T activeSsl() {
if (sslContext == null) {
try {
final SelfSignedCertificate certificate = new SelfSignedCertificate();
final SslContext nettyContext = SslContext
.newServerContext(SslProvider.JDK, null, InsecureTrustManagerFactory.INSTANCE,
certificate.certificate(), certificate.privateKey(), null, null, null,
IdentityCipherSuiteFilter.INSTANCE, null, 0, 0);
sslContext = JdkSslContext.class.cast(nettyContext).context();
} catch (final SSLException | CertificateException e) {
throw new IllegalStateException(e);
}
}
return (T) this;
}
Example #17
| Source File: OneWaySSLBase.java From qonduit with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example #18
| Source File: TwoWaySSLOpenSSLIT.java From qonduit with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side.
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example #19
| Source File: WebSocketClientIT.java From qonduit with Apache License 2.0 | 5 votes |
|
private void setupSslCtx() throws Exception {
Assert.assertNotNull(clientTrustStoreFile);
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
JdkSslContext jdk = (JdkSslContext) ctx;
sslCtx = jdk.context();
}
Example #20
| Source File: TwoWaySSLIT.java From qonduit with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side.
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example #21
| Source File: TwoWaySSLFailureIT.java From qonduit with Apache License 2.0 | 5 votes |
|
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertTrue(ctx.isClient());
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
Example #22
| Source File: SslUtilTest.java From hivemq-community-edition with Apache License 2.0 | 5 votes |
|
@Test
public void test_java_ssl_tls_1_3_context_created() throws Exception {
final KeyManagerFactory kmf = createKeyManagerFactory();
final SslContext sslServerContext =
sslUtil.createSslServerContext(kmf, null, null, Lists.newArrayList("TLSv1.3"));
assertTrue(sslServerContext instanceof JdkSslContext);
final List<String> protocols = getProtocolsFromContext(sslServerContext);
assertEquals(1, protocols.size());
assertEquals("TLSv1.3", protocols.get(0));
}
Example #23
| Source File: SslUtilTest.java From hivemq-community-edition with Apache License 2.0 | 5 votes |
|
@Test
public void test_java_ssl_tls_1_2_context_created() throws Exception {
final KeyManagerFactory kmf = createKeyManagerFactory();
final SslContext sslServerContext =
sslUtil.createSslServerContext(kmf, null, null, Lists.newArrayList("TLSv1.2"));
assertTrue(sslServerContext instanceof JdkSslContext);
final List<String> protocols = getProtocolsFromContext(sslServerContext);
assertEquals(1, protocols.size());
assertEquals("TLSv1.2", protocols.get(0));
}
Example #24
| Source File: SslUtilTest.java From hivemq-community-edition with Apache License 2.0 | 5 votes |
|
@Test
public void test_java_ssl_tls_1_context_created() throws Exception {
final KeyManagerFactory kmf = createKeyManagerFactory();
final SslContext sslServerContext =
sslUtil.createSslServerContext(kmf, null, null, Lists.newArrayList("TLSv1"));
assertTrue(sslServerContext instanceof JdkSslContext);
final List<String> protocols = getProtocolsFromContext(sslServerContext);
assertEquals(1, protocols.size());
assertEquals("TLSv1", protocols.get(0));
}
Example #25
| Source File: SocketIOServer.java From socketio with Apache License 2.0 | 4 votes |
|
/**
* Creates instance of Socket.IO server with the given secure port.
*/
public static SocketIOServer newInstance(int port, SSLContext sslContext) {
SslContext nettySslContext = new JdkSslContext(sslContext, false, ClientAuth.NONE);
return newInstance(port, nettySslContext);
}
