io.vertx.core.net.OpenSSLEngineOptions Java Examples

The following examples show how to use io.vertx.core.net.OpenSSLEngineOptions. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AbstractServiceBase.java    From hono with Eclipse Public License 2.0 5 votes vote down vote up 
/**
 * Adds TLS key & certificate configuration to a given set of server options.
 * <p>
 * If <em>config</em> contains key &amp; certificate configuration it is added to
 * the given server options and the <em>ssl</em> flag is set to {@code true}.
 * <p>
 * If the server option's ssl flag is set, then the protocols from the <em>disabledTlsVersions</em>
 * configuration property are removed from the options (and thus disabled).
 * <p>
 * Finally, if a working instance of Netty's <em>tcnative</em> library is found, then
 * it is used instead of the JDK's default SSL engine.
 *
 * @param serverOptions The options to add configuration to.
 */
protected final void addTlsKeyCertOptions(final NetServerOptions serverOptions) {

    final KeyCertOptions keyCertOptions = getConfig().getKeyCertOptions();

    if (keyCertOptions != null) {
        serverOptions.setSsl(true).setKeyCertOptions(keyCertOptions);
    }

    if (serverOptions.isSsl()) {

        final boolean isOpenSslAvailable = OpenSsl.isAvailable();
        final boolean supportsKeyManagerFactory =  OpenSsl.supportsKeyManagerFactory();
        final boolean useOpenSsl =
                getConfig().isNativeTlsRequired() || (isOpenSslAvailable && supportsKeyManagerFactory);

        log.debug("OpenSSL [available: {}, supports KeyManagerFactory: {}]",
                isOpenSslAvailable, supportsKeyManagerFactory);

        if (useOpenSsl) {
            log.info("using OpenSSL [version: {}] instead of JDK's default SSL engine",
                    OpenSsl.versionString());
            serverOptions.setSslEngineOptions(new OpenSSLEngineOptions());
        } else {
            log.info("using JDK's default SSL engine");
        }

        serverOptions.getEnabledSecureTransportProtocols()
            .forEach(protocol -> serverOptions.removeEnabledSecureTransportProtocol(protocol));
        getConfig().getSecureProtocols().forEach(protocol -> {
            log.info("enabling secure protocol [{}]", protocol);
            serverOptions.addEnabledSecureTransportProtocol(protocol);
        });

        serverOptions.setSni(getConfig().isSni());
        log.info("Service supports TLS ServerNameIndication: {}", getConfig().isSni());
    }
}
Example #2
Source File: HttpSslIT.java    From vertx-spring-boot with Apache License 2.0 4 votes vote down vote up 
@Bean
public HttpClientOptionsCustomizer clientOpenSslEngineOptionsCustomizer() {
    return options -> options.setSslEngineOptions(new OpenSSLEngineOptions());
}
Example #3
Source File: HttpSslIT.java    From vertx-spring-boot with Apache License 2.0 4 votes vote down vote up 
@Bean
public HttpServerOptionsCustomizer serverOpenSslEngineOptionsCustomizer() {
    return options -> options.setSslEngineOptions(new OpenSSLEngineOptions());
}
Example #4
Source File: VertxTLSBuilder.java    From servicecomb-java-chassis with Apache License 2.0 4 votes vote down vote up 
private static TCPSSLOptions buildTCPSSLOptions(SSLOption sslOption, SSLCustom sslCustom,
    TCPSSLOptions tcpClientOptions) {
  tcpClientOptions.setSsl(true);

  if (sslOption.getEngine().equalsIgnoreCase("openssl")) {
    OpenSSLEngineOptions options = new OpenSSLEngineOptions();
    options.setSessionCacheEnabled(true);
    tcpClientOptions.setOpenSslEngineOptions(new OpenSSLEngineOptions());
  }
  String fullKeyStore = sslCustom.getFullPath(sslOption.getKeyStore());
  if (isFileExists(fullKeyStore)) {
    if (STORE_PKCS12.equalsIgnoreCase(sslOption.getKeyStoreType())) {
      PfxOptions keyPfxOptions = new PfxOptions();
      keyPfxOptions.setPath(sslCustom.getFullPath(sslOption.getKeyStore()));
      keyPfxOptions.setPassword(new String(sslCustom.decode(sslOption.getKeyStoreValue().toCharArray())));
      tcpClientOptions.setPfxKeyCertOptions(keyPfxOptions);
    } else if (STORE_JKS.equalsIgnoreCase(sslOption.getKeyStoreType())) {
      JksOptions keyJksOptions = new JksOptions();
      keyJksOptions.setPath(sslCustom.getFullPath(sslOption.getKeyStore()));
      keyJksOptions.setPassword(new String(sslCustom.decode(sslOption.getKeyStoreValue().toCharArray())));
      tcpClientOptions.setKeyStoreOptions(keyJksOptions);
    } else {
      throw new IllegalArgumentException("invalid key store type.");
    }
  } else {
    LOGGER.warn("keyStore [" + fullKeyStore + "] file not exist, please check!");
  }
  String fullTrustStore = sslCustom.getFullPath(sslOption.getTrustStore());
  if (isFileExists(fullTrustStore)) {
    if (STORE_PKCS12.equalsIgnoreCase(sslOption.getTrustStoreType())) {
      PfxOptions trustPfxOptions = new PfxOptions();
      trustPfxOptions.setPath(sslCustom.getFullPath(sslOption.getTrustStore()));
      trustPfxOptions
          .setPassword(new String(sslCustom.decode(sslOption.getTrustStoreValue().toCharArray())));
      tcpClientOptions.setPfxTrustOptions(trustPfxOptions);
    } else if (STORE_JKS.equalsIgnoreCase(sslOption.getTrustStoreType())) {
      JksOptions trustJksOptions = new JksOptions();
      trustJksOptions.setPath(sslCustom.getFullPath(sslOption.getTrustStore()));
      trustJksOptions
          .setPassword(new String(sslCustom.decode(sslOption.getTrustStoreValue().toCharArray())));
      tcpClientOptions.setTrustStoreOptions(trustJksOptions);
    } else {
      throw new IllegalArgumentException("invalid trust store type.");
    }
  } else {
    LOGGER.warn("trustStore [" + fullTrustStore + "] file not exist, please check!");
  }

  tcpClientOptions
      .setEnabledSecureTransportProtocols(new HashSet<String>(Arrays.asList(sslOption.getProtocols().split(","))));

  for (String cipher : SSLManager.getEnalbedCiphers(sslOption.getCiphers())) {
    tcpClientOptions.addEnabledCipherSuite(cipher);
  }

  if (isFileExists(sslCustom.getFullPath(sslOption.getCrl()))) {
    tcpClientOptions.addCrlPath(sslCustom.getFullPath(sslOption.getCrl()));
  }
  return tcpClientOptions;
}
Example #5
Source File: DB2ConnectOptions.java    From vertx-sql-client with Apache License 2.0 4 votes vote down vote up 
@Override
public DB2ConnectOptions setOpenSslEngineOptions(OpenSSLEngineOptions sslEngineOptions) {
  return (DB2ConnectOptions) super.setOpenSslEngineOptions(sslEngineOptions);
}
Example #6
Source File: MSSQLConnectOptions.java    From vertx-sql-client with Apache License 2.0 4 votes vote down vote up 
@Override
public MSSQLConnectOptions setOpenSslEngineOptions(OpenSSLEngineOptions sslEngineOptions) {
  return (MSSQLConnectOptions) super.setOpenSslEngineOptions(sslEngineOptions);
}
Example #7
Source File: PostgresHandle.java    From okapi with Apache License 2.0 4 votes vote down vote up 
PostgresHandle(Vertx vertx, JsonObject conf) {
  String val;

  connectOptions = new PgConnectOptions();
  val = Config.getSysConf("postgres_host", null, conf);
  if (val != null) {
    connectOptions.setHost(val);
  }
  val = Config.getSysConf("postgres_port", null, conf);
  Logger logger = OkapiLogger.get();
  if (val != null) {
    try {
      connectOptions.setPort(Integer.parseInt(val));
    } catch (NumberFormatException e) {
      logger.warn("Bad postgres_port value: {}: {}", val, e.getMessage());
    }
  }

  // postgres_user is supported for system configuration (-D option) only and is deprecated
  connectOptions.setUser(Config.getSysConf("postgres_username",
      Config.getSysConf("postgres_user", "okapi", new JsonObject()), conf));
  connectOptions.setPassword(Config.getSysConf("postgres_password", "okapi25", conf));
  connectOptions.setDatabase(Config.getSysConf("postgres_database", "okapi", conf));
  String serverPem = Config.getSysConf("postgres_server_pem", null, conf);
  if (serverPem != null) {
    logger.debug("Enforcing SSL encryption for PostgreSQL connections, "
        + "requiring TLSv1.3 with server name certificate");
    connectOptions.setSslMode(SslMode.VERIFY_FULL);
    connectOptions.setHostnameVerificationAlgorithm("HTTPS");
    connectOptions.setPemTrustOptions(
        new PemTrustOptions().addCertValue(Buffer.buffer(serverPem)));
    connectOptions.setEnabledSecureTransportProtocols(Collections.singleton("TLSv1.3"));
    connectOptions.setOpenSslEngineOptions(new OpenSSLEngineOptions());
  }

  PoolOptions poolOptions = new PoolOptions();
  poolOptions.setMaxSize(5);

  pool = PgPool.pool(vertx, connectOptions, poolOptions);
  logger.debug("created");
}
Example #8
Source File: S3ClientOptions.java    From vertx-s3-client with Apache License 2.0 4 votes vote down vote up 
@Override
public S3ClientOptions setOpenSslEngineOptions(final OpenSSLEngineOptions sslEngineOptions) {
    super.setOpenSslEngineOptions(sslEngineOptions);
    return this;
}
Example #9
Source File: ConnectionFactoryImpl.java    From hono with Eclipse Public License 2.0 4 votes vote down vote up 
private void addTlsTrustOptions(final ProtonClientOptions clientOptions) {

        if (config.isTlsEnabled()) {
            clientOptions.setSsl(true);
        }

        if (clientOptions.getTrustOptions() == null) {
            final TrustOptions trustOptions = config.getTrustOptions();
            if (trustOptions != null) {
                clientOptions.setSsl(true).setTrustOptions(trustOptions);
            }
        }

        if (clientOptions.isSsl()) {

            final boolean isOpenSslAvailable = OpenSsl.isAvailable();
            final boolean supportsKeyManagerFactory =  OpenSsl.supportsKeyManagerFactory();
            final boolean useOpenSsl = isOpenSslAvailable && supportsKeyManagerFactory;

            logger.debug("OpenSSL [available: {}, supports KeyManagerFactory: {}]",
                    isOpenSslAvailable, supportsKeyManagerFactory);

            if (useOpenSsl) {
                logger.debug("using OpenSSL [version: {}] instead of JDK's default SSL engine",
                        OpenSsl.versionString());
                clientOptions.setSslEngineOptions(new OpenSSLEngineOptions());
            } else {
                logger.debug("using JDK's default SSL engine");
            }

            if (config.isHostnameVerificationRequired()) {
                clientOptions.setHostnameVerificationAlgorithm("HTTPS");
            } else {
                clientOptions.setHostnameVerificationAlgorithm("");
            }
            clientOptions.getEnabledSecureTransportProtocols()
                .forEach(protocol -> clientOptions.removeEnabledSecureTransportProtocol(protocol));
            config.getSecureProtocols().forEach(protocol -> {
                logger.debug("enabling secure protocol [{}]", protocol);
                clientOptions.addEnabledSecureTransportProtocol(protocol);
            });
        }
    }
Example #10
Source File: MailConfig.java    From vertx-mail-client with Apache License 2.0 4 votes vote down vote up 
public MailConfig setOpenSslEngineOptions(OpenSSLEngineOptions sslEngineOptions) {
  super.setOpenSslEngineOptions(sslEngineOptions);
  return this;
}
Example #11
Source File: ProtonServerOptions.java    From vertx-proton with Apache License 2.0 4 votes vote down vote up 
@Override
public ProtonServerOptions setOpenSslEngineOptions(OpenSSLEngineOptions sslEngineOptions) {
  super.setOpenSslEngineOptions(sslEngineOptions);
  return this;
}
Example #12
Source File: ProtonClientOptions.java    From vertx-proton with Apache License 2.0 4 votes vote down vote up 
@Override
public ProtonClientOptions setOpenSslEngineOptions(OpenSSLEngineOptions sslEngineOptions) {
  super.setOpenSslEngineOptions(sslEngineOptions);
  return this;
}