io.vertx.core.net.KeyCertOptions Java Examples

The following examples show how to use io.vertx.core.net.KeyCertOptions. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SslCustomizer.java    From vertx-spring-boot with Apache License 2.0 5 votes vote down vote up 
private KeyCertOptions keyCertOptionsAdapter(Ssl ssl) {
    if ("JKS".equalsIgnoreCase(ssl.getKeyStoreType())) {
        return getJksOptions(ssl.getKeyStore(), ssl.getKeyStorePassword());
    } else if ("PKCS12".equalsIgnoreCase(ssl.getKeyStoreType())) {
        return getPfxOptions(ssl.getKeyStore(), ssl.getKeyStorePassword());
    }

    return null;
}
Example #2
Source File: AbstractServiceBase.java    From hono with Eclipse Public License 2.0 5 votes vote down vote up 
/**
 * Adds TLS key & certificate configuration to a given set of server options.
 * <p>
 * If <em>config</em> contains key &amp; certificate configuration it is added to
 * the given server options and the <em>ssl</em> flag is set to {@code true}.
 * <p>
 * If the server option's ssl flag is set, then the protocols from the <em>disabledTlsVersions</em>
 * configuration property are removed from the options (and thus disabled).
 * <p>
 * Finally, if a working instance of Netty's <em>tcnative</em> library is found, then
 * it is used instead of the JDK's default SSL engine.
 *
 * @param serverOptions The options to add configuration to.
 */
protected final void addTlsKeyCertOptions(final NetServerOptions serverOptions) {

    final KeyCertOptions keyCertOptions = getConfig().getKeyCertOptions();

    if (keyCertOptions != null) {
        serverOptions.setSsl(true).setKeyCertOptions(keyCertOptions);
    }

    if (serverOptions.isSsl()) {

        final boolean isOpenSslAvailable = OpenSsl.isAvailable();
        final boolean supportsKeyManagerFactory =  OpenSsl.supportsKeyManagerFactory();
        final boolean useOpenSsl =
                getConfig().isNativeTlsRequired() || (isOpenSslAvailable && supportsKeyManagerFactory);

        log.debug("OpenSSL [available: {}, supports KeyManagerFactory: {}]",
                isOpenSslAvailable, supportsKeyManagerFactory);

        if (useOpenSsl) {
            log.info("using OpenSSL [version: {}] instead of JDK's default SSL engine",
                    OpenSsl.versionString());
            serverOptions.setSslEngineOptions(new OpenSSLEngineOptions());
        } else {
            log.info("using JDK's default SSL engine");
        }

        serverOptions.getEnabledSecureTransportProtocols()
            .forEach(protocol -> serverOptions.removeEnabledSecureTransportProtocol(protocol));
        getConfig().getSecureProtocols().forEach(protocol -> {
            log.info("enabling secure protocol [{}]", protocol);
            serverOptions.addEnabledSecureTransportProtocol(protocol);
        });

        serverOptions.setSni(getConfig().isSni());
        log.info("Service supports TLS ServerNameIndication: {}", getConfig().isSni());
    }
}
Example #3
Source File: ConnectionFactoryImpl.java    From hono with Eclipse Public License 2.0 5 votes vote down vote up 
private void addTlsKeyCertOptions(final ProtonClientOptions clientOptions) {

        if (clientOptions.getKeyCertOptions() == null) {
            final KeyCertOptions keyCertOptions = config.getKeyCertOptions();
            if (keyCertOptions != null) {
                clientOptions.setSsl(true).setKeyCertOptions(keyCertOptions);
                clientOptions.addEnabledSaslMechanism(ProtonSaslExternalImpl.MECH_NAME);
            }
        }
    }
Example #4
Source File: AbstractConfigTest.java    From hono with Eclipse Public License 2.0 5 votes vote down vote up 
/**
 * Test a valid PFX configuration.
 */
@Test
public void testPfxConfig() {
    cfg.setKeyStorePath(PREFIX_KEY_PATH + "authServerKeyStore.p12");
    cfg.setKeyStorePassword("authkeys");

    final KeyCertOptions options = cfg.getKeyCertOptions();

    assertThat(options).isNotNull();
    assertThat(options).isInstanceOf(PfxOptions.class);
}
Example #5
Source File: AbstractConfigTest.java    From hono with Eclipse Public License 2.0 5 votes vote down vote up 
/**
 * Test a valid PEM configuration.
 */
@Test
public void testPemConfig() {
    cfg.setKeyPath(PREFIX_KEY_PATH + "auth-server-key.pem");
    cfg.setCertPath(PREFIX_KEY_PATH + "auth-server-cert.pem");

    final KeyCertOptions options = cfg.getKeyCertOptions();

    assertThat(options).isNotNull();
    assertThat(options).isInstanceOf(PemKeyCertOptions.class);
}
Example #6
Source File: AbstractConfigTest.java    From hono with Eclipse Public License 2.0 5 votes vote down vote up 
/**
 * Specify key and cert, but override type PKCS12.
 */
@Test
public void testInvalidConfig1() {
    cfg.setKeyPath(PREFIX_KEY_PATH + "auth-server-key.pem");
    cfg.setCertPath(PREFIX_KEY_PATH + "auth-server-cert.pem");
    cfg.setKeyFormat(FileFormat.PKCS12);

    final KeyCertOptions options = cfg.getKeyCertOptions();

    assertThat(options).isNull();
}
Example #7
Source File: AbstractConfigTest.java    From hono with Eclipse Public License 2.0 5 votes vote down vote up 
/**
 * Specify a keystore, but override type PEM.
 */
@Test
public void testInvalidConfig2() {
    cfg.setKeyStorePath(PREFIX_KEY_PATH + "authServerKeyStore.p12");
    cfg.setKeyStorePassword("authkeys");

    cfg.setKeyFormat(FileFormat.PEM);

    final KeyCertOptions options = cfg.getKeyCertOptions();

    assertThat(options).isNull();
}
Example #8
Source File: ProtonClientOptions.java    From vertx-proton with Apache License 2.0 4 votes vote down vote up 
@Override
public ProtonClientOptions setKeyCertOptions(KeyCertOptions options) {
  super.setKeyCertOptions(options);
  return this;
}
Example #9
Source File: ProtonServerOptions.java    From vertx-proton with Apache License 2.0 4 votes vote down vote up 
@Override
public ProtonServerOptions setKeyCertOptions(KeyCertOptions options) {
  super.setKeyCertOptions(options);
  return this;
}
Example #10
Source File: SSHServer.java    From vertx-shell with Apache License 2.0 4 votes vote down vote up 
public SSHServer listen(Handler<AsyncResult<Void>> listenHandler) {
  if (!status.compareAndSet(STATUS_STOPPED, STATUS_STARTING)) {
    listenHandler.handle(Future.failedFuture("Invalid state:" + status.get()));
    return this;
  }
  if (options.getAuthOptions() != null) {
    authProvider = ShellAuth.load(vertx, options.getAuthOptions());
  }
  Charset defaultCharset = Charset.forName(options.getDefaultCharset());
  listenContext = (ContextInternal) vertx.getOrCreateContext();
  vertx.executeBlocking(fut -> {

    try {
      KeyCertOptions ksOptions = options.getKeyPairOptions();
      KeyStoreHelper ksHelper = KeyStoreHelper.create((VertxInternal) vertx, ksOptions);
      if (ksHelper == null) {
        throw new VertxException("No key pair store configured");
      }
      KeyStore ks = ksHelper.store();

      String kpPassword = "";
      if (ksOptions instanceof JksOptions) {
        kpPassword = ((JksOptions) ksOptions).getPassword();
      } else if (ksOptions instanceof PfxOptions) {
        kpPassword = ((PfxOptions) ksOptions).getPassword();
      }

      List<KeyPair> keyPairs = new ArrayList<>();
      for (Enumeration<String> it = ks.aliases(); it.hasMoreElements(); ) {
        String alias = it.nextElement();
        Key key = ks.getKey(alias, kpPassword.toCharArray());
        if (key instanceof PrivateKey) {
          Certificate cert = ks.getCertificate(alias);
          PublicKey publicKey = cert.getPublicKey();
          keyPairs.add(new KeyPair(publicKey, (PrivateKey) key));
        }
      }
      KeyPairProvider provider = new AbstractKeyPairProvider() {
        @Override
        public Iterable<KeyPair> loadKeys() {
          return keyPairs;
        }
      };

      Buffer inputrc = Helper.loadResource(vertx.fileSystem(), options.getIntputrc());
      if (inputrc == null) {
        throw new VertxException("Could not load inputrc from " + options.getIntputrc());
      }
      Keymap keymap = new Keymap(new ByteArrayInputStream(inputrc.getBytes()));
      TermConnectionHandler connectionHandler = new TermConnectionHandler(vertx, keymap, termHandler);

      nativeServer = SshServer.setUpDefaultServer();
      nativeServer.setShellFactory(() -> new TtyCommand(defaultCharset, connectionHandler::handle));
      Handler<SSHExec> execHandler = this.execHandler;
      if (execHandler != null) {
        nativeServer.setCommandFactory(command -> new TtyCommand(defaultCharset, conn -> {
          execHandler.handle(new SSHExec(command, conn));
        }));
      }
      nativeServer.setHost(options.getHost());
      nativeServer.setPort(options.getPort());
      nativeServer.setKeyPairProvider(provider);
      nativeServer.setIoServiceFactoryFactory(new NettyIoServiceFactoryFactory(listenContext.nettyEventLoop(), new VertxIoHandlerBridge(listenContext)));
      nativeServer.setServiceFactories(Arrays.asList(ServerConnectionServiceFactory.INSTANCE, AsyncUserAuthServiceFactory.INSTANCE));

      //
      if (authProvider == null) {
        throw new VertxException("No authenticator");
      }

      nativeServer.setPasswordAuthenticator((username, userpass, session) -> {
        AsyncAuth auth = new AsyncAuth();
        listenContext.runOnContext(v -> {
          authProvider.authenticate(new JsonObject().put("username", username).put("password", userpass), ar -> {
            auth.setAuthed(ar.succeeded());
          });
        });
        throw auth;
      });

      //
      nativeServer.start();
      status.set(STATUS_STARTED);
      fut.complete();
    } catch (Exception e) {
      status.set(STATUS_STOPPED);
      fut.fail(e);
    }
  }, listenHandler);
  return this;
}
Example #11
Source File: SSHTermOptions.java    From vertx-shell with Apache License 2.0 4 votes vote down vote up 
/**
 * @return the key pair options
 */
@GenIgnore
public KeyCertOptions getKeyPairOptions() {
  return keyPairOptions;
}
Example #12
Source File: MailConfig.java    From vertx-mail-client with Apache License 2.0 4 votes vote down vote up 
public MailConfig setKeyCertOptions(KeyCertOptions options) {
  super.setKeyCertOptions(options);
  return this;
}
Example #13
Source File: MqttClientOptions.java    From vertx-mqtt with Apache License 2.0 4 votes vote down vote up 
@Override
public MqttClientOptions setKeyCertOptions(KeyCertOptions options) {
   super.setKeyCertOptions(options);
   return this;
}
Example #14
Source File: MqttServerOptions.java    From vertx-mqtt with Apache License 2.0 4 votes vote down vote up 
@Override
public MqttServerOptions setKeyCertOptions(KeyCertOptions options) {
  super.setKeyCertOptions(options);
  return this;
}
Example #15
Source File: S3ClientOptions.java    From vertx-s3-client with Apache License 2.0 4 votes vote down vote up 
@Override
public S3ClientOptions setKeyCertOptions(final KeyCertOptions options) {
    super.setKeyCertOptions(options);
    return this;
}
Example #16
Source File: MSSQLConnectOptions.java    From vertx-sql-client with Apache License 2.0 4 votes vote down vote up 
@Override
public MSSQLConnectOptions setKeyCertOptions(KeyCertOptions options) {
  return (MSSQLConnectOptions) super.setKeyCertOptions(options);
}
Example #17
Source File: DB2ConnectOptions.java    From vertx-sql-client with Apache License 2.0 4 votes vote down vote up 
@Override
public DB2ConnectOptions setKeyCertOptions(KeyCertOptions options) {
  return (DB2ConnectOptions) super.setKeyCertOptions(options);
}
Example #18
Source File: VertxSubstitutions.java    From quarkus with Apache License 2.0 4 votes vote down vote up 
@Substitute
static void setCertOptions(TCPSSLOptions options, KeyCertOptions keyCertOptions) {
    throw new RuntimeException("Not Implemented");
}