Java Code Examples for io.netty.handler.ssl.SslProvider#OPENSSL
The following examples show how to use
io.netty.handler.ssl.SslProvider#OPENSSL .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: GrpcSslContexts.java From grpc-nebula-java with Apache License 2.0 | 6 votes |
|
/**
* Returns OpenSSL if available, otherwise returns the JDK provider.
*/
private static SslProvider defaultSslProvider() {
if (OpenSsl.isAvailable()) {
logger.log(Level.FINE, "Selecting OPENSSL");
return SslProvider.OPENSSL;
}
Provider provider = findJdkProvider();
if (provider != null) {
logger.log(Level.FINE, "Selecting JDK with provider {0}", provider);
return SslProvider.JDK;
}
logger.log(Level.INFO, "netty-tcnative unavailable (this may be normal)",
OpenSsl.unavailabilityCause());
logger.log(Level.INFO, "Conscrypt not found (this may be normal)");
logger.log(Level.INFO, "Jetty ALPN unavailable (this may be normal)",
JettyTlsUtil.getJettyAlpnUnavailabilityCause());
throw new IllegalStateException(
"Could not find TLS ALPN provider; "
+ "no working netty-tcnative, Conscrypt, or Jetty NPN/ALPN available");
}
Example 2
| Source File: NettyHttp2Client.java From jmeter-http2-plugin with Apache License 2.0 | 6 votes |
|
private SslContext getSslContext() {
SslContext sslCtx = null;
final SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
try {
sslCtx = SslContextBuilder.forClient()
.sslProvider(provider)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(
Protocol.ALPN,
SelectorFailureBehavior.NO_ADVERTISE,
SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2))
.build();
} catch(SSLException exception) {
return null;
}
return sslCtx;
}
Example 3
| Source File: SslServerInitializer.java From nomulus with Apache License 2.0 | 6 votes |
|
public SslServerInitializer(
boolean requireClientCert,
boolean validateClientCert,
SslProvider sslProvider,
Supplier<PrivateKey> privateKeySupplier,
Supplier<ImmutableList<X509Certificate>> certificatesSupplier) {
logger.atInfo().log("Server SSL Provider: %s", sslProvider);
checkArgument(
requireClientCert || !validateClientCert,
"Cannot validate client certificate if client certificate is not required.");
this.requireClientCert = requireClientCert;
this.validateClientCert = validateClientCert;
this.sslProvider = sslProvider;
this.privateKeySupplier = privateKeySupplier;
this.certificatesSupplier = certificatesSupplier;
this.supportedSslVersions =
sslProvider == SslProvider.OPENSSL
? ImmutableList.of("TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1")
// JDK support for TLS 1.3 won't be available until 2020-07-14 at the earliest.
// See: https://java.com/en/jre-jdk-cryptoroadmap.html
: ImmutableList.of("TLSv1.2", "TLSv1.1", "TLSv1");
}
Example 4
| Source File: XrpcClient.java From xrpc with Apache License 2.0 | 6 votes |
|
private SslContext buildSslCtx() {
SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
try {
return SslContextBuilder.forClient()
.sslProvider(provider)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.trustManager(InsecureTrustManagerFactory.INSTANCE)
// TODO(JR): Make a seperate Handler Class for http2 as opposed to autoneg
// .applicationProtocolConfig(new ApplicationProtocolConfig(
// ApplicationProtocolConfig.Protocol.ALPN,
// // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK
// providers.
// ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
// // ACCEPT is currently the only mode supported by both OpenSsl and JDK
// providers.
// ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
// ApplicationProtocolNames.HTTP_2,
// ApplicationProtocolNames.HTTP_1_1))
.build();
} catch (SSLException e) {
e.printStackTrace();
}
return null;
}
Example 5
| Source File: Http2OkHttpTest.java From grpc-java with Apache License 2.0 | 6 votes |
|
@Override
protected AbstractServerImplBuilder<?> getServerBuilder() {
// Starts the server with HTTPS.
try {
SslProvider sslProvider = SslContext.defaultServerProvider();
if (sslProvider == SslProvider.OPENSSL && !SslProvider.isAlpnSupported(SslProvider.OPENSSL)) {
// OkHttp only supports Jetty ALPN on OpenJDK. So if OpenSSL doesn't support ALPN, then we
// are forced to use Jetty ALPN for Netty instead of OpenSSL.
sslProvider = SslProvider.JDK;
}
SslContextBuilder contextBuilder = SslContextBuilder
.forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"));
GrpcSslContexts.configure(contextBuilder, sslProvider);
contextBuilder.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE);
return NettyServerBuilder.forPort(0)
.flowControlWindow(65 * 1024)
.maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
.sslContext(contextBuilder.build());
} catch (IOException ex) {
throw new RuntimeException(ex);
}
}
Example 6
| Source File: SslUtils.java From servicetalk with Apache License 2.0 | 5 votes |
|
/**
* Convert to netty type.
*
* @param provider the provider to convert.
* @param alpn if {@code true} ALPN should be supported.
* @return the netty provider.
*/
@Nullable
static SslProvider toNettySslProvider(SecurityConfigurator.SslProvider provider, boolean alpn) {
switch (provider) {
case AUTO:
if (alpn) {
if (isAlpnSupported(SslProvider.OPENSSL)) {
return SslProvider.OPENSSL;
} else if (isAlpnSupported(SslProvider.JDK)) {
return SslProvider.JDK;
} else {
throw new IllegalStateException("ALPN configured but not supported by the current classpath: " +
"add OPENSSL support (https://netty.io/wiki/forked-tomcat-native.html) or configure " +
"ALPN for JDK (https://www.eclipse.org/jetty/documentation/current/alpn-chapter.html)");
}
}
return null;
case JDK:
if (alpn && !isAlpnSupported(SslProvider.JDK)) {
throw new IllegalStateException(
"ALPN configured but not supported by the current classpath. For more information, " +
"see https://www.eclipse.org/jetty/documentation/current/alpn-chapter.html");
}
return SslProvider.JDK;
case OPENSSL:
OpenSsl.ensureAvailability();
if (alpn && !isAlpnSupported(SslProvider.OPENSSL)) {
throw new IllegalStateException(
"ALPN configured but not supported by installed version of OpenSSL");
}
return SslProvider.OPENSSL;
default:
throw new Error("Unknown SSL provider specified: " + provider);
}
}
Example 7
| Source File: BenchmarkUtils.java From aws-sdk-java-v2 with Apache License 2.0 | 5 votes |
|
public static SslProvider getSslProvider(String sslProviderValue) {
switch (sslProviderValue) {
case DEFAULT_JDK_SSL_PROVIDER:
return SslProvider.JDK;
case OPEN_SSL_PROVIDER:
return SslProvider.OPENSSL;
default:
return SslContext.defaultClientProvider();
}
}
Example 8
| Source File: TLSCertGenTest.java From fabric-sdk-java with Apache License 2.0 | 5 votes |
|
private SslContextBuilder getSslContextBuilder(File clientCertFile, File clientKeyFile, File serverCertFile) {
SslProvider sslprovider = SslProvider.OPENSSL;
SslContextBuilder ctxBuilder = SslContextBuilder.forClient().protocols(TLS_PROTOCOL).trustManager(serverCertFile);
SslContextBuilder clientContextBuilder = GrpcSslContexts.configure(ctxBuilder, sslprovider);
clientContextBuilder = clientContextBuilder.keyManager(clientCertFile, clientKeyFile);
return clientContextBuilder;
}
Example 9
| Source File: ProberModule.java From nomulus with Apache License 2.0 | 5 votes |
|
/** {@link Provides} the {@link SslProvider} used by instances of {@link SslClientInitializer} */
@Provides
@Singleton
static SslProvider provideSslProvider() {
// Prefer OpenSSL.
return OpenSsl.isAvailable() ? SslProvider.OPENSSL : SslProvider.JDK;
}
Example 10
| Source File: BaseSslContextFactory.java From zuul with Apache License 2.0 | 5 votes |
|
public static SslProvider chooseSslProvider() {
// Use openssl only if available and has ALPN support (ie. version > 1.0.2).
SslProvider sslProvider;
if (ALLOW_USE_OPENSSL.get() && OpenSsl.isAvailable() && SslProvider.isAlpnSupported(SslProvider.OPENSSL)) {
sslProvider = SslProvider.OPENSSL;
}
else {
sslProvider = SslProvider.JDK;
}
return sslProvider;
}
Example 11
| Source File: SSLConfigClient.java From Bats with Apache License 2.0 | 4 votes |
|
@Override
public SslProvider getProvider() {
return provider.equalsIgnoreCase("JDK") ? SslProvider.JDK : SslProvider.OPENSSL;
}
Example 12
| Source File: SslContextHolder.java From blynk-server with GNU General Public License v3.0 | 4 votes |
|
private static SslProvider fetchSslProvider() {
return isOpenSslAvailable() ? SslProvider.OPENSSL : SslProvider.JDK;
}
Example 13
| Source File: Http2Server.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Configure SSL.
final SslContext sslCtx;
if (SSL) {
SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
SelfSignedCertificate ssc = new SelfSignedCertificate();
sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(provider)
/* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification.
* Please refer to the HTTP/2 specification for cipher requirements. */
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(
Protocol.ALPN,
// NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
SelectorFailureBehavior.NO_ADVERTISE,
// ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2,
ApplicationProtocolNames.HTTP_1_1))
.build();
} else {
sslCtx = null;
}
// Configure the server.
EventLoopGroup group = new NioEventLoopGroup();
try {
ServerBootstrap b = new ServerBootstrap();
b.option(ChannelOption.SO_BACKLOG, 1024);
b.group(group)
.channel(NioServerSocketChannel.class)
.handler(new LoggingHandler(LogLevel.INFO))
.childHandler(new Http2ServerInitializer(sslCtx));
Channel ch = b.bind(PORT).sync().channel();
System.err.println("Open your HTTP/2-enabled web browser and navigate to " +
(SSL? "https" : "http") + "://127.0.0.1:" + PORT + '/');
ch.closeFuture().sync();
} finally {
group.shutdownGracefully();
}
}
Example 14
| Source File: Http2Server.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Configure SSL.
final SslContext sslCtx;
if (SSL) {
SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
SelfSignedCertificate ssc = new SelfSignedCertificate();
sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(provider)
/* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification.
* Please refer to the HTTP/2 specification for cipher requirements. */
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(
Protocol.ALPN,
// NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
SelectorFailureBehavior.NO_ADVERTISE,
// ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2,
ApplicationProtocolNames.HTTP_1_1))
.build();
} else {
sslCtx = null;
}
// Configure the server.
EventLoopGroup group = new NioEventLoopGroup();
try {
ServerBootstrap b = new ServerBootstrap();
b.option(ChannelOption.SO_BACKLOG, 1024);
b.group(group)
.channel(NioServerSocketChannel.class)
.handler(new LoggingHandler(LogLevel.INFO))
.childHandler(new Http2ServerInitializer(sslCtx));
Channel ch = b.bind(PORT).sync().channel();
System.err.println("Open your HTTP/2-enabled web browser and navigate to " +
(SSL? "https" : "http") + "://127.0.0.1:" + PORT + '/');
ch.closeFuture().sync();
} finally {
group.shutdownGracefully();
}
}
Example 15
| Source File: TlsTest.java From grpc-java with Apache License 2.0 | 4 votes |
|
@Before
public void setUp() throws NoSuchAlgorithmException {
executor = Executors.newSingleThreadScheduledExecutor();
switch (tlsImpl) {
case TCNATIVE:
Assume.assumeTrue(OpenSsl.isAvailable());
sslProvider = SslProvider.OPENSSL;
break;
case JDK:
Assume.assumeTrue(Arrays.asList(
SSLContext.getDefault().getSupportedSSLParameters().getCipherSuites())
.contains("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"));
sslProvider = SslProvider.JDK;
jdkProvider = Security.getProvider("SunJSSE");
Assume.assumeNotNull(jdkProvider);
try {
// Check for presence of an (ironic) class added in Java 9
Class.forName("java.lang.Runtime$Version");
// Java 9+
} catch (ClassNotFoundException ignored) {
// Before Java 9
// TODO(ejona): remove this assume once we upgrade to Netty 4.1.50.Final. GrpcSslContexts
// detects the Java 9 ALPN API in Java 8 u252, but Netty does not support it in our
// current version
Assume.assumeTrue("Jetty ALPN not found", JettyTlsUtil.isJettyAlpnConfigured());
try {
GrpcSslContexts.configure(SslContextBuilder.forClient(), jdkProvider);
} catch (IllegalArgumentException ex) {
Assume.assumeNoException("Not Java 9+ and Jetty ALPN does not seem available", ex);
}
}
break;
case CONSCRYPT:
sslProvider = SslProvider.JDK;
jdkProvider = Security.getProvider("Conscrypt");
Assume.assumeNotNull(jdkProvider);
break;
default:
throw new AssertionError();
}
clientContextBuilder = SslContextBuilder.forClient();
if (sslProvider == SslProvider.JDK) {
GrpcSslContexts.configure(clientContextBuilder, jdkProvider);
} else {
GrpcSslContexts.configure(clientContextBuilder, sslProvider);
}
}
Example 16
| Source File: AbstractSslEngineBenchmark.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
|
@Override
SslProvider sslProvider() {
return SslProvider.OPENSSL;
}
Example 17
| Source File: SSLConfigServer.java From Bats with Apache License 2.0 | 4 votes |
|
@Override
public SslProvider getProvider() {
return provider.equalsIgnoreCase("JDK") ? SslProvider.JDK : SslProvider.OPENSSL;
}
Example 18
| Source File: SslClientInitializerTest.java From nomulus with Apache License 2.0 | 4 votes |
|
@Parameters(name = "{0}")
public static SslProvider[] data() {
return OpenSsl.isAvailable()
? new SslProvider[] {SslProvider.JDK, SslProvider.OPENSSL}
: new SslProvider[] {SslProvider.JDK};
}
Example 19
| Source File: SslServerInitializerTest.java From nomulus with Apache License 2.0 | 4 votes |
|
@Parameters(name = "{0}")
public static SslProvider[] data() {
return OpenSsl.isAvailable()
? new SslProvider[] {SslProvider.OPENSSL, SslProvider.JDK}
: new SslProvider[] {SslProvider.JDK};
}
Example 20
| Source File: ProxyModule.java From nomulus with Apache License 2.0 | 4 votes |
|
@Provides
static SslProvider provideSslProvider() {
// Prefer OpenSSL.
return OpenSsl.isAvailable() ? SslProvider.OPENSSL : SslProvider.JDK;
}
