io.netty.handler.ssl.SslContextBuilder Java Examples

The following examples show how to use io.netty.handler.ssl.SslContextBuilder. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ReactorGuiceServer.java    From reactor-guice with Apache License 2.0 7 votes vote down vote up
public ReactorGuiceServer setHttps (File jksFile, String jksPassword, String jksSecret) {

        try {
            // ssl
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(jksFile), jksPassword.toCharArray());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, jksSecret.toCharArray());
            sslContext = SslContextBuilder.forServer(keyManagerFactory).build();
        }
        catch(Exception e) {
            e.printStackTrace();
            sslContext = null;
        }

        // SelfSignedCertificate cert = new SelfSignedCertificate();
        // SslContextBuilder serverOptions = SslContextBuilder.forServer(cert.certificate(), cert.privateKey());

        return this;
    }
 
Example #2
Source File: TcpSslUriHandler.java    From alibaba-rsocket-broker with Apache License 2.0 6 votes vote down vote up
@Override
public Optional<ClientTransport> buildClient(URI uri) {
    Objects.requireNonNull(uri, "uri must not be null");

    if (!SCHEME.equals(uri.getScheme())) {
        return Optional.empty();
    }
    try {
        SslContext context = SslContextBuilder
                .forClient()
                .protocols(protocols)
                .sslProvider(getSslProvider())
                .trustManager(trustManagerFactory).build();
        TcpClient tcpClient = TcpClient.create()
                .host(uri.getHost())
                .port(uri.getPort())
                .secure(ssl -> ssl.sslContext(context));
        return Optional.of(TcpClientTransport.create(tcpClient));
    } catch (Exception e) {
        return Optional.empty();
    }
}
 
Example #3
Source File: MySqlConnectionConfigurationTest.java    From r2dbc-mysql with Apache License 2.0 6 votes vote down vote up
@Test
void sslContextBuilderCustomizer() {
    String message = "Worked!";
    Function<SslContextBuilder, SslContextBuilder> customizer = ignored -> {
        throw new IllegalStateException(message);
    };
    MySqlConnectionConfiguration configuration = MySqlConnectionConfiguration.builder()
        .host(HOST)
        .user(USER)
        .sslMode(SslMode.REQUIRED)
        .sslContextBuilderCustomizer(customizer)
        .build();

    assertThatIllegalStateException()
        .isThrownBy(() -> configuration.getSsl().customizeSslContext(SslContextBuilder.forClient()))
        .withMessage(message);
}
 
Example #4
Source File: SslUtil.java    From hivemq-community-edition with Apache License 2.0 6 votes vote down vote up
@NotNull
public SslContext createSslServerContext(@NotNull final KeyManagerFactory kmf, @Nullable final TrustManagerFactory tmFactory, @Nullable final List<String> cipherSuites, @Nullable final List<String> protocols) throws SSLException {

    final SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(kmf);

    sslContextBuilder.sslProvider(SslProvider.JDK).trustManager(tmFactory);

    if (protocols != null && !protocols.isEmpty()) {
        sslContextBuilder.protocols(protocols.toArray(new String[0]));
    }

    //set chosen cipher suites if available
    if (cipherSuites != null && cipherSuites.size() > 0) {
        sslContextBuilder.ciphers(cipherSuites, SupportedCipherSuiteFilter.INSTANCE);
    } else {
        sslContextBuilder.ciphers(null, SupportedCipherSuiteFilter.INSTANCE);
    }
    return sslContextBuilder.build();
}
 
Example #5
Source File: SocketSslGreetingTest.java    From netty-4.1.22 with Apache License 2.0 6 votes vote down vote up
@Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}")
public static Collection<Object[]> data() throws Exception {
    List<SslContext> serverContexts = new ArrayList<SslContext>();
    serverContexts.add(SslContextBuilder.forServer(CERT_FILE, KEY_FILE).sslProvider(SslProvider.JDK).build());

    List<SslContext> clientContexts = new ArrayList<SslContext>();
    clientContexts.add(SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(CERT_FILE).build());

    boolean hasOpenSsl = OpenSsl.isAvailable();
    if (hasOpenSsl) {
        serverContexts.add(SslContextBuilder.forServer(CERT_FILE, KEY_FILE)
                                            .sslProvider(SslProvider.OPENSSL).build());
        clientContexts.add(SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL)
                                            .trustManager(CERT_FILE).build());
    } else {
        logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause());
    }

    List<Object[]> params = new ArrayList<Object[]>();
    for (SslContext sc: serverContexts) {
        for (SslContext cc: clientContexts) {
            params.add(new Object[] { sc, cc });
        }
    }
    return params;
}
 
Example #6
Source File: TelnetServer.java    From tools-journey with Apache License 2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    // Configure SSL.
    final SslContext sslCtx;
    if (SSL) {
        SelfSignedCertificate ssc = new SelfSignedCertificate();
        sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).build();
    } else {
        sslCtx = null;
    }

    EventLoopGroup bossGroup = new NioEventLoopGroup(1);
    EventLoopGroup workerGroup = new NioEventLoopGroup();
    try {
        ServerBootstrap b = new ServerBootstrap();
        b.group(bossGroup, workerGroup)
         .channel(NioServerSocketChannel.class)
         .handler(new LoggingHandler(LogLevel.INFO))
         .childHandler(new TelnetServerInitializer(sslCtx));

        b.bind(PORT).sync().channel().closeFuture().sync();
    } finally {
        bossGroup.shutdownGracefully();
        workerGroup.shutdownGracefully();
    }
}
 
Example #7
Source File: Ssl.java    From zbus-server with MIT License 6 votes vote down vote up
private static SslContext buildSslContext() { 
	try {
		SslContextBuilder sslContextBuilder = SslContextBuilder.forClient()
				.sslProvider(SslProvider.JDK)
				.sessionCacheSize(0)
				.sessionTimeout(0);
		String[] protocols = new String[] { "TLSv1.2", "TLSv1.1", "TLSv1" };
		sslContextBuilder.protocols(protocols);
		SslContext sslContext = sslContextBuilder.build();
		return sslContext;
		
	} catch (Exception e) {
		e.printStackTrace();
		return null;
	}
}
 
Example #8
Source File: HttpCorsServer.java    From HttpProxy with MIT License 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    // Configure SSL.
    final SslContext sslCtx;
    if (SSL) {
        SelfSignedCertificate ssc = new SelfSignedCertificate();
        sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).build();
    } else {
        sslCtx = null;
    }

    EventLoopGroup bossGroup = new NioEventLoopGroup(1);
    EventLoopGroup workerGroup = new NioEventLoopGroup();
    try {
        ServerBootstrap b = new ServerBootstrap();
        b.group(bossGroup, workerGroup)
         .channel(NioServerSocketChannel.class)
         .handler(new LoggingHandler(LogLevel.INFO))
         .childHandler(new HttpCorsServerInitializer(sslCtx));

        b.bind(PORT).sync().channel().closeFuture().sync();
    } finally {
        bossGroup.shutdownGracefully();
        workerGroup.shutdownGracefully();
    }
}
 
Example #9
Source File: TitusWebClientAddOns.java    From titus-control-plane with Apache License 2.0 6 votes vote down vote up
public static WebClient.Builder addTitusDefaults(WebClient.Builder clientBuilder,
                                                 boolean secure,
                                                 WebClientMetric webClientMetric) {
    HttpClient httpClient = HttpClient.create();
    // SSL
    if (secure) {
        try {
            SslContext sslContext = SslContextBuilder.forClient().build();
            httpClient = httpClient.secure(spec -> spec.sslContext(sslContext));
        } catch (SSLException e) {
            logger.error("Unable configure Docker registry client SSL context: {}", e.getMessage());
            throw new RuntimeException("Error configuring SSL context", e);
        }
    }

    return addTitusDefaults(clientBuilder, httpClient, webClientMetric);
}
 
Example #10
Source File: RntbdTransportClientTest.java    From azure-cosmosdb-java with MIT License 6 votes vote down vote up
private static RntbdTransportClient getRntbdTransportClientUnderTest(
    final UserAgentContainer userAgent,
    final Duration requestTimeout,
    final RntbdResponse expected
) {

    final RntbdTransportClient.Options options = new RntbdTransportClient.Options.Builder(requestTimeout)
        .userAgent(userAgent)
        .build();

    final SslContext sslContext;

    try {
        sslContext = SslContextBuilder.forClient().build();
    } catch (final Exception error) {
        throw new AssertionError(String.format("%s: %s", error.getClass(), error.getMessage()));
    }

    return new RntbdTransportClient(new FakeEndpoint.Provider(options, sslContext, expected));
}
 
Example #11
Source File: GrafanaAuth.java    From timely with Apache License 2.0 5 votes vote down vote up
protected SslContext createSSLContext(GrafanaAuthConfiguration config) throws Exception {

        ServerSsl sslCfg = config.getSecurity().getServerSsl();
        Boolean generate = sslCfg.isUseGeneratedKeypair();
        SslContextBuilder ssl;
        if (generate) {
            LOG.warn("Using generated self signed server certificate");
            Date begin = new Date();
            Date end = new Date(begin.getTime() + 86400000);
            SelfSignedCertificate ssc = new SelfSignedCertificate("localhost", begin, end);
            ssl = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
        } else {
            String cert = sslCfg.getCertificateFile();
            String key = sslCfg.getKeyFile();
            String keyPass = sslCfg.getKeyPassword();
            if (null == cert || null == key) {
                throw new IllegalArgumentException("Check your SSL properties, something is wrong.");
            }
            ssl = SslContextBuilder.forServer(new File(cert), new File(key), keyPass);
        }

        ssl.ciphers(sslCfg.getUseCiphers());

        // Can't set to REQUIRE because the CORS pre-flight requests will fail.
        ssl.clientAuth(ClientAuth.OPTIONAL);

        Boolean useOpenSSL = sslCfg.isUseOpenssl();
        if (useOpenSSL) {
            ssl.sslProvider(SslProvider.OPENSSL);
        } else {
            ssl.sslProvider(SslProvider.JDK);
        }
        String trustStore = sslCfg.getTrustStoreFile();
        if (null != trustStore) {
            if (!trustStore.isEmpty()) {
                ssl.trustManager(new File(trustStore));
            }
        }
        return ssl.build();
    }
 
Example #12
Source File: SslContextUtil.java    From ext-opensource-netty with Mozilla Public License 2.0 5 votes vote down vote up
public static SslContext createSSLServerContext(String sslFilePath,
		String sslPassword, String sslType, String algorithmName) {
	try {
		KeyStore keyStore = KeyStore.getInstance(sslType);
		KeyManagerFactory kmf = KeyManagerFactory
				.getInstance(algorithmName);

		InputStream ksInputStream = new FileInputStream(
				getFileInputStream(sslFilePath));

		try {
			keyStore.load(ksInputStream, sslPassword.toCharArray());
			kmf.init(keyStore, sslPassword.toCharArray());

		} finally {
			ksInputStream.close();
		}
		
           ///both-client
		KeyStore ts = KeyStore.getInstance(sslType);
		TrustManagerFactory tf = TrustManagerFactory
				.getInstance(algorithmName);

		InputStream tsInputStreamx = new FileInputStream(
				getFileInputStream(sslFilePath));
		try {

			ts.load(tsInputStreamx, sslPassword.toCharArray());
			tf.init(ts);
		} finally {
			tsInputStreamx.close();
		}
		return SslContextBuilder.forServer(kmf).trustManager(tf).build();

	} catch (Exception ex) {
		ex.printStackTrace();
		return null;
	}
}
 
Example #13
Source File: WebSocketServer.java    From tools-journey with Apache License 2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    // Configure SSL.
    final SslContext sslCtx;
    if (SSL) {
        SelfSignedCertificate ssc = new SelfSignedCertificate();
        sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).build();
    } else {
        sslCtx = null;
    }

    EventLoopGroup bossGroup = new NioEventLoopGroup(1);
    EventLoopGroup workerGroup = new NioEventLoopGroup();
    try {
        ServerBootstrap b = new ServerBootstrap();
        b.group(bossGroup, workerGroup)
                .channel(NioServerSocketChannel.class)
                .handler(new LoggingHandler(LogLevel.INFO))
                .childHandler(new WebSocketServerInitializer(sslCtx));

        Channel ch = b.bind(PORT).sync().channel();

        System.out.println("Open your web browser and navigate to " +
                (SSL ? "https" : "http") + "://127.0.0.1:" + PORT + '/');

        ch.closeFuture().sync();
    } finally {
        bossGroup.shutdownGracefully();
        workerGroup.shutdownGracefully();
    }
}
 
Example #14
Source File: HttpUploadServer.java    From netty-4.1.22 with Apache License 2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    // Configure SSL.
    final SslContext sslCtx;
    if (SSL) {
        SelfSignedCertificate ssc = new SelfSignedCertificate();
        sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).build();
    } else {
        sslCtx = null;
    }

    EventLoopGroup bossGroup = new NioEventLoopGroup(1);
    EventLoopGroup workerGroup = new NioEventLoopGroup();
    try {
        ServerBootstrap b = new ServerBootstrap();
        b.group(bossGroup, workerGroup);
        b.channel(NioServerSocketChannel.class);
        b.handler(new LoggingHandler(LogLevel.INFO));
        b.childHandler(new HttpUploadServerInitializer(sslCtx));

        Channel ch = b.bind(PORT).sync().channel();

        System.err.println("Open your web browser and navigate to " +
                (SSL? "https" : "http") + "://127.0.0.1:" + PORT + '/');

        ch.closeFuture().sync();
    } finally {
        bossGroup.shutdownGracefully();
        workerGroup.shutdownGracefully();
    }
}
 
Example #15
Source File: EmeraldTransport.java    From etherjar with Apache License 2.0 5 votes vote down vote up
/**
 * Setup client certificate
 *
 * @param certificate x509 certificate
 * @param key private key for the certificate in PKCS8 format
 * @return builder
 */
public Builder clientCertificate(File certificate, File key) {
    if (sslContextBuilder == null) {
        sslContextBuilder = SslContextBuilder.forClient();
        channelBuilder.useTransportSecurity();
    }
    sslContextBuilder = sslContextBuilder.keyManager(certificate, key);
    return this;
}
 
Example #16
Source File: ModelServerTest.java    From multi-model-server with Apache License 2.0 5 votes vote down vote up
private Channel connect(boolean management) {
    Logger logger = LoggerFactory.getLogger(ModelServerTest.class);

    final Connector connector = configManager.getListener(management);
    try {
        Bootstrap b = new Bootstrap();
        final SslContext sslCtx =
                SslContextBuilder.forClient()
                        .trustManager(InsecureTrustManagerFactory.INSTANCE)
                        .build();
        b.group(Connector.newEventLoopGroup(1))
                .channel(connector.getClientChannel())
                .option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 10000)
                .handler(
                        new ChannelInitializer<Channel>() {
                            @Override
                            public void initChannel(Channel ch) {
                                ChannelPipeline p = ch.pipeline();
                                if (connector.isSsl()) {
                                    p.addLast(sslCtx.newHandler(ch.alloc()));
                                }
                                p.addLast(new ReadTimeoutHandler(30));
                                p.addLast(new HttpClientCodec());
                                p.addLast(new HttpContentDecompressor());
                                p.addLast(new ChunkedWriteHandler());
                                p.addLast(new HttpObjectAggregator(6553600));
                                p.addLast(new TestHandler());
                            }
                        });

        return b.connect(connector.getSocketAddress()).sync().channel();
    } catch (Throwable t) {
        logger.warn("Connect error.", t);
    }
    return null;
}
 
Example #17
Source File: NettySslFactory.java    From ambry with Apache License 2.0 5 votes vote down vote up
/**
 * @param config the {@link SSLConfig}
 * @return a configured {@link SslContext} object for a server.
 * @throws GeneralSecurityException
 * @throws IOException
 */
private static SslContext getClientSslContext(SSLConfig config) throws GeneralSecurityException, IOException {
  logger.info("Using {} provider for client SslContext", SslContext.defaultClientProvider());
  return SslContextBuilder.forClient()
      .keyManager(getKeyManagerFactory(config))
      .trustManager(getTrustManagerFactory(config))
      .ciphers(getCipherSuites(config))
      .protocols(getEnabledProtocols(config))
      .build();
}
 
Example #18
Source File: HelloWorldTlsServiceTest.java    From quarkus with Apache License 2.0 5 votes vote down vote up
@BeforeEach
public void init() throws SSLException {
    SslContextBuilder builder = GrpcSslContexts.forClient();
    builder.trustManager(new File("src/main/resources/tls/ca.pem"));
    SslContext context = builder.build();

    channel = NettyChannelBuilder.forAddress("localhost", 9000)
            .sslContext(context)
            .build();
}
 
Example #19
Source File: HttpSnoopServer.java    From netty-4.1.22 with Apache License 2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    // Configure SSL.
    final SslContext sslCtx;
    if (SSL) {
        SelfSignedCertificate ssc = new SelfSignedCertificate();
        sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).build();
    } else {
        sslCtx = null;
    }

    // Configure the server.
    EventLoopGroup bossGroup = new NioEventLoopGroup(1);
    EventLoopGroup workerGroup = new NioEventLoopGroup();
    try {
        ServerBootstrap b = new ServerBootstrap();
        b.group(bossGroup, workerGroup)
         .channel(NioServerSocketChannel.class)
         .handler(new LoggingHandler(LogLevel.INFO))
         .childHandler(new HttpSnoopServerInitializer(sslCtx));

        Channel ch = b.bind(PORT).sync().channel();

        System.err.println("Open your web browser and navigate to " +
                (SSL? "https" : "http") + "://127.0.0.1:" + PORT + '/');

        ch.closeFuture().sync();
    } finally {
        bossGroup.shutdownGracefully();
        workerGroup.shutdownGracefully();
    }
}
 
Example #20
Source File: HelloWorldServerTls.java    From grpc-java with Apache License 2.0 5 votes vote down vote up
private SslContextBuilder getSslContextBuilder() {
    SslContextBuilder sslClientContextBuilder = SslContextBuilder.forServer(new File(certChainFilePath),
            new File(privateKeyFilePath));
    if (trustCertCollectionFilePath != null) {
        sslClientContextBuilder.trustManager(new File(trustCertCollectionFilePath));
        sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE);
    }
    return GrpcSslContexts.configure(sslClientContextBuilder);
}
 
Example #21
Source File: GrpcSslContexts.java    From grpc-java with Apache License 2.0 5 votes vote down vote up
/**
 * Set ciphers and APN appropriate for gRPC. Precisely what is set is permitted to change, so if
 * an application requires particular settings it should override the options set here.
 */
@CanIgnoreReturnValue
public static SslContextBuilder configure(SslContextBuilder builder, Provider jdkProvider) {
  ApplicationProtocolConfig apc;
  if (SUN_PROVIDER_NAME.equals(jdkProvider.getName())) {
    // Jetty ALPN/NPN only supports one of NPN or ALPN
    if (JettyTlsUtil.isJettyAlpnConfigured()) {
      apc = ALPN;
    } else if (JettyTlsUtil.isJettyNpnConfigured()) {
      apc = NPN;
    } else if (JettyTlsUtil.isJava9AlpnAvailable()) {
      apc = ALPN;
    } else {
      throw new IllegalArgumentException(
          SUN_PROVIDER_NAME + " selected, but Java 9+ and Jetty NPN/ALPN unavailable");
    }
  } else if (ConscryptLoader.isConscrypt(jdkProvider)) {
    apc = ALPN;
  } else {
    throw new IllegalArgumentException("Unknown provider; can't configure: " + jdkProvider);
  }
  return builder
      .sslProvider(SslProvider.JDK)
      .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
      .applicationProtocolConfig(apc)
      .sslContextProvider(jdkProvider);
}
 
Example #22
Source File: EchoClient.java    From blog with BSD 2-Clause "Simplified" License 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    // Configure SSL.git
    final SslContext sslCtx;
    if (SSL) {
        sslCtx = SslContextBuilder.forClient()
            .trustManager(InsecureTrustManagerFactory.INSTANCE).build();
    } else {
        sslCtx = null;
    }

    // Configure the client.
    EventLoopGroup group = new NioEventLoopGroup();
    try {
        Bootstrap b = new Bootstrap();
        b.group(group)
         .channel(NioSocketChannel.class)
         .option(ChannelOption.TCP_NODELAY, true)
         .handler(new ChannelInitializer<SocketChannel>() {
             @Override
             public void initChannel(SocketChannel ch) throws Exception {
                 ChannelPipeline p = ch.pipeline();
                 if (sslCtx != null) {
                     p.addLast(sslCtx.newHandler(ch.alloc(), HOST, PORT));
                 }
                 //p.addLast(new LoggingHandler(LogLevel.INFO));
                 p.addLast(new EchoClientHandler());
             }
         });

        // Start the client.
        ChannelFuture f = b.connect(HOST, PORT).sync();

        // Wait until the connection is closed.
        f.channel().closeFuture().sync();
    } finally {
        // Shut down the event loop to terminate all threads.
        group.shutdownGracefully();
    }
}
 
Example #23
Source File: Http2ConnectionInfoTests.java    From reactor-netty with Apache License 2.0 5 votes vote down vote up
@Override
protected HttpServer customizeServerOptions(HttpServer httpServer) {
	try {
		SslContext ctx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).build();
		return httpServer.protocol(HttpProtocol.H2)
		                 .secure(ssl -> ssl.sslContext(ctx));
	}
	catch (SSLException e) {
		throw new RuntimeException(e);
	}
}
 
Example #24
Source File: SslClientInitializer.java    From nomulus with Apache License 2.0 5 votes vote down vote up
@Override
protected void initChannel(C channel) throws Exception {
  checkNotNull(hostProvider.apply(channel), "Cannot obtain SSL host for channel: %s", channel);
  checkNotNull(portProvider.apply(channel), "Cannot obtain SSL port for channel: %s", channel);

  SslContextBuilder sslContextBuilder =
      SslContextBuilder.forClient()
          .sslProvider(sslProvider)
          .trustManager(
              trustedCertificates == null || trustedCertificates.isEmpty()
                  ? null
                  : trustedCertificates.toArray(new X509Certificate[0]));

  if (privateKeySupplier != null && certificateChainSupplier != null) {
    sslContextBuilder.keyManager(
        privateKeySupplier.get(), certificateChainSupplier.get().toArray(new X509Certificate[0]));
  }

  SslHandler sslHandler =
      sslContextBuilder
          .build()
          .newHandler(channel.alloc(), hostProvider.apply(channel), portProvider.apply(channel));

  // Enable hostname verification.
  SSLEngine sslEngine = sslHandler.engine();
  SSLParameters sslParameters = sslEngine.getSSLParameters();
  sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
  sslEngine.setSSLParameters(sslParameters);

  channel.pipeline().addLast(sslHandler);
}
 
Example #25
Source File: ZalySSLContext.java    From openzaly with Apache License 2.0 5 votes vote down vote up
public static SslContext getSSLContext() {
	try {
		if (sslContext == null) {
			sslContext = SslContextBuilder.forClient().trustManager(ZalyTrustManagerFactory.INSTANCE).build();
		}
	} catch (Exception e) {
		throw new Error("Failed to initialize platform SSLContext", e);
	}

	return sslContext;
}
 
Example #26
Source File: TcpSecureMetricsTests.java    From reactor-netty with Apache License 2.0 5 votes vote down vote up
@Override
protected TcpClient customizeClientOptions(TcpClient tcpClient) {
	try {
		SslContext ctx = SslContextBuilder.forClient()
		                                  .trustManager(InsecureTrustManagerFactory.INSTANCE)
		                                  .sslProvider(SslProvider.JDK)
		                                  .build();
		return tcpClient.secure(ssl -> ssl.sslContext(ctx)).wiretap(true);
	}
	catch (SSLException e) {
		throw new RuntimeException(e);
	}
}
 
Example #27
Source File: TcpSecureMetricsTests.java    From reactor-netty with Apache License 2.0 5 votes vote down vote up
@Override
protected TcpServer customizeServerOptions(TcpServer tcpServer) {
	try {
		SslContext ctx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
		                                  .sslProvider(SslProvider.JDK)
		                                  .build();
		return tcpServer.secure(ssl -> ssl.sslContext(ctx)).wiretap(true);
	}
	catch (SSLException e) {
		throw new RuntimeException(e);
	}
}
 
Example #28
Source File: GrpcEngine.java    From saluki with Apache License 2.0 5 votes vote down vote up
private SslContext buildServerSslContext() {
  try {
    InputStream certs = SslUtil.loadInputStreamCert("server.pem");
    InputStream keys = SslUtil.loadInputStreamCert("server_pkcs8.key");
    return GrpcSslContexts.configure(SslContextBuilder.forServer(certs, keys)).build();
  } catch (SSLException e) {
    throw new RpcFrameworkException(e);
  }
}
 
Example #29
Source File: WebSocketClientIT.java    From timely with Apache License 2.0 5 votes vote down vote up
private void setupSslCtx() throws Exception {
    Assert.assertNotNull(clientTrustStoreFile);
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertTrue(ctx.isClient());
    Assert.assertTrue(ctx instanceof JdkSslContext);
    JdkSslContext jdk = (JdkSslContext) ctx;
    sslCtx = jdk.context();
}
 
Example #30
Source File: HelloWorldMutualTlsServiceTest.java    From quarkus with Apache License 2.0 5 votes vote down vote up
@BeforeEach
public void init() throws SSLException {
    SslContextBuilder builder = GrpcSslContexts.forClient();
    builder.trustManager(new File("src/main/resources/tls/ca.pem"));
    builder.keyManager(new File("src/main/resources/tls/client.pem"),
            new File("src/main/resources/tls/client.key"));
    SslContext context = builder.build();

    channel = NettyChannelBuilder.forAddress("localhost", 9000)
            .sslContext(context)
            .build();
}