List of usage examples for io.netty.handler.ssl ApplicationProtocolConfig selectedListenerFailureBehavior
public SelectedListenerFailureBehavior selectedListenerFailureBehavior()
From source file:com.linecorp.armeria.client.http.HttpClientPipelineConfigurator.java
License:Apache License
HttpClientPipelineConfigurator(SessionProtocol sessionProtocol, SessionOptions options) { switch (sessionProtocol) { case HTTP:// ww w . ja v a2 s . c om case HTTPS: httpPreference = HttpPreference.HTTP2_PREFERRED; break; case H1: case H1C: httpPreference = HttpPreference.HTTP1_REQUIRED; break; case H2: case H2C: httpPreference = HttpPreference.HTTP2_REQUIRED; break; default: // Should never reach here. throw new Error(); } this.options = requireNonNull(options, "options"); if (sessionProtocol.isTls()) { try { final SslContextBuilder builder = SslContextBuilder.forClient(); builder.sslProvider(NativeLibraries.isOpenSslAvailable() ? SslProvider.OPENSSL : SslProvider.JDK); options.trustManagerFactory().ifPresent(builder::trustManager); if (httpPreference == HttpPreference.HTTP2_REQUIRED || httpPreference == HttpPreference.HTTP2_PREFERRED) { builder.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig( new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and // JDK providers. ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK // providers. ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2)); } sslCtx = builder.build(); } catch (SSLException e) { throw new IllegalStateException("failed to create an SslContext", e); } } else { sslCtx = null; } }
From source file:com.linecorp.armeria.client.HttpClientPipelineConfigurator.java
License:Apache License
HttpClientPipelineConfigurator(HttpClientFactory clientFactory, SessionProtocol sessionProtocol) { this.clientFactory = clientFactory; if (sessionProtocol == HTTP || sessionProtocol == HTTPS) { httpPreference = HttpPreference.HTTP2_PREFERRED; } else if (sessionProtocol == H1 || sessionProtocol == H1C) { httpPreference = HttpPreference.HTTP1_REQUIRED; } else if (sessionProtocol == H2 || sessionProtocol == H2C) { httpPreference = HttpPreference.HTTP2_REQUIRED; } else {//from w w w . j a v a2s .c o m // Should never reach here. throw new Error(); } if (sessionProtocol.isTls()) { try { final SslContextBuilder builder = SslContextBuilder.forClient(); builder.sslProvider(Flags.useOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK); clientFactory.sslContextCustomizer().accept(builder); if (httpPreference == HttpPreference.HTTP2_REQUIRED || httpPreference == HttpPreference.HTTP2_PREFERRED) { builder.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig( new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and // JDK providers. ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK // providers. ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2)); } sslCtx = builder.build(); } catch (SSLException e) { throw new IllegalStateException("failed to create an SslContext", e); } } else { sslCtx = null; } }
From source file:com.linecorp.armeria.client.HttpConfigurator.java
License:Apache License
HttpConfigurator(SessionProtocol sessionProtocol, RemoteInvokerOptions options) { switch (sessionProtocol) { case HTTP:/*w w w . j a v a 2 s. c om*/ case HTTPS: httpPreference = HttpPreference.HTTP2_PREFERRED; break; case H1: case H1C: httpPreference = HttpPreference.HTTP1_REQUIRED; break; case H2: case H2C: httpPreference = HttpPreference.HTTP2_REQUIRED; break; default: // Should never reach here. throw new Error(); } this.options = requireNonNull(options, "options"); if (sessionProtocol.isTls()) { try { final SslContextBuilder builder = SslContextBuilder.forClient(); builder.sslProvider(NativeLibraries.isOpenSslAvailable() ? SslProvider.OPENSSL : SslProvider.JDK); options.trustManagerFactory().ifPresent(builder::trustManager); if (httpPreference == HttpPreference.HTTP2_REQUIRED || httpPreference == HttpPreference.HTTP2_PREFERRED) { builder.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig( new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and // JDK providers. ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK // providers. ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2)); } sslCtx = builder.build(); } catch (SSLException e) { throw new IllegalStateException("failed to create a SslContext", e); } } else { sslCtx = null; } }
From source file:com.linkedin.r2.transport.http.client.Http2InitializerHandler.java
License:Apache License
/** * Sets up HTTP/2 over TLS through ALPN (h2) pipeline *//*from www. ja v a 2 s .c o m*/ private void configureHttpsPipeline(ChannelHandlerContext ctx) throws Exception { JdkSslContext context = new JdkSslContext(_sslContext, IS_CLIENT, Arrays.asList(_sslParameters.getCipherSuites()), IdentityCipherSuiteFilter.INSTANCE, new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1), _sslParameters.getNeedClientAuth() ? ClientAuth.REQUIRE : ClientAuth.OPTIONAL); SslHandler sslHandler = context.newHandler(ctx.alloc()); Http2StreamCodec http2Codec = new Http2StreamCodecBuilder().connection(_connection) .maxContentLength(_maxResponseSize).maxHeaderSize(_maxHeaderSize) .gracefulShutdownTimeoutMillis(_gracefulShutdownTimeout).streamingTimeout(_streamingTimeout) .scheduler(_scheduler).build(); Http2AlpnHandler alpnHandler = new Http2AlpnHandler(sslHandler, http2Codec); Http2SchemeHandler schemeHandler = new Http2SchemeHandler(HttpScheme.HTTPS.toString()); Http2StreamResponseHandler responseHandler = new Http2StreamResponseHandler(); Http2ChannelPoolHandler channelPoolHandler = new Http2ChannelPoolHandler(); ctx.pipeline().addBefore(ctx.name(), "alpnHandler", alpnHandler); ctx.pipeline().addBefore(ctx.name(), "schemeHandler", schemeHandler); ctx.pipeline().addBefore(ctx.name(), "responseHandler", responseHandler); ctx.pipeline().addBefore(ctx.name(), "channelHandler", channelPoolHandler); _setupComplete = true; }
From source file:com.turo.pushy.apns.BenchmarkApnsServer.java
License:Open Source License
public BenchmarkApnsServer(final InputStream certificateChainInputStream, final InputStream privateKeyPkcs8InputStream, final NioEventLoopGroup eventLoopGroup) throws SSLException { final SslContext sslContext; {/*from w w w. j a v a 2 s. c om*/ final SslProvider sslProvider; if (OpenSsl.isAvailable()) { if (OpenSsl.isAlpnSupported()) { sslProvider = SslProvider.OPENSSL; } else { sslProvider = SslProvider.JDK; } } else { sslProvider = SslProvider.JDK; } sslContext = SslContextBuilder.forServer(certificateChainInputStream, privateKeyPkcs8InputStream, null) .sslProvider(sslProvider) .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .clientAuth(ClientAuth.OPTIONAL) .applicationProtocolConfig( new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2)) .build(); } this.bootstrap = new ServerBootstrap(); this.bootstrap.group(eventLoopGroup); this.bootstrap.channel(NioServerSocketChannel.class); this.bootstrap.childHandler(new ChannelInitializer<SocketChannel>() { @Override protected void initChannel(final SocketChannel channel) throws Exception { final SslHandler sslHandler = sslContext.newHandler(channel.alloc()); channel.pipeline().addLast(sslHandler); channel.pipeline() .addLast(new ApplicationProtocolNegotiationHandler(ApplicationProtocolNames.HTTP_1_1) { @Override protected void configurePipeline(final ChannelHandlerContext context, final String protocol) throws Exception { if (ApplicationProtocolNames.HTTP_2.equals(protocol)) { context.pipeline().addLast( new BenchmarkApnsServerHandler.BenchmarkApnsServerHandlerBuilder() .initialSettings(new Http2Settings() .maxConcurrentStreams(MAX_CONCURRENT_STREAMS)) .build()); BenchmarkApnsServer.this.allChannels.add(context.channel()); } else { throw new IllegalStateException("Unexpected protocol: " + protocol); } } }); } }); }
From source file:com.turo.pushy.apns.server.BaseHttp2ServerBuilder.java
License:Open Source License
/** * Constructs a new server with the previously-set configuration. * * @return a new server instance with the previously-set configuration * * @throws SSLException if an SSL context could not be created for the new server for any reason * * @since 0.8// w ww . jav a2 s.c om */ public T build() throws SSLException { final SslContext sslContext; { final SslProvider sslProvider; if (OpenSsl.isAvailable()) { log.info("Native SSL provider is available; will use native provider."); sslProvider = SslProvider.OPENSSL; } else { log.info("Native SSL provider not available; will use JDK SSL provider."); sslProvider = SslProvider.JDK; } final SslContextBuilder sslContextBuilder; if (this.certificateChain != null && this.privateKey != null) { sslContextBuilder = SslContextBuilder.forServer(this.privateKey, this.privateKeyPassword, this.certificateChain); } else if (this.certificateChainPemFile != null && this.privateKeyPkcs8File != null) { sslContextBuilder = SslContextBuilder.forServer(this.certificateChainPemFile, this.privateKeyPkcs8File, this.privateKeyPassword); } else if (this.certificateChainInputStream != null && this.privateKeyPkcs8InputStream != null) { sslContextBuilder = SslContextBuilder.forServer(this.certificateChainInputStream, this.privateKeyPkcs8InputStream, this.privateKeyPassword); } else { throw new IllegalStateException("Must specify server credentials before building a mock server."); } sslContextBuilder.sslProvider(sslProvider) .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .clientAuth(ClientAuth.OPTIONAL); if (this.trustedClientCertificatePemFile != null) { sslContextBuilder.trustManager(this.trustedClientCertificatePemFile); } else if (this.trustedClientCertificateInputStream != null) { sslContextBuilder.trustManager(this.trustedClientCertificateInputStream); } else if (this.trustedClientCertificates != null) { sslContextBuilder.trustManager(this.trustedClientCertificates); } if (this.useAlpn) { sslContextBuilder.applicationProtocolConfig( new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2)); } sslContext = sslContextBuilder.build(); } final T server = this.constructServer(sslContext); if (sslContext instanceof ReferenceCounted) { ((ReferenceCounted) sslContext).release(); } return server; }
From source file:com.vmware.xenon.host.XenonHostWithPeerListener.java
License:Open Source License
private int startPeerListener() throws Throwable { if (this.hostArgs.nodeGroupPublicUri == null) { return ServiceHost.PORT_VALUE_LISTENER_DISABLED; }/*w w w. j a v a2s .c o m*/ URI uri = URI.create(this.hostArgs.nodeGroupPublicUri); NettyHttpListener peerListener = new NettyHttpListener(this); boolean isHttps = uri.getScheme().equals("https"); if (isHttps) { SslContextBuilder builder; if (this.hostArgs.peerCertificateFile != null && this.hostArgs.peerKeyFile != null) { builder = SslContextBuilder.forServer(this.hostArgs.peerCertificateFile.toFile(), this.hostArgs.peerKeyFile.toFile(), this.hostArgs.peerKeyPassphrase); } else { builder = SslContextBuilder.forServer(this.hostArgs.certificateFile.toFile(), this.hostArgs.keyFile.toFile(), this.hostArgs.keyPassphrase); } if (OpenSsl.isAlpnSupported()) { builder.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig( new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)); } peerListener.setSSLContext(builder.build()); } peerListener.start(uri.getPort(), uri.getHost()); int assignedPort = peerListener.getPort(); log(Level.INFO, "Started peer listener on %s", UriUtils.buildUri(uri.getScheme(), uri.getHost(), assignedPort, null, null)); return assignedPort; }
From source file:com.vmware.xenon.host.XenonHostWithPeerListenerTest.java
License:Open Source License
private ServiceClient createAllTrustingHttp2ServiceClient() throws Throwable { ServiceClient client = newAllTrustingServiceClient(); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore keyStore = KeyStore.getInstance("PKCS12"); try (InputStream stream = new FileInputStream("../xenon-common/src/test/resources/ssl/client.p12")) { keyStore.load(stream, "changeit".toCharArray()); }/*from w ww. ja v a 2 s .com*/ kmf.init(keyStore, "changeit".toCharArray()); SslContext http2ClientContext = SslContextBuilder.forClient().keyManager(kmf) .trustManager(InsecureTrustManagerFactory.INSTANCE) .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2)) .build(); ((NettyHttpServiceClient) client).setHttp2SslContext(http2ClientContext); client.start(); return client; }
From source file:io.gatling.http.client.impl.DefaultHttpClient.java
License:Apache License
public DefaultHttpClient(HttpClientConfig config) { this.config = config; try {//from w w w .ja va2 s. c o m SslContextBuilder sslContextBuilder = SslContextBuilder.forClient(); if (config.getSslSessionCacheSize() > 0) { sslContextBuilder.sessionCacheSize(config.getSslSessionCacheSize()); } if (config.getSslSessionTimeout() > 0) { sslContextBuilder.sessionTimeout(config.getSslSessionTimeout()); } if (isNonEmpty(config.getEnabledSslProtocols())) { sslContextBuilder.protocols(config.getEnabledSslProtocols()); } if (isNonEmpty(config.getEnabledSslCipherSuites())) { sslContextBuilder.ciphers(Arrays.asList(config.getEnabledSslCipherSuites())); } else if (!config.isFilterInsecureCipherSuites()) { sslContextBuilder.ciphers(null, IdentityCipherSuiteFilter.INSTANCE_DEFAULTING_TO_SUPPORTED_CIPHERS); } sslContextBuilder.sslProvider(config.isUseOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK) .keyManager(config.getKeyManagerFactory()).trustManager(config.getTrustManagerFactory()); this.sslContext = sslContextBuilder.build(); this.alpnSslContext = sslContextBuilder.applicationProtocolConfig( new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers. ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers. ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)) .build(); } catch (SSLException e) { throw new IllegalArgumentException("Impossible to create SslContext", e); } DefaultThreadFactory threadFactory = new DefaultThreadFactory(config.getThreadPoolName()); eventLoopGroup = config.isUseNativeTransport() ? new EpollEventLoopGroup(0, threadFactory) : new NioEventLoopGroup(0, threadFactory); eventLoopPicker = new AffinityEventLoopPicker(eventLoopGroup); channelGroup = new DefaultChannelGroup(eventLoopGroup.next()); }
From source file:io.vertx.core.net.impl.SSLHelper.java
License:Open Source License
private SslContext createContext(VertxInternal vertx) { try {//from w ww.ja va2s. c o m KeyManagerFactory keyMgrFactory = getKeyMgrFactory(vertx); TrustManagerFactory trustMgrFactory = getTrustMgrFactory(vertx); SslContextBuilder builder; if (client) { builder = SslContextBuilder.forClient(); if (keyMgrFactory != null) { builder.keyManager(keyMgrFactory); } } else { if (keyMgrFactory == null) { throw new VertxException("Key/certificate is mandatory for SSL"); } builder = SslContextBuilder.forServer(keyMgrFactory); } Collection<String> cipherSuites = enabledCipherSuites; if (openSsl) { builder.sslProvider(SslProvider.OPENSSL); if (cipherSuites == null || cipherSuites.isEmpty()) { cipherSuites = OpenSsl.availableOpenSslCipherSuites(); } } else { builder.sslProvider(SslProvider.JDK); if (cipherSuites == null || cipherSuites.isEmpty()) { cipherSuites = DEFAULT_JDK_CIPHER_SUITE; } } if (trustMgrFactory != null) { builder.trustManager(trustMgrFactory); } if (cipherSuites != null && cipherSuites.size() > 0) { builder.ciphers(cipherSuites); } if (useAlpn && applicationProtocols != null && applicationProtocols.size() > 0) { builder.applicationProtocolConfig(new ApplicationProtocolConfig( ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, applicationProtocols .stream().map(PROTOCOL_NAME_MAPPING::get).collect(Collectors.toList()))); } return builder.build(); } catch (Exception e) { throw new VertxException(e); } }