List of usage examples for io.netty.handler.ssl ClientAuth REQUIRE
ClientAuth REQUIRE
To view the source code for io.netty.handler.ssl ClientAuth REQUIRE.
Click Source Link
From source file:org.springframework.boot.web.embedded.netty.SslServerCustomizer.java
License:Apache License
protected SslContextBuilder getContextBuilder() { SslContextBuilder builder = SslContextBuilder .forServer(getKeyManagerFactory(this.ssl, this.sslStoreProvider)) .trustManager(getTrustManagerFactory(this.ssl, this.sslStoreProvider)); if (this.ssl.getEnabledProtocols() != null) { builder.protocols(this.ssl.getEnabledProtocols()); }/* w ww .j a va2 s .c o m*/ if (this.ssl.getCiphers() != null) { builder.ciphers(Arrays.asList(this.ssl.getCiphers())); } if (this.ssl.getClientAuth() == Ssl.ClientAuth.NEED) { builder.clientAuth(ClientAuth.REQUIRE); } else if (this.ssl.getClientAuth() == Ssl.ClientAuth.WANT) { builder.clientAuth(ClientAuth.OPTIONAL); } return builder; }
From source file:org.thingsboard.rule.engine.mqtt.credentials.CertPemClientCredentials.java
License:Apache License
@Override public Optional<SslContext> initSslContext() { try {// w w w . j a v a 2s.c o m Security.addProvider(new BouncyCastleProvider()); return Optional.of(SslContextBuilder.forClient().keyManager(createAndInitKeyManagerFactory()) .trustManager(createAndInitTrustManagerFactory()).clientAuth(ClientAuth.REQUIRE).build()); } catch (Exception e) { log.error("[{}:{}] Creating TLS factory failed!", caCert, cert, e); throw new RuntimeException("Creating TLS factory failed!", e); } }
From source file:org.wso2.carbon.transport.http.netty.common.ssl.SSLHandlerFactory.java
License:Open Source License
/** * This method will provide netty ssl context which supports HTTP2 over TLS using * Application Layer Protocol Negotiation (ALPN) * * @return instance of {@link SslContext} * @throws SSLException if any error occurred during building SSL context. *///from ww w . j a v a 2s . c o m public SslContext createHttp2TLSContext() throws SSLException { // If listener configuration does not include cipher suites , default ciphers required by the HTTP/2 // specification will be added. List<String> ciphers = sslConfig.getCipherSuites() != null && sslConfig.getCipherSuites().length > 0 ? Arrays.asList(sslConfig.getCipherSuites()) : Http2SecurityUtil.CIPHERS; SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; return SslContextBuilder.forServer(this.getKeyManagerFactory()).trustManager(this.getTrustStoreFactory()) .sslProvider(provider).ciphers(ciphers, SupportedCipherSuiteFilter.INSTANCE) .clientAuth(needClientAuth ? ClientAuth.REQUIRE : ClientAuth.NONE) .applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers. ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers. ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)) .build(); }
From source file:ratpack.config.internal.module.ServerConfigDataDeserializer.java
License:Apache License
@Override public ServerConfigData deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException { ObjectCodec codec = jp.getCodec();/* w ww . j av a 2 s .c o m*/ ObjectNode serverNode = jp.readValueAsTree(); ServerConfigData data = new ServerConfigData(baseDirSupplier.get(), address, port, development, publicAddress); if (serverNode.hasNonNull("port")) { data.setPort(parsePort(serverNode.get("port"))); } if (serverNode.hasNonNull("address")) { data.setAddress(toValue(codec, serverNode.get("address"), InetAddress.class)); } if (serverNode.hasNonNull("idleTimeout")) { data.setIdleTimeout(toValue(codec, serverNode.get("idleTimeout"), Duration.class)); } if (serverNode.hasNonNull("development")) { data.setDevelopment(serverNode.get("development").asBoolean(false)); } if (serverNode.hasNonNull("threads")) { data.setThreads(serverNode.get("threads").asInt(ServerConfig.DEFAULT_THREADS)); } if (serverNode.hasNonNull("registerShutdownHook")) { data.setRegisterShutdownHook(serverNode.get("registerShutdownHook").asBoolean(true)); } if (serverNode.hasNonNull("publicAddress")) { data.setPublicAddress(toValue(codec, serverNode.get("publicAddress"), URI.class)); } if (serverNode.hasNonNull("maxContentLength")) { data.setMaxContentLength( serverNode.get("maxContentLength").asInt(ServerConfig.DEFAULT_MAX_CONTENT_LENGTH)); } if (serverNode.hasNonNull("maxChunkSize")) { data.setMaxChunkSize(serverNode.get("maxChunkSize").asInt(ServerConfig.DEFAULT_MAX_CHUNK_SIZE)); } if (serverNode.hasNonNull("maxInitialLineLength")) { data.setMaxInitialLineLength( serverNode.get("maxInitialLineLength").asInt(ServerConfig.DEFAULT_MAX_INITIAL_LINE_LENGTH)); } if (serverNode.hasNonNull("maxHeaderSize")) { data.setMaxHeaderSize(serverNode.get("maxHeaderSize").asInt(ServerConfig.DEFAULT_MAX_HEADER_SIZE)); } if (serverNode.hasNonNull("requireClientSslAuth")) { data.setRequireClientSslAuth(serverNode.get("requireClientSslAuth").asBoolean(false)); } if (serverNode.hasNonNull("ssl")) { data.setSslContext(toValue(codec, serverNode.get("ssl"), SslContext.class)); } else if (serverNode.hasNonNull("jdkSsl")) { SSLContext jdkSslContext = toValue(codec, serverNode.get("jdkSsl"), SSLContext.class); data.setSslContext(new JdkSslContext(jdkSslContext, false, data.isRequireClientSslAuth() ? ClientAuth.REQUIRE : ClientAuth.NONE)); } if (serverNode.hasNonNull("baseDir")) { throw new IllegalStateException( "baseDir value cannot be set via config, it must be set directly via ServerConfigBuilder.baseDir()"); } if (serverNode.hasNonNull("connectTimeoutMillis")) { parseOptionalIntValue("connectTimeoutMillis", serverNode.get("connectTimeoutMillis")) .ifPresent(data::setConnectTimeoutMillis); } if (serverNode.hasNonNull("maxMessagesPerRead")) { parseOptionalIntValue("maxMessagesPerRead", serverNode.get("maxMessagesPerRead")) .ifPresent(data::setMaxMessagesPerRead); } if (serverNode.hasNonNull("receiveBufferSize")) { parseOptionalIntValue("receiveBufferSize", serverNode.get("receiveBufferSize")) .ifPresent(data::setReceiveBufferSize); } if (serverNode.hasNonNull("writeSpinCount")) { parseOptionalIntValue("writeSpinCount", serverNode.get("writeSpinCount")) .ifPresent(data::setWriteSpinCount); } if (serverNode.hasNonNull("connectQueueSize")) { parseOptionalIntValue("connectQueueSize", serverNode.get("connectQueueSize")) .ifPresent(data::setConnectQueueSize); } return data; }
From source file:sample.WebfluxX509ApplicationTest.java
License:Apache License
private WebTestClient createWebTestClientWithClientCertificate() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableEntryException { ClassPathResource serverKeystore = new ClassPathResource("/certs/server.p12"); KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(serverKeystore.getInputStream(), "password".toCharArray()); X509Certificate devCA = (X509Certificate) keyStore.getCertificate("DevCA"); X509Certificate clientCrt = (X509Certificate) keyStore.getCertificate("client"); KeyStore.Entry keyStoreEntry = keyStore.getEntry("client", new KeyStore.PasswordProtection("password".toCharArray())); PrivateKey clientKey = ((KeyStore.PrivateKeyEntry) keyStoreEntry).getPrivateKey(); SslContextBuilder sslContextBuilder = SslContextBuilder.forClient().clientAuth(ClientAuth.REQUIRE) .trustManager(devCA).keyManager(clientKey, clientCrt); HttpClient httpClient = HttpClient.create() .secure(sslContextSpec -> sslContextSpec.sslContext(sslContextBuilder)); ClientHttpConnector httpConnector = new ReactorClientHttpConnector(httpClient); return WebTestClient.bindToServer(httpConnector).baseUrl("https://localhost:" + port).build(); }