List of usage examples for io.netty.handler.ssl SslContext defaultClientProvider
public static SslProvider defaultClientProvider()
From source file:com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.java
License:Apache License
@Inject public DefaultSearchGuardKeyStore(final Settings settings) { super();/*www . java2 s .co m*/ this.settings = settings; httpSSLEnabled = settings.getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED, SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED_DEFAULT); transportSSLEnabled = settings.getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED, SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED_DEFAULT); final boolean useOpenSSLForHttpIfAvailable = settings .getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, true); final boolean useOpenSSLForTransportIfAvailable = settings .getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE, true); if (httpSSLEnabled && useOpenSSLForHttpIfAvailable) { sslHTTPProvider = SslContext.defaultServerProvider(); logOpenSSLInfos(); } else if (httpSSLEnabled) { sslHTTPProvider = SslProvider.JDK; } else { sslHTTPProvider = null; } if (transportSSLEnabled && useOpenSSLForTransportIfAvailable) { sslTransportClientProvider = SslContext.defaultClientProvider(); sslTransportServerProvider = SslContext.defaultServerProvider(); logOpenSSLInfos(); } else if (transportSSLEnabled) { sslTransportClientProvider = sslTransportServerProvider = SslProvider.JDK; } else { sslTransportClientProvider = sslTransportServerProvider = null; } log.info("java.version: {}", System.getProperty("java.version")); log.info("java.vendor: {}", System.getProperty("java.vendor")); log.info("java.vm.specification.version: {}", System.getProperty("java.vm.specification.version")); log.info("java.vm.specification.vendor: {}", System.getProperty("java.vm.specification.vendor")); log.info("java.vm.specification.name: {}", System.getProperty("java.vm.specification.name")); log.info("java.vm.name: {}", System.getProperty("java.vm.name")); log.info("java.vm.vendor: {}", System.getProperty("java.vm.vendor")); log.info("java.specification.version: {}", System.getProperty("java.specification.version")); log.info("java.specification.vendor: {}", System.getProperty("java.specification.vendor")); log.info("java.specification.name: {}", System.getProperty("java.specification.name")); log.info("os.name: {}", System.getProperty("os.name")); log.info("os.arch: {}", System.getProperty("os.arch")); log.info("os.version: {}", System.getProperty("os.version")); initEnabledSSLCiphers(); initSSLConfig(); printJCEWarnings(); log.info("sslTransportClientProvider:{} with ciphers {}", sslTransportClientProvider, getEnabledSSLCiphers(sslTransportClientProvider, false)); log.info("sslTransportServerProvider:{} with ciphers {}", sslTransportServerProvider, getEnabledSSLCiphers(sslTransportServerProvider, false)); log.info("sslHTTPProvider:{} with ciphers {}", sslHTTPProvider, getEnabledSSLCiphers(sslHTTPProvider, true)); log.info("sslTransport protocols {}", Arrays.asList(SSLConfigConstants.getSecureSSLProtocols(settings, false))); log.info("sslHTTP protocols {}", Arrays.asList(SSLConfigConstants.getSecureSSLProtocols(settings, true))); if (transportSSLEnabled && (getEnabledSSLCiphers(sslTransportClientProvider, false).isEmpty() || getEnabledSSLCiphers(sslTransportServerProvider, false).isEmpty())) { throw new ElasticsearchSecurityException("no valid cipher suites for transport protocol"); } if (httpSSLEnabled && getEnabledSSLCiphers(sslHTTPProvider, true).isEmpty()) { throw new ElasticsearchSecurityException("no valid cipher suites for http"); } if (transportSSLEnabled && SSLConfigConstants.getSecureSSLProtocols(settings, false).length == 0) { throw new ElasticsearchSecurityException("no ssl protocols for transport protocol"); } if (httpSSLEnabled && SSLConfigConstants.getSecureSSLProtocols(settings, true).length == 0) { throw new ElasticsearchSecurityException("no ssl protocols for http"); } }
From source file:com.floragunn.searchguard.ssl.SearchGuardKeyStore.java
License:Apache License
@Inject public SearchGuardKeyStore(final Settings settings) { super();/*from w w w.j a va 2 s . c o m*/ this.settings = settings; httpSSLEnabled = settings.getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED, SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED_DEFAULT); transportSSLEnabled = settings.getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED, SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED_DEFAULT); final boolean useOpenSSLForHttpIfAvailable = settings .getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, true); final boolean useOpenSSLForTransportIfAvailable = settings .getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE, true); if (httpSSLEnabled && useOpenSSLForHttpIfAvailable) { sslHTTPProvider = SslContext.defaultServerProvider(); logOpenSSLInfos(); } else if (httpSSLEnabled) { sslHTTPProvider = SslProvider.JDK; } else { sslHTTPProvider = null; } if (transportSSLEnabled && useOpenSSLForTransportIfAvailable) { sslTransportClientProvider = SslContext.defaultClientProvider(); sslTransportServerProvider = SslContext.defaultServerProvider(); logOpenSSLInfos(); } else if (transportSSLEnabled) { sslTransportClientProvider = sslTransportServerProvider = SslProvider.JDK; } else { sslTransportClientProvider = sslTransportServerProvider = null; } initEnabledSSLCiphers(); initSSLConfig(); printJCEWarnings(); log.info("sslTransportClientProvider:{} with ciphers {}", sslTransportClientProvider, getEnabledSSLCiphers(sslTransportClientProvider, false)); log.info("sslTransportServerProvider:{} with ciphers {}", sslTransportServerProvider, getEnabledSSLCiphers(sslTransportServerProvider, false)); log.info("sslHTTPProvider:{} with ciphers {}", sslHTTPProvider, getEnabledSSLCiphers(sslHTTPProvider, true)); log.info("sslTransport protocols {}", Arrays.asList(SSLConfigConstants.getSecureSSLProtocols(settings, false))); log.info("sslHTTP protocols {}", Arrays.asList(SSLConfigConstants.getSecureSSLProtocols(settings, true))); if (transportSSLEnabled && (getEnabledSSLCiphers(sslTransportClientProvider, false).isEmpty() || getEnabledSSLCiphers(sslTransportServerProvider, false).isEmpty())) { throw new ElasticsearchSecurityException("no valid cipher suites for transport protocol"); } if (httpSSLEnabled && getEnabledSSLCiphers(sslHTTPProvider, true).isEmpty()) { throw new ElasticsearchSecurityException("no valid cipher suites for http"); } if (transportSSLEnabled && SSLConfigConstants.getSecureSSLProtocols(settings, false).length == 0) { throw new ElasticsearchSecurityException("no ssl protocols for transport protocol"); } if (httpSSLEnabled && SSLConfigConstants.getSecureSSLProtocols(settings, true).length == 0) { throw new ElasticsearchSecurityException("no ssl protocols for http"); } }
From source file:com.github.ambry.rest.NettySslFactory.java
License:Open Source License
/** * @param config the {@link SSLConfig}// w ww. j av a 2 s .c o m * @return a configured {@link SslContext} object for a server. * @throws GeneralSecurityException * @throws IOException */ private static SslContext getClientSslContext(SSLConfig config) throws GeneralSecurityException, IOException { logger.info("Using {} provider for client SslContext", SslContext.defaultClientProvider()); return SslContextBuilder.forClient().keyManager(getKeyManagerFactory(config)) .trustManager(getTrustManagerFactory(config)).ciphers(getCipherSuites(config)) .protocols(getEnabledProtocols(config)).build(); }