List of usage examples for io.netty.handler.ssl SslContext defaultServerProvider
public static SslProvider defaultServerProvider()
From source file:com.chiorichan.http.ssl.SniNegotiator.java
License:Mozilla Public License
@Override protected void decode(ChannelHandlerContext ctx, ByteBuf in, List<Object> out) throws Exception { if (!handshaken && in.readableBytes() >= 5) { String hostname = sniHostNameFromHandshakeInfo(in); if (hostname != null) hostname = IDN.toASCII(hostname, IDN.ALLOW_UNASSIGNED).toLowerCase(Locale.US); this.hostname = hostname; selectedContext = SslManager.instance().map(hostname); if (handshaken) { SSLEngine engine = selectedContext.newEngine(ctx.alloc()); List<String> supportedCipherSuites = Arrays.asList(engine.getSupportedCipherSuites()); if (!supportedCipherSuites.containsAll(enabledCipherSuites)) for (String cipher : enabledCipherSuites) if (!supportedCipherSuites.contains(cipher)) { NetworkManager.getLogger() .severe(String.format( "The SSL/TLS cipher suite '%s' is not supported by SSL Provider %s", cipher, SslContext.defaultServerProvider().name())); enabledCipherSuites.remove(cipher); }//from w w w.j av a 2 s . co m engine.setUseClientMode(false); engine.setEnabledCipherSuites(enabledCipherSuites.toArray(new String[0])); ctx.pipeline().replace(this, ctx.name(), new SslExceptionHandler(engine)); } } }
From source file:com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.java
License:Apache License
@Inject public DefaultSearchGuardKeyStore(final Settings settings) { super();//from w w w . j a v a2 s.c om this.settings = settings; httpSSLEnabled = settings.getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED, SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED_DEFAULT); transportSSLEnabled = settings.getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED, SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED_DEFAULT); final boolean useOpenSSLForHttpIfAvailable = settings .getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, true); final boolean useOpenSSLForTransportIfAvailable = settings .getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE, true); if (httpSSLEnabled && useOpenSSLForHttpIfAvailable) { sslHTTPProvider = SslContext.defaultServerProvider(); logOpenSSLInfos(); } else if (httpSSLEnabled) { sslHTTPProvider = SslProvider.JDK; } else { sslHTTPProvider = null; } if (transportSSLEnabled && useOpenSSLForTransportIfAvailable) { sslTransportClientProvider = SslContext.defaultClientProvider(); sslTransportServerProvider = SslContext.defaultServerProvider(); logOpenSSLInfos(); } else if (transportSSLEnabled) { sslTransportClientProvider = sslTransportServerProvider = SslProvider.JDK; } else { sslTransportClientProvider = sslTransportServerProvider = null; } log.info("java.version: {}", System.getProperty("java.version")); log.info("java.vendor: {}", System.getProperty("java.vendor")); log.info("java.vm.specification.version: {}", System.getProperty("java.vm.specification.version")); log.info("java.vm.specification.vendor: {}", System.getProperty("java.vm.specification.vendor")); log.info("java.vm.specification.name: {}", System.getProperty("java.vm.specification.name")); log.info("java.vm.name: {}", System.getProperty("java.vm.name")); log.info("java.vm.vendor: {}", System.getProperty("java.vm.vendor")); log.info("java.specification.version: {}", System.getProperty("java.specification.version")); log.info("java.specification.vendor: {}", System.getProperty("java.specification.vendor")); log.info("java.specification.name: {}", System.getProperty("java.specification.name")); log.info("os.name: {}", System.getProperty("os.name")); log.info("os.arch: {}", System.getProperty("os.arch")); log.info("os.version: {}", System.getProperty("os.version")); initEnabledSSLCiphers(); initSSLConfig(); printJCEWarnings(); log.info("sslTransportClientProvider:{} with ciphers {}", sslTransportClientProvider, getEnabledSSLCiphers(sslTransportClientProvider, false)); log.info("sslTransportServerProvider:{} with ciphers {}", sslTransportServerProvider, getEnabledSSLCiphers(sslTransportServerProvider, false)); log.info("sslHTTPProvider:{} with ciphers {}", sslHTTPProvider, getEnabledSSLCiphers(sslHTTPProvider, true)); log.info("sslTransport protocols {}", Arrays.asList(SSLConfigConstants.getSecureSSLProtocols(settings, false))); log.info("sslHTTP protocols {}", Arrays.asList(SSLConfigConstants.getSecureSSLProtocols(settings, true))); if (transportSSLEnabled && (getEnabledSSLCiphers(sslTransportClientProvider, false).isEmpty() || getEnabledSSLCiphers(sslTransportServerProvider, false).isEmpty())) { throw new ElasticsearchSecurityException("no valid cipher suites for transport protocol"); } if (httpSSLEnabled && getEnabledSSLCiphers(sslHTTPProvider, true).isEmpty()) { throw new ElasticsearchSecurityException("no valid cipher suites for http"); } if (transportSSLEnabled && SSLConfigConstants.getSecureSSLProtocols(settings, false).length == 0) { throw new ElasticsearchSecurityException("no ssl protocols for transport protocol"); } if (httpSSLEnabled && SSLConfigConstants.getSecureSSLProtocols(settings, true).length == 0) { throw new ElasticsearchSecurityException("no ssl protocols for http"); } }
From source file:com.floragunn.searchguard.ssl.SearchGuardKeyStore.java
License:Apache License
@Inject public SearchGuardKeyStore(final Settings settings) { super();/*from w w w . java 2 s .co m*/ this.settings = settings; httpSSLEnabled = settings.getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED, SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED_DEFAULT); transportSSLEnabled = settings.getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED, SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED_DEFAULT); final boolean useOpenSSLForHttpIfAvailable = settings .getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, true); final boolean useOpenSSLForTransportIfAvailable = settings .getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE, true); if (httpSSLEnabled && useOpenSSLForHttpIfAvailable) { sslHTTPProvider = SslContext.defaultServerProvider(); logOpenSSLInfos(); } else if (httpSSLEnabled) { sslHTTPProvider = SslProvider.JDK; } else { sslHTTPProvider = null; } if (transportSSLEnabled && useOpenSSLForTransportIfAvailable) { sslTransportClientProvider = SslContext.defaultClientProvider(); sslTransportServerProvider = SslContext.defaultServerProvider(); logOpenSSLInfos(); } else if (transportSSLEnabled) { sslTransportClientProvider = sslTransportServerProvider = SslProvider.JDK; } else { sslTransportClientProvider = sslTransportServerProvider = null; } initEnabledSSLCiphers(); initSSLConfig(); printJCEWarnings(); log.info("sslTransportClientProvider:{} with ciphers {}", sslTransportClientProvider, getEnabledSSLCiphers(sslTransportClientProvider, false)); log.info("sslTransportServerProvider:{} with ciphers {}", sslTransportServerProvider, getEnabledSSLCiphers(sslTransportServerProvider, false)); log.info("sslHTTPProvider:{} with ciphers {}", sslHTTPProvider, getEnabledSSLCiphers(sslHTTPProvider, true)); log.info("sslTransport protocols {}", Arrays.asList(SSLConfigConstants.getSecureSSLProtocols(settings, false))); log.info("sslHTTP protocols {}", Arrays.asList(SSLConfigConstants.getSecureSSLProtocols(settings, true))); if (transportSSLEnabled && (getEnabledSSLCiphers(sslTransportClientProvider, false).isEmpty() || getEnabledSSLCiphers(sslTransportServerProvider, false).isEmpty())) { throw new ElasticsearchSecurityException("no valid cipher suites for transport protocol"); } if (httpSSLEnabled && getEnabledSSLCiphers(sslHTTPProvider, true).isEmpty()) { throw new ElasticsearchSecurityException("no valid cipher suites for http"); } if (transportSSLEnabled && SSLConfigConstants.getSecureSSLProtocols(settings, false).length == 0) { throw new ElasticsearchSecurityException("no ssl protocols for transport protocol"); } if (httpSSLEnabled && SSLConfigConstants.getSecureSSLProtocols(settings, true).length == 0) { throw new ElasticsearchSecurityException("no ssl protocols for http"); } }
From source file:com.github.ambry.rest.NettySslFactory.java
License:Open Source License
/** * @param config the {@link SSLConfig}//from w ww. j av a 2 s. c o m * @return a configured {@link SslContext} object for a client. * @throws GeneralSecurityException * @throws IOException */ private static SslContext getServerSslContext(SSLConfig config) throws GeneralSecurityException, IOException { logger.info("Using {} provider for server SslContext", SslContext.defaultServerProvider()); return SslContextBuilder.forServer(getKeyManagerFactory(config)) .trustManager(getTrustManagerFactory(config)).ciphers(getCipherSuites(config)) .protocols(getEnabledProtocols(config)).clientAuth(getClientAuth(config)).build(); }
From source file:net.anyflow.menton.http.WebServerChannelInitializer.java
License:Apache License
@Override protected void initChannel(SocketChannel ch) throws Exception { if ("true".equalsIgnoreCase(Settings.SELF.getProperty("menton.logging.writelogOfNettyLogger"))) { ch.pipeline().addLast("log", new LoggingHandler("menton/server", LogLevel.DEBUG)); }/*w ww . java2 s.c o m*/ if (useSsl) { SslContext sslCtx = SslContextBuilder .forServer(Settings.SELF.certChainFile(), Settings.SELF.privateKeyFile()).build(); logger.debug("SSL Provider : {}", SslContext.defaultServerProvider()); ch.pipeline().addLast(sslCtx.newHandler(ch.alloc())); } ch.pipeline().addLast(HttpServerCodec.class.getName(), new HttpServerCodec()); ch.pipeline().addLast(HttpObjectAggregator.class.getName(), new HttpObjectAggregator(1048576)); ch.pipeline().addLast(HttpContentCompressor.class.getName(), new HttpContentCompressor()); ch.pipeline().addLast(HttpRequestRouter.class.getName(), new HttpRequestRouter()); if (websocketFrameHandlerClass != null) { WebsocketFrameHandler wsfh = websocketFrameHandlerClass.newInstance(); ch.pipeline().addLast(WebSocketServerProtocolHandler.class.getName(), new WebSocketServerProtocolHandler(wsfh.websocketPath(), wsfh.subprotocols(), wsfh.allowExtensions(), wsfh.maxFrameSize())); ch.pipeline().addLast(wsfh); } }