List of usage examples for io.netty.handler.ssl SslContextBuilder forServer
boolean forServer
To view the source code for io.netty.handler.ssl SslContextBuilder forServer.
Click Source Link
From source file:http2.server.Http2Server.java
License:Apache License
public static void main(String[] args) throws Exception { System.setProperty("jsse.enableSNIExtension", "true"); // Configure SSL. try {// w w w . j av a 2 s . co m String password = "http2"; if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(null); ks.setKeyEntry("alias", ((KeyPair) getPem(Config.getString("privateKey"))).getPrivate(), password.toCharArray(), new java.security.cert.Certificate[] { (X509Certificate) getPem(Config.getString("certificate")) }); kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, password.toCharArray()); } catch (Exception e) { logger.error("transfer from pem file to pkcs12 failed!", e); } final SslContext sslCtx; if (SSL) { SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; sslCtx = SslContextBuilder.forServer(kmf).sslProvider(provider) /* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification. * Please refer to the HTTP/2 specification for cipher requirements. */ .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig(Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers. SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers. SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)) .build(); } else { sslCtx = null; } // Configure the server. EventLoopGroup group = new NioEventLoopGroup(); try { ServerBootstrap b = new ServerBootstrap(); b.option(ChannelOption.SO_BACKLOG, 1024); b.group(group).channel(NioServerSocketChannel.class).handler(new LoggingHandler(LogLevel.INFO)) .childHandler(new Http2ServerInitializer(sslCtx)); Channel ch = b.bind(PORT).sync().channel(); System.err.println("Open your HTTP/2-enabled web browser and navigate to " + (SSL ? "https" : "http") + "://127.0.0.1:" + PORT + '/'); ch.closeFuture().sync(); } finally { group.shutdownGracefully(); } }
From source file:io.airlift.drift.transport.netty.ssl.ReloadableSslContext.java
License:Apache License
public synchronized void reload() { try {/*from ww w. j ava2 s . co m*/ // every watch must be called each time to update status boolean trustCertificateModified = trustCertificatesFileWatch.updateState(); boolean clientCertificateModified = false; if (clientCertificatesFileWatch.isPresent()) { clientCertificateModified = clientCertificatesFileWatch.get().updateState(); } boolean privateKeyModified = false; if (privateKeyFileWatch.isPresent()) { privateKeyModified = privateKeyFileWatch.get().updateState(); } if (trustCertificateModified || clientCertificateModified || privateKeyModified) { PrivateKey privateKey = null; if (privateKeyFileWatch.isPresent()) { privateKey = loadPrivateKey(privateKeyFileWatch.get().getFile(), privateKeyPassword); } X509Certificate[] certificateChain = null; if (clientCertificatesFileWatch.isPresent()) { certificateChain = readCertificateChain(clientCertificatesFileWatch.get().getFile()) .toArray(new X509Certificate[0]); } SslContextBuilder sslContextBuilder; if (forClient) { sslContextBuilder = SslContextBuilder.forClient().keyManager(privateKey, certificateChain); } else { sslContextBuilder = SslContextBuilder.forServer(privateKey, certificateChain); } X509Certificate[] trustChain = readCertificateChain(trustCertificatesFileWatch.getFile()) .toArray(new X509Certificate[0]); sslContextBuilder.trustManager(trustChain).sessionCacheSize(sessionCacheSize) .sessionTimeout(sessionTimeout.roundTo(SECONDS)); if (!ciphers.isEmpty()) { sslContextBuilder.ciphers(ciphers); } sslContext.set(new SslContextHolder(sslContextBuilder.build())); } } catch (GeneralSecurityException e) { sslContext.set(new SslContextHolder(new UncheckedIOException(new IOException(e)))); } catch (IOException e) { sslContext.set(new SslContextHolder(new UncheckedIOException(e))); } }
From source file:io.crate.auth.HostBasedAuthenticationTest.java
@Before private void setUpTest() throws Exception { SelfSignedCertificate ssc = new SelfSignedCertificate(); SslHandler sslHandler = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .trustManager(InsecureTrustManagerFactory.INSTANCE).startTls(false).build() .newHandler(ByteBufAllocator.DEFAULT); sslSession = sslHandler.engine().getSession(); }
From source file:io.crate.operation.auth.HostBasedAuthenticationTest.java
@Before private void setUpTest() throws Exception { Settings settings = Settings.builder().put(AuthSettings.AUTH_HOST_BASED_ENABLED_SETTING.getKey(), true) .build();//from w ww. ja v a 2 s .c o m authService = new HostBasedAuthentication(settings, null); SelfSignedCertificate ssc = new SelfSignedCertificate(); SslHandler sslHandler = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .trustManager(InsecureTrustManagerFactory.INSTANCE).startTls(false).build() .newHandler(ByteBufAllocator.DEFAULT); sslSession = sslHandler.engine().getSession(); }
From source file:io.crate.protocols.postgres.SslReqHandlerTest.java
/** * Uses a simple (and insecure) self-signed certificate. */// w w w .ja va 2s. c o m private static SslContext getSelfSignedSslContext() { try { SelfSignedCertificate ssc = new SelfSignedCertificate(); return SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .trustManager(InsecureTrustManagerFactory.INSTANCE).startTls(false).build(); } catch (Exception e) { throw new RuntimeException("Couldn't setup self signed certificate", e); } }
From source file:io.crate.protocols.ssl.SslConfiguration.java
public static SslContext buildSslContext(Settings settings) { try {//from ww w.jav a 2s . c o m KeyStoreSettings keyStoreSettings = new KeyStoreSettings(settings); Optional<TrustStoreSettings> trustStoreSettings = TrustStoreSettings.tryLoad(settings); TrustManager[] trustManagers = null; if (trustStoreSettings.isPresent()) { trustManagers = trustStoreSettings.get().trustManagers; } // Use the newest SSL standard which is (at the time of writing) TLSv1.2 // If we just specify "TLS" here, it depends on the JVM implementation which version we'll get. SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); sslContext.init(keyStoreSettings.keyManagers, trustManagers, null); SSLContext.setDefault(sslContext); List<String> enabledCiphers = Arrays.asList(sslContext.createSSLEngine().getEnabledCipherSuites()); final X509Certificate[] keystoreCerts = keyStoreSettings.exportServerCertChain(); final PrivateKey privateKey = keyStoreSettings.exportDecryptedKey(); X509Certificate[] trustedCertificates = keyStoreSettings.exportRootCertificates(); if (trustStoreSettings.isPresent()) { trustedCertificates = trustStoreSettings.get().exportRootCertificates(trustedCertificates); } final SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(privateKey, keystoreCerts) .ciphers(enabledCiphers).applicationProtocolConfig(ApplicationProtocolConfig.DISABLED) .clientAuth(ClientAuth.OPTIONAL).sessionCacheSize(0).sessionTimeout(0).startTls(false) .sslProvider(SslProvider.JDK); if (trustedCertificates != null && trustedCertificates.length > 0) { sslContextBuilder.trustManager(trustedCertificates); } return sslContextBuilder.build(); } catch (SslConfigurationException e) { throw e; } catch (Exception e) { throw new SslConfigurationException("Failed to build SSL configuration", e); } }
From source file:io.fouad.jtb.webhook.WebhookServer.java
License:Open Source License
/** * Generates a self-signed SSL certificate to be used by Telegram server * to connect to your server over secure HTTPS connection. * /*www. java 2 s .co m*/ * @throws CertificateException this exception indicates one of a variety of certificate problems * @throws SSLException this exception occurs if building the certificate fails */ public void useGeneratedSelfSignedSslCertificate() throws CertificateException, SSLException { SelfSignedCertificate ssc = new SelfSignedCertificate(hostname); certificate = ssc.certificate(); sslCtx = SslContextBuilder.forServer(certificate, ssc.privateKey()).build(); }
From source file:io.grpc.examples.helloworldtls.HelloWorldServerTls.java
License:Apache License
private SslContextBuilder getSslContextBuilder() { SslContextBuilder sslClientContextBuilder = SslContextBuilder.forServer(new File(certChainFilePath), new File(privateKeyFilePath)); if (trustCertCollectionFilePath != null) { sslClientContextBuilder.trustManager(new File(trustCertCollectionFilePath)); sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE); }// ww w . j av a 2s . c om return GrpcSslContexts.configure(sslClientContextBuilder); }
From source file:io.grpc.netty.GrpcSslContexts.java
License:Apache License
/** * Creates an SslContextBuilder with ciphers and APN appropriate for gRPC. * * @see SslContextBuilder#forServer(File, File) * @see #configure(SslContextBuilder)/*from w ww . j a va 2s . c o m*/ */ public static SslContextBuilder forServer(File keyCertChainFile, File keyFile) { return configure(SslContextBuilder.forServer(keyCertChainFile, keyFile)); }
From source file:io.grpc.netty.GrpcSslContexts.java
License:Apache License
/** * Creates an SslContextBuilder with ciphers and APN appropriate for gRPC. * * @see SslContextBuilder#forServer(File, File, String) * @see #configure(SslContextBuilder)//from w ww.j av a 2 s.c om */ public static SslContextBuilder forServer(File keyCertChainFile, File keyFile, String keyPassword) { return configure(SslContextBuilder.forServer(keyCertChainFile, keyFile, keyPassword)); }