List of usage examples for io.netty.handler.ssl SslContextBuilder sslProvider
public SslContextBuilder sslProvider(SslProvider provider)
From source file:io.grpc.netty.GrpcSslContexts.java
License:Apache License
/** * Set ciphers and APN appropriate for gRPC. Precisely what is set is permitted to change, so if * an application requires particular settings it should override the options set here. *//*from w ww .j av a 2s . c o m*/ @ExperimentalApi("https://github.com/grpc/grpc-java/issues/1784") @CanIgnoreReturnValue public static SslContextBuilder configure(SslContextBuilder builder, SslProvider provider) { switch (provider) { case JDK: { Provider jdkProvider = findJdkProvider(); if (jdkProvider == null) { throw new IllegalArgumentException( "Could not find Jetty NPN/ALPN or Conscrypt as installed JDK providers"); } return configure(builder, jdkProvider); } case OPENSSL: { ApplicationProtocolConfig apc; if (OpenSsl.isAlpnSupported()) { apc = NPN_AND_ALPN; } else { apc = NPN; } return builder.sslProvider(SslProvider.OPENSSL) .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(apc); } default: throw new IllegalArgumentException("Unsupported provider: " + provider); } }
From source file:io.grpc.netty.GrpcSslContexts.java
License:Apache License
/** * Set ciphers and APN appropriate for gRPC. Precisely what is set is permitted to change, so if * an application requires particular settings it should override the options set here. *//* www . ja v a 2s . co m*/ @CanIgnoreReturnValue public static SslContextBuilder configure(SslContextBuilder builder, Provider jdkProvider) { ApplicationProtocolConfig apc; if (SUN_PROVIDER_NAME.equals(jdkProvider.getName())) { // Jetty ALPN/NPN only supports one of NPN or ALPN if (JettyTlsUtil.isJettyAlpnConfigured()) { apc = ALPN; } else if (JettyTlsUtil.isJettyNpnConfigured()) { apc = NPN; } else if (JettyTlsUtil.isJava9AlpnAvailable()) { apc = ALPN; } else { throw new IllegalArgumentException(SUN_PROVIDER_NAME + " selected, but Jetty NPN/ALPN unavailable"); } } else if (isConscrypt(jdkProvider)) { apc = ALPN; } else { throw new IllegalArgumentException("Unknown provider; can't configure: " + jdkProvider); } return builder.sslProvider(SslProvider.JDK) .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(apc).sslContextProvider(jdkProvider); }
From source file:io.opendevice.sonoff.SonOffServerConnection.java
License:Open Source License
private SslContext generateSSLContext() { // File certFile = config.getFile("sonoff.ssl.certificateFile"); // if(cert == null) throw new IllegalArgumentException("Certificate not found (check sonoff.ssl.certificateFile) !"); // File key = config.getFile("sonoff.ssl.certificateKey"); // if(key == null) throw new IllegalArgumentException("Certificate key must be provided (check sonoff.ssl.certificateKey) !"); OpenDeviceConfig config = ODev.getConfig(); InputStream cert = null;/*from w w w . j a va 2s. c o m*/ InputStream key = null; try { File certFile = config.getFile("sonoff.ssl.certificateFile"); if (certFile != null) { cert = new FileInputStream(certFile); } else { log.info("Using self-signed embedded certificate ..."); cert = getClass().getClassLoader().getResourceAsStream("ssl/cert.pem"); } File keyFile = config.getFile("sonoff.ssl.certificateKey"); if (keyFile != null) { key = new FileInputStream(keyFile); } else { key = getClass().getClassLoader().getResourceAsStream("ssl/key.pem"); } } catch (FileNotFoundException e) { e.printStackTrace(); } try { SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(cert, key); sslContextBuilder.sslProvider(SslProvider.JDK); SslContext sslContext = sslContextBuilder.build(); return sslContext; } catch (SSLException e) { e.printStackTrace(); } return null; }
From source file:io.vertx.core.net.impl.SSLHelper.java
License:Open Source License
private SslContext createContext(VertxInternal vertx) { try {/*from w w w .ja va2s . co m*/ KeyManagerFactory keyMgrFactory = getKeyMgrFactory(vertx); TrustManagerFactory trustMgrFactory = getTrustMgrFactory(vertx); SslContextBuilder builder; if (client) { builder = SslContextBuilder.forClient(); if (keyMgrFactory != null) { builder.keyManager(keyMgrFactory); } } else { if (keyMgrFactory == null) { throw new VertxException("Key/certificate is mandatory for SSL"); } builder = SslContextBuilder.forServer(keyMgrFactory); } Collection<String> cipherSuites = enabledCipherSuites; if (openSsl) { builder.sslProvider(SslProvider.OPENSSL); if (cipherSuites == null || cipherSuites.isEmpty()) { cipherSuites = OpenSsl.availableOpenSslCipherSuites(); } } else { builder.sslProvider(SslProvider.JDK); if (cipherSuites == null || cipherSuites.isEmpty()) { cipherSuites = DEFAULT_JDK_CIPHER_SUITE; } } if (trustMgrFactory != null) { builder.trustManager(trustMgrFactory); } if (cipherSuites != null && cipherSuites.size() > 0) { builder.ciphers(cipherSuites); } if (useAlpn && applicationProtocols != null && applicationProtocols.size() > 0) { builder.applicationProtocolConfig(new ApplicationProtocolConfig( ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, applicationProtocols .stream().map(PROTOCOL_NAME_MAPPING::get).collect(Collectors.toList()))); } return builder.build(); } catch (Exception e) { throw new VertxException(e); } }
From source file:org.apache.tinkerpop.gremlin.driver.Cluster.java
License:Apache License
SslContext createSSLContext() throws Exception { // if the context is provided then just use that and ignore the other settings if (manager.sslContextOptional.isPresent()) return manager.sslContextOptional.get(); final SslProvider provider = SslProvider.JDK; final Settings.ConnectionPoolSettings connectionPoolSettings = connectionPoolSettings(); final SslContextBuilder builder = SslContextBuilder.forClient(); if (connectionPoolSettings.trustCertChainFile != null) builder.trustManager(new File(connectionPoolSettings.trustCertChainFile)); else {// w w w . j av a2s. c o m logger.warn( "SSL configured without a trustCertChainFile and thus trusts all certificates without verification (not suitable for production)"); builder.trustManager(InsecureTrustManagerFactory.INSTANCE); } if (null != connectionPoolSettings.keyCertChainFile && null != connectionPoolSettings.keyFile) { final File keyCertChainFile = new File(connectionPoolSettings.keyCertChainFile); final File keyFile = new File(connectionPoolSettings.keyFile); // note that keyPassword may be null here if the keyFile is not password-protected. builder.keyManager(keyCertChainFile, keyFile, connectionPoolSettings.keyPassword); } builder.sslProvider(provider); return builder.build(); }
From source file:org.apache.tinkerpop.gremlin.server.AbstractChannelizer.java
License:Apache License
private SslContext createSSLContext(final Settings settings) { final Settings.SslSettings sslSettings = settings.ssl; if (sslSettings.getSslContext().isPresent()) { logger.info("Using the SslContext override"); return sslSettings.getSslContext().get(); }// w ww . j a va2 s . c o m final SslProvider provider = SslProvider.JDK; final SslContextBuilder builder; // if the config doesn't contain a cert or key then use a self signed cert - not suitable for production if (null == sslSettings.keyCertChainFile || null == sslSettings.keyFile) { try { logger.warn("Enabling SSL with self-signed certificate (NOT SUITABLE FOR PRODUCTION)"); final SelfSignedCertificate ssc = new SelfSignedCertificate(); builder = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()); } catch (CertificateException ce) { logger.error("There was an error creating the self-signed certificate for SSL - SSL is not enabled", ce); return null; } } else { final File keyCertChainFile = new File(sslSettings.keyCertChainFile); final File keyFile = new File(sslSettings.keyFile); final File trustCertChainFile = null == sslSettings.trustCertChainFile ? null : new File(sslSettings.trustCertChainFile); // note that keyPassword may be null here if the keyFile is not password-protected. passing null to // trustManager is also ok (default will be used) builder = SslContextBuilder.forServer(keyCertChainFile, keyFile, sslSettings.keyPassword) .trustManager(trustCertChainFile); } builder.sslProvider(provider); try { return builder.build(); } catch (SSLException ssle) { logger.error("There was an error enabling SSL", ssle); return null; } }
From source file:org.apache.tinkerpop.gremlin.server.GremlinServerIntegrateTest.java
License:Apache License
@Test public void shouldEnableSslWithSslContextProgrammaticallySpecified() throws Exception { // just for testing - this is not good for production use final SslContextBuilder builder = SslContextBuilder.forClient(); builder.trustManager(InsecureTrustManagerFactory.INSTANCE); builder.sslProvider(SslProvider.JDK); final Cluster cluster = TestClientFactory.build().enableSsl(true).sslContext(builder.build()).create(); final Client client = cluster.connect(); try {//from w ww. ja v a 2s .c om // this should return "nothing" - there should be no exception assertEquals("test", client.submit("'test'").one().getString()); } finally { cluster.close(); } }
From source file:org.curioswitch.common.server.framework.ServerModule.java
License:Open Source License
private static SslContextBuilder serverSslContext(InputStream keyCertChainFile, InputStream keyFile) { SslContextBuilder builder = SslContextKeyConverter.execute(keyCertChainFile, keyFile, (cert, key) -> SslContextBuilder.forServer(cert, key, null)); return builder.sslProvider(Flags.useOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK) .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(HTTPS_ALPN_CFG); }
From source file:org.jooby.internal.netty.NettySslContext.java
License:Apache License
static SslContext build(final Config conf) throws IOException, CertificateException { String tmpdir = conf.getString("application.tmpdir"); boolean http2 = conf.getBoolean("server.http2.enabled"); File keyStoreCert = toFile(conf.getString("ssl.keystore.cert"), tmpdir); File keyStoreKey = toFile(conf.getString("ssl.keystore.key"), tmpdir); String keyStorePass = conf.hasPath("ssl.keystore.password") ? conf.getString("ssl.keystore.password") : null;//from w w w . j a v a2 s . c o m SslContextBuilder scb = SslContextBuilder.forServer(keyStoreCert, keyStoreKey, keyStorePass); if (conf.hasPath("ssl.trust.cert")) { scb.trustManager(toFile(conf.getString("ssl.trust.cert"), tmpdir)); } if (http2) { SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; return scb.sslProvider(provider).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig(Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, Arrays.asList(ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1))) .build(); } return scb.build(); }