List of usage examples for io.netty.handler.ssl SslProvider JDK
SslProvider JDK
To view the source code for io.netty.handler.ssl SslProvider JDK.
Click Source Link
From source file:org.graylog2.inputs.transports.NettyTransportConfiguration.java
License:Open Source License
public SslProvider getTlsProvider() { switch (tlsProvider.toLowerCase(Locale.ROOT)) { case "openssl": return SslProvider.OPENSSL; case "jdk": return SslProvider.JDK; case "auto": default:/* w ww . j a v a 2 s . c o m*/ return detectTlsProvider(); } }
From source file:org.graylog2.inputs.transports.NettyTransportConfiguration.java
License:Open Source License
private SslProvider detectTlsProvider() { if (OpenSsl.isAvailable()) { LOG.debug("Using OpenSSL for Netty transports."); return SslProvider.OPENSSL; } else {//w w w .j a va2s.c o m LOG.debug("Using default Java TLS provider for Netty transports."); return SslProvider.JDK; } }
From source file:org.hyperledger.fabric.sdk.Endpoint.java
License:Open Source License
Endpoint(String url, Properties properties) {
logger.trace(String.format("Creating endpoint for url %s", url));
this.url = url;
String pem = null;//ww w. j av a 2 s . c o m
String cn = null;
String sslp = null;
String nt = null;
Properties purl = parseGrpcUrl(url);
String protocol = purl.getProperty("protocol");
this.addr = purl.getProperty("host");
this.port = Integer.parseInt(purl.getProperty("port"));
if (properties != null) {
if ("grpcs".equals(protocol)) {
try {
pem = properties.getProperty("pemFile");
cn = properties.getProperty("hostnameOverride");
if (cn == null && "true".equals(properties.getProperty("trustServerCertificate"))) {
File pemF = new File(pem);
final String cnKey = pemF.getAbsolutePath() + pemF.length() + pemF.lastModified();
cn = cnCache.get(cnKey);
if (cn == null) {
Path path = Paths.get(pem);
byte[] data = Files.readAllBytes(path);
CryptoPrimitives cp = new CryptoPrimitives();
X500Name x500name = new JcaX509CertificateHolder(
(X509Certificate) cp.bytesToCertificate(data)).getSubject();
RDN rdn = x500name.getRDNs(BCStyle.CN)[0];
// cnn = cn +"";
AttributeTypeAndValue f = rdn.getFirst();
cn = IETFUtils.valueToString(rdn.getFirst().getValue());
cnCache.put(cnKey, cn);
}
}
} catch (Exception e) {
/// Mostly a development env. just log it.
logger.error(
"Error getting Subject CN from certificate. Try setting it specifically with hostnameOverride property. "
+ e.getMessage());
}
sslp = properties.getProperty("sslProvider");
if (sslp == null) {
throw new RuntimeException("Property of sslProvider expected");
}
if (!sslp.equals("openSSL") && !sslp.equals("JDK")) {
throw new RuntimeException("Property of sslProvider has to be either openSSL or JDK");
}
nt = properties.getProperty("negotiationType");
if (nt == null) {
throw new RuntimeException("Property of negotiationType expected");
}
if (!nt.equals("TLS") && !sslp.equals("plainText")) {
throw new RuntimeException("Property of negotiationType has to be either TLS or plainText");
}
}
}
try {
if (protocol.equalsIgnoreCase("grpc")) {
this.channelBuilder = ManagedChannelBuilder.forAddress(addr, port).usePlaintext(true);
addNettyBuilderProps(channelBuilder, properties);
} else if (protocol.equalsIgnoreCase("grpcs")) {
if (Utils.isNullOrEmpty(pem)) {
// use root certificate
this.channelBuilder = ManagedChannelBuilder.forAddress(addr, port);
addNettyBuilderProps(channelBuilder, properties);
} else {
try {
SslProvider sslprovider = sslp.equals("openSSL") ? SslProvider.OPENSSL : SslProvider.JDK;
NegotiationType ntype = nt.equals("TLS") ? NegotiationType.TLS : NegotiationType.PLAINTEXT;
SslContext sslContext = GrpcSslContexts.forClient().trustManager(new File(pem))
.sslProvider(sslprovider).build();
this.channelBuilder = NettyChannelBuilder.forAddress(addr, port).sslContext(sslContext)
.negotiationType(ntype);
if (cn != null) {
channelBuilder.overrideAuthority(cn);
}
addNettyBuilderProps(channelBuilder, properties);
} catch (SSLException sslex) {
throw new RuntimeException(sslex);
}
}
} else {
throw new RuntimeException("invalid protocol: " + protocol);
}
} catch (RuntimeException e) {
logger.error(e);
throw e;
} catch (Exception e) {
logger.error(e);
throw new RuntimeException(e);
}
}
From source file:org.jboss.aerogear.webpush.netty.WebPushNettyServer.java
License:Apache License
private static SslContext createSslContext(final WebPushServerConfig config) throws Exception { if (config.useEndpointTls()) { return SslContextBuilder.forServer(config.cert(), config.privateKey()).sslProvider(SslProvider.JDK) .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig(protocol(config), SelectorFailureBehavior.FATAL_ALERT, SelectedListenerFailureBehavior.FATAL_ALERT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)) .build();/* ww w .ja v a 2 s.com*/ } return null; }
From source file:org.jboss.aerogear.webpush.WebPushClient.java
License:Apache License
private SslContext configureSsl() throws SSLException { if (!ssl) {/*w w w . j a v a 2 s. c o m*/ return null; } return SslContextBuilder.forClient().sslProvider(SslProvider.JDK) .trustManager(InsecureTrustManagerFactory.INSTANCE) .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig(Protocol.ALPN, SelectorFailureBehavior.FATAL_ALERT, SelectedListenerFailureBehavior.FATAL_ALERT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)) .build(); }
From source file:org.jooby.internal.netty.NettySslContext.java
License:Apache License
static SslContext build(final Config conf) throws IOException, CertificateException { String tmpdir = conf.getString("application.tmpdir"); boolean http2 = conf.getBoolean("server.http2.enabled"); File keyStoreCert = toFile(conf.getString("ssl.keystore.cert"), tmpdir); File keyStoreKey = toFile(conf.getString("ssl.keystore.key"), tmpdir); String keyStorePass = conf.hasPath("ssl.keystore.password") ? conf.getString("ssl.keystore.password") : null;/*from w w w . j a va2s. c om*/ SslContextBuilder scb = SslContextBuilder.forServer(keyStoreCert, keyStoreKey, keyStorePass); if (conf.hasPath("ssl.trust.cert")) { scb.trustManager(toFile(conf.getString("ssl.trust.cert"), tmpdir)); } if (http2) { SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; return scb.sslProvider(provider).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig(Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, Arrays.asList(ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1))) .build(); } return scb.build(); }
From source file:org.ow2.petals.bc.gateway.commons.handlers.AuthenticatorSSLHandler.java
License:Open Source License
private void setUpSslHandlers(final ChannelHandlerContext ctx, final AbstractDomain domain, final @Nullable String certificate, final @Nullable String key, final @Nullable String passphrase, final @Nullable String remoteCertificate) throws SSLException { // TODO could we use certificate only for auth and not encryption? // TODO support openssl final SslHandler sslHandler; if (pdOrAuth.isB() && certificate != null && key != null) { // server side ssl, do not forget startTls so that our accept can be sent after the handler is added final ServiceUnitDataHandler handler = domain.getSUHandler(); final SslContextBuilder builder = SslContextBuilder .forServer(ServiceUnitUtil.getFile(handler.getInstallRoot(), certificate), ServiceUnitUtil.getFile(handler.getInstallRoot(), key), passphrase) .sslProvider(SslProvider.JDK).ciphers(null, IdentityCipherSuiteFilter.INSTANCE) .sessionCacheSize(0).sessionTimeout(0); if (remoteCertificate != null) { builder.trustManager(ServiceUnitUtil.getFile(handler.getInstallRoot(), remoteCertificate)) .clientAuth(ClientAuth.REQUIRE); }/*from w w w . java 2 s. c om*/ // until https://github.com/netty/netty/issues/5170 is accepted // we need to create the handler by hand sslHandler = new SslHandler(builder.build().newEngine(ctx.alloc()), true); } else if (pdOrAuth.isA() && remoteCertificate != null) { // client side final String installRoot = domain.getSUHandler().getInstallRoot(); final SslContextBuilder builder = SslContextBuilder.forClient().sslProvider(SslProvider.JDK) .trustManager(ServiceUnitUtil.getFile(installRoot, remoteCertificate)) .ciphers(null, IdentityCipherSuiteFilter.INSTANCE).sessionCacheSize(0).sessionTimeout(0); if (certificate != null && key != null) { builder.keyManager(ServiceUnitUtil.getFile(installRoot, certificate), ServiceUnitUtil.getFile(installRoot, key), passphrase); } sslHandler = builder.build().newHandler(ctx.alloc()); } else { sslHandler = null; } // For a server, it contains the transporter name and the consumer domain name (it was updated in channelRead0) // For a client, it contains the provider domain name (it was set by the component) final String logName = logger.getName(); // let's replace the debug logger with something specific to this consumer ctx.pipeline().replace(HandlerConstants.LOG_DEBUG_HANDLER, HandlerConstants.LOG_DEBUG_HANDLER, new LoggingHandler(logName, LogLevel.TRACE)); ctx.pipeline().replace(HandlerConstants.LOG_ERRORS_HANDLER, HandlerConstants.LOG_ERRORS_HANDLER, new LastLoggingHandler(logName + ".errors")); if (sslHandler != null) { // if there is a sslHandler, then we can only add the domain handler after the handshake is finished // if not we risk sending things too early in it sslHandler.handshakeFuture().addListener(new FutureListener<Channel>() { @Override public void operationComplete(final @Nullable Future<Channel> future) throws Exception { assert future != null; if (!future.isSuccess()) { authenticationFuture.setFailure(future.cause()); } else { // I must keep the handler here until now in case there is an exception so that I can log it ctx.pipeline().replace(HandlerConstants.DOMAIN_HANDLER, HandlerConstants.DOMAIN_HANDLER, dhb.build(domain)); authenticationFuture.setSuccess(ctx.channel()); } } }); ctx.pipeline().addAfter(HandlerConstants.LOG_DEBUG_HANDLER, HandlerConstants.SSL_HANDLER, sslHandler); } if (pdOrAuth.isB()) { if (logger.isLoggable(Level.FINE)) { logger.fine("Sending an Accept (" + ctx.channel().remoteAddress() + ")"); } // this must be sent after the ssh handler is replaced (when using ssl) so that we are ready to receive ssl data right away // but this must be sent before the domain handler is replaced (when not using ssl), because it will send // data and it must arrive AFTER our Accept ctx.writeAndFlush(new AuthAccept()); } // else it is done in the FutureListener if (sslHandler == null) { ctx.pipeline().replace(HandlerConstants.DOMAIN_HANDLER, HandlerConstants.DOMAIN_HANDLER, dhb.build(domain)); authenticationFuture.setSuccess(ctx.channel()); } }
From source file:org.springframework.boot.actuate.autoconfigure.cloudfoundry.reactive.ReactiveCloudFoundrySecurityService.java
License:Apache License
private SslContextBuilder createSslContext() { return SslContextBuilder.forClient().sslProvider(SslProvider.JDK) .trustManager(InsecureTrustManagerFactory.INSTANCE); }
From source file:org.springframework.boot.web.reactive.server.AbstractReactiveWebServerFactoryTests.java
License:Apache License
protected ReactorClientHttpConnector buildTrustAllSslConnector() { SslContextBuilder builder = SslContextBuilder.forClient().sslProvider(SslProvider.JDK) .trustManager(InsecureTrustManagerFactory.INSTANCE); HttpClient client = HttpClient.create().wiretap(true) .secure((sslContextSpec) -> sslContextSpec.sslContext(builder)); return new ReactorClientHttpConnector(client); }
From source file:org.springframework.boot.web.reactive.server.AbstractReactiveWebServerFactoryTests.java
License:Apache License
protected ReactorClientHttpConnector buildTrustAllSslWithClientKeyConnector() throws Exception { KeyStore clientKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); clientKeyStore.load(new FileInputStream(new File("src/test/resources/test.jks")), "secret".toCharArray()); KeyManagerFactory clientKeyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); clientKeyManagerFactory.init(clientKeyStore, "password".toCharArray()); for (KeyManager keyManager : clientKeyManagerFactory.getKeyManagers()) { if (keyManager instanceof X509KeyManager) { X509KeyManager x509KeyManager = (X509KeyManager) keyManager; PrivateKey privateKey = x509KeyManager.getPrivateKey("spring-boot"); if (privateKey != null) { X509Certificate[] certificateChain = x509KeyManager.getCertificateChain("spring-boot"); SslContextBuilder builder = SslContextBuilder.forClient().sslProvider(SslProvider.JDK) .trustManager(InsecureTrustManagerFactory.INSTANCE) .keyManager(privateKey, certificateChain); HttpClient client = HttpClient.create().wiretap(true) .secure((sslContextSpec) -> sslContextSpec.sslContext(builder)); return new ReactorClientHttpConnector(client); }//from w w w. ja va 2 s . com } } throw new IllegalStateException("Key with alias 'spring-boot' not found"); }