Example usage for io.netty.handler.ssl.util SelfSignedCertificate key

List of usage examples for io.netty.handler.ssl.util SelfSignedCertificate key

  1. HOME
  2. Java
  3. io.netty
  4. io.netty.handler.ssl.util.*
  5. SelfSignedCertificate
  6. key

Introduction

In this page you can find the example usage for io.netty.handler.ssl.util SelfSignedCertificate key.

Prototype

PrivateKey key

To view the source code for io.netty.handler.ssl.util SelfSignedCertificate key.

Click Source Link

Usage

From source file:io.grpc.netty.ProtocolNegotiatorsTest.java

License:Apache License

@Test
public void clientTlsHandler_firesNegotiation() throws Exception {
    SelfSignedCertificate cert = new SelfSignedCertificate("authority");
    SslContext clientSslContext = GrpcSslContexts
            .configure(SslContextBuilder.forClient().trustManager(cert.cert())).build();
    SslContext serverSslContext = GrpcSslContexts
            .configure(SslContextBuilder.forServer(cert.key(), cert.cert())).build();
    FakeGrpcHttp2ConnectionHandler gh = FakeGrpcHttp2ConnectionHandler.newHandler();

    ClientTlsProtocolNegotiator pn = new ClientTlsProtocolNegotiator(clientSslContext);
    WriteBufferingAndExceptionHandler clientWbaeh = new WriteBufferingAndExceptionHandler(pn.newHandler(gh));

    SocketAddress addr = new LocalAddress("addr");

    ChannelHandler sh = ProtocolNegotiators.serverTls(serverSslContext)
            .newHandler(FakeGrpcHttp2ConnectionHandler.noopHandler());
    WriteBufferingAndExceptionHandler serverWbaeh = new WriteBufferingAndExceptionHandler(sh);
    Channel s = new ServerBootstrap().childHandler(serverWbaeh).group(group).channel(LocalServerChannel.class)
            .bind(addr).sync().channel();
    Channel c = new Bootstrap().handler(clientWbaeh).channel(LocalChannel.class).group(group).register().sync()
            .channel();/*from  w  w w .  j a  v  a2 s  .co m*/
    ChannelFuture write = c.writeAndFlush(NettyClientHandler.NOOP_MESSAGE);
    c.connect(addr).sync();
    write.sync();

    boolean completed = gh.negotiated.await(TIMEOUT_SECONDS, TimeUnit.SECONDS);
    if (!completed) {
        assertTrue("failed to negotiated", write.await(TIMEOUT_SECONDS, TimeUnit.SECONDS));
        // sync should fail if we are in this block.
        write.sync();
        throw new AssertionError("neither wrote nor negotiated");
    }
    c.close();
    s.close();

    assertThat(gh.securityInfo).isNotNull();
    assertThat(gh.securityInfo.tls).isNotNull();
    assertThat(gh.attrs.get(GrpcAttributes.ATTR_SECURITY_LEVEL)).isEqualTo(SecurityLevel.PRIVACY_AND_INTEGRITY);
    assertThat(gh.attrs.get(Grpc.TRANSPORT_ATTR_SSL_SESSION)).isInstanceOf(SSLSession.class);
    // This is not part of the ClientTls negotiation, but shows that the negotiation event happens
    // in the right order.
    assertThat(gh.attrs.get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR)).isEqualTo(addr);
}

From source file:org.apache.drill.exec.rpc.user.security.TestUserBitSSL.java

License:Apache License

@Ignore("This test fails in some cases where the host name may be set up inconsistently.")
@Test//ww  w . j  a v  a  2s  .  c om
public void testClientConfigHostnameVerification() {
    String password = "test_password";
    String trustStoreFileName = "drillTestTrustStore";
    String keyStoreFileName = "drillTestKeyStore";
    KeyStore ts, ks;
    File tempFile1, tempFile2;
    String trustStorePath;
    String keyStorePath;

    try {
        String fqdn = InetAddress.getLocalHost().getHostName();
        SelfSignedCertificate certificate = new SelfSignedCertificate(fqdn);

        tempFile1 = File.createTempFile(trustStoreFileName, ".ks");
        tempFile1.deleteOnExit();
        trustStorePath = tempFile1.getAbsolutePath();
        //generate a truststore.
        ts = KeyStore.getInstance(KeyStore.getDefaultType());
        ts.load(null, password.toCharArray());
        ts.setCertificateEntry("drillTest", certificate.cert());
        // Store away the truststore.
        try (FileOutputStream fos1 = new FileOutputStream(tempFile1);) {
            ts.store(fos1, password.toCharArray());
        } catch (Exception e) {
            fail(e.getMessage());
        }

        tempFile2 = File.createTempFile(keyStoreFileName, ".ks");
        tempFile2.deleteOnExit();
        keyStorePath = tempFile2.getAbsolutePath();
        //generate a keystore.
        ts = KeyStore.getInstance(KeyStore.getDefaultType());
        ts.load(null, password.toCharArray());
        ts.setKeyEntry("drillTest", certificate.key(), password.toCharArray(),
                new java.security.cert.Certificate[] { certificate.cert() });
        // Store away the keystore.
        try (FileOutputStream fos2 = new FileOutputStream(tempFile2);) {
            ts.store(fos2, password.toCharArray());
        } catch (Exception e) {
            fail(e.getMessage());
        }

        final Properties connectionProps = new Properties();
        connectionProps.setProperty(DrillProperties.ENABLE_TLS, "true");
        connectionProps.setProperty(DrillProperties.TRUSTSTORE_PATH, trustStorePath);
        connectionProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, password);
        connectionProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, "false");

        DrillConfig sslConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties())
                .withValue(ExecConstants.USER_SSL_ENABLED, ConfigValueFactory.fromAnyRef(true))
                .withValue(ExecConstants.SSL_KEYSTORE_TYPE, ConfigValueFactory.fromAnyRef("JKS"))
                .withValue(ExecConstants.SSL_KEYSTORE_PATH, ConfigValueFactory.fromAnyRef(keyStorePath))
                .withValue(ExecConstants.SSL_KEYSTORE_PASSWORD, ConfigValueFactory.fromAnyRef("test_password"))
                .withValue(ExecConstants.SSL_PROTOCOL, ConfigValueFactory.fromAnyRef("TLSv1.2")));

        updateTestCluster(1, sslConfig, connectionProps);

    } catch (Exception e) {
        fail(e.getMessage());
    }
    //reset cluster
    updateTestCluster(1, newConfig, initProps);

}