Example usage for io.vertx.core.net OpenSSLEngineOptions OpenSSLEngineOptions

List of usage examples for io.vertx.core.net OpenSSLEngineOptions OpenSSLEngineOptions

  1. HOME
  2. Java
  3. io.vertx
  4. io.vertx.core.net.*
  5. OpenSSLEngineOptions
  6. OpenSSLEngineOptions

Introduction

In this page you can find the example usage for io.vertx.core.net OpenSSLEngineOptions OpenSSLEngineOptions.

Prototype

public OpenSSLEngineOptions()

Source Link

Usage

From source file:examples.NetExamples.java

License:Open Source License

public void exampleSSLEngine(Vertx vertx, JksOptions keyStoreOptions) {

    // Use JDK SSL engine
    NetServerOptions options = new NetServerOptions().setSsl(true).setKeyStoreOptions(keyStoreOptions);

    // Use JDK SSL engine explicitly
    options = new NetServerOptions().setSsl(true).setKeyStoreOptions(keyStoreOptions)
            .setJdkSslEngineOptions(new JdkSSLEngineOptions());

    // Use OpenSSL engine
    options = new NetServerOptions().setSsl(true).setKeyStoreOptions(keyStoreOptions)
            .setOpenSslEngineOptions(new OpenSSLEngineOptions());
}

From source file:io.nitor.api.backend.tls.SetupHttpServerOptions.java

License:Apache License

public static HttpServerOptions createHttpServerOptions(JsonObject config) {
    JsonObject tls = config.getJsonObject("tls");
    HttpServerOptions httpOptions = new HttpServerOptions()
            // basic TCP/HTTP options
            .setReuseAddress(true).setCompressionSupported(false) // otherwise it automatically compresses based on response headers even if pre-compressed with e.g. proxy
            .setUsePooledBuffers(true).setCompressionLevel(2)
            .setIdleTimeout(config.getInteger("idleTimeout", (int) MINUTES.toSeconds(10)));

    if (!config.getBoolean("http2", true)) {
        httpOptions.setAlpnVersions(asList(HTTP_1_1));
    }//from w w  w.j  a  v  a 2s.  c om

    if (tls != null) {
        httpOptions.setSsl(true)
                // server side certificate
                .setPemKeyCertOptions(new PemKeyCertOptions().setKeyPath(tls.getString("serverKey"))
                        .setCertPath(tls.getString("serverCert")))
                // TLS tuning
                .addEnabledSecureTransportProtocol("TLSv1.2").addEnabledSecureTransportProtocol("TLSv1.3");

        JsonObject clientAuth = config.getJsonObject("clientAuth");
        if (httpOptions.isSsl() && clientAuth != null && clientAuth.getString("clientChain") != null) {
            // client side certificate
            httpOptions.setClientAuth(REQUEST)
                    .setTrustOptions(new PemTrustOptions().addCertPath(clientAuth.getString("clientChain")));
        }
        if (TRUE.equals(config.getBoolean("useNativeOpenSsl"))) {
            httpOptions.setUseAlpn(true).setSslEngineOptions(new OpenSSLEngineOptions());
            cipherSuites.stream().map(SetupHttpServerOptions::javaCipherNameToOpenSSLName)
                    .forEach(httpOptions::addEnabledCipherSuite);
        } else {
            httpOptions.setUseAlpn(DynamicAgent.enableJettyAlpn())
                    .setJdkSslEngineOptions(new JdkSSLEngineOptions());
            cipherSuites.forEach(httpOptions::addEnabledCipherSuite);
        }
    }

    return httpOptions;
}

From source file:org.apache.servicecomb.foundation.vertx.VertxTLSBuilder.java

License:Apache License

private static TCPSSLOptions buildTCPSSLOptions(SSLOption sslOption, SSLCustom sslCustom,
        TCPSSLOptions tcpClientOptions) {
    tcpClientOptions.setSsl(true);// w ww.j  av a  2 s.  c o m

    if (sslOption.getEngine().equalsIgnoreCase("openssl")) {
        OpenSSLEngineOptions options = new OpenSSLEngineOptions();
        options.setSessionCacheEnabled(true);
        tcpClientOptions.setOpenSslEngineOptions(new OpenSSLEngineOptions());
    }
    String fullKeyStore = sslCustom.getFullPath(sslOption.getKeyStore());
    if (isFileExists(fullKeyStore)) {
        if (STORE_PKCS12.equalsIgnoreCase(sslOption.getKeyStoreType())) {
            PfxOptions keyPfxOptions = new PfxOptions();
            keyPfxOptions.setPath(sslCustom.getFullPath(sslOption.getKeyStore()));
            keyPfxOptions.setPassword(new String(sslCustom.decode(sslOption.getKeyStoreValue().toCharArray())));
            tcpClientOptions.setPfxKeyCertOptions(keyPfxOptions);
        } else if (STORE_JKS.equalsIgnoreCase(sslOption.getKeyStoreType())) {
            JksOptions keyJksOptions = new JksOptions();
            keyJksOptions.setPath(sslCustom.getFullPath(sslOption.getKeyStore()));
            keyJksOptions.setPassword(new String(sslCustom.decode(sslOption.getKeyStoreValue().toCharArray())));
            tcpClientOptions.setKeyStoreOptions(keyJksOptions);
        } else {
            throw new IllegalArgumentException("invalid key store type.");
        }
    } else {
        LOGGER.warn("keyStore [" + fullKeyStore + "] file not exist, please check!");
    }
    String fullTrustStore = sslCustom.getFullPath(sslOption.getTrustStore());
    if (isFileExists(fullTrustStore)) {
        if (STORE_PKCS12.equalsIgnoreCase(sslOption.getTrustStoreType())) {
            PfxOptions trustPfxOptions = new PfxOptions();
            trustPfxOptions.setPath(sslCustom.getFullPath(sslOption.getTrustStore()));
            trustPfxOptions
                    .setPassword(new String(sslCustom.decode(sslOption.getTrustStoreValue().toCharArray())));
            tcpClientOptions.setPfxTrustOptions(trustPfxOptions);
        } else if (STORE_JKS.equalsIgnoreCase(sslOption.getTrustStoreType())) {
            JksOptions trustJksOptions = new JksOptions();
            trustJksOptions.setPath(sslCustom.getFullPath(sslOption.getTrustStore()));
            trustJksOptions
                    .setPassword(new String(sslCustom.decode(sslOption.getTrustStoreValue().toCharArray())));
            tcpClientOptions.setTrustStoreOptions(trustJksOptions);
        } else {
            throw new IllegalArgumentException("invalid trust store type.");
        }
    } else {
        LOGGER.warn("trustStore [" + fullTrustStore + "] file not exist, please check!");
    }

    tcpClientOptions.setEnabledSecureTransportProtocols(
            new HashSet<String>(Arrays.asList(sslOption.getProtocols().split(","))));

    for (String cipher : SSLManager.getEnalbedCiphers(sslOption.getCiphers())) {
        tcpClientOptions.addEnabledCipherSuite(cipher);
    }

    if (isFileExists(sslCustom.getFullPath(sslOption.getCrl()))) {
        tcpClientOptions.addCrlPath(sslCustom.getFullPath(sslOption.getCrl()));
    }
    return tcpClientOptions;
}

From source file:space.xkr47.vertx.acme4j.util.SetupHttpServerOptions.java

License:Apache License

public static HttpServerOptions createHttpServerOptions(DynamicCertOptions dynamicCertOptions,
        boolean jettyAgentAlreadyLoaded) {
    HttpServerOptions httpOptions = new HttpServerOptions()
            // basic TCP/HTTP options
            .setReuseAddress(true).setCompressionSupported(false) // otherwise it automatically compresses based on response headers even if pre-compressed with e.g. proxy
            .setUsePooledBuffers(true).setSsl(true).setKeyCertOptions(dynamicCertOptions)
            // TLS tuning
            .addEnabledSecureTransportProtocol("TLSv1.2").addEnabledSecureTransportProtocol("TLSv1.3");

    // enable HTTP/2 support if we can..
    if (USE_OPENSSL) {
        // TODO this has not really been tested with SNI yet
        httpOptions.setUseAlpn(true).setSslEngineOptions(new OpenSSLEngineOptions());
        cipherSuites.stream().map(SetupHttpServerOptions::javaCipherNameToOpenSSLName)
                .forEach(httpOptions::addEnabledCipherSuite);
    } else {// w  ww .java 2 s. co m
        httpOptions.setUseAlpn(jettyAgentAlreadyLoaded || DynamicAgent.enableJettyAlpn())
                .setJdkSslEngineOptions(new JdkSSLEngineOptions());
        cipherSuites.forEach(httpOptions::addEnabledCipherSuite);
    }

    return httpOptions;
}