List of usage examples for io.vertx.core.net TCPSSLOptions addEnabledCipherSuite
public TCPSSLOptions addEnabledCipherSuite(String suite)
From source file:io.servicecomb.foundation.vertx.VertxTLSBuilder.java
License:Apache License
private static TCPSSLOptions buildTCPSSLOptions(SSLOption sslOption, SSLCustom sslCustom, TCPSSLOptions httpClientOptions) { httpClientOptions.setSsl(true);//from ww w. j a v a 2 s. c o m if (isFileExists(sslCustom.getFullPath(sslOption.getKeyStore()))) { if (STORE_PKCS12.equalsIgnoreCase(sslOption.getKeyStoreType())) { PfxOptions keyPfxOptions = new PfxOptions(); keyPfxOptions.setPath(sslCustom.getFullPath(sslOption.getKeyStore())); keyPfxOptions.setPassword(new String(sslCustom.decode(sslOption.getKeyStoreValue().toCharArray()))); httpClientOptions.setPfxKeyCertOptions(keyPfxOptions); } else if (STORE_JKS.equalsIgnoreCase(sslOption.getKeyStoreType())) { JksOptions keyJksOptions = new JksOptions(); keyJksOptions.setPath(sslCustom.getFullPath(sslOption.getKeyStore())); keyJksOptions.setPassword(new String(sslCustom.decode(sslOption.getKeyStoreValue().toCharArray()))); httpClientOptions.setKeyStoreOptions(keyJksOptions); } else { throw new IllegalArgumentException("invalid key store type."); } } if (isFileExists(sslCustom.getFullPath(sslOption.getTrustStore()))) { if (STORE_PKCS12.equalsIgnoreCase(sslOption.getTrustStoreType())) { PfxOptions trustPfxOptions = new PfxOptions(); trustPfxOptions.setPath(sslCustom.getFullPath(sslOption.getTrustStore())); trustPfxOptions .setPassword(new String(sslCustom.decode(sslOption.getTrustStoreValue().toCharArray()))); httpClientOptions.setPfxTrustOptions(trustPfxOptions); } else if (STORE_JKS.equalsIgnoreCase(sslOption.getTrustStoreType())) { JksOptions trustJksOptions = new JksOptions(); trustJksOptions.setPath(sslCustom.getFullPath(sslOption.getTrustStore())); trustJksOptions .setPassword(new String(sslCustom.decode(sslOption.getTrustStoreValue().toCharArray()))); httpClientOptions.setTrustStoreOptions(trustJksOptions); } else { throw new IllegalArgumentException("invalid trust store type."); } } for (String protocol : sslOption.getProtocols().split(",")) { httpClientOptions.addEnabledSecureTransportProtocol(protocol); } for (String cipher : SSLManager.getEnalbedCiphers(sslOption.getCiphers())) { httpClientOptions.addEnabledCipherSuite(cipher); } if (isFileExists(sslCustom.getFullPath(sslOption.getCrl()))) { httpClientOptions.addCrlPath(sslCustom.getFullPath(sslOption.getCrl())); } return httpClientOptions; }
From source file:org.apache.servicecomb.foundation.vertx.VertxTLSBuilder.java
License:Apache License
private static TCPSSLOptions buildTCPSSLOptions(SSLOption sslOption, SSLCustom sslCustom, TCPSSLOptions tcpClientOptions) { tcpClientOptions.setSsl(true);// w ww. j ava2 s . co m if (sslOption.getEngine().equalsIgnoreCase("openssl")) { OpenSSLEngineOptions options = new OpenSSLEngineOptions(); options.setSessionCacheEnabled(true); tcpClientOptions.setOpenSslEngineOptions(new OpenSSLEngineOptions()); } String fullKeyStore = sslCustom.getFullPath(sslOption.getKeyStore()); if (isFileExists(fullKeyStore)) { if (STORE_PKCS12.equalsIgnoreCase(sslOption.getKeyStoreType())) { PfxOptions keyPfxOptions = new PfxOptions(); keyPfxOptions.setPath(sslCustom.getFullPath(sslOption.getKeyStore())); keyPfxOptions.setPassword(new String(sslCustom.decode(sslOption.getKeyStoreValue().toCharArray()))); tcpClientOptions.setPfxKeyCertOptions(keyPfxOptions); } else if (STORE_JKS.equalsIgnoreCase(sslOption.getKeyStoreType())) { JksOptions keyJksOptions = new JksOptions(); keyJksOptions.setPath(sslCustom.getFullPath(sslOption.getKeyStore())); keyJksOptions.setPassword(new String(sslCustom.decode(sslOption.getKeyStoreValue().toCharArray()))); tcpClientOptions.setKeyStoreOptions(keyJksOptions); } else { throw new IllegalArgumentException("invalid key store type."); } } else { LOGGER.warn("keyStore [" + fullKeyStore + "] file not exist, please check!"); } String fullTrustStore = sslCustom.getFullPath(sslOption.getTrustStore()); if (isFileExists(fullTrustStore)) { if (STORE_PKCS12.equalsIgnoreCase(sslOption.getTrustStoreType())) { PfxOptions trustPfxOptions = new PfxOptions(); trustPfxOptions.setPath(sslCustom.getFullPath(sslOption.getTrustStore())); trustPfxOptions .setPassword(new String(sslCustom.decode(sslOption.getTrustStoreValue().toCharArray()))); tcpClientOptions.setPfxTrustOptions(trustPfxOptions); } else if (STORE_JKS.equalsIgnoreCase(sslOption.getTrustStoreType())) { JksOptions trustJksOptions = new JksOptions(); trustJksOptions.setPath(sslCustom.getFullPath(sslOption.getTrustStore())); trustJksOptions .setPassword(new String(sslCustom.decode(sslOption.getTrustStoreValue().toCharArray()))); tcpClientOptions.setTrustStoreOptions(trustJksOptions); } else { throw new IllegalArgumentException("invalid trust store type."); } } else { LOGGER.warn("trustStore [" + fullTrustStore + "] file not exist, please check!"); } tcpClientOptions.setEnabledSecureTransportProtocols( new HashSet<String>(Arrays.asList(sslOption.getProtocols().split(",")))); for (String cipher : SSLManager.getEnalbedCiphers(sslOption.getCiphers())) { tcpClientOptions.addEnabledCipherSuite(cipher); } if (isFileExists(sslCustom.getFullPath(sslOption.getCrl()))) { tcpClientOptions.addCrlPath(sslCustom.getFullPath(sslOption.getCrl())); } return tcpClientOptions; }