Example usage for io.vertx.core.net TCPSSLOptions setEnabledSecureTransportProtocols

List of usage examples for io.vertx.core.net TCPSSLOptions setEnabledSecureTransportProtocols

  1. HOME
  2. Java
  3. io.vertx
  4. io.vertx.core.net.*
  5. TCPSSLOptions
  6. setEnabledSecureTransportProtocols

Introduction

In this page you can find the example usage for io.vertx.core.net TCPSSLOptions setEnabledSecureTransportProtocols.

Prototype

public TCPSSLOptions setEnabledSecureTransportProtocols(Set<String> enabledSecureTransportProtocols)

Source Link

Document

Sets the list of enabled SSL/TLS protocols.

Usage

From source file:org.apache.servicecomb.foundation.vertx.VertxTLSBuilder.java

License:Apache License

private static TCPSSLOptions buildTCPSSLOptions(SSLOption sslOption, SSLCustom sslCustom,
        TCPSSLOptions tcpClientOptions) {
    tcpClientOptions.setSsl(true);/* w ww  .  j  av a 2  s  . c o m*/

    if (sslOption.getEngine().equalsIgnoreCase("openssl")) {
        OpenSSLEngineOptions options = new OpenSSLEngineOptions();
        options.setSessionCacheEnabled(true);
        tcpClientOptions.setOpenSslEngineOptions(new OpenSSLEngineOptions());
    }
    String fullKeyStore = sslCustom.getFullPath(sslOption.getKeyStore());
    if (isFileExists(fullKeyStore)) {
        if (STORE_PKCS12.equalsIgnoreCase(sslOption.getKeyStoreType())) {
            PfxOptions keyPfxOptions = new PfxOptions();
            keyPfxOptions.setPath(sslCustom.getFullPath(sslOption.getKeyStore()));
            keyPfxOptions.setPassword(new String(sslCustom.decode(sslOption.getKeyStoreValue().toCharArray())));
            tcpClientOptions.setPfxKeyCertOptions(keyPfxOptions);
        } else if (STORE_JKS.equalsIgnoreCase(sslOption.getKeyStoreType())) {
            JksOptions keyJksOptions = new JksOptions();
            keyJksOptions.setPath(sslCustom.getFullPath(sslOption.getKeyStore()));
            keyJksOptions.setPassword(new String(sslCustom.decode(sslOption.getKeyStoreValue().toCharArray())));
            tcpClientOptions.setKeyStoreOptions(keyJksOptions);
        } else {
            throw new IllegalArgumentException("invalid key store type.");
        }
    } else {
        LOGGER.warn("keyStore [" + fullKeyStore + "] file not exist, please check!");
    }
    String fullTrustStore = sslCustom.getFullPath(sslOption.getTrustStore());
    if (isFileExists(fullTrustStore)) {
        if (STORE_PKCS12.equalsIgnoreCase(sslOption.getTrustStoreType())) {
            PfxOptions trustPfxOptions = new PfxOptions();
            trustPfxOptions.setPath(sslCustom.getFullPath(sslOption.getTrustStore()));
            trustPfxOptions
                    .setPassword(new String(sslCustom.decode(sslOption.getTrustStoreValue().toCharArray())));
            tcpClientOptions.setPfxTrustOptions(trustPfxOptions);
        } else if (STORE_JKS.equalsIgnoreCase(sslOption.getTrustStoreType())) {
            JksOptions trustJksOptions = new JksOptions();
            trustJksOptions.setPath(sslCustom.getFullPath(sslOption.getTrustStore()));
            trustJksOptions
                    .setPassword(new String(sslCustom.decode(sslOption.getTrustStoreValue().toCharArray())));
            tcpClientOptions.setTrustStoreOptions(trustJksOptions);
        } else {
            throw new IllegalArgumentException("invalid trust store type.");
        }
    } else {
        LOGGER.warn("trustStore [" + fullTrustStore + "] file not exist, please check!");
    }

    tcpClientOptions.setEnabledSecureTransportProtocols(
            new HashSet<String>(Arrays.asList(sslOption.getProtocols().split(","))));

    for (String cipher : SSLManager.getEnalbedCiphers(sslOption.getCiphers())) {
        tcpClientOptions.addEnabledCipherSuite(cipher);
    }

    if (isFileExists(sslCustom.getFullPath(sslOption.getCrl()))) {
        tcpClientOptions.addCrlPath(sslCustom.getFullPath(sslOption.getCrl()));
    }
    return tcpClientOptions;
}