io.netty.handler.ssl.OpenSsl Java Examples

The following examples show how to use io.netty.handler.ssl.OpenSsl. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TransportSupportTest.java    From qpid-jms with Apache License 2.0 6 votes vote down vote up
@Test
public void testCreateSslContextNoKeyStorePasswordOpenSSL() throws Exception {
    assumeTrue(OpenSsl.isAvailable());
    assumeTrue(OpenSsl.supportsKeyManagerFactory());

    TransportOptions options = createJksSslOptions();
    options.setKeyStorePassword(null);

    try {
        TransportSupport.createOpenSslContext(options);
        fail("Expected an exception to be thrown");
    } catch (UnrecoverableKeyException e) {
        // Expected
    } catch (IllegalArgumentException iae) {
        // Expected in certain cases
        String message = iae.getMessage();
        assertTrue("Unexpected message: " + message, message.contains("password can't be null"));
    }
}
 
Example #2
Source File: TransportSupportTest.java    From qpid-jms with Apache License 2.0 6 votes vote down vote up
@Test
public void testCreateSslEngineFromJceksStoreWithExplicitEnabledProtocolsOpenSSL() throws Exception {
    assumeTrue(OpenSsl.isAvailable());
    assumeTrue(OpenSsl.supportsKeyManagerFactory());

    // Try and disable all but the one we really want but for now expect that this one plus SSLv2Hello
    // is going to come back until the netty code can successfully disable them all.
    TransportOptions options = createJceksSslOptions(ENABLED_PROTOCOLS);

    SslContext context = TransportSupport.createOpenSslContext(options);
    assertNotNull(context);

    SSLEngine engine = TransportSupport.createOpenSslEngine(PooledByteBufAllocator.DEFAULT, null, context, options);
    assertNotNull(engine);

    assertArrayEquals("Enabled protocols not as expected", ENABLED_OPENSSL_PROTOCOLS, engine.getEnabledProtocols());
}
 
Example #3
Source File: GrpcSslContexts.java    From grpc-nebula-java with Apache License 2.0 6 votes vote down vote up
/**
 * Returns OpenSSL if available, otherwise returns the JDK provider.
 */
private static SslProvider defaultSslProvider() {
  if (OpenSsl.isAvailable()) {
    logger.log(Level.FINE, "Selecting OPENSSL");
    return SslProvider.OPENSSL;
  }
  Provider provider = findJdkProvider();
  if (provider != null) {
    logger.log(Level.FINE, "Selecting JDK with provider {0}", provider);
    return SslProvider.JDK;
  }
  logger.log(Level.INFO, "netty-tcnative unavailable (this may be normal)",
      OpenSsl.unavailabilityCause());
  logger.log(Level.INFO, "Conscrypt not found (this may be normal)");
  logger.log(Level.INFO, "Jetty ALPN unavailable (this may be normal)",
      JettyTlsUtil.getJettyAlpnUnavailabilityCause());
  throw new IllegalStateException(
      "Could not find TLS ALPN provider; "
      + "no working netty-tcnative, Conscrypt, or Jetty NPN/ALPN available");
}
 
Example #4
Source File: TransportSupportTest.java    From qpid-jms with Apache License 2.0 6 votes vote down vote up
@Test
public void testCreateSslEngineFromJksStoreWithExplicitEnabledAndDisabledCiphersOpenSSL() throws Exception {
    assumeTrue(OpenSsl.isAvailable());
    assumeTrue(OpenSsl.supportsKeyManagerFactory());

    // Discover the default enabled ciphers
    TransportOptions options = createJksSslOptions();
    SSLEngine directEngine = createOpenSSLEngineDirectly(options);
    String[] ciphers = directEngine.getEnabledCipherSuites();
    assertTrue("There werent enough initial ciphers to choose from!", ciphers.length > 1);

    // Pull out two to enable, and one to disable specifically
    String cipher1 = ciphers[0];
    String cipher2 = ciphers[1];
    String[] enabledCiphers = new String[] { cipher1, cipher2 };
    String[] disabledCipher = new String[] { cipher1 };
    String[] remainingCipher = new String[] { cipher2 };
    options.setEnabledCipherSuites(enabledCiphers);
    options.setDisabledCipherSuites(disabledCipher);
    SslContext context = TransportSupport.createOpenSslContext(options);
    SSLEngine engine = TransportSupport.createOpenSslEngine(PooledByteBufAllocator.DEFAULT, null, context, options);

    // verify the option took effect, that the disabled ciphers were removed from the enabled list.
    assertNotNull(engine);
    assertArrayEquals("Enabled ciphers not as expected", remainingCipher, engine.getEnabledCipherSuites());
}
 
Example #5
Source File: SslUtil.java    From browserup-proxy with Apache License 2.0 6 votes vote down vote up
@Override
public List<String> get() {
    List<String> ciphers;
    if (OpenSsl.isAvailable()) {
        // TODO: consider switching to the list of all available ciphers using OpenSsl.availableCipherSuites()
        ciphers = getBuiltInCipherList();
    } else {
        ciphers = getEnabledJdkCipherSuites();

        if (ciphers.isEmpty()) {
            // could not retrieve the list of enabled ciphers from the JDK SSLContext, so use the hard-coded list
            ciphers = getBuiltInCipherList();
        }
    }

    return ciphers;
}
 
Example #6
Source File: GrpcSslContexts.java    From grpc-java with Apache License 2.0 6 votes vote down vote up
/**
 * Returns OpenSSL if available, otherwise returns the JDK provider.
 */
private static SslProvider defaultSslProvider() {
  if (OpenSsl.isAvailable()) {
    logger.log(Level.FINE, "Selecting OPENSSL");
    return SslProvider.OPENSSL;
  }
  Provider provider = findJdkProvider();
  if (provider != null) {
    logger.log(Level.FINE, "Selecting JDK with provider {0}", provider);
    return SslProvider.JDK;
  }
  logger.log(Level.INFO, "Java 9 ALPN API unavailable (this may be normal)");
  logger.log(Level.INFO, "netty-tcnative unavailable (this may be normal)",
      OpenSsl.unavailabilityCause());
  logger.log(Level.INFO, "Conscrypt not found (this may be normal)",
      ConscryptHolder.UNAVAILABILITY_CAUSE);
  logger.log(Level.INFO, "Jetty ALPN unavailable (this may be normal)",
      JettyTlsUtil.getJettyAlpnUnavailabilityCause());
  throw new IllegalStateException(
      "Could not find TLS ALPN provider; "
      + "no working netty-tcnative, Conscrypt, or Jetty NPN/ALPN available");
}
 
Example #7
Source File: OpenSSLTest.java    From deprecated-security-ssl with Apache License 2.0 6 votes vote down vote up
@Test
public void testAvailCiphersOpenSSL() throws Exception {
    Assume.assumeTrue(OpenSsl.isAvailable());

    // Set<String> openSSLAvailCiphers = new
    // HashSet<>(OpenSsl.availableCipherSuites());
    // System.out.println("OpenSSL available ciphers: "+openSSLAvailCiphers);
    // ECDHE-RSA-AES256-SHA, ECDH-ECDSA-AES256-SHA, DH-DSS-DES-CBC-SHA,
    // ADH-AES256-SHA256, ADH-CAMELLIA128-SHA

    final Set<String> openSSLSecureCiphers = new HashSet<>();
    for (final String secure : SSLConfigConstants.getSecureSSLCiphers(Settings.EMPTY, false)) {
        if (OpenSsl.isCipherSuiteAvailable(secure)) {
            openSSLSecureCiphers.add(secure);
        }
    }

    System.out.println("OpenSSL secure ciphers: " + openSSLSecureCiphers);
    Assert.assertTrue(openSSLSecureCiphers.size() > 0);
}
 
Example #8
Source File: BridgeServerTlsContextImpl.java    From arcusplatform with Apache License 2.0 6 votes vote down vote up
private static SslProvider createSslProvider(BridgeServerConfig serverConfig) {
   switch (serverConfig.getTlsProvider()) {
   case BridgeServerConfig.TLS_PROVIDER_JDK:
   case BridgeServerConfig.TLS_PROVIDER_DEFAULT:
      logger.info("using jdk ssl provider");
      return SslProvider.JDK;

   case BridgeServerConfig.TLS_PROVIDER_OPENSSL:
      if (!OpenSsl.isAvailable()) {
         throw new RuntimeException("could not initialize openssl ssl provider", OpenSsl.unavailabilityCause());
      }

      logger.info("using openssl ssl provider");
      return SslProvider.OPENSSL_REFCNT;

   default:
      throw new RuntimeException("unknown ssl provider: " + serverConfig.getTlsProvider());
   }
}
 
Example #9
Source File: TransportSupportTest.java    From qpid-jms with Apache License 2.0 6 votes vote down vote up
@Test
public void testCreateSslEngineWithVerifyHostOpenSSL() throws Exception {
    assumeTrue(OpenSsl.isAvailable());
    assumeTrue(OpenSsl.supportsKeyManagerFactory());
    assumeTrue(OpenSsl.supportsHostnameValidation());

    TransportOptions options = createJksSslOptions();
    options.setVerifyHost(true);

    SslContext context = TransportSupport.createOpenSslContext(options);
    assertNotNull(context);

    SSLEngine engine = TransportSupport.createOpenSslEngine(PooledByteBufAllocator.DEFAULT, null, context, options);
    assertNotNull(engine);

    assertEquals("HTTPS", engine.getSSLParameters().getEndpointIdentificationAlgorithm());
}
 
Example #10
Source File: SocketSslGreetingTest.java    From netty-4.1.22 with Apache License 2.0 6 votes vote down vote up
@Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}")
public static Collection<Object[]> data() throws Exception {
    List<SslContext> serverContexts = new ArrayList<SslContext>();
    serverContexts.add(SslContextBuilder.forServer(CERT_FILE, KEY_FILE).sslProvider(SslProvider.JDK).build());

    List<SslContext> clientContexts = new ArrayList<SslContext>();
    clientContexts.add(SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(CERT_FILE).build());

    boolean hasOpenSsl = OpenSsl.isAvailable();
    if (hasOpenSsl) {
        serverContexts.add(SslContextBuilder.forServer(CERT_FILE, KEY_FILE)
                                            .sslProvider(SslProvider.OPENSSL).build());
        clientContexts.add(SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL)
                                            .trustManager(CERT_FILE).build());
    } else {
        logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause());
    }

    List<Object[]> params = new ArrayList<Object[]>();
    for (SslContext sc: serverContexts) {
        for (SslContext cc: clientContexts) {
            params.add(new Object[] { sc, cc });
        }
    }
    return params;
}
 
Example #11
Source File: SocketStartTlsTest.java    From netty-4.1.22 with Apache License 2.0 6 votes vote down vote up
@Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}")
public static Collection<Object[]> data() throws Exception {
    List<SslContext> serverContexts = new ArrayList<SslContext>();
    serverContexts.add(SslContextBuilder.forServer(CERT_FILE, KEY_FILE).sslProvider(SslProvider.JDK).build());

    List<SslContext> clientContexts = new ArrayList<SslContext>();
    clientContexts.add(SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(CERT_FILE).build());

    boolean hasOpenSsl = OpenSsl.isAvailable();
    if (hasOpenSsl) {
        serverContexts.add(SslContextBuilder.forServer(CERT_FILE, KEY_FILE)
                                            .sslProvider(SslProvider.OPENSSL).build());
        clientContexts.add(SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL)
                                            .trustManager(CERT_FILE).build());
    } else {
        logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause());
    }

    List<Object[]> params = new ArrayList<Object[]>();
    for (SslContext sc: serverContexts) {
        for (SslContext cc: clientContexts) {
            params.add(new Object[] { sc, cc });
        }
    }
    return params;
}
 
Example #12
Source File: SslUtil.java    From Dream-Catcher with MIT License 6 votes vote down vote up
@Override
public List<String> get() {
    List<String> ciphers;
    if (OpenSsl.isAvailable()) {
        // TODO: consider switching to the list of all available ciphers using OpenSsl.availableCipherSuites()
        ciphers = getBuiltInCipherList();
    } else {
        ciphers = getEnabledJdkCipherSuites();

        if (ciphers.isEmpty()) {
            // could not retrieve the list of enabled ciphers from the JDK SSLContext, so use the hard-coded list
            ciphers = getBuiltInCipherList();
        }
    }

    return ciphers;
}
 
Example #13
Source File: TransportSupportTest.java    From qpid-jms with Apache License 2.0 6 votes vote down vote up
@Test
public void testCreateSslEngineFromJksStoreOpenSSL() throws Exception {
    assumeTrue(OpenSsl.isAvailable());
    assumeTrue(OpenSsl.supportsKeyManagerFactory());

    TransportOptions options = createJksSslOptions();

    SslContext context = TransportSupport.createOpenSslContext(options);
    assertNotNull(context);

    SSLEngine engine = TransportSupport.createOpenSslEngine(PooledByteBufAllocator.DEFAULT, null, context, options);
    assertNotNull(engine);

    List<String> engineProtocols = Arrays.asList(engine.getEnabledProtocols());
    assertFalse(engineProtocols.isEmpty());
}
 
Example #14
Source File: TransportSupportTest.java    From qpid-jms with Apache License 2.0 6 votes vote down vote up
@Test
public void testLegacySslProtocolsDisabledByDefaultOpenSSL() throws Exception {
    assumeTrue(OpenSsl.isAvailable());
    assumeTrue(OpenSsl.supportsKeyManagerFactory());

    TransportOptions options = createJksSslOptions(null);

    SslContext context = TransportSupport.createOpenSslContext(options);
    assertNotNull(context);

    SSLEngine engine = TransportSupport.createOpenSslEngine(PooledByteBufAllocator.DEFAULT, null, context, options);
    assertNotNull(engine);

    List<String> engineProtocols = Arrays.asList(engine.getEnabledProtocols());
    assertFalse("SSLv3 should not be enabled by default", engineProtocols.contains("SSLv3"));

    // TODO - Netty is currently unable to disable OpenSSL SSLv2Hello so we are stuck with it for now.
    // assertFalse("SSLv2Hello should not be enabled by default", engineProtocols.contains("SSLv2Hello"));
}
 
Example #15
Source File: TransportSupportTest.java    From qpid-jms with Apache License 2.0 6 votes vote down vote up
@Test
public void testCreateSslEngineWithoutVerifyHostOpenSSL() throws Exception {
    assumeTrue(OpenSsl.isAvailable());
    assumeTrue(OpenSsl.supportsKeyManagerFactory());
    assumeTrue(OpenSsl.supportsHostnameValidation());

    TransportOptions options = createJksSslOptions();
    options.setVerifyHost(false);

    SslContext context = TransportSupport.createOpenSslContext(options);
    assertNotNull(context);

    SSLEngine engine = TransportSupport.createOpenSslEngine(PooledByteBufAllocator.DEFAULT, null, context, options);
    assertNotNull(engine);

    assertNull(engine.getSSLParameters().getEndpointIdentificationAlgorithm());
}
 
Example #16
Source File: TransportSupport.java    From qpid-jms with Apache License 2.0 6 votes vote down vote up
/**
 * Determines if Netty OpenSSL support is available and applicable based on the configuration
 * in the given TransportOptions instance.
 *
 * @param options
 * 		  The configuration of the Transport being created.
 *
 * @return true if OpenSSL support is available and usable given the requested configuration.
 */
public static boolean isOpenSSLPossible(TransportOptions options) {
    boolean result = false;

    if (options.isUseOpenSSL()) {
        if (!OpenSsl.isAvailable()) {
            LOG.debug("OpenSSL could not be enabled because a suitable implementation could not be found.", OpenSsl.unavailabilityCause());
        } else if (options.getSslContextOverride() != null) {
            LOG.debug("OpenSSL could not be enabled due to user SSLContext being supplied.");
        } else if (!OpenSsl.supportsKeyManagerFactory()) {
            LOG.debug("OpenSSL could not be enabled because the version provided does not allow a KeyManagerFactory to be used.");
        } else if (options.isVerifyHost() && !OpenSsl.supportsHostnameValidation()) {
            // Keep deprecated check for now, older netty-tcnative versions required it and we don't control the version used.
            LOG.debug("OpenSSL could not be enabled due to verifyHost being enabled but not supported by the provided OpenSSL version.");
        } else if (options.getKeyAlias() != null) {
            LOG.debug("OpenSSL could not be enabled because a keyAlias is set and that feature is not supported for OpenSSL.");
        } else {
            LOG.debug("OpenSSL Enabled: Version {} of OpenSSL will be used", OpenSsl.versionString());
            result = true;
        }
    }

    return result;
}
 
Example #17
Source File: FlagsTest.java    From armeria with Apache License 2.0 6 votes vote down vote up
@Test
void dumpOpenSslInfoDoNotThrowStackOverFlowError() throws Throwable {
    assumeThat(OpenSsl.isAvailable()).isTrue();
    System.setProperty("com.linecorp.armeria.dumpOpenSslInfo", "true");

    // There's a chance that Flags.useOpenSsl() is already called by other test cases, which means that
    // we cannot set dumpOpenSslInfo. So we use our own class loader to load the Flags class.
    final FlagsClassLoader classLoader = new FlagsClassLoader();
    final Class<?> flags = classLoader.loadClass("com.linecorp.armeria.common.Flags");
    final Lookup lookup = MethodHandles.publicLookup();
    final MethodHandle useOpenSslMethodHandle = lookup.findStatic(flags, "useOpenSsl",
                                                                  MethodType.methodType(boolean.class));
    useOpenSslMethodHandle.invoke(); // Call Flags.useOpenSsl();

    final MethodHandle dumpOpenSslInfoMethodHandle =
            lookup.findStatic(flags, "dumpOpenSslInfo", MethodType.methodType(boolean.class));
    // // Call Flags.dumpOpenSslInfo();
    assertThat(dumpOpenSslInfoMethodHandle.invoke()).isSameAs(Boolean.TRUE);
}
 
Example #18
Source File: SocketStartTlsTest.java    From netty4.0.27Learn with Apache License 2.0 6 votes vote down vote up
@Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}")
public static Collection<Object[]> data() throws Exception {
    List<SslContext> serverContexts = new ArrayList<SslContext>();
    serverContexts.add(new JdkSslServerContext(CERT_FILE, KEY_FILE));

    List<SslContext> clientContexts = new ArrayList<SslContext>();
    clientContexts.add(new JdkSslClientContext(CERT_FILE));

    boolean hasOpenSsl = OpenSsl.isAvailable();
    if (hasOpenSsl) {
        serverContexts.add(new OpenSslServerContext(CERT_FILE, KEY_FILE));
        clientContexts.add(new OpenSslClientContext(CERT_FILE));
    } else {
        logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause());
    }

    List<Object[]> params = new ArrayList<Object[]>();
    for (SslContext sc: serverContexts) {
        for (SslContext cc: clientContexts) {
            params.add(new Object[] { sc, cc });
        }
    }
    return params;
}
 
Example #19
Source File: SocketSslGreetingTest.java    From netty4.0.27Learn with Apache License 2.0 6 votes vote down vote up
@Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}")
public static Collection<Object[]> data() throws Exception {
    List<SslContext> serverContexts = new ArrayList<SslContext>();
    serverContexts.add(new JdkSslServerContext(CERT_FILE, KEY_FILE));

    List<SslContext> clientContexts = new ArrayList<SslContext>();
    clientContexts.add(new JdkSslClientContext(CERT_FILE));

    boolean hasOpenSsl = OpenSsl.isAvailable();
    if (hasOpenSsl) {
        serverContexts.add(new OpenSslServerContext(CERT_FILE, KEY_FILE));
        clientContexts.add(new OpenSslClientContext(CERT_FILE));
    } else {
        logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause());
    }

    List<Object[]> params = new ArrayList<Object[]>();
    for (SslContext sc: serverContexts) {
        for (SslContext cc: clientContexts) {
            params.add(new Object[] { sc, cc });
        }
    }
    return params;
}
 
Example #20
Source File: NettyHttp2Client.java    From jmeter-http2-plugin with Apache License 2.0 6 votes vote down vote up
private SslContext getSslContext() {
    SslContext sslCtx = null;

    final SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;

    try {
        sslCtx = SslContextBuilder.forClient()
            .sslProvider(provider)
            .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
            .trustManager(InsecureTrustManagerFactory.INSTANCE)
            .applicationProtocolConfig(new ApplicationProtocolConfig(
                Protocol.ALPN,
                SelectorFailureBehavior.NO_ADVERTISE,
                SelectedListenerFailureBehavior.ACCEPT,
                ApplicationProtocolNames.HTTP_2))
            .build();
    } catch(SSLException exception) {
        return null;
    }

    return sslCtx;
}
 
Example #21
Source File: TransportSupportTest.java    From qpid-jms with Apache License 2.0 6 votes vote down vote up
@Test
public void testCreateSslEngineFromPkcs12StoreOpenSSL() throws Exception {
    assumeTrue(OpenSsl.isAvailable());
    assumeTrue(OpenSsl.supportsKeyManagerFactory());

    TransportOptions options = createPkcs12SslOptions();

    SslContext context = TransportSupport.createOpenSslContext(options);
    assertNotNull(context);

    SSLEngine engine = TransportSupport.createOpenSslEngine(PooledByteBufAllocator.DEFAULT, null, context, options);
    assertNotNull(engine);

    List<String> engineProtocols = Arrays.asList(engine.getEnabledProtocols());
    assertFalse(engineProtocols.isEmpty());
}
 
Example #22
Source File: Http2OkHttpTest.java    From grpc-nebula-java with Apache License 2.0 6 votes vote down vote up
@Override
protected AbstractServerImplBuilder<?> getServerBuilder() {
  // Starts the server with HTTPS.
  try {
    SslProvider sslProvider = SslContext.defaultServerProvider();
    if (sslProvider == SslProvider.OPENSSL && !OpenSsl.isAlpnSupported()) {
      // OkHttp only supports Jetty ALPN on OpenJDK. So if OpenSSL doesn't support ALPN, then we
      // are forced to use Jetty ALPN for Netty instead of OpenSSL.
      sslProvider = SslProvider.JDK;
    }
    SslContextBuilder contextBuilder = SslContextBuilder
        .forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"));
    GrpcSslContexts.configure(contextBuilder, sslProvider);
    contextBuilder.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE);
    return NettyServerBuilder.forPort(0)
        .flowControlWindow(65 * 1024)
        .maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
        .sslContext(contextBuilder.build());
  } catch (IOException ex) {
    throw new RuntimeException(ex);
  }
}
 
Example #23
Source File: SslProviderTests.java    From reactor-netty with Apache License 2.0 5 votes vote down vote up
@Test
public void testSslConfigurationProtocolHttp11_2() {
	DisposableServer disposableServer =
			server.protocol(HttpProtocol.H2)
			      .secure(spec -> spec.sslContext(builder))
			      .protocol(HttpProtocol.HTTP11)
			      .bindNow();
	assertTrue(protocols.isEmpty());
	assertTrue(OpenSsl.isAvailable() ? sslContext instanceof OpenSslContext :
	                                   sslContext instanceof JdkSslContext);
	disposableServer.disposeNow();
}
 
Example #24
Source File: TransportSupportTest.java    From qpid-jms with Apache License 2.0 5 votes vote down vote up
@Test(expected = IOException.class)
public void testCreateSslContextBadPathToKeyStoreOpenSSL() throws Exception {
    assumeTrue(OpenSsl.isAvailable());
    assumeTrue(OpenSsl.supportsKeyManagerFactory());

    TransportOptions options = createJksSslOptions();
    options.setKeyStoreLocation(CLIENT_JKS_KEYSTORE + ".bad");
    TransportSupport.createOpenSslContext(options);
}
 
Example #25
Source File: TransportSupportTest.java    From qpid-jms with Apache License 2.0 5 votes vote down vote up
@Test(timeout = 100000)
public void testIsOpenSSLPossibleWhenKeyAliasIsSpecified() throws Exception {
    assumeTrue(OpenSsl.isAvailable());
    assumeTrue(OpenSsl.supportsKeyManagerFactory());
    assumeTrue(OpenSsl.supportsHostnameValidation());

    TransportOptions options = new TransportOptions();
    options.setUseOpenSSL(true);
    options.setKeyAlias("alias");

    assertFalse(TransportSupport.isOpenSSLPossible(options));
}
 
Example #26
Source File: ProberModule.java    From nomulus with Apache License 2.0 5 votes vote down vote up
/** {@link Provides} the {@link SslProvider} used by instances of {@link SslClientInitializer} */
@Provides
@Singleton
static SslProvider provideSslProvider() {
  // Prefer OpenSSL.
  return OpenSsl.isAvailable() ? SslProvider.OPENSSL : SslProvider.JDK;
}
 
Example #27
Source File: TransportSupportTest.java    From qpid-jms with Apache License 2.0 5 votes vote down vote up
@Test(timeout = 100000)
public void testCreateSslHandlerOpenSSL() throws Exception {
    assumeTrue(OpenSsl.isAvailable());
    assumeTrue(OpenSsl.supportsKeyManagerFactory());

    TransportOptions options = new TransportOptions();
    options.setUseOpenSSL(true);

    SslHandler handler = TransportSupport.createSslHandler(PooledByteBufAllocator.DEFAULT, null, options);
    assertNotNull(handler);
    assertTrue(handler.engine() instanceof OpenSslEngine);
}
 
Example #28
Source File: ZipkinStackdriverStorageIntegrationTest.java    From zipkin-gcp with Apache License 2.0 5 votes vote down vote up
@Test
public void openSSLAvailable() {
  assertThat(OpenSsl.isAvailable())
      .withFailMessage("OpenSsl unavailable:" + OpenSsl.unavailabilityCause())
      .isTrue();

  assertThat(SslContext.defaultServerProvider())
      .withFailMessage("OpenSsl suppose to be default")
      .isEqualTo(SslProvider.OPENSSL);

  assertThat(SslContext.defaultClientProvider())
      .withFailMessage("OpenSsl suppose to be default")
      .isEqualTo(SslProvider.OPENSSL);
}
 
Example #29
Source File: TransportSupportTest.java    From qpid-jms with Apache License 2.0 5 votes vote down vote up
@Test(timeout = 100000)
public void testIsOpenSSLPossibleWhenHostNameVerificationConfigured() throws Exception {
    assumeTrue(OpenSsl.isAvailable());
    assumeTrue(OpenSsl.supportsKeyManagerFactory());
    assumeTrue(OpenSsl.supportsHostnameValidation());

    TransportOptions options = new TransportOptions();
    options.setUseOpenSSL(true);

    options.setVerifyHost(false);
    assertTrue(TransportSupport.isOpenSSLPossible(options));

    options.setVerifyHost(true);
    assertTrue(TransportSupport.isOpenSSLPossible(options));
}
 
Example #30
Source File: OpenSSLTest.java    From deprecated-security-ssl with Apache License 2.0 5 votes vote down vote up
@Test
public void testEnsureOpenSSLAvailability() {
    //Assert.assertTrue("OpenSSL not available: "+String.valueOf(OpenSsl.unavailabilityCause()), OpenSsl.isAvailable());
            
    final String openSSLOptional = System.getenv("OPENDISTRO_SECURITY_TEST_OPENSSL_OPT");
    System.out.println("OPENDISTRO_SECURITY_TEST_OPENSSL_OPT "+openSSLOptional);
    if(!Boolean.parseBoolean(openSSLOptional)) {
        System.out.println("OpenSSL must be available");
        Assert.assertTrue("OpenSSL not available: "+String.valueOf(OpenSsl.unavailabilityCause()), OpenSsl.isAvailable());
    } else {
        System.out.println("OpenSSL can be available");
    }
}