Java Code Examples for io.netty.handler.ssl.OpenSsl#isAvailable()
The following examples show how to use
io.netty.handler.ssl.OpenSsl#isAvailable() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SslUtil.java From browserup-proxy with Apache License 2.0 | 6 votes |
@Override public List<String> get() { List<String> ciphers; if (OpenSsl.isAvailable()) { // TODO: consider switching to the list of all available ciphers using OpenSsl.availableCipherSuites() ciphers = getBuiltInCipherList(); } else { ciphers = getEnabledJdkCipherSuites(); if (ciphers.isEmpty()) { // could not retrieve the list of enabled ciphers from the JDK SSLContext, so use the hard-coded list ciphers = getBuiltInCipherList(); } } return ciphers; }
Example 2
Source File: BridgeServerTlsContextImpl.java From arcusplatform with Apache License 2.0 | 6 votes |
private static SslProvider createSslProvider(BridgeServerConfig serverConfig) { switch (serverConfig.getTlsProvider()) { case BridgeServerConfig.TLS_PROVIDER_JDK: case BridgeServerConfig.TLS_PROVIDER_DEFAULT: logger.info("using jdk ssl provider"); return SslProvider.JDK; case BridgeServerConfig.TLS_PROVIDER_OPENSSL: if (!OpenSsl.isAvailable()) { throw new RuntimeException("could not initialize openssl ssl provider", OpenSsl.unavailabilityCause()); } logger.info("using openssl ssl provider"); return SslProvider.OPENSSL_REFCNT; default: throw new RuntimeException("unknown ssl provider: " + serverConfig.getTlsProvider()); } }
Example 3
Source File: SocketStartTlsTest.java From netty4.0.27Learn with Apache License 2.0 | 6 votes |
@Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}") public static Collection<Object[]> data() throws Exception { List<SslContext> serverContexts = new ArrayList<SslContext>(); serverContexts.add(new JdkSslServerContext(CERT_FILE, KEY_FILE)); List<SslContext> clientContexts = new ArrayList<SslContext>(); clientContexts.add(new JdkSslClientContext(CERT_FILE)); boolean hasOpenSsl = OpenSsl.isAvailable(); if (hasOpenSsl) { serverContexts.add(new OpenSslServerContext(CERT_FILE, KEY_FILE)); clientContexts.add(new OpenSslClientContext(CERT_FILE)); } else { logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause()); } List<Object[]> params = new ArrayList<Object[]>(); for (SslContext sc: serverContexts) { for (SslContext cc: clientContexts) { params.add(new Object[] { sc, cc }); } } return params; }
Example 4
Source File: SocketSslClientRenegotiateTest.java From netty-4.1.22 with Apache License 2.0 | 6 votes |
@Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}") public static Collection<Object[]> data() throws Exception { List<SslContext> serverContexts = new ArrayList<SslContext>(); List<SslContext> clientContexts = new ArrayList<SslContext>(); clientContexts.add(new JdkSslClientContext(CERT_FILE)); boolean hasOpenSsl = OpenSsl.isAvailable(); if (hasOpenSsl) { OpenSslServerContext context = new OpenSslServerContext(CERT_FILE, KEY_FILE); serverContexts.add(context); } else { logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause()); } List<Object[]> params = new ArrayList<Object[]>(); for (SslContext sc: serverContexts) { for (SslContext cc: clientContexts) { for (int i = 0; i < 32; i++) { params.add(new Object[] { sc, cc}); } } } return params; }
Example 5
Source File: SocketSslGreetingTest.java From netty-4.1.22 with Apache License 2.0 | 6 votes |
@Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}") public static Collection<Object[]> data() throws Exception { List<SslContext> serverContexts = new ArrayList<SslContext>(); serverContexts.add(SslContextBuilder.forServer(CERT_FILE, KEY_FILE).sslProvider(SslProvider.JDK).build()); List<SslContext> clientContexts = new ArrayList<SslContext>(); clientContexts.add(SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(CERT_FILE).build()); boolean hasOpenSsl = OpenSsl.isAvailable(); if (hasOpenSsl) { serverContexts.add(SslContextBuilder.forServer(CERT_FILE, KEY_FILE) .sslProvider(SslProvider.OPENSSL).build()); clientContexts.add(SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL) .trustManager(CERT_FILE).build()); } else { logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause()); } List<Object[]> params = new ArrayList<Object[]>(); for (SslContext sc: serverContexts) { for (SslContext cc: clientContexts) { params.add(new Object[] { sc, cc }); } } return params; }
Example 6
Source File: SocketStartTlsTest.java From netty-4.1.22 with Apache License 2.0 | 6 votes |
@Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}") public static Collection<Object[]> data() throws Exception { List<SslContext> serverContexts = new ArrayList<SslContext>(); serverContexts.add(SslContextBuilder.forServer(CERT_FILE, KEY_FILE).sslProvider(SslProvider.JDK).build()); List<SslContext> clientContexts = new ArrayList<SslContext>(); clientContexts.add(SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(CERT_FILE).build()); boolean hasOpenSsl = OpenSsl.isAvailable(); if (hasOpenSsl) { serverContexts.add(SslContextBuilder.forServer(CERT_FILE, KEY_FILE) .sslProvider(SslProvider.OPENSSL).build()); clientContexts.add(SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL) .trustManager(CERT_FILE).build()); } else { logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause()); } List<Object[]> params = new ArrayList<Object[]>(); for (SslContext sc: serverContexts) { for (SslContext cc: clientContexts) { params.add(new Object[] { sc, cc }); } } return params; }
Example 7
Source File: TransportSupport.java From qpid-jms with Apache License 2.0 | 6 votes |
/** * Determines if Netty OpenSSL support is available and applicable based on the configuration * in the given TransportOptions instance. * * @param options * The configuration of the Transport being created. * * @return true if OpenSSL support is available and usable given the requested configuration. */ public static boolean isOpenSSLPossible(TransportOptions options) { boolean result = false; if (options.isUseOpenSSL()) { if (!OpenSsl.isAvailable()) { LOG.debug("OpenSSL could not be enabled because a suitable implementation could not be found.", OpenSsl.unavailabilityCause()); } else if (options.getSslContextOverride() != null) { LOG.debug("OpenSSL could not be enabled due to user SSLContext being supplied."); } else if (!OpenSsl.supportsKeyManagerFactory()) { LOG.debug("OpenSSL could not be enabled because the version provided does not allow a KeyManagerFactory to be used."); } else if (options.isVerifyHost() && !OpenSsl.supportsHostnameValidation()) { // Keep deprecated check for now, older netty-tcnative versions required it and we don't control the version used. LOG.debug("OpenSSL could not be enabled due to verifyHost being enabled but not supported by the provided OpenSSL version."); } else if (options.getKeyAlias() != null) { LOG.debug("OpenSSL could not be enabled because a keyAlias is set and that feature is not supported for OpenSSL."); } else { LOG.debug("OpenSSL Enabled: Version {} of OpenSSL will be used", OpenSsl.versionString()); result = true; } } return result; }
Example 8
Source File: SslUtil.java From CapturePacket with MIT License | 6 votes |
@Override public List<String> get() { List<String> ciphers; if (OpenSsl.isAvailable()) { // TODO: consider switching to the list of all available ciphers using OpenSsl.availableCipherSuites() ciphers = getBuiltInCipherList(); } else { ciphers = getEnabledJdkCipherSuites(); if (ciphers.isEmpty()) { // could not retrieve the list of enabled ciphers from the JDK SSLContext, so use the hard-coded list ciphers = getBuiltInCipherList(); } } return ciphers; }
Example 9
Source File: GrpcSslContexts.java From grpc-java with Apache License 2.0 | 6 votes |
/** * Returns OpenSSL if available, otherwise returns the JDK provider. */ private static SslProvider defaultSslProvider() { if (OpenSsl.isAvailable()) { logger.log(Level.FINE, "Selecting OPENSSL"); return SslProvider.OPENSSL; } Provider provider = findJdkProvider(); if (provider != null) { logger.log(Level.FINE, "Selecting JDK with provider {0}", provider); return SslProvider.JDK; } logger.log(Level.INFO, "Java 9 ALPN API unavailable (this may be normal)"); logger.log(Level.INFO, "netty-tcnative unavailable (this may be normal)", OpenSsl.unavailabilityCause()); logger.log(Level.INFO, "Conscrypt not found (this may be normal)", ConscryptHolder.UNAVAILABILITY_CAUSE); logger.log(Level.INFO, "Jetty ALPN unavailable (this may be normal)", JettyTlsUtil.getJettyAlpnUnavailabilityCause()); throw new IllegalStateException( "Could not find TLS ALPN provider; " + "no working netty-tcnative, Conscrypt, or Jetty NPN/ALPN available"); }
Example 10
Source File: Flags.java From armeria with Apache License 2.0 | 5 votes |
private static void setUseOpenSslAndDumpOpenSslInfo() { final boolean useOpenSsl = getBoolean("useOpenSsl", true); if (!useOpenSsl) { // OpenSSL explicitly disabled Flags.useOpenSsl = false; dumpOpenSslInfo = false; return; } if (!OpenSsl.isAvailable()) { final Throwable cause = Exceptions.peel(OpenSsl.unavailabilityCause()); logger.info("OpenSSL not available: {}", cause.toString()); Flags.useOpenSsl = false; dumpOpenSslInfo = false; return; } Flags.useOpenSsl = true; logger.info("Using OpenSSL: {}, 0x{}", OpenSsl.versionString(), Long.toHexString(OpenSsl.version() & 0xFFFFFFFFL)); dumpOpenSslInfo = getBoolean("dumpOpenSslInfo", false); if (dumpOpenSslInfo) { final SSLEngine engine = SslContextUtil.createSslContext( SslContextBuilder::forClient, false, ImmutableList.of()).newEngine(ByteBufAllocator.DEFAULT); logger.info("All available SSL protocols: {}", ImmutableList.copyOf(engine.getSupportedProtocols())); logger.info("Default enabled SSL protocols: {}", SslContextUtil.DEFAULT_PROTOCOLS); ReferenceCountUtil.release(engine); logger.info("All available SSL ciphers: {}", OpenSsl.availableJavaCipherSuites()); logger.info("Default enabled SSL ciphers: {}", SslContextUtil.DEFAULT_CIPHERS); } }
Example 11
Source File: ProberModule.java From nomulus with Apache License 2.0 | 5 votes |
/** {@link Provides} the {@link SslProvider} used by instances of {@link SslClientInitializer} */ @Provides @Singleton static SslProvider provideSslProvider() { // Prefer OpenSSL. return OpenSsl.isAvailable() ? SslProvider.OPENSSL : SslProvider.JDK; }
Example 12
Source File: GatewayNetty.java From arcusplatform with Apache License 2.0 | 5 votes |
public static SslProvider createSslProvider() { Supplier<String> sslProvider = ConfigService.supplier("iris.gateway.ssl.provider", String.class, ""); Security.addProvider(new BouncyCastleProvider()); switch (sslProvider.get()) { case "": case "openssl": if (OpenSsl.isAvailable()) { log.debug("using openssl for gateway ssl provider"); return openssl(); } else { if (!"".equals(sslProvider.get())) { log.warn("openssl ssl provider requested but not available, using jdk ssl for gateway connection:", OpenSsl.unavailabilityCause()); } else { log.debug("using jdk for gateway ssl provider: ", OpenSsl.unavailabilityCause()); } return jdk(); } case "jdk": log.debug("using jdk for gateway ssl provider"); return jdk(); default: log.warn("unknown ssl provider, using jdk by default"); return jdk(); } }
Example 13
Source File: NetworkUtils.java From blazingcache with Apache License 2.0 | 5 votes |
public static boolean isOpenSslAvailable() { if (openSslAvailable != null) { return openSslAvailable; } if (ENABLE_OPENSSL && OpenSsl.isAvailable()) { OpenSsl.ensureAvailability(); openSslAvailable = true; } else { Throwable cause = OpenSsl.unavailabilityCause(); LOG.log(Level.INFO, "Native OpenSSL support is not available on this platform: " + cause); openSslAvailable = false; } return openSslAvailable; }
Example 14
Source File: SslClientInitializerTest.java From nomulus with Apache License 2.0 | 4 votes |
@Parameters(name = "{0}") public static SslProvider[] data() { return OpenSsl.isAvailable() ? new SslProvider[] {SslProvider.JDK, SslProvider.OPENSSL} : new SslProvider[] {SslProvider.JDK}; }
Example 15
Source File: SSLTestBase.java From activemq-artemis with Apache License 2.0 | 4 votes |
protected boolean isOpenSSLSupported() { if (sslProvider.equals(TransportConstants.OPENSSL_PROVIDER) || clientSslProvider.equals(TransportConstants.OPENSSL_PROVIDER)) { return OpenSsl.isAvailable(); } return true; }
Example 16
Source File: ZipkinStackdriverStorageModule.java From zipkin-gcp with Apache License 2.0 | 4 votes |
@Bean @ConditionalOnMissingBean StorageComponent storage( @Value("${zipkin.storage.strict-trace-id:true}") boolean strictTraceId, @Qualifier("projectId") String projectId, ClientFactory clientFactory, ZipkinStackdriverStorageProperties properties, Credentials credentials) { if (!OpenSsl.isAvailable() && !jettyAlpnAvailable()) { throw new IllegalStateException( "OpenSsl or ALPN is required. This usually requires either JDK9+, jetty-alpn, or " + "netty-tcnative-boringssl-static"); } ClientOptionsBuilder options = ClientOptions.builder(); HttpLogging httpLogging = properties.getHttpLogging(); if (httpLogging != HttpLogging.NONE) { LoggingClientBuilder loggingBuilder = LoggingClient.builder() .requestLogLevel(LogLevel.INFO) .successfulResponseLogLevel(LogLevel.INFO); switch (httpLogging) { case HEADERS: loggingBuilder.contentSanitizer(unused -> ""); break; case BASIC: loggingBuilder.contentSanitizer(unused -> ""); loggingBuilder.headersSanitizer(unused -> HttpHeaders.of()); break; default: break; } options.decorator(loggingBuilder.newDecorator()); } return StackdriverStorage.newBuilder(properties.getApiHost()) .projectId(projectId) .strictTraceId(strictTraceId) .clientFactory(clientFactory) .clientOptions(options .decorator(CredentialsDecoratingClient.newDecorator(credentials)) .build()) .build(); }
Example 17
Source File: ConnectionFactoryImpl.java From hono with Eclipse Public License 2.0 | 4 votes |
private void addTlsTrustOptions(final ProtonClientOptions clientOptions) { if (config.isTlsEnabled()) { clientOptions.setSsl(true); } if (clientOptions.getTrustOptions() == null) { final TrustOptions trustOptions = config.getTrustOptions(); if (trustOptions != null) { clientOptions.setSsl(true).setTrustOptions(trustOptions); } } if (clientOptions.isSsl()) { final boolean isOpenSslAvailable = OpenSsl.isAvailable(); final boolean supportsKeyManagerFactory = OpenSsl.supportsKeyManagerFactory(); final boolean useOpenSsl = isOpenSslAvailable && supportsKeyManagerFactory; logger.debug("OpenSSL [available: {}, supports KeyManagerFactory: {}]", isOpenSslAvailable, supportsKeyManagerFactory); if (useOpenSsl) { logger.debug("using OpenSSL [version: {}] instead of JDK's default SSL engine", OpenSsl.versionString()); clientOptions.setSslEngineOptions(new OpenSSLEngineOptions()); } else { logger.debug("using JDK's default SSL engine"); } if (config.isHostnameVerificationRequired()) { clientOptions.setHostnameVerificationAlgorithm("HTTPS"); } else { clientOptions.setHostnameVerificationAlgorithm(""); } clientOptions.getEnabledSecureTransportProtocols() .forEach(protocol -> clientOptions.removeEnabledSecureTransportProtocol(protocol)); config.getSecureProtocols().forEach(protocol -> { logger.debug("enabling secure protocol [{}]", protocol); clientOptions.addEnabledSecureTransportProtocol(protocol); }); } }
Example 18
Source File: OcspServerExample.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
public static void main(String[] args) throws Exception { // We assume there's a private key. PrivateKey privateKey = null; // Step 1: Load the certificate chain for netty.io. We'll need the certificate // and the issuer's certificate and we don't need any of the intermediate certs. // The array is assumed to be a certain order to keep things simple. X509Certificate[] keyCertChain = parseCertificates(OcspServerExample.class, "netty_io_chain.pem"); X509Certificate certificate = keyCertChain[0]; X509Certificate issuer = keyCertChain[keyCertChain.length - 1]; // Step 2: We need the URL of the CA's OCSP responder server. It's somewhere encoded // into the certificate! Notice that it's a HTTP URL. URI uri = OcspUtils.ocspUri(certificate); System.out.println("OCSP Responder URI: " + uri); if (uri == null) { throw new IllegalStateException("The CA/certificate doesn't have an OCSP responder"); } // Step 3: Construct the OCSP request OCSPReq request = new OcspRequestBuilder() .certificate(certificate) .issuer(issuer) .build(); // Step 4: Do the request to the CA's OCSP responder OCSPResp response = OcspUtils.request(uri, request, 5L, TimeUnit.SECONDS); if (response.getStatus() != OCSPResponseStatus.SUCCESSFUL) { throw new IllegalStateException("response-status=" + response.getStatus()); } // Step 5: Is my certificate any good or has the CA revoked it? BasicOCSPResp basicResponse = (BasicOCSPResp) response.getResponseObject(); SingleResp first = basicResponse.getResponses()[0]; CertificateStatus status = first.getCertStatus(); System.out.println("Status: " + (status == CertificateStatus.GOOD ? "Good" : status)); System.out.println("This Update: " + first.getThisUpdate()); System.out.println("Next Update: " + first.getNextUpdate()); if (status != null) { throw new IllegalStateException("certificate-status=" + status); } BigInteger certSerial = certificate.getSerialNumber(); BigInteger ocspSerial = first.getCertID().getSerialNumber(); if (!certSerial.equals(ocspSerial)) { throw new IllegalStateException("Bad Serials=" + certSerial + " vs. " + ocspSerial); } // Step 6: Cache the OCSP response and use it as long as it's not // expired. The exact semantics are beyond the scope of this example. if (!OpenSsl.isAvailable()) { throw new IllegalStateException("OpenSSL is not available!"); } if (!OpenSsl.isOcspSupported()) { throw new IllegalStateException("OCSP is not supported!"); } if (privateKey == null) { throw new IllegalStateException("Because we don't have a PrivateKey we can't continue past this point."); } ReferenceCountedOpenSslContext context = (ReferenceCountedOpenSslContext) SslContextBuilder.forServer(privateKey, keyCertChain) .sslProvider(SslProvider.OPENSSL) .enableOcsp(true) .build(); try { ServerBootstrap bootstrap = new ServerBootstrap() .childHandler(newServerHandler(context, response)); // so on and so forth... } finally { context.release(); } }
Example 19
Source File: ProxyModule.java From nomulus with Apache License 2.0 | 4 votes |
@Provides static SslProvider provideSslProvider() { // Prefer OpenSSL. return OpenSsl.isAvailable() ? SslProvider.OPENSSL : SslProvider.JDK; }
Example 20
Source File: SocketSslEchoTest.java From netty4.0.27Learn with Apache License 2.0 | 4 votes |
@Parameters(name = "{index}: serverEngine = {0}, clientEngine = {1}, renegotiation = {2}, " + "serverUsesDelegatedTaskExecutor = {3}, clientUsesDelegatedTaskExecutor = {4}, " + "autoRead = {5}, useChunkedWriteHandler = {6}, useCompositeByteBuf = {7}") public static Collection<Object[]> data() throws Exception { List<SslContext> serverContexts = new ArrayList<SslContext>(); serverContexts.add(new JdkSslServerContext(CERT_FILE, KEY_FILE)); List<SslContext> clientContexts = new ArrayList<SslContext>(); clientContexts.add(new JdkSslClientContext(CERT_FILE)); boolean hasOpenSsl = OpenSsl.isAvailable(); if (hasOpenSsl) { serverContexts.add(new OpenSslServerContext(CERT_FILE, KEY_FILE)); clientContexts.add(new OpenSslClientContext(CERT_FILE)); } else { logger.warn("OpenSSL is unavailable and thus will not be tested.", OpenSsl.unavailabilityCause()); } List<Object[]> params = new ArrayList<Object[]>(); for (SslContext sc: serverContexts) { for (SslContext cc: clientContexts) { for (RenegotiationType rt: RenegotiationType.values()) { if (rt != RenegotiationType.NONE && (sc instanceof OpenSslContext || cc instanceof OpenSslContext)) { // TODO: OpenSslEngine does not support renegotiation yet. continue; } Renegotiation r; if (rt == RenegotiationType.NONE) { r = Renegotiation.NONE; } else { r = new Renegotiation(rt, "SSL_RSA_WITH_RC4_128_SHA"); } for (int i = 0; i < 32; i++) { params.add(new Object[] { sc, cc, r, (i & 16) != 0, (i & 8) != 0, (i & 4) != 0, (i & 2) != 0, (i & 1) != 0 }); } } } } return params; }