io.vertx.core.net.TrustOptions Java Examples
The following examples show how to use
io.vertx.core.net.TrustOptions.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: HttpTlsOptionHelpers.java From orion with Apache License 2.0 | 6 votes |
public static Optional<TrustOptions> createTrustOptions(final String trustMode, final Path knownConnectionFile) { switch (trustMode) { case "whitelist": return Optional.of(VertxTrustOptions.whitelistClients(knownConnectionFile, false)); case "ca": return Optional.empty(); case "tofu": case "insecure-tofa": return Optional.of(VertxTrustOptions.trustClientOnFirstAccess(knownConnectionFile, false)); case "insecure-no-validation": case "insecure-record": return Optional.of(VertxTrustOptions.recordClientFingerprints(knownConnectionFile, false)); case "ca-or-tofu": case "insecure-ca-or-tofa": return Optional.of(VertxTrustOptions.trustClientOnFirstAccess(knownConnectionFile, true)); case "ca-or-whitelist": return Optional.of(VertxTrustOptions.whitelistClients(knownConnectionFile, true)); case "insecure-ca-or-record": return Optional.of(VertxTrustOptions.recordClientFingerprints(knownConnectionFile, true)); default: throw new UnsupportedOperationException("\"" + trustMode + "\" option is not supported"); } }
Example #2
Source File: SslCustomizer.java From vertx-spring-boot with Apache License 2.0 | 5 votes |
private TrustOptions trustOptionsAdapter(Ssl ssl) { if ("JKS".equalsIgnoreCase(ssl.getTrustStoreType())) { return getJksOptions(ssl.getTrustStore(), ssl.getTrustStorePassword()); } else if ("PKCS12".equalsIgnoreCase(ssl.getTrustStoreType())) { return getPfxOptions(ssl.getTrustStore(), ssl.getTrustStorePassword()); } return null; }
Example #3
Source File: InsecureTrustOptions.java From incubator-tuweni with Apache License 2.0 | 4 votes |
@Override public TrustOptions clone() { return this; }
Example #4
Source File: TrustManagerFactoryWrapper.java From incubator-tuweni with Apache License 2.0 | 4 votes |
@Override public TrustOptions clone() { return new TrustManagerFactoryWrapper(trustManagerFactory); }
Example #5
Source File: MSSQLConnectOptions.java From vertx-sql-client with Apache License 2.0 | 4 votes |
@Override public MSSQLConnectOptions setTrustOptions(TrustOptions options) { return (MSSQLConnectOptions) super.setTrustOptions(options); }
Example #6
Source File: DB2ConnectOptions.java From vertx-sql-client with Apache License 2.0 | 4 votes |
@Override public DB2ConnectOptions setTrustOptions(TrustOptions options) { return (DB2ConnectOptions) super.setTrustOptions(options); }
Example #7
Source File: InsecureTrustOptions.java From cava with Apache License 2.0 | 4 votes |
@Override public TrustOptions clone() { return this; }
Example #8
Source File: MySQLConnectionFactory.java From vertx-sql-client with Apache License 2.0 | 4 votes |
public MySQLConnectionFactory(ContextInternal context, MySQLConnectOptions options) { NetClientOptions netClientOptions = new NetClientOptions(options); this.context = context; this.host = options.getHost(); this.port = options.getPort(); this.username = options.getUser(); this.password = options.getPassword(); this.database = options.getDatabase(); this.connectionAttributes = options.getProperties() == null ? null : Collections.unmodifiableMap(options.getProperties()); MySQLCollation collation; if (options.getCollation() != null) { // override the collation if configured collation = MySQLCollation.valueOfName(options.getCollation()); charsetEncoding = Charset.forName(collation.mappedJavaCharsetName()); } else { String charset = options.getCharset(); if (charset == null) { collation = MySQLCollation.DEFAULT_COLLATION; } else { collation = MySQLCollation.valueOfName(MySQLCollation.getDefaultCollationFromCharsetName(charset)); } String characterEncoding = options.getCharacterEncoding(); if (characterEncoding == null) { charsetEncoding = Charset.defaultCharset(); } else { charsetEncoding = Charset.forName(options.getCharacterEncoding()); } } this.collation = collation; this.useAffectedRows = options.isUseAffectedRows(); this.sslMode = options.getSslMode(); // server RSA public key Buffer serverRsaPublicKey = null; if (options.getServerRsaPublicKeyValue() != null) { serverRsaPublicKey = options.getServerRsaPublicKeyValue(); } else { if (options.getServerRsaPublicKeyPath() != null) { serverRsaPublicKey = context.owner().fileSystem().readFileBlocking(options.getServerRsaPublicKeyPath()); } } this.serverRsaPublicKey = serverRsaPublicKey; this.initialCapabilitiesFlags = initCapabilitiesFlags(); // check the SSLMode here switch (sslMode) { case VERIFY_IDENTITY: String hostnameVerificationAlgorithm = netClientOptions.getHostnameVerificationAlgorithm(); if (hostnameVerificationAlgorithm == null || hostnameVerificationAlgorithm.isEmpty()) { throw new IllegalArgumentException("Host verification algorithm must be specified under VERIFY_IDENTITY ssl-mode."); } case VERIFY_CA: TrustOptions trustOptions = netClientOptions.getTrustOptions(); if (trustOptions == null) { throw new IllegalArgumentException("Trust options must be specified under " + sslMode.name() + " ssl-mode."); } break; } this.cachePreparedStatements = options.getCachePreparedStatements(); this.preparedStatementCacheSize = options.getPreparedStatementCacheMaxSize(); this.preparedStatementCacheSqlFilter = options.getPreparedStatementCacheSqlFilter(); this.netClient = context.owner().createNetClient(netClientOptions); }
Example #9
Source File: VertxSubstitutions.java From quarkus with Apache License 2.0 | 4 votes |
@Substitute static void setTrustOptions(TCPSSLOptions sslOptions, TrustOptions options) { throw new RuntimeException("Not Implemented"); }
Example #10
Source File: TrustManagerFactoryWrapper.java From cava with Apache License 2.0 | 4 votes |
@Override public TrustOptions clone() { return new TrustManagerFactoryWrapper(trustManagerFactory); }
Example #11
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Require servers to present known certificates, or CA-signed certificates. * * <p> * If a certificate is not CA-signed, then its fingerprint must be present in the known servers file, associated with * the server (identified by host+port). * * @param repository The repository containing fingerprints by host. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions whitelistServers(FingerprintRepository repository) { return new TrustManagerFactoryWrapper(TrustManagerFactories.whitelistServers(repository)); }
Example #12
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Accept CA-signed certificates, and otherwise trust client certificates on first access. * * <p> * Except when a client presents a CA-signed certificate, on first connection to this server the common name and * fingerprint of the presented certificate will be recorded. On subsequent connections, the client will be rejected * if the fingerprint has changed. * * <p> * <i>Note: unlike the seemingly equivalent {@link #trustServerOnFirstUse(Path)} method for authenticating servers, * this method for authenticating clients is <b>insecure</b> and <b>provides zero confidence in client identity</b>. * Unlike the server version, which bases the identity on the hostname and port the connection is being established * to, the client version only uses the common name of the certificate that the connecting client presents. Therefore, * clients can circumvent access control by using a different common name from any previously recorded client.</i> * * @param knownClientsFile The path to the file containing fingerprints by common name. * @param tmf A {@link TrustManagerFactory} for checking server certificates against a CA. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions trustClientOnFirstAccess(Path knownClientsFile, TrustManagerFactory tmf) { return new TrustManagerFactoryWrapper(TrustManagerFactories.trustClientOnFirstAccess(knownClientsFile, tmf)); }
Example #13
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Require servers to present known certificates. * * <p> * The fingerprint for a server certificate must be present in the known servers file, associated with the server * (identified by host+port). * * @param knownServersFile The path to the file containing fingerprints by host. * @param acceptCASigned If {@code true}, CA-signed certificates will always be accepted. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions whitelistServers(Path knownServersFile, boolean acceptCASigned) { return new TrustManagerFactoryWrapper(TrustManagerFactories.whitelistServers(knownServersFile, acceptCASigned)); }
Example #14
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Require servers to present known certificates. * * <p> * The fingerprint for a server certificate must be present in the known servers file, associated with the server * (identified by host+port). * * @param repository The repository containing fingerprints by host. * @param acceptCASigned If {@code true}, CA-signed certificates will always be accepted. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions whitelistServers(FingerprintRepository repository, boolean acceptCASigned) { return new TrustManagerFactoryWrapper(TrustManagerFactories.whitelistServers(repository, acceptCASigned)); }
Example #15
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Require servers to present known certificates, or CA-signed certificates. * * <p> * If a certificate is not CA-signed, then its fingerprint must be present in the known servers file, associated with * the server (identified by host+port). * * @param knownServersFile The path to the file containing fingerprints by host. * @param tmf A {@link TrustManagerFactory} for checking server certificates against a CA. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions whitelistServers(Path knownServersFile, TrustManagerFactory tmf) { return new TrustManagerFactoryWrapper(TrustManagerFactories.whitelistServers(knownServersFile, tmf)); }
Example #16
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Accept CA-signed certificates, and otherwise trust client certificates on first access. * * <p> * Except when a client presents a CA-signed certificate, on first connection to this server the common name and * fingerprint of the presented certificate will be recorded. On subsequent connections, the client will be rejected * if the fingerprint has changed. * * <p> * <i>Note: unlike the seemingly equivalent {@link #trustServerOnFirstUse(Path)} method for authenticating servers, * this method for authenticating clients is <b>insecure</b> and <b>provides zero confidence in client identity</b>. * Unlike the server version, which bases the identity on the hostname and port the connection is being established * to, the client version only uses the common name of the certificate that the connecting client presents. Therefore, * clients can circumvent access control by using a different common name from any previously recorded client.</i> * * @param repository The repository containing fingerprints by common name. * @param tmf A {@link TrustManagerFactory} for checking server certificates against a CA. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions trustClientOnFirstAccess(FingerprintRepository repository, TrustManagerFactory tmf) { return new TrustManagerFactoryWrapper(TrustManagerFactories.trustClientOnFirstAccess(repository, tmf)); }
Example #17
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Require clients to present known certificates, or CA-signed certificates. * * <p> * If a certificate is not CA-signed, then its common name and fingerprint must be present in the * {@code knownClientsFile}. * * @param repository The repository containing fingerprints by common name. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions whitelistClients(FingerprintRepository repository) { return new TrustManagerFactoryWrapper(TrustManagerFactories.whitelistClients(repository)); }
Example #18
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Require clients to present known certificates, or CA-signed certificates. * * <p> * If a certificate is not CA-signed, then its common name and fingerprint must be present in the * {@code knownClientsFile}. * * @param knownClientsFile The path to the file containing fingerprints by common name. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions whitelistClients(Path knownClientsFile) { return new TrustManagerFactoryWrapper(TrustManagerFactories.whitelistClients(knownClientsFile)); }
Example #19
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Require clients to present known certificates. * * <p> * The common name and fingerprint for a client certificate must be present in {@code knownClientsFile}. * * @param knownClientsFile The path to the file containing fingerprints by common name. * @param acceptCASigned If {@code true}, CA-signed certificates will always be accepted. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions whitelistClients(Path knownClientsFile, boolean acceptCASigned) { return new TrustManagerFactoryWrapper(TrustManagerFactories.whitelistClients(knownClientsFile, acceptCASigned)); }
Example #20
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Require servers to present known certificates, or CA-signed certificates. * * <p> * If a certificate is not CA-signed, then its fingerprint must be present in the known servers file, associated with * the server (identified by host+port). * * @param knownServersFile The path to the file containing fingerprints by host. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions whitelistServers(Path knownServersFile) { return new TrustManagerFactoryWrapper(TrustManagerFactories.whitelistServers(knownServersFile)); }
Example #21
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Accept CA-signed certificates, and otherwise trust server certificates on first use. * * <p> * Except when a server presents a CA-signed certificate, on first connection to a server (identified by host+port) * the fingerprint of the presented certificate will be recorded. On subsequent connections, the presented certificate * will be matched to the stored fingerprint to ensure it has not changed. * * @param repository The repository containing fingerprints by host. * @param tmf A {@link TrustManagerFactory} for checking server certificates against a CA. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions trustServerOnFirstUse(FingerprintRepository repository, TrustManagerFactory tmf) { return new TrustManagerFactoryWrapper(TrustManagerFactories.trustServerOnFirstUse(repository, tmf)); }
Example #22
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Accept CA-signed certificates, and otherwise trust server certificates on first use. * * <p> * Except when a server presents a CA-signed certificate, on first connection to a server (identified by host+port) * the fingerprint of the presented certificate will be recorded. On subsequent connections, the presented certificate * will be matched to the stored fingerprint to ensure it has not changed. * * @param knownServersFile The path to the file containing fingerprints by host. * @param tmf A {@link TrustManagerFactory} for checking server certificates against a CA. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions trustServerOnFirstUse(Path knownServersFile, TrustManagerFactory tmf) { return new TrustManagerFactoryWrapper(TrustManagerFactories.trustServerOnFirstUse(knownServersFile, tmf)); }
Example #23
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Trust server certificates on first use. * * <p> * On first connection to a server (identified by host+port) the fingerprint of the presented certificate will be * recorded. On subsequent connections, the presented certificate will be matched to the stored fingerprint to ensure * it has not changed. * * @param repository The repository containing fingerprints by host. * @param acceptCASigned If {@code true}, CA-signed certificates will always be accepted (and the fingerprint will not * be recorded). * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions trustServerOnFirstUse(FingerprintRepository repository, boolean acceptCASigned) { return new TrustManagerFactoryWrapper(TrustManagerFactories.trustServerOnFirstUse(repository, acceptCASigned)); }
Example #24
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Trust server certificates on first use. * * <p> * On first connection to a server (identified by host+port) the fingerprint of the presented certificate will be * recorded. On subsequent connections, the presented certificate will be matched to the stored fingerprint to ensure * it has not changed. * * @param knownServersFile The path to the file containing fingerprints by host. * @param acceptCASigned If {@code true}, CA-signed certificates will always be accepted (and the fingerprint will not * be recorded). * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions trustServerOnFirstUse(Path knownServersFile, boolean acceptCASigned) { return new TrustManagerFactoryWrapper( TrustManagerFactories.trustServerOnFirstUse(knownServersFile, acceptCASigned)); }
Example #25
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Accept CA-signed certificates, and otherwise trust server certificates on first use. * * <p> * Except when a server presents a CA-signed certificate, on first connection to a server (identified by host+port) * the fingerprint of the presented certificate will be recorded. On subsequent connections, the presented certificate * will be matched to the stored fingerprint to ensure it has not changed. * * @param repository The repository containing fingerprints by host. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions trustServerOnFirstUse(FingerprintRepository repository) { return new TrustManagerFactoryWrapper(TrustManagerFactories.trustServerOnFirstUse(repository)); }
Example #26
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Accept all server certificates, recording certificate fingerprints for those that are not CA-signed. * * <p> * Excepting when a server presents a CA-signed certificate, the server host+port and the certificate fingerprint will * be written to {@code knownServersFile}. * * <p> * Important: this provides no security as it is vulnerable to man-in-the-middle attacks. * * @param repository The repository in which to record fingerprints by host. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions recordServerFingerprints(FingerprintRepository repository) { return new TrustManagerFactoryWrapper(TrustManagerFactories.recordServerFingerprints(repository)); }
Example #27
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Accept CA-signed certificates, and otherwise trust server certificates on first use. * * <p> * Except when a server presents a CA-signed certificate, on first connection to a server (identified by host+port) * the fingerprint of the presented certificate will be recorded. On subsequent connections, the presented certificate * will be matched to the stored fingerprint to ensure it has not changed. * * @param knownServersFile The path to the file containing fingerprints by host. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions trustServerOnFirstUse(Path knownServersFile) { return new TrustManagerFactoryWrapper(TrustManagerFactories.trustServerOnFirstUse(knownServersFile)); }
Example #28
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Accept all server certificates, recording certificate fingerprints for those that are not CA-signed. * * <p> * Excepting when a server presents a CA-signed certificate, the server host+port and the certificate fingerprint will * be written to {@code knownServersFile}. * * <p> * Important: this provides no security as it is vulnerable to man-in-the-middle attacks. * * @param repository The repository in which to record fingerprints by host. * @param tmf A {@link TrustManagerFactory} for checking server certificates against a CA. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions recordServerFingerprints(FingerprintRepository repository, TrustManagerFactory tmf) { return new TrustManagerFactoryWrapper(TrustManagerFactories.recordServerFingerprints(repository, tmf)); }
Example #29
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Accept all server certificates, recording certificate fingerprints for those that are not CA-signed. * * <p> * Excepting when a server presents a CA-signed certificate, the server host+port and the certificate fingerprint will * be written to {@code knownServersFile}. * * <p> * Important: this provides no security as it is vulnerable to man-in-the-middle attacks. * * @param knownServersFile The path to a file in which to record fingerprints by host. * @param tmf A {@link TrustManagerFactory} for checking server certificates against a CA. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions recordServerFingerprints(Path knownServersFile, TrustManagerFactory tmf) { return new TrustManagerFactoryWrapper(TrustManagerFactories.recordServerFingerprints(knownServersFile, tmf)); }
Example #30
Source File: VertxTrustOptions.java From cava with Apache License 2.0 | 2 votes |
/** * Accept all client certificates, recording certificate fingerprints for those that are not CA-signed. * * <p> * Excepting when a client presents a CA-signed certificate, the certificate common name and fingerprint will be * written to {@code knownClientsFile}. * * <p> * Important: this provides no security as it is vulnerable to man-in-the-middle attacks. * * @param knownClientsFile The path to a file in which to record fingerprints by common name. * @return A Vert.x {@link TrustOptions}. */ public static TrustOptions recordClientFingerprints(Path knownClientsFile) { return new TrustManagerFactoryWrapper(TrustManagerFactories.recordClientFingerprints(knownClientsFile)); }