io.netty.handler.ssl.JdkSslContext Java Examples

The following examples show how to use io.netty.handler.ssl.JdkSslContext. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: DockerServiceFactory.java    From haven-platform with Apache License 2.0 6 votes vote down vote up
private void initSsl(String addr, NettyRequestFactory factory) throws Exception {
    SSLContext sslc = SSLContext.getInstance("TLS");
    if(!checkSsl) {
        log.debug("disable any SSL check on {} address", addr);
        sslc.init(null, new TrustManager[]{new SSLUtil.NullX509TrustManager()}, null);
    } else if(StringUtils.hasText(keystore)) {
        log.debug("use SSL trusted store {} on {} address", keystore, addr);
        final String alg = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory def = TrustManagerFactory.getInstance(alg);
        def.init((KeyStore)null);// initialize default list of trust managers
        Resource resource = resourceLoader.getResource(keystore);
        if(!resource.exists()) {
            log.warn("Specified JKS {} is not exists.", keystore);
            return;
        }
        KeyStore ks = KeyStore.getInstance("JKS");
        try(InputStream is = resource.getInputStream()) {
            ks.load(is, storepass == null? new char[0] : storepass.toCharArray());
        }
        TrustManagerFactory local = TrustManagerFactory.getInstance(alg);
        local.init(ks);
        TrustManager tm = SSLUtil.combineX509TrustManagers(local.getTrustManagers(), def.getTrustManagers());
        sslc.init(null, new TrustManager[]{tm}, null);
    }
    factory.setSslContext(new JdkSslContext(sslc, true, ClientAuth.OPTIONAL));
}
 
Example #2
Source File: SslUtilTest.java    From hivemq-community-edition with Apache License 2.0 5 votes vote down vote up
@Test
public void test_java_ssl_tls_1_1_context_created() throws Exception {
    final KeyManagerFactory kmf = createKeyManagerFactory();

    final SslContext sslServerContext =
            sslUtil.createSslServerContext(kmf, null, null, Lists.newArrayList("TLSv1.1"));
    assertTrue(sslServerContext instanceof JdkSslContext);

    final List<String> protocols = getProtocolsFromContext(sslServerContext);
    assertEquals(1, protocols.size());
    assertEquals("TLSv1.1", protocols.get(0));
}
 
Example #3
Source File: SslProviderTests.java    From reactor-netty with Apache License 2.0 5 votes vote down vote up
@Test
public void testSslConfigurationProtocolH2_2() {
	DisposableServer disposableServer =
			server.protocol(HttpProtocol.HTTP11)
			      .secure(spec -> spec.sslContext(builder))
			      .protocol(HttpProtocol.H2)
			      .bindNow();
	assertEquals(2, protocols.size());
	assertTrue(protocols.contains("h2"));
	assertTrue(io.netty.handler.ssl.SslProvider.isAlpnSupported(io.netty.handler.ssl.SslProvider.OPENSSL) ?
	                                       sslContext instanceof OpenSslContext :
	                                       sslContext instanceof JdkSslContext);
	disposableServer.disposeNow();
}
 
Example #4
Source File: SslProviderTests.java    From reactor-netty with Apache License 2.0 5 votes vote down vote up
@Test
public void testSslConfigurationProtocolH2_1() {
	DisposableServer disposableServer =
			server.secure(spec -> spec.sslContext(builder))
			      .protocol(HttpProtocol.H2)
			      .bindNow();
	assertEquals(2, protocols.size());
	assertTrue(protocols.contains("h2"));
	assertTrue(io.netty.handler.ssl.SslProvider.isAlpnSupported(io.netty.handler.ssl.SslProvider.OPENSSL) ?
	                                       sslContext instanceof OpenSslContext :
	                                       sslContext instanceof JdkSslContext);
	disposableServer.disposeNow();
}
 
Example #5
Source File: SslProviderTests.java    From reactor-netty with Apache License 2.0 5 votes vote down vote up
@Test
public void testProtocolH2SslConfiguration() {
	DisposableServer disposableServer =
			server.protocol(HttpProtocol.H2)
			      .secure(spec -> spec.sslContext(builder))
			      .bindNow();
	assertEquals(2, protocols.size());
	assertTrue(protocols.contains("h2"));
	assertTrue(io.netty.handler.ssl.SslProvider.isAlpnSupported(io.netty.handler.ssl.SslProvider.OPENSSL) ?
	                                       sslContext instanceof OpenSslContext :
	                                       sslContext instanceof JdkSslContext);
	disposableServer.disposeNow();
}
 
Example #6
Source File: SslProviderTests.java    From reactor-netty with Apache License 2.0 5 votes vote down vote up
@Test
public void testSslConfigurationProtocolHttp11_2() {
	DisposableServer disposableServer =
			server.protocol(HttpProtocol.H2)
			      .secure(spec -> spec.sslContext(builder))
			      .protocol(HttpProtocol.HTTP11)
			      .bindNow();
	assertTrue(protocols.isEmpty());
	assertTrue(OpenSsl.isAvailable() ? sslContext instanceof OpenSslContext :
	                                   sslContext instanceof JdkSslContext);
	disposableServer.disposeNow();
}
 
Example #7
Source File: SslProviderTests.java    From reactor-netty with Apache License 2.0 5 votes vote down vote up
@Test
public void testSslConfigurationProtocolHttp11_1() {
	DisposableServer disposableServer =
			server.secure(spec -> spec.sslContext(builder))
			      .protocol(HttpProtocol.HTTP11)
			      .bindNow();
	assertTrue(protocols.isEmpty());
	assertTrue(OpenSsl.isAvailable() ? sslContext instanceof OpenSslContext :
	                                   sslContext instanceof JdkSslContext);
	disposableServer.disposeNow();
}
 
Example #8
Source File: SslProviderTests.java    From reactor-netty with Apache License 2.0 5 votes vote down vote up
@Test
public void testProtocolHttp11SslConfiguration() {
	DisposableServer disposableServer =
			server.protocol(HttpProtocol.HTTP11)
			      .secure(spec -> spec.sslContext(builder))
			      .bindNow();
	assertTrue(protocols.isEmpty());
	assertTrue(OpenSsl.isAvailable() ? sslContext instanceof OpenSslContext :
	                                   sslContext instanceof JdkSslContext);
	disposableServer.disposeNow();
}
 
Example #9
Source File: OneWaySSLBase.java    From timely with Apache License 2.0 5 votes vote down vote up
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertTrue(ctx.isClient());
    Assert.assertTrue(ctx instanceof JdkSslContext);
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
 
Example #10
Source File: TwoWaySSLOpenSSLIT.java    From timely with Apache License 2.0 5 votes vote down vote up
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side.
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertTrue(ctx.isClient());
    Assert.assertTrue(ctx instanceof JdkSslContext);
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
 
Example #11
Source File: WebSocketClientIT.java    From timely with Apache License 2.0 5 votes vote down vote up
private void setupSslCtx() throws Exception {
    Assert.assertNotNull(clientTrustStoreFile);
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertTrue(ctx.isClient());
    Assert.assertTrue(ctx instanceof JdkSslContext);
    JdkSslContext jdk = (JdkSslContext) ctx;
    sslCtx = jdk.context();
}
 
Example #12
Source File: TwoWaySSLIT.java    From timely with Apache License 2.0 5 votes vote down vote up
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side.
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertTrue(ctx.isClient());
    Assert.assertTrue(ctx instanceof JdkSslContext);
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
 
Example #13
Source File: TwoWaySSLFailureIT.java    From timely with Apache License 2.0 5 votes vote down vote up
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertTrue(ctx.isClient());
    Assert.assertTrue(ctx instanceof JdkSslContext);
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
 
Example #14
Source File: ClientHttpConnectorFactory.java    From spring-credhub with Apache License 2.0 5 votes vote down vote up
/**
 * Create a {@link ClientHttpConnector} for the given {@link ClientOptions}.
 * @param options must not be {@literal null}
 * @return a new {@link ClientHttpConnector}.
 */
public static ClientHttpConnector create(ClientOptions options) {
	HttpClient httpClient = HttpClient.create();

	if (usingCustomCerts(options)) {
		TrustManagerFactory trustManagerFactory = sslCertificateUtils
				.createTrustManagerFactory(options.getCaCertFiles());

		httpClient = httpClient.secure((sslContextSpec) -> sslContextSpec.sslContext(
				SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(trustManagerFactory)));
	}
	else {
		httpClient = httpClient.secure((sslContextSpec) -> {
			try {
				sslContextSpec.sslContext(new JdkSslContext(SSLContext.getDefault(), true, null,
						IdentityCipherSuiteFilter.INSTANCE, null, ClientAuth.REQUIRE, null, false));
			}
			catch (NoSuchAlgorithmException ex) {
				logger.error("Error configuring HTTP connections", ex);
				throw new RuntimeException("Error configuring HTTP connections", ex);
			}
		});
	}

	if (options.getConnectionTimeout() != null) {
		httpClient = httpClient
				.tcpConfiguration((tcpClient) -> tcpClient.option(ChannelOption.CONNECT_TIMEOUT_MILLIS,
						Math.toIntExact(options.getConnectionTimeout().toMillis())));
	}

	return new ReactorClientHttpConnector(httpClient);
}
 
Example #15
Source File: FakeTlsContext.java    From NioSmtpClient with Apache License 2.0 5 votes vote down vote up
public static SSLContext createContext() {
  try {
    JdkSslContext nettyContext = (JdkSslContext) SslContextBuilder
        .forServer(getKeyManagerFactory())
        .sslProvider(SslProvider.JDK)
        .trustManager(InsecureTrustManagerFactory.INSTANCE)
        .build();

    return nettyContext.context();
  } catch (Exception e) {
    throw new RuntimeException(e);
  }
}
 
Example #16
Source File: HttpApiHandler.java    From component-runtime with Apache License 2.0 5 votes vote down vote up
public T activeSsl() {
    if (sslContext == null) {
        try {
            final SelfSignedCertificate certificate = new SelfSignedCertificate();
            final SslContext nettyContext = SslContext
                    .newServerContext(SslProvider.JDK, null, InsecureTrustManagerFactory.INSTANCE,
                            certificate.certificate(), certificate.privateKey(), null, null, null,
                            IdentityCipherSuiteFilter.INSTANCE, null, 0, 0);
            sslContext = JdkSslContext.class.cast(nettyContext).context();
        } catch (final SSLException | CertificateException e) {
            throw new IllegalStateException(e);
        }
    }
    return (T) this;
}
 
Example #17
Source File: OneWaySSLBase.java    From qonduit with Apache License 2.0 5 votes vote down vote up
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertTrue(ctx.isClient());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
 
Example #18
Source File: TwoWaySSLOpenSSLIT.java    From qonduit with Apache License 2.0 5 votes vote down vote up
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side.
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertTrue(ctx.isClient());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
 
Example #19
Source File: WebSocketClientIT.java    From qonduit with Apache License 2.0 5 votes vote down vote up
private void setupSslCtx() throws Exception {
    Assert.assertNotNull(clientTrustStoreFile);
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertTrue(ctx.isClient());
    JdkSslContext jdk = (JdkSslContext) ctx;
    sslCtx = jdk.context();
}
 
Example #20
Source File: TwoWaySSLIT.java    From qonduit with Apache License 2.0 5 votes vote down vote up
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side.
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertTrue(ctx.isClient());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
 
Example #21
Source File: TwoWaySSLFailureIT.java    From qonduit with Apache License 2.0 5 votes vote down vote up
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertTrue(ctx.isClient());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
 
Example #22
Source File: SslUtilTest.java    From hivemq-community-edition with Apache License 2.0 5 votes vote down vote up
@Test
public void test_java_ssl_tls_1_3_context_created() throws Exception {
    final KeyManagerFactory kmf = createKeyManagerFactory();

    final SslContext sslServerContext =
            sslUtil.createSslServerContext(kmf, null, null, Lists.newArrayList("TLSv1.3"));
    assertTrue(sslServerContext instanceof JdkSslContext);

    final List<String> protocols = getProtocolsFromContext(sslServerContext);
    assertEquals(1, protocols.size());
    assertEquals("TLSv1.3", protocols.get(0));
}
 
Example #23
Source File: SslUtilTest.java    From hivemq-community-edition with Apache License 2.0 5 votes vote down vote up
@Test
public void test_java_ssl_tls_1_2_context_created() throws Exception {
    final KeyManagerFactory kmf = createKeyManagerFactory();

    final SslContext sslServerContext =
            sslUtil.createSslServerContext(kmf, null, null, Lists.newArrayList("TLSv1.2"));
    assertTrue(sslServerContext instanceof JdkSslContext);

    final List<String> protocols = getProtocolsFromContext(sslServerContext);
    assertEquals(1, protocols.size());
    assertEquals("TLSv1.2", protocols.get(0));
}
 
Example #24
Source File: SslUtilTest.java    From hivemq-community-edition with Apache License 2.0 5 votes vote down vote up
@Test
public void test_java_ssl_tls_1_context_created() throws Exception {
    final KeyManagerFactory kmf = createKeyManagerFactory();

    final SslContext sslServerContext =
            sslUtil.createSslServerContext(kmf, null, null, Lists.newArrayList("TLSv1"));
    assertTrue(sslServerContext instanceof JdkSslContext);

    final List<String> protocols = getProtocolsFromContext(sslServerContext);
    assertEquals(1, protocols.size());
    assertEquals("TLSv1", protocols.get(0));
}
 
Example #25
Source File: SocketIOServer.java    From socketio with Apache License 2.0 4 votes vote down vote up
/**
 * Creates instance of Socket.IO server with the given secure port.
 */
public static SocketIOServer newInstance(int port, SSLContext sslContext) {
  SslContext nettySslContext = new JdkSslContext(sslContext, false, ClientAuth.NONE);
  return newInstance(port, nettySslContext);
}