Java Code Examples for io.netty.handler.ssl.SslProvider#JDK
The following examples show how to use
io.netty.handler.ssl.SslProvider#JDK .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: GrpcSslContexts.java From grpc-nebula-java with Apache License 2.0 | 6 votes |
|
/**
* Returns OpenSSL if available, otherwise returns the JDK provider.
*/
private static SslProvider defaultSslProvider() {
if (OpenSsl.isAvailable()) {
logger.log(Level.FINE, "Selecting OPENSSL");
return SslProvider.OPENSSL;
}
Provider provider = findJdkProvider();
if (provider != null) {
logger.log(Level.FINE, "Selecting JDK with provider {0}", provider);
return SslProvider.JDK;
}
logger.log(Level.INFO, "netty-tcnative unavailable (this may be normal)",
OpenSsl.unavailabilityCause());
logger.log(Level.INFO, "Conscrypt not found (this may be normal)");
logger.log(Level.INFO, "Jetty ALPN unavailable (this may be normal)",
JettyTlsUtil.getJettyAlpnUnavailabilityCause());
throw new IllegalStateException(
"Could not find TLS ALPN provider; "
+ "no working netty-tcnative, Conscrypt, or Jetty NPN/ALPN available");
}
Example 2
| Source File: Http2OkHttpTest.java From grpc-java with Apache License 2.0 | 6 votes |
|
@Override
protected AbstractServerImplBuilder<?> getServerBuilder() {
// Starts the server with HTTPS.
try {
SslProvider sslProvider = SslContext.defaultServerProvider();
if (sslProvider == SslProvider.OPENSSL && !SslProvider.isAlpnSupported(SslProvider.OPENSSL)) {
// OkHttp only supports Jetty ALPN on OpenJDK. So if OpenSSL doesn't support ALPN, then we
// are forced to use Jetty ALPN for Netty instead of OpenSSL.
sslProvider = SslProvider.JDK;
}
SslContextBuilder contextBuilder = SslContextBuilder
.forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"));
GrpcSslContexts.configure(contextBuilder, sslProvider);
contextBuilder.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE);
return NettyServerBuilder.forPort(0)
.flowControlWindow(65 * 1024)
.maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
.sslContext(contextBuilder.build());
} catch (IOException ex) {
throw new RuntimeException(ex);
}
}
Example 3
| Source File: NettyHttp2Client.java From jmeter-http2-plugin with Apache License 2.0 | 6 votes |
|
private SslContext getSslContext() {
SslContext sslCtx = null;
final SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
try {
sslCtx = SslContextBuilder.forClient()
.sslProvider(provider)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(
Protocol.ALPN,
SelectorFailureBehavior.NO_ADVERTISE,
SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2))
.build();
} catch(SSLException exception) {
return null;
}
return sslCtx;
}
Example 4
| Source File: TlsTest.java From grpc-nebula-java with Apache License 2.0 | 5 votes |
|
private ServerBuilder<?> serverBuilder(int port, File serverCertChainFile,
File serverPrivateKeyFile, X509Certificate[] serverTrustedCaCerts) throws IOException {
SslContextBuilder sslContextBuilder
= SslContextBuilder.forServer(serverCertChainFile, serverPrivateKeyFile);
if (sslProvider == SslProvider.JDK) {
GrpcSslContexts.configure(sslContextBuilder, jdkProvider);
} else {
GrpcSslContexts.configure(sslContextBuilder, sslProvider);
}
sslContextBuilder.trustManager(serverTrustedCaCerts)
.clientAuth(ClientAuth.REQUIRE);
return NettyServerBuilder.forPort(port)
.sslContext(sslContextBuilder.build());
}
Example 5
| Source File: BenchmarkUtils.java From aws-sdk-java-v2 with Apache License 2.0 | 5 votes |
|
public static SslProvider getSslProvider(String sslProviderValue) {
switch (sslProviderValue) {
case DEFAULT_JDK_SSL_PROVIDER:
return SslProvider.JDK;
case OPEN_SSL_PROVIDER:
return SslProvider.OPENSSL;
default:
return SslContext.defaultClientProvider();
}
}
Example 6
| Source File: MqttSslContextCreator.java From spring-boot-protocol with Apache License 2.0 | 5 votes |
|
private SslProvider getSSLProvider() {
String providerName = props.getProperty(BrokerConstants.SSL_PROVIDER, SslProvider.JDK.name());
try {
return SslProvider.valueOf(providerName);
} catch (IllegalArgumentException e) {
logger.warn("unknown SSL Provider {}, falling back on JDK provider", providerName);
return SslProvider.JDK;
}
}
Example 7
| Source File: ProberModule.java From nomulus with Apache License 2.0 | 5 votes |
|
/** {@link Provides} the {@link SslProvider} used by instances of {@link SslClientInitializer} */
@Provides
@Singleton
static SslProvider provideSslProvider() {
// Prefer OpenSSL.
return OpenSsl.isAvailable() ? SslProvider.OPENSSL : SslProvider.JDK;
}
Example 8
| Source File: DefaultOpenDistroSecurityKeyStore.java From deprecated-security-ssl with Apache License 2.0 | 5 votes |
|
private List<String> getEnabledSSLCiphers(final SslProvider provider, boolean http) {
if (provider == null) {
return Collections.emptyList();
}
if (http) {
return provider == SslProvider.JDK ? enabledHttpCiphersJDKProvider : enabledHttpCiphersOpenSSLProvider;
} else {
return provider == SslProvider.JDK ? enabledTransportCiphersJDKProvider
: enabledTransportCiphersOpenSSLProvider;
}
}
Example 9
| Source File: GremlinServerSslIntegrateTest.java From tinkerpop with Apache License 2.0 | 5 votes |
|
private static SslContext createServerSslContext() {
final SslProvider provider = SslProvider.JDK;
try {
// this is not good for production - just testing
final SelfSignedCertificate ssc = new SelfSignedCertificate();
return SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(provider).build();
} catch (Exception ce) {
throw new RuntimeException("Couldn't setup self-signed certificate for test");
}
}
Example 10
| Source File: BaseSslContextFactory.java From zuul with Apache License 2.0 | 5 votes |
|
public static SslProvider chooseSslProvider() {
// Use openssl only if available and has ALPN support (ie. version > 1.0.2).
SslProvider sslProvider;
if (ALLOW_USE_OPENSSL.get() && OpenSsl.isAvailable() && SslProvider.isAlpnSupported(SslProvider.OPENSSL)) {
sslProvider = SslProvider.OPENSSL;
}
else {
sslProvider = SslProvider.JDK;
}
return sslProvider;
}
Example 11
| Source File: ChannelPipelineInitializer.java From aws-sdk-java-v2 with Apache License 2.0 | 4 votes |
|
@Override
public void channelCreated(Channel ch) {
ch.attr(PROTOCOL_FUTURE).set(new CompletableFuture<>());
ChannelPipeline pipeline = ch.pipeline();
if (sslCtx != null) {
// Need to provide host and port to enable SNI
// https://github.com/netty/netty/issues/3801#issuecomment-104274440
SslHandler sslHandler = sslCtx.newHandler(ch.alloc(), poolKey.getHost(), poolKey.getPort());
configureSslEngine(sslHandler.engine());
pipeline.addLast(sslHandler);
pipeline.addLast(SslCloseCompletionEventHandler.getInstance());
// Use unpooled allocator to avoid increased heap memory usage from Netty 4.1.43.
// See https://github.com/netty/netty/issues/9768
if (sslProvider == SslProvider.JDK) {
ch.config().setOption(ChannelOption.ALLOCATOR, UnpooledByteBufAllocator.DEFAULT);
}
}
if (protocol == Protocol.HTTP2) {
configureHttp2(ch, pipeline);
} else {
configureHttp11(ch, pipeline);
}
if (configuration.reapIdleConnections()) {
pipeline.addLast(new IdleConnectionReaperHandler(configuration.idleTimeoutMillis()));
}
if (configuration.connectionTtlMillis() > 0) {
pipeline.addLast(new OldConnectionReaperHandler(configuration.connectionTtlMillis()));
}
pipeline.addLast(FutureCancelHandler.getInstance());
// Only add it for h1 channel because it does not apply to
// h2 connection channel. It will be attached
// to stream channels when they are created.
if (protocol == Protocol.HTTP1_1) {
pipeline.addLast(UnusedChannelExceptionHandler.getInstance());
}
pipeline.addLast(new LoggingHandler(LogLevel.DEBUG));
}
Example 12
| Source File: SslServerInitializerTest.java From nomulus with Apache License 2.0 | 4 votes |
|
@Parameters(name = "{0}")
public static SslProvider[] data() {
return OpenSsl.isAvailable()
? new SslProvider[] {SslProvider.OPENSSL, SslProvider.JDK}
: new SslProvider[] {SslProvider.JDK};
}
Example 13
| Source File: AbstractSslEngineBenchmark.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
|
@Override
SslProvider sslProvider() {
return SslProvider.JDK;
}
Example 14
| Source File: AbstractSslHandlerBenchmark.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
|
@Override
SslProvider sslProvider() {
return SslProvider.JDK;
}
Example 15
| Source File: Http2Server.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Configure SSL.
final SslContext sslCtx;
if (SSL) {
SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
SelfSignedCertificate ssc = new SelfSignedCertificate();
sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(provider)
/* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification.
* Please refer to the HTTP/2 specification for cipher requirements. */
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(
Protocol.ALPN,
// NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
SelectorFailureBehavior.NO_ADVERTISE,
// ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2,
ApplicationProtocolNames.HTTP_1_1))
.build();
} else {
sslCtx = null;
}
// Configure the server.
EventLoopGroup group = new NioEventLoopGroup();
try {
ServerBootstrap b = new ServerBootstrap();
b.option(ChannelOption.SO_BACKLOG, 1024);
b.group(group)
.channel(NioServerSocketChannel.class)
.handler(new LoggingHandler(LogLevel.INFO))
.childHandler(new Http2ServerInitializer(sslCtx));
Channel ch = b.bind(PORT).sync().channel();
System.err.println("Open your HTTP/2-enabled web browser and navigate to " +
(SSL? "https" : "http") + "://127.0.0.1:" + PORT + '/');
ch.closeFuture().sync();
} finally {
group.shutdownGracefully();
}
}
Example 16
| Source File: Http2Server.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Configure SSL.
final SslContext sslCtx;
if (SSL) {
SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
SelfSignedCertificate ssc = new SelfSignedCertificate();
sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(provider)
/* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification.
* Please refer to the HTTP/2 specification for cipher requirements. */
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(
Protocol.ALPN,
// NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
SelectorFailureBehavior.NO_ADVERTISE,
// ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2,
ApplicationProtocolNames.HTTP_1_1))
.build();
} else {
sslCtx = null;
}
// Configure the server.
EventLoopGroup group = new NioEventLoopGroup();
try {
ServerBootstrap b = new ServerBootstrap();
b.option(ChannelOption.SO_BACKLOG, 1024);
b.group(group)
.channel(NioServerSocketChannel.class)
.handler(new LoggingHandler(LogLevel.INFO))
.childHandler(new Http2ServerInitializer(sslCtx));
Channel ch = b.bind(PORT).sync().channel();
System.err.println("Open your HTTP/2-enabled web browser and navigate to " +
(SSL? "https" : "http") + "://127.0.0.1:" + PORT + '/');
ch.closeFuture().sync();
} finally {
group.shutdownGracefully();
}
}
Example 17
| Source File: SslContextHolder.java From blynk-server with GNU General Public License v3.0 | 4 votes |
|
private static SslProvider fetchSslProvider() {
return isOpenSslAvailable() ? SslProvider.OPENSSL : SslProvider.JDK;
}
Example 18
| Source File: SSLConfigClient.java From Bats with Apache License 2.0 | 4 votes |
|
@Override
public SslProvider getProvider() {
return provider.equalsIgnoreCase("JDK") ? SslProvider.JDK : SslProvider.OPENSSL;
}
Example 19
| Source File: SSLConfigServer.java From Bats with Apache License 2.0 | 4 votes |
|
@Override
public SslProvider getProvider() {
return provider.equalsIgnoreCase("JDK") ? SslProvider.JDK : SslProvider.OPENSSL;
}
Example 20
| Source File: SslClientInitializerTest.java From nomulus with Apache License 2.0 | 4 votes |
|
@Parameters(name = "{0}")
public static SslProvider[] data() {
return OpenSsl.isAvailable()
? new SslProvider[] {SslProvider.JDK, SslProvider.OPENSSL}
: new SslProvider[] {SslProvider.JDK};
}
