Java Code Examples for io.netty.handler.ssl.SslProvider#OPENSSL

The following examples show how to use io.netty.handler.ssl.SslProvider#OPENSSL . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: GrpcSslContexts.java    From grpc-nebula-java with Apache License 2.0 6 votes vote down vote up
/**
 * Returns OpenSSL if available, otherwise returns the JDK provider.
 */
private static SslProvider defaultSslProvider() {
  if (OpenSsl.isAvailable()) {
    logger.log(Level.FINE, "Selecting OPENSSL");
    return SslProvider.OPENSSL;
  }
  Provider provider = findJdkProvider();
  if (provider != null) {
    logger.log(Level.FINE, "Selecting JDK with provider {0}", provider);
    return SslProvider.JDK;
  }
  logger.log(Level.INFO, "netty-tcnative unavailable (this may be normal)",
      OpenSsl.unavailabilityCause());
  logger.log(Level.INFO, "Conscrypt not found (this may be normal)");
  logger.log(Level.INFO, "Jetty ALPN unavailable (this may be normal)",
      JettyTlsUtil.getJettyAlpnUnavailabilityCause());
  throw new IllegalStateException(
      "Could not find TLS ALPN provider; "
      + "no working netty-tcnative, Conscrypt, or Jetty NPN/ALPN available");
}
 
Example 2
Source File: NettyHttp2Client.java    From jmeter-http2-plugin with Apache License 2.0 6 votes vote down vote up
private SslContext getSslContext() {
    SslContext sslCtx = null;

    final SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;

    try {
        sslCtx = SslContextBuilder.forClient()
            .sslProvider(provider)
            .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
            .trustManager(InsecureTrustManagerFactory.INSTANCE)
            .applicationProtocolConfig(new ApplicationProtocolConfig(
                Protocol.ALPN,
                SelectorFailureBehavior.NO_ADVERTISE,
                SelectedListenerFailureBehavior.ACCEPT,
                ApplicationProtocolNames.HTTP_2))
            .build();
    } catch(SSLException exception) {
        return null;
    }

    return sslCtx;
}
 
Example 3
Source File: SslServerInitializer.java    From nomulus with Apache License 2.0 6 votes vote down vote up
public SslServerInitializer(
    boolean requireClientCert,
    boolean validateClientCert,
    SslProvider sslProvider,
    Supplier<PrivateKey> privateKeySupplier,
    Supplier<ImmutableList<X509Certificate>> certificatesSupplier) {
  logger.atInfo().log("Server SSL Provider: %s", sslProvider);
  checkArgument(
      requireClientCert || !validateClientCert,
      "Cannot validate client certificate if client certificate is not required.");
  this.requireClientCert = requireClientCert;
  this.validateClientCert = validateClientCert;
  this.sslProvider = sslProvider;
  this.privateKeySupplier = privateKeySupplier;
  this.certificatesSupplier = certificatesSupplier;
  this.supportedSslVersions =
      sslProvider == SslProvider.OPENSSL
          ? ImmutableList.of("TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1")
          // JDK support for TLS 1.3 won't be available until 2020-07-14 at the earliest.
          // See: https://java.com/en/jre-jdk-cryptoroadmap.html
          : ImmutableList.of("TLSv1.2", "TLSv1.1", "TLSv1");
}
 
Example 4
Source File: XrpcClient.java    From xrpc with Apache License 2.0 6 votes vote down vote up
private SslContext buildSslCtx() {
  SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
  try {
    return SslContextBuilder.forClient()
        .sslProvider(provider)
        .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
        .trustManager(InsecureTrustManagerFactory.INSTANCE)
        // TODO(JR): Make a seperate Handler Class for http2 as opposed to autoneg
        //        .applicationProtocolConfig(new ApplicationProtocolConfig(
        //          ApplicationProtocolConfig.Protocol.ALPN,
        //          // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK
        //             providers.
        //          ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
        //          // ACCEPT is currently the only mode supported by both OpenSsl and JDK
        //             providers.
        //          ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
        //          ApplicationProtocolNames.HTTP_2,
        //          ApplicationProtocolNames.HTTP_1_1))
        .build();
  } catch (SSLException e) {
    e.printStackTrace();
  }

  return null;
}
 
Example 5
Source File: Http2OkHttpTest.java    From grpc-java with Apache License 2.0 6 votes vote down vote up
@Override
protected AbstractServerImplBuilder<?> getServerBuilder() {
  // Starts the server with HTTPS.
  try {
    SslProvider sslProvider = SslContext.defaultServerProvider();
    if (sslProvider == SslProvider.OPENSSL && !SslProvider.isAlpnSupported(SslProvider.OPENSSL)) {
      // OkHttp only supports Jetty ALPN on OpenJDK. So if OpenSSL doesn't support ALPN, then we
      // are forced to use Jetty ALPN for Netty instead of OpenSSL.
      sslProvider = SslProvider.JDK;
    }
    SslContextBuilder contextBuilder = SslContextBuilder
        .forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"));
    GrpcSslContexts.configure(contextBuilder, sslProvider);
    contextBuilder.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE);
    return NettyServerBuilder.forPort(0)
        .flowControlWindow(65 * 1024)
        .maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
        .sslContext(contextBuilder.build());
  } catch (IOException ex) {
    throw new RuntimeException(ex);
  }
}
 
Example 6
Source File: SslUtils.java    From servicetalk with Apache License 2.0 5 votes vote down vote up
/**
 * Convert to netty type.
 *
 * @param provider the provider to convert.
 * @param alpn if {@code true} ALPN should be supported.
 * @return the netty provider.
 */
@Nullable
static SslProvider toNettySslProvider(SecurityConfigurator.SslProvider provider, boolean alpn) {
    switch (provider) {
        case AUTO:
            if (alpn) {
                if (isAlpnSupported(SslProvider.OPENSSL)) {
                    return SslProvider.OPENSSL;
                } else if (isAlpnSupported(SslProvider.JDK)) {
                    return SslProvider.JDK;
                } else {
                    throw new IllegalStateException("ALPN configured but not supported by the current classpath: " +
                        "add OPENSSL support (https://netty.io/wiki/forked-tomcat-native.html) or configure " +
                        "ALPN for JDK (https://www.eclipse.org/jetty/documentation/current/alpn-chapter.html)");
                }
            }
            return null;
        case JDK:
            if (alpn && !isAlpnSupported(SslProvider.JDK)) {
                throw new IllegalStateException(
                        "ALPN configured but not supported by the current classpath. For more information, " +
                                "see https://www.eclipse.org/jetty/documentation/current/alpn-chapter.html");
            }
            return SslProvider.JDK;
        case OPENSSL:
            OpenSsl.ensureAvailability();
            if (alpn && !isAlpnSupported(SslProvider.OPENSSL)) {
                throw new IllegalStateException(
                        "ALPN configured but not supported by installed version of OpenSSL");
            }
            return SslProvider.OPENSSL;
        default:
            throw new Error("Unknown SSL provider specified: " + provider);
    }
}
 
Example 7
Source File: BenchmarkUtils.java    From aws-sdk-java-v2 with Apache License 2.0 5 votes vote down vote up
public static SslProvider getSslProvider(String sslProviderValue) {
    switch (sslProviderValue) {
        case DEFAULT_JDK_SSL_PROVIDER:
            return SslProvider.JDK;
        case OPEN_SSL_PROVIDER:
            return SslProvider.OPENSSL;
        default:
            return SslContext.defaultClientProvider();
    }
}
 
Example 8
Source File: TLSCertGenTest.java    From fabric-sdk-java with Apache License 2.0 5 votes vote down vote up
private SslContextBuilder getSslContextBuilder(File clientCertFile, File clientKeyFile, File serverCertFile) {
    SslProvider sslprovider = SslProvider.OPENSSL;
    SslContextBuilder ctxBuilder = SslContextBuilder.forClient().protocols(TLS_PROTOCOL).trustManager(serverCertFile);
    SslContextBuilder clientContextBuilder = GrpcSslContexts.configure(ctxBuilder, sslprovider);
    clientContextBuilder = clientContextBuilder.keyManager(clientCertFile, clientKeyFile);
    return clientContextBuilder;
}
 
Example 9
Source File: ProberModule.java    From nomulus with Apache License 2.0 5 votes vote down vote up
/** {@link Provides} the {@link SslProvider} used by instances of {@link SslClientInitializer} */
@Provides
@Singleton
static SslProvider provideSslProvider() {
  // Prefer OpenSSL.
  return OpenSsl.isAvailable() ? SslProvider.OPENSSL : SslProvider.JDK;
}
 
Example 10
Source File: BaseSslContextFactory.java    From zuul with Apache License 2.0 5 votes vote down vote up
public static SslProvider chooseSslProvider() {
    // Use openssl only if available and has ALPN support (ie. version > 1.0.2).
    SslProvider sslProvider;
    if (ALLOW_USE_OPENSSL.get() && OpenSsl.isAvailable() && SslProvider.isAlpnSupported(SslProvider.OPENSSL)) {
        sslProvider = SslProvider.OPENSSL;
    }
    else {
        sslProvider = SslProvider.JDK;
    }
    return sslProvider;
}
 
Example 11
Source File: SSLConfigClient.java    From Bats with Apache License 2.0 4 votes vote down vote up
@Override
public SslProvider getProvider() {
  return provider.equalsIgnoreCase("JDK") ? SslProvider.JDK : SslProvider.OPENSSL;
}
 
Example 12
Source File: SslContextHolder.java    From blynk-server with GNU General Public License v3.0 4 votes vote down vote up
private static SslProvider fetchSslProvider() {
    return isOpenSslAvailable() ? SslProvider.OPENSSL : SslProvider.JDK;
}
 
Example 13
Source File: Http2Server.java    From netty-4.1.22 with Apache License 2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {
    // Configure SSL.
    final SslContext sslCtx;
    if (SSL) {
        SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
        SelfSignedCertificate ssc = new SelfSignedCertificate();
        sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
            .sslProvider(provider)
            /* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification.
             * Please refer to the HTTP/2 specification for cipher requirements. */
            .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
            .applicationProtocolConfig(new ApplicationProtocolConfig(
                Protocol.ALPN,
                // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
                SelectorFailureBehavior.NO_ADVERTISE,
                // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
                SelectedListenerFailureBehavior.ACCEPT,
                ApplicationProtocolNames.HTTP_2,
                ApplicationProtocolNames.HTTP_1_1))
            .build();
    } else {
        sslCtx = null;
    }
    // Configure the server.
    EventLoopGroup group = new NioEventLoopGroup();
    try {
        ServerBootstrap b = new ServerBootstrap();
        b.option(ChannelOption.SO_BACKLOG, 1024);
        b.group(group)
         .channel(NioServerSocketChannel.class)
         .handler(new LoggingHandler(LogLevel.INFO))
         .childHandler(new Http2ServerInitializer(sslCtx));

        Channel ch = b.bind(PORT).sync().channel();

        System.err.println("Open your HTTP/2-enabled web browser and navigate to " +
                (SSL? "https" : "http") + "://127.0.0.1:" + PORT + '/');

        ch.closeFuture().sync();
    } finally {
        group.shutdownGracefully();
    }
}
 
Example 14
Source File: Http2Server.java    From netty-4.1.22 with Apache License 2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {
    // Configure SSL.
    final SslContext sslCtx;
    if (SSL) {
        SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
        SelfSignedCertificate ssc = new SelfSignedCertificate();
        sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
            .sslProvider(provider)
            /* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification.
             * Please refer to the HTTP/2 specification for cipher requirements. */
            .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
            .applicationProtocolConfig(new ApplicationProtocolConfig(
                Protocol.ALPN,
                // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
                SelectorFailureBehavior.NO_ADVERTISE,
                // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
                SelectedListenerFailureBehavior.ACCEPT,
                ApplicationProtocolNames.HTTP_2,
                ApplicationProtocolNames.HTTP_1_1))
            .build();
    } else {
        sslCtx = null;
    }
    // Configure the server.
    EventLoopGroup group = new NioEventLoopGroup();
    try {
        ServerBootstrap b = new ServerBootstrap();
        b.option(ChannelOption.SO_BACKLOG, 1024);
        b.group(group)
         .channel(NioServerSocketChannel.class)
         .handler(new LoggingHandler(LogLevel.INFO))
         .childHandler(new Http2ServerInitializer(sslCtx));

        Channel ch = b.bind(PORT).sync().channel();

        System.err.println("Open your HTTP/2-enabled web browser and navigate to " +
                (SSL? "https" : "http") + "://127.0.0.1:" + PORT + '/');

        ch.closeFuture().sync();
    } finally {
        group.shutdownGracefully();
    }
}
 
Example 15
Source File: TlsTest.java    From grpc-java with Apache License 2.0 4 votes vote down vote up
@Before
public void setUp() throws NoSuchAlgorithmException {
  executor = Executors.newSingleThreadScheduledExecutor();
  switch (tlsImpl) {
    case TCNATIVE:
      Assume.assumeTrue(OpenSsl.isAvailable());
      sslProvider = SslProvider.OPENSSL;
      break;
    case JDK:
      Assume.assumeTrue(Arrays.asList(
          SSLContext.getDefault().getSupportedSSLParameters().getCipherSuites())
          .contains("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"));
      sslProvider = SslProvider.JDK;
      jdkProvider = Security.getProvider("SunJSSE");
      Assume.assumeNotNull(jdkProvider);
      try {
        // Check for presence of an (ironic) class added in Java 9
        Class.forName("java.lang.Runtime$Version");
        // Java 9+
      } catch (ClassNotFoundException ignored) {
        // Before Java 9
        // TODO(ejona): remove this assume once we upgrade to Netty 4.1.50.Final. GrpcSslContexts
        // detects the Java 9 ALPN API in Java 8 u252, but Netty does not support it in our
        // current version
        Assume.assumeTrue("Jetty ALPN not found", JettyTlsUtil.isJettyAlpnConfigured());
        try {
          GrpcSslContexts.configure(SslContextBuilder.forClient(), jdkProvider);
        } catch (IllegalArgumentException ex) {
          Assume.assumeNoException("Not Java 9+ and Jetty ALPN does not seem available", ex);
        }
      }
      break;
    case CONSCRYPT:
      sslProvider = SslProvider.JDK;
      jdkProvider = Security.getProvider("Conscrypt");
      Assume.assumeNotNull(jdkProvider);
      break;
    default:
      throw new AssertionError();
  }
  clientContextBuilder = SslContextBuilder.forClient();
  if (sslProvider == SslProvider.JDK) {
    GrpcSslContexts.configure(clientContextBuilder, jdkProvider);
  } else {
    GrpcSslContexts.configure(clientContextBuilder, sslProvider);
  }
}
 
Example 16
Source File: AbstractSslEngineBenchmark.java    From netty-4.1.22 with Apache License 2.0 4 votes vote down vote up
@Override
SslProvider sslProvider() {
    return SslProvider.OPENSSL;
}
 
Example 17
Source File: SSLConfigServer.java    From Bats with Apache License 2.0 4 votes vote down vote up
@Override
public SslProvider getProvider() {
  return provider.equalsIgnoreCase("JDK") ? SslProvider.JDK : SslProvider.OPENSSL;
}
 
Example 18
Source File: SslClientInitializerTest.java    From nomulus with Apache License 2.0 4 votes vote down vote up
@Parameters(name = "{0}")
public static SslProvider[] data() {
  return OpenSsl.isAvailable()
      ? new SslProvider[] {SslProvider.JDK, SslProvider.OPENSSL}
      : new SslProvider[] {SslProvider.JDK};
}
 
Example 19
Source File: SslServerInitializerTest.java    From nomulus with Apache License 2.0 4 votes vote down vote up
@Parameters(name = "{0}")
public static SslProvider[] data() {
  return OpenSsl.isAvailable()
      ? new SslProvider[] {SslProvider.OPENSSL, SslProvider.JDK}
      : new SslProvider[] {SslProvider.JDK};
}
 
Example 20
Source File: ProxyModule.java    From nomulus with Apache License 2.0 4 votes vote down vote up
@Provides
static SslProvider provideSslProvider() {
  // Prefer OpenSSL.
  return OpenSsl.isAvailable() ? SslProvider.OPENSSL : SslProvider.JDK;
}