io.vertx.core.http.ClientAuth Java Examples

The following examples show how to use io.vertx.core.http.ClientAuth. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ServerRecordTest.java    From incubator-tuweni with Apache License 2.0 6 votes vote down vote up
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 
Example #2
Source File: VertxNetUtils.java    From Lealone-Plugins with Apache License 2.0 6 votes vote down vote up
public static NetServerOptions getNetServerOptions(EncryptionOptions eo) {
    if (eo == null) {
        return new NetServerOptions();
    }
    NetServerOptions options = new NetServerOptions().setSsl(true);
    options.setKeyStoreOptions(new JksOptions().setPath(eo.keystore).setPassword(eo.keystore_password));

    if (eo.truststore != null) {
        if (eo.require_client_auth) {
            options.setClientAuth(ClientAuth.REQUIRED);
        }
        options.setTrustStoreOptions(new JksOptions().setPath(eo.truststore).setPassword(eo.truststore_password));
    }

    if (eo.cipher_suites != null) {
        for (String cipherSuitee : eo.cipher_suites)
            options.addEnabledCipherSuite(cipherSuitee);
    }
    return options;
}
 
Example #3
Source File: TestVertxTLSBuilder.java    From servicecomb-java-chassis with Apache License 2.0 6 votes vote down vote up
@Test
public void testbuildHttpServerOptionsRequest() {
  SSLOption option = SSLOption.buildFromYaml("rest.provider");
  SSLCustom custom = SSLCustom.createSSLCustom(option.getSslCustomClass());
  HttpServerOptions serverOptions = new HttpServerOptions();

  new MockUp<SSLOption>() {

    @Mock
    public boolean isAuthPeer() {
      return false;
    }
  };
  VertxTLSBuilder.buildNetServerOptions(option, custom, serverOptions);
  Assert.assertEquals(serverOptions.getEnabledSecureTransportProtocols().toArray().length, 1);
  Assert.assertEquals(serverOptions.getClientAuth(), ClientAuth.REQUEST);
}
 
Example #4
Source File: ServerCaOrTofaTest.java    From cava with Apache License 2.0 6 votes vote down vote up
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 
Example #5
Source File: ServerCaOrRecordTest.java    From cava with Apache License 2.0 6 votes vote down vote up
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 
Example #6
Source File: ServerWhitelistTest.java    From cava with Apache License 2.0 6 votes vote down vote up
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 
Example #7
Source File: ServerCaOrWhitelistTest.java    From cava with Apache License 2.0 6 votes vote down vote up
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 
Example #8
Source File: ServerRecordTest.java    From cava with Apache License 2.0 6 votes vote down vote up
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 
Example #9
Source File: ServerTofaTest.java    From cava with Apache License 2.0 6 votes vote down vote up
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 
Example #10
Source File: HttpSslIT.java    From vertx-spring-boot with Apache License 2.0 6 votes vote down vote up
private void testUntrustedClient(boolean useAlpn) {
    Properties properties = new Properties();
    properties.setProperty("vertx.http.client.ssl", "true");
    properties.setProperty("vertx.http.client.use-alpn", String.valueOf(useAlpn));
    properties.setProperty("vertx.http.client.protocol-version",
        useAlpn ? HttpVersion.HTTP_2.name() : HttpVersion.HTTP_1_1.name());
    properties.setProperty("vertx.http.server.ssl", "true");
    properties.setProperty("vertx.http.server.useAlpn", Boolean.toString(useAlpn));
    properties.setProperty("vertx.http.server.client-auth", ClientAuth.REQUIRED.name());
    properties.setProperty("server.ssl.key-store-type", "JKS");
    properties.setProperty("server.ssl.key-store", SERVER_KEYSTORE.getPath());
    properties.setProperty("server.ssl.key-store-password", SERVER_KEYSTORE.getPassword());

    startServerWithoutSecurity(properties, ClientStoresCustomizer.class, useAlpn ? NoopHttp2Router.class : NoopHttp11Router.class);

    try {
        getWebTestClient()
            .get()
            .exchange();
        fail("SSLHandshakeException expected");
    } catch (RuntimeException e) {
        assertThat(e.getCause()).isInstanceOf(SSLHandshakeException.class);
    }
}
 
Example #11
Source File: HttpSslIT.java    From vertx-spring-boot with Apache License 2.0 6 votes vote down vote up
private void testSecureRequest(boolean useAlpn) {
    Properties properties = new Properties();
    properties.setProperty("vertx.http.client.ssl", "true");
    properties.setProperty("vertx.http.client.use-alpn", String.valueOf(useAlpn));
    properties.setProperty("vertx.http.client.protocol-version",
        useAlpn ? HttpVersion.HTTP_2.name() : HttpVersion.HTTP_1_1.name());
    properties.setProperty("vertx.http.server.ssl", "true");
    properties.setProperty("vertx.http.server.useAlpn", Boolean.toString(useAlpn));
    properties.setProperty("vertx.http.server.client-auth", ClientAuth.REQUIRED.name());
    properties.setProperty("server.ssl.key-store-type", "JKS");
    properties.setProperty("server.ssl.key-store", SERVER_KEYSTORE.getPath());
    properties.setProperty("server.ssl.key-store-password", SERVER_KEYSTORE.getPassword());
    properties.setProperty("server.ssl.trust-store-type", "JKS");
    properties.setProperty("server.ssl.trust-store", SERVER_TRUSTSTORE.getPath());
    properties.setProperty("server.ssl.trust-store-password", SERVER_TRUSTSTORE.getPassword());


    startServerWithoutSecurity(properties, ClientStoresCustomizer.class, useAlpn ? NoopHttp2Router.class : NoopHttp11Router.class);

    getWebTestClient()
        .get()
        .exchange()
        .expectStatus()
        .isNoContent();
}
 
Example #12
Source File: HttpServerPropertiesIT.java    From vertx-spring-boot with Apache License 2.0 6 votes vote down vote up
@Test
public void verifyHttpServerProperties() {
    Properties originalProperties = new Properties();
    originalProperties.setProperty("vertx.http.server.host", "localhost");
    originalProperties.setProperty("vertx.http.server.port", "8082");
    originalProperties.setProperty("vertx.http.server.client-auth", "REQUIRED");
    originalProperties.setProperty("vertx.http.server.sni", "true");
    originalProperties.setProperty("vertx.http.server.alpn-versions", "HTTP_1_1,HTTP_2");
    originalProperties.setProperty("vertx.http.server.http2-extra-settings.1", "10");
    originalProperties.setProperty("vertx.http.server.http2-extra-settings.2", "20");
    originalProperties.setProperty("vertx.http.server.idle-timeout-unit", "HOURS");
    originalProperties.setProperty("vertx.http.server.enabled-cipher-suites", "cipher1,cipher2");
    startServerWithoutSecurity(originalProperties);

    HttpServerProperties expectedProperties = getBean(HttpServerProperties.class);

    assertThat(expectedProperties.getPort()).isEqualTo(8082);
    assertThat(expectedProperties.getHost()).isEqualTo("localhost");
    assertThat(expectedProperties.getClientAuth()).isEqualTo(ClientAuth.REQUIRED);
    assertThat(expectedProperties.isSni()).isTrue();
    assertThat(expectedProperties.getAlpnVersions()).containsOnly(HttpVersion.HTTP_1_1, HttpVersion.HTTP_2);
    assertThat(expectedProperties.getHttp2ExtraSettings())
        .containsOnly(new HashMap.SimpleEntry<>(1, 10L), new HashMap.SimpleEntry<>(2, 20L));
    assertThat(expectedProperties.getIdleTimeoutUnit()).isEqualTo(TimeUnit.HOURS);
    assertThat(expectedProperties.getEnabledCipherSuites()).containsOnly("cipher1", "cipher2");
}
 
Example #13
Source File: ServerTofaTest.java    From incubator-tuweni with Apache License 2.0 6 votes vote down vote up
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 
Example #14
Source File: ServerCaOrWhitelistTest.java    From incubator-tuweni with Apache License 2.0 6 votes vote down vote up
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 
Example #15
Source File: EthSigner.java    From ethsigner with Apache License 2.0 6 votes vote down vote up
private static HttpServerOptions applyClientAuthentication(
    final HttpServerOptions input, final ClientAuthConstraints constraints) {
  final HttpServerOptions result = new HttpServerOptions(input);

  result.setClientAuth(ClientAuth.REQUIRED);
  try {
    constraints
        .getKnownClientsFile()
        .ifPresent(
            whitelistFile ->
                result.setTrustOptions(
                    VertxTrustOptions.whitelistClients(
                        whitelistFile.toPath(), constraints.isCaAuthorizedClientAllowed())));
  } catch (final IllegalArgumentException e) {
    throw new InitializationException("Illegally formatted client fingerprint file.");
  }

  return result;
}
 
Example #16
Source File: ServerCaOrTofaTest.java    From incubator-tuweni with Apache License 2.0 6 votes vote down vote up
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 
Example #17
Source File: ServerCaOrRecordTest.java    From incubator-tuweni with Apache License 2.0 6 votes vote down vote up
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 
Example #18
Source File: ServerWhitelistTest.java    From incubator-tuweni with Apache License 2.0 6 votes vote down vote up
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 
Example #19
Source File: SslCustomizerTest.java    From vertx-spring-boot with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldSetNoneClientAuth() {
    given(mockSsl.getClientAuth()).willReturn(Ssl.ClientAuth.NONE);

    customizer.apply(mockHttpServerOptions);

    verify(mockHttpServerOptions).setClientAuth(ClientAuth.NONE);
}
 
Example #20
Source File: ProtonClientSslTest.java    From vertx-proton with Apache License 2.0 5 votes vote down vote up
private void doClientCertificateTestImpl(TestContext context, boolean supplyClientCert) throws InterruptedException,
                                                                                        ExecutionException {
  Async async = context.async();

  // Create a server that accept a connection and expects a client connection+session+receiver
  ProtonServerOptions serverOptions = new ProtonServerOptions();
  serverOptions.setSsl(true);
  serverOptions.setClientAuth(ClientAuth.REQUIRED);
  PfxOptions serverPfxOptions = new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD);
  serverOptions.setPfxKeyCertOptions(serverPfxOptions);

  PfxOptions pfxOptions = new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD);
  serverOptions.setPfxTrustOptions(pfxOptions);

  protonServer = createServer(serverOptions, this::handleClientConnectionSessionReceiverOpen);

  // Try to connect the client
  ProtonClientOptions clientOptions = new ProtonClientOptions();
  clientOptions.setSsl(true);
  clientOptions.setPfxTrustOptions(pfxOptions);

  if (supplyClientCert) {
    PfxOptions clientKeyPfxOptions = new PfxOptions().setPath(KEYSTORE_CLIENT).setPassword(PASSWORD);
    clientOptions.setPfxKeyCertOptions(clientKeyPfxOptions);
  }

  ProtonClient client = ProtonClient.create(vertx);
  client.connect(clientOptions, "localhost", protonServer.actualPort(), res -> {
    if (supplyClientCert) {
      // Expect connect to succeed
      context.assertTrue(res.succeeded());
    } else {
      // Expect connect to fail
      context.assertFalse(res.succeeded());
    }
    async.complete();
  });

  async.awaitSuccess();
}
 
Example #21
Source File: MqttServerClientCertSslTest.java    From vertx-mqtt with Apache License 2.0 5 votes vote down vote up
@Before
public void before(TestContext context) {
  MqttServerOptions options = new MqttServerOptions()
    .setPort(MQTT_SERVER_TLS_PORT)
    .setKeyCertOptions(Cert.SERVER_PEM_ROOT_CA.get())
    .setTrustOptions(Trust.SERVER_PEM_ROOT_CA.get())
    .setSsl(true)
    .setClientAuth(ClientAuth.REQUEST);

  this.setUp(context, options);
}
 
Example #22
Source File: AbstractServiceBase.java    From hono with Eclipse Public License 2.0 5 votes vote down vote up
/**
 * Adds TLS trust anchor configuration to a given set of server options.
 * <p>
 * The options for configuring the server side trust anchor are
 * determined by invoking the {@link #getServerTrustOptions()} method.
 * However, the trust anchor options returned by that method will only be added to the
 * given server options if its <em>ssl</em> flag is set to {@code true} and if its
 * <em>trustOptions</em> property is {@code null}.
 *
 * @param serverOptions The options to add configuration to.
 */
protected final void addTlsTrustOptions(final NetServerOptions serverOptions) {

    if (serverOptions.isSsl() && serverOptions.getTrustOptions() == null) {

        final TrustOptions trustOptions = getServerTrustOptions();
        if (trustOptions != null) {
            serverOptions.setTrustOptions(trustOptions).setClientAuth(ClientAuth.REQUEST);
            log.info("enabling client authentication using certificates [{}]", trustOptions.getClass().getName());
        }
    }
}
 
Example #23
Source File: TestVertxTLSBuilder.java    From servicecomb-java-chassis with Apache License 2.0 5 votes vote down vote up
@Test
public void testbuildHttpServerOptions() {
  SSLOption option = SSLOption.buildFromYaml("rest.provider");
  SSLCustom custom = SSLCustom.createSSLCustom(option.getSslCustomClass());
  HttpServerOptions serverOptions = new HttpServerOptions();
  VertxTLSBuilder.buildNetServerOptions(option, custom, serverOptions);
  Assert.assertEquals(serverOptions.getEnabledSecureTransportProtocols().toArray().length, 1);
  Assert.assertEquals(serverOptions.getClientAuth(), ClientAuth.REQUEST);
}
 
Example #24
Source File: VertxTLSBuilder.java    From servicecomb-java-chassis with Apache License 2.0 5 votes vote down vote up
public static NetServerOptions buildNetServerOptions(SSLOption sslOption, SSLCustom sslCustom,
    NetServerOptions netServerOptions) {
  buildTCPSSLOptions(sslOption, sslCustom, netServerOptions);
  if (sslOption.isAuthPeer()) {
    netServerOptions.setClientAuth(ClientAuth.REQUIRED);
  } else {
    netServerOptions.setClientAuth(ClientAuth.REQUEST);
  }
  return netServerOptions;
}
 
Example #25
Source File: VertxCoreRecorder.java    From quarkus with Apache License 2.0 5 votes vote down vote up
private static void setEventBusOptions(VertxConfiguration conf, VertxOptions options) {
    EventBusConfiguration eb = conf.eventbus;
    EventBusOptions opts = new EventBusOptions();
    opts.setAcceptBacklog(eb.acceptBacklog.orElse(-1));
    opts.setClientAuth(ClientAuth.valueOf(eb.clientAuth.toUpperCase()));
    opts.setConnectTimeout((int) (Math.min(Integer.MAX_VALUE, eb.connectTimeout.toMillis())));
    // todo: use timeUnit cleverly
    opts.setIdleTimeout(
            eb.idleTimeout.isPresent() ? (int) Math.max(1, Math.min(Integer.MAX_VALUE, eb.idleTimeout.get().getSeconds()))
                    : 0);
    opts.setSendBufferSize(eb.sendBufferSize.orElse(-1));
    opts.setSoLinger(eb.soLinger.orElse(-1));
    opts.setSsl(eb.ssl);
    opts.setReceiveBufferSize(eb.receiveBufferSize.orElse(-1));
    opts.setReconnectAttempts(eb.reconnectAttempts);
    opts.setReconnectInterval(eb.reconnectInterval.toMillis());
    opts.setReuseAddress(eb.reuseAddress);
    opts.setReusePort(eb.reusePort);
    opts.setTrafficClass(eb.trafficClass.orElse(-1));
    opts.setTcpKeepAlive(eb.tcpKeepAlive);
    opts.setTcpNoDelay(eb.tcpNoDelay);
    opts.setTrustAll(eb.trustAll);

    // Certificates and trust.
    configurePemKeyCertOptions(opts, eb.keyCertificatePem);
    configureJksKeyCertOptions(opts, eb.keyCertificateJks);
    configurePfxKeyCertOptions(opts, eb.keyCertificatePfx);

    configurePemTrustOptions(opts, eb.trustCertificatePem);
    configureJksKeyCertOptions(opts, eb.trustCertificateJks);
    configurePfxTrustOptions(opts, eb.trustCertificatePfx);

    options.setEventBusOptions(opts);
}
 
Example #26
Source File: JsonRpcHttpService.java    From besu with Apache License 2.0 5 votes vote down vote up
private void applyTlsClientAuth(
    final TlsClientAuthConfiguration clientAuthConfiguration,
    final HttpServerOptions httpServerOptions) {
  httpServerOptions.setClientAuth(ClientAuth.REQUIRED);
  clientAuthConfiguration
      .getKnownClientsFile()
      .ifPresent(
          knownClientsFile ->
              httpServerOptions.setTrustOptions(
                  whitelistClients(
                      knownClientsFile, clientAuthConfiguration.isCaClientsEnabled())));
}
 
Example #27
Source File: SslCustomizer.java    From vertx-spring-boot with Apache License 2.0 5 votes vote down vote up
private ClientAuth clientAuthAdapter(Ssl.ClientAuth clientAuth) {
    switch (clientAuth) {
        case WANT:
            return ClientAuth.REQUEST;
        case NEED:
            return ClientAuth.REQUIRED;
        default:
            return ClientAuth.NONE;
    }
}
 
Example #28
Source File: SslCustomizerTest.java    From vertx-spring-boot with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldSetWantClientAuth() {
    given(mockSsl.getClientAuth()).willReturn(Ssl.ClientAuth.WANT);

    customizer.apply(mockHttpServerOptions);

    verify(mockHttpServerOptions).setClientAuth(ClientAuth.REQUEST);
}
 
Example #29
Source File: SslCustomizerTest.java    From vertx-spring-boot with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldSetNeedClientAuth() {
    given(mockSsl.getClientAuth()).willReturn(Ssl.ClientAuth.NEED);

    customizer.apply(mockHttpServerOptions);

    verify(mockHttpServerOptions).setClientAuth(ClientAuth.REQUIRED);
}
 
Example #30
Source File: Server.java    From wisdom with Apache License 2.0 4 votes vote down vote up
private void bind(int p, Handler<AsyncResult<Void>> completion) {
    // Get port number.
    final int thePort = pickAPort(port);
    HttpServerOptions options = new HttpServerOptions();
    if (ssl) {
        options.setSsl(true);
        options.setTrustStoreOptions(SSLServerContext.getTrustStoreOption(accessor));
        options.setKeyStoreOptions(SSLServerContext.getKeyStoreOption(accessor));
        if (authentication) {
            options.setClientAuth(ClientAuth.REQUIRED);
        }
    }

    if (hasCompressionEnabled()) {
        options.setCompressionSupported(true);
    }

    if (configuration.getIntegerWithDefault("vertx.acceptBacklog", -1) != -1) {
        options.setAcceptBacklog(configuration.getInteger("vertx.acceptBacklog"));
    }
    if (configuration.getIntegerWithDefault("vertx.maxWebSocketFrameSize", -1) != -1) {
        options.setMaxWebsocketFrameSize(configuration.getInteger("vertx.maxWebSocketFrameSize"));
    }
    if (configuration.getStringArray("wisdom.websocket.subprotocols").length > 0) {
        options.setWebsocketSubProtocols(configuration.get("wisdom.websocket.subprotocols"));
    }
    if (configuration.getStringArray("vertx.websocket-subprotocols").length > 0) {
        options.setWebsocketSubProtocols(configuration.get("vertx.websocket-subprotocols"));
    }
    if (configuration.getIntegerWithDefault("vertx.receiveBufferSize", -1) != -1) {
        options.setReceiveBufferSize(configuration.getInteger("vertx.receiveBufferSize"));
    }
    if (configuration.getIntegerWithDefault("vertx.sendBufferSize", -1) != -1) {
        options.setSendBufferSize(configuration.getInteger("vertx.sendBufferSize"));
    }

    http = vertx.createHttpServer(options)
            .requestHandler(new HttpHandler(vertx, accessor, this))
            .websocketHandler(new WebSocketHandler(accessor, this));

    http.listen(thePort, host, event -> {
        if (event.succeeded()) {
            logger.info("Wisdom is going to serve HTTP requests on port {}.", thePort);
            port = thePort;
            completion.handle(Future.succeededFuture());
        } else if (port == 0) {
            logger.debug("Cannot bind on port {} (port already used probably)", thePort, event.cause());
            bind(0, completion);
        } else {
            logger.error("Cannot bind on port {} (port already used probably)", thePort, event.cause());
            completion.handle(Future.failedFuture("Cannot bind on port " + thePort));
        }
    });
}