Java Code Examples for io.netty.handler.ssl.SslContextBuilder#forServer()

The following examples show how to use io.netty.handler.ssl.SslContextBuilder#forServer() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: Http2OkHttpTest.java    From grpc-nebula-java with Apache License 2.0 6 votes vote down vote up
@Override
protected AbstractServerImplBuilder<?> getServerBuilder() {
  // Starts the server with HTTPS.
  try {
    SslProvider sslProvider = SslContext.defaultServerProvider();
    if (sslProvider == SslProvider.OPENSSL && !OpenSsl.isAlpnSupported()) {
      // OkHttp only supports Jetty ALPN on OpenJDK. So if OpenSSL doesn't support ALPN, then we
      // are forced to use Jetty ALPN for Netty instead of OpenSSL.
      sslProvider = SslProvider.JDK;
    }
    SslContextBuilder contextBuilder = SslContextBuilder
        .forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"));
    GrpcSslContexts.configure(contextBuilder, sslProvider);
    contextBuilder.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE);
    return NettyServerBuilder.forPort(0)
        .flowControlWindow(65 * 1024)
        .maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
        .sslContext(contextBuilder.build());
  } catch (IOException ex) {
    throw new RuntimeException(ex);
  }
}
 
Example 2
Source File: NettySslHttp2Factory.java    From ambry with Apache License 2.0 6 votes vote down vote up
/**
 * @param config the {@link SSLConfig}
 * @return a configured {@link SslContext} object for a client.
 * @throws GeneralSecurityException
 * @throws IOException
 */
static SslContext getServerSslContext(SSLConfig config) throws GeneralSecurityException, IOException {
  logger.info("Using {} provider for server SslContext", SslContext.defaultServerProvider());
  SslContextBuilder sslContextBuilder;
  if (config.sslHttp2SelfSign) {
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    sslContextBuilder = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
    logger.info("Using Self Signed Certificate.");
  } else {
    sslContextBuilder = SslContextBuilder.forServer(NettySslFactory.getKeyManagerFactory(config))
        .trustManager(NettySslFactory.getTrustManagerFactory(config));
  }
  return sslContextBuilder.sslProvider(SslContext.defaultClientProvider())
      .clientAuth(NettySslFactory.getClientAuth(config))
      /* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification.
       * Please refer to the HTTP/2 specification for cipher requirements. */
      .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
      .applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN,
          // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
          ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
          // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
          ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2))
      .build();
}
 
Example 3
Source File: Http2OkHttpTest.java    From grpc-java with Apache License 2.0 6 votes vote down vote up
@Override
protected AbstractServerImplBuilder<?> getServerBuilder() {
  // Starts the server with HTTPS.
  try {
    SslProvider sslProvider = SslContext.defaultServerProvider();
    if (sslProvider == SslProvider.OPENSSL && !SslProvider.isAlpnSupported(SslProvider.OPENSSL)) {
      // OkHttp only supports Jetty ALPN on OpenJDK. So if OpenSSL doesn't support ALPN, then we
      // are forced to use Jetty ALPN for Netty instead of OpenSSL.
      sslProvider = SslProvider.JDK;
    }
    SslContextBuilder contextBuilder = SslContextBuilder
        .forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"));
    GrpcSslContexts.configure(contextBuilder, sslProvider);
    contextBuilder.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE);
    return NettyServerBuilder.forPort(0)
        .flowControlWindow(65 * 1024)
        .maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
        .sslContext(contextBuilder.build());
  } catch (IOException ex) {
    throw new RuntimeException(ex);
  }
}
 
Example 4
Source File: HttpServerTests.java    From reactor-netty with Apache License 2.0 5 votes vote down vote up
@Test
public void testHttpServerWithDomainSockets() throws Exception {
	HttpServer server = HttpServer.create();
	HttpClient client = HttpClient.create();

	doTestHttpServerWithDomainSockets(server, client);

	SelfSignedCertificate cert = new SelfSignedCertificate();
	SslContextBuilder serverCtx = SslContextBuilder.forServer(cert.certificate(), cert.privateKey());
	SslContextBuilder clientCtx = SslContextBuilder.forClient()
	                                               .trustManager(InsecureTrustManagerFactory.INSTANCE);
	doTestHttpServerWithDomainSockets(
			server.protocol(HttpProtocol.H2).secure(spec -> spec.sslContext(serverCtx)),
			client.protocol(HttpProtocol.H2).secure(spec -> spec.sslContext(clientCtx)));
}
 
Example 5
Source File: HttpRedirectTest.java    From reactor-netty with Apache License 2.0 5 votes vote down vote up
@Test
public void testHttp2Redirect() throws Exception {
	SelfSignedCertificate cert = new SelfSignedCertificate();
	SslContextBuilder serverCtx = SslContextBuilder.forServer(cert.certificate(), cert.privateKey());
	SslContextBuilder clientCtx = SslContextBuilder.forClient()
	                                               .trustManager(InsecureTrustManagerFactory.INSTANCE);
	DisposableServer server =
			HttpServer.create()
			          .port(0)
			          .host("localhost")
			          .wiretap(true)
			          .protocol(HttpProtocol.H2)
			          .secure(spec -> spec.sslContext(serverCtx))
			          .route(r -> r.get("/1", (req, res) -> res.sendRedirect("/3"))
			                       .get("/3", (req, res) -> res.status(200)
			                                                   .sendString(Mono.just("OK"))))
			          .wiretap(true)
			          .bindNow();

	Tuple2<String, Integer> response =
			HttpClient.create()
			          .remoteAddress(server::address)
			          .wiretap(true)
			          .followRedirect(true)
			          .protocol(HttpProtocol.H2)
			          .secure(spec -> spec.sslContext(clientCtx))
			          .get()
			          .uri("/1")
			          .responseSingle((res, bytes) -> bytes.asString()
			                                               .zipWith(Mono.just(res.status().code())))
			          .block(Duration.ofSeconds(30));

	assertThat(response).isNotNull();
	assertThat(response.getT2()).isEqualTo(200);
	assertThat(response.getT1()).isEqualTo("OK");

	server.disposeNow();
}
 
Example 6
Source File: RemoteWorker.java    From bazel with Apache License 2.0 5 votes vote down vote up
private SslContextBuilder getSslContextBuilder(RemoteWorkerOptions workerOptions) {
  SslContextBuilder sslContextBuilder =
      SslContextBuilder.forServer(
          new File(workerOptions.tlsCertificate), new File(workerOptions.tlsPrivateKey));
  if (workerOptions.tlsCaCertificate != null) {
    sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
    sslContextBuilder.trustManager(new File(workerOptions.tlsCaCertificate));
  }
  return GrpcSslContexts.configure(sslContextBuilder, SslProvider.OPENSSL);
}
 
Example 7
Source File: MqttSslContextCreator.java    From spring-boot-protocol with Apache License 2.0 5 votes vote down vote up
/**
 * The OpenSSL provider does not support the {@link KeyManagerFactory}, so we have to lookup the integration
 * certificate and key in order to provide it to OpenSSL.
 * <p>
 * TODO: SNI is currently not supported, we use only the first found private key.
 */
private static SslContextBuilder builderWithOpenSSLProvider(KeyStore ks, String keyPassword)
        throws GeneralSecurityException {
    for (String alias : Collections.list(ks.aliases())) {
        if (ks.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) {
            PrivateKey key = (PrivateKey) ks.getKey(alias, keyPassword.toCharArray());
            Certificate[] chain = ks.getCertificateChain(alias);
            X509Certificate[] certChain = new X509Certificate[chain.length];
            System.arraycopy(chain, 0, certChain, 0, chain.length);
            return SslContextBuilder.forServer(key, certChain);
        }
    }
    throw new KeyManagementException("the SSL key-store does not contain a private key");
}
 
Example 8
Source File: MqttSslContextCreator.java    From spring-boot-protocol with Apache License 2.0 5 votes vote down vote up
private SslContextBuilder builderWithJdkProvider(KeyStore ks, String keyPassword)
        throws GeneralSecurityException {
    logger.info("Initializing key manager...");
    final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(ks, keyPassword.toCharArray());
    logger.info("Initializing SSL context...");
    return SslContextBuilder.forServer(kmf);
}
 
Example 9
Source File: HelloWorldServerTls.java    From grpc-nebula-java with Apache License 2.0 5 votes vote down vote up
private SslContextBuilder getSslContextBuilder() {
    SslContextBuilder sslClientContextBuilder = SslContextBuilder.forServer(new File(certChainFilePath),
            new File(privateKeyFilePath));
    if (trustCertCollectionFilePath != null) {
        sslClientContextBuilder.trustManager(new File(trustCertCollectionFilePath));
        sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE);
    }
    return GrpcSslContexts.configure(sslClientContextBuilder,
            SslProvider.OPENSSL);
}
 
Example 10
Source File: TestSsl.java    From dremio-flight-connector with Apache License 2.0 5 votes vote down vote up
@Test
public void sslTest() throws Exception {
  Pair<InputStream, InputStream> pair = SslHelper.ssl(dremioConfig, "localhost");

  SslContextBuilder builder = SslContextBuilder.forServer(pair.getRight(), pair.getLeft());
  SslContext context = builder.build();
  Assert.assertNotNull(context);
}
 
Example 11
Source File: SslProviderTests.java    From reactor-netty with Apache License 2.0 5 votes vote down vote up
@Before
public void setUp() throws Exception {
	SelfSignedCertificate cert = new SelfSignedCertificate();
	builder = SslContextBuilder.forServer(cert.certificate(), cert.privateKey());
	protocols = new ArrayList<>();
	server = HttpServer.create()
			           .port(0)
			           .doOnBind(conf -> {
			               SslProvider ssl = conf.sslProvider();
			               if (ssl != null) {
			                   protocols.addAll(ssl.sslContext.applicationProtocolNegotiator().protocols());
			                   sslContext = ssl.sslContext;
			               }
			           });
}
 
Example 12
Source File: DefaultPooledConnectionProviderTest.java    From reactor-netty with Apache License 2.0 5 votes vote down vote up
@Test
public void testIssue903() throws CertificateException {
	SelfSignedCertificate cert = new SelfSignedCertificate();
	SslContextBuilder serverCtx = SslContextBuilder.forServer(cert.key(), cert.cert());
	DisposableServer server =
			HttpServer.create()
			          .secure(s -> s.sslContext(serverCtx))
			          .port(0)
			          .wiretap(true)
			          .handle((req, resp) -> resp.sendHeaders())
			          .bindNow();

	DefaultPooledConnectionProvider provider = (DefaultPooledConnectionProvider) ConnectionProvider.create("testIssue903", 1);
	HttpClient.create(provider)
	          .port(server.port())
	          .get()
	          .uri("/")
	          .response()
	          .onErrorResume(e -> Mono.empty())
	          .block(Duration.ofSeconds(30));

	provider.channelPools.forEach((k, v) -> assertThat(v.metrics().acquiredSize()).isEqualTo(0));

	provider.disposeLater()
	        .block(Duration.ofSeconds(30));
	server.disposeNow();
}
 
Example 13
Source File: Server.java    From timely with Apache License 2.0 5 votes vote down vote up
protected SslContext createSSLContext(Configuration config) throws Exception {

        ServerSsl sslCfg = config.getSecurity().getServerSsl();
        Boolean generate = sslCfg.isUseGeneratedKeypair();
        SslContextBuilder ssl;
        if (generate) {
            LOG.warn("Using generated self signed server certificate");
            Date begin = new Date();
            Date end = new Date(begin.getTime() + TimeUnit.DAYS.toMillis(7));
            SelfSignedCertificate ssc = new SelfSignedCertificate("localhost", begin, end);
            ssl = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
        } else {
            String cert = sslCfg.getCertificateFile();
            String key = sslCfg.getKeyFile();
            String keyPass = sslCfg.getKeyPassword();
            if (null == cert || null == key) {
                throw new IllegalArgumentException("Check your SSL properties, something is wrong.");
            }
            ssl = SslContextBuilder.forServer(new File(cert), new File(key), keyPass);
        }

        ssl.ciphers(sslCfg.getUseCiphers());

        // Can't set to REQUIRE because the CORS pre-flight requests will fail.
        ssl.clientAuth(ClientAuth.OPTIONAL);

        Boolean useOpenSSL = sslCfg.isUseOpenssl();
        if (useOpenSSL) {
            ssl.sslProvider(SslProvider.OPENSSL);
        } else {
            ssl.sslProvider(SslProvider.JDK);
        }
        String trustStore = sslCfg.getTrustStoreFile();
        if (null != trustStore) {
            if (!trustStore.isEmpty()) {
                ssl.trustManager(new File(trustStore));
            }
        }
        return ssl.build();
    }
 
Example 14
Source File: DefaultCassandanaSslContextCreator.java    From cassandana with Apache License 2.0 5 votes vote down vote up
private static SslContextBuilder builderWithJdkProvider(KeyStore ks, String keyPassword)
        throws GeneralSecurityException {
    LOG.info("Initializing key manager...");
    final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(ks, keyPassword.toCharArray());
    LOG.info("Initializing SSL context...");
    return SslContextBuilder.forServer(kmf);
}
 
Example 15
Source File: TlsTest.java    From grpc-java with Apache License 2.0 5 votes vote down vote up
private ServerBuilder<?> serverBuilder(int port, File serverCertChainFile,
    File serverPrivateKeyFile, X509Certificate[] serverTrustedCaCerts) throws IOException {
  SslContextBuilder sslContextBuilder
      = SslContextBuilder.forServer(serverCertChainFile, serverPrivateKeyFile);
  if (sslProvider == SslProvider.JDK) {
    GrpcSslContexts.configure(sslContextBuilder, jdkProvider);
  } else {
    GrpcSslContexts.configure(sslContextBuilder, sslProvider);
  }
  sslContextBuilder.trustManager(serverTrustedCaCerts)
      .clientAuth(ClientAuth.REQUIRE);

  return NettyServerBuilder.forPort(port)
      .sslContext(sslContextBuilder.build());
}
 
Example 16
Source File: SslContextFactory.java    From xio with Apache License 2.0 4 votes vote down vote up
private static SslContextBuilder newServerBuilder(TlsConfig config) {
  return SslContextBuilder.forServer(config.getPrivateKey(), config.getCertificateAndChain());
}
 
Example 17
Source File: SslContextFactory.java    From servicetalk with Apache License 2.0 4 votes vote down vote up
/**
 * A new context for a server using the passed {@code config}.
 *
 * @param config SSL config.
 * @param supportedAlpnProtocols the list of supported ALPN protocols.
 * @return A new {@link SslContext} for a server.
 */
public static SslContext forServer(ReadOnlyServerSecurityConfig config, List<String> supportedAlpnProtocols) {
    requireNonNull(config);
    SslContextBuilder builder;

    KeyManagerFactory keyManagerFactory = config.keyManagerFactory();
    if (keyManagerFactory != null) {
        builder = SslContextBuilder.forServer(keyManagerFactory);
    } else {
        InputStream keyCertChainSupplier = null;
        InputStream keySupplier = null;
        try {
            keyCertChainSupplier = config.keyCertChainSupplier().get();
            keySupplier = config.keySupplier().get();
            builder = SslContextBuilder.forServer(keyCertChainSupplier, keySupplier, config.keyPassword());
        } finally {
            try {
                closeAndRethrowUnchecked(keyCertChainSupplier);
            } finally {
                closeAndRethrowUnchecked(keySupplier);
            }
        }
    }

    builder.sessionCacheSize(config.sessionCacheSize()).sessionTimeout(config.sessionTimeout())
            .applicationProtocolConfig(nettyApplicationProtocol(supportedAlpnProtocols));

    switch (config.clientAuth()) {
        case NONE:
            builder.clientAuth(ClientAuth.NONE);
            break;
        case OPTIONAL:
            builder.clientAuth(ClientAuth.OPTIONAL);
            break;
        case REQUIRE:
            builder.clientAuth(ClientAuth.REQUIRE);
            break;
        default:
            throw new IllegalArgumentException("Unsupported ClientAuth value: " + config.clientAuth());
    }
    configureTrustManager(config, builder);
    builder.protocols(config.protocols());
    builder.ciphers(config.ciphers());

    builder.sslProvider(toNettySslProvider(config.provider(), !supportedAlpnProtocols.isEmpty()));
    try {
        return builder.build();
    } catch (SSLException e) {
        throw new IllegalArgumentException(e);
    }
}
 
Example 18
Source File: ListenGRPC.java    From nifi with Apache License 2.0 4 votes vote down vote up
@OnScheduled
public void startServer(final ProcessContext context) throws NoSuchAlgorithmException, IOException, KeyStoreException, CertificateException, UnrecoverableKeyException {
    final ComponentLog logger = getLogger();
    // gather configured properties
    final Integer port = context.getProperty(PROP_SERVICE_PORT).asInteger();
    final Boolean useSecure = context.getProperty(PROP_USE_SECURE).asBoolean();
    final Integer flowControlWindow = context.getProperty(PROP_FLOW_CONTROL_WINDOW).asDataSize(DataUnit.B).intValue();
    final Integer maxMessageSize = context.getProperty(PROP_MAX_MESSAGE_SIZE).asDataSize(DataUnit.B).intValue();
    final SSLContextService sslContextService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
    final SSLContext sslContext = sslContextService == null ? null : sslContextService.createSSLContext(SslContextFactory.ClientAuth.NONE);
    final Pattern authorizedDnPattern = Pattern.compile(context.getProperty(PROP_AUTHORIZED_DN_PATTERN).getValue());
    final FlowFileIngestServiceInterceptor callInterceptor = new FlowFileIngestServiceInterceptor(getLogger());
    callInterceptor.enforceDNPattern(authorizedDnPattern);

    final FlowFileIngestService flowFileIngestService = new FlowFileIngestService(getLogger(),
            sessionFactoryReference,
            context);
    NettyServerBuilder serverBuilder = NettyServerBuilder.forPort(port)
            .addService(ServerInterceptors.intercept(flowFileIngestService, callInterceptor))
            // default (de)compressor registries handle both plaintext and gzip compressed messages
            .compressorRegistry(CompressorRegistry.getDefaultInstance())
            .decompressorRegistry(DecompressorRegistry.getDefaultInstance())
            .flowControlWindow(flowControlWindow)
            .maxMessageSize(maxMessageSize);

    if (useSecure && sslContext != null) {
        // construct key manager
        if (StringUtils.isBlank(sslContextService.getKeyStoreFile())) {
            throw new IllegalStateException("SSL is enabled, but no keystore has been configured. You must configure a keystore.");
        }

        final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm(),
                sslContext.getProvider());
        final KeyStore keyStore = KeyStore.getInstance(sslContextService.getKeyStoreType());
        try (final InputStream is = new FileInputStream(sslContextService.getKeyStoreFile())) {
            keyStore.load(is, sslContextService.getKeyStorePassword().toCharArray());
        }
        keyManagerFactory.init(keyStore, sslContextService.getKeyStorePassword().toCharArray());

        SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(keyManagerFactory);

        // if the trust store is configured, then client auth is required.
        if (StringUtils.isNotBlank(sslContextService.getTrustStoreFile())) {
            final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm(),
                    sslContext.getProvider());
            final KeyStore trustStore = KeyStore.getInstance(sslContextService.getTrustStoreType());
            try (final InputStream is = new FileInputStream(sslContextService.getTrustStoreFile())) {
                trustStore.load(is, sslContextService.getTrustStorePassword().toCharArray());
            }
            trustManagerFactory.init(trustStore);
            sslContextBuilder = sslContextBuilder.trustManager(trustManagerFactory);
            sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
        } else {
            sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.NONE);
        }
        sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder);
        serverBuilder = serverBuilder.sslContext(sslContextBuilder.build());
    }
    logger.info("Starting gRPC server on port: {}", new Object[]{port.toString()});
    this.server = serverBuilder.build().start();
}
 
Example 19
Source File: Http2Tests.java    From reactor-netty with Apache License 2.0 4 votes vote down vote up
@Test
public void testHttp2ForMemoryLeaks() throws Exception {
	SelfSignedCertificate cert = new SelfSignedCertificate();
	SslContextBuilder serverCtx = SslContextBuilder.forServer(cert.certificate(), cert.privateKey());
	SslContextBuilder clientCtx = SslContextBuilder.forClient()
	                                               .trustManager(InsecureTrustManagerFactory.INSTANCE);

	disposableServer =
			HttpServer.create()
			          .port(0)
			          .protocol(HttpProtocol.H2)
			          .secure(spec -> spec.sslContext(serverCtx))
			          .handle((req, res) ->
			              res.sendString(Flux.range(0, 10)
			                                 .map(i -> "test")
			                                 .delayElements(Duration.ofMillis(4))))
			          .bindNow();


	HttpClient client =
			HttpClient.create()
			          .port(disposableServer.port())
			          .protocol(HttpProtocol.H2)
			          .secure(spec -> spec.sslContext(clientCtx));
	for(int i = 0; i < 1000; ++i) {
		try {
			client.get()
			      .uri("/")
			      .responseContent()
			      .aggregate()
			      .asString()
			      .timeout(Duration.ofMillis(ThreadLocalRandom.current().nextInt(1, 35)))
			      .block(Duration.ofMillis(100));
		}
		catch (Throwable t) {
			// ignore
		}
	}

	System.gc();
	for (int i = 0; i < 100000; ++i) {
		@SuppressWarnings("UnusedVariable")
		int[] arr = new int[100000];
	}
	System.gc();
}
 
Example 20
Source File: Http2Tests.java    From reactor-netty with Apache License 2.0 4 votes vote down vote up
private void doTestConcurrentStreams(HttpClient baseClient, boolean isSecured,
		HttpProtocol[] serverProtocols, HttpProtocol[] clientProtocols) throws Exception {
	SelfSignedCertificate cert = new SelfSignedCertificate();
	SslContextBuilder serverCtx = SslContextBuilder.forServer(cert.certificate(), cert.privateKey());
	SslContextBuilder clientCtx = SslContextBuilder.forClient()
	                                               .trustManager(InsecureTrustManagerFactory.INSTANCE);

	HttpServer httpServer =
			HttpServer.create()
			          .port(0)
			          .protocol(serverProtocols).wiretap(true)
			          .handle((req, res) -> res.sendString(Mono.just("test")));
	if (isSecured) {
		httpServer = httpServer.secure(spec -> spec.sslContext(serverCtx));
	}

	disposableServer = httpServer.bindNow();

	HttpClient client;
	if (isSecured) {
		client = baseClient.port(disposableServer.port()).wiretap(true)
		                   .protocol(clientProtocols)
		                   .secure(spec -> spec.sslContext(clientCtx));
	}
	else {
		client = baseClient.port(disposableServer.port())
		                   .protocol(clientProtocols);
	}

	CountDownLatch latch = new CountDownLatch(1);
	List<String> responses =
			Flux.range(0, 10)
			    .flatMapDelayError(i ->
			        client.get()
			              .uri("/")
			              .responseContent()
			              .aggregate()
			              .asString(),
			        256, 32)
			        .collectList()
			        .doFinally(fin -> latch.countDown())
			        .block(Duration.ofSeconds(30));

	assertThat(responses).isNotNull();
	assertThat(responses.size()).isEqualTo(10);
}