Search in sources :

Example 6 with ClientAuth

use of io.netty.handler.ssl.ClientAuth in project flink by apache.

the class SSLUtils method createRestSSLContext.

/**
 * Creates an SSL context for clients against the external REST endpoint.
 */
@Nullable
@VisibleForTesting
public static SSLContext createRestSSLContext(Configuration config, boolean clientMode) throws Exception {
    ClientAuth clientAuth = SecurityOptions.isRestSSLAuthenticationEnabled(config) ? ClientAuth.REQUIRE : ClientAuth.NONE;
    JdkSslContext nettySSLContext = (JdkSslContext) createRestNettySSLContext(config, clientMode, clientAuth, JDK);
    if (nettySSLContext != null) {
        return nettySSLContext.context();
    } else {
        return null;
    }
}
Also used : JdkSslContext(org.apache.flink.shaded.netty4.io.netty.handler.ssl.JdkSslContext) ClientAuth(org.apache.flink.shaded.netty4.io.netty.handler.ssl.ClientAuth) VisibleForTesting(org.apache.flink.annotation.VisibleForTesting) Nullable(javax.annotation.Nullable)

Example 7 with ClientAuth

use of io.netty.handler.ssl.ClientAuth in project graylog2-server by Graylog2.

the class AbstractTcpTransport method getSslHandlerCallable.

private Callable<ChannelHandler> getSslHandlerCallable(MessageInput input) {
    final File certFile;
    final File keyFile;
    if (tlsCertFile.exists() && tlsKeyFile.exists()) {
        certFile = tlsCertFile;
        keyFile = tlsKeyFile;
    } else {
        LOG.warn("TLS key file or certificate file does not exist, creating a self-signed certificate for input [{}/{}].", input.getName(), input.getId());
        final String tmpDir = System.getProperty("java.io.tmpdir");
        checkState(tmpDir != null, "The temporary directory must not be null!");
        final Path tmpPath = Paths.get(tmpDir);
        if (!Files.isDirectory(tmpPath) || !Files.isWritable(tmpPath)) {
            throw new IllegalStateException("Couldn't write to temporary directory: " + tmpPath.toAbsolutePath());
        }
        try {
            final SelfSignedCertificate ssc = new SelfSignedCertificate(configuration.getString(CK_BIND_ADDRESS) + ":" + configuration.getString(CK_PORT));
            certFile = ssc.certificate();
            if (!Strings.isNullOrEmpty(tlsKeyPassword)) {
                keyFile = KeyUtil.generatePKCS8FromPrivateKey(tmpPath, tlsKeyPassword.toCharArray(), ssc.key());
                ssc.privateKey().delete();
            } else {
                keyFile = ssc.privateKey();
            }
        } catch (GeneralSecurityException e) {
            final String msg = String.format(Locale.ENGLISH, "Problem creating a self-signed certificate for input [%s/%s].", input.getName(), input.getId());
            throw new IllegalStateException(msg, e);
        }
    }
    final ClientAuth clientAuth;
    switch(tlsClientAuth) {
        case TLS_CLIENT_AUTH_DISABLED:
            LOG.debug("Not using TLS client authentication");
            clientAuth = ClientAuth.NONE;
            break;
        case TLS_CLIENT_AUTH_OPTIONAL:
            LOG.debug("Using optional TLS client authentication");
            clientAuth = ClientAuth.OPTIONAL;
            break;
        case TLS_CLIENT_AUTH_REQUIRED:
            LOG.debug("Using mandatory TLS client authentication");
            clientAuth = ClientAuth.REQUIRE;
            break;
        default:
            throw new IllegalArgumentException("Unknown TLS client authentication mode: " + tlsClientAuth);
    }
    return buildSslHandlerCallable(nettyTransportConfiguration.getTlsProvider(), certFile, keyFile, tlsKeyPassword, clientAuth, tlsClientAuthCertFile, input);
}
Also used : Path(java.nio.file.Path) SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) GeneralSecurityException(java.security.GeneralSecurityException) ClientAuth(io.netty.handler.ssl.ClientAuth) File(java.io.File)

Aggregations

ClientAuth (org.apache.flink.shaded.netty4.io.netty.handler.ssl.ClientAuth)4 ClientAuth (io.netty.handler.ssl.ClientAuth)3 JdkSslContext (org.apache.flink.shaded.netty4.io.netty.handler.ssl.JdkSslContext)3 Certificate (java.security.cert.Certificate)2 X509Certificate (java.security.cert.X509Certificate)2 Nullable (javax.annotation.Nullable)2 IllegalConfigurationException (org.apache.flink.configuration.IllegalConfigurationException)2 SSLHandlerFactory (org.apache.flink.runtime.io.network.netty.SSLHandlerFactory)2 SslContext (org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext)2 SslHandshakeInfo (com.netflix.netty.common.ssl.SslHandshakeInfo)1 PassportState (com.netflix.zuul.passport.PassportState)1 SniCompletionEvent (io.netty.handler.ssl.SniCompletionEvent)1 SslCloseCompletionEvent (io.netty.handler.ssl.SslCloseCompletionEvent)1 SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)1 SslHandler (io.netty.handler.ssl.SslHandler)1 SslHandshakeCompletionEvent (io.netty.handler.ssl.SslHandshakeCompletionEvent)1 SslProvider (io.netty.handler.ssl.SslProvider)1 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)1 File (java.io.File)1 IOException (java.io.IOException)1