use of io.netty.handler.ssl.ClientAuth in project flink by apache.
the class SSLUtils method createRestSSLContext.
/**
* Creates an SSL context for clients against the external REST endpoint.
*/
@Nullable
@VisibleForTesting
public static SSLContext createRestSSLContext(Configuration config, boolean clientMode) throws Exception {
ClientAuth clientAuth = SecurityOptions.isRestSSLAuthenticationEnabled(config) ? ClientAuth.REQUIRE : ClientAuth.NONE;
JdkSslContext nettySSLContext = (JdkSslContext) createRestNettySSLContext(config, clientMode, clientAuth, JDK);
if (nettySSLContext != null) {
return nettySSLContext.context();
} else {
return null;
}
}
use of io.netty.handler.ssl.ClientAuth in project graylog2-server by Graylog2.
the class AbstractTcpTransport method getSslHandlerCallable.
private Callable<ChannelHandler> getSslHandlerCallable(MessageInput input) {
final File certFile;
final File keyFile;
if (tlsCertFile.exists() && tlsKeyFile.exists()) {
certFile = tlsCertFile;
keyFile = tlsKeyFile;
} else {
LOG.warn("TLS key file or certificate file does not exist, creating a self-signed certificate for input [{}/{}].", input.getName(), input.getId());
final String tmpDir = System.getProperty("java.io.tmpdir");
checkState(tmpDir != null, "The temporary directory must not be null!");
final Path tmpPath = Paths.get(tmpDir);
if (!Files.isDirectory(tmpPath) || !Files.isWritable(tmpPath)) {
throw new IllegalStateException("Couldn't write to temporary directory: " + tmpPath.toAbsolutePath());
}
try {
final SelfSignedCertificate ssc = new SelfSignedCertificate(configuration.getString(CK_BIND_ADDRESS) + ":" + configuration.getString(CK_PORT));
certFile = ssc.certificate();
if (!Strings.isNullOrEmpty(tlsKeyPassword)) {
keyFile = KeyUtil.generatePKCS8FromPrivateKey(tmpPath, tlsKeyPassword.toCharArray(), ssc.key());
ssc.privateKey().delete();
} else {
keyFile = ssc.privateKey();
}
} catch (GeneralSecurityException e) {
final String msg = String.format(Locale.ENGLISH, "Problem creating a self-signed certificate for input [%s/%s].", input.getName(), input.getId());
throw new IllegalStateException(msg, e);
}
}
final ClientAuth clientAuth;
switch(tlsClientAuth) {
case TLS_CLIENT_AUTH_DISABLED:
LOG.debug("Not using TLS client authentication");
clientAuth = ClientAuth.NONE;
break;
case TLS_CLIENT_AUTH_OPTIONAL:
LOG.debug("Using optional TLS client authentication");
clientAuth = ClientAuth.OPTIONAL;
break;
case TLS_CLIENT_AUTH_REQUIRED:
LOG.debug("Using mandatory TLS client authentication");
clientAuth = ClientAuth.REQUIRE;
break;
default:
throw new IllegalArgumentException("Unknown TLS client authentication mode: " + tlsClientAuth);
}
return buildSslHandlerCallable(nettyTransportConfiguration.getTlsProvider(), certFile, keyFile, tlsKeyPassword, clientAuth, tlsClientAuthCertFile, input);
}
Aggregations