use of io.netty.handler.ssl.SslContext in project vert.x by eclipse.
the class SSLHelperTest method testUseOpenSSLCiphersWhenNotSpecified.
@Test
public void testUseOpenSSLCiphersWhenNotSpecified() throws Exception {
Set<String> expected = OpenSsl.availableOpenSslCipherSuites();
SSLHelper helper = new SSLHelper(new HttpClientOptions().setOpenSslEngineOptions(new OpenSSLEngineOptions()), Cert.CLIENT_PEM.get(), Trust.SERVER_PEM.get());
SslContext ctx = helper.getContext((VertxInternal) vertx);
assertEquals(expected, new HashSet<>(ctx.cipherSuites()));
}
use of io.netty.handler.ssl.SslContext in project vert.x by eclipse.
the class SSLEngineTest method doTest.
private void doTest(SSLEngineOptions engine, boolean useAlpn, HttpVersion version, String error, String expectedSslContext, boolean expectCause) {
server.close();
HttpServerOptions options = new HttpServerOptions().setSslEngineOptions(engine).setPort(DEFAULT_HTTP_PORT).setHost(DEFAULT_HTTP_HOST).setKeyCertOptions(Cert.SERVER_PEM.get()).setSsl(true).setUseAlpn(useAlpn);
server = vertx.createHttpServer(options);
server.requestHandler(req -> {
assertEquals(req.version(), version);
assertTrue(req.isSSL());
req.response().end();
});
try {
startServer();
if (error != null) {
fail("Was expecting failure: " + error);
}
} catch (Exception e) {
if (error == null) {
fail(e);
} else {
assertEquals(error, e.getMessage());
if (expectCause) {
assertNotSame(e, e.getCause());
}
return;
}
}
SSLHelper sslHelper = ((HttpServerImpl) server).sslHelper();
SslContext ctx = sslHelper.getContext((VertxInternal) vertx);
switch(expectedSslContext != null ? expectedSslContext : "jdk") {
case "jdk":
assertTrue(ctx instanceof JdkSslContext);
break;
case "openssl":
assertTrue(ctx instanceof OpenSslContext);
break;
}
client = vertx.createHttpClient(new HttpClientOptions().setSslEngineOptions(engine).setSsl(true).setUseAlpn(useAlpn).setTrustAll(true).setProtocolVersion(version));
client.request(HttpMethod.GET, DEFAULT_HTTP_PORT, DEFAULT_HTTP_HOST, "/somepath", onSuccess(req -> {
req.send(onSuccess(resp -> {
assertEquals(200, resp.statusCode());
testComplete();
}));
}));
await();
}
use of io.netty.handler.ssl.SslContext in project crate by crate.
the class SslContextProviderTest method testClassLoadingWithValidConfiguration.
@Test
public void testClassLoadingWithValidConfiguration() {
Settings settings = Settings.builder().put(SslSettings.SSL_HTTP_ENABLED.getKey(), true).put(SslSettings.SSL_PSQL_ENABLED.getKey(), true).put(SslSettings.SSL_TRUSTSTORE_FILEPATH.getKey(), trustStoreFile.getAbsolutePath()).put(SslSettings.SSL_TRUSTSTORE_PASSWORD.getKey(), "keystorePassword").put(SslSettings.SSL_KEYSTORE_FILEPATH.getKey(), keyStoreFile.getAbsolutePath()).put(SslSettings.SSL_KEYSTORE_PASSWORD.getKey(), "keystorePassword").put(SslSettings.SSL_KEYSTORE_KEY_PASSWORD.getKey(), "keystorePassword").build();
var sslContextProvider = new SslContextProvider(settings);
SslContext sslContext = sslContextProvider.getServerContext(Protocol.TRANSPORT);
assertThat(sslContext, instanceOf(SslContext.class));
assertThat(sslContext.isServer(), is(true));
assertThat(sslContext.cipherSuites(), not(empty()));
}
use of io.netty.handler.ssl.SslContext in project zookeeper by apache.
the class NettyServerCnxnFactory method initSSL.
private synchronized void initSSL(ChannelPipeline p, boolean supportPlaintext) throws X509Exception, KeyManagementException, NoSuchAlgorithmException {
String authProviderProp = System.getProperty(x509Util.getSslAuthProviderProperty());
SslContext nettySslContext;
if (authProviderProp == null) {
SSLContextAndOptions sslContextAndOptions = x509Util.getDefaultSSLContextAndOptions();
nettySslContext = sslContextAndOptions.createNettyJdkSslContext(sslContextAndOptions.getSSLContext(), false);
} else {
SSLContext sslContext = SSLContext.getInstance(ClientX509Util.DEFAULT_PROTOCOL);
X509AuthenticationProvider authProvider = (X509AuthenticationProvider) ProviderRegistry.getProvider(System.getProperty(x509Util.getSslAuthProviderProperty(), "x509"));
if (authProvider == null) {
LOG.error("Auth provider not found: {}", authProviderProp);
throw new SSLContextException("Could not create SSLContext with specified auth provider: " + authProviderProp);
}
sslContext.init(new X509KeyManager[] { authProvider.getKeyManager() }, new X509TrustManager[] { authProvider.getTrustManager() }, null);
nettySslContext = x509Util.getDefaultSSLContextAndOptions().createNettyJdkSslContext(sslContext, false);
}
if (supportPlaintext) {
p.addLast("ssl", new DualModeSslHandler(nettySslContext));
LOG.debug("dual mode SSL handler added for channel: {}", p.channel());
} else {
p.addLast("ssl", nettySslContext.newHandler(p.channel().alloc()));
LOG.debug("SSL handler added for channel: {}", p.channel());
}
}
use of io.netty.handler.ssl.SslContext in project dubbo by alibaba.
the class SslContextsTest method testSslContextsItem.
protected void testSslContextsItem() throws NoSuchFieldException, IllegalAccessException {
String cipher = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
String protocol = "TLSv1.3";
ConfigManager globalConfigManager = ApplicationModel.getConfigManager();
SslConfig sslConfig = new SslConfig();
sslConfig.setCiphers(Arrays.asList(cipher));
sslConfig.setProtocols(Arrays.asList(protocol));
globalConfigManager.setSsl(sslConfig);
SslContext sslContext = SslContexts.buildClientSslContext(null);
if (sslContext instanceof JdkSslContext) {
JdkSslContext jdkSslContext = (JdkSslContext) sslContext;
List<String> cipherSuites = jdkSslContext.cipherSuites();
Assertions.assertTrue(cipherSuites.size() == 1 && cipherSuites.get(0).equals(cipher));
Field protocols = JdkSslContext.class.getDeclaredField("protocols");
protocols.setAccessible(true);
String[] item = (String[]) protocols.get(jdkSslContext);
Assertions.assertTrue(item.length == 1 && item[0].equals(protocol));
} else if (sslContext instanceof OpenSslContext) {
OpenSslContext openSslContext = (OpenSslContext) sslContext;
Assertions.assertTrue(openSslContext instanceof ReferenceCountedOpenSslContext);
List<String> cipherSuites = openSslContext.cipherSuites();
Assertions.assertTrue(cipherSuites.size() == 1 && cipherSuites.get(0).equals(cipher));
Field protocols = ReferenceCountedOpenSslContext.class.getDeclaredField("protocols");
protocols.setAccessible(true);
final String[] item = (String[]) protocols.get(openSslContext);
Assertions.assertTrue(item.length == 1 && item[0].equals(protocol));
}
}
Aggregations