Search in sources :

Example 91 with SslContext

use of io.netty.handler.ssl.SslContext in project vert.x by eclipse.

the class SSLHelperTest method testUseOpenSSLCiphersWhenNotSpecified.

@Test
public void testUseOpenSSLCiphersWhenNotSpecified() throws Exception {
    Set<String> expected = OpenSsl.availableOpenSslCipherSuites();
    SSLHelper helper = new SSLHelper(new HttpClientOptions().setOpenSslEngineOptions(new OpenSSLEngineOptions()), Cert.CLIENT_PEM.get(), Trust.SERVER_PEM.get());
    SslContext ctx = helper.getContext((VertxInternal) vertx);
    assertEquals(expected, new HashSet<>(ctx.cipherSuites()));
}
Also used : SSLHelper(io.vertx.core.net.impl.SSLHelper) HttpClientOptions(io.vertx.core.http.HttpClientOptions) SslContext(io.netty.handler.ssl.SslContext) Test(org.junit.Test)

Example 92 with SslContext

use of io.netty.handler.ssl.SslContext in project vert.x by eclipse.

the class SSLEngineTest method doTest.

private void doTest(SSLEngineOptions engine, boolean useAlpn, HttpVersion version, String error, String expectedSslContext, boolean expectCause) {
    server.close();
    HttpServerOptions options = new HttpServerOptions().setSslEngineOptions(engine).setPort(DEFAULT_HTTP_PORT).setHost(DEFAULT_HTTP_HOST).setKeyCertOptions(Cert.SERVER_PEM.get()).setSsl(true).setUseAlpn(useAlpn);
    server = vertx.createHttpServer(options);
    server.requestHandler(req -> {
        assertEquals(req.version(), version);
        assertTrue(req.isSSL());
        req.response().end();
    });
    try {
        startServer();
        if (error != null) {
            fail("Was expecting failure: " + error);
        }
    } catch (Exception e) {
        if (error == null) {
            fail(e);
        } else {
            assertEquals(error, e.getMessage());
            if (expectCause) {
                assertNotSame(e, e.getCause());
            }
            return;
        }
    }
    SSLHelper sslHelper = ((HttpServerImpl) server).sslHelper();
    SslContext ctx = sslHelper.getContext((VertxInternal) vertx);
    switch(expectedSslContext != null ? expectedSslContext : "jdk") {
        case "jdk":
            assertTrue(ctx instanceof JdkSslContext);
            break;
        case "openssl":
            assertTrue(ctx instanceof OpenSslContext);
            break;
    }
    client = vertx.createHttpClient(new HttpClientOptions().setSslEngineOptions(engine).setSsl(true).setUseAlpn(useAlpn).setTrustAll(true).setProtocolVersion(version));
    client.request(HttpMethod.GET, DEFAULT_HTTP_PORT, DEFAULT_HTTP_HOST, "/somepath", onSuccess(req -> {
        req.send(onSuccess(resp -> {
            assertEquals(200, resp.statusCode());
            testComplete();
        }));
    }));
    await();
}
Also used : SSLHelper(io.vertx.core.net.impl.SSLHelper) VertxException(io.vertx.core.VertxException) HttpServerImpl(io.vertx.core.http.impl.HttpServerImpl) SSLEngineOptions(io.vertx.core.net.SSLEngineOptions) VertxInternal(io.vertx.core.impl.VertxInternal) JdkSslContext(io.netty.handler.ssl.JdkSslContext) SslContext(io.netty.handler.ssl.SslContext) OpenSslContext(io.netty.handler.ssl.OpenSslContext) Test(org.junit.Test) SSLHelper(io.vertx.core.net.impl.SSLHelper) OpenSSLEngineOptions(io.vertx.core.net.OpenSSLEngineOptions) HttpTestBase(io.vertx.core.http.HttpTestBase) HttpVersion(io.vertx.core.http.HttpVersion) HttpMethod(io.vertx.core.http.HttpMethod) Cert(io.vertx.test.tls.Cert) HttpServerOptions(io.vertx.core.http.HttpServerOptions) HttpClientOptions(io.vertx.core.http.HttpClientOptions) JdkSSLEngineOptions(io.vertx.core.net.JdkSSLEngineOptions) JdkSslContext(io.netty.handler.ssl.JdkSslContext) OpenSslContext(io.netty.handler.ssl.OpenSslContext) HttpServerOptions(io.vertx.core.http.HttpServerOptions) VertxException(io.vertx.core.VertxException) HttpClientOptions(io.vertx.core.http.HttpClientOptions) HttpServerImpl(io.vertx.core.http.impl.HttpServerImpl) JdkSslContext(io.netty.handler.ssl.JdkSslContext) SslContext(io.netty.handler.ssl.SslContext) OpenSslContext(io.netty.handler.ssl.OpenSslContext)

Example 93 with SslContext

use of io.netty.handler.ssl.SslContext in project crate by crate.

the class SslContextProviderTest method testClassLoadingWithValidConfiguration.

@Test
public void testClassLoadingWithValidConfiguration() {
    Settings settings = Settings.builder().put(SslSettings.SSL_HTTP_ENABLED.getKey(), true).put(SslSettings.SSL_PSQL_ENABLED.getKey(), true).put(SslSettings.SSL_TRUSTSTORE_FILEPATH.getKey(), trustStoreFile.getAbsolutePath()).put(SslSettings.SSL_TRUSTSTORE_PASSWORD.getKey(), "keystorePassword").put(SslSettings.SSL_KEYSTORE_FILEPATH.getKey(), keyStoreFile.getAbsolutePath()).put(SslSettings.SSL_KEYSTORE_PASSWORD.getKey(), "keystorePassword").put(SslSettings.SSL_KEYSTORE_KEY_PASSWORD.getKey(), "keystorePassword").build();
    var sslContextProvider = new SslContextProvider(settings);
    SslContext sslContext = sslContextProvider.getServerContext(Protocol.TRANSPORT);
    assertThat(sslContext, instanceOf(SslContext.class));
    assertThat(sslContext.isServer(), is(true));
    assertThat(sslContext.cipherSuites(), not(empty()));
}
Also used : Settings(org.elasticsearch.common.settings.Settings) SslContext(io.netty.handler.ssl.SslContext) Test(org.junit.Test)

Example 94 with SslContext

use of io.netty.handler.ssl.SslContext in project zookeeper by apache.

the class NettyServerCnxnFactory method initSSL.

private synchronized void initSSL(ChannelPipeline p, boolean supportPlaintext) throws X509Exception, KeyManagementException, NoSuchAlgorithmException {
    String authProviderProp = System.getProperty(x509Util.getSslAuthProviderProperty());
    SslContext nettySslContext;
    if (authProviderProp == null) {
        SSLContextAndOptions sslContextAndOptions = x509Util.getDefaultSSLContextAndOptions();
        nettySslContext = sslContextAndOptions.createNettyJdkSslContext(sslContextAndOptions.getSSLContext(), false);
    } else {
        SSLContext sslContext = SSLContext.getInstance(ClientX509Util.DEFAULT_PROTOCOL);
        X509AuthenticationProvider authProvider = (X509AuthenticationProvider) ProviderRegistry.getProvider(System.getProperty(x509Util.getSslAuthProviderProperty(), "x509"));
        if (authProvider == null) {
            LOG.error("Auth provider not found: {}", authProviderProp);
            throw new SSLContextException("Could not create SSLContext with specified auth provider: " + authProviderProp);
        }
        sslContext.init(new X509KeyManager[] { authProvider.getKeyManager() }, new X509TrustManager[] { authProvider.getTrustManager() }, null);
        nettySslContext = x509Util.getDefaultSSLContextAndOptions().createNettyJdkSslContext(sslContext, false);
    }
    if (supportPlaintext) {
        p.addLast("ssl", new DualModeSslHandler(nettySslContext));
        LOG.debug("dual mode SSL handler added for channel: {}", p.channel());
    } else {
        p.addLast("ssl", nettySslContext.newHandler(p.channel().alloc()));
        LOG.debug("SSL handler added for channel: {}", p.channel());
    }
}
Also used : SSLContextAndOptions(org.apache.zookeeper.common.SSLContextAndOptions) X509AuthenticationProvider(org.apache.zookeeper.server.auth.X509AuthenticationProvider) SSLContextException(org.apache.zookeeper.common.X509Exception.SSLContextException) SSLContext(javax.net.ssl.SSLContext) SslContext(io.netty.handler.ssl.SslContext)

Example 95 with SslContext

use of io.netty.handler.ssl.SslContext in project dubbo by alibaba.

the class SslContextsTest method testSslContextsItem.

protected void testSslContextsItem() throws NoSuchFieldException, IllegalAccessException {
    String cipher = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
    String protocol = "TLSv1.3";
    ConfigManager globalConfigManager = ApplicationModel.getConfigManager();
    SslConfig sslConfig = new SslConfig();
    sslConfig.setCiphers(Arrays.asList(cipher));
    sslConfig.setProtocols(Arrays.asList(protocol));
    globalConfigManager.setSsl(sslConfig);
    SslContext sslContext = SslContexts.buildClientSslContext(null);
    if (sslContext instanceof JdkSslContext) {
        JdkSslContext jdkSslContext = (JdkSslContext) sslContext;
        List<String> cipherSuites = jdkSslContext.cipherSuites();
        Assertions.assertTrue(cipherSuites.size() == 1 && cipherSuites.get(0).equals(cipher));
        Field protocols = JdkSslContext.class.getDeclaredField("protocols");
        protocols.setAccessible(true);
        String[] item = (String[]) protocols.get(jdkSslContext);
        Assertions.assertTrue(item.length == 1 && item[0].equals(protocol));
    } else if (sslContext instanceof OpenSslContext) {
        OpenSslContext openSslContext = (OpenSslContext) sslContext;
        Assertions.assertTrue(openSslContext instanceof ReferenceCountedOpenSslContext);
        List<String> cipherSuites = openSslContext.cipherSuites();
        Assertions.assertTrue(cipherSuites.size() == 1 && cipherSuites.get(0).equals(cipher));
        Field protocols = ReferenceCountedOpenSslContext.class.getDeclaredField("protocols");
        protocols.setAccessible(true);
        final String[] item = (String[]) protocols.get(openSslContext);
        Assertions.assertTrue(item.length == 1 && item[0].equals(protocol));
    }
}
Also used : Field(java.lang.reflect.Field) SslConfig(org.apache.dubbo.config.SslConfig) ReferenceCountedOpenSslContext(io.netty.handler.ssl.ReferenceCountedOpenSslContext) JdkSslContext(io.netty.handler.ssl.JdkSslContext) OpenSslContext(io.netty.handler.ssl.OpenSslContext) ReferenceCountedOpenSslContext(io.netty.handler.ssl.ReferenceCountedOpenSslContext) List(java.util.List) ConfigManager(org.apache.dubbo.config.context.ConfigManager) JdkSslContext(io.netty.handler.ssl.JdkSslContext) SslContext(io.netty.handler.ssl.SslContext) OpenSslContext(io.netty.handler.ssl.OpenSslContext) ReferenceCountedOpenSslContext(io.netty.handler.ssl.ReferenceCountedOpenSslContext)

Aggregations

SslContext (io.netty.handler.ssl.SslContext)200 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)63 EventLoopGroup (io.netty.channel.EventLoopGroup)52 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)50 Test (org.junit.Test)48 Channel (io.netty.channel.Channel)43 ServerBootstrap (io.netty.bootstrap.ServerBootstrap)41 SSLException (javax.net.ssl.SSLException)40 NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)36 Bootstrap (io.netty.bootstrap.Bootstrap)35 LoggingHandler (io.netty.handler.logging.LoggingHandler)35 SocketChannel (io.netty.channel.socket.SocketChannel)34 NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)33 SslHandler (io.netty.handler.ssl.SslHandler)26 SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)25 ChannelPipeline (io.netty.channel.ChannelPipeline)23 InetSocketAddress (java.net.InetSocketAddress)23 ChannelFuture (io.netty.channel.ChannelFuture)21 File (java.io.File)21 CertificateException (java.security.cert.CertificateException)20