Examples with SslContextBuilder io.netty.handler.ssl.SslContextBuilder used on opensource projects

Example 1 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project pulsar by yahoo.

the class DiscoveryServiceTest method connectToService.

/**
     * creates ClientHandler channel to connect and communicate with server
     * 
     * @param serviceUrl
     * @param latch
     * @return
     * @throws URISyntaxException
     */
public static NioEventLoopGroup connectToService(String serviceUrl, CountDownLatch latch, boolean tls) throws URISyntaxException {
    NioEventLoopGroup workerGroup = new NioEventLoopGroup();
    Bootstrap b = new Bootstrap();
    b.group(workerGroup);
    b.channel(NioSocketChannel.class);
    b.handler(new ChannelInitializer<SocketChannel>() {

        @Override
        public void initChannel(SocketChannel ch) throws Exception {
            if (tls) {
                SslContextBuilder builder = SslContextBuilder.forClient();
                builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
                X509Certificate[] certificates = SecurityUtility.loadCertificatesFromPemFile(TLS_CLIENT_CERT_FILE_PATH);
                PrivateKey privateKey = SecurityUtility.loadPrivateKeyFromPemFile(TLS_CLIENT_KEY_FILE_PATH);
                builder.keyManager(privateKey, (X509Certificate[]) certificates);
                SslContext sslCtx = builder.build();
                ch.pipeline().addLast("tls", sslCtx.newHandler(ch.alloc()));
            }
            ch.pipeline().addLast(new ClientHandler(latch));
        }
    });
    URI uri = new URI(serviceUrl);
    InetSocketAddress serviceAddress = new InetSocketAddress(uri.getHost(), uri.getPort());
    b.connect(serviceAddress).addListener((ChannelFuture future) -> {
        if (!future.isSuccess()) {
            throw new IllegalStateException(future.cause());
        }
    });
    return workerGroup;
}

Example 2 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project grpc-java by grpc.

the class Utils method newNettyClientChannel.

private static NettyChannelBuilder newNettyClientChannel(Transport transport, SocketAddress address, boolean tls, boolean testca, int flowControlWindow, boolean useDefaultCiphers) throws IOException {
    NettyChannelBuilder builder = NettyChannelBuilder.forAddress(address).flowControlWindow(flowControlWindow);
    if (tls) {
        builder.negotiationType(NegotiationType.TLS);
        SslContext sslContext = null;
        if (testca) {
            File cert = TestUtils.loadCert("ca.pem");
            SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient().trustManager(cert);
            if (transport == Transport.NETTY_NIO) {
                sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.JDK);
            } else {
                // Native transport with OpenSSL
                sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.OPENSSL);
            }
            if (useDefaultCiphers) {
                sslContextBuilder.ciphers(null);
            }
            sslContext = sslContextBuilder.build();
        }
        builder.sslContext(sslContext);
    } else {
        builder.negotiationType(NegotiationType.PLAINTEXT);
    }
    DefaultThreadFactory tf = new DefaultThreadFactory("client-elg-", true);
    switch(transport) {
        case NETTY_NIO:
            builder.eventLoopGroup(new NioEventLoopGroup(0, tf)).channelType(NioSocketChannel.class);
            break;
        case NETTY_EPOLL:
            // These classes only work on Linux.
            builder.eventLoopGroup(new EpollEventLoopGroup(0, tf)).channelType(EpollSocketChannel.class);
            break;
        case NETTY_UNIX_DOMAIN_SOCKET:
            // These classes only work on Linux.
            builder.eventLoopGroup(new EpollEventLoopGroup(0, tf)).channelType(EpollDomainSocketChannel.class);
            break;
        default:
            // Should never get here.
            throw new IllegalArgumentException("Unsupported transport: " + transport);
    }
    return builder;
}

Example 3 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project grpc-java by grpc.

the class Http2OkHttpTest method startServer.

/** Starts the server with HTTPS. */
@BeforeClass
public static void startServer() throws Exception {
    try {
        SslProvider sslProvider = SslContext.defaultServerProvider();
        if (sslProvider == SslProvider.OPENSSL && !OpenSsl.isAlpnSupported()) {
            // OkHttp only supports Jetty ALPN on OpenJDK. So if OpenSSL doesn't support ALPN, then we
            // are forced to use Jetty ALPN for Netty instead of OpenSSL.
            sslProvider = SslProvider.JDK;
        }
        SslContextBuilder contextBuilder = SslContextBuilder.forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"));
        GrpcSslContexts.configure(contextBuilder, sslProvider);
        contextBuilder.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE);
        startStaticServer(NettyServerBuilder.forPort(0).flowControlWindow(65 * 1024).maxMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE).sslContext(contextBuilder.build()));
    } catch (IOException ex) {
        throw new RuntimeException(ex);
    }
}

Example 4 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project pulsar by yahoo.

the class SecurityUtility method createNettySslContext.

public static SslContext createNettySslContext(boolean allowInsecureConnection, String trustCertsFilePath, Certificate[] certificates, PrivateKey privateKey) throws GeneralSecurityException, SSLException, FileNotFoundException {
    SslContextBuilder builder = SslContextBuilder.forClient();
    if (allowInsecureConnection) {
        builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
    } else {
        if (trustCertsFilePath != null && trustCertsFilePath.length() != 0) {
            builder.trustManager(new FileInputStream(trustCertsFilePath));
        }
    }
    builder.keyManager(privateKey, (X509Certificate[]) certificates);
    return builder.build();
}

Example 5 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project nifi by apache.

the class TestGRPCServer method start.

/**
 * Starts the gRPC server @localhost:port.
 */
public int start(final int port) throws Exception {
    final NettyServerBuilder nettyServerBuilder = NettyServerBuilder.forPort(port).directExecutor().addService(clazz.newInstance()).compressorRegistry(CompressorRegistry.getDefaultInstance()).decompressorRegistry(DecompressorRegistry.getDefaultInstance());
    if (this.sslProperties != null) {
        if (sslProperties.get(StandardSSLContextService.KEYSTORE.getName()) == null) {
            throw new RuntimeException("You must configure a keystore in order to use SSL with gRPC.");
        }
        final KeyManagerFactory keyManager = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        final KeyStore keyStore = KeyStore.getInstance(sslProperties.get(StandardSSLContextService.KEYSTORE_TYPE.getName()));
        final String keyStoreFile = sslProperties.get(StandardSSLContextService.KEYSTORE.getName());
        final String keyStorePassword = sslProperties.get(StandardSSLContextService.KEYSTORE_PASSWORD.getName());
        try (final InputStream is = new FileInputStream(keyStoreFile)) {
            keyStore.load(is, keyStorePassword.toCharArray());
        }
        keyManager.init(keyStore, keyStorePassword.toCharArray());
        SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(keyManager);
        if (sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName()) != null) {
            final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            final KeyStore trustStore = KeyStore.getInstance(sslProperties.get(StandardSSLContextService.TRUSTSTORE_TYPE.getName()));
            final String trustStoreFile = sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName());
            final String trustStorePassword = sslProperties.get(StandardSSLContextService.TRUSTSTORE_PASSWORD.getName());
            try (final InputStream is = new FileInputStream(trustStoreFile)) {
                trustStore.load(is, trustStorePassword.toCharArray());
            }
            trustManagerFactory.init(trustStore);
            sslContextBuilder = sslContextBuilder.trustManager(trustManagerFactory);
        }
        final String clientAuth = sslProperties.get(NEED_CLIENT_AUTH);
        if (clientAuth == null) {
            sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
        } else {
            sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.valueOf(clientAuth));
        }
        sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder);
        nettyServerBuilder.sslContext(sslContextBuilder.build());
    }
    server = nettyServerBuilder.build().start();
    final int actualPort = server.getPort();
    Runtime.getRuntime().addShutdownHook(new Thread() {

        @Override
        public void run() {
            // Use stderr here since the logger may have been reset by its JVM shutdown hook.
            System.err.println("*** shutting down gRPC server since JVM is shutting down");
            TestGRPCServer.this.stop();
            System.err.println("*** server shut down");
        }
    });
    return actualPort;
}