use of io.netty.handler.ssl.SslContextBuilder in project pinpoint by naver.
the class SslContextFactory method create.
public static SslContext create(SslServerConfig serverConfig) throws SSLException {
Objects.requireNonNull(serverConfig, "serverConfig");
SslProvider sslProvider = getSslProvider(serverConfig.getSslProviderType());
SslContextBuilder sslContextBuilder;
try {
Resource keyCertChainFileResource = serverConfig.getKeyCertChainResource();
Resource keyResource = serverConfig.getKeyResource();
sslContextBuilder = SslContextBuilder.forServer(keyCertChainFileResource.getInputStream(), keyResource.getInputStream());
SslContext sslContext = createSslContext(sslContextBuilder, sslProvider);
assertValidCipherSuite(sslContext);
return sslContext;
} catch (SSLException e) {
throw e;
} catch (Exception e) {
throw new SSLException(e);
}
}
use of io.netty.handler.ssl.SslContextBuilder in project pinpoint by naver.
the class SslContextFactory method createSslContext.
private static SslContext createSslContext(SslContextBuilder sslContextBuilder, SslProvider sslProvider) throws SSLException {
sslContextBuilder.sslProvider(sslProvider);
sslContextBuilder.protocols(SecurityConstants.DEFAULT_SUPPORT_PROTOCOLS.toArray(new String[0]));
sslContextBuilder.ciphers(SecurityConstants.DEFAULT_SUPPORT_CIPHER_SUITE, SupportedCipherSuiteFilter.INSTANCE);
SslContextBuilder configure = GrpcSslContexts.configure(sslContextBuilder, sslProvider);
return configure.build();
}
use of io.netty.handler.ssl.SslContextBuilder in project zuul by Netflix.
the class BaseSslContextFactory method createBuilderForServer.
@Override
public SslContextBuilder createBuilderForServer() {
try {
ArrayList<X509Certificate> trustedCerts = getTrustedX509Certificates();
SslProvider sslProvider = chooseSslProvider();
LOG.debug("Using SslProvider of type {}", sslProvider.name());
SslContextBuilder builder = newBuilderForServer().ciphers(getCiphers(), getCiphersFilter()).sessionTimeout(serverSslConfig.getSessionTimeout()).sslProvider(sslProvider);
if (serverSslConfig.getClientAuth() != null && trustedCerts != null && !trustedCerts.isEmpty()) {
builder = builder.trustManager(trustedCerts.toArray(new X509Certificate[0])).clientAuth(serverSslConfig.getClientAuth());
}
return builder;
} catch (Exception e) {
throw new RuntimeException("Error configuring SslContext!", e);
}
}
use of io.netty.handler.ssl.SslContextBuilder in project zuul by Netflix.
the class Http2Configuration method configureSSL.
public static SslContext configureSSL(SslContextFactory sslContextFactory, String metricId) {
SslContextBuilder builder = sslContextFactory.createBuilderForServer();
String[] supportedProtocols = new String[] { ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1 };
ApplicationProtocolConfig apn = new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, supportedProtocols);
final SslContext sslContext;
try {
sslContext = builder.applicationProtocolConfig(apn).build();
} catch (SSLException e) {
throw new RuntimeException("Error configuring SslContext with ALPN!", e);
}
// Enable TLS Session Tickets support.
sslContextFactory.enableSessionTickets(sslContext);
// Setup metrics tracking the OpenSSL stats.
sslContextFactory.configureOpenSslStatsMetrics(sslContext, metricId);
return sslContext;
}
use of io.netty.handler.ssl.SslContextBuilder in project flink by apache.
the class SSLUtils method createRestNettySSLContext.
/**
* Creates an SSL context for the external REST SSL. If mutual authentication is configured the
* client and the server side configuration are identical.
*/
@Nullable
public static SslContext createRestNettySSLContext(Configuration config, boolean clientMode, ClientAuth clientAuth, SslProvider provider) throws Exception {
checkNotNull(config, "config");
if (!SecurityOptions.isRestSSLEnabled(config)) {
return null;
}
String[] sslProtocols = getEnabledProtocols(config);
final SslContextBuilder sslContextBuilder;
if (clientMode) {
sslContextBuilder = SslContextBuilder.forClient();
if (clientAuth != ClientAuth.NONE) {
KeyManagerFactory kmf = getKeyManagerFactory(config, false, provider);
sslContextBuilder.keyManager(kmf);
}
} else {
KeyManagerFactory kmf = getKeyManagerFactory(config, false, provider);
sslContextBuilder = SslContextBuilder.forServer(kmf);
}
if (clientMode || clientAuth != ClientAuth.NONE) {
TrustManagerFactory tmf = getTrustManagerFactory(config, false);
sslContextBuilder.trustManager(tmf);
}
return sslContextBuilder.sslProvider(provider).protocols(sslProtocols).clientAuth(clientAuth).build();
}
Aggregations