Search in sources :

Example 46 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project pinpoint by naver.

the class SslContextFactory method create.

public static SslContext create(SslServerConfig serverConfig) throws SSLException {
    Objects.requireNonNull(serverConfig, "serverConfig");
    SslProvider sslProvider = getSslProvider(serverConfig.getSslProviderType());
    SslContextBuilder sslContextBuilder;
    try {
        Resource keyCertChainFileResource = serverConfig.getKeyCertChainResource();
        Resource keyResource = serverConfig.getKeyResource();
        sslContextBuilder = SslContextBuilder.forServer(keyCertChainFileResource.getInputStream(), keyResource.getInputStream());
        SslContext sslContext = createSslContext(sslContextBuilder, sslProvider);
        assertValidCipherSuite(sslContext);
        return sslContext;
    } catch (SSLException e) {
        throw e;
    } catch (Exception e) {
        throw new SSLException(e);
    }
}
Also used : SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) Resource(com.navercorp.pinpoint.grpc.util.Resource) SslProvider(io.netty.handler.ssl.SslProvider) SSLException(javax.net.ssl.SSLException) SSLException(javax.net.ssl.SSLException) SslContext(io.netty.handler.ssl.SslContext)

Example 47 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project pinpoint by naver.

the class SslContextFactory method createSslContext.

private static SslContext createSslContext(SslContextBuilder sslContextBuilder, SslProvider sslProvider) throws SSLException {
    sslContextBuilder.sslProvider(sslProvider);
    sslContextBuilder.protocols(SecurityConstants.DEFAULT_SUPPORT_PROTOCOLS.toArray(new String[0]));
    sslContextBuilder.ciphers(SecurityConstants.DEFAULT_SUPPORT_CIPHER_SUITE, SupportedCipherSuiteFilter.INSTANCE);
    SslContextBuilder configure = GrpcSslContexts.configure(sslContextBuilder, sslProvider);
    return configure.build();
}
Also used : SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)

Example 48 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project zuul by Netflix.

the class BaseSslContextFactory method createBuilderForServer.

@Override
public SslContextBuilder createBuilderForServer() {
    try {
        ArrayList<X509Certificate> trustedCerts = getTrustedX509Certificates();
        SslProvider sslProvider = chooseSslProvider();
        LOG.debug("Using SslProvider of type {}", sslProvider.name());
        SslContextBuilder builder = newBuilderForServer().ciphers(getCiphers(), getCiphersFilter()).sessionTimeout(serverSslConfig.getSessionTimeout()).sslProvider(sslProvider);
        if (serverSslConfig.getClientAuth() != null && trustedCerts != null && !trustedCerts.isEmpty()) {
            builder = builder.trustManager(trustedCerts.toArray(new X509Certificate[0])).clientAuth(serverSslConfig.getClientAuth());
        }
        return builder;
    } catch (Exception e) {
        throw new RuntimeException("Error configuring SslContext!", e);
    }
}
Also used : SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) SslProvider(io.netty.handler.ssl.SslProvider) X509Certificate(java.security.cert.X509Certificate) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) FileNotFoundException(java.io.FileNotFoundException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ForOverride(com.google.errorprone.annotations.ForOverride)

Example 49 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project zuul by Netflix.

the class Http2Configuration method configureSSL.

public static SslContext configureSSL(SslContextFactory sslContextFactory, String metricId) {
    SslContextBuilder builder = sslContextFactory.createBuilderForServer();
    String[] supportedProtocols = new String[] { ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1 };
    ApplicationProtocolConfig apn = new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
    ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
    ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, supportedProtocols);
    final SslContext sslContext;
    try {
        sslContext = builder.applicationProtocolConfig(apn).build();
    } catch (SSLException e) {
        throw new RuntimeException("Error configuring SslContext with ALPN!", e);
    }
    // Enable TLS Session Tickets support.
    sslContextFactory.enableSessionTickets(sslContext);
    // Setup metrics tracking the OpenSSL stats.
    sslContextFactory.configureOpenSslStatsMetrics(sslContext, metricId);
    return sslContext;
}
Also used : SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) SSLException(javax.net.ssl.SSLException) ApplicationProtocolConfig(io.netty.handler.ssl.ApplicationProtocolConfig) SslContext(io.netty.handler.ssl.SslContext)

Example 50 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project flink by apache.

the class SSLUtils method createRestNettySSLContext.

/**
 * Creates an SSL context for the external REST SSL. If mutual authentication is configured the
 * client and the server side configuration are identical.
 */
@Nullable
public static SslContext createRestNettySSLContext(Configuration config, boolean clientMode, ClientAuth clientAuth, SslProvider provider) throws Exception {
    checkNotNull(config, "config");
    if (!SecurityOptions.isRestSSLEnabled(config)) {
        return null;
    }
    String[] sslProtocols = getEnabledProtocols(config);
    final SslContextBuilder sslContextBuilder;
    if (clientMode) {
        sslContextBuilder = SslContextBuilder.forClient();
        if (clientAuth != ClientAuth.NONE) {
            KeyManagerFactory kmf = getKeyManagerFactory(config, false, provider);
            sslContextBuilder.keyManager(kmf);
        }
    } else {
        KeyManagerFactory kmf = getKeyManagerFactory(config, false, provider);
        sslContextBuilder = SslContextBuilder.forServer(kmf);
    }
    if (clientMode || clientAuth != ClientAuth.NONE) {
        TrustManagerFactory tmf = getTrustManagerFactory(config, false);
        sslContextBuilder.trustManager(tmf);
    }
    return sslContextBuilder.sslProvider(provider).protocols(sslProtocols).clientAuth(clientAuth).build();
}
Also used : SslContextBuilder(org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContextBuilder) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) FingerprintTrustManagerFactory(org.apache.flink.shaded.netty4.io.netty.handler.ssl.util.FingerprintTrustManagerFactory) OpenSslX509KeyManagerFactory(org.apache.flink.shaded.netty4.io.netty.handler.ssl.OpenSslX509KeyManagerFactory) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) Nullable(javax.annotation.Nullable)

Aggregations

SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)49 SslContext (io.netty.handler.ssl.SslContext)14 SSLException (javax.net.ssl.SSLException)12 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)11 InputStream (java.io.InputStream)10 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)10 SslProvider (io.netty.handler.ssl.SslProvider)9 File (java.io.File)9 IOException (java.io.IOException)9 KeyStore (java.security.KeyStore)7 X509Certificate (java.security.cert.X509Certificate)7 ApplicationProtocolConfig (io.netty.handler.ssl.ApplicationProtocolConfig)5 PrivateKey (java.security.PrivateKey)5 SslHandler (io.netty.handler.ssl.SslHandler)4 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)4 FileInputStream (java.io.FileInputStream)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 CertificateException (java.security.cert.CertificateException)4 NettyChannelBuilder (io.grpc.netty.NettyChannelBuilder)3 Bootstrap (io.netty.bootstrap.Bootstrap)3