Search in sources :

Example 36 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project jetcd by coreos.

the class ClientBuilder method sslContext.

/**
 * Configure SSL/TLS context create through {@link GrpcSslContexts#forClient} to use.
 *
 * @param  consumer     the SslContextBuilder consumer
 * @return              this builder
 * @throws SSLException if the SslContextBuilder fails
 */
public ClientBuilder sslContext(Consumer<SslContextBuilder> consumer) throws SSLException {
    SslContextBuilder builder = GrpcSslContexts.forClient();
    consumer.accept(builder);
    return sslContext(builder.build());
}
Also used : SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)

Example 37 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project dubbo by alibaba.

the class GrpcOptionsUtils method buildClientSslContext.

private static SslContext buildClientSslContext(URL url) {
    ConfigManager globalConfigManager = ApplicationModel.getConfigManager();
    SslConfig sslConfig = globalConfigManager.getSsl().orElseThrow(() -> new IllegalStateException("Ssl enabled, but no ssl cert information provided!"));
    SslContextBuilder builder = GrpcSslContexts.forClient();
    InputStream trustCertCollectionFilePath = null;
    InputStream clientCertChainFilePath = null;
    InputStream clientPrivateKeyFilePath = null;
    try {
        trustCertCollectionFilePath = sslConfig.getClientTrustCertCollectionPathStream();
        if (trustCertCollectionFilePath != null) {
            builder.trustManager(trustCertCollectionFilePath);
        }
        clientCertChainFilePath = sslConfig.getClientKeyCertChainPathStream();
        clientPrivateKeyFilePath = sslConfig.getClientPrivateKeyPathStream();
        if (clientCertChainFilePath != null && clientPrivateKeyFilePath != null) {
            String password = sslConfig.getClientKeyPassword();
            if (password != null) {
                builder.keyManager(clientCertChainFilePath, clientPrivateKeyFilePath, password);
            } else {
                builder.keyManager(clientCertChainFilePath, clientPrivateKeyFilePath);
            }
        }
    } catch (Exception e) {
        throw new IllegalArgumentException("Could not find certificate file or find invalid certificate.", e);
    } finally {
        safeCloseStream(trustCertCollectionFilePath);
        safeCloseStream(clientCertChainFilePath);
        safeCloseStream(clientPrivateKeyFilePath);
    }
    try {
        return builder.build();
    } catch (SSLException e) {
        throw new IllegalStateException("Build SslSession failed.", e);
    }
}
Also used : SslConfig(org.apache.dubbo.config.SslConfig) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) InputStream(java.io.InputStream) SSLException(javax.net.ssl.SSLException) ConfigManager(org.apache.dubbo.config.context.ConfigManager) IOException(java.io.IOException) SSLException(javax.net.ssl.SSLException)

Example 38 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project cxf by apache.

the class NettyHttpServletPipelineFactory method configureServerHttp2SSLOnDemand.

private SslContext configureServerHttp2SSLOnDemand() throws Exception {
    if (tlsServerParameters != null) {
        final SSLContextInitParameters initParams = SSLUtils.getSSLContextInitParameters(tlsServerParameters);
        // Use only JDK provider for now, leaving OpenSsl as an option
        final SslProvider provider = SslProvider.JDK;
        final KeyManager[] keyManagers = initParams.getKeyManagers();
        if (keyManagers == null || keyManagers.length == 0) {
            throw new IllegalStateException("No KeyManagers are configured, unable " + "to create Netty's SslContext instance");
        }
        final String[] cipherSuites = org.apache.cxf.configuration.jsse.SSLUtils.getCiphersuitesToInclude(tlsServerParameters.getCipherSuites(), tlsServerParameters.getCipherSuitesFilter(), SSLContext.getDefault().getDefaultSSLParameters().getCipherSuites(), Http2SecurityUtil.CIPHERS.toArray(new String[] {}), LOG);
        final SslContextBuilder builder = SslContextBuilder.forServer(keyManagers[0]).sslProvider(provider).ciphers(Arrays.asList(cipherSuites), SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
        SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
        SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1));
        final TrustManager[] trustManagers = initParams.getTrustManagers();
        if (trustManagers != null && trustManagers.length > 0) {
            builder.trustManager(trustManagers[0]);
        }
        final ClientAuthentication clientAuth = tlsServerParameters.getClientAuthentication();
        if (clientAuth != null) {
            if (clientAuth.isSetRequired() && clientAuth.isRequired()) {
                builder.clientAuth(ClientAuth.REQUIRE);
            } else if (clientAuth.isSetWant() && clientAuth.isWant()) {
                builder.clientAuth(ClientAuth.OPTIONAL);
            }
        }
        return builder.build();
    }
    return null;
}
Also used : SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) AsciiString(io.netty.util.AsciiString) SSLContextInitParameters(org.apache.cxf.transport.https.SSLContextInitParameters) SslProvider(io.netty.handler.ssl.SslProvider) KeyManager(javax.net.ssl.KeyManager) ClientAuthentication(org.apache.cxf.configuration.security.ClientAuthentication) ApplicationProtocolConfig(io.netty.handler.ssl.ApplicationProtocolConfig) TrustManager(javax.net.ssl.TrustManager)

Example 39 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project grpc-java by grpc.

the class DynamicSslContextProvider method updateSslContext.

// this gets called only when requested secrets are ready...
protected final void updateSslContext() {
    try {
        CertificateValidationContext localCertValidationContext = generateCertificateValidationContext();
        SslContextBuilder sslContextBuilder = getSslContextBuilder(localCertValidationContext);
        CommonTlsContext commonTlsContext = getCommonTlsContext();
        if (commonTlsContext != null && commonTlsContext.getAlpnProtocolsCount() > 0) {
            List<String> alpnList = commonTlsContext.getAlpnProtocolsList();
            ApplicationProtocolConfig apn = new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, alpnList);
            sslContextBuilder.applicationProtocolConfig(apn);
        }
        List<Callback> pendingCallbacksCopy;
        SslContext sslContextCopy;
        synchronized (pendingCallbacks) {
            sslContext = sslContextBuilder.build();
            sslContextCopy = sslContext;
            pendingCallbacksCopy = clonePendingCallbacksAndClear();
        }
        makePendingCallbacks(sslContextCopy, pendingCallbacksCopy);
    } catch (Exception e) {
        onError(Status.fromThrowable(e));
        throw new RuntimeException(e);
    }
}
Also used : SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) CommonTlsContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) CertStoreException(java.security.cert.CertStoreException) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) ApplicationProtocolConfig(io.netty.handler.ssl.ApplicationProtocolConfig) SslContext(io.netty.handler.ssl.SslContext)

Example 40 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project grpc-java by grpc.

the class TlsTest method serverBuilder.

private ServerBuilder<?> serverBuilder(int port, File serverCertChainFile, File serverPrivateKeyFile, X509Certificate[] serverTrustedCaCerts) throws IOException {
    SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(serverCertChainFile, serverPrivateKeyFile);
    if (sslProvider == SslProvider.JDK) {
        GrpcSslContexts.configure(sslContextBuilder, jdkProvider);
    } else {
        GrpcSslContexts.configure(sslContextBuilder, sslProvider);
    }
    sslContextBuilder.trustManager(serverTrustedCaCerts).clientAuth(ClientAuth.REQUIRE);
    return NettyServerBuilder.forPort(port).sslContext(sslContextBuilder.build());
}
Also used : SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)

Aggregations

SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)49 SslContext (io.netty.handler.ssl.SslContext)14 SSLException (javax.net.ssl.SSLException)12 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)11 InputStream (java.io.InputStream)10 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)10 SslProvider (io.netty.handler.ssl.SslProvider)9 File (java.io.File)9 IOException (java.io.IOException)9 KeyStore (java.security.KeyStore)7 X509Certificate (java.security.cert.X509Certificate)7 ApplicationProtocolConfig (io.netty.handler.ssl.ApplicationProtocolConfig)5 PrivateKey (java.security.PrivateKey)5 SslHandler (io.netty.handler.ssl.SslHandler)4 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)4 FileInputStream (java.io.FileInputStream)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 CertificateException (java.security.cert.CertificateException)4 NettyChannelBuilder (io.grpc.netty.NettyChannelBuilder)3 Bootstrap (io.netty.bootstrap.Bootstrap)3