Example 1 with TrustOptions
use of io.vertx.core.net.TrustOptions in project vert.x by eclipse.
the class SSLHelper method getTrustMgrFactory.
private TrustManagerFactory getTrustMgrFactory(VertxInternal vertx) throws Exception {
TrustManagerFactory fact;
if (trustAll) {
TrustManager[] mgrs = new TrustManager[] { createTrustAllTrustManager() };
fact = new VertxTrustManagerFactory(mgrs);
} else if (trustOptions != null) {
fact = trustOptions.getTrustManagerFactory(vertx);
} else {
return null;
}
if (crlPaths != null && crlValues != null && (crlPaths.size() > 0 || crlValues.size() > 0)) {
Stream<Buffer> tmp = crlPaths.stream().map(path -> vertx.resolveFile(path).getAbsolutePath()).map(vertx.fileSystem()::readFileBlocking);
tmp = Stream.concat(tmp, crlValues.stream());
CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509");
ArrayList<CRL> crls = new ArrayList<>();
for (Buffer crlValue : tmp.collect(Collectors.toList())) {
crls.addAll(certificatefactory.generateCRLs(new ByteArrayInputStream(crlValue.getBytes())));
}
TrustManager[] mgrs = createUntrustRevokedCertTrustManager(fact.getTrustManagers(), crls);
fact = new VertxTrustManagerFactory(mgrs);
}
return fact;
}
Also used :
VertxException(io.vertx.core.VertxException)
X509Certificate(java.security.cert.X509Certificate)
java.util(java.util)
CertificateFactory(java.security.cert.CertificateFactory)
ByteBufAllocator(io.netty.buffer.ByteBufAllocator)
SimpleTrustManagerFactory(io.netty.handler.ssl.util.SimpleTrustManagerFactory)
LoggerFactory(io.vertx.core.logging.LoggerFactory)
OpenSSLEngineOptions(io.vertx.core.net.OpenSSLEngineOptions)
ByteArrayInputStream(java.io.ByteArrayInputStream)
HttpVersion(io.vertx.core.http.HttpVersion)
KeyCertOptions(io.vertx.core.net.KeyCertOptions)
HttpClientOptions(io.vertx.core.http.HttpClientOptions)
Logger(io.vertx.core.logging.Logger)
CRL(java.security.cert.CRL)
JdkSSLEngineOptions(io.vertx.core.net.JdkSSLEngineOptions)
TCPSSLOptions(io.vertx.core.net.TCPSSLOptions)
SSLEngineOptions(io.vertx.core.net.SSLEngineOptions)
VertxInternal(io.vertx.core.impl.VertxInternal)
KeyStore(java.security.KeyStore)
CertificateException(java.security.cert.CertificateException)
io.netty.handler.ssl(io.netty.handler.ssl)
Collectors(java.util.stream.Collectors)
NetClientOptions(io.vertx.core.net.NetClientOptions)
TrustOptions(io.vertx.core.net.TrustOptions)
NetServerOptions(io.vertx.core.net.NetServerOptions)
Stream(java.util.stream.Stream)
Buffer(io.vertx.core.buffer.Buffer)
ClientAuth(io.vertx.core.http.ClientAuth)
HttpServerOptions(io.vertx.core.http.HttpServerOptions)
javax.net.ssl(javax.net.ssl)
Buffer(io.vertx.core.buffer.Buffer)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SimpleTrustManagerFactory(io.netty.handler.ssl.util.SimpleTrustManagerFactory)
CRL(java.security.cert.CRL)
CertificateFactory(java.security.cert.CertificateFactory)
Example 2 with TrustOptions
use of io.vertx.core.net.TrustOptions in project hono by eclipse.
the class AbstractServiceBase method addTlsTrustOptions.
/**
* Copies TLS trust store configuration to a given set of server options.
* <p>
* The trust store configuration is taken from <em>config</em> and will
* be added only if the <em>ssl</em> flag is set on the given server options.
*
* @param serverOptions The options to add configuration to.
*/
protected final void addTlsTrustOptions(final NetServerOptions serverOptions) {
if (serverOptions.isSsl() && serverOptions.getTrustOptions() == null) {
TrustOptions trustOptions = getConfig().getTrustOptions();
if (trustOptions != null) {
serverOptions.setTrustOptions(trustOptions).setClientAuth(ClientAuth.REQUEST);
LOG.info("enabling TLS for client authentication");
}
}
}
Also used :
TrustOptions(io.vertx.core.net.TrustOptions)
Example 3 with TrustOptions
use of io.vertx.core.net.TrustOptions in project vert.x by eclipse.
the class SSLHelper method getTrustMgrFactory.
private TrustManagerFactory getTrustMgrFactory(VertxInternal vertx, String serverName) throws Exception {
TrustManager[] mgrs = null;
if (trustAll) {
mgrs = new TrustManager[] { createTrustAllTrustManager() };
} else if (trustOptions != null) {
if (serverName != null) {
Function<String, TrustManager[]> mapper = trustOptions.trustManagerMapper(vertx);
if (mapper != null) {
mgrs = mapper.apply(serverName);
}
if (mgrs == null) {
TrustManagerFactory fact = trustOptions.getTrustManagerFactory(vertx);
if (fact != null) {
mgrs = fact.getTrustManagers();
}
}
} else {
TrustManagerFactory fact = trustOptions.getTrustManagerFactory(vertx);
if (fact != null) {
mgrs = fact.getTrustManagers();
}
}
}
if (mgrs == null) {
return null;
}
if (crlPaths != null && crlValues != null && (crlPaths.size() > 0 || crlValues.size() > 0)) {
Stream<Buffer> tmp = crlPaths.stream().map(path -> vertx.resolveFile(path).getAbsolutePath()).map(vertx.fileSystem()::readFileBlocking);
tmp = Stream.concat(tmp, crlValues.stream());
CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509");
ArrayList<CRL> crls = new ArrayList<>();
for (Buffer crlValue : tmp.collect(Collectors.toList())) {
crls.addAll(certificatefactory.generateCRLs(new ByteArrayInputStream(crlValue.getBytes())));
}
mgrs = createUntrustRevokedCertTrustManager(mgrs, crls);
}
return new VertxTrustManagerFactory(mgrs);
}
Also used :
Buffer(io.vertx.core.buffer.Buffer)
VertxException(io.vertx.core.VertxException)
X509Certificate(java.security.cert.X509Certificate)
java.util(java.util)
LoggerFactory(io.vertx.core.impl.logging.LoggerFactory)
CertificateFactory(java.security.cert.CertificateFactory)
ByteBufAllocator(io.netty.buffer.ByteBufAllocator)
Function(java.util.function.Function)
OpenSSLEngineOptions(io.vertx.core.net.OpenSSLEngineOptions)
ByteArrayInputStream(java.io.ByteArrayInputStream)
KeyCertOptions(io.vertx.core.net.KeyCertOptions)
HttpClientOptions(io.vertx.core.http.HttpClientOptions)
CRL(java.security.cert.CRL)
Mapping(io.netty.util.Mapping)
JdkSSLEngineOptions(io.vertx.core.net.JdkSSLEngineOptions)
SocketAddress(io.vertx.core.net.SocketAddress)
TCPSSLOptions(io.vertx.core.net.TCPSSLOptions)
Logger(io.vertx.core.impl.logging.Logger)
SSLEngineOptions(io.vertx.core.net.SSLEngineOptions)
VertxInternal(io.vertx.core.impl.VertxInternal)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
CertificateException(java.security.cert.CertificateException)
io.netty.handler.ssl(io.netty.handler.ssl)
Collectors(java.util.stream.Collectors)
NetClientOptions(io.vertx.core.net.NetClientOptions)
TimeUnit(java.util.concurrent.TimeUnit)
TrustOptions(io.vertx.core.net.TrustOptions)
NetServerOptions(io.vertx.core.net.NetServerOptions)
Certificate(java.security.cert.Certificate)
Stream(java.util.stream.Stream)
Buffer(io.vertx.core.buffer.Buffer)
ClientOptionsBase(io.vertx.core.net.ClientOptionsBase)
ClientAuth(io.vertx.core.http.ClientAuth)
javax.net.ssl(javax.net.ssl)
CertificateFactory(java.security.cert.CertificateFactory)
Function(java.util.function.Function)
ByteArrayInputStream(java.io.ByteArrayInputStream)
CRL(java.security.cert.CRL)
Aggregations
TrustOptions (io.vertx.core.net.TrustOptions)3
ByteBufAllocator (io.netty.buffer.ByteBufAllocator)2
io.netty.handler.ssl (io.netty.handler.ssl)2
VertxException (io.vertx.core.VertxException)2
Buffer (io.vertx.core.buffer.Buffer)2
ClientAuth (io.vertx.core.http.ClientAuth)2
HttpClientOptions (io.vertx.core.http.HttpClientOptions)2
VertxInternal (io.vertx.core.impl.VertxInternal)2
JdkSSLEngineOptions (io.vertx.core.net.JdkSSLEngineOptions)2
KeyCertOptions (io.vertx.core.net.KeyCertOptions)2
NetClientOptions (io.vertx.core.net.NetClientOptions)2
NetServerOptions (io.vertx.core.net.NetServerOptions)2
OpenSSLEngineOptions (io.vertx.core.net.OpenSSLEngineOptions)2
SSLEngineOptions (io.vertx.core.net.SSLEngineOptions)2
TCPSSLOptions (io.vertx.core.net.TCPSSLOptions)2
ByteArrayInputStream (java.io.ByteArrayInputStream)2
CRL (java.security.cert.CRL)2
CertificateException (java.security.cert.CertificateException)2
CertificateFactory (java.security.cert.CertificateFactory)2
X509Certificate (java.security.cert.X509Certificate)2
