Search in sources :

Example 76 with SSLParameters

use of javax.net.ssl.SSLParameters in project ignite by apache.

the class SslContextFactory method createSslContext.

/**
 * Creates SSL context based on factory settings.
 *
 * @return Initialized SSL context.
 * @throws SSLException If SSL context could not be created.
 */
private SSLContext createSslContext() throws SSLException {
    checkParameters();
    final KeyManager[] keyMgrs;
    try {
        KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(keyAlgorithm);
        KeyStore keyStore = loadKeyStore(keyStoreType, keyStoreFilePath, keyStorePwd);
        keyMgrFactory.init(keyStore, keyStorePwd);
        keyMgrs = keyMgrFactory.getKeyManagers();
    } catch (NoSuchAlgorithmException e) {
        throw new SSLException("Unsupported keystore algorithm: " + keyAlgorithm, e);
    } catch (GeneralSecurityException e) {
        throw new SSLException("Failed to initialize key store (security exception occurred) [type=" + keyStoreType + ", keyStorePath=" + keyStoreFilePath + ']', e);
    }
    TrustManager[] trustMgrs = this.trustMgrs;
    if (trustMgrs == null) {
        try {
            TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(keyAlgorithm);
            KeyStore trustStore = loadKeyStore(trustStoreType, trustStoreFilePath, trustStorePwd);
            trustMgrFactory.init(trustStore);
            trustMgrs = trustMgrFactory.getTrustManagers();
        } catch (NoSuchAlgorithmException e) {
            throw new SSLException("Unsupported keystore algorithm: " + keyAlgorithm, e);
        } catch (GeneralSecurityException e) {
            throw new SSLException("Failed to initialize key store (security exception occurred) [type=" + keyStoreType + ", keyStorePath=" + keyStoreFilePath + ']', e);
        }
    }
    try {
        SSLContext ctx = SSLContext.getInstance(proto);
        if (cipherSuites != null || protocols != null) {
            SSLParameters sslParameters = new SSLParameters();
            if (cipherSuites != null)
                sslParameters.setCipherSuites(cipherSuites);
            if (protocols != null)
                sslParameters.setProtocols(protocols);
            ctx = new SSLContextWrapper(ctx, sslParameters);
        }
        ctx.init(keyMgrs, trustMgrs, null);
        return ctx;
    } catch (NoSuchAlgorithmException e) {
        throw new SSLException("Unsupported SSL protocol: " + proto, e);
    } catch (KeyManagementException e) {
        throw new SSLException("Failed to initialized SSL context.", e);
    }
}
Also used : GeneralSecurityException(java.security.GeneralSecurityException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) SSLException(javax.net.ssl.SSLException) KeyManagementException(java.security.KeyManagementException) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) SSLParameters(javax.net.ssl.SSLParameters) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyManager(javax.net.ssl.KeyManager)

Example 77 with SSLParameters

use of javax.net.ssl.SSLParameters in project ignite by apache.

the class GridSslBasicContextFactory method createSslContext.

/**
 * {@inheritDoc}
 */
@Override
public SSLContext createSslContext() throws SSLException {
    checkParameters();
    try {
        KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(keyAlgorithm);
        KeyStore keyStore = loadKeyStore(keyStoreType, keyStoreFilePath, keyStorePwd);
        keyMgrFactory.init(keyStore, keyStorePwd);
        TrustManager[] mgrs = trustMgrs;
        if (mgrs == null) {
            TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(keyAlgorithm);
            KeyStore trustStore = loadKeyStore(trustStoreType, trustStoreFilePath, trustStorePwd);
            trustMgrFactory.init(trustStore);
            mgrs = trustMgrFactory.getTrustManagers();
        }
        SSLContext ctx = SSLContext.getInstance(proto);
        if (cipherSuites != null || protocols != null) {
            SSLParameters sslParameters = new SSLParameters();
            if (cipherSuites != null)
                sslParameters.setCipherSuites(cipherSuites);
            if (protocols != null)
                sslParameters.setProtocols(protocols);
            ctx = new SSLContextWrapper(ctx, sslParameters);
        }
        ctx.init(keyMgrFactory.getKeyManagers(), mgrs, null);
        return ctx;
    } catch (GeneralSecurityException e) {
        throw new SSLException("Failed to initialize SSL context " + parameters(), e);
    }
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) GeneralSecurityException(java.security.GeneralSecurityException) SSLContext(javax.net.ssl.SSLContext) SSLContextWrapper(org.apache.ignite.ssl.SSLContextWrapper) KeyStore(java.security.KeyStore) SSLException(javax.net.ssl.SSLException) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 78 with SSLParameters

use of javax.net.ssl.SSLParameters in project oxCore by GluuFederation.

the class RedisShardedProvider method shards.

private static List<JedisShardInfo> shards(RedisConfiguration configuration) {
    final String[] serverWithPorts = StringUtils.split(configuration.getServers().trim(), ",");
    List<JedisShardInfo> shards = new ArrayList<JedisShardInfo>();
    for (String serverWithPort : serverWithPorts) {
        serverWithPort = serverWithPort.trim();
        if (serverWithPort.contains(":") && !serverWithPort.contains("@") && !configuration.getServers().contains("//")) {
            final String[] split = serverWithPort.trim().split(":");
            String host = split[0];
            int port = Integer.parseInt(split[1].trim());
            try {
                final JedisShardInfo shardInfo;
                if (configuration.getUseSSL()) {
                    if (StringUtils.isNotBlank(configuration.getSslTrustStoreFilePath()) && StringUtils.isNotBlank(configuration.getSslKeyStoreFilePath())) {
                        shardInfo = new JedisShardInfo(host, port, true, RedisProviderFactory.createSslSocketFactory(configuration), new SSLParameters(), new DefaultHostnameVerifier());
                    } else {
                        shardInfo = new JedisShardInfo(host, port, true);
                    }
                } else {
                    shardInfo = new JedisShardInfo(host, port);
                }
                shards.add(shardInfo);
            } catch (Exception e) {
                LOG.error("Failed to create shard info.", e);
            }
        } else {
            shards.add(new JedisShardInfo(serverWithPort));
        }
    }
    return shards;
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) DefaultHostnameVerifier(org.apache.http.conn.ssl.DefaultHostnameVerifier) ArrayList(java.util.ArrayList) JedisShardInfo(redis.clients.jedis.JedisShardInfo)

Example 79 with SSLParameters

use of javax.net.ssl.SSLParameters in project oxCore by GluuFederation.

the class RedisStandaloneProvider method create.

public void create() {
    LOG.debug("Starting RedisStandaloneProvider ...");
    try {
        JedisPoolConfig poolConfig = createPoolConfig();
        HostAndPort hostAndPort = RedisClusterProvider.hosts(redisConfiguration.getServers()).iterator().next();
        String password = redisConfiguration.getPassword();
        if (redisConfiguration.getUseSSL()) {
            if (StringUtils.isNotBlank(redisConfiguration.getSslTrustStoreFilePath()) && StringUtils.isNotBlank(redisConfiguration.getSslKeyStoreFilePath())) {
                SSLSocketFactory sslSocketFactory = RedisProviderFactory.createSslSocketFactory(redisConfiguration);
                pool = new JedisPool(poolConfig, hostAndPort.getHost(), hostAndPort.getPort(), true, sslSocketFactory, new SSLParameters(), new DefaultHostnameVerifier());
            } else {
                pool = new JedisPool(poolConfig, hostAndPort.getHost(), hostAndPort.getPort(), redisConfiguration.getConnectionTimeout(), password, true);
            }
        } else {
            pool = new JedisPool(poolConfig, hostAndPort.getHost(), hostAndPort.getPort(), redisConfiguration.getConnectionTimeout(), password);
        }
        testConnection();
        LOG.debug("RedisStandaloneProvider started.");
    } catch (Exception e) {
        LOG.error("Problems connecting with Redis", e);
        throw new IllegalStateException("Error starting RedisStandaloneProvider", e);
    }
}
Also used : HostAndPort(redis.clients.jedis.HostAndPort) SSLParameters(javax.net.ssl.SSLParameters) DefaultHostnameVerifier(org.apache.http.conn.ssl.DefaultHostnameVerifier) JedisPool(redis.clients.jedis.JedisPool) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) JedisPoolConfig(redis.clients.jedis.JedisPoolConfig)

Example 80 with SSLParameters

use of javax.net.ssl.SSLParameters in project gradle by gradle.

the class BlockingHttpsServer method configure.

/**
 * @param testKeyStore The key store to configure this server from.
 * @param tlsProtocolFilter Used to prune the supported set of TLS versions
 */
public void configure(TestKeyStore testKeyStore, Predicate<String> tlsProtocolFilter) {
    HttpsServer httpsServer = (HttpsServer) this.server;
    SSLContext context = testKeyStore.asSSLContext();
    httpsServer.setHttpsConfigurator(new HttpsConfigurator(context) {

        @Override
        public void configure(HttpsParameters params) {
            SSLContext c = getSSLContext();
            SSLEngine engine = c.createSSLEngine();
            params.setNeedClientAuth(false);
            params.setCipherSuites(engine.getEnabledCipherSuites());
            // TLS protocols need to be filtered off both the HttpsParameters & SSLParameters
            params.setProtocols(stripFilteredProtocols(engine.getEnabledProtocols()));
            SSLParameters parameters = c.getDefaultSSLParameters();
            parameters.setProtocols(stripFilteredProtocols(parameters.getProtocols()));
            params.setSSLParameters(parameters);
        }

        private String[] stripFilteredProtocols(String[] allProtocols) {
            return Arrays.stream(allProtocols).filter(tlsProtocolFilter).toArray(String[]::new);
        }
    });
}
Also used : HttpsConfigurator(com.sun.net.httpserver.HttpsConfigurator) SSLParameters(javax.net.ssl.SSLParameters) SSLEngine(javax.net.ssl.SSLEngine) HttpsParameters(com.sun.net.httpserver.HttpsParameters) SSLContext(javax.net.ssl.SSLContext) HttpsServer(com.sun.net.httpserver.HttpsServer)

Aggregations

SSLParameters (javax.net.ssl.SSLParameters)163 SSLEngine (javax.net.ssl.SSLEngine)48 SSLContext (javax.net.ssl.SSLContext)31 SSLSocket (javax.net.ssl.SSLSocket)31 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)22 InetSocketAddress (java.net.InetSocketAddress)20 IOException (java.io.IOException)19 Test (org.junit.Test)18 Test (org.testng.annotations.Test)18 SNIHostName (javax.net.ssl.SNIHostName)16 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)15 SSLException (javax.net.ssl.SSLException)14 SslHandler (io.netty.handler.ssl.SslHandler)13 CertificateException (java.security.cert.CertificateException)10 ArrayList (java.util.ArrayList)10 X509Certificate (java.security.cert.X509Certificate)9 ByteString (com.linkedin.data.ByteString)8 ChannelPipeline (io.netty.channel.ChannelPipeline)8 SocketChannel (io.netty.channel.socket.SocketChannel)8 SNIServerName (javax.net.ssl.SNIServerName)8