Search in sources :

Example 86 with SSLParameters

use of javax.net.ssl.SSLParameters in project ambry by linkedin.

the class NettySslFactory method createSSLEngine.

@Override
public SSLEngine createSSLEngine(String peerHost, int peerPort, Mode mode) {
    SslContext context = mode == Mode.CLIENT ? nettyClientSslContext : nettyServerSslContext;
    SSLEngine sslEngine = context.newEngine(ByteBufAllocator.DEFAULT, peerHost, peerPort);
    if (mode == Mode.CLIENT) {
        SSLParameters sslParams = sslEngine.getSSLParameters();
        sslParams.setEndpointIdentificationAlgorithm(endpointIdentification);
        sslEngine.setSSLParameters(sslParams);
    }
    return sslEngine;
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) SSLEngine(javax.net.ssl.SSLEngine) SslContext(io.netty.handler.ssl.SslContext)

Example 87 with SSLParameters

use of javax.net.ssl.SSLParameters in project ambry by linkedin.

the class NettySslHttp2Factory method createSSLEngine.

@Override
public SSLEngine createSSLEngine(String peerHost, int peerPort, Mode mode) {
    SslContext context = mode == Mode.CLIENT ? nettyClientSslContext : nettyServerSslContext;
    SSLEngine sslEngine = context.newEngine(ByteBufAllocator.DEFAULT, peerHost, peerPort);
    if (mode == Mode.CLIENT) {
        SSLParameters sslParams = sslEngine.getSSLParameters();
        sslParams.setEndpointIdentificationAlgorithm(endpointIdentification);
        sslEngine.setSSLParameters(sslParams);
    }
    return sslEngine;
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) SSLEngine(javax.net.ssl.SSLEngine) SslContext(io.netty.handler.ssl.SslContext)

Example 88 with SSLParameters

use of javax.net.ssl.SSLParameters in project qpid-broker-j by apache.

the class WebSocketProvider method createSslContextFactory.

private SslContextFactory createSslContextFactory(final AmqpPort<?> port) {
    SslContextFactory.Server sslContextFactory = new SslContextFactory.Server() {

        @Override
        public void customize(final SSLEngine sslEngine) {
            super.customize(sslEngine);
            SSLUtil.updateEnabledCipherSuites(sslEngine, port.getTlsCipherSuiteAllowList(), port.getTlsCipherSuiteDenyList());
            SSLUtil.updateEnabledTlsProtocols(sslEngine, port.getTlsProtocolAllowList(), port.getTlsProtocolDenyList());
            if (port.getTlsCipherSuiteAllowList() != null && !port.getTlsCipherSuiteAllowList().isEmpty()) {
                SSLParameters sslParameters = sslEngine.getSSLParameters();
                sslParameters.setUseCipherSuitesOrder(true);
                sslEngine.setSSLParameters(sslParameters);
            }
        }
    };
    sslContextFactory.setSslContext(port.getSSLContext());
    sslContextFactory.setNeedClientAuth(port.getNeedClientAuth());
    sslContextFactory.setWantClientAuth(port.getWantClientAuth());
    return sslContextFactory;
}
Also used : SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) Server(org.eclipse.jetty.server.Server) SSLParameters(javax.net.ssl.SSLParameters) SSLEngine(javax.net.ssl.SSLEngine)

Example 89 with SSLParameters

use of javax.net.ssl.SSLParameters in project qpid-broker-j by apache.

the class SNITest method performTest.

private void performTest(final boolean useMatching, final String defaultAlias, final String sniHostName, final KeyCertificatePair expectedCert, final boolean ignoreInvalidSni) throws Exception {
    doBrokerStartup(useMatching, defaultAlias, ignoreInvalidSni);
    SSLContext context = SSLUtil.tryGetSSLContext();
    context.init(null, new TrustManager[] { new X509TrustManager() {

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override
        public void checkClientTrusted(X509Certificate[] certs, String authType) {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] certs, String authType) {
        }
    } }, null);
    SSLSocketFactory socketFactory = context.getSocketFactory();
    try (SSLSocket socket = (SSLSocket) socketFactory.createSocket()) {
        SSLParameters parameters = socket.getSSLParameters();
        if (sniHostName != null) {
            parameters.setServerNames(Collections.singletonList(new TestSNIHostName(sniHostName)));
        }
        socket.setSSLParameters(parameters);
        InetSocketAddress address = new InetSocketAddress("localhost", _boundPort);
        socket.connect(address, SOCKET_TIMEOUT);
        final Certificate[] certs = socket.getSession().getPeerCertificates();
        assertEquals((long) 1, (long) certs.length);
        assertEquals(expectedCert.getCertificate(), certs[0]);
    }
}
Also used : InetSocketAddress(java.net.InetSocketAddress) SSLSocket(javax.net.ssl.SSLSocket) SSLContext(javax.net.ssl.SSLContext) X509Certificate(java.security.cert.X509Certificate) SSLParameters(javax.net.ssl.SSLParameters) X509TrustManager(javax.net.ssl.X509TrustManager) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 90 with SSLParameters

use of javax.net.ssl.SSLParameters in project incubator-gobblin by apache.

the class R2ClientFactory method createHttpClient.

private Client createHttpClient(Config config) {
    boolean isSSLEnabled = config.getBoolean(SSL_ENABLED);
    SSLContext sslContext = null;
    SSLParameters sslParameters = null;
    if (isSSLEnabled) {
        sslContext = SSLContextFactory.createInstance(config);
        sslParameters = sslContext.getDefaultSSLParameters();
    }
    Map<String, Object> properties = new HashMap<>();
    properties.put(HttpClientFactory.HTTP_SSL_CONTEXT, sslContext);
    properties.put(HttpClientFactory.HTTP_SSL_PARAMS, sslParameters);
    if (config.hasPath(PROPERTIES)) {
        properties.putAll(toMap(config.getConfig(PROPERTIES)));
    }
    return new R2HttpClientProxy(new HttpClientFactory(), properties);
}
Also used : SSLParameters(javax.net.ssl.SSLParameters) HashMap(java.util.HashMap) SSLContext(javax.net.ssl.SSLContext) HttpClientFactory(com.linkedin.r2.transport.http.client.HttpClientFactory)

Aggregations

SSLParameters (javax.net.ssl.SSLParameters)163 SSLEngine (javax.net.ssl.SSLEngine)48 SSLContext (javax.net.ssl.SSLContext)31 SSLSocket (javax.net.ssl.SSLSocket)31 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)22 InetSocketAddress (java.net.InetSocketAddress)20 IOException (java.io.IOException)19 Test (org.junit.Test)18 Test (org.testng.annotations.Test)18 SNIHostName (javax.net.ssl.SNIHostName)16 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)15 SSLException (javax.net.ssl.SSLException)14 SslHandler (io.netty.handler.ssl.SslHandler)13 CertificateException (java.security.cert.CertificateException)10 ArrayList (java.util.ArrayList)10 X509Certificate (java.security.cert.X509Certificate)9 ByteString (com.linkedin.data.ByteString)8 ChannelPipeline (io.netty.channel.ChannelPipeline)8 SocketChannel (io.netty.channel.socket.SocketChannel)8 SNIServerName (javax.net.ssl.SNIServerName)8