use of javax.net.ssl.SSLParameters in project ambry by linkedin.
the class NettySslFactory method createSSLEngine.
@Override
public SSLEngine createSSLEngine(String peerHost, int peerPort, Mode mode) {
SslContext context = mode == Mode.CLIENT ? nettyClientSslContext : nettyServerSslContext;
SSLEngine sslEngine = context.newEngine(ByteBufAllocator.DEFAULT, peerHost, peerPort);
if (mode == Mode.CLIENT) {
SSLParameters sslParams = sslEngine.getSSLParameters();
sslParams.setEndpointIdentificationAlgorithm(endpointIdentification);
sslEngine.setSSLParameters(sslParams);
}
return sslEngine;
}
use of javax.net.ssl.SSLParameters in project ambry by linkedin.
the class NettySslHttp2Factory method createSSLEngine.
@Override
public SSLEngine createSSLEngine(String peerHost, int peerPort, Mode mode) {
SslContext context = mode == Mode.CLIENT ? nettyClientSslContext : nettyServerSslContext;
SSLEngine sslEngine = context.newEngine(ByteBufAllocator.DEFAULT, peerHost, peerPort);
if (mode == Mode.CLIENT) {
SSLParameters sslParams = sslEngine.getSSLParameters();
sslParams.setEndpointIdentificationAlgorithm(endpointIdentification);
sslEngine.setSSLParameters(sslParams);
}
return sslEngine;
}
use of javax.net.ssl.SSLParameters in project qpid-broker-j by apache.
the class WebSocketProvider method createSslContextFactory.
private SslContextFactory createSslContextFactory(final AmqpPort<?> port) {
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server() {
@Override
public void customize(final SSLEngine sslEngine) {
super.customize(sslEngine);
SSLUtil.updateEnabledCipherSuites(sslEngine, port.getTlsCipherSuiteAllowList(), port.getTlsCipherSuiteDenyList());
SSLUtil.updateEnabledTlsProtocols(sslEngine, port.getTlsProtocolAllowList(), port.getTlsProtocolDenyList());
if (port.getTlsCipherSuiteAllowList() != null && !port.getTlsCipherSuiteAllowList().isEmpty()) {
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setUseCipherSuitesOrder(true);
sslEngine.setSSLParameters(sslParameters);
}
}
};
sslContextFactory.setSslContext(port.getSSLContext());
sslContextFactory.setNeedClientAuth(port.getNeedClientAuth());
sslContextFactory.setWantClientAuth(port.getWantClientAuth());
return sslContextFactory;
}
use of javax.net.ssl.SSLParameters in project qpid-broker-j by apache.
the class SNITest method performTest.
private void performTest(final boolean useMatching, final String defaultAlias, final String sniHostName, final KeyCertificatePair expectedCert, final boolean ignoreInvalidSni) throws Exception {
doBrokerStartup(useMatching, defaultAlias, ignoreInvalidSni);
SSLContext context = SSLUtil.tryGetSSLContext();
context.init(null, new TrustManager[] { new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
} }, null);
SSLSocketFactory socketFactory = context.getSocketFactory();
try (SSLSocket socket = (SSLSocket) socketFactory.createSocket()) {
SSLParameters parameters = socket.getSSLParameters();
if (sniHostName != null) {
parameters.setServerNames(Collections.singletonList(new TestSNIHostName(sniHostName)));
}
socket.setSSLParameters(parameters);
InetSocketAddress address = new InetSocketAddress("localhost", _boundPort);
socket.connect(address, SOCKET_TIMEOUT);
final Certificate[] certs = socket.getSession().getPeerCertificates();
assertEquals((long) 1, (long) certs.length);
assertEquals(expectedCert.getCertificate(), certs[0]);
}
}
use of javax.net.ssl.SSLParameters in project incubator-gobblin by apache.
the class R2ClientFactory method createHttpClient.
private Client createHttpClient(Config config) {
boolean isSSLEnabled = config.getBoolean(SSL_ENABLED);
SSLContext sslContext = null;
SSLParameters sslParameters = null;
if (isSSLEnabled) {
sslContext = SSLContextFactory.createInstance(config);
sslParameters = sslContext.getDefaultSSLParameters();
}
Map<String, Object> properties = new HashMap<>();
properties.put(HttpClientFactory.HTTP_SSL_CONTEXT, sslContext);
properties.put(HttpClientFactory.HTTP_SSL_PARAMS, sslParameters);
if (config.hasPath(PROPERTIES)) {
properties.putAll(toMap(config.getConfig(PROPERTIES)));
}
return new R2HttpClientProxy(new HttpClientFactory(), properties);
}
Aggregations