use of org.apache.dubbo.config.SslConfig in project dubbo by alibaba.
the class GrpcOptionsUtils method buildServerSslContext.
private static SslContext buildServerSslContext(URL url) {
ConfigManager globalConfigManager = ApplicationModel.getConfigManager();
SslConfig sslConfig = globalConfigManager.getSsl().orElseThrow(() -> new IllegalStateException("Ssl enabled, but no ssl cert information provided!"));
SslContextBuilder sslClientContextBuilder = null;
InputStream serverKeyCertChainPathStream = null;
InputStream serverPrivateKeyPathStream = null;
InputStream trustCertCollectionFilePath = null;
try {
serverKeyCertChainPathStream = sslConfig.getServerKeyCertChainPathStream();
serverPrivateKeyPathStream = sslConfig.getServerPrivateKeyPathStream();
String password = sslConfig.getServerKeyPassword();
if (password != null) {
sslClientContextBuilder = GrpcSslContexts.forServer(serverKeyCertChainPathStream, serverPrivateKeyPathStream, password);
} else {
sslClientContextBuilder = GrpcSslContexts.forServer(serverKeyCertChainPathStream, serverPrivateKeyPathStream);
}
trustCertCollectionFilePath = sslConfig.getServerTrustCertCollectionPathStream();
if (trustCertCollectionFilePath != null) {
sslClientContextBuilder.trustManager(trustCertCollectionFilePath);
sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE);
}
} catch (Exception e) {
throw new IllegalArgumentException("Could not find certificate file or the certificate is invalid.", e);
} finally {
safeCloseStream(serverKeyCertChainPathStream);
safeCloseStream(serverPrivateKeyPathStream);
safeCloseStream(trustCertCollectionFilePath);
}
try {
return sslClientContextBuilder.build();
} catch (SSLException e) {
throw new IllegalStateException("Build SslSession failed.", e);
}
}
use of org.apache.dubbo.config.SslConfig in project dubbo by alibaba.
the class SslContexts method buildServerSslContext.
public static SslContext buildServerSslContext(URL url) {
ConfigManager globalConfigManager = ApplicationModel.getConfigManager();
SslConfig sslConfig = globalConfigManager.getSsl().orElseThrow(() -> new IllegalStateException("Ssl enabled, but no ssl cert information provided!"));
SslContextBuilder sslClientContextBuilder = null;
InputStream serverKeyCertChainPathStream = null;
InputStream serverPrivateKeyPathStream = null;
InputStream serverTrustCertStream = null;
try {
serverKeyCertChainPathStream = sslConfig.getServerKeyCertChainPathStream();
serverPrivateKeyPathStream = sslConfig.getServerPrivateKeyPathStream();
serverTrustCertStream = sslConfig.getServerTrustCertCollectionPathStream();
String password = sslConfig.getServerKeyPassword();
if (password != null) {
sslClientContextBuilder = SslContextBuilder.forServer(serverKeyCertChainPathStream, serverPrivateKeyPathStream, password);
} else {
sslClientContextBuilder = SslContextBuilder.forServer(serverKeyCertChainPathStream, serverPrivateKeyPathStream);
}
if (serverTrustCertStream != null) {
sslClientContextBuilder.trustManager(serverTrustCertStream);
sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE);
}
if (sslConfig.getCiphers() != null) {
sslClientContextBuilder.ciphers(sslConfig.getCiphers());
}
if (sslConfig.getProtocols() != null) {
sslClientContextBuilder.protocols(sslConfig.getProtocols());
}
} catch (Exception e) {
throw new IllegalArgumentException("Could not find certificate file or the certificate is invalid.", e);
} finally {
safeCloseStream(serverKeyCertChainPathStream);
safeCloseStream(serverPrivateKeyPathStream);
safeCloseStream(serverTrustCertStream);
}
try {
return sslClientContextBuilder.sslProvider(findSslProvider()).build();
} catch (SSLException e) {
throw new IllegalStateException("Build SslSession failed.", e);
}
}
use of org.apache.dubbo.config.SslConfig in project dubbo by alibaba.
the class SslContexts method buildClientSslContext.
public static SslContext buildClientSslContext(URL url) {
ConfigManager globalConfigManager = ApplicationModel.getConfigManager();
SslConfig sslConfig = globalConfigManager.getSsl().orElseThrow(() -> new IllegalStateException("Ssl enabled, but no ssl cert information provided!"));
SslContextBuilder builder = SslContextBuilder.forClient();
InputStream clientTrustCertCollectionPath = null;
InputStream clientCertChainFilePath = null;
InputStream clientPrivateKeyFilePath = null;
try {
clientTrustCertCollectionPath = sslConfig.getClientTrustCertCollectionPathStream();
if (clientTrustCertCollectionPath != null) {
builder.trustManager(clientTrustCertCollectionPath);
}
clientCertChainFilePath = sslConfig.getClientKeyCertChainPathStream();
clientPrivateKeyFilePath = sslConfig.getClientPrivateKeyPathStream();
if (clientCertChainFilePath != null && clientPrivateKeyFilePath != null) {
String password = sslConfig.getClientKeyPassword();
if (password != null) {
builder.keyManager(clientCertChainFilePath, clientPrivateKeyFilePath, password);
} else {
builder.keyManager(clientCertChainFilePath, clientPrivateKeyFilePath);
}
}
if (sslConfig.getCiphers() != null) {
builder.ciphers(sslConfig.getCiphers());
}
if (sslConfig.getProtocols() != null) {
builder.protocols(sslConfig.getProtocols());
}
} catch (Exception e) {
throw new IllegalArgumentException("Could not find certificate file or find invalid certificate.", e);
} finally {
safeCloseStream(clientTrustCertCollectionPath);
safeCloseStream(clientCertChainFilePath);
safeCloseStream(clientPrivateKeyFilePath);
}
try {
return builder.sslProvider(findSslProvider()).build();
} catch (SSLException e) {
throw new IllegalStateException("Build SslSession failed.", e);
}
}
use of org.apache.dubbo.config.SslConfig in project dubbo by alibaba.
the class SslContextsTest method testSslContextsItem.
protected void testSslContextsItem() throws NoSuchFieldException, IllegalAccessException {
String cipher = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
String protocol = "TLSv1.3";
ConfigManager globalConfigManager = ApplicationModel.getConfigManager();
SslConfig sslConfig = new SslConfig();
sslConfig.setCiphers(Arrays.asList(cipher));
sslConfig.setProtocols(Arrays.asList(protocol));
globalConfigManager.setSsl(sslConfig);
SslContext sslContext = SslContexts.buildClientSslContext(null);
if (sslContext instanceof JdkSslContext) {
JdkSslContext jdkSslContext = (JdkSslContext) sslContext;
List<String> cipherSuites = jdkSslContext.cipherSuites();
Assertions.assertTrue(cipherSuites.size() == 1 && cipherSuites.get(0).equals(cipher));
Field protocols = JdkSslContext.class.getDeclaredField("protocols");
protocols.setAccessible(true);
String[] item = (String[]) protocols.get(jdkSslContext);
Assertions.assertTrue(item.length == 1 && item[0].equals(protocol));
} else if (sslContext instanceof OpenSslContext) {
OpenSslContext openSslContext = (OpenSslContext) sslContext;
Assertions.assertTrue(openSslContext instanceof ReferenceCountedOpenSslContext);
List<String> cipherSuites = openSslContext.cipherSuites();
Assertions.assertTrue(cipherSuites.size() == 1 && cipherSuites.get(0).equals(cipher));
Field protocols = ReferenceCountedOpenSslContext.class.getDeclaredField("protocols");
protocols.setAccessible(true);
final String[] item = (String[]) protocols.get(openSslContext);
Assertions.assertTrue(item.length == 1 && item[0].equals(protocol));
}
}
use of org.apache.dubbo.config.SslConfig in project dubbo by alibaba.
the class GrpcOptionsUtils method buildClientSslContext.
private static SslContext buildClientSslContext(URL url) {
ConfigManager globalConfigManager = ApplicationModel.getConfigManager();
SslConfig sslConfig = globalConfigManager.getSsl().orElseThrow(() -> new IllegalStateException("Ssl enabled, but no ssl cert information provided!"));
SslContextBuilder builder = GrpcSslContexts.forClient();
InputStream trustCertCollectionFilePath = null;
InputStream clientCertChainFilePath = null;
InputStream clientPrivateKeyFilePath = null;
try {
trustCertCollectionFilePath = sslConfig.getClientTrustCertCollectionPathStream();
if (trustCertCollectionFilePath != null) {
builder.trustManager(trustCertCollectionFilePath);
}
clientCertChainFilePath = sslConfig.getClientKeyCertChainPathStream();
clientPrivateKeyFilePath = sslConfig.getClientPrivateKeyPathStream();
if (clientCertChainFilePath != null && clientPrivateKeyFilePath != null) {
String password = sslConfig.getClientKeyPassword();
if (password != null) {
builder.keyManager(clientCertChainFilePath, clientPrivateKeyFilePath, password);
} else {
builder.keyManager(clientCertChainFilePath, clientPrivateKeyFilePath);
}
}
} catch (Exception e) {
throw new IllegalArgumentException("Could not find certificate file or find invalid certificate.", e);
} finally {
safeCloseStream(trustCertCollectionFilePath);
safeCloseStream(clientCertChainFilePath);
safeCloseStream(clientPrivateKeyFilePath);
}
try {
return builder.build();
} catch (SSLException e) {
throw new IllegalStateException("Build SslSession failed.", e);
}
}
Aggregations