Example 56 with SslContext
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project cassandra by apache.
the class SSLFactoryTest method testSslContextReload_HappyPath.
@Test
public void testSslContextReload_HappyPath() throws IOException, InterruptedException {
try {
ServerEncryptionOptions options = addKeystoreOptions(encryptionOptions).withInternodeEncryption(ServerEncryptionOptions.InternodeEncryption.all);
SSLFactory.initHotReloading(options, options, true);
SslContext oldCtx = SSLFactory.getOrCreateSslContext(options, true, ISslContextFactory.SocketType.CLIENT);
File keystoreFile = new File(options.keystore);
SSLFactory.checkCertFilesForHotReloading(options, options);
keystoreFile.trySetLastModified(System.currentTimeMillis() + 15000);
SSLFactory.checkCertFilesForHotReloading(options, options);
SslContext newCtx = SSLFactory.getOrCreateSslContext(options, true, ISslContextFactory.SocketType.CLIENT);
Assert.assertNotSame(oldCtx, newCtx);
} catch (Exception e) {
throw e;
} finally {
DatabaseDescriptor.loadConfig();
}
}
Also used :
ServerEncryptionOptions(org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions)
File(org.apache.cassandra.io.util.File)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
SslContext(io.netty.handler.ssl.SslContext)
Test(org.junit.Test)
Example 57 with SslContext
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project cassandra by apache.
the class SSLFactoryTest method testSslFactoryHotReload_CorruptOrNonExistentFile_DoesNotClearExistingSslContext.
@Test
public void testSslFactoryHotReload_CorruptOrNonExistentFile_DoesNotClearExistingSslContext() throws IOException {
try {
ServerEncryptionOptions options = addKeystoreOptions(encryptionOptions);
File testKeystoreFile = new File(options.keystore + ".test");
FileUtils.copyFile(new File(options.keystore).toJavaIOFile(), testKeystoreFile.toJavaIOFile());
options = options.withKeyStore(testKeystoreFile.path());
SSLFactory.initHotReloading(options, options, true);
SslContext oldCtx = SSLFactory.getOrCreateSslContext(options, true, ISslContextFactory.SocketType.CLIENT);
SSLFactory.checkCertFilesForHotReloading(options, options);
testKeystoreFile.trySetLastModified(System.currentTimeMillis() + 15000);
FileUtils.forceDelete(testKeystoreFile.toJavaIOFile());
SSLFactory.checkCertFilesForHotReloading(options, options);
SslContext newCtx = SSLFactory.getOrCreateSslContext(options, true, ISslContextFactory.SocketType.CLIENT);
Assert.assertSame(oldCtx, newCtx);
} catch (Exception e) {
throw e;
} finally {
DatabaseDescriptor.loadConfig();
FileUtils.deleteQuietly(new File(encryptionOptions.keystore + ".test").toJavaIOFile());
}
}
Also used :
ServerEncryptionOptions(org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions)
File(org.apache.cassandra.io.util.File)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
SslContext(io.netty.handler.ssl.SslContext)
Test(org.junit.Test)
Example 58 with SslContext
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project cassandra by apache.
the class PEMBasedSslContextFactoryTest method getSslContextOpenSSL.
@Test
public void getSslContextOpenSSL() throws IOException {
ParameterizedClass sslContextFactory = new ParameterizedClass(PEMBasedSslContextFactory.class.getSimpleName(), new HashMap<>());
EncryptionOptions options = new EncryptionOptions().withTrustStore("test/conf/cassandra_ssl_test.truststore.pem").withKeyStore("test/conf/cassandra_ssl_test.keystore.pem").withKeyStorePassword("cassandra").withRequireClientAuth(false).withCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA").withSslContextFactory(sslContextFactory);
SslContext sslContext = SSLFactory.getOrCreateSslContext(options, true, ISslContextFactory.SocketType.CLIENT);
Assert.assertNotNull(sslContext);
if (OpenSsl.isAvailable())
Assert.assertTrue(sslContext instanceof OpenSslContext);
else
Assert.assertTrue(sslContext instanceof SslContext);
}
Also used :
OpenSslContext(io.netty.handler.ssl.OpenSslContext)
ParameterizedClass(org.apache.cassandra.config.ParameterizedClass)
EncryptionOptions(org.apache.cassandra.config.EncryptionOptions)
SslContext(io.netty.handler.ssl.SslContext)
OpenSslContext(io.netty.handler.ssl.OpenSslContext)
Test(org.junit.Test)
Example 59 with SslContext
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project cassandra by apache.
the class SSLFactoryTest method testPEMSslContextReload_HappyPath.
@Test
public void testPEMSslContextReload_HappyPath() throws IOException, InterruptedException {
try {
ServerEncryptionOptions options = addPEMKeystoreOptions(encryptionOptions).withInternodeEncryption(ServerEncryptionOptions.InternodeEncryption.all);
SSLFactory.initHotReloading(options, options, true);
SslContext oldCtx = SSLFactory.getOrCreateSslContext(options, true, ISslContextFactory.SocketType.CLIENT);
File keystoreFile = new File(options.keystore);
SSLFactory.checkCertFilesForHotReloading(options, options);
keystoreFile.trySetLastModified(System.currentTimeMillis() + 15000);
SSLFactory.checkCertFilesForHotReloading(options, options);
SslContext newCtx = SSLFactory.getOrCreateSslContext(options, true, ISslContextFactory.SocketType.CLIENT);
Assert.assertNotSame(oldCtx, newCtx);
} catch (Exception e) {
throw e;
} finally {
DatabaseDescriptor.loadConfig();
}
}
Also used :
ServerEncryptionOptions(org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions)
File(org.apache.cassandra.io.util.File)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
SslContext(io.netty.handler.ssl.SslContext)
Test(org.junit.Test)
Example 60 with SslContext
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project neo4j by neo4j.
the class BoltServer method createInternalProtocolInitializer.
private ProtocolInitializer createInternalProtocolInitializer(BoltProtocolFactory boltProtocolFactory, TransportThrottleGroup throttleGroup, ByteBufAllocator bufferAllocator) {
SslContext sslCtx = null;
SslPolicyLoader sslPolicyLoader = dependencyResolver.resolveDependency(SslPolicyLoader.class);
boolean requireEncryption = sslPolicyLoader.hasPolicyForSource(CLUSTER);
if (requireEncryption) {
try {
sslCtx = sslPolicyLoader.getPolicy(CLUSTER).nettyServerContext();
} catch (SSLException e) {
throw new RuntimeException("Failed to initialize SSL encryption support, which is required to start this connector. " + "Error was: " + e.getMessage(), e);
}
}
SocketAddress internalListenAddress;
if (config.isExplicitlySet(GraphDatabaseSettings.routing_listen_address)) {
internalListenAddress = config.get(GraphDatabaseSettings.routing_listen_address).socketAddress();
} else {
// otherwise use same host as external connector but with default internal port
internalListenAddress = new InetSocketAddress(config.get(BoltConnector.listen_address).getHostname(), config.get(GraphDatabaseSettings.routing_listen_address).getPort());
}
Duration channelTimeout = config.get(BoltConnectorInternalSettings.unsupported_bolt_unauth_connection_timeout);
long maxMessageSize = config.get(BoltConnectorInternalSettings.unsupported_bolt_unauth_connection_max_inbound_bytes);
return new SocketTransport(BoltConnector.NAME, internalListenAddress, sslCtx, requireEncryption, logService.getInternalLogProvider(), throttleGroup, boltProtocolFactory, connectionTracker, channelTimeout, maxMessageSize, bufferAllocator, boltMemoryPool);
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
SocketTransport(org.neo4j.bolt.transport.SocketTransport)
SslPolicyLoader(org.neo4j.ssl.config.SslPolicyLoader)
Duration(java.time.Duration)
SocketAddress(java.net.SocketAddress)
DomainSocketAddress(io.netty.channel.unix.DomainSocketAddress)
InetSocketAddress(java.net.InetSocketAddress)
SSLException(javax.net.ssl.SSLException)
SslContext(io.netty.handler.ssl.SslContext)
Aggregations
SslContext (io.netty.handler.ssl.SslContext)221
NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)67
SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)59
EventLoopGroup (io.netty.channel.EventLoopGroup)52
Channel (io.netty.channel.Channel)48
Test (org.junit.Test)48
SSLException (javax.net.ssl.SSLException)46
ServerBootstrap (io.netty.bootstrap.ServerBootstrap)41
SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)37
NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)36
Bootstrap (io.netty.bootstrap.Bootstrap)35
LoggingHandler (io.netty.handler.logging.LoggingHandler)35
SocketChannel (io.netty.channel.socket.SocketChannel)34
NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)33
InetSocketAddress (java.net.InetSocketAddress)31
SslHandler (io.netty.handler.ssl.SslHandler)30
CertificateException (java.security.cert.CertificateException)29
IOException (java.io.IOException)26
File (java.io.File)24
ChannelPipeline (io.netty.channel.ChannelPipeline)23
