Example 31 with SslContext
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project activemq-artemis by apache.
the class NettyConnector method loadOpenSslEngine.
private SSLEngine loadOpenSslEngine(ByteBufAllocator alloc, String realKeyStoreProvider, String realKeyStorePath, String realKeyStorePassword, String realTrustStoreProvider, String realTrustStorePath, String realTrustStorePassword) throws Exception {
SslContext context = SSLSupport.createNettyContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword, sslProvider);
Subject subject = null;
if (kerb5Config != null) {
LoginContext loginContext = new LoginContext(kerb5Config);
loginContext.login();
subject = loginContext.getSubject();
verifyHost = true;
}
SSLEngine engine = Subject.doAs(subject, new PrivilegedExceptionAction<SSLEngine>() {
@Override
public SSLEngine run() {
if (verifyHost) {
return context.newEngine(alloc, sniHost != null ? sniHost : host, port);
} else {
return context.newEngine(alloc);
}
}
});
return engine;
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
SSLEngine(javax.net.ssl.SSLEngine)
Subject(javax.security.auth.Subject)
SslContext(io.netty.handler.ssl.SslContext)
Example 32 with SslContext
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project drill by apache.
the class SSLConfigServer method initNettySslContext.
@Override
public SslContext initNettySslContext() throws DrillException {
final SslContext sslCtx;
if (!userSslEnabled) {
return null;
}
KeyManagerFactory kmf;
TrustManagerFactory tmf;
try {
if (keyStorePath.isEmpty()) {
throw new DrillException("No Keystore provided.");
}
kmf = initializeKeyManagerFactory();
tmf = initializeTrustManagerFactory();
sslCtx = SslContextBuilder.forServer(kmf).trustManager(tmf).protocols(protocol).sslProvider(getProvider()).build();
} catch (Exception e) {
// Catch any SSL initialization Exceptions here and abort.
throw new DrillException(new StringBuilder().append("SSL is enabled but cannot be initialized - ").append("[ ").append(e.getMessage()).append("]. ").toString());
}
this.nettySslContext = sslCtx;
return sslCtx;
}
Also used :
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
DrillException(org.apache.drill.common.exceptions.DrillException)
DrillException(org.apache.drill.common.exceptions.DrillException)
SslContext(io.netty.handler.ssl.SslContext)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 33 with SslContext
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project component-runtime by Talend.
the class HttpApiHandler method activeSsl.
public T activeSsl() {
if (sslContext == null) {
try {
final SelfSignedCertificate certificate = new SelfSignedCertificate();
final SslContext nettyContext = SslContextBuilder.forServer(certificate.certificate(), certificate.privateKey()).trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(SslProvider.JDK).build();
sslContext = JdkSslContext.class.cast(nettyContext).context();
} catch (final SSLException | CertificateException e) {
throw new IllegalStateException(e);
}
}
return (T) this;
}
Also used :
SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate)
CertificateException(java.security.cert.CertificateException)
SSLException(javax.net.ssl.SSLException)
JdkSslContext(io.netty.handler.ssl.JdkSslContext)
SslContext(io.netty.handler.ssl.SslContext)
Example 34 with SslContext
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project redisson by redisson.
the class RedisChannelInitializer method initSsl.
private void initSsl(final RedisClientConfig config, Channel ch) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, SSLException, UnrecoverableKeyException {
if (!config.getAddress().isSsl()) {
return;
}
io.netty.handler.ssl.SslProvider provided = io.netty.handler.ssl.SslProvider.JDK;
if (config.getSslProvider() == SslProvider.OPENSSL) {
provided = io.netty.handler.ssl.SslProvider.OPENSSL;
}
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient().sslProvider(provided);
sslContextBuilder.protocols(config.getSslProtocols());
if (config.getSslTruststore() != null) {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream stream = config.getSslTruststore().openStream();
try {
char[] password = null;
if (config.getSslTruststorePassword() != null) {
password = config.getSslTruststorePassword().toCharArray();
}
keyStore.load(stream, password);
} finally {
stream.close();
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
sslContextBuilder.trustManager(trustManagerFactory);
}
if (config.getSslKeystore() != null) {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream stream = config.getSslKeystore().openStream();
char[] password = null;
if (config.getSslKeystorePassword() != null) {
password = config.getSslKeystorePassword().toCharArray();
}
try {
keyStore.load(stream, password);
} finally {
stream.close();
}
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, password);
sslContextBuilder.keyManager(keyManagerFactory);
}
SSLParameters sslParams = new SSLParameters();
if (config.isSslEnableEndpointIdentification()) {
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
} else {
if (config.getSslTruststore() == null) {
sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
}
}
SslContext sslContext = sslContextBuilder.build();
String hostname = config.getSslHostname();
if (hostname == null || NetUtil.createByteArrayFromIpAddressString(hostname) != null) {
hostname = config.getAddress().getHost();
}
SSLEngine sslEngine = sslContext.newEngine(ch.alloc(), hostname, config.getAddress().getPort());
sslEngine.setSSLParameters(sslParams);
SslHandler sslHandler = new SslHandler(sslEngine);
ch.pipeline().addLast(sslHandler);
ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {
volatile boolean sslInitDone;
@Override
public void channelActive(ChannelHandlerContext ctx) throws Exception {
if (sslInitDone) {
super.channelActive(ctx);
}
}
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
if (!sslInitDone && (evt instanceof SslHandshakeCompletionEvent)) {
SslHandshakeCompletionEvent e = (SslHandshakeCompletionEvent) evt;
if (e.isSuccess()) {
sslInitDone = true;
ctx.fireChannelActive();
} else {
RedisConnection connection = RedisConnection.getFrom(ctx.channel());
connection.closeAsync();
connection.getConnectionPromise().completeExceptionally(e.cause());
}
}
super.userEventTriggered(ctx, evt);
}
});
}
Also used :
SslHandshakeCompletionEvent(io.netty.handler.ssl.SslHandshakeCompletionEvent)
InputStream(java.io.InputStream)
ChannelHandlerContext(io.netty.channel.ChannelHandlerContext)
javax.net.ssl(javax.net.ssl)
KeyStore(java.security.KeyStore)
SslHandler(io.netty.handler.ssl.SslHandler)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)
InsecureTrustManagerFactory(io.netty.handler.ssl.util.InsecureTrustManagerFactory)
SslContext(io.netty.handler.ssl.SslContext)
ChannelInboundHandlerAdapter(io.netty.channel.ChannelInboundHandlerAdapter)
RedisConnection(org.redisson.client.RedisConnection)
Example 35 with SslContext
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project cassandra by apache.
the class SSLFactory method getOrCreateSslContext.
/**
* get a netty {@link SslContext} instance
*/
public static SslContext getOrCreateSslContext(EncryptionOptions options, boolean verifyPeerCertificate, SocketType socketType) throws IOException {
CacheKey key = new CacheKey(options, socketType);
SslContext sslContext;
sslContext = cachedSslContexts.get(key);
if (sslContext != null)
return sslContext;
sslContext = createNettySslContext(options, verifyPeerCertificate, socketType);
SslContext previous = cachedSslContexts.putIfAbsent(key, sslContext);
if (previous == null)
return sslContext;
ReferenceCountUtil.release(sslContext);
return previous;
}
Also used :
SslContext(io.netty.handler.ssl.SslContext)
Aggregations
SslContext (io.netty.handler.ssl.SslContext)220
NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)67
SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)59
EventLoopGroup (io.netty.channel.EventLoopGroup)52
Channel (io.netty.channel.Channel)48
Test (org.junit.Test)48
SSLException (javax.net.ssl.SSLException)46
ServerBootstrap (io.netty.bootstrap.ServerBootstrap)41
SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)37
NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)36
Bootstrap (io.netty.bootstrap.Bootstrap)35
LoggingHandler (io.netty.handler.logging.LoggingHandler)35
SocketChannel (io.netty.channel.socket.SocketChannel)34
NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)33
InetSocketAddress (java.net.InetSocketAddress)31
SslHandler (io.netty.handler.ssl.SslHandler)30
CertificateException (java.security.cert.CertificateException)29
IOException (java.io.IOException)26
ChannelPipeline (io.netty.channel.ChannelPipeline)23
File (java.io.File)23
