Examples with SslContextBuilder org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContextBuilder used on opensource projects

Example 36 with SslContextBuilder

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContextBuilder in project jetcd by coreos.

the class ClientBuilder method sslContext.

/**
 * Configure SSL/TLS context create through {@link GrpcSslContexts#forClient} to use.
 *
 * @param  consumer     the SslContextBuilder consumer
 * @return              this builder
 * @throws SSLException if the SslContextBuilder fails
 */
public ClientBuilder sslContext(Consumer<SslContextBuilder> consumer) throws SSLException {
    SslContextBuilder builder = GrpcSslContexts.forClient();
    consumer.accept(builder);
    return sslContext(builder.build());
}

Example 37 with SslContextBuilder

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContextBuilder in project dubbo by alibaba.

the class GrpcOptionsUtils method buildClientSslContext.

private static SslContext buildClientSslContext(URL url) {
    ConfigManager globalConfigManager = ApplicationModel.getConfigManager();
    SslConfig sslConfig = globalConfigManager.getSsl().orElseThrow(() -> new IllegalStateException("Ssl enabled, but no ssl cert information provided!"));
    SslContextBuilder builder = GrpcSslContexts.forClient();
    InputStream trustCertCollectionFilePath = null;
    InputStream clientCertChainFilePath = null;
    InputStream clientPrivateKeyFilePath = null;
    try {
        trustCertCollectionFilePath = sslConfig.getClientTrustCertCollectionPathStream();
        if (trustCertCollectionFilePath != null) {
            builder.trustManager(trustCertCollectionFilePath);
        }
        clientCertChainFilePath = sslConfig.getClientKeyCertChainPathStream();
        clientPrivateKeyFilePath = sslConfig.getClientPrivateKeyPathStream();
        if (clientCertChainFilePath != null && clientPrivateKeyFilePath != null) {
            String password = sslConfig.getClientKeyPassword();
            if (password != null) {
                builder.keyManager(clientCertChainFilePath, clientPrivateKeyFilePath, password);
            } else {
                builder.keyManager(clientCertChainFilePath, clientPrivateKeyFilePath);
            }
        }
    } catch (Exception e) {
        throw new IllegalArgumentException("Could not find certificate file or find invalid certificate.", e);
    } finally {
        safeCloseStream(trustCertCollectionFilePath);
        safeCloseStream(clientCertChainFilePath);
        safeCloseStream(clientPrivateKeyFilePath);
    }
    try {
        return builder.build();
    } catch (SSLException e) {
        throw new IllegalStateException("Build SslSession failed.", e);
    }
}

Example 38 with SslContextBuilder

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContextBuilder in project cxf by apache.

the class NettyHttpServletPipelineFactory method configureServerHttp2SSLOnDemand.

private SslContext configureServerHttp2SSLOnDemand() throws Exception {
    if (tlsServerParameters != null) {
        final SSLContextInitParameters initParams = SSLUtils.getSSLContextInitParameters(tlsServerParameters);
        // Use only JDK provider for now, leaving OpenSsl as an option
        final SslProvider provider = SslProvider.JDK;
        final KeyManager[] keyManagers = initParams.getKeyManagers();
        if (keyManagers == null || keyManagers.length == 0) {
            throw new IllegalStateException("No KeyManagers are configured, unable " + "to create Netty's SslContext instance");
        }
        final String[] cipherSuites = org.apache.cxf.configuration.jsse.SSLUtils.getCiphersuitesToInclude(tlsServerParameters.getCipherSuites(), tlsServerParameters.getCipherSuitesFilter(), SSLContext.getDefault().getDefaultSSLParameters().getCipherSuites(), Http2SecurityUtil.CIPHERS.toArray(new String[] {}), LOG);
        final SslContextBuilder builder = SslContextBuilder.forServer(keyManagers[0]).sslProvider(provider).ciphers(Arrays.asList(cipherSuites), SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
        SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
        SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1));
        final TrustManager[] trustManagers = initParams.getTrustManagers();
        if (trustManagers != null && trustManagers.length > 0) {
            builder.trustManager(trustManagers[0]);
        }
        final ClientAuthentication clientAuth = tlsServerParameters.getClientAuthentication();
        if (clientAuth != null) {
            if (clientAuth.isSetRequired() && clientAuth.isRequired()) {
                builder.clientAuth(ClientAuth.REQUIRE);
            } else if (clientAuth.isSetWant() && clientAuth.isWant()) {
                builder.clientAuth(ClientAuth.OPTIONAL);
            }
        }
        return builder.build();
    }
    return null;
}

Example 39 with SslContextBuilder

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContextBuilder in project grpc-java by grpc.

the class DynamicSslContextProvider method updateSslContext.

// this gets called only when requested secrets are ready...
protected final void updateSslContext() {
    try {
        CertificateValidationContext localCertValidationContext = generateCertificateValidationContext();
        SslContextBuilder sslContextBuilder = getSslContextBuilder(localCertValidationContext);
        CommonTlsContext commonTlsContext = getCommonTlsContext();
        if (commonTlsContext != null && commonTlsContext.getAlpnProtocolsCount() > 0) {
            List<String> alpnList = commonTlsContext.getAlpnProtocolsList();
            ApplicationProtocolConfig apn = new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, alpnList);
            sslContextBuilder.applicationProtocolConfig(apn);
        }
        List<Callback> pendingCallbacksCopy;
        SslContext sslContextCopy;
        synchronized (pendingCallbacks) {
            sslContext = sslContextBuilder.build();
            sslContextCopy = sslContext;
            pendingCallbacksCopy = clonePendingCallbacksAndClear();
        }
        makePendingCallbacks(sslContextCopy, pendingCallbacksCopy);
    } catch (Exception e) {
        onError(Status.fromThrowable(e));
        throw new RuntimeException(e);
    }
}

Example 40 with SslContextBuilder

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContextBuilder in project grpc-java by grpc.

the class TlsTest method serverBuilder.

private ServerBuilder<?> serverBuilder(int port, File serverCertChainFile, File serverPrivateKeyFile, X509Certificate[] serverTrustedCaCerts) throws IOException {
    SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(serverCertChainFile, serverPrivateKeyFile);
    if (sslProvider == SslProvider.JDK) {
        GrpcSslContexts.configure(sslContextBuilder, jdkProvider);
    } else {
        GrpcSslContexts.configure(sslContextBuilder, sslProvider);
    }
    sslContextBuilder.trustManager(serverTrustedCaCerts).clientAuth(ClientAuth.REQUIRE);
    return NettyServerBuilder.forPort(port).sslContext(sslContextBuilder.build());
}