use of org.apache.zookeeper.common.SSLContextAndOptions in project zookeeper by apache.
the class NettyServerCnxnFactory method initSSL.
private synchronized void initSSL(ChannelPipeline p, boolean supportPlaintext) throws X509Exception, KeyManagementException, NoSuchAlgorithmException {
String authProviderProp = System.getProperty(x509Util.getSslAuthProviderProperty());
SslContext nettySslContext;
if (authProviderProp == null) {
SSLContextAndOptions sslContextAndOptions = x509Util.getDefaultSSLContextAndOptions();
nettySslContext = sslContextAndOptions.createNettyJdkSslContext(sslContextAndOptions.getSSLContext(), false);
} else {
SSLContext sslContext = SSLContext.getInstance(ClientX509Util.DEFAULT_PROTOCOL);
X509AuthenticationProvider authProvider = (X509AuthenticationProvider) ProviderRegistry.getProvider(System.getProperty(x509Util.getSslAuthProviderProperty(), "x509"));
if (authProvider == null) {
LOG.error("Auth provider not found: {}", authProviderProp);
throw new SSLContextException("Could not create SSLContext with specified auth provider: " + authProviderProp);
}
sslContext.init(new X509KeyManager[] { authProvider.getKeyManager() }, new X509TrustManager[] { authProvider.getTrustManager() }, null);
nettySslContext = x509Util.getDefaultSSLContextAndOptions().createNettyJdkSslContext(sslContext, false);
}
if (supportPlaintext) {
p.addLast("ssl", new DualModeSslHandler(nettySslContext));
LOG.debug("dual mode SSL handler added for channel: {}", p.channel());
} else {
p.addLast("ssl", nettySslContext.newHandler(p.channel().alloc()));
LOG.debug("SSL handler added for channel: {}", p.channel());
}
}
Aggregations