Example 1 with SSLContextException
use of org.apache.zookeeper.common.X509Exception.SSLContextException in project zookeeper by apache.
the class X509Util method createSSLContext.
public static SSLContext createSSLContext(ZKConfig config) throws SSLContextException {
KeyManager[] keyManagers = null;
TrustManager[] trustManagers = null;
String keyStoreLocationProp = config.getProperty(ZKConfig.SSL_KEYSTORE_LOCATION);
String keyStorePasswordProp = config.getProperty(ZKConfig.SSL_KEYSTORE_PASSWD);
if (keyStoreLocationProp == null && keyStorePasswordProp == null) {
LOG.warn("keystore not specified for client connection");
} else {
if (keyStoreLocationProp == null) {
throw new SSLContextException("keystore location not specified for client connection");
}
if (keyStorePasswordProp == null) {
throw new SSLContextException("keystore password not specified for client connection");
}
try {
keyManagers = new KeyManager[] { createKeyManager(keyStoreLocationProp, keyStorePasswordProp) };
} catch (KeyManagerException e) {
throw new SSLContextException("Failed to create KeyManager", e);
}
}
String trustStoreLocationProp = config.getProperty(ZKConfig.SSL_TRUSTSTORE_LOCATION);
String trustStorePasswordProp = config.getProperty(ZKConfig.SSL_TRUSTSTORE_PASSWD);
if (trustStoreLocationProp == null && trustStorePasswordProp == null) {
LOG.warn("keystore not specified for client connection");
} else {
if (trustStoreLocationProp == null) {
throw new SSLContextException("keystore location not specified for client connection");
}
if (trustStorePasswordProp == null) {
throw new SSLContextException("keystore password not specified for client connection");
}
try {
trustManagers = new TrustManager[] { createTrustManager(trustStoreLocationProp, trustStorePasswordProp) };
} catch (TrustManagerException e) {
throw new SSLContextException("Failed to create KeyManager", e);
}
}
SSLContext sslContext = null;
try {
sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(keyManagers, trustManagers, null);
} catch (Exception e) {
throw new SSLContextException(e);
}
return sslContext;
}
Also used :
KeyManagerException(org.apache.zookeeper.common.X509Exception.KeyManagerException)
SSLContextException(org.apache.zookeeper.common.X509Exception.SSLContextException)
TrustManagerException(org.apache.zookeeper.common.X509Exception.TrustManagerException)
SSLContext(javax.net.ssl.SSLContext)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
TrustManagerException(org.apache.zookeeper.common.X509Exception.TrustManagerException)
IOException(java.io.IOException)
KeyManagerException(org.apache.zookeeper.common.X509Exception.KeyManagerException)
SSLContextException(org.apache.zookeeper.common.X509Exception.SSLContextException)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
Example 2 with SSLContextException
use of org.apache.zookeeper.common.X509Exception.SSLContextException in project zookeeper by apache.
the class NettyServerCnxnFactory method initSSL.
private synchronized void initSSL(ChannelPipeline p) throws X509Exception, KeyManagementException, NoSuchAlgorithmException {
String authProviderProp = System.getProperty(ZKConfig.SSL_AUTHPROVIDER);
SSLContext sslContext;
if (authProviderProp == null) {
sslContext = X509Util.createSSLContext();
} else {
sslContext = SSLContext.getInstance("TLSv1");
X509AuthenticationProvider authProvider = (X509AuthenticationProvider) ProviderRegistry.getProvider(System.getProperty(ZKConfig.SSL_AUTHPROVIDER, "x509"));
if (authProvider == null) {
LOG.error("Auth provider not found: {}", authProviderProp);
throw new SSLContextException("Could not create SSLContext with specified auth provider: " + authProviderProp);
}
sslContext.init(new X509KeyManager[] { authProvider.getKeyManager() }, new X509TrustManager[] { authProvider.getTrustManager() }, null);
}
SSLEngine sslEngine = sslContext.createSSLEngine();
sslEngine.setUseClientMode(false);
sslEngine.setNeedClientAuth(true);
p.addLast("ssl", new SslHandler(sslEngine));
LOG.info("SSL handler added for channel: {}", p.getChannel());
}
Also used :
X509AuthenticationProvider(org.apache.zookeeper.server.auth.X509AuthenticationProvider)
SSLEngine(javax.net.ssl.SSLEngine)
SSLContextException(org.apache.zookeeper.common.X509Exception.SSLContextException)
SSLContext(javax.net.ssl.SSLContext)
SslHandler(org.jboss.netty.handler.ssl.SslHandler)
Aggregations
SSLContext (javax.net.ssl.SSLContext)2
SSLContextException (org.apache.zookeeper.common.X509Exception.SSLContextException)2
IOException (java.io.IOException)1
KeyManager (javax.net.ssl.KeyManager)1
SSLEngine (javax.net.ssl.SSLEngine)1
TrustManager (javax.net.ssl.TrustManager)1
X509KeyManager (javax.net.ssl.X509KeyManager)1
X509TrustManager (javax.net.ssl.X509TrustManager)1
KeyManagerException (org.apache.zookeeper.common.X509Exception.KeyManagerException)1
TrustManagerException (org.apache.zookeeper.common.X509Exception.TrustManagerException)1
X509AuthenticationProvider (org.apache.zookeeper.server.auth.X509AuthenticationProvider)1
SslHandler (org.jboss.netty.handler.ssl.SslHandler)1
