use of org.conscrypt.OpenSSLProvider in project netty by netty.
the class SSLEngineTest method testMasterKeyLogging.
@MethodSource("newTestParams")
@ParameterizedTest
public void testMasterKeyLogging(final SSLEngineTestParam param) throws Exception {
if (param.combo() != ProtocolCipherCombo.tlsv12()) {
return;
}
/*
* At the moment master key logging is not supported for conscrypt
*/
assumeFalse(serverSslContextProvider() instanceof OpenSSLProvider);
/*
* The JDK SSL engine master key retrieval relies on being able to set field access to true.
* That is not available in JDK9+
*/
assumeFalse(sslServerProvider() == SslProvider.JDK && PlatformDependent.javaVersion() > 8);
String originalSystemPropertyValue = SystemPropertyUtil.get(SslMasterKeyHandler.SYSTEM_PROP_KEY);
System.setProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY, Boolean.TRUE.toString());
SelfSignedCertificate ssc = new SelfSignedCertificate();
serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(param.protocols()).ciphers(param.ciphers()).build());
Socket socket = null;
try {
sb = new ServerBootstrap();
sb.group(new NioEventLoopGroup(), new NioEventLoopGroup());
sb.channel(NioServerSocketChannel.class);
final Promise<SecretKey> promise = sb.config().group().next().newPromise();
serverChannel = sb.childHandler(new ChannelInitializer<Channel>() {
@Override
protected void initChannel(Channel ch) {
ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), param.type()));
SslHandler sslHandler = !param.delegate() ? serverSslCtx.newHandler(ch.alloc()) : serverSslCtx.newHandler(ch.alloc(), delegatingExecutor);
ch.pipeline().addLast(sslHandler);
ch.pipeline().addLast(new SslMasterKeyHandler() {
@Override
protected void accept(SecretKey masterKey, SSLSession session) {
promise.setSuccess(masterKey);
}
});
serverConnectedChannel = ch;
}
}).bind(new InetSocketAddress(0)).sync().channel();
int port = ((InetSocketAddress) serverChannel.localAddress()).getPort();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, InsecureTrustManagerFactory.INSTANCE.getTrustManagers(), null);
socket = sslContext.getSocketFactory().createSocket(NetUtil.LOCALHOST, port);
OutputStream out = socket.getOutputStream();
out.write(1);
out.flush();
assertTrue(promise.await(10, TimeUnit.SECONDS));
SecretKey key = promise.get();
assertEquals(48, key.getEncoded().length, "AES secret key must be 48 bytes");
} finally {
closeQuietly(socket);
if (originalSystemPropertyValue != null) {
System.setProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY, originalSystemPropertyValue);
} else {
System.clearProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY);
}
ssc.delete();
}
}
use of org.conscrypt.OpenSSLProvider in project beam by apache.
the class DataflowWorkerHarnessHelper method initializeGlobalStateAndPipelineOptions.
public static DataflowWorkerHarnessOptions initializeGlobalStateAndPipelineOptions(Class<?> workerHarnessClass) throws Exception {
/* Extract pipeline options. */
DataflowWorkerHarnessOptions pipelineOptions = WorkerPipelineOptionsFactory.createFromSystemProperties();
pipelineOptions.setAppName(workerHarnessClass.getSimpleName());
/* Configure logging with job-specific properties. */
DataflowWorkerLoggingMDC.setJobId(pipelineOptions.getJobId());
DataflowWorkerLoggingMDC.setWorkerId(pipelineOptions.getWorkerId());
ExperimentContext ec = ExperimentContext.parseFrom(pipelineOptions);
String experimentName = Experiment.EnableConscryptSecurityProvider.getName();
if (ec.isEnabled(Experiment.EnableConscryptSecurityProvider)) {
/* Enable fast SSL provider. */
LOG.info("Dataflow runner is using conscrypt SSL. To disable this feature, " + "remove the pipeline option --experiments={}", experimentName);
Security.insertProviderAt(new OpenSSLProvider(), 1);
} else {
LOG.info("Not using conscrypt SSL. Note this is the default Java behavior, but may " + "have reduced performance. To use conscrypt SSL pass pipeline option " + "--experiments={}", experimentName);
}
return pipelineOptions;
}
Aggregations