Search in sources :

Example 1 with OpenSSLProvider

use of org.conscrypt.OpenSSLProvider in project netty by netty.

the class SSLEngineTest method testMasterKeyLogging.

@MethodSource("newTestParams")
@ParameterizedTest
public void testMasterKeyLogging(final SSLEngineTestParam param) throws Exception {
    if (param.combo() != ProtocolCipherCombo.tlsv12()) {
        return;
    }
    /*
         * At the moment master key logging is not supported for conscrypt
         */
    assumeFalse(serverSslContextProvider() instanceof OpenSSLProvider);
    /*
         * The JDK SSL engine master key retrieval relies on being able to set field access to true.
         * That is not available in JDK9+
         */
    assumeFalse(sslServerProvider() == SslProvider.JDK && PlatformDependent.javaVersion() > 8);
    String originalSystemPropertyValue = SystemPropertyUtil.get(SslMasterKeyHandler.SYSTEM_PROP_KEY);
    System.setProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY, Boolean.TRUE.toString());
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    serverSslCtx = wrapContext(param, SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).sslContextProvider(serverSslContextProvider()).protocols(param.protocols()).ciphers(param.ciphers()).build());
    Socket socket = null;
    try {
        sb = new ServerBootstrap();
        sb.group(new NioEventLoopGroup(), new NioEventLoopGroup());
        sb.channel(NioServerSocketChannel.class);
        final Promise<SecretKey> promise = sb.config().group().next().newPromise();
        serverChannel = sb.childHandler(new ChannelInitializer<Channel>() {

            @Override
            protected void initChannel(Channel ch) {
                ch.config().setAllocator(new TestByteBufAllocator(ch.config().getAllocator(), param.type()));
                SslHandler sslHandler = !param.delegate() ? serverSslCtx.newHandler(ch.alloc()) : serverSslCtx.newHandler(ch.alloc(), delegatingExecutor);
                ch.pipeline().addLast(sslHandler);
                ch.pipeline().addLast(new SslMasterKeyHandler() {

                    @Override
                    protected void accept(SecretKey masterKey, SSLSession session) {
                        promise.setSuccess(masterKey);
                    }
                });
                serverConnectedChannel = ch;
            }
        }).bind(new InetSocketAddress(0)).sync().channel();
        int port = ((InetSocketAddress) serverChannel.localAddress()).getPort();
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, InsecureTrustManagerFactory.INSTANCE.getTrustManagers(), null);
        socket = sslContext.getSocketFactory().createSocket(NetUtil.LOCALHOST, port);
        OutputStream out = socket.getOutputStream();
        out.write(1);
        out.flush();
        assertTrue(promise.await(10, TimeUnit.SECONDS));
        SecretKey key = promise.get();
        assertEquals(48, key.getEncoded().length, "AES secret key must be 48 bytes");
    } finally {
        closeQuietly(socket);
        if (originalSystemPropertyValue != null) {
            System.setProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY, originalSystemPropertyValue);
        } else {
            System.clearProperty(SslMasterKeyHandler.SYSTEM_PROP_KEY);
        }
        ssc.delete();
    }
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) InetSocketAddress(java.net.InetSocketAddress) SocketChannel(io.netty.channel.socket.SocketChannel) Channel(io.netty.channel.Channel) NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) ByteArrayOutputStream(java.io.ByteArrayOutputStream) OutputStream(java.io.OutputStream) ExtendedSSLSession(javax.net.ssl.ExtendedSSLSession) SSLSession(javax.net.ssl.SSLSession) SSLContext(javax.net.ssl.SSLContext) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) SecretKey(javax.crypto.SecretKey) OpenSSLProvider(org.conscrypt.OpenSSLProvider) Socket(java.net.Socket) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) MethodSource(org.junit.jupiter.params.provider.MethodSource) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 2 with OpenSSLProvider

use of org.conscrypt.OpenSSLProvider in project beam by apache.

the class DataflowWorkerHarnessHelper method initializeGlobalStateAndPipelineOptions.

public static DataflowWorkerHarnessOptions initializeGlobalStateAndPipelineOptions(Class<?> workerHarnessClass) throws Exception {
    /* Extract pipeline options. */
    DataflowWorkerHarnessOptions pipelineOptions = WorkerPipelineOptionsFactory.createFromSystemProperties();
    pipelineOptions.setAppName(workerHarnessClass.getSimpleName());
    /* Configure logging with job-specific properties. */
    DataflowWorkerLoggingMDC.setJobId(pipelineOptions.getJobId());
    DataflowWorkerLoggingMDC.setWorkerId(pipelineOptions.getWorkerId());
    ExperimentContext ec = ExperimentContext.parseFrom(pipelineOptions);
    String experimentName = Experiment.EnableConscryptSecurityProvider.getName();
    if (ec.isEnabled(Experiment.EnableConscryptSecurityProvider)) {
        /* Enable fast SSL provider. */
        LOG.info("Dataflow runner is using conscrypt SSL. To disable this feature, " + "remove the pipeline option --experiments={}", experimentName);
        Security.insertProviderAt(new OpenSSLProvider(), 1);
    } else {
        LOG.info("Not using conscrypt SSL. Note this is the default Java behavior, but may " + "have reduced performance. To use conscrypt SSL pass pipeline option " + "--experiments={}", experimentName);
    }
    return pipelineOptions;
}
Also used : DataflowWorkerHarnessOptions(org.apache.beam.runners.dataflow.options.DataflowWorkerHarnessOptions) OpenSSLProvider(org.conscrypt.OpenSSLProvider)

Aggregations

OpenSSLProvider (org.conscrypt.OpenSSLProvider)2 ServerBootstrap (io.netty.bootstrap.ServerBootstrap)1 Channel (io.netty.channel.Channel)1 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)1 SocketChannel (io.netty.channel.socket.SocketChannel)1 NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)1 NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)1 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 OutputStream (java.io.OutputStream)1 InetSocketAddress (java.net.InetSocketAddress)1 Socket (java.net.Socket)1 SecretKey (javax.crypto.SecretKey)1 ExtendedSSLSession (javax.net.ssl.ExtendedSSLSession)1 SSLContext (javax.net.ssl.SSLContext)1 SSLSession (javax.net.ssl.SSLSession)1 DataflowWorkerHarnessOptions (org.apache.beam.runners.dataflow.options.DataflowWorkerHarnessOptions)1 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)1 MethodSource (org.junit.jupiter.params.provider.MethodSource)1