Example 1 with SslConfiguration
use of org.infinispan.client.hotrod.configuration.SslConfiguration in project infinispan by infinispan.
the class ChannelInitializer method initSsl.
private void initSsl(Channel channel) {
SslConfiguration ssl = configuration.security().ssl();
SslContext sslContext;
if (ssl.sslContext() == null) {
SslContextBuilder builder = SslContextBuilder.forClient();
try {
if (ssl.keyStoreFileName() != null) {
builder.keyManager(new SslContextFactory().keyStoreFileName(ssl.keyStoreFileName()).keyStoreType(ssl.keyStoreType()).keyStorePassword(ssl.keyStorePassword()).keyAlias(ssl.keyAlias()).keyStoreCertificatePassword(ssl.keyStoreCertificatePassword()).classLoader(configuration.classLoader()).getKeyManagerFactory());
}
if (ssl.trustStoreFileName() != null) {
if ("pem".equalsIgnoreCase(ssl.trustStoreType())) {
builder.trustManager(new File(ssl.trustStoreFileName()));
} else {
builder.trustManager(new SslContextFactory().trustStoreFileName(ssl.trustStoreFileName()).trustStoreType(ssl.trustStoreType()).trustStorePassword(ssl.trustStorePassword()).classLoader(configuration.classLoader()).getTrustManagerFactory());
}
}
if (ssl.trustStorePath() != null) {
builder.trustManager(new File(ssl.trustStorePath()));
}
if (ssl.protocol() != null) {
builder.protocols(ssl.protocol());
}
if (ssl.ciphers() != null) {
builder.ciphers(ssl.ciphers());
}
if (ssl.provider() != null) {
builder.sslContextProvider(Security.getProvider(ssl.provider()));
}
sslContext = builder.build();
} catch (Exception e) {
throw new CacheConfigurationException(e);
}
} else {
sslContext = new JdkSslContext(ssl.sslContext(), true, ClientAuth.NONE);
}
SslHandler sslHandler = sslContext.newHandler(channel.alloc(), ssl.sniHostName(), -1);
if (ssl.sniHostName() != null) {
SSLParameters sslParameters = sslHandler.engine().getSSLParameters();
sslParameters.setServerNames(Collections.singletonList(new SNIHostName(ssl.sniHostName())));
sslHandler.engine().setSSLParameters(sslParameters);
}
channel.pipeline().addFirst(sslHandler, SslHandshakeExceptionHandler.INSTANCE);
}
Also used :
SslContextFactory(org.infinispan.commons.util.SslContextFactory)
JdkSslContext(io.netty.handler.ssl.JdkSslContext)
SSLParameters(javax.net.ssl.SSLParameters)
SslConfiguration(org.infinispan.client.hotrod.configuration.SslConfiguration)
SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)
CacheConfigurationException(org.infinispan.commons.CacheConfigurationException)
SNIHostName(javax.net.ssl.SNIHostName)
File(java.io.File)
SaslException(javax.security.sasl.SaslException)
PrivilegedActionException(java.security.PrivilegedActionException)
CacheConfigurationException(org.infinispan.commons.CacheConfigurationException)
SslHandler(io.netty.handler.ssl.SslHandler)
JdkSslContext(io.netty.handler.ssl.JdkSslContext)
SslContext(io.netty.handler.ssl.SslContext)
Aggregations
JdkSslContext (io.netty.handler.ssl.JdkSslContext)1
SslContext (io.netty.handler.ssl.SslContext)1
SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)1
SslHandler (io.netty.handler.ssl.SslHandler)1
File (java.io.File)1
PrivilegedActionException (java.security.PrivilegedActionException)1
SNIHostName (javax.net.ssl.SNIHostName)1
SSLParameters (javax.net.ssl.SSLParameters)1
SaslException (javax.security.sasl.SaslException)1
SslConfiguration (org.infinispan.client.hotrod.configuration.SslConfiguration)1
CacheConfigurationException (org.infinispan.commons.CacheConfigurationException)1
SslContextFactory (org.infinispan.commons.util.SslContextFactory)1
