use of org.infinispan.commons.util.SslContextFactory in project infinispan by infinispan.
the class ChannelInitializer method initSsl.
private void initSsl(Channel channel) {
SslConfiguration ssl = configuration.security().ssl();
SslContext sslContext;
if (ssl.sslContext() == null) {
SslContextBuilder builder = SslContextBuilder.forClient();
try {
if (ssl.keyStoreFileName() != null) {
builder.keyManager(new SslContextFactory().keyStoreFileName(ssl.keyStoreFileName()).keyStoreType(ssl.keyStoreType()).keyStorePassword(ssl.keyStorePassword()).keyAlias(ssl.keyAlias()).keyStoreCertificatePassword(ssl.keyStoreCertificatePassword()).classLoader(configuration.classLoader()).getKeyManagerFactory());
}
if (ssl.trustStoreFileName() != null) {
if ("pem".equalsIgnoreCase(ssl.trustStoreType())) {
builder.trustManager(new File(ssl.trustStoreFileName()));
} else {
builder.trustManager(new SslContextFactory().trustStoreFileName(ssl.trustStoreFileName()).trustStoreType(ssl.trustStoreType()).trustStorePassword(ssl.trustStorePassword()).classLoader(configuration.classLoader()).getTrustManagerFactory());
}
}
if (ssl.trustStorePath() != null) {
builder.trustManager(new File(ssl.trustStorePath()));
}
if (ssl.protocol() != null) {
builder.protocols(ssl.protocol());
}
if (ssl.ciphers() != null) {
builder.ciphers(ssl.ciphers());
}
if (ssl.provider() != null) {
builder.sslContextProvider(Security.getProvider(ssl.provider()));
}
sslContext = builder.build();
} catch (Exception e) {
throw new CacheConfigurationException(e);
}
} else {
sslContext = new JdkSslContext(ssl.sslContext(), true, ClientAuth.NONE);
}
SslHandler sslHandler = sslContext.newHandler(channel.alloc(), ssl.sniHostName(), -1);
if (ssl.sniHostName() != null) {
SSLParameters sslParameters = sslHandler.engine().getSSLParameters();
sslParameters.setServerNames(Collections.singletonList(new SNIHostName(ssl.sniHostName())));
sslHandler.engine().setSSLParameters(sslParameters);
}
channel.pipeline().addFirst(sslHandler, SslHandshakeExceptionHandler.INSTANCE);
}
use of org.infinispan.commons.util.SslContextFactory in project infinispan by infinispan.
the class HotRodSslFunctionalTest method connectClient.
@Override
protected HotRodClient connectClient(byte protocolVersion) {
SslConfiguration ssl = hotRodServer.getConfiguration().ssl();
SSLContext sslContext = new SslContextFactory().keyStoreFileName(ssl.keyStoreFileName()).keyStorePassword(ssl.keyStorePassword()).keyStoreType("pkcs12").trustStoreFileName(ssl.trustStoreFileName()).trustStorePassword(ssl.trustStorePassword()).trustStoreType("pkcs12").getContext();
SSLEngine sslEngine = SslContextFactory.getEngine(sslContext, true, false);
return new HotRodClient(hotRodServer.getHost(), hotRodServer.getPort(), cacheName, HotRodClient.DEFAULT_TIMEOUT_SECONDS, protocolVersion, sslEngine);
}
use of org.infinispan.commons.util.SslContextFactory in project infinispan by infinispan.
the class SinglePortTest method shouldUpgradeThroughALPN.
@Test
public void shouldUpgradeThroughALPN() throws Exception {
checkForOpenSSL();
// given
restServer = RestTestingUtil.createDefaultRestServer("rest", "default");
RestServerRouteDestination restDestination = new RestServerRouteDestination("rest", restServer);
SinglePortRouteSource singlePortSource = new SinglePortRouteSource();
Route<SinglePortRouteSource, RestServerRouteDestination> routeToRest = new Route<>(singlePortSource, restDestination);
SslContextFactory sslContextFactory = new SslContextFactory();
RouterConfigurationBuilder routerConfigurationBuilder = new RouterConfigurationBuilder();
routerConfigurationBuilder.singlePort().sslContext(sslContextFactory.keyStoreFileName(KEY_STORE_PATH).keyStorePassword(KEY_STORE_PASSWORD.toCharArray()).getContext()).port(0).ip(InetAddress.getLoopbackAddress()).routing().add(routeToRest);
router = new Router(routerConfigurationBuilder.build());
router.start();
EndpointRouter singlePortRouter = router.getRouter(EndpointRouter.Protocol.SINGLE_PORT).get();
// when
RestClientConfigurationBuilder builder = new RestClientConfigurationBuilder();
builder.addServer().host(singlePortRouter.getHost()).port(singlePortRouter.getPort()).protocol(Protocol.HTTP_20).security().ssl().trustStoreFileName(TRUST_STORE_PATH).trustStorePassword("secret".toCharArray()).hostnameVerifier((hostname, session) -> true);
httpClient = RestClient.forConfiguration(builder.build());
CompletionStage<RestResponse> response = httpClient.cache("default").post("test", VALUE);
// then
ResponseAssertion.assertThat(response).hasNoContent();
}
use of org.infinispan.commons.util.SslContextFactory in project infinispan by infinispan.
the class SSLClassPathConfigurationTest method testLoadTrustStore.
public void testLoadTrustStore() {
String keyStoreFileName = getClass().getResource("/keystore_client.p12").getPath();
String truststoreFileName = "classpath:ca.p12";
char[] password = "secret".toCharArray();
SSLContext context = new SslContextFactory().keyStoreFileName(keyStoreFileName).keyStoreType("pkcs12").keyStorePassword(password).trustStoreFileName(truststoreFileName).trustStoreType("pkcs12").trustStorePassword(password).getContext();
assertNotNull(context);
}
use of org.infinispan.commons.util.SslContextFactory in project infinispan by infinispan.
the class SinglePortTest method shouldUpgradeToHotRodThroughALPN.
@Test
public void shouldUpgradeToHotRodThroughALPN() {
checkForOpenSSL();
// given
hotrodServer = HotRodTestingUtil.startHotRodServerWithoutTransport("default");
restServer = RestTestingUtil.createDefaultRestServer("rest", "default");
HotRodServerRouteDestination hotrodDestination = new HotRodServerRouteDestination("hotrod", hotrodServer);
RestServerRouteDestination restDestination = new RestServerRouteDestination("rest", restServer);
SinglePortRouteSource singlePortSource = new SinglePortRouteSource();
Route<SinglePortRouteSource, RestServerRouteDestination> routeToRest = new Route<>(singlePortSource, restDestination);
Route<SinglePortRouteSource, HotRodServerRouteDestination> routeToHotRod = new Route<>(singlePortSource, hotrodDestination);
SslContextFactory sslContextFactory = new SslContextFactory();
RouterConfigurationBuilder routerConfigurationBuilder = new RouterConfigurationBuilder();
routerConfigurationBuilder.singlePort().sslContext(sslContextFactory.keyStoreFileName(KEY_STORE_PATH).keyStorePassword(KEY_STORE_PASSWORD.toCharArray()).getContext()).port(0).ip(InetAddress.getLoopbackAddress()).routing().add(routeToRest).add(routeToHotRod);
router = new Router(routerConfigurationBuilder.build());
router.start();
EndpointRouter endpointRouter = router.getRouter(EndpointRouter.Protocol.SINGLE_PORT).get();
// when
ConfigurationBuilder builder = new ConfigurationBuilder();
builder.addServer().host(endpointRouter.getIp().getHostAddress()).port(endpointRouter.getPort());
builder.security().ssl().trustStoreFileName(TRUST_STORE_PATH).trustStorePassword(TRUST_STORE_PASSWORD.toCharArray());
hotRodClient = new RemoteCacheManager(builder.build());
hotRodClient.getCache("default").put("test", "test");
}
Aggregations