Search in sources :

Example 1 with SslContextFactory

use of org.infinispan.commons.util.SslContextFactory in project infinispan by infinispan.

the class ChannelInitializer method initSsl.

private void initSsl(Channel channel) {
    SslConfiguration ssl = configuration.security().ssl();
    SslContext sslContext;
    if (ssl.sslContext() == null) {
        SslContextBuilder builder = SslContextBuilder.forClient();
        try {
            if (ssl.keyStoreFileName() != null) {
                builder.keyManager(new SslContextFactory().keyStoreFileName(ssl.keyStoreFileName()).keyStoreType(ssl.keyStoreType()).keyStorePassword(ssl.keyStorePassword()).keyAlias(ssl.keyAlias()).keyStoreCertificatePassword(ssl.keyStoreCertificatePassword()).classLoader(configuration.classLoader()).getKeyManagerFactory());
            }
            if (ssl.trustStoreFileName() != null) {
                if ("pem".equalsIgnoreCase(ssl.trustStoreType())) {
                    builder.trustManager(new File(ssl.trustStoreFileName()));
                } else {
                    builder.trustManager(new SslContextFactory().trustStoreFileName(ssl.trustStoreFileName()).trustStoreType(ssl.trustStoreType()).trustStorePassword(ssl.trustStorePassword()).classLoader(configuration.classLoader()).getTrustManagerFactory());
                }
            }
            if (ssl.trustStorePath() != null) {
                builder.trustManager(new File(ssl.trustStorePath()));
            }
            if (ssl.protocol() != null) {
                builder.protocols(ssl.protocol());
            }
            if (ssl.ciphers() != null) {
                builder.ciphers(ssl.ciphers());
            }
            if (ssl.provider() != null) {
                builder.sslContextProvider(Security.getProvider(ssl.provider()));
            }
            sslContext = builder.build();
        } catch (Exception e) {
            throw new CacheConfigurationException(e);
        }
    } else {
        sslContext = new JdkSslContext(ssl.sslContext(), true, ClientAuth.NONE);
    }
    SslHandler sslHandler = sslContext.newHandler(channel.alloc(), ssl.sniHostName(), -1);
    if (ssl.sniHostName() != null) {
        SSLParameters sslParameters = sslHandler.engine().getSSLParameters();
        sslParameters.setServerNames(Collections.singletonList(new SNIHostName(ssl.sniHostName())));
        sslHandler.engine().setSSLParameters(sslParameters);
    }
    channel.pipeline().addFirst(sslHandler, SslHandshakeExceptionHandler.INSTANCE);
}
Also used : SslContextFactory(org.infinispan.commons.util.SslContextFactory) JdkSslContext(io.netty.handler.ssl.JdkSslContext) SSLParameters(javax.net.ssl.SSLParameters) SslConfiguration(org.infinispan.client.hotrod.configuration.SslConfiguration) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) CacheConfigurationException(org.infinispan.commons.CacheConfigurationException) SNIHostName(javax.net.ssl.SNIHostName) File(java.io.File) SaslException(javax.security.sasl.SaslException) PrivilegedActionException(java.security.PrivilegedActionException) CacheConfigurationException(org.infinispan.commons.CacheConfigurationException) SslHandler(io.netty.handler.ssl.SslHandler) JdkSslContext(io.netty.handler.ssl.JdkSslContext) SslContext(io.netty.handler.ssl.SslContext)

Example 2 with SslContextFactory

use of org.infinispan.commons.util.SslContextFactory in project infinispan by infinispan.

the class HotRodSslFunctionalTest method connectClient.

@Override
protected HotRodClient connectClient(byte protocolVersion) {
    SslConfiguration ssl = hotRodServer.getConfiguration().ssl();
    SSLContext sslContext = new SslContextFactory().keyStoreFileName(ssl.keyStoreFileName()).keyStorePassword(ssl.keyStorePassword()).keyStoreType("pkcs12").trustStoreFileName(ssl.trustStoreFileName()).trustStorePassword(ssl.trustStorePassword()).trustStoreType("pkcs12").getContext();
    SSLEngine sslEngine = SslContextFactory.getEngine(sslContext, true, false);
    return new HotRodClient(hotRodServer.getHost(), hotRodServer.getPort(), cacheName, HotRodClient.DEFAULT_TIMEOUT_SECONDS, protocolVersion, sslEngine);
}
Also used : SslContextFactory(org.infinispan.commons.util.SslContextFactory) SslConfiguration(org.infinispan.server.core.configuration.SslConfiguration) SSLEngine(javax.net.ssl.SSLEngine) HotRodClient(org.infinispan.server.hotrod.test.HotRodClient) SSLContext(javax.net.ssl.SSLContext)

Example 3 with SslContextFactory

use of org.infinispan.commons.util.SslContextFactory in project infinispan by infinispan.

the class SinglePortTest method shouldUpgradeThroughALPN.

@Test
public void shouldUpgradeThroughALPN() throws Exception {
    checkForOpenSSL();
    // given
    restServer = RestTestingUtil.createDefaultRestServer("rest", "default");
    RestServerRouteDestination restDestination = new RestServerRouteDestination("rest", restServer);
    SinglePortRouteSource singlePortSource = new SinglePortRouteSource();
    Route<SinglePortRouteSource, RestServerRouteDestination> routeToRest = new Route<>(singlePortSource, restDestination);
    SslContextFactory sslContextFactory = new SslContextFactory();
    RouterConfigurationBuilder routerConfigurationBuilder = new RouterConfigurationBuilder();
    routerConfigurationBuilder.singlePort().sslContext(sslContextFactory.keyStoreFileName(KEY_STORE_PATH).keyStorePassword(KEY_STORE_PASSWORD.toCharArray()).getContext()).port(0).ip(InetAddress.getLoopbackAddress()).routing().add(routeToRest);
    router = new Router(routerConfigurationBuilder.build());
    router.start();
    EndpointRouter singlePortRouter = router.getRouter(EndpointRouter.Protocol.SINGLE_PORT).get();
    // when
    RestClientConfigurationBuilder builder = new RestClientConfigurationBuilder();
    builder.addServer().host(singlePortRouter.getHost()).port(singlePortRouter.getPort()).protocol(Protocol.HTTP_20).security().ssl().trustStoreFileName(TRUST_STORE_PATH).trustStorePassword("secret".toCharArray()).hostnameVerifier((hostname, session) -> true);
    httpClient = RestClient.forConfiguration(builder.build());
    CompletionStage<RestResponse> response = httpClient.cache("default").post("test", VALUE);
    // then
    ResponseAssertion.assertThat(response).hasNoContent();
}
Also used : SslContextFactory(org.infinispan.commons.util.SslContextFactory) RestClientConfigurationBuilder(org.infinispan.client.rest.configuration.RestClientConfigurationBuilder) SinglePortRouteSource(org.infinispan.server.router.routes.singleport.SinglePortRouteSource) RestResponse(org.infinispan.client.rest.RestResponse) Router(org.infinispan.server.router.Router) EndpointRouter(org.infinispan.server.router.router.EndpointRouter) RestServerRouteDestination(org.infinispan.server.router.routes.rest.RestServerRouteDestination) EndpointRouter(org.infinispan.server.router.router.EndpointRouter) RouterConfigurationBuilder(org.infinispan.server.router.configuration.builder.RouterConfigurationBuilder) Route(org.infinispan.server.router.routes.Route) Test(org.junit.Test)

Example 4 with SslContextFactory

use of org.infinispan.commons.util.SslContextFactory in project infinispan by infinispan.

the class SSLClassPathConfigurationTest method testLoadTrustStore.

public void testLoadTrustStore() {
    String keyStoreFileName = getClass().getResource("/keystore_client.p12").getPath();
    String truststoreFileName = "classpath:ca.p12";
    char[] password = "secret".toCharArray();
    SSLContext context = new SslContextFactory().keyStoreFileName(keyStoreFileName).keyStoreType("pkcs12").keyStorePassword(password).trustStoreFileName(truststoreFileName).trustStoreType("pkcs12").trustStorePassword(password).getContext();
    assertNotNull(context);
}
Also used : SslContextFactory(org.infinispan.commons.util.SslContextFactory) SSLContext(javax.net.ssl.SSLContext)

Example 5 with SslContextFactory

use of org.infinispan.commons.util.SslContextFactory in project infinispan by infinispan.

the class SinglePortTest method shouldUpgradeToHotRodThroughALPN.

@Test
public void shouldUpgradeToHotRodThroughALPN() {
    checkForOpenSSL();
    // given
    hotrodServer = HotRodTestingUtil.startHotRodServerWithoutTransport("default");
    restServer = RestTestingUtil.createDefaultRestServer("rest", "default");
    HotRodServerRouteDestination hotrodDestination = new HotRodServerRouteDestination("hotrod", hotrodServer);
    RestServerRouteDestination restDestination = new RestServerRouteDestination("rest", restServer);
    SinglePortRouteSource singlePortSource = new SinglePortRouteSource();
    Route<SinglePortRouteSource, RestServerRouteDestination> routeToRest = new Route<>(singlePortSource, restDestination);
    Route<SinglePortRouteSource, HotRodServerRouteDestination> routeToHotRod = new Route<>(singlePortSource, hotrodDestination);
    SslContextFactory sslContextFactory = new SslContextFactory();
    RouterConfigurationBuilder routerConfigurationBuilder = new RouterConfigurationBuilder();
    routerConfigurationBuilder.singlePort().sslContext(sslContextFactory.keyStoreFileName(KEY_STORE_PATH).keyStorePassword(KEY_STORE_PASSWORD.toCharArray()).getContext()).port(0).ip(InetAddress.getLoopbackAddress()).routing().add(routeToRest).add(routeToHotRod);
    router = new Router(routerConfigurationBuilder.build());
    router.start();
    EndpointRouter endpointRouter = router.getRouter(EndpointRouter.Protocol.SINGLE_PORT).get();
    // when
    ConfigurationBuilder builder = new ConfigurationBuilder();
    builder.addServer().host(endpointRouter.getIp().getHostAddress()).port(endpointRouter.getPort());
    builder.security().ssl().trustStoreFileName(TRUST_STORE_PATH).trustStorePassword(TRUST_STORE_PASSWORD.toCharArray());
    hotRodClient = new RemoteCacheManager(builder.build());
    hotRodClient.getCache("default").put("test", "test");
}
Also used : RestClientConfigurationBuilder(org.infinispan.client.rest.configuration.RestClientConfigurationBuilder) HotRodServerConfigurationBuilder(org.infinispan.server.hotrod.configuration.HotRodServerConfigurationBuilder) ConfigurationBuilder(org.infinispan.client.hotrod.configuration.ConfigurationBuilder) RestServerConfigurationBuilder(org.infinispan.rest.configuration.RestServerConfigurationBuilder) RouterConfigurationBuilder(org.infinispan.server.router.configuration.builder.RouterConfigurationBuilder) RemoteCacheManager(org.infinispan.client.hotrod.RemoteCacheManager) SslContextFactory(org.infinispan.commons.util.SslContextFactory) SinglePortRouteSource(org.infinispan.server.router.routes.singleport.SinglePortRouteSource) Router(org.infinispan.server.router.Router) EndpointRouter(org.infinispan.server.router.router.EndpointRouter) RestServerRouteDestination(org.infinispan.server.router.routes.rest.RestServerRouteDestination) EndpointRouter(org.infinispan.server.router.router.EndpointRouter) RouterConfigurationBuilder(org.infinispan.server.router.configuration.builder.RouterConfigurationBuilder) HotRodServerRouteDestination(org.infinispan.server.router.routes.hotrod.HotRodServerRouteDestination) Route(org.infinispan.server.router.routes.Route) Test(org.junit.Test)

Aggregations

SslContextFactory (org.infinispan.commons.util.SslContextFactory)5 SSLContext (javax.net.ssl.SSLContext)2 RestClientConfigurationBuilder (org.infinispan.client.rest.configuration.RestClientConfigurationBuilder)2 Router (org.infinispan.server.router.Router)2 RouterConfigurationBuilder (org.infinispan.server.router.configuration.builder.RouterConfigurationBuilder)2 EndpointRouter (org.infinispan.server.router.router.EndpointRouter)2 Route (org.infinispan.server.router.routes.Route)2 RestServerRouteDestination (org.infinispan.server.router.routes.rest.RestServerRouteDestination)2 SinglePortRouteSource (org.infinispan.server.router.routes.singleport.SinglePortRouteSource)2 Test (org.junit.Test)2 JdkSslContext (io.netty.handler.ssl.JdkSslContext)1 SslContext (io.netty.handler.ssl.SslContext)1 SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)1 SslHandler (io.netty.handler.ssl.SslHandler)1 File (java.io.File)1 PrivilegedActionException (java.security.PrivilegedActionException)1 SNIHostName (javax.net.ssl.SNIHostName)1 SSLEngine (javax.net.ssl.SSLEngine)1 SSLParameters (javax.net.ssl.SSLParameters)1 SaslException (javax.security.sasl.SaslException)1