public static SSLContext getContext(String keyStoreFileName, String keyStoreType, char[] keyStorePassword, String trustStoreFileName, String trustStoreType, char[] trustStorePassword) { return getContext(keyStoreFileName, keyStoreType, keyStorePassword, null, null, trustStoreFileName, trustStoreType, trustStorePassword, DEFAULT_SSL_PROTOCOL, null); }
public static TrustManagerFactory getTrustManagerFactory(String trustStoreFileName, String trustStoreType, char[] trustStorePassword, ClassLoader classLoader) throws IOException, GeneralSecurityException { KeyStore ks = KeyStore.getInstance(trustStoreType != null ? trustStoreType : DEFAULT_KEYSTORE_TYPE); loadKeyStore(ks, trustStoreFileName, trustStorePassword, classLoader); TrustManagerFactory tmf = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); tmf.init(ks); return tmf; }
public HotrodClientBuilder useSslConfiguration(String keystoreFileName, String keystorePassword, String truststoreFileName, String truststorePassword) { sslContext = SslContextFactory.getContext(keystoreFileName, "pkcs12", keystorePassword.toCharArray(), truststoreFileName, "pkcs12", truststorePassword.toCharArray()); sslEngine = SslContextFactory.getEngine(sslContext, true, false); return this; }
public static SSLContext getContext(String keyStoreFileName, String keyStoreType, char[] keyStorePassword, char[] keyStoreCertificatePassword, String keyAlias, String trustStoreFileName, String trustStoreType, char[] trustStorePassword, String sslProtocol, ClassLoader classLoader) { try { KeyManager[] keyManagers = null; if (keyStoreFileName != null) { KeyManagerFactory kmf = getKeyManagerFactory(keyStoreFileName, keyStoreType, keyStorePassword, keyStoreCertificatePassword, keyAlias, classLoader); keyManagers = kmf.getKeyManagers(); } TrustManager[] trustManagers = null; if (trustStoreFileName != null) { TrustManagerFactory tmf = getTrustManagerFactory(trustStoreFileName, trustStoreType, trustStorePassword, classLoader); trustManagers = tmf.getTrustManagers(); } SSLContext sslContext = SSLContext.getInstance(sslProtocol == null ? DEFAULT_SSL_PROTOCOL : sslProtocol); sslContext.init(keyManagers, trustManagers, null); return sslContext; } catch (Exception e) { throw log.sslInitializationException(e); } }
/** * Creates Netty's {@link SslContext} based on optional standard JDK's {@link SSLContext}. If {@link * Optional#empty()} is passed as an argument, this method will return the default {@link SslContext}. * * @param context Optional {@link SSLContext}. * @return Netty's {@link SslContext}. */ public SslContext toNettySslContext(Optional<SSLContext> context) { try { SSLContext jdkContext = context.orElse(SSLContext.getDefault()); String[] ciphers = SslContextFactory.getEngine(jdkContext, false, false).getSupportedCipherSuites(); return new JdkSslContext(jdkContext, false, Arrays.asList(ciphers), IdentityCipherSuiteFilter.INSTANCE, null, ClientAuth.OPTIONAL); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException(e); } } }
@Override protected HotRodClient connectClient() { SslConfiguration ssl = hotRodServer.getConfiguration().ssl(); SSLContext sslContext = SslContextFactory.getContext(ssl.keyStoreFileName(), "pkcs12", ssl.keyStorePassword(), ssl.trustStoreFileName(), "pkcs12", ssl.trustStorePassword()); SSLEngine sslEngine = SslContextFactory.getEngine(sslContext, true, false); return new HotRodClient(host(), hotRodServer.getPort(), cacheName, 60, (byte) 20, sslEngine); } }
public static SSLContext getContext(String keyStoreFileName, char[] keyStorePassword, char[] keyStoreCertificatePassword, String trustStoreFileName, char[] trustStorePassword, String sslProtocol) { return getContext(keyStoreFileName, DEFAULT_KEYSTORE_TYPE, keyStorePassword, keyStoreCertificatePassword, null, trustStoreFileName, DEFAULT_KEYSTORE_TYPE, trustStorePassword, sslProtocol, null); }
public static KeyManagerFactory getKeyManagerFactory(String keyStoreFileName, String keyStoreType, char[] keyStorePassword, char[] keyStoreCertificatePassword, String keyAlias, ClassLoader classLoader) throws IOException, GeneralSecurityException { KeyStore ks = KeyStore.getInstance(keyStoreType != null ? keyStoreType : DEFAULT_KEYSTORE_TYPE); loadKeyStore(ks, keyStoreFileName, keyStorePassword, classLoader); char[] keyPassword = keyStoreCertificatePassword == null ? keyStorePassword : keyStoreCertificatePassword; if (keyAlias != null) { if (ks.containsAlias(keyAlias) && ks.isKeyEntry(keyAlias)) { KeyStore.PasswordProtection passParam = new KeyStore.PasswordProtection(keyPassword); KeyStore.Entry entry = ks.getEntry(keyAlias, passParam); // Recreate the keystore with just one key ks = KeyStore.getInstance(keyStoreType != null ? keyStoreType : DEFAULT_KEYSTORE_TYPE); ks.load(null); ks.setEntry(keyAlias, entry, passParam); } else { throw log.noSuchAliasInKeyStore(keyAlias, keyStoreFileName); } } KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, keyPassword); return kmf; }
public static SSLContext getContext(String keyStoreFileName, char[] keyStorePassword, String trustStoreFileName, char[] trustStorePassword, String sslProtocol) { return getContext(keyStoreFileName, keyStorePassword, null, trustStoreFileName, trustStorePassword, sslProtocol); }
public static SSLContext getContext(String keyStoreFileName, char[] keyStorePassword, String trustStoreFileName, char[] trustStorePassword) { return getContext(keyStoreFileName, keyStorePassword, null, trustStoreFileName, trustStorePassword, DEFAULT_SSL_PROTOCOL); }
public static SSLContext getContext(String keyStoreFileName, char[] keyStorePassword, char[] keyStoreCertificatePassword, String trustStoreFileName, char[] trustStorePassword) { return getContext(keyStoreFileName, keyStorePassword, keyStoreCertificatePassword, trustStoreFileName, trustStorePassword, DEFAULT_SSL_PROTOCOL); }
public SniNettyRouteSource(String sniHostName, String keyStoreFileName, char[] keyStorePassword) { this(sniHostName, SslContextFactory.getContext(keyStoreFileName, keyStorePassword, null, null)); }
@Test public void testAuthorizedAccessThroughSni() throws Exception { //given SSLContext sslContext = SslContextFactory.getContext(null, null, DEFAULT_TRUSTSTORE_PATH, DEFAULT_TRUSTSTORE_PASSWORD.toCharArray()); //when rest.setSni(sslContext, Optional.of("sni")); HttpResponse response = rest.put(rest.toSsl(rest.fullPathKey("test")), "test", "text/plain"); //then Assert.assertEquals(200, response.getStatusLine().getStatusCode()); } }
@Test public void testUnauthorizedAccessToDefaultSSLContext() throws Exception { //given SSLContext sslContext = SslContextFactory.getContext(null, null, DEFAULT_TRUSTSTORE_PATH, DEFAULT_TRUSTSTORE_PASSWORD.toCharArray()); //when rest.setSni(sslContext, Optional.empty()); try { //when rest.put(rest.toSsl(rest.fullPathKey("test")), "test", "text/plain"); fail("REST PUT operation should have failed with SSLHandshakeException"); } catch (javax.net.ssl.SSLHandshakeException ignoreMe) { //then } }
@Test @WithRunningServer({@RunningServer(name = "standalone-rest-ssl")}) public void testRestSslConfig() throws Exception { final RemoteInfinispanMBeans s = createRemotes("standalone-hotrod-ssl", "local", DEFAULT_CACHE_NAME); SSLContext sslContext = SslContextFactory.getContext(KEYSTORE_PATH, KEYSTORE_PASSWORD.toCharArray(), TRUSTSTORE_PATH, KEYSTORE_PASSWORD.toCharArray()); RESTHelper rest = new RESTHelper(); rest.withSslContext(sslContext).withPort(8443).withProtocol("https").withServer(s.server); cleanRESTServer(rest); HttpResponse response = rest.put(rest.fullPathKey(0, KEY_A), "data", "text/plain"); assertEquals(200, response.getStatusLine().getStatusCode()); rest.get(rest.fullPathKey(0, KEY_A), "data"); cleanRESTServer(rest); rest.post(rest.fullPathKey(0, KEY_A), "data", "text/plain"); rest.get(rest.fullPathKey(0, KEY_A), "data"); cleanRESTServer(rest); }
@Test public void testViaSslContextSetup() throws Exception { ConfigurationBuilder builder = new ConfigurationBuilder(); String hostname = ispnServer.getHotrodEndpoint().getInetAddress().getHostName(); builder.addServer().host(hostname).port(ispnServer.getHotrodEndpoint().getPort()); SSLContext cont = SslContextFactory.getContext(null, null, DEFAULT_TRUSTSTORE_PATH, DEFAULT_TRUSTSTORE_PASSWORD.toCharArray()); builder.security().ssl().sslContext(cont).enable(); remoteCacheManager = new RemoteCacheManager(builder.build()); remoteCache = remoteCacheManager.getCache(RemoteCacheManager.DEFAULT_CACHE_NAME); testPutGet(remoteCache); testSize(remoteCache); } }