public static SslContext build(File serverCert, File serverKey, String serverPass, SslProvider sslProvider) throws SSLException { if (serverPass == null || serverPass.isEmpty()) { return SslContextBuilder.forServer(serverCert, serverKey) .sslProvider(sslProvider) .build(); } else { return SslContextBuilder.forServer(serverCert, serverKey, serverPass) .sslProvider(sslProvider) .build(); } }
public static SslContext build(File serverCert, File serverKey, String serverPass, SslProvider sslProvider, File clientCert) throws SSLException { log.info("Creating SSL context for cert '{}', key '{}', key pass '{}'", serverCert.getAbsolutePath(), serverKey.getAbsoluteFile(), serverPass); if (serverPass == null || serverPass.isEmpty()) { return SslContextBuilder.forServer(serverCert, serverKey) .sslProvider(sslProvider) .trustManager(clientCert) .build(); } else { return SslContextBuilder.forServer(serverCert, serverKey, serverPass) .sslProvider(sslProvider) .trustManager(clientCert) .build(); } } }
public static SslContext createNettyContext(final String keystoreProvider, final String keystorePath, final String keystorePassword, final String trustStoreProvider, final String trustStorePath, final String trustStorePassword, final String sslProvider) throws Exception { KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keystorePassword.toCharArray()); return SslContextBuilder.forServer(keyManagerFactory).sslProvider(SslProvider.valueOf(sslProvider)).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, false, null)).build(); }
private SSLEngine createSslEngine(MessageInput input) throws IOException, CertificateException { final X509Certificate[] clientAuthCerts; if (EnumSet.of(ClientAuth.OPTIONAL, ClientAuth.REQUIRE).contains(clientAuth)) { if (clientAuthCertFile.exists()) { clientAuthCerts = KeyUtil.loadCertificates(clientAuthCertFile.toPath()).stream() .filter(certificate -> certificate instanceof X509Certificate) .map(certificate -> (X509Certificate) certificate) .toArray(X509Certificate[]::new); } else { LOG.warn("Client auth configured, but no authorized certificates / certificate authorities configured for input [{}/{}]", input.getName(), input.getId()); clientAuthCerts = null; } } else { clientAuthCerts = null; } final SslContext sslContext = SslContextBuilder.forServer(certFile, keyFile, Strings.emptyToNull(password)) .sslProvider(tlsProvider) .clientAuth(clientAuth) .trustManager(clientAuthCerts) .build(); // TODO: Use byte buffer allocator of channel return sslContext.newEngine(ByteBufAllocator.DEFAULT); } };
public static SslContext createNettyClientContext(final String keystoreProvider, final String keystorePath, final String keystorePassword, final String trustStoreProvider, final String trustStorePath, final String trustStorePassword, final String sslProvider, final boolean trustAll ) throws Exception { KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keystorePassword == null ? null : keystorePassword.toCharArray()); return SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null)).build(); }
public SslContext nettyClientContext() throws SSLException { return SslContextBuilder.forClient() .sslProvider( sslProvider ) .keyManager( privateKey, keyCertChain ) .protocols( tlsVersions ) .ciphers( ciphers ) .trustManager( trustManagerFactory ) .build(); }
public SslContext getClientSslContext() { try { return SslContextBuilder .forClient() .sslProvider(chooseSslProvider()) .ciphers(getCiphers(), getCiphersFilter()) .protocols(getProtocols()) .build(); } catch (Exception e) { log.error("Error loading SslContext client request.", e); throw new RuntimeException("Error configuring SslContext for client request!", e); } } }
public static SslContext build(SslProvider sslProvider) throws CertificateException, SSLException { SelfSignedCertificate ssc = new SelfSignedCertificate(); return SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(sslProvider) .build(); }
public SslContext nettyServerContext() throws SSLException { return SslContextBuilder.forServer( privateKey, keyCertChain ) .sslProvider( sslProvider ) .clientAuth( forNetty( clientAuth ) ) .protocols( tlsVersions ) .ciphers( ciphers ) .trustManager( trustManagerFactory ) .build(); }
protected AppClient(String host, int port, Random msgIdGenerator, ServerProperties properties) { super(host, port, msgIdGenerator, properties); log.info("Creating app client. Host {}, sslPort : {}", host, port); File serverCert = makeCertificateFile("server.ssl.cert"); File clientCert = makeCertificateFile("client.ssl.cert"); File clientKey = makeCertificateFile("client.ssl.key"); try { if (!serverCert.exists() || !clientCert.exists() || !clientKey.exists()) { log.info("Enabling one-way auth with no certs checks."); this.sslCtx = SslContextBuilder.forClient().sslProvider(SslProvider.JDK) .trustManager(InsecureTrustManagerFactory.INSTANCE) .build(); } else { log.info("Enabling mutual auth."); String clientPass = props.getProperty("client.ssl.key.pass"); this.sslCtx = SslContextBuilder.forClient() .sslProvider(SslProvider.JDK) .trustManager(serverCert) .keyManager(clientCert, clientKey, clientPass) .build(); } } catch (SSLException e) { log.error("Error initializing SSL context. Reason : {}", e.getMessage()); log.debug(e); throw new RuntimeException(e); } }
static SslContext build(final Config conf) throws IOException, CertificateException { String tmpdir = conf.getString("application.tmpdir"); boolean http2 = conf.getBoolean("server.http2.enabled"); File keyStoreCert = toFile(conf.getString("ssl.keystore.cert"), tmpdir); File keyStoreKey = toFile(conf.getString("ssl.keystore.key"), tmpdir); String keyStorePass = conf.hasPath("ssl.keystore.password") ? conf.getString("ssl.keystore.password") : null; SslContextBuilder scb = SslContextBuilder.forServer(keyStoreCert, keyStoreKey, keyStorePass); if (conf.hasPath("ssl.trust.cert")) { scb.trustManager(toFile(conf.getString("ssl.trust.cert"), tmpdir)) .clientAuth(ClientAuth.REQUIRE); } if (http2) { SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; return scb.sslProvider(provider) .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig( Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, Arrays.asList(ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1))) .build(); } return scb.build(); }
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient().sslProvider(provided); if (config.getSslTruststore() != null) { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
builder.sslProvider(SslProvider.OPENSSL); if (cipherSuites == null || cipherSuites.isEmpty()) { cipherSuites = OpenSsl.availableOpenSslCipherSuites(); builder.sslProvider(SslProvider.JDK); if (cipherSuites == null || cipherSuites.isEmpty()) { cipherSuites = DEFAULT_JDK_CIPHER_SUITE;
@Override public SslContextBuilder createBuilderForServer() { try { ArrayList<X509Certificate> trustedCerts = getTrustedX509Certificates(); SslProvider sslProvider = chooseSslProvider(); LOG.warn("Using SslProvider of type - " + sslProvider.name() + " for certChainFile - " + serverSslConfig.getCertChainFile()); InputStream certChainInput = new FileInputStream(serverSslConfig.getCertChainFile()); InputStream keyInput = getKeyInputStream(); SslContextBuilder builder = SslContextBuilder.forServer(certChainInput, keyInput) .ciphers(getCiphers(), getCiphersFilter()) .sessionTimeout(serverSslConfig.getSessionTimeout()) .sslProvider(sslProvider); if (serverSslConfig.getClientAuth() != null && isNotEmpty(trustedCerts)) { builder = builder .trustManager(trustedCerts.toArray(new X509Certificate[0])) .clientAuth(serverSslConfig.getClientAuth()); } return builder; } catch (Exception e) { throw new RuntimeException("Error configuring SslContext!", e); } }
return SslContextBuilder .forClient() .sslProvider(SslProvider.JDK) .trustManager(InsecureTrustManagerFactory.INSTANCE) .build(); } else { SslContextBuilder sslContextBuilder = SslContextBuilder.forClient().sslProvider(SslProvider.JDK); return SslContextBuilder .forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()) .sslProvider(SslProvider.JDK) .clientAuth(ClientAuth.OPTIONAL) .build(); !isNullOrEmpty(tlsServerKeyPath) ? decryptionStrategy.decryptPrivateKey(tlsServerKeyPath, false) : null, !isNullOrEmpty(tlsServerKeyPassword) ? tlsServerKeyPassword : null) .sslProvider(provider);
public SslContext getClientSslContext() { try { return SslContextBuilder .forClient() .sslProvider(chooseSslProvider()) .ciphers(getCiphers(), getCiphersFilter()) .protocols(getProtocols()) .build(); } catch (Exception e) { log.error("Error loading SslContext client request.", e); throw new RuntimeException("Error configuring SslContext for client request!", e); } } }
SelfSignedCertificate ssc = new SelfSignedCertificate(); sslCtx = io.netty.handler.ssl.SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(provider)
SelfSignedCertificate ssc = new SelfSignedCertificate(); sslCtx = io.netty.handler.ssl.SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(provider)
private SslContext buildSslContext(AsyncHttpClientConfig config) throws SSLException { if (config.getSslContext() != null) { return config.getSslContext(); } SslContextBuilder sslContextBuilder = SslContextBuilder.forClient() .sslProvider(config.isUseOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK) .sessionCacheSize(config.getSslSessionCacheSize()) .sessionTimeout(config.getSslSessionTimeout()); if (isNonEmpty(config.getEnabledProtocols())) { sslContextBuilder.protocols(config.getEnabledProtocols()); } if (isNonEmpty(config.getEnabledCipherSuites())) { sslContextBuilder.ciphers(Arrays.asList(config.getEnabledCipherSuites())); } else if (!config.isFilterInsecureCipherSuites()) { sslContextBuilder.ciphers(null, IdentityCipherSuiteFilter.INSTANCE_DEFAULTING_TO_SUPPORTED_CIPHERS); } if (config.isUseInsecureTrustManager()) { sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE); } return configureSslContextBuilder(sslContextBuilder).build(); }
@Override public SslContextBuilder createBuilderForServer() { try { ArrayList<X509Certificate> trustedCerts = getTrustedX509Certificates(); SslProvider sslProvider = chooseSslProvider(); LOG.warn("Using SslProvider of type - " + sslProvider.name() + " for certChainFile - " + serverSslConfig.getCertChainFile()); InputStream certChainInput = new FileInputStream(serverSslConfig.getCertChainFile()); InputStream keyInput = getKeyInputStream(); SslContextBuilder builder = SslContextBuilder.forServer(certChainInput, keyInput) .ciphers(getCiphers(), getCiphersFilter()) .sessionTimeout(serverSslConfig.getSessionTimeout()) .sslProvider(sslProvider); if (serverSslConfig.getClientAuth() != null && isNotEmpty(trustedCerts)) { builder = builder .trustManager(trustedCerts.toArray(new X509Certificate[0])) .clientAuth(serverSslConfig.getClientAuth()); } return builder; } catch (Exception e) { throw new RuntimeException("Error configuring SslContext!", e); } }