1. 包列表
  2. 类列表
  3. io.netty.handler.ssl.SslProvider

Java 类io.netty.handler.ssl.SslProvider 实例源码

项目:kafka-connect-cassandra    文件:CassandraSinkConnectorConfig.java    
public static ConfigDef config() {
  return new ConfigDef()
      .define(CONTACT_POINTS_CONFIG, ConfigDef.Type.LIST, ImmutableList.of("localhost"), ConfigDef.Importance.MEDIUM, CONTACT_POINTS_DOC)
      .define(PORT_CONFIG, ConfigDef.Type.INT, 9042, ValidPort.of(), ConfigDef.Importance.MEDIUM, PORT_DOC)
      .define(CONSISTENCY_LEVEL_CONFIG, ConfigDef.Type.STRING, ConsistencyLevel.LOCAL_QUORUM.toString(), ValidEnum.of(ConsistencyLevel.class), ConfigDef.Importance.MEDIUM, CONSISTENCY_LEVEL_DOC)
      .define(USERNAME_CONFIG, ConfigDef.Type.STRING, "cassandra", ConfigDef.Importance.MEDIUM, USERNAME_DOC)
      .define(PASSWORD_CONFIG, ConfigDef.Type.PASSWORD, "cassandra", ConfigDef.Importance.MEDIUM, PASSWORD_DOC)
      .define(SECURITY_ENABLE_CONFIG, ConfigDef.Type.BOOLEAN, false, ConfigDef.Importance.MEDIUM, SECURITY_ENABLE_DOC)
      .define(COMPRESSION_CONFIG, ConfigDef.Type.STRING, "NONE", ConfigDef.ValidString.in(CLIENT_COMPRESSION.keySet().stream().toArray(String[]::new)), ConfigDef.Importance.MEDIUM, COMPRESSION_DOC)
      .define(SSL_ENABLED_CONFIG, ConfigDef.Type.BOOLEAN, false, ConfigDef.Importance.MEDIUM, SSL_ENABLED_DOC)
      .define(SSL_PROVIDER_CONFIG, ConfigDef.Type.STRING, SslProvider.JDK.toString(), ValidEnum.of(SslProvider.class), ConfigDef.Importance.MEDIUM, SSL_PROVIDER_DOC)
      .define(DELETES_ENABLE_CONFIG, ConfigDef.Type.BOOLEAN, true, ConfigDef.Importance.MEDIUM, DELETES_ENABLE_DOC)
      .define(KEYSPACE_CONFIG, ConfigDef.Type.STRING, ConfigDef.Importance.HIGH, KEYSPACE_DOC)
      .define(KEYSPACE_CREATE_ENABLED_CONFIG, ConfigDef.Type.BOOLEAN, true, ConfigDef.Importance.HIGH, KEYSPACE_CREATE_ENABLED_DOC)
      .define(TABLE_MANAGE_ENABLED_CONFIG, ConfigDef.Type.BOOLEAN, true, ConfigDef.Importance.MEDIUM, SCHEMA_MANAGE_CREATE_DOC)
      .define(TABLE_CREATE_COMPRESSION_ENABLED_CONFIG, ConfigDef.Type.BOOLEAN, true, ConfigDef.Importance.MEDIUM, TABLE_CREATE_COMPRESSION_ENABLED_DOC)
      .define(TABLE_CREATE_COMPRESSION_ALGORITHM_CONFIG, ConfigDef.Type.STRING, "NONE", ConfigDef.ValidString.in(TABLE_COMPRESSION.keySet().stream().toArray(String[]::new)), ConfigDef.Importance.MEDIUM, TABLE_CREATE_COMPRESSION_ALGORITHM_DOC)
      .define(TABLE_CREATE_CACHING_CONFIG, ConfigDef.Type.STRING, SchemaBuilder.Caching.NONE.toString(), ValidEnum.of(SchemaBuilder.Caching.class), ConfigDef.Importance.MEDIUM, TABLE_CREATE_CACHING_DOC);
}
项目:hekate    文件:NettySslUtils.java    
private static SslProvider provider(NetworkSslConfig cfg) {
    switch (cfg.getProvider()) {
        case AUTO: {
            return OpenSsl.isAvailable() ? SslProvider.OPENSSL : SslProvider.JDK;
        }
        case JDK: {
            return SslProvider.JDK;
        }
        case OPEN_SSL: {
            return SslProvider.OPENSSL;
        }
        default: {
            throw new IllegalArgumentException("Unexpected SSL provider: " + cfg.getProvider());
        }
    }
}
项目:opentsdb-plugins    文件:RelayClient.java    
private static SslContext getSSLContext() throws IOException, GeneralSecurityException {
    try {
        final String privateKeyFile = "keys/server.pkcs8.key";
        final String certificateFile = "keys/server.crt";
        final String rootCAFile = "keys/rootCA.pem";

        final PrivateKey privateKey = loadPrivateKey(privateKeyFile);
        final X509Certificate certificate = loadX509Cert(certificateFile);
        final X509Certificate rootCA = loadX509Cert(rootCAFile);

        return SslContextBuilder.forClient()
                .sslProvider(SslProvider.JDK)
                .trustManager(rootCA)
                .keyManager(privateKey, certificate)
                .build();

    } catch (IOException | GeneralSecurityException e) {
        LOGGER.warn("Failed to establish SSL Context");
        LOGGER.debug("Failed to establish SSL Context", e);
        throw e;
    }
}
项目:LiteGraph    文件:GremlinServerIntegrateTest.java    
@Test
public void shouldEnableSslWithSslContextProgrammaticallySpecified() throws Exception {
    // just for testing - this is not good for production use
    final SslContextBuilder builder = SslContextBuilder.forClient();
    builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
    builder.sslProvider(SslProvider.JDK);

    final Cluster cluster = Cluster.build().enableSsl(true).sslContext(builder.build()).create();
    final Client client = cluster.connect();

    try {
        // this should return "nothing" - there should be no exception
        assertEquals("test", client.submit("'test'").one().getString());
    } finally {
        cluster.close();
    }
}
项目:xockets.io    文件:SSLFactory.java    
/**
 * Creates a new SslContext object.
 *
 * @param cfg the cfg
 * @return the ssl context
 */
private synchronized SslContext createServerSslContext(IConfig cfg){
    SslContext ctx = null;
    try{
            SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;

            if(provider.equals(SslProvider.OPENSSL)){
                cfg.print("Using OpenSSL for network encryption.");
            }

            ctx = SslContextBuilder
                    .forServer(new File(cfg.getCertFile()), new File(cfg.getKeyFile()), cfg.getKeyPassword())
                    .sslProvider(provider)
                    .build();

    }catch(Exception e){
        LOG.log(Level.SEVERE, null, e);
    }

    return ctx;
}
项目:nomulus    文件:SslServerInitializerTest.java    
private ChannelInitializer<LocalChannel> getServerInitializer(
    Lock serverLock,
    Exception serverException,
    PrivateKey privateKey,
    X509Certificate... certificates)
    throws Exception {
  return new ChannelInitializer<LocalChannel>() {
    @Override
    protected void initChannel(LocalChannel ch) throws Exception {
      ch.pipeline()
          .addLast(
              new SslServerInitializer<LocalChannel>(SslProvider.JDK, privateKey, certificates),
              new EchoHandler(serverLock, serverException));
    }
  };
}
项目:spike.x    文件:KeyStoreHelper.java    
public SslContext buildOpenSslClientContext(final boolean clientAuth) throws IOException {

        SslContext ctx;

        if (clientAuth) {
            ctx = SslContextBuilder.forClient()
                    .sslProvider(SslProvider.OPENSSL)
                    .trustManager(getTrustCertChainPath().toAbsolutePath().normalize().toFile())
                    .keyManager(getClientCertPath().toAbsolutePath().normalize().toFile(),
                            getClientKeyPath().toAbsolutePath().normalize().toFile())
                    .build();
        } else {
            ctx = SslContextBuilder.forClient()
                    .sslProvider(SslProvider.OPENSSL)
                    .trustManager(getTrustCertChainPath().toAbsolutePath().normalize().toFile())
                    .build();
        }

        return ctx;
    }
项目:jmeter-http2-plugin    文件:NettyHttp2Client.java    
private SslContext getSslContext() {
    SslContext sslCtx = null;

    final SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;

    try {
        sslCtx = SslContextBuilder.forClient()
            .sslProvider(provider)
            .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
            .trustManager(InsecureTrustManagerFactory.INSTANCE)
            .applicationProtocolConfig(new ApplicationProtocolConfig(
                Protocol.ALPN,
                SelectorFailureBehavior.NO_ADVERTISE,
                SelectedListenerFailureBehavior.ACCEPT,
                ApplicationProtocolNames.HTTP_2))
            .build();
    } catch(SSLException exception) {
        return null;
    }

    return sslCtx;
}
项目:search-guard-ssl    文件:DefaultSearchGuardKeyStore.java    
private SslContext buildSSLServerContext(final PrivateKey _key, final X509Certificate[] _cert, final X509Certificate[] _trustedCerts, final Iterable<String> ciphers, final SslProvider sslProvider, final ClientAuth authMode) throws SSLException {

        final SslContextBuilder _sslContextBuilder = 
                SslContextBuilder
                .forServer(_key, _cert)
                .ciphers(ciphers)
                .applicationProtocolConfig(ApplicationProtocolConfig.DISABLED)
                .clientAuth(Objects.requireNonNull(authMode)) // https://github.com/netty/netty/issues/4722
                .sessionCacheSize(0)
                .sessionTimeout(0)
                .sslProvider(sslProvider);

        if(_trustedCerts != null && _trustedCerts.length > 0) {
            _sslContextBuilder.trustManager(_trustedCerts);
        }

        return buildSSLContext0(_sslContextBuilder);
    }
项目:search-guard-ssl    文件:DefaultSearchGuardKeyStore.java    
private SslContext buildSSLServerContext(final File _key, final File _cert, final File _trustedCerts, final String pwd, final Iterable<String> ciphers, final SslProvider sslProvider, final ClientAuth authMode) throws SSLException {

        final SslContextBuilder _sslContextBuilder = 
                SslContextBuilder
                .forServer(_cert, _key, pwd)
                .ciphers(ciphers)
                .applicationProtocolConfig(ApplicationProtocolConfig.DISABLED)
                .clientAuth(Objects.requireNonNull(authMode)) // https://github.com/netty/netty/issues/4722
                .sessionCacheSize(0)
                .sessionTimeout(0)
                .sslProvider(sslProvider);

        if(_trustedCerts != null) {
            _sslContextBuilder.trustManager(_trustedCerts);
        }

        return buildSSLContext0(_sslContextBuilder);
    }
项目:search-guard-ssl    文件:DefaultSearchGuardKeyStore.java    
private SslContext buildSSLClientContext(final PrivateKey _key, final X509Certificate[] _cert, final X509Certificate[] _trustedCerts, final Iterable<String> ciphers, final SslProvider sslProvider) throws SSLException {

        final SslContextBuilder _sslClientContextBuilder = 
                SslContextBuilder
                .forClient()
                .ciphers(ciphers)
                .applicationProtocolConfig(ApplicationProtocolConfig.DISABLED)
                .sessionCacheSize(0)
                .sessionTimeout(0)
                .sslProvider(sslProvider)
                .trustManager(_trustedCerts)
                .keyManager(_key, _cert);

        return buildSSLContext0(_sslClientContextBuilder);

    }
项目:search-guard-ssl    文件:DefaultSearchGuardKeyStore.java    
private SslContext buildSSLClientContext(final File _key, final File _cert, final File _trustedCerts, final String pwd, final Iterable<String> ciphers, final SslProvider sslProvider) throws SSLException {

        final SslContextBuilder _sslClientContextBuilder = 
                SslContextBuilder
                .forClient()
                .ciphers(ciphers)
                .applicationProtocolConfig(ApplicationProtocolConfig.DISABLED)
                .sessionCacheSize(0)
                .sessionTimeout(0)
                .sslProvider(sslProvider)
                .trustManager(_trustedCerts)
                .keyManager(_cert, _key, pwd);

        return buildSSLContext0(_sslClientContextBuilder);

    }
项目:iotracah    文件:SSLHandler.java    
public SslContext getSslContext() throws UnRetriableException{


        try {

            File certificateChainFile = getCertificateChainFile();
            File certificateKeyFile = getCertificateKeyFile();
            String keyPassword = getKeyPassword();

            SslProvider sslProvider;
            if(OpenSsl.isAvailable()) {
                sslProvider  = SslProvider.OPENSSL;
            }else{
                sslProvider  = SslProvider.JDK;
            }

            return SslContext.newServerContext(sslProvider, certificateChainFile, certificateKeyFile, keyPassword  );

        }catch (Exception e){
            log.error(" getSSLEngine : problems when trying to initiate secure protocals", e);
            throw new UnRetriableException(e);
        }
    }
项目:armeria    文件:AbstractVirtualHostBuilder.java    
/**
 * Sets the {@link SslContext} of this {@link VirtualHost} from the specified {@link SessionProtocol},
 * {@code keyCertChainFile}, {@code keyFile} and {@code keyPassword}.
 */
public B sslContext(
        SessionProtocol protocol,
        File keyCertChainFile, File keyFile, String keyPassword) throws SSLException {

    if (requireNonNull(protocol, "protocol") != SessionProtocol.HTTPS) {
        throw new IllegalArgumentException("unsupported protocol: " + protocol);
    }

    final SslContextBuilder builder = SslContextBuilder.forServer(keyCertChainFile, keyFile, keyPassword);

    builder.sslProvider(Flags.useOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK);
    builder.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE);
    builder.applicationProtocolConfig(HTTPS_ALPN_CFG);

    sslContext(builder.build());
    return self();
}
项目:carbon-transports    文件:SSLHandlerFactory.java    
/**
 * This method will provide netty ssl context which supports HTTP2 over TLS using
 * Application Layer Protocol Negotiation (ALPN)
 *
 * @return instance of {@link SslContext}
 * @throws SSLException if any error occurred during building SSL context.
 */
public SslContext createHttp2TLSContext() throws SSLException {

    // If listener configuration does not include cipher suites , default ciphers required by the HTTP/2
    // specification will be added.
    List<String> ciphers = sslConfig.getCipherSuites() != null && sslConfig.getCipherSuites().length > 0 ? Arrays
            .asList(sslConfig.getCipherSuites()) : Http2SecurityUtil.CIPHERS;
    SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
    return SslContextBuilder.forServer(this.getKeyManagerFactory())
            .trustManager(this.getTrustStoreFactory())
            .sslProvider(provider)
            .ciphers(ciphers,
                    SupportedCipherSuiteFilter.INSTANCE)
            .clientAuth(needClientAuth ? ClientAuth.REQUIRE : ClientAuth.NONE)
            .applicationProtocolConfig(new ApplicationProtocolConfig(
                    ApplicationProtocolConfig.Protocol.ALPN,
                    // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
                    ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
                    // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
                    ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
                    ApplicationProtocolNames.HTTP_2,
                    ApplicationProtocolNames.HTTP_1_1)).build();
}
项目:blynk-server    文件:WebSocketClient.java    
public WebSocketClient(String host, int port, String path, boolean isSSL) throws Exception {
    super(host, port, new Random());

    String scheme = isSSL ? "wss://" : "ws://";
    URI uri = new URI(scheme + host + ":" + port + path);

    if (isSSL) {
        sslCtx = SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(InsecureTrustManagerFactory.INSTANCE).build();
    } else {
        sslCtx = null;
    }

    this.handler = new WebSocketClientHandler(
                    WebSocketClientHandshakerFactory.newHandshaker(
                            uri, WebSocketVersion.V13, null, false, new DefaultHttpHeaders()));
}
项目:blynk-server    文件:SslContextHolder.java    
private static SslContext initSslContext(String serverCertPath, String serverKeyPath, String serverPass,
                                        SslProvider sslProvider, boolean printWarn) {
    try {
        File serverCert = new File(serverCertPath);
        File serverKey = new File(serverKeyPath);


        if (!serverCert.exists() || !serverKey.exists()) {
            if (printWarn) {
                log.warn("ATTENTION. Server certificate paths (cert : '{}', key : '{}') not valid."
                                + " Using embedded server certs and one way ssl. This is not secure."
                                + " Please replace it with your own certs.",
                        serverCert.getAbsolutePath(), serverKey.getAbsolutePath());
            }

            return build(sslProvider);
        }

        return build(serverCert, serverKey, serverPass, sslProvider);
    } catch (CertificateException | SSLException | IllegalArgumentException e) {
        log.error("Error initializing ssl context. Reason : {}", e.getMessage());
        throw new RuntimeException(e.getMessage());
    }
}
项目:blynk-server    文件:SslContextHolder.java    
public static SslContext build(File serverCert, File serverKey, String serverPass,
                               SslProvider sslProvider, File clientCert) throws SSLException {
    log.info("Creating SSL context for cert '{}', key '{}', key pass '{}'",
            serverCert.getAbsolutePath(), serverKey.getAbsoluteFile(), serverPass);
    if (serverPass == null || serverPass.isEmpty()) {
        return SslContextBuilder.forServer(serverCert, serverKey)
                .sslProvider(sslProvider)
                .trustManager(clientCert)
                .build();
    } else {
        return SslContextBuilder.forServer(serverCert, serverKey, serverPass)
                .sslProvider(sslProvider)
                .trustManager(clientCert)
                .build();
    }
}
项目:tinkerpop    文件:GremlinServerIntegrateTest.java    
@Test
public void shouldEnableSslWithSslContextProgrammaticallySpecified() throws Exception {
    // just for testing - this is not good for production use
    final SslContextBuilder builder = SslContextBuilder.forClient();
    builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
    builder.sslProvider(SslProvider.JDK);

    final Cluster cluster = TestClientFactory.build().enableSsl(true).sslContext(builder.build()).create();
    final Client client = cluster.connect();

    try {
        // this should return "nothing" - there should be no exception
        assertEquals("test", client.submit("'test'").one().getString());
    } finally {
        cluster.close();
    }
}
项目:jooby    文件:NettySslContext.java    
static SslContext build(final Config conf) throws IOException, CertificateException {
  String tmpdir = conf.getString("application.tmpdir");
  boolean http2 = conf.getBoolean("server.http2.enabled");
  File keyStoreCert = toFile(conf.getString("ssl.keystore.cert"), tmpdir);
  File keyStoreKey = toFile(conf.getString("ssl.keystore.key"), tmpdir);
  String keyStorePass = conf.hasPath("ssl.keystore.password")
      ? conf.getString("ssl.keystore.password") : null;
  SslContextBuilder scb = SslContextBuilder.forServer(keyStoreCert, keyStoreKey, keyStorePass);
  if (conf.hasPath("ssl.trust.cert")) {
    scb.trustManager(toFile(conf.getString("ssl.trust.cert"), tmpdir))
       .clientAuth(ClientAuth.REQUIRE);
  }
  if (http2) {
    SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
    return scb.sslProvider(provider)
        .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
        .applicationProtocolConfig(new ApplicationProtocolConfig(
            Protocol.ALPN,
            SelectorFailureBehavior.NO_ADVERTISE,
            SelectedListenerFailureBehavior.ACCEPT,
            Arrays.asList(ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)))
        .build();
  }
  return scb.build();
}
项目:jooby    文件:NettySslContextTest.java    
private Block alpn(final SslProvider provider) {
  return unit -> {
    SslContextBuilder scb = unit.get(SslContextBuilder.class);
    expect(scb.sslProvider(provider)).andReturn(scb);
    expect(scb.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE))
        .andReturn(scb);

    ApplicationProtocolConfig apc = unit.constructor(ApplicationProtocolConfig.class)
        .args(Protocol.class, SelectorFailureBehavior.class,
            SelectedListenerFailureBehavior.class, List.class)
        .build(Protocol.ALPN,
            SelectorFailureBehavior.NO_ADVERTISE,
            SelectedListenerFailureBehavior.ACCEPT,
            Arrays.asList(ApplicationProtocolNames.HTTP_2,
                ApplicationProtocolNames.HTTP_1_1));
    expect(scb.applicationProtocolConfig(apc)).andReturn(scb);
  };
}
项目:grpc-java    文件:Http2OkHttpTest.java    
@Override
protected AbstractServerImplBuilder<?> getServerBuilder() {
  // Starts the server with HTTPS.
  try {
    SslProvider sslProvider = SslContext.defaultServerProvider();
    if (sslProvider == SslProvider.OPENSSL && !OpenSsl.isAlpnSupported()) {
      // OkHttp only supports Jetty ALPN on OpenJDK. So if OpenSSL doesn't support ALPN, then we
      // are forced to use Jetty ALPN for Netty instead of OpenSSL.
      sslProvider = SslProvider.JDK;
    }
    SslContextBuilder contextBuilder = SslContextBuilder
        .forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"));
    GrpcSslContexts.configure(contextBuilder, sslProvider);
    contextBuilder.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE);
    return NettyServerBuilder.forPort(0)
        .flowControlWindow(65 * 1024)
        .maxMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
        .sslContext(contextBuilder.build());
  } catch (IOException ex) {
    throw new RuntimeException(ex);
  }
}
项目:grpc-java    文件:TlsTest.java    
@Before
public void setUp() throws NoSuchAlgorithmException {
  executor = Executors.newSingleThreadScheduledExecutor();
  if (sslProvider == SslProvider.OPENSSL) {
    Assume.assumeTrue(OpenSsl.isAvailable());
  }
  if (sslProvider == SslProvider.JDK) {
    Assume.assumeTrue(Arrays.asList(
        SSLContext.getDefault().getSupportedSSLParameters().getCipherSuites())
        .contains("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"));
    try {
      GrpcSslContexts.configure(SslContextBuilder.forClient(), SslProvider.JDK);
    } catch (IllegalArgumentException ex) {
      Assume.assumeNoException("Jetty ALPN does not seem available", ex);
    }
  }
  clientContextBuilder = GrpcSslContexts.configure(SslContextBuilder.forClient(), sslProvider);
}
项目:grpc-java    文件:Http2NettyTest.java    
@Override
protected AbstractServerImplBuilder<?> getServerBuilder() {
  // Starts the server with HTTPS.
  try {
    return NettyServerBuilder.forPort(0)
        .flowControlWindow(65 * 1024)
        .maxMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
        .sslContext(GrpcSslContexts
            .forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"))
            .clientAuth(ClientAuth.REQUIRE)
            .trustManager(TestUtils.loadCert("ca.pem"))
            .ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE)
            .sslProvider(SslProvider.OPENSSL)
            .build());
  } catch (IOException ex) {
    throw new RuntimeException(ex);
  }
}
项目:grpc-java    文件:Http2NettyTest.java    
@Override
protected ManagedChannel createChannel() {
  try {
    NettyChannelBuilder builder = NettyChannelBuilder
        .forAddress(TestUtils.testServerAddress(getPort()))
        .flowControlWindow(65 * 1024)
        .maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
        .sslContext(GrpcSslContexts
            .forClient()
            .keyManager(TestUtils.loadCert("client.pem"), TestUtils.loadCert("client.key"))
            .trustManager(TestUtils.loadX509Cert("ca.pem"))
            .ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE)
            .sslProvider(SslProvider.OPENSSL)
            .build());
    io.grpc.internal.TestingAccessor.setStatsImplementation(
        builder, createClientCensusStatsModule());
    return builder.build();
  } catch (Exception ex) {
    throw new RuntimeException(ex);
  }
}
项目:pushy    文件:SslUtil.java    
/**
 * Selects an SSL provider based on the availability of of an ALPN-capable native provider.
 *
 * @return an ALPN-capable native SSL provider if available, or else the JDK SSL provider
 */
public static SslProvider getSslProvider() {
    final SslProvider sslProvider;

    if (OpenSsl.isAvailable()) {
        if (OpenSsl.isAlpnSupported()) {
            log.info("Native SSL provider is available and supports ALPN; will use native provider.");
            sslProvider = SslProvider.OPENSSL_REFCNT;
        } else {
            log.info("Native SSL provider is available, but does not support ALPN; will use JDK SSL provider.");
            sslProvider = SslProvider.JDK;
        }
    } else {
        log.info("Native SSL provider not available; will use JDK SSL provider.");
        sslProvider = SslProvider.JDK;
    }

    return sslProvider;
}
项目:kafka-connect-cassandra    文件:CassandraSinkConnectorConfig.java    
public CassandraSinkConnectorConfig(Map<?, ?> originals) {
    super(config(), originals);
    this.port = getInt(PORT_CONFIG);
    final List<String> contactPoints = this.getList(CONTACT_POINTS_CONFIG);
    this.contactPoints = contactPoints.toArray(new String[contactPoints.size()]);
    this.consistencyLevel = ConfigUtils.getEnum(ConsistencyLevel.class, this, CONSISTENCY_LEVEL_CONFIG);
//    this.compression = ConfigUtils.getEnum(ProtocolOptions.Compression.class, this, COMPRESSION_CONFIG);
    this.username = getString(USERNAME_CONFIG);
    this.password = getPassword(PASSWORD_CONFIG).value();
    this.securityEnabled = getBoolean(SECURITY_ENABLE_CONFIG);
    this.sslEnabled = getBoolean(SSL_ENABLED_CONFIG);
    this.deletesEnabled = getBoolean(DELETES_ENABLE_CONFIG);

    final String keyspace = getString(KEYSPACE_CONFIG);

    if (Strings.isNullOrEmpty(keyspace)) {
      this.keyspace = null;
    } else {
      this.keyspace = keyspace;
    }

    final String compression = getString(COMPRESSION_CONFIG);
    this.compression = CLIENT_COMPRESSION.get(compression);
    this.sslProvider = ConfigUtils.getEnum(SslProvider.class, this, SSL_PROVIDER_CONFIG);
    this.keyspaceCreateEnabled = getBoolean(KEYSPACE_CREATE_ENABLED_CONFIG);
    this.tableManageEnabled = getBoolean(TABLE_MANAGE_ENABLED_CONFIG);
    this.tableCompressionEnabled = getBoolean(TABLE_CREATE_COMPRESSION_ENABLED_CONFIG);
    this.tableCompressionAlgorithm = ConfigUtils.getEnum(TableOptions.CompressionOptions.Algorithm.class, this, TABLE_CREATE_COMPRESSION_ALGORITHM_CONFIG);
    this.tableCaching = ConfigUtils.getEnum(SchemaBuilder.Caching.class, this, TABLE_CREATE_CACHING_CONFIG);
  }
项目:qonduit    文件:Server.java    
protected SslContext createSSLContext(Configuration config) throws Exception {

        Configuration.Ssl sslCfg = config.getSecurity().getSsl();
        Boolean generate = sslCfg.isUseGeneratedKeypair();
        SslContextBuilder ssl;
        if (generate) {
            LOG.warn("Using generated self signed server certificate");
            Date begin = new Date();
            Date end = new Date(begin.getTime() + 86400000);
            SelfSignedCertificate ssc = new SelfSignedCertificate("localhost", begin, end);
            ssl = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
        } else {
            String cert = sslCfg.getCertificateFile();
            String key = sslCfg.getKeyFile();
            String keyPass = sslCfg.getKeyPassword();
            if (null == cert || null == key) {
                throw new IllegalArgumentException("Check your SSL properties, something is wrong.");
            }
            ssl = SslContextBuilder.forServer(new File(cert), new File(key), keyPass);
        }

        ssl.ciphers(sslCfg.getUseCiphers());

        // Can't set to REQUIRE because the CORS pre-flight requests will fail.
        ssl.clientAuth(ClientAuth.OPTIONAL);

        Boolean useOpenSSL = sslCfg.isUseOpenssl();
        if (useOpenSSL) {
            ssl.sslProvider(SslProvider.OPENSSL);
        } else {
            ssl.sslProvider(SslProvider.JDK);
        }
        String trustStore = sslCfg.getTrustStoreFile();
        if (null != trustStore) {
            if (!trustStore.isEmpty()) {
                ssl.trustManager(new File(trustStore));
            }
        }
        return ssl.build();
    }
项目:qonduit    文件:TwoWaySSLFailureIT.java    
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
项目:qonduit    文件:TwoWaySSLIT.java    
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side.
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
项目:qonduit    文件:WebSocketClientIT.java    
private void setupSslCtx() throws Exception {
    Assert.assertNotNull(clientTrustStoreFile);
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    sslCtx = jdk.context();
}
项目:qonduit    文件:TwoWaySSLOpenSSLIT.java    
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side.
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
项目:NioSmtpClient    文件:FakeTlsContext.java    
public static SSLContext createContext() {
  try {
    JdkSslContext nettyContext = (JdkSslContext) SslContextBuilder
        .forServer(getKeyManagerFactory())
        .sslProvider(SslProvider.JDK)
        .trustManager(InsecureTrustManagerFactory.INSTANCE)
        .build();

    return nettyContext.context();
  } catch (Exception e) {
    throw new RuntimeException(e);
  }
}
项目:curiostack    文件:ServerModule.java    
private static SslContextBuilder serverSslContext(
    InputStream keyCertChainFile, InputStream keyFile) {
  return SslContextBuilder.forServer(keyCertChainFile, keyFile, null)
      .sslProvider(Flags.useOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK)
      .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
      .applicationProtocolConfig(HTTPS_ALPN_CFG);
}
项目:spring-vault    文件:ClientHttpRequestFactoryFactory.java    
static ClientHttpRequestFactory usingNetty(ClientOptions options,
        SslConfiguration sslConfiguration) throws GeneralSecurityException,
        IOException {

    final Netty4ClientHttpRequestFactory requestFactory = new Netty4ClientHttpRequestFactory();

    if (hasSslConfiguration(sslConfiguration)) {

        SslContextBuilder sslContextBuilder = SslContextBuilder //
                .forClient();

        if (sslConfiguration.getTrustStoreConfiguration().isPresent()) {
            sslContextBuilder
                    .trustManager(createTrustManagerFactory(sslConfiguration
                            .getTrustStoreConfiguration()));
        }

        if (sslConfiguration.getKeyStoreConfiguration().isPresent()) {
            sslContextBuilder.keyManager(createKeyManagerFactory(sslConfiguration
                    .getKeyStoreConfiguration()));
        }

        requestFactory.setSslContext(sslContextBuilder.sslProvider(
                SslProvider.JDK).build());
    }

    requestFactory.setConnectTimeout(Math.toIntExact(options
            .getConnectionTimeout().toMillis()));
    requestFactory.setReadTimeout(Math.toIntExact(options.getReadTimeout()
            .toMillis()));

    return requestFactory;
}
项目:timely    文件:Server.java    
protected SslContext createSSLContext(Configuration config) throws Exception {

        Configuration.Ssl sslCfg = config.getSecurity().getSsl();
        Boolean generate = sslCfg.isUseGeneratedKeypair();
        SslContextBuilder ssl;
        if (generate) {
            LOG.warn("Using generated self signed server certificate");
            Date begin = new Date();
            Date end = new Date(begin.getTime() + 86400000);
            SelfSignedCertificate ssc = new SelfSignedCertificate("localhost", begin, end);
            ssl = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
        } else {
            String cert = sslCfg.getCertificateFile();
            String key = sslCfg.getKeyFile();
            String keyPass = sslCfg.getKeyPassword();
            if (null == cert || null == key) {
                throw new IllegalArgumentException("Check your SSL properties, something is wrong.");
            }
            ssl = SslContextBuilder.forServer(new File(cert), new File(key), keyPass);
        }

        ssl.ciphers(sslCfg.getUseCiphers());

        // Can't set to REQUIRE because the CORS pre-flight requests will fail.
        ssl.clientAuth(ClientAuth.OPTIONAL);

        Boolean useOpenSSL = sslCfg.isUseOpenssl();
        if (useOpenSSL) {
            ssl.sslProvider(SslProvider.OPENSSL);
        } else {
            ssl.sslProvider(SslProvider.JDK);
        }
        String trustStore = sslCfg.getTrustStoreFile();
        if (null != trustStore) {
            if (!trustStore.isEmpty()) {
                ssl.trustManager(new File(trustStore));
            }
        }
        return ssl.build();
    }
项目:timely    文件:TwoWaySSLFailureIT.java    
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
项目:timely    文件:TwoWaySSLIT.java    
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side.
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
项目:timely    文件:WebSocketClientIT.java    
private void setupSslCtx() throws Exception {
    Assert.assertNotNull(clientTrustStoreFile);
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    sslCtx = jdk.context();
}
项目:megaphone    文件:DefaultSslEngineFactory.java    
private SslContext getSslContext(AsyncHttpClientConfig config) throws SSLException {
    if (config.getSslContext() != null)
        return config.getSslContext();

    SslContextBuilder sslContextBuilder = SslContextBuilder.forClient()//
            .sslProvider(config.isUseOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK)//
            .sessionCacheSize(config.getSslSessionCacheSize())//
            .sessionTimeout(config.getSslSessionTimeout());

    if (config.isAcceptAnyCertificate())
        sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);

    return sslContextBuilder.build();
}