static ClientHttpRequestFactory usingNetty(ClientOptions options) throws IOException, GeneralSecurityException { SslContext sslContext = new JdkSslContext(SSLContext.getDefault(), true, ClientAuth.REQUIRE); final Netty4ClientHttpRequestFactory requestFactory = new Netty4ClientHttpRequestFactory(); requestFactory.setSslContext(sslContext); if (options.getConnectionTimeout() != null) { requestFactory.setConnectTimeout(options.getConnectionTimeout()); } if (options.getReadTimeout() != null) { requestFactory.setReadTimeout(options.getReadTimeout()); } return requestFactory; }
private void initSsl(String addr, NettyRequestFactory factory) throws Exception { SSLContext sslc = SSLContext.getInstance("TLS"); if(!checkSsl) { log.debug("disable any SSL check on {} address", addr); sslc.init(null, new TrustManager[]{new SSLUtil.NullX509TrustManager()}, null); } else if(StringUtils.hasText(keystore)) { log.debug("use SSL trusted store {} on {} address", keystore, addr); final String alg = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory def = TrustManagerFactory.getInstance(alg); def.init((KeyStore)null);// initialize default list of trust managers Resource resource = resourceLoader.getResource(keystore); if(!resource.exists()) { log.warn("Specified JKS {} is not exists.", keystore); return; } KeyStore ks = KeyStore.getInstance("JKS"); try(InputStream is = resource.getInputStream()) { ks.load(is, storepass == null? new char[0] : storepass.toCharArray()); } TrustManagerFactory local = TrustManagerFactory.getInstance(alg); local.init(ks); TrustManager tm = SSLUtil.combineX509TrustManagers(local.getTrustManagers(), def.getTrustManagers()); sslc.init(null, new TrustManager[]{tm}, null); } factory.setSslContext(new JdkSslContext(sslc, true, ClientAuth.OPTIONAL)); }
@Test public void testNewInstanceLoader() throws Exception { final SslContextReloader reloader = new SslContextReloader(() -> { return new JdkSslContext(SSLContext.getDefault(), true, ClientAuth.REQUIRE); }); assertTrue(reloader.load()); assertEquals(ReloadState.RELOADED, reloader.getReloadState()); assertNull(reloader.getDataVersion()); }
@Test public void testStaticInstanceLoader() throws Exception { final JdkSslContext context = new JdkSslContext(SSLContext.getDefault(), true, ClientAuth.REQUIRE); final SslContextReloader reloader = new SslContextReloader(() -> context); // don't invoke load here because the constructor forces load the first time assertEquals(ReloadState.RELOADED, reloader.getReloadState()); assertNull(reloader.getDataVersion()); assertFalse(reloader.load()); assertEquals(ReloadState.NO_CHANGE, reloader.getReloadState()); assertNull(reloader.getDataVersion()); }
protected SSLSocketFactory getSSLSocketFactory() throws Exception { SslContextBuilder builder = SslContextBuilder.forClient(); builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED); // Use server cert / key on client side builder.keyManager(serverCert.key(), (String) null, serverCert.cert()); builder.sslProvider(SslProvider.JDK); builder.trustManager(clientTrustStoreFile); // Trust the server cert SslContext ctx = builder.build(); Assert.assertEquals(JdkSslClientContext.class, ctx.getClass()); JdkSslContext jdk = (JdkSslContext) ctx; SSLContext jdkSslContext = jdk.context(); return jdkSslContext.getSocketFactory(); }
protected SSLSocketFactory getSSLSocketFactory() throws Exception { SslContextBuilder builder = SslContextBuilder.forClient(); builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED); // Use server cert / key on client side. builder.keyManager(serverCert.key(), (String) null, serverCert.cert()); builder.sslProvider(SslProvider.JDK); builder.trustManager(clientTrustStoreFile); // Trust the server cert SslContext ctx = builder.build(); Assert.assertEquals(JdkSslClientContext.class, ctx.getClass()); JdkSslContext jdk = (JdkSslContext) ctx; SSLContext jdkSslContext = jdk.context(); return jdkSslContext.getSocketFactory(); }
private void setupSslCtx() throws Exception { Assert.assertNotNull(clientTrustStoreFile); SslContextBuilder builder = SslContextBuilder.forClient(); builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED); builder.sslProvider(SslProvider.JDK); builder.trustManager(clientTrustStoreFile); // Trust the server cert SslContext ctx = builder.build(); Assert.assertEquals(JdkSslClientContext.class, ctx.getClass()); JdkSslContext jdk = (JdkSslContext) ctx; sslCtx = jdk.context(); }
public static SSLContext createContext() { try { JdkSslContext nettyContext = (JdkSslContext) SslContextBuilder .forServer(getKeyManagerFactory()) .sslProvider(SslProvider.JDK) .trustManager(InsecureTrustManagerFactory.INSTANCE) .build(); return nettyContext.context(); } catch (Exception e) { throw new RuntimeException(e); } }
final void groupAndChannel(ServerBootstrap bootstrap) { LoopResources loops = Objects.requireNonNull(getLoopResources(), "loopResources"); boolean useNative = preferNative() && !(sslContext() instanceof JdkSslContext); final EventLoopGroup selectorGroup = loops.onServerSelect(useNative); final EventLoopGroup elg = loops.onServer(useNative); bootstrap.group(selectorGroup, elg) .channel(loops.onServerChannel(elg)); }
@SuppressWarnings("unchecked") final void groupAndChannel(Bootstrap bootstrap) { LoopResources loops = Objects.requireNonNull(getLoopResources(), "loopResources"); boolean useNative = this.protocolFamily == null && preferNative() && !(sslContext() instanceof JdkSslContext); EventLoopGroup elg = loops.onClient(useNative); if (this.poolResources != null && elg instanceof Supplier) { //don't colocate bootstrap.group(((Supplier<EventLoopGroup>) elg).get()); } else { bootstrap.group(elg); } if (useDatagramChannel()) { if (useNative) { bootstrap.channel(loops.onDatagramChannel(elg)); } else { bootstrap.channelFactory(() -> new NioDatagramChannel(protocolFamily)); } } else { bootstrap.channel(loops.onChannel(elg)); } }
/** * Creates instance of Socket.IO server with the given secure port. */ public static SocketIOServer newInstance(int port, SSLContext sslContext) { SslContext nettySslContext = new JdkSslContext(sslContext, false, ClientAuth.NONE); return newInstance(port, nettySslContext); }
