本文整理汇总了Java中io.netty.handler.ssl.SslContextBuilder类的典型用法代码示例。如果您正苦于以下问题:Java SslContextBuilder类的具体用法?Java SslContextBuilder怎么用?Java SslContextBuilder使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
SslContextBuilder类属于io.netty.handler.ssl包,在下文中一共展示了SslContextBuilder类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: initChannel
import io.netty.handler.ssl.SslContextBuilder; //导入依赖的package包/类
@Override
protected void initChannel(SocketChannel ch) throws Exception {
if (enableTLS) {
File tlsCert = new File(serviceConfig.getTlsCertificateFilePath());
File tlsKey = new File(serviceConfig.getTlsKeyFilePath());
SslContextBuilder builder = SslContextBuilder.forServer(tlsCert, tlsKey);
if (serviceConfig.isTlsAllowInsecureConnection()) {
builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
} else {
if (serviceConfig.getTlsTrustCertsFilePath().isEmpty()) {
// Use system default
builder.trustManager((File) null);
} else {
File trustCertCollection = new File(serviceConfig.getTlsTrustCertsFilePath());
builder.trustManager(trustCertCollection);
}
}
SslContext sslCtx = builder.clientAuth(ClientAuth.OPTIONAL).build();
ch.pipeline().addLast(TLS_HANDLER, sslCtx.newHandler(ch.alloc()));
}
ch.pipeline().addLast("frameDecoder", new LengthFieldBasedFrameDecoder(PulsarDecoder.MaxFrameSize, 0, 4, 0, 4));
ch.pipeline().addLast("handler", new ServerConnection(discoveryService));
}
示例2: NettyHttpClient
import io.netty.handler.ssl.SslContextBuilder; //导入依赖的package包/类
public NettyHttpClient(String authCode, HttpProxy proxy, ClientConfig config) {
_maxRetryTimes = config.getMaxRetryTimes();
_readTimeout = config.getReadTimeout();
String message = MessageFormat.format("Created instance with "
+ "connectionTimeout {0}, readTimeout {1}, maxRetryTimes {2}, SSL Version {3}",
config.getConnectionTimeout(), _readTimeout, _maxRetryTimes, config.getSSLVersion());
LOG.debug(message);
_authCode = authCode;
try {
_sslCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build();
_workerGroup = new NioEventLoopGroup();
b = new Bootstrap(); // (1)
b.group(_workerGroup); // (2)
b.channel(NioSocketChannel.class); // (3)
b.option(ChannelOption.SO_KEEPALIVE, true); // (4)
} catch (SSLException e) {
e.printStackTrace();
}
}
示例3: start
import io.netty.handler.ssl.SslContextBuilder; //导入依赖的package包/类
public void start(String ip, int port) throws Exception {
// Configure SSL.
final SslContext sslCtx;
if (SSL) {
sslCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build();
} else {
sslCtx = null;
}
EventLoopGroup group = new NioEventLoopGroup();
try {
Bootstrap b = new Bootstrap();
b.group(group).channel(NioSocketChannel.class).handler(new FileClientInitializer(sslCtx));
Channel ch = b.connect(ip, port).sync().channel();
ConfigurationContext.propMap.putIfAbsent(SOCKET_CHANNEL, ch);
}catch(Exception e){
e.printStackTrace();
}
}
示例4: shoot
import io.netty.handler.ssl.SslContextBuilder; //导入依赖的package包/类
public void shoot(ShootComplete shootComplete) {
Bootstrap b = new Bootstrap();
SslContext sslContext = null;
if (ssl) {
try {
sslContext = SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE).build();
} catch (SSLException e) {
e.printStackTrace();
}
}
b.group(group)
.channel(NioSocketChannel.class)
.handler(new HttpClientInitializer(sslContext));
// Make the connection attempt.
b.connect(host, port).addListener(
(ChannelFutureListener) channelFuture -> {
sendHttpRequest(channelFuture, shootComplete);
});
}
示例5: newNettyClientContext
import io.netty.handler.ssl.SslContextBuilder; //导入依赖的package包/类
private static SslContext newNettyClientContext(
io.netty.handler.ssl.SslProvider sslProvider, boolean useAlpn) {
try {
TestKeyStore server = TestKeyStore.getServer();
SslContextBuilder ctx =
SslContextBuilder.forClient()
.sslProvider(sslProvider)
.trustManager((X509Certificate[]) server.getPrivateKey("RSA", "RSA")
.getCertificateChain());
if (useAlpn) {
ctx.applicationProtocolConfig(OpenJdkEngineFactoryConfig.NETTY_ALPN_CONFIG);
}
return ctx.build();
} catch (SSLException e) {
throw new RuntimeException(e);
}
}
示例6: newNettyServerContext
import io.netty.handler.ssl.SslContextBuilder; //导入依赖的package包/类
private static SslContext newNettyServerContext(
io.netty.handler.ssl.SslProvider sslProvider, boolean useAlpn) {
try {
PrivateKeyEntry server = TestKeyStore.getServer().getPrivateKey("RSA", "RSA");
SslContextBuilder ctx =
SslContextBuilder
.forServer(server.getPrivateKey(),
(X509Certificate[]) server.getCertificateChain())
.sslProvider(sslProvider);
if (useAlpn) {
ctx.applicationProtocolConfig(OpenJdkEngineFactoryConfig.NETTY_ALPN_CONFIG);
}
return ctx.build();
} catch (SSLException e) {
throw new RuntimeException(e);
}
}
示例7: configureSsl
import io.netty.handler.ssl.SslContextBuilder; //导入依赖的package包/类
private static void configureSsl(SslConfiguration sslConfiguration,
SslContextBuilder sslContextBuilder) {
try {
if (sslConfiguration.getTrustStoreConfiguration().isPresent()) {
sslContextBuilder.trustManager(createTrustManagerFactory(sslConfiguration
.getTrustStoreConfiguration()));
}
if (sslConfiguration.getKeyStoreConfiguration().isPresent()) {
sslContextBuilder.keyManager(createKeyManagerFactory(sslConfiguration
.getKeyStoreConfiguration()));
}
}
catch (GeneralSecurityException | IOException e) {
throw new IllegalStateException(e);
}
}
示例8: getSSLContext
import io.netty.handler.ssl.SslContextBuilder; //导入依赖的package包/类
private static SslContext getSSLContext() throws IOException, GeneralSecurityException {
try {
final String privateKeyFile = "keys/server.pkcs8.key";
final String certificateFile = "keys/server.crt";
final String rootCAFile = "keys/rootCA.pem";
final PrivateKey privateKey = loadPrivateKey(privateKeyFile);
final X509Certificate certificate = loadX509Cert(certificateFile);
final X509Certificate rootCA = loadX509Cert(rootCAFile);
return SslContextBuilder.forClient()
.sslProvider(SslProvider.JDK)
.trustManager(rootCA)
.keyManager(privateKey, certificate)
.build();
} catch (IOException | GeneralSecurityException e) {
LOGGER.warn("Failed to establish SSL Context");
LOGGER.debug("Failed to establish SSL Context", e);
throw e;
}
}
示例9: initChannel
import io.netty.handler.ssl.SslContextBuilder; //导入依赖的package包/类
@Override
protected void initChannel(SocketChannel ch) throws Exception {
if (enableTLS) {
File tlsCert = new File(serviceConfig.getTlsCertificateFilePath());
File tlsKey = new File(serviceConfig.getTlsKeyFilePath());
SslContextBuilder builder = SslContextBuilder.forServer(tlsCert, tlsKey);
if (serviceConfig.isTlsAllowInsecureConnection()) {
builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
} else {
if (serviceConfig.getTlsTrustCertsFilePath().isEmpty()) {
// Use system default
builder.trustManager((File) null);
} else {
File trustCertCollection = new File(serviceConfig.getTlsTrustCertsFilePath());
builder.trustManager(trustCertCollection);
}
}
SslContext sslCtx = builder.clientAuth(ClientAuth.OPTIONAL).build();
ch.pipeline().addLast(TLS_HANDLER, sslCtx.newHandler(ch.alloc()));
}
ch.pipeline().addLast("frameDecoder", new LengthFieldBasedFrameDecoder(PulsarDecoder.MaxFrameSize, 0, 4, 0, 4));
ch.pipeline().addLast("handler", new ServerCnx(brokerService));
}
示例10: shouldEnableSslWithSslContextProgrammaticallySpecified
import io.netty.handler.ssl.SslContextBuilder; //导入依赖的package包/类
@Test
public void shouldEnableSslWithSslContextProgrammaticallySpecified() throws Exception {
// just for testing - this is not good for production use
final SslContextBuilder builder = SslContextBuilder.forClient();
builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
builder.sslProvider(SslProvider.JDK);
final Cluster cluster = Cluster.build().enableSsl(true).sslContext(builder.build()).create();
final Client client = cluster.connect();
try {
// this should return "nothing" - there should be no exception
assertEquals("test", client.submit("'test'").one().getString());
} finally {
cluster.close();
}
}
示例11: getUpstreamServerSslContext
import io.netty.handler.ssl.SslContextBuilder; //导入依赖的package包/类
/**
* Creates a netty SslContext for use when connecting to upstream servers. Retrieves the list of trusted root CAs
* from the trustSource. When trustSource is true, no upstream certificate verification will be performed.
* <b>This will make it possible for attackers to MITM communications with the upstream server</b>, so always
* supply an appropriate trustSource except in extraordinary circumstances (e.g. testing with dynamically-generated
* certificates).
*
* @param cipherSuites cipher suites to allow when connecting to the upstream server
* @param trustSource the trust store that will be used to validate upstream servers' certificates, or null to accept all upstream server certificates
* @return an SSLContext to connect to upstream servers with
*/
public static SslContext getUpstreamServerSslContext(Collection<String> cipherSuites, TrustSource trustSource) {
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
if (trustSource == null) {
log.warn("Disabling upstream server certificate verification. This will allow attackers to intercept communications with upstream servers.");
sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
} else {
sslContextBuilder.trustManager(trustSource.getTrustedCAs());
}
sslContextBuilder.ciphers(cipherSuites, SupportedCipherSuiteFilter.INSTANCE);
try {
return sslContextBuilder.build();
} catch (SSLException e) {
throw new SslContextInitializationException("Error creating new SSL context for connection to upstream server", e);
}
}
示例12: sshExchangeAbsoluteGet
import io.netty.handler.ssl.SslContextBuilder; //导入依赖的package包/类
@Test
public void sshExchangeAbsoluteGet() throws CertificateException, SSLException {
SelfSignedCertificate ssc = new SelfSignedCertificate();
SslContext sslServer = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).build();
SslContext sslClient = SslContextBuilder.forClient()
.trustManager(ssc.cert()).build();
NettyContext context =
HttpServer.create(opt -> opt.sslContext(sslServer))
.newHandler((req, resp) -> resp.sendString(Flux.just("hello ", req.uri())))
.block();
HttpClientResponse response = HttpClient.create(
opt -> applyHostAndPortFromContext(opt, context)
.sslContext(sslClient))
.get("/foo").block();
context.dispose();
context.onClose().block();
String responseString = response.receive().aggregate().asString(CharsetUtil.UTF_8).block();
assertThat(responseString).isEqualTo("hello /foo");
}
示例13: getNettySslContextInner
import io.netty.handler.ssl.SslContextBuilder; //导入依赖的package包/类
private SslContext getNettySslContextInner(String host, boolean useH2) throws Exception {
long start = System.currentTimeMillis();
PrivateKeyAndCertChain keyAndCertChain = keyStoreGenerator.generateCertChain(host, Settings.certValidityDays);
logger.debug("Create certificate for {}, cost {} ms", host, System.currentTimeMillis() - start);
SslContextBuilder builder = SslContextBuilder
.forServer(keyAndCertChain.getPrivateKey(), keyAndCertChain.getCertificateChain());
if (useH2) {
// .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
builder.applicationProtocolConfig(new ApplicationProtocolConfig(
ApplicationProtocolConfig.Protocol.ALPN,
SelectorFailureBehavior.NO_ADVERTISE,
SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2,
ApplicationProtocolNames.HTTP_1_1));
}
return builder.build();
}
示例14: createServerSslContext
import io.netty.handler.ssl.SslContextBuilder; //导入依赖的package包/类
/**
* Creates a new SslContext object.
*
* @param cfg the cfg
* @return the ssl context
*/
private synchronized SslContext createServerSslContext(IConfig cfg){
SslContext ctx = null;
try{
SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
if(provider.equals(SslProvider.OPENSSL)){
cfg.print("Using OpenSSL for network encryption.");
}
ctx = SslContextBuilder
.forServer(new File(cfg.getCertFile()), new File(cfg.getKeyFile()), cfg.getKeyPassword())
.sslProvider(provider)
.build();
}catch(Exception e){
LOG.log(Level.SEVERE, null, e);
}
return ctx;
}
示例15: main
import io.netty.handler.ssl.SslContextBuilder; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
// Configure SSL.
final SslContext sslCtx;
if (SSL) {
SelfSignedCertificate ssc = new SelfSignedCertificate();
sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).build();
} else {
sslCtx = null;
}
EventLoopGroup bossGroup = new NioEventLoopGroup(1);
EventLoopGroup workerGroup = new NioEventLoopGroup();
try {
ServerBootstrap b = new ServerBootstrap();
b.group(bossGroup, workerGroup)
.channel(NioServerSocketChannel.class)
.handler(new LoggingHandler(LogLevel.INFO))
.childHandler(new FactorialServerInitializer(sslCtx));
b.bind(PORT).sync().channel().closeFuture().sync();
} finally {
bossGroup.shutdownGracefully();
workerGroup.shutdownGracefully();
}
}