当前位置: 首页>>代码示例>>Java>>正文


Java SslContextBuilder.build方法代码示例

本文整理汇总了Java中io.netty.handler.ssl.SslContextBuilder.build方法的典型用法代码示例。如果您正苦于以下问题:Java SslContextBuilder.build方法的具体用法?Java SslContextBuilder.build怎么用?Java SslContextBuilder.build使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在io.netty.handler.ssl.SslContextBuilder的用法示例。


在下文中一共展示了SslContextBuilder.build方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: newNettyClientContext

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private static SslContext newNettyClientContext(
        io.netty.handler.ssl.SslProvider sslProvider, boolean useAlpn) {
    try {
        TestKeyStore server = TestKeyStore.getServer();
        SslContextBuilder ctx =
                SslContextBuilder.forClient()
                        .sslProvider(sslProvider)
                        .trustManager((X509Certificate[]) server.getPrivateKey("RSA", "RSA")
                                              .getCertificateChain());
        if (useAlpn) {
            ctx.applicationProtocolConfig(OpenJdkEngineFactoryConfig.NETTY_ALPN_CONFIG);
        }
        return ctx.build();
    } catch (SSLException e) {
        throw new RuntimeException(e);
    }
}
 
开发者ID:google,项目名称:conscrypt,代码行数:18,代码来源:OpenJdkEngineFactory.java

示例2: newNettyServerContext

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private static SslContext newNettyServerContext(
        io.netty.handler.ssl.SslProvider sslProvider, boolean useAlpn) {
    try {
        PrivateKeyEntry server = TestKeyStore.getServer().getPrivateKey("RSA", "RSA");
        SslContextBuilder ctx =
                SslContextBuilder
                        .forServer(server.getPrivateKey(),
                                (X509Certificate[]) server.getCertificateChain())
                        .sslProvider(sslProvider);
        if (useAlpn) {
            ctx.applicationProtocolConfig(OpenJdkEngineFactoryConfig.NETTY_ALPN_CONFIG);
        }
        return ctx.build();
    } catch (SSLException e) {
        throw new RuntimeException(e);
    }
}
 
开发者ID:google,项目名称:conscrypt,代码行数:18,代码来源:OpenJdkEngineFactory.java

示例3: getUpstreamServerSslContext

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
 * Creates a netty SslContext for use when connecting to upstream servers. Retrieves the list of trusted root CAs
 * from the trustSource. When trustSource is true, no upstream certificate verification will be performed.
 * <b>This will make it possible for attackers to MITM communications with the upstream server</b>, so always
 * supply an appropriate trustSource except in extraordinary circumstances (e.g. testing with dynamically-generated
 * certificates).
 *
 * @param cipherSuites    cipher suites to allow when connecting to the upstream server
 * @param trustSource     the trust store that will be used to validate upstream servers' certificates, or null to accept all upstream server certificates
 * @return an SSLContext to connect to upstream servers with
 */
public static SslContext getUpstreamServerSslContext(Collection<String> cipherSuites, TrustSource trustSource) {
    SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();

    if (trustSource == null) {
        log.warn("Disabling upstream server certificate verification. This will allow attackers to intercept communications with upstream servers.");

        sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
    } else {
        sslContextBuilder.trustManager(trustSource.getTrustedCAs());
    }

    sslContextBuilder.ciphers(cipherSuites, SupportedCipherSuiteFilter.INSTANCE);

    try {
        return sslContextBuilder.build();
    } catch (SSLException e) {
        throw new SslContextInitializationException("Error creating new SSL context for connection to upstream server", e);
    }
}
 
开发者ID:misakuo,项目名称:Dream-Catcher,代码行数:31,代码来源:SslUtil.java

示例4: getNettySslContextInner

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private SslContext getNettySslContextInner(String host, boolean useH2) throws Exception {
        long start = System.currentTimeMillis();
        PrivateKeyAndCertChain keyAndCertChain = keyStoreGenerator.generateCertChain(host, Settings.certValidityDays);
        logger.debug("Create certificate for {}, cost {} ms", host, System.currentTimeMillis() - start);
        SslContextBuilder builder = SslContextBuilder
                .forServer(keyAndCertChain.getPrivateKey(), keyAndCertChain.getCertificateChain());
        if (useH2) {
//                .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
            builder.applicationProtocolConfig(new ApplicationProtocolConfig(
                    ApplicationProtocolConfig.Protocol.ALPN,
                    SelectorFailureBehavior.NO_ADVERTISE,
                    SelectedListenerFailureBehavior.ACCEPT,
                    ApplicationProtocolNames.HTTP_2,
                    ApplicationProtocolNames.HTTP_1_1));
        }
        return builder.build();
    }
 
开发者ID:hsiafan,项目名称:byproxy,代码行数:18,代码来源:ServerSSLContextManager.java

示例5: build

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
public SslHandler build(ByteBufAllocator bufferAllocator) throws SSLException {
    SslContextBuilder builder = SslContextBuilder.forServer(sslCertificateFile, sslKeyFile, passPhrase);

    builder.ciphers(Arrays.asList(ciphers));

    if(requireClientAuth()) {
        logger.debug("Certificate Authorities: " + certificateAuthorities);
        builder.trustManager(new File(certificateAuthorities));
    }

    SslContext context = builder.build();
    SslHandler sslHandler = context.newHandler(bufferAllocator);

    SSLEngine engine = sslHandler.engine();
    engine.setEnabledProtocols(protocols);


    if(requireClientAuth()) {
        engine.setUseClientMode(false);
        engine.setNeedClientAuth(true);
    }

    return sslHandler;
}
 
开发者ID:DTStack,项目名称:jlogstash-input-plugin,代码行数:25,代码来源:SslSimpleBuilder.java

示例6: NettyCenter

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
 * 私有构造函数
 */
private NettyCenter() {
    int maybeThreadSize = Runtime.getRuntime().availableProcessors();
    if (maybeThreadSize == 1) maybeThreadSize += 2;
    else if (maybeThreadSize == 8) maybeThreadSize = 2;
    else if (maybeThreadSize > 8) maybeThreadSize /= 2;
    /**
     * 构造事件循环组
     */
    eventLoopGroup = new NioEventLoopGroup(maybeThreadSize, new DefaultThreadFactory("NettyNioLoopGroup"));
    /**
     * 构造定时器
     */
    hashedWheelTimer = new HashedWheelTimer(new DefaultThreadFactory("NettyHashedWheelTimer"));
    /**
     * 构造 SSL 环境
     */
    try {
        SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
        sslContextBuilder.clientAuth(ClientAuth.OPTIONAL);
        simpleClientSslContext = sslContextBuilder.build();
    } catch (Throwable e) {
        log.error("NettyCenter :: initialize client sslcontext error!", e);
    }
}
 
开发者ID:316181444,项目名称:GameServerFramework,代码行数:28,代码来源:NettyCenter.java

示例7: forKeystore

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
 * Builds SslContext using protected keystore file overriding default key manger algorithm. Adequate for non-mutual TLS connections.
 *
 * @param keystore Keystore inputstream (file, binaries, etc)
 * @param keystorePassword Password for protected keystore file
 * @param keyManagerAlgorithm Algorithm for keyManager used to process keystorefile
 * @return SslContext ready to use
 * @throws SecurityContextException for any troubles building the SslContext
 */
public static SslContext forKeystore(InputStream keystore, String keystorePassword, String keyManagerAlgorithm)
        throws SecurityContextException {

    try {
        final KeyStore ks = KeyStore.getInstance(KEYSTORE_JKS);
        final KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerAlgorithm);

        ks.load(keystore, keystorePassword.toCharArray());
        kmf.init(ks, keystorePassword.toCharArray());

        SslContextBuilder ctxBuilder = SslContextBuilder.forClient().keyManager(kmf);
        return ctxBuilder.build();
    } catch (Exception e) {
        throw new SecurityContextException(e);
    }
}
 
开发者ID:jurmous,项目名称:etcd4j,代码行数:26,代码来源:SecurityContextBuilder.java

示例8: forKeystoreAndTruststore

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
 * Builds SslContext using protected keystore and truststores, overriding default key manger algorithm. Adequate for mutual TLS connections.
 * @param keystore Keystore inputstream (file, binaries, etc)
 * @param keystorePassword Password for protected keystore file
 * @param truststore Truststore inputstream (file, binaries, etc)
 * @param truststorePassword Password for protected truststore file
 * @param keyManagerAlgorithm Algorithm for keyManager used to process keystorefile
 * @return SslContext ready to use
 * @throws SecurityContextException
 */
public static SslContext forKeystoreAndTruststore(InputStream keystore, String keystorePassword, InputStream truststore, String truststorePassword, String keyManagerAlgorithm)
        throws SecurityContextException {
    try {
        final KeyStore ks = KeyStore.getInstance(KEYSTORE_JKS);
        final KeyStore ts = KeyStore.getInstance(KEYSTORE_JKS);

        final KeyManagerFactory keystoreKmf = KeyManagerFactory.getInstance(keyManagerAlgorithm);
        final TrustManagerFactory truststoreKmf = TrustManagerFactory.getInstance(keyManagerAlgorithm);

        ks.load(keystore, keystorePassword.toCharArray());
        ts.load(truststore, truststorePassword.toCharArray());

        keystoreKmf.init(ks, keystorePassword.toCharArray());
        truststoreKmf.init(ts);

        SslContextBuilder ctxBuilder = SslContextBuilder.forClient().keyManager(keystoreKmf);
        ctxBuilder.trustManager(truststoreKmf);

        return ctxBuilder.build();
    } catch (Exception e) {
        throw new SecurityContextException(e);
    }
}
 
开发者ID:jurmous,项目名称:etcd4j,代码行数:34,代码来源:SecurityContextBuilder.java

示例9: build

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
static SslContext build(final Config conf) throws IOException, CertificateException {
  String tmpdir = conf.getString("application.tmpdir");
  boolean http2 = conf.getBoolean("server.http2.enabled");
  File keyStoreCert = toFile(conf.getString("ssl.keystore.cert"), tmpdir);
  File keyStoreKey = toFile(conf.getString("ssl.keystore.key"), tmpdir);
  String keyStorePass = conf.hasPath("ssl.keystore.password")
      ? conf.getString("ssl.keystore.password") : null;
  SslContextBuilder scb = SslContextBuilder.forServer(keyStoreCert, keyStoreKey, keyStorePass);
  if (conf.hasPath("ssl.trust.cert")) {
    scb.trustManager(toFile(conf.getString("ssl.trust.cert"), tmpdir))
       .clientAuth(ClientAuth.REQUIRE);
  }
  if (http2) {
    SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
    return scb.sslProvider(provider)
        .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
        .applicationProtocolConfig(new ApplicationProtocolConfig(
            Protocol.ALPN,
            SelectorFailureBehavior.NO_ADVERTISE,
            SelectedListenerFailureBehavior.ACCEPT,
            Arrays.asList(ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)))
        .build();
  }
  return scb.build();
}
 
开发者ID:jooby-project,项目名称:jooby,代码行数:26,代码来源:NettySslContext.java

示例10: ctxForClient

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
public static SslContext ctxForClient(NitmProxyConfig config) throws SSLException {
    SslContextBuilder builder = SslContextBuilder
            .forClient()
            .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
            .applicationProtocolConfig(applicationProtocolConfig(config, config.isServerHttp2()));
    if (config.isInsecure()) {
        builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
    }
    return builder.build();
}
 
开发者ID:chhsiao90,项目名称:nitmproxy,代码行数:11,代码来源:TlsUtil.java

示例11: newSession

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
@Override
public CassandraSession newSession(CassandraSinkConnectorConfig config) {
  Cluster.Builder clusterBuilder = Cluster.builder()
      .withPort(config.port)
      .addContactPoints(config.contactPoints)
      .withProtocolVersion(ProtocolVersion.NEWEST_SUPPORTED);
  if (config.securityEnabled) {
    clusterBuilder.withCredentials(config.username, config.password);
  }
  if (config.sslEnabled) {
    final SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
    sslContextBuilder.sslProvider(config.sslProvider);
    final SslContext context;
    try {
      context = sslContextBuilder.build();
    } catch (SSLException e) {
      throw new ConnectException(e);
    }
    final SSLOptions sslOptions = new RemoteEndpointAwareNettySSLOptions(context);
    clusterBuilder.withSSL(sslOptions);
  }
  clusterBuilder.withCompression(config.compression);
  Cluster cluster = clusterBuilder.build();
  log.info("Creating session");
  final Session session = cluster.newSession();
  return new CassandraSessionImpl(config, cluster, session);
}
 
开发者ID:jcustenborder,项目名称:kafka-connect-cassandra,代码行数:28,代码来源:CassandraSessionFactoryImpl.java

示例12: createSSLContext

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
protected SslContext createSSLContext(Configuration config) throws Exception {

        Configuration.Ssl sslCfg = config.getSecurity().getSsl();
        Boolean generate = sslCfg.isUseGeneratedKeypair();
        SslContextBuilder ssl;
        if (generate) {
            LOG.warn("Using generated self signed server certificate");
            Date begin = new Date();
            Date end = new Date(begin.getTime() + 86400000);
            SelfSignedCertificate ssc = new SelfSignedCertificate("localhost", begin, end);
            ssl = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
        } else {
            String cert = sslCfg.getCertificateFile();
            String key = sslCfg.getKeyFile();
            String keyPass = sslCfg.getKeyPassword();
            if (null == cert || null == key) {
                throw new IllegalArgumentException("Check your SSL properties, something is wrong.");
            }
            ssl = SslContextBuilder.forServer(new File(cert), new File(key), keyPass);
        }

        ssl.ciphers(sslCfg.getUseCiphers());

        // Can't set to REQUIRE because the CORS pre-flight requests will fail.
        ssl.clientAuth(ClientAuth.OPTIONAL);

        Boolean useOpenSSL = sslCfg.isUseOpenssl();
        if (useOpenSSL) {
            ssl.sslProvider(SslProvider.OPENSSL);
        } else {
            ssl.sslProvider(SslProvider.JDK);
        }
        String trustStore = sslCfg.getTrustStoreFile();
        if (null != trustStore) {
            if (!trustStore.isEmpty()) {
                ssl.trustManager(new File(trustStore));
            }
        }
        return ssl.build();
    }
 
开发者ID:NationalSecurityAgency,项目名称:qonduit,代码行数:41,代码来源:Server.java

示例13: getSSLSocketFactory

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
 
开发者ID:NationalSecurityAgency,项目名称:qonduit,代码行数:14,代码来源:TwoWaySSLFailureIT.java

示例14: getSSLSocketFactory

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side.
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
 
开发者ID:NationalSecurityAgency,项目名称:qonduit,代码行数:14,代码来源:TwoWaySSLIT.java

示例15: setupSslCtx

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private void setupSslCtx() throws Exception {
    Assert.assertNotNull(clientTrustStoreFile);
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    sslCtx = jdk.context();
}
 
开发者ID:NationalSecurityAgency,项目名称:qonduit,代码行数:12,代码来源:WebSocketClientIT.java


注:本文中的io.netty.handler.ssl.SslContextBuilder.build方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。