本文整理汇总了Java中io.netty.handler.ssl.SslContextBuilder.build方法的典型用法代码示例。如果您正苦于以下问题:Java SslContextBuilder.build方法的具体用法?Java SslContextBuilder.build怎么用?Java SslContextBuilder.build使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类io.netty.handler.ssl.SslContextBuilder
的用法示例。
在下文中一共展示了SslContextBuilder.build方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: newNettyClientContext
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private static SslContext newNettyClientContext(
io.netty.handler.ssl.SslProvider sslProvider, boolean useAlpn) {
try {
TestKeyStore server = TestKeyStore.getServer();
SslContextBuilder ctx =
SslContextBuilder.forClient()
.sslProvider(sslProvider)
.trustManager((X509Certificate[]) server.getPrivateKey("RSA", "RSA")
.getCertificateChain());
if (useAlpn) {
ctx.applicationProtocolConfig(OpenJdkEngineFactoryConfig.NETTY_ALPN_CONFIG);
}
return ctx.build();
} catch (SSLException e) {
throw new RuntimeException(e);
}
}
示例2: newNettyServerContext
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private static SslContext newNettyServerContext(
io.netty.handler.ssl.SslProvider sslProvider, boolean useAlpn) {
try {
PrivateKeyEntry server = TestKeyStore.getServer().getPrivateKey("RSA", "RSA");
SslContextBuilder ctx =
SslContextBuilder
.forServer(server.getPrivateKey(),
(X509Certificate[]) server.getCertificateChain())
.sslProvider(sslProvider);
if (useAlpn) {
ctx.applicationProtocolConfig(OpenJdkEngineFactoryConfig.NETTY_ALPN_CONFIG);
}
return ctx.build();
} catch (SSLException e) {
throw new RuntimeException(e);
}
}
示例3: getUpstreamServerSslContext
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
* Creates a netty SslContext for use when connecting to upstream servers. Retrieves the list of trusted root CAs
* from the trustSource. When trustSource is true, no upstream certificate verification will be performed.
* <b>This will make it possible for attackers to MITM communications with the upstream server</b>, so always
* supply an appropriate trustSource except in extraordinary circumstances (e.g. testing with dynamically-generated
* certificates).
*
* @param cipherSuites cipher suites to allow when connecting to the upstream server
* @param trustSource the trust store that will be used to validate upstream servers' certificates, or null to accept all upstream server certificates
* @return an SSLContext to connect to upstream servers with
*/
public static SslContext getUpstreamServerSslContext(Collection<String> cipherSuites, TrustSource trustSource) {
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
if (trustSource == null) {
log.warn("Disabling upstream server certificate verification. This will allow attackers to intercept communications with upstream servers.");
sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
} else {
sslContextBuilder.trustManager(trustSource.getTrustedCAs());
}
sslContextBuilder.ciphers(cipherSuites, SupportedCipherSuiteFilter.INSTANCE);
try {
return sslContextBuilder.build();
} catch (SSLException e) {
throw new SslContextInitializationException("Error creating new SSL context for connection to upstream server", e);
}
}
示例4: getNettySslContextInner
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private SslContext getNettySslContextInner(String host, boolean useH2) throws Exception {
long start = System.currentTimeMillis();
PrivateKeyAndCertChain keyAndCertChain = keyStoreGenerator.generateCertChain(host, Settings.certValidityDays);
logger.debug("Create certificate for {}, cost {} ms", host, System.currentTimeMillis() - start);
SslContextBuilder builder = SslContextBuilder
.forServer(keyAndCertChain.getPrivateKey(), keyAndCertChain.getCertificateChain());
if (useH2) {
// .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
builder.applicationProtocolConfig(new ApplicationProtocolConfig(
ApplicationProtocolConfig.Protocol.ALPN,
SelectorFailureBehavior.NO_ADVERTISE,
SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2,
ApplicationProtocolNames.HTTP_1_1));
}
return builder.build();
}
示例5: build
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
public SslHandler build(ByteBufAllocator bufferAllocator) throws SSLException {
SslContextBuilder builder = SslContextBuilder.forServer(sslCertificateFile, sslKeyFile, passPhrase);
builder.ciphers(Arrays.asList(ciphers));
if(requireClientAuth()) {
logger.debug("Certificate Authorities: " + certificateAuthorities);
builder.trustManager(new File(certificateAuthorities));
}
SslContext context = builder.build();
SslHandler sslHandler = context.newHandler(bufferAllocator);
SSLEngine engine = sslHandler.engine();
engine.setEnabledProtocols(protocols);
if(requireClientAuth()) {
engine.setUseClientMode(false);
engine.setNeedClientAuth(true);
}
return sslHandler;
}
示例6: NettyCenter
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
* 私有构造函数
*/
private NettyCenter() {
int maybeThreadSize = Runtime.getRuntime().availableProcessors();
if (maybeThreadSize == 1) maybeThreadSize += 2;
else if (maybeThreadSize == 8) maybeThreadSize = 2;
else if (maybeThreadSize > 8) maybeThreadSize /= 2;
/**
* 构造事件循环组
*/
eventLoopGroup = new NioEventLoopGroup(maybeThreadSize, new DefaultThreadFactory("NettyNioLoopGroup"));
/**
* 构造定时器
*/
hashedWheelTimer = new HashedWheelTimer(new DefaultThreadFactory("NettyHashedWheelTimer"));
/**
* 构造 SSL 环境
*/
try {
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
sslContextBuilder.clientAuth(ClientAuth.OPTIONAL);
simpleClientSslContext = sslContextBuilder.build();
} catch (Throwable e) {
log.error("NettyCenter :: initialize client sslcontext error!", e);
}
}
示例7: forKeystore
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
* Builds SslContext using protected keystore file overriding default key manger algorithm. Adequate for non-mutual TLS connections.
*
* @param keystore Keystore inputstream (file, binaries, etc)
* @param keystorePassword Password for protected keystore file
* @param keyManagerAlgorithm Algorithm for keyManager used to process keystorefile
* @return SslContext ready to use
* @throws SecurityContextException for any troubles building the SslContext
*/
public static SslContext forKeystore(InputStream keystore, String keystorePassword, String keyManagerAlgorithm)
throws SecurityContextException {
try {
final KeyStore ks = KeyStore.getInstance(KEYSTORE_JKS);
final KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerAlgorithm);
ks.load(keystore, keystorePassword.toCharArray());
kmf.init(ks, keystorePassword.toCharArray());
SslContextBuilder ctxBuilder = SslContextBuilder.forClient().keyManager(kmf);
return ctxBuilder.build();
} catch (Exception e) {
throw new SecurityContextException(e);
}
}
示例8: forKeystoreAndTruststore
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
* Builds SslContext using protected keystore and truststores, overriding default key manger algorithm. Adequate for mutual TLS connections.
* @param keystore Keystore inputstream (file, binaries, etc)
* @param keystorePassword Password for protected keystore file
* @param truststore Truststore inputstream (file, binaries, etc)
* @param truststorePassword Password for protected truststore file
* @param keyManagerAlgorithm Algorithm for keyManager used to process keystorefile
* @return SslContext ready to use
* @throws SecurityContextException
*/
public static SslContext forKeystoreAndTruststore(InputStream keystore, String keystorePassword, InputStream truststore, String truststorePassword, String keyManagerAlgorithm)
throws SecurityContextException {
try {
final KeyStore ks = KeyStore.getInstance(KEYSTORE_JKS);
final KeyStore ts = KeyStore.getInstance(KEYSTORE_JKS);
final KeyManagerFactory keystoreKmf = KeyManagerFactory.getInstance(keyManagerAlgorithm);
final TrustManagerFactory truststoreKmf = TrustManagerFactory.getInstance(keyManagerAlgorithm);
ks.load(keystore, keystorePassword.toCharArray());
ts.load(truststore, truststorePassword.toCharArray());
keystoreKmf.init(ks, keystorePassword.toCharArray());
truststoreKmf.init(ts);
SslContextBuilder ctxBuilder = SslContextBuilder.forClient().keyManager(keystoreKmf);
ctxBuilder.trustManager(truststoreKmf);
return ctxBuilder.build();
} catch (Exception e) {
throw new SecurityContextException(e);
}
}
示例9: build
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
static SslContext build(final Config conf) throws IOException, CertificateException {
String tmpdir = conf.getString("application.tmpdir");
boolean http2 = conf.getBoolean("server.http2.enabled");
File keyStoreCert = toFile(conf.getString("ssl.keystore.cert"), tmpdir);
File keyStoreKey = toFile(conf.getString("ssl.keystore.key"), tmpdir);
String keyStorePass = conf.hasPath("ssl.keystore.password")
? conf.getString("ssl.keystore.password") : null;
SslContextBuilder scb = SslContextBuilder.forServer(keyStoreCert, keyStoreKey, keyStorePass);
if (conf.hasPath("ssl.trust.cert")) {
scb.trustManager(toFile(conf.getString("ssl.trust.cert"), tmpdir))
.clientAuth(ClientAuth.REQUIRE);
}
if (http2) {
SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
return scb.sslProvider(provider)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(
Protocol.ALPN,
SelectorFailureBehavior.NO_ADVERTISE,
SelectedListenerFailureBehavior.ACCEPT,
Arrays.asList(ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)))
.build();
}
return scb.build();
}
示例10: ctxForClient
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
public static SslContext ctxForClient(NitmProxyConfig config) throws SSLException {
SslContextBuilder builder = SslContextBuilder
.forClient()
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(applicationProtocolConfig(config, config.isServerHttp2()));
if (config.isInsecure()) {
builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
}
return builder.build();
}
示例11: newSession
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
@Override
public CassandraSession newSession(CassandraSinkConnectorConfig config) {
Cluster.Builder clusterBuilder = Cluster.builder()
.withPort(config.port)
.addContactPoints(config.contactPoints)
.withProtocolVersion(ProtocolVersion.NEWEST_SUPPORTED);
if (config.securityEnabled) {
clusterBuilder.withCredentials(config.username, config.password);
}
if (config.sslEnabled) {
final SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
sslContextBuilder.sslProvider(config.sslProvider);
final SslContext context;
try {
context = sslContextBuilder.build();
} catch (SSLException e) {
throw new ConnectException(e);
}
final SSLOptions sslOptions = new RemoteEndpointAwareNettySSLOptions(context);
clusterBuilder.withSSL(sslOptions);
}
clusterBuilder.withCompression(config.compression);
Cluster cluster = clusterBuilder.build();
log.info("Creating session");
final Session session = cluster.newSession();
return new CassandraSessionImpl(config, cluster, session);
}
示例12: createSSLContext
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
protected SslContext createSSLContext(Configuration config) throws Exception {
Configuration.Ssl sslCfg = config.getSecurity().getSsl();
Boolean generate = sslCfg.isUseGeneratedKeypair();
SslContextBuilder ssl;
if (generate) {
LOG.warn("Using generated self signed server certificate");
Date begin = new Date();
Date end = new Date(begin.getTime() + 86400000);
SelfSignedCertificate ssc = new SelfSignedCertificate("localhost", begin, end);
ssl = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
} else {
String cert = sslCfg.getCertificateFile();
String key = sslCfg.getKeyFile();
String keyPass = sslCfg.getKeyPassword();
if (null == cert || null == key) {
throw new IllegalArgumentException("Check your SSL properties, something is wrong.");
}
ssl = SslContextBuilder.forServer(new File(cert), new File(key), keyPass);
}
ssl.ciphers(sslCfg.getUseCiphers());
// Can't set to REQUIRE because the CORS pre-flight requests will fail.
ssl.clientAuth(ClientAuth.OPTIONAL);
Boolean useOpenSSL = sslCfg.isUseOpenssl();
if (useOpenSSL) {
ssl.sslProvider(SslProvider.OPENSSL);
} else {
ssl.sslProvider(SslProvider.JDK);
}
String trustStore = sslCfg.getTrustStoreFile();
if (null != trustStore) {
if (!trustStore.isEmpty()) {
ssl.trustManager(new File(trustStore));
}
}
return ssl.build();
}
示例13: getSSLSocketFactory
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
示例14: getSSLSocketFactory
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side.
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
示例15: setupSslCtx
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private void setupSslCtx() throws Exception {
Assert.assertNotNull(clientTrustStoreFile);
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
JdkSslContext jdk = (JdkSslContext) ctx;
sslCtx = jdk.context();
}