本文整理汇总了Java中io.netty.handler.ssl.SslContextBuilder.ciphers方法的典型用法代码示例。如果您正苦于以下问题:Java SslContextBuilder.ciphers方法的具体用法?Java SslContextBuilder.ciphers怎么用?Java SslContextBuilder.ciphers使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类io.netty.handler.ssl.SslContextBuilder
的用法示例。
在下文中一共展示了SslContextBuilder.ciphers方法的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getUpstreamServerSslContext
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
* Creates a netty SslContext for use when connecting to upstream servers. Retrieves the list of trusted root CAs
* from the trustSource. When trustSource is true, no upstream certificate verification will be performed.
* <b>This will make it possible for attackers to MITM communications with the upstream server</b>, so always
* supply an appropriate trustSource except in extraordinary circumstances (e.g. testing with dynamically-generated
* certificates).
*
* @param cipherSuites cipher suites to allow when connecting to the upstream server
* @param trustSource the trust store that will be used to validate upstream servers' certificates, or null to accept all upstream server certificates
* @return an SSLContext to connect to upstream servers with
*/
public static SslContext getUpstreamServerSslContext(Collection<String> cipherSuites, TrustSource trustSource) {
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
if (trustSource == null) {
log.warn("Disabling upstream server certificate verification. This will allow attackers to intercept communications with upstream servers.");
sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
} else {
sslContextBuilder.trustManager(trustSource.getTrustedCAs());
}
sslContextBuilder.ciphers(cipherSuites, SupportedCipherSuiteFilter.INSTANCE);
try {
return sslContextBuilder.build();
} catch (SSLException e) {
throw new SslContextInitializationException("Error creating new SSL context for connection to upstream server", e);
}
}
示例2: build
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
public SslHandler build(ByteBufAllocator bufferAllocator) throws SSLException {
SslContextBuilder builder = SslContextBuilder.forServer(sslCertificateFile, sslKeyFile, passPhrase);
builder.ciphers(Arrays.asList(ciphers));
if(requireClientAuth()) {
logger.debug("Certificate Authorities: " + certificateAuthorities);
builder.trustManager(new File(certificateAuthorities));
}
SslContext context = builder.build();
SslHandler sslHandler = context.newHandler(bufferAllocator);
SSLEngine engine = sslHandler.engine();
engine.setEnabledProtocols(protocols);
if(requireClientAuth()) {
engine.setUseClientMode(false);
engine.setNeedClientAuth(true);
}
return sslHandler;
}
示例3: sslContext
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
* Sets the {@link SslContext} of this {@link VirtualHost} from the specified {@link SessionProtocol},
* {@code keyCertChainFile}, {@code keyFile} and {@code keyPassword}.
*/
public B sslContext(
SessionProtocol protocol,
File keyCertChainFile, File keyFile, String keyPassword) throws SSLException {
if (requireNonNull(protocol, "protocol") != SessionProtocol.HTTPS) {
throw new IllegalArgumentException("unsupported protocol: " + protocol);
}
final SslContextBuilder builder = SslContextBuilder.forServer(keyCertChainFile, keyFile, keyPassword);
builder.sslProvider(Flags.useOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK);
builder.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE);
builder.applicationProtocolConfig(HTTPS_ALPN_CFG);
sslContext(builder.build());
return self();
}
示例4: getServerBuilder
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
@Override
protected AbstractServerImplBuilder<?> getServerBuilder() {
// Starts the server with HTTPS.
try {
SslProvider sslProvider = SslContext.defaultServerProvider();
if (sslProvider == SslProvider.OPENSSL && !OpenSsl.isAlpnSupported()) {
// OkHttp only supports Jetty ALPN on OpenJDK. So if OpenSSL doesn't support ALPN, then we
// are forced to use Jetty ALPN for Netty instead of OpenSSL.
sslProvider = SslProvider.JDK;
}
SslContextBuilder contextBuilder = SslContextBuilder
.forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"));
GrpcSslContexts.configure(contextBuilder, sslProvider);
contextBuilder.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE);
return NettyServerBuilder.forPort(0)
.flowControlWindow(65 * 1024)
.maxMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
.sslContext(contextBuilder.build());
} catch (IOException ex) {
throw new RuntimeException(ex);
}
}
示例5: reload
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
public synchronized void reload()
{
try {
// every watch must be called each time to update status
boolean trustCertificateModified = trustCertificatesFileWatch.updateState();
boolean clientCertificateModified = false;
if (clientCertificatesFileWatch.isPresent()) {
clientCertificateModified = clientCertificatesFileWatch.get().updateState();
}
boolean privateKeyModified = false;
if (privateKeyFileWatch.isPresent()) {
privateKeyModified = privateKeyFileWatch.get().updateState();
}
if (trustCertificateModified || clientCertificateModified || privateKeyModified) {
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient()
.trustManager(trustCertificatesFileWatch.getFile())
.keyManager(
clientCertificatesFileWatch.map(FileWatch::getFile).orElse(null),
privateKeyFileWatch.map(FileWatch::getFile).orElse(null),
privateKeyPassword.orElse(null))
.sessionCacheSize(sessionCacheSize)
.sessionTimeout(sessionTimeout.roundTo(SECONDS));
if (!ciphers.isEmpty()) {
sslContextBuilder.ciphers(ciphers);
}
sslContext.set(new SslContextHolder(sslContextBuilder.build()));
}
}
catch (IOException e) {
sslContext.set(new SslContextHolder(new UncheckedIOException(e)));
}
}
示例6: createSSLContext
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
protected SslContext createSSLContext(Configuration config) throws Exception {
Configuration.Ssl sslCfg = config.getSecurity().getSsl();
Boolean generate = sslCfg.isUseGeneratedKeypair();
SslContextBuilder ssl;
if (generate) {
LOG.warn("Using generated self signed server certificate");
Date begin = new Date();
Date end = new Date(begin.getTime() + 86400000);
SelfSignedCertificate ssc = new SelfSignedCertificate("localhost", begin, end);
ssl = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
} else {
String cert = sslCfg.getCertificateFile();
String key = sslCfg.getKeyFile();
String keyPass = sslCfg.getKeyPassword();
if (null == cert || null == key) {
throw new IllegalArgumentException("Check your SSL properties, something is wrong.");
}
ssl = SslContextBuilder.forServer(new File(cert), new File(key), keyPass);
}
ssl.ciphers(sslCfg.getUseCiphers());
// Can't set to REQUIRE because the CORS pre-flight requests will fail.
ssl.clientAuth(ClientAuth.OPTIONAL);
Boolean useOpenSSL = sslCfg.isUseOpenssl();
if (useOpenSSL) {
ssl.sslProvider(SslProvider.OPENSSL);
} else {
ssl.sslProvider(SslProvider.JDK);
}
String trustStore = sslCfg.getTrustStoreFile();
if (null != trustStore) {
if (!trustStore.isEmpty()) {
ssl.trustManager(new File(trustStore));
}
}
return ssl.build();
}
示例7: build
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
@Override
public SSLOptions build() {
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
if (provider != null) {
sslContextBuilder.sslProvider(provider);
}
if (ciphers != null) {
sslContextBuilder.ciphers(ciphers);
}
if (clientAuth != null) {
sslContextBuilder.clientAuth(clientAuth);
}
if (sessionCacheSize != null) {
sslContextBuilder.sessionCacheSize(sessionCacheSize);
}
if (sessionTimeout != null) {
sslContextBuilder.sessionTimeout(sessionTimeout.toSeconds());
}
if (trustCertChainFile != null) {
sslContextBuilder.trustManager(trustCertChainFile);
}
if (keyManager != null) {
sslContextBuilder.keyManager(
keyManager.getKeyCertChainFile(),
keyManager.getKeyFile(),
keyManager.getKeyPassword());
}
SslContext sslContext;
try {
sslContext = sslContextBuilder.build();
} catch (SSLException e) {
throw new RuntimeException("Unable to build Netty SslContext", e);
}
return new NettySSLOptions(sslContext);
}
示例8: newNettyClientChannel
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private static NettyChannelBuilder newNettyClientChannel(Transport transport,
SocketAddress address, boolean tls, boolean testca, int flowControlWindow,
boolean useDefaultCiphers) throws IOException {
NettyChannelBuilder builder =
NettyChannelBuilder.forAddress(address).flowControlWindow(flowControlWindow);
if (tls) {
builder.negotiationType(NegotiationType.TLS);
SslContext sslContext = null;
if (testca) {
File cert = TestUtils.loadCert("ca.pem");
SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient().trustManager(cert);
if (transport == Transport.NETTY_NIO) {
sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.JDK);
} else {
// Native transport with OpenSSL
sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.OPENSSL);
}
if (useDefaultCiphers) {
sslContextBuilder.ciphers(null);
}
sslContext = sslContextBuilder.build();
}
builder.sslContext(sslContext);
} else {
builder.negotiationType(NegotiationType.PLAINTEXT);
}
DefaultThreadFactory tf = new DefaultThreadFactory("client-elg-", true /*daemon */);
switch (transport) {
case NETTY_NIO:
builder
.eventLoopGroup(new NioEventLoopGroup(0, tf))
.channelType(NioSocketChannel.class);
break;
case NETTY_EPOLL:
// These classes only work on Linux.
builder
.eventLoopGroup(new EpollEventLoopGroup(0, tf))
.channelType(EpollSocketChannel.class);
break;
case NETTY_UNIX_DOMAIN_SOCKET:
// These classes only work on Linux.
builder
.eventLoopGroup(new EpollEventLoopGroup(0, tf))
.channelType(EpollDomainSocketChannel.class);
break;
default:
// Should never get here.
throw new IllegalArgumentException("Unsupported transport: " + transport);
}
return builder;
}