当前位置: 首页>>代码示例>>Java>>正文


Java SslContextBuilder.ciphers方法代码示例

本文整理汇总了Java中io.netty.handler.ssl.SslContextBuilder.ciphers方法的典型用法代码示例。如果您正苦于以下问题:Java SslContextBuilder.ciphers方法的具体用法?Java SslContextBuilder.ciphers怎么用?Java SslContextBuilder.ciphers使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在io.netty.handler.ssl.SslContextBuilder的用法示例。


在下文中一共展示了SslContextBuilder.ciphers方法的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: getUpstreamServerSslContext

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
 * Creates a netty SslContext for use when connecting to upstream servers. Retrieves the list of trusted root CAs
 * from the trustSource. When trustSource is true, no upstream certificate verification will be performed.
 * <b>This will make it possible for attackers to MITM communications with the upstream server</b>, so always
 * supply an appropriate trustSource except in extraordinary circumstances (e.g. testing with dynamically-generated
 * certificates).
 *
 * @param cipherSuites    cipher suites to allow when connecting to the upstream server
 * @param trustSource     the trust store that will be used to validate upstream servers' certificates, or null to accept all upstream server certificates
 * @return an SSLContext to connect to upstream servers with
 */
public static SslContext getUpstreamServerSslContext(Collection<String> cipherSuites, TrustSource trustSource) {
    SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();

    if (trustSource == null) {
        log.warn("Disabling upstream server certificate verification. This will allow attackers to intercept communications with upstream servers.");

        sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
    } else {
        sslContextBuilder.trustManager(trustSource.getTrustedCAs());
    }

    sslContextBuilder.ciphers(cipherSuites, SupportedCipherSuiteFilter.INSTANCE);

    try {
        return sslContextBuilder.build();
    } catch (SSLException e) {
        throw new SslContextInitializationException("Error creating new SSL context for connection to upstream server", e);
    }
}
 
开发者ID:misakuo,项目名称:Dream-Catcher,代码行数:31,代码来源:SslUtil.java

示例2: build

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
public SslHandler build(ByteBufAllocator bufferAllocator) throws SSLException {
    SslContextBuilder builder = SslContextBuilder.forServer(sslCertificateFile, sslKeyFile, passPhrase);

    builder.ciphers(Arrays.asList(ciphers));

    if(requireClientAuth()) {
        logger.debug("Certificate Authorities: " + certificateAuthorities);
        builder.trustManager(new File(certificateAuthorities));
    }

    SslContext context = builder.build();
    SslHandler sslHandler = context.newHandler(bufferAllocator);

    SSLEngine engine = sslHandler.engine();
    engine.setEnabledProtocols(protocols);


    if(requireClientAuth()) {
        engine.setUseClientMode(false);
        engine.setNeedClientAuth(true);
    }

    return sslHandler;
}
 
开发者ID:DTStack,项目名称:jlogstash-input-plugin,代码行数:25,代码来源:SslSimpleBuilder.java

示例3: sslContext

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
 * Sets the {@link SslContext} of this {@link VirtualHost} from the specified {@link SessionProtocol},
 * {@code keyCertChainFile}, {@code keyFile} and {@code keyPassword}.
 */
public B sslContext(
        SessionProtocol protocol,
        File keyCertChainFile, File keyFile, String keyPassword) throws SSLException {

    if (requireNonNull(protocol, "protocol") != SessionProtocol.HTTPS) {
        throw new IllegalArgumentException("unsupported protocol: " + protocol);
    }

    final SslContextBuilder builder = SslContextBuilder.forServer(keyCertChainFile, keyFile, keyPassword);

    builder.sslProvider(Flags.useOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK);
    builder.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE);
    builder.applicationProtocolConfig(HTTPS_ALPN_CFG);

    sslContext(builder.build());
    return self();
}
 
开发者ID:line,项目名称:armeria,代码行数:22,代码来源:AbstractVirtualHostBuilder.java

示例4: getServerBuilder

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
@Override
protected AbstractServerImplBuilder<?> getServerBuilder() {
  // Starts the server with HTTPS.
  try {
    SslProvider sslProvider = SslContext.defaultServerProvider();
    if (sslProvider == SslProvider.OPENSSL && !OpenSsl.isAlpnSupported()) {
      // OkHttp only supports Jetty ALPN on OpenJDK. So if OpenSSL doesn't support ALPN, then we
      // are forced to use Jetty ALPN for Netty instead of OpenSSL.
      sslProvider = SslProvider.JDK;
    }
    SslContextBuilder contextBuilder = SslContextBuilder
        .forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"));
    GrpcSslContexts.configure(contextBuilder, sslProvider);
    contextBuilder.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE);
    return NettyServerBuilder.forPort(0)
        .flowControlWindow(65 * 1024)
        .maxMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
        .sslContext(contextBuilder.build());
  } catch (IOException ex) {
    throw new RuntimeException(ex);
  }
}
 
开发者ID:grpc,项目名称:grpc-java,代码行数:23,代码来源:Http2OkHttpTest.java

示例5: reload

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
public synchronized void reload()
{
    try {
        // every watch must be called each time to update status
        boolean trustCertificateModified = trustCertificatesFileWatch.updateState();
        boolean clientCertificateModified = false;
        if (clientCertificatesFileWatch.isPresent()) {
            clientCertificateModified = clientCertificatesFileWatch.get().updateState();
        }
        boolean privateKeyModified = false;
        if (privateKeyFileWatch.isPresent()) {
            privateKeyModified = privateKeyFileWatch.get().updateState();
        }
        if (trustCertificateModified || clientCertificateModified || privateKeyModified) {
            SslContextBuilder sslContextBuilder = SslContextBuilder.forClient()
                    .trustManager(trustCertificatesFileWatch.getFile())
                    .keyManager(
                            clientCertificatesFileWatch.map(FileWatch::getFile).orElse(null),
                            privateKeyFileWatch.map(FileWatch::getFile).orElse(null),
                            privateKeyPassword.orElse(null))
                    .sessionCacheSize(sessionCacheSize)
                    .sessionTimeout(sessionTimeout.roundTo(SECONDS));
            if (!ciphers.isEmpty()) {
                sslContextBuilder.ciphers(ciphers);
            }
            sslContext.set(new SslContextHolder(sslContextBuilder.build()));
        }
    }
    catch (IOException e) {
        sslContext.set(new SslContextHolder(new UncheckedIOException(e)));
    }
}
 
开发者ID:airlift,项目名称:drift,代码行数:33,代码来源:ReloadableSslContext.java

示例6: createSSLContext

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
protected SslContext createSSLContext(Configuration config) throws Exception {

        Configuration.Ssl sslCfg = config.getSecurity().getSsl();
        Boolean generate = sslCfg.isUseGeneratedKeypair();
        SslContextBuilder ssl;
        if (generate) {
            LOG.warn("Using generated self signed server certificate");
            Date begin = new Date();
            Date end = new Date(begin.getTime() + 86400000);
            SelfSignedCertificate ssc = new SelfSignedCertificate("localhost", begin, end);
            ssl = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
        } else {
            String cert = sslCfg.getCertificateFile();
            String key = sslCfg.getKeyFile();
            String keyPass = sslCfg.getKeyPassword();
            if (null == cert || null == key) {
                throw new IllegalArgumentException("Check your SSL properties, something is wrong.");
            }
            ssl = SslContextBuilder.forServer(new File(cert), new File(key), keyPass);
        }

        ssl.ciphers(sslCfg.getUseCiphers());

        // Can't set to REQUIRE because the CORS pre-flight requests will fail.
        ssl.clientAuth(ClientAuth.OPTIONAL);

        Boolean useOpenSSL = sslCfg.isUseOpenssl();
        if (useOpenSSL) {
            ssl.sslProvider(SslProvider.OPENSSL);
        } else {
            ssl.sslProvider(SslProvider.JDK);
        }
        String trustStore = sslCfg.getTrustStoreFile();
        if (null != trustStore) {
            if (!trustStore.isEmpty()) {
                ssl.trustManager(new File(trustStore));
            }
        }
        return ssl.build();
    }
 
开发者ID:NationalSecurityAgency,项目名称:qonduit,代码行数:41,代码来源:Server.java

示例7: build

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
@Override
public SSLOptions build() {
    SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();

    if (provider != null) {
        sslContextBuilder.sslProvider(provider);
    }

    if (ciphers != null) {
        sslContextBuilder.ciphers(ciphers);
    }

    if (clientAuth != null) {
        sslContextBuilder.clientAuth(clientAuth);
    }

    if (sessionCacheSize != null) {
        sslContextBuilder.sessionCacheSize(sessionCacheSize);
    }

    if (sessionTimeout != null) {
        sslContextBuilder.sessionTimeout(sessionTimeout.toSeconds());
    }

    if (trustCertChainFile != null) {
        sslContextBuilder.trustManager(trustCertChainFile);
    }

    if (keyManager != null) {
        sslContextBuilder.keyManager(
                keyManager.getKeyCertChainFile(),
                keyManager.getKeyFile(),
                keyManager.getKeyPassword());
    }

    SslContext sslContext;
    try {
        sslContext = sslContextBuilder.build();
    } catch (SSLException e) {
        throw new RuntimeException("Unable to build Netty SslContext", e);
    }

    return new NettySSLOptions(sslContext);
}
 
开发者ID:composable-systems,项目名称:dropwizard-cassandra,代码行数:45,代码来源:NettySSLOptionsFactory.java

示例8: newNettyClientChannel

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private static NettyChannelBuilder newNettyClientChannel(Transport transport,
    SocketAddress address, boolean tls, boolean testca, int flowControlWindow,
    boolean useDefaultCiphers) throws IOException {
  NettyChannelBuilder builder =
      NettyChannelBuilder.forAddress(address).flowControlWindow(flowControlWindow);
  if (tls) {
    builder.negotiationType(NegotiationType.TLS);
    SslContext sslContext = null;
    if (testca) {
      File cert = TestUtils.loadCert("ca.pem");
      SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient().trustManager(cert);
      if (transport == Transport.NETTY_NIO) {
        sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.JDK);
      } else {
        // Native transport with OpenSSL
        sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.OPENSSL);
      }
      if (useDefaultCiphers) {
        sslContextBuilder.ciphers(null);
      }
      sslContext = sslContextBuilder.build();
    }
    builder.sslContext(sslContext);
  } else {
    builder.negotiationType(NegotiationType.PLAINTEXT);
  }

  DefaultThreadFactory tf = new DefaultThreadFactory("client-elg-", true /*daemon */);
  switch (transport) {
    case NETTY_NIO:
      builder
          .eventLoopGroup(new NioEventLoopGroup(0, tf))
          .channelType(NioSocketChannel.class);
      break;

    case NETTY_EPOLL:
      // These classes only work on Linux.
      builder
          .eventLoopGroup(new EpollEventLoopGroup(0, tf))
          .channelType(EpollSocketChannel.class);
      break;

    case NETTY_UNIX_DOMAIN_SOCKET:
      // These classes only work on Linux.
      builder
          .eventLoopGroup(new EpollEventLoopGroup(0, tf))
          .channelType(EpollDomainSocketChannel.class);
      break;

    default:
      // Should never get here.
      throw new IllegalArgumentException("Unsupported transport: " + transport);
  }
  return builder;
}
 
开发者ID:grpc,项目名称:grpc-java,代码行数:56,代码来源:Utils.java


注:本文中的io.netty.handler.ssl.SslContextBuilder.ciphers方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。