本文整理汇总了Java中io.netty.handler.ssl.SslContextBuilder.trustManager方法的典型用法代码示例。如果您正苦于以下问题:Java SslContextBuilder.trustManager方法的具体用法?Java SslContextBuilder.trustManager怎么用?Java SslContextBuilder.trustManager使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类io.netty.handler.ssl.SslContextBuilder
的用法示例。
在下文中一共展示了SslContextBuilder.trustManager方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: initChannel
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
@Override
protected void initChannel(SocketChannel ch) throws Exception {
if (enableTLS) {
File tlsCert = new File(serviceConfig.getTlsCertificateFilePath());
File tlsKey = new File(serviceConfig.getTlsKeyFilePath());
SslContextBuilder builder = SslContextBuilder.forServer(tlsCert, tlsKey);
if (serviceConfig.isTlsAllowInsecureConnection()) {
builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
} else {
if (serviceConfig.getTlsTrustCertsFilePath().isEmpty()) {
// Use system default
builder.trustManager((File) null);
} else {
File trustCertCollection = new File(serviceConfig.getTlsTrustCertsFilePath());
builder.trustManager(trustCertCollection);
}
}
SslContext sslCtx = builder.clientAuth(ClientAuth.OPTIONAL).build();
ch.pipeline().addLast(TLS_HANDLER, sslCtx.newHandler(ch.alloc()));
}
ch.pipeline().addLast("frameDecoder", new LengthFieldBasedFrameDecoder(PulsarDecoder.MaxFrameSize, 0, 4, 0, 4));
ch.pipeline().addLast("handler", new ServerConnection(discoveryService));
}
示例2: configureSsl
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private static void configureSsl(SslConfiguration sslConfiguration,
SslContextBuilder sslContextBuilder) {
try {
if (sslConfiguration.getTrustStoreConfiguration().isPresent()) {
sslContextBuilder.trustManager(createTrustManagerFactory(sslConfiguration
.getTrustStoreConfiguration()));
}
if (sslConfiguration.getKeyStoreConfiguration().isPresent()) {
sslContextBuilder.keyManager(createKeyManagerFactory(sslConfiguration
.getKeyStoreConfiguration()));
}
}
catch (GeneralSecurityException | IOException e) {
throw new IllegalStateException(e);
}
}
示例3: initChannel
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
@Override
protected void initChannel(SocketChannel ch) throws Exception {
if (enableTLS) {
File tlsCert = new File(serviceConfig.getTlsCertificateFilePath());
File tlsKey = new File(serviceConfig.getTlsKeyFilePath());
SslContextBuilder builder = SslContextBuilder.forServer(tlsCert, tlsKey);
if (serviceConfig.isTlsAllowInsecureConnection()) {
builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
} else {
if (serviceConfig.getTlsTrustCertsFilePath().isEmpty()) {
// Use system default
builder.trustManager((File) null);
} else {
File trustCertCollection = new File(serviceConfig.getTlsTrustCertsFilePath());
builder.trustManager(trustCertCollection);
}
}
SslContext sslCtx = builder.clientAuth(ClientAuth.OPTIONAL).build();
ch.pipeline().addLast(TLS_HANDLER, sslCtx.newHandler(ch.alloc()));
}
ch.pipeline().addLast("frameDecoder", new LengthFieldBasedFrameDecoder(PulsarDecoder.MaxFrameSize, 0, 4, 0, 4));
ch.pipeline().addLast("handler", new ServerCnx(brokerService));
}
示例4: shouldEnableSslWithSslContextProgrammaticallySpecified
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
@Test
public void shouldEnableSslWithSslContextProgrammaticallySpecified() throws Exception {
// just for testing - this is not good for production use
final SslContextBuilder builder = SslContextBuilder.forClient();
builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
builder.sslProvider(SslProvider.JDK);
final Cluster cluster = Cluster.build().enableSsl(true).sslContext(builder.build()).create();
final Client client = cluster.connect();
try {
// this should return "nothing" - there should be no exception
assertEquals("test", client.submit("'test'").one().getString());
} finally {
cluster.close();
}
}
示例5: getUpstreamServerSslContext
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
* Creates a netty SslContext for use when connecting to upstream servers. Retrieves the list of trusted root CAs
* from the trustSource. When trustSource is true, no upstream certificate verification will be performed.
* <b>This will make it possible for attackers to MITM communications with the upstream server</b>, so always
* supply an appropriate trustSource except in extraordinary circumstances (e.g. testing with dynamically-generated
* certificates).
*
* @param cipherSuites cipher suites to allow when connecting to the upstream server
* @param trustSource the trust store that will be used to validate upstream servers' certificates, or null to accept all upstream server certificates
* @return an SSLContext to connect to upstream servers with
*/
public static SslContext getUpstreamServerSslContext(Collection<String> cipherSuites, TrustSource trustSource) {
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
if (trustSource == null) {
log.warn("Disabling upstream server certificate verification. This will allow attackers to intercept communications with upstream servers.");
sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
} else {
sslContextBuilder.trustManager(trustSource.getTrustedCAs());
}
sslContextBuilder.ciphers(cipherSuites, SupportedCipherSuiteFilter.INSTANCE);
try {
return sslContextBuilder.build();
} catch (SSLException e) {
throw new SslContextInitializationException("Error creating new SSL context for connection to upstream server", e);
}
}
示例6: build
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
public SslHandler build(ByteBufAllocator bufferAllocator) throws SSLException {
SslContextBuilder builder = SslContextBuilder.forServer(sslCertificateFile, sslKeyFile, passPhrase);
builder.ciphers(Arrays.asList(ciphers));
if(requireClientAuth()) {
logger.debug("Certificate Authorities: " + certificateAuthorities);
builder.trustManager(new File(certificateAuthorities));
}
SslContext context = builder.build();
SslHandler sslHandler = context.newHandler(bufferAllocator);
SSLEngine engine = sslHandler.engine();
engine.setEnabledProtocols(protocols);
if(requireClientAuth()) {
engine.setUseClientMode(false);
engine.setNeedClientAuth(true);
}
return sslHandler;
}
示例7: buildSSLServerContext
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private SslContext buildSSLServerContext(final PrivateKey _key, final X509Certificate[] _cert, final X509Certificate[] _trustedCerts, final Iterable<String> ciphers, final SslProvider sslProvider, final ClientAuth authMode) throws SSLException {
final SslContextBuilder _sslContextBuilder =
SslContextBuilder
.forServer(_key, _cert)
.ciphers(ciphers)
.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED)
.clientAuth(Objects.requireNonNull(authMode)) // https://github.com/netty/netty/issues/4722
.sessionCacheSize(0)
.sessionTimeout(0)
.sslProvider(sslProvider);
if(_trustedCerts != null && _trustedCerts.length > 0) {
_sslContextBuilder.trustManager(_trustedCerts);
}
return buildSSLContext0(_sslContextBuilder);
}
示例8: shouldEnableSslWithSslContextProgrammaticallySpecified
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
@Test
public void shouldEnableSslWithSslContextProgrammaticallySpecified() throws Exception {
// just for testing - this is not good for production use
final SslContextBuilder builder = SslContextBuilder.forClient();
builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
builder.sslProvider(SslProvider.JDK);
final Cluster cluster = TestClientFactory.build().enableSsl(true).sslContext(builder.build()).create();
final Client client = cluster.connect();
try {
// this should return "nothing" - there should be no exception
assertEquals("test", client.submit("'test'").one().getString());
} finally {
cluster.close();
}
}
示例9: forKeystoreAndTruststore
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
* Builds SslContext using protected keystore and truststores, overriding default key manger algorithm. Adequate for mutual TLS connections.
* @param keystore Keystore inputstream (file, binaries, etc)
* @param keystorePassword Password for protected keystore file
* @param truststore Truststore inputstream (file, binaries, etc)
* @param truststorePassword Password for protected truststore file
* @param keyManagerAlgorithm Algorithm for keyManager used to process keystorefile
* @return SslContext ready to use
* @throws SecurityContextException
*/
public static SslContext forKeystoreAndTruststore(InputStream keystore, String keystorePassword, InputStream truststore, String truststorePassword, String keyManagerAlgorithm)
throws SecurityContextException {
try {
final KeyStore ks = KeyStore.getInstance(KEYSTORE_JKS);
final KeyStore ts = KeyStore.getInstance(KEYSTORE_JKS);
final KeyManagerFactory keystoreKmf = KeyManagerFactory.getInstance(keyManagerAlgorithm);
final TrustManagerFactory truststoreKmf = TrustManagerFactory.getInstance(keyManagerAlgorithm);
ks.load(keystore, keystorePassword.toCharArray());
ts.load(truststore, truststorePassword.toCharArray());
keystoreKmf.init(ks, keystorePassword.toCharArray());
truststoreKmf.init(ts);
SslContextBuilder ctxBuilder = SslContextBuilder.forClient().keyManager(keystoreKmf);
ctxBuilder.trustManager(truststoreKmf);
return ctxBuilder.build();
} catch (Exception e) {
throw new SecurityContextException(e);
}
}
示例10: ctxForClient
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
public static SslContext ctxForClient(NitmProxyConfig config) throws SSLException {
SslContextBuilder builder = SslContextBuilder
.forClient()
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(applicationProtocolConfig(config, config.isServerHttp2()));
if (config.isInsecure()) {
builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
}
return builder.build();
}
示例11: createSSLContext
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
protected SslContext createSSLContext(Configuration config) throws Exception {
Configuration.Ssl sslCfg = config.getSecurity().getSsl();
Boolean generate = sslCfg.isUseGeneratedKeypair();
SslContextBuilder ssl;
if (generate) {
LOG.warn("Using generated self signed server certificate");
Date begin = new Date();
Date end = new Date(begin.getTime() + 86400000);
SelfSignedCertificate ssc = new SelfSignedCertificate("localhost", begin, end);
ssl = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
} else {
String cert = sslCfg.getCertificateFile();
String key = sslCfg.getKeyFile();
String keyPass = sslCfg.getKeyPassword();
if (null == cert || null == key) {
throw new IllegalArgumentException("Check your SSL properties, something is wrong.");
}
ssl = SslContextBuilder.forServer(new File(cert), new File(key), keyPass);
}
ssl.ciphers(sslCfg.getUseCiphers());
// Can't set to REQUIRE because the CORS pre-flight requests will fail.
ssl.clientAuth(ClientAuth.OPTIONAL);
Boolean useOpenSSL = sslCfg.isUseOpenssl();
if (useOpenSSL) {
ssl.sslProvider(SslProvider.OPENSSL);
} else {
ssl.sslProvider(SslProvider.JDK);
}
String trustStore = sslCfg.getTrustStoreFile();
if (null != trustStore) {
if (!trustStore.isEmpty()) {
ssl.trustManager(new File(trustStore));
}
}
return ssl.build();
}
示例12: getSSLSocketFactory
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
示例13: getSSLSocketFactory
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
// Use server cert / key on client side.
builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
JdkSslContext jdk = (JdkSslContext) ctx;
SSLContext jdkSslContext = jdk.context();
return jdkSslContext.getSocketFactory();
}
示例14: setupSslCtx
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private void setupSslCtx() throws Exception {
Assert.assertNotNull(clientTrustStoreFile);
SslContextBuilder builder = SslContextBuilder.forClient();
builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
builder.sslProvider(SslProvider.JDK);
builder.trustManager(clientTrustStoreFile); // Trust the server cert
SslContext ctx = builder.build();
Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
JdkSslContext jdk = (JdkSslContext) ctx;
sslCtx = jdk.context();
}
示例15: sslContext
import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private SslContext sslContext(String scheme) {
if (scheme.equalsIgnoreCase("https")) {
SslContextBuilder builder = SslContextBuilder.forClient().sslProvider(defaultClientProvider());
if (configuration.trustAllCertificates()) {
builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
}
return invokeSafely(builder::build);
}
return null;
}