当前位置: 首页>>代码示例>>Java>>正文


Java SslContextBuilder.trustManager方法代码示例

本文整理汇总了Java中io.netty.handler.ssl.SslContextBuilder.trustManager方法的典型用法代码示例。如果您正苦于以下问题:Java SslContextBuilder.trustManager方法的具体用法?Java SslContextBuilder.trustManager怎么用?Java SslContextBuilder.trustManager使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在io.netty.handler.ssl.SslContextBuilder的用法示例。


在下文中一共展示了SslContextBuilder.trustManager方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: initChannel

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
@Override
protected void initChannel(SocketChannel ch) throws Exception {
    if (enableTLS) {
        File tlsCert = new File(serviceConfig.getTlsCertificateFilePath());
        File tlsKey = new File(serviceConfig.getTlsKeyFilePath());
        SslContextBuilder builder = SslContextBuilder.forServer(tlsCert, tlsKey);
        if (serviceConfig.isTlsAllowInsecureConnection()) {
            builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
        } else {
            if (serviceConfig.getTlsTrustCertsFilePath().isEmpty()) {
                // Use system default
                builder.trustManager((File) null);
            } else {
                File trustCertCollection = new File(serviceConfig.getTlsTrustCertsFilePath());
                builder.trustManager(trustCertCollection);
            }
        }
        SslContext sslCtx = builder.clientAuth(ClientAuth.OPTIONAL).build();
        ch.pipeline().addLast(TLS_HANDLER, sslCtx.newHandler(ch.alloc()));
    }
    ch.pipeline().addLast("frameDecoder", new LengthFieldBasedFrameDecoder(PulsarDecoder.MaxFrameSize, 0, 4, 0, 4));
    ch.pipeline().addLast("handler", new ServerConnection(discoveryService));
}
 
开发者ID:apache,项目名称:incubator-pulsar,代码行数:24,代码来源:ServiceChannelInitializer.java

示例2: configureSsl

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private static void configureSsl(SslConfiguration sslConfiguration,
		SslContextBuilder sslContextBuilder) {

	try {

		if (sslConfiguration.getTrustStoreConfiguration().isPresent()) {
			sslContextBuilder.trustManager(createTrustManagerFactory(sslConfiguration
					.getTrustStoreConfiguration()));
		}

		if (sslConfiguration.getKeyStoreConfiguration().isPresent()) {
			sslContextBuilder.keyManager(createKeyManagerFactory(sslConfiguration
					.getKeyStoreConfiguration()));
		}
	}
	catch (GeneralSecurityException | IOException e) {
		throw new IllegalStateException(e);
	}
}
 
开发者ID:spring-projects,项目名称:spring-vault,代码行数:20,代码来源:ClientHttpConnectorFactory.java

示例3: initChannel

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
@Override
protected void initChannel(SocketChannel ch) throws Exception {
    if (enableTLS) {
        File tlsCert = new File(serviceConfig.getTlsCertificateFilePath());
        File tlsKey = new File(serviceConfig.getTlsKeyFilePath());
        SslContextBuilder builder = SslContextBuilder.forServer(tlsCert, tlsKey);
        if (serviceConfig.isTlsAllowInsecureConnection()) {
            builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
        } else {
            if (serviceConfig.getTlsTrustCertsFilePath().isEmpty()) {
                // Use system default
                builder.trustManager((File) null);
            } else {
                File trustCertCollection = new File(serviceConfig.getTlsTrustCertsFilePath());
                builder.trustManager(trustCertCollection);
            }
        }
        SslContext sslCtx = builder.clientAuth(ClientAuth.OPTIONAL).build();
        ch.pipeline().addLast(TLS_HANDLER, sslCtx.newHandler(ch.alloc()));
    }
    ch.pipeline().addLast("frameDecoder", new LengthFieldBasedFrameDecoder(PulsarDecoder.MaxFrameSize, 0, 4, 0, 4));
    ch.pipeline().addLast("handler", new ServerCnx(brokerService));
}
 
开发者ID:apache,项目名称:incubator-pulsar,代码行数:24,代码来源:PulsarChannelInitializer.java

示例4: shouldEnableSslWithSslContextProgrammaticallySpecified

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
@Test
public void shouldEnableSslWithSslContextProgrammaticallySpecified() throws Exception {
    // just for testing - this is not good for production use
    final SslContextBuilder builder = SslContextBuilder.forClient();
    builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
    builder.sslProvider(SslProvider.JDK);

    final Cluster cluster = Cluster.build().enableSsl(true).sslContext(builder.build()).create();
    final Client client = cluster.connect();

    try {
        // this should return "nothing" - there should be no exception
        assertEquals("test", client.submit("'test'").one().getString());
    } finally {
        cluster.close();
    }
}
 
开发者ID:PKUSilvester,项目名称:LiteGraph,代码行数:18,代码来源:GremlinServerIntegrateTest.java

示例5: getUpstreamServerSslContext

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
 * Creates a netty SslContext for use when connecting to upstream servers. Retrieves the list of trusted root CAs
 * from the trustSource. When trustSource is true, no upstream certificate verification will be performed.
 * <b>This will make it possible for attackers to MITM communications with the upstream server</b>, so always
 * supply an appropriate trustSource except in extraordinary circumstances (e.g. testing with dynamically-generated
 * certificates).
 *
 * @param cipherSuites    cipher suites to allow when connecting to the upstream server
 * @param trustSource     the trust store that will be used to validate upstream servers' certificates, or null to accept all upstream server certificates
 * @return an SSLContext to connect to upstream servers with
 */
public static SslContext getUpstreamServerSslContext(Collection<String> cipherSuites, TrustSource trustSource) {
    SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();

    if (trustSource == null) {
        log.warn("Disabling upstream server certificate verification. This will allow attackers to intercept communications with upstream servers.");

        sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
    } else {
        sslContextBuilder.trustManager(trustSource.getTrustedCAs());
    }

    sslContextBuilder.ciphers(cipherSuites, SupportedCipherSuiteFilter.INSTANCE);

    try {
        return sslContextBuilder.build();
    } catch (SSLException e) {
        throw new SslContextInitializationException("Error creating new SSL context for connection to upstream server", e);
    }
}
 
开发者ID:misakuo,项目名称:Dream-Catcher,代码行数:31,代码来源:SslUtil.java

示例6: build

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
public SslHandler build(ByteBufAllocator bufferAllocator) throws SSLException {
    SslContextBuilder builder = SslContextBuilder.forServer(sslCertificateFile, sslKeyFile, passPhrase);

    builder.ciphers(Arrays.asList(ciphers));

    if(requireClientAuth()) {
        logger.debug("Certificate Authorities: " + certificateAuthorities);
        builder.trustManager(new File(certificateAuthorities));
    }

    SslContext context = builder.build();
    SslHandler sslHandler = context.newHandler(bufferAllocator);

    SSLEngine engine = sslHandler.engine();
    engine.setEnabledProtocols(protocols);


    if(requireClientAuth()) {
        engine.setUseClientMode(false);
        engine.setNeedClientAuth(true);
    }

    return sslHandler;
}
 
开发者ID:DTStack,项目名称:jlogstash-input-plugin,代码行数:25,代码来源:SslSimpleBuilder.java

示例7: buildSSLServerContext

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private SslContext buildSSLServerContext(final PrivateKey _key, final X509Certificate[] _cert, final X509Certificate[] _trustedCerts, final Iterable<String> ciphers, final SslProvider sslProvider, final ClientAuth authMode) throws SSLException {

        final SslContextBuilder _sslContextBuilder = 
                SslContextBuilder
                .forServer(_key, _cert)
                .ciphers(ciphers)
                .applicationProtocolConfig(ApplicationProtocolConfig.DISABLED)
                .clientAuth(Objects.requireNonNull(authMode)) // https://github.com/netty/netty/issues/4722
                .sessionCacheSize(0)
                .sessionTimeout(0)
                .sslProvider(sslProvider);
        
        if(_trustedCerts != null && _trustedCerts.length > 0) {
            _sslContextBuilder.trustManager(_trustedCerts);
        }
        
        return buildSSLContext0(_sslContextBuilder);
    }
 
开发者ID:floragunncom,项目名称:search-guard-ssl,代码行数:19,代码来源:DefaultSearchGuardKeyStore.java

示例8: shouldEnableSslWithSslContextProgrammaticallySpecified

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
@Test
public void shouldEnableSslWithSslContextProgrammaticallySpecified() throws Exception {
    // just for testing - this is not good for production use
    final SslContextBuilder builder = SslContextBuilder.forClient();
    builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
    builder.sslProvider(SslProvider.JDK);

    final Cluster cluster = TestClientFactory.build().enableSsl(true).sslContext(builder.build()).create();
    final Client client = cluster.connect();

    try {
        // this should return "nothing" - there should be no exception
        assertEquals("test", client.submit("'test'").one().getString());
    } finally {
        cluster.close();
    }
}
 
开发者ID:apache,项目名称:tinkerpop,代码行数:18,代码来源:GremlinServerIntegrateTest.java

示例9: forKeystoreAndTruststore

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
/**
 * Builds SslContext using protected keystore and truststores, overriding default key manger algorithm. Adequate for mutual TLS connections.
 * @param keystore Keystore inputstream (file, binaries, etc)
 * @param keystorePassword Password for protected keystore file
 * @param truststore Truststore inputstream (file, binaries, etc)
 * @param truststorePassword Password for protected truststore file
 * @param keyManagerAlgorithm Algorithm for keyManager used to process keystorefile
 * @return SslContext ready to use
 * @throws SecurityContextException
 */
public static SslContext forKeystoreAndTruststore(InputStream keystore, String keystorePassword, InputStream truststore, String truststorePassword, String keyManagerAlgorithm)
        throws SecurityContextException {
    try {
        final KeyStore ks = KeyStore.getInstance(KEYSTORE_JKS);
        final KeyStore ts = KeyStore.getInstance(KEYSTORE_JKS);

        final KeyManagerFactory keystoreKmf = KeyManagerFactory.getInstance(keyManagerAlgorithm);
        final TrustManagerFactory truststoreKmf = TrustManagerFactory.getInstance(keyManagerAlgorithm);

        ks.load(keystore, keystorePassword.toCharArray());
        ts.load(truststore, truststorePassword.toCharArray());

        keystoreKmf.init(ks, keystorePassword.toCharArray());
        truststoreKmf.init(ts);

        SslContextBuilder ctxBuilder = SslContextBuilder.forClient().keyManager(keystoreKmf);
        ctxBuilder.trustManager(truststoreKmf);

        return ctxBuilder.build();
    } catch (Exception e) {
        throw new SecurityContextException(e);
    }
}
 
开发者ID:jurmous,项目名称:etcd4j,代码行数:34,代码来源:SecurityContextBuilder.java

示例10: ctxForClient

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
public static SslContext ctxForClient(NitmProxyConfig config) throws SSLException {
    SslContextBuilder builder = SslContextBuilder
            .forClient()
            .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
            .applicationProtocolConfig(applicationProtocolConfig(config, config.isServerHttp2()));
    if (config.isInsecure()) {
        builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
    }
    return builder.build();
}
 
开发者ID:chhsiao90,项目名称:nitmproxy,代码行数:11,代码来源:TlsUtil.java

示例11: createSSLContext

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
protected SslContext createSSLContext(Configuration config) throws Exception {

        Configuration.Ssl sslCfg = config.getSecurity().getSsl();
        Boolean generate = sslCfg.isUseGeneratedKeypair();
        SslContextBuilder ssl;
        if (generate) {
            LOG.warn("Using generated self signed server certificate");
            Date begin = new Date();
            Date end = new Date(begin.getTime() + 86400000);
            SelfSignedCertificate ssc = new SelfSignedCertificate("localhost", begin, end);
            ssl = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
        } else {
            String cert = sslCfg.getCertificateFile();
            String key = sslCfg.getKeyFile();
            String keyPass = sslCfg.getKeyPassword();
            if (null == cert || null == key) {
                throw new IllegalArgumentException("Check your SSL properties, something is wrong.");
            }
            ssl = SslContextBuilder.forServer(new File(cert), new File(key), keyPass);
        }

        ssl.ciphers(sslCfg.getUseCiphers());

        // Can't set to REQUIRE because the CORS pre-flight requests will fail.
        ssl.clientAuth(ClientAuth.OPTIONAL);

        Boolean useOpenSSL = sslCfg.isUseOpenssl();
        if (useOpenSSL) {
            ssl.sslProvider(SslProvider.OPENSSL);
        } else {
            ssl.sslProvider(SslProvider.JDK);
        }
        String trustStore = sslCfg.getTrustStoreFile();
        if (null != trustStore) {
            if (!trustStore.isEmpty()) {
                ssl.trustManager(new File(trustStore));
            }
        }
        return ssl.build();
    }
 
开发者ID:NationalSecurityAgency,项目名称:qonduit,代码行数:41,代码来源:Server.java

示例12: getSSLSocketFactory

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
 
开发者ID:NationalSecurityAgency,项目名称:qonduit,代码行数:14,代码来源:TwoWaySSLFailureIT.java

示例13: getSSLSocketFactory

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
protected SSLSocketFactory getSSLSocketFactory() throws Exception {
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    // Use server cert / key on client side.
    builder.keyManager(serverCert.key(), (String) null, serverCert.cert());
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    SSLContext jdkSslContext = jdk.context();
    return jdkSslContext.getSocketFactory();
}
 
开发者ID:NationalSecurityAgency,项目名称:qonduit,代码行数:14,代码来源:TwoWaySSLIT.java

示例14: setupSslCtx

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private void setupSslCtx() throws Exception {
    Assert.assertNotNull(clientTrustStoreFile);
    SslContextBuilder builder = SslContextBuilder.forClient();
    builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED);
    builder.sslProvider(SslProvider.JDK);
    builder.trustManager(clientTrustStoreFile); // Trust the server cert
    SslContext ctx = builder.build();
    Assert.assertEquals(JdkSslClientContext.class, ctx.getClass());
    JdkSslContext jdk = (JdkSslContext) ctx;
    sslCtx = jdk.context();
}
 
开发者ID:NationalSecurityAgency,项目名称:qonduit,代码行数:12,代码来源:WebSocketClientIT.java

示例15: sslContext

import io.netty.handler.ssl.SslContextBuilder; //导入方法依赖的package包/类
private SslContext sslContext(String scheme) {
    if (scheme.equalsIgnoreCase("https")) {
        SslContextBuilder builder = SslContextBuilder.forClient().sslProvider(defaultClientProvider());
        if (configuration.trustAllCertificates()) {
            builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
        }
        return invokeSafely(builder::build);
    }
    return null;
}
 
开发者ID:aws,项目名称:aws-sdk-java-v2,代码行数:11,代码来源:NettyNioAsyncHttpClient.java


注:本文中的io.netty.handler.ssl.SslContextBuilder.trustManager方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。