/** * Constructor * @param vertx a vertx instance * @param config the config */ public ConnectorFactory(Vertx vertx, Map<String, String> config) { this.vertx = vertx; this.config = config; this.tlsOptions = new TLSOptions(config); }
throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException { Args.notNull(optionsMap.getKeyStore(), "KeyStore"); Args.notEmpty(optionsMap.getKeyStore(), "KeyStore must not be empty"); String[] allowedProtocols = arrayDifference(optionsMap.getAllowedProtocols(), optionsMap.getDisallowedProtocols(), getDefaultProtocols()); String[] allowedCiphers = arrayDifference(optionsMap.getAllowedCiphers(), optionsMap.getDisallowedCiphers(), getDefaultCipherSuites()); return build(optionsMap.getTrustStore(), optionsMap.getTrustStorePassword(), optionsMap.getKeyStore(), optionsMap.getKeyStorePassword(), optionsMap.getKeyAliases(), optionsMap.getKeyPassword(), allowedProtocols, allowedCiphers, optionsMap.isAllowAnyHost(), optionsMap.isTrustSelfSigned());
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException { String[] allowedProtocols = arrayDifference(optionsMap.getAllowedProtocols(), optionsMap.getDisallowedProtocols(), getDefaultProtocols()); String[] allowedCiphers = arrayDifference(optionsMap.getAllowedCiphers(), optionsMap.getDisallowedCiphers(), getDefaultCipherSuites()); return build(optionsMap.getTrustStore(), optionsMap.getTrustStorePassword(), optionsMap.isAllowAnyHost(), optionsMap.isTrustSelfSigned());
public static HttpClientOptions parseTlsOptions(TLSOptions tlsOptions, URI apiEndpoint) { HttpClientOptions clientOptions = new HttpClientOptions(); if (apiEndpoint.getScheme().equals("http")) { //$NON-NLS-1$ return clientOptions.setSsl(false); } else { clientOptions.setSsl(true); } clientOptions.setTrustAll(tlsOptions.isTrustSelfSigned() || tlsOptions.isDevMode()) .setVerifyHost(!(tlsOptions.isAllowAnyHost() || tlsOptions.isDevMode())); if (tlsOptions.getTrustStore() != null) { clientOptions.setTrustStoreOptions( new JksOptions().setPath(tlsOptions.getTrustStore()).setPassword(tlsOptions.getTrustStorePassword()) ); } if (tlsOptions.getKeyStore() != null) { clientOptions.setKeyStoreOptions( new JksOptions().setPath(tlsOptions.getKeyStore()).setPassword(tlsOptions.getKeyStorePassword()) ); } if (tlsOptions.getAllowedCiphers() != null) { String[] ciphers = arrayDifference(tlsOptions.getAllowedCiphers(), tlsOptions.getDisallowedCiphers(), getDefaultCipherSuites()); for (String cipher : ciphers) { clientOptions.addEnabledCipherSuite(cipher); } } if (tlsOptions.getAllowedProtocols() != null) { log.info("Can't set allowed protocols on Vert.x gateway"); //$NON-NLS-1$ } return clientOptions; }
/** * Creates the SSL strategy based on configured TLS options. * @param authType * @return an appropriate SSL strategy */ protected SSLSessionStrategy getSslStrategy(RequiredAuthType authType) { try { if (authType == RequiredAuthType.MTLS) { if (mutualAuthSslStrategy == null) { mutualAuthSslStrategy = SSLSessionStrategyFactory.buildMutual(tlsOptions); } return mutualAuthSslStrategy; } else { if (standardSslStrategy == null) { if (tlsOptions.isDevMode()) { standardSslStrategy = SSLSessionStrategyFactory.buildUnsafe(); } else { standardSslStrategy = SSLSessionStrategyFactory.buildStandard(tlsOptions); } } return standardSslStrategy; } } catch (Exception e) { throw new RuntimeException(e); } }
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException { String[] allowedProtocols = arrayDifference(optionsMap.getAllowedProtocols(), optionsMap.getDisallowedProtocols(), getDefaultProtocols()); String[] allowedCiphers = arrayDifference(optionsMap.getAllowedCiphers(), optionsMap.getDisallowedCiphers(), getDefaultCipherSuites()); return build(optionsMap.getTrustStore(), optionsMap.getTrustStorePassword(), optionsMap.isAllowAnyHost(), optionsMap.isTrustSelfSigned());
/** * Creates the SSL strategy based on configured TLS options. * @param authType * @return an appropriate SSL strategy */ protected SSLSessionStrategy getSslStrategy(RequiredAuthType authType) { try { if (authType == RequiredAuthType.MTLS) { if (mutualAuthSslStrategy == null) { mutualAuthSslStrategy = SSLSessionStrategyFactory.buildMutual(tlsOptions); } return mutualAuthSslStrategy; } else { if (standardSslStrategy == null) { if (tlsOptions.isDevMode()) { standardSslStrategy = SSLSessionStrategyFactory.buildUnsafe(); } else { standardSslStrategy = SSLSessionStrategyFactory.buildStandard(tlsOptions); } } return standardSslStrategy; } } catch (Exception e) { throw new RuntimeException(e); } }
throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException { Args.notNull(optionsMap.getKeyStore(), "KeyStore"); Args.notEmpty(optionsMap.getKeyStore(), "KeyStore must not be empty"); String[] allowedProtocols = arrayDifference(optionsMap.getAllowedProtocols(), optionsMap.getDisallowedProtocols(), getDefaultProtocols()); String[] allowedCiphers = arrayDifference(optionsMap.getAllowedCiphers(), optionsMap.getDisallowedCiphers(), getDefaultCipherSuites()); return build(optionsMap.getTrustStore(), optionsMap.getTrustStorePassword(), optionsMap.getKeyStore(), optionsMap.getKeyStorePassword(), optionsMap.getKeyAliases(), optionsMap.getKeyPassword(), allowedProtocols, allowedCiphers, optionsMap.isAllowAnyHost(), optionsMap.isTrustSelfSigned());
/** * Constructor. * @param config map of configuration options */ public HttpConnectorFactory(Map<String, String> config) { this.tlsOptions = new TLSOptions(config); this.connectorOptions = new HttpConnectorOptions(config); this.okClient = createHttpClient(); }
/** * Constructor. * @param config map of configuration options */ public HttpConnectorFactory(Map<String, String> config) { this.tlsOptions = new TLSOptions(config); this.connectorOptions = new HttpConnectorOptions(config); this.okClient = createHttpClient(); }