public SSLEngine createEngine(VertxInternal vertx, String host, int port, boolean forceSNI) { SSLEngine engine = getContext(vertx, null).newEngine(ByteBufAllocator.DEFAULT, host, port); configureEngine(engine, forceSNI ? host : null); return engine; }
if (sslHelper.isSSL()) { ch.pipeline().addFirst("handshaker", new SslHandshakeCompletionHandler(ar -> { if (ar.succeeded()) { SniHandler sniHandler = new SniHandler(sslHelper.serverNameMapper(vertx)); ch.pipeline().addFirst("ssl", sniHandler); } else { SslHandler sslHandler = new SslHandler(sslHelper.createEngine(vertx)); ch.pipeline().addFirst("ssl", sslHandler);
public SslContext getContext(VertxInternal vertx, String serverName) { if (serverName == null) { if (sslContext == null) { TrustManagerFactory trustMgrFactory = null; try { trustMgrFactory = getTrustMgrFactory(vertx, null); } catch (Exception e) { throw new VertxException(e); } sslContext = createContext(vertx, null, trustMgrFactory); } return sslContext; } else { X509KeyManager mgr; try { mgr = keyCertOptions.keyManagerMapper(vertx).apply(serverName); } catch (Exception e) { throw new RuntimeException(e); } if (mgr == null) { return sslContext; } try { TrustManagerFactory trustMgrFactory = getTrustMgrFactory(vertx, serverName); return sslContextMap.computeIfAbsent(mgr.getCertificateChain(null)[0], s -> createContext(vertx, mgr, trustMgrFactory)); } catch (Exception e) { throw new VertxException(e); } } }
@Override public NetSocket upgradeToSsl(String serverName, Handler<Void> handler) { ChannelOutboundHandler sslHandler = (ChannelOutboundHandler) chctx.pipeline().get("ssl"); if (sslHandler == null) { chctx.pipeline().addFirst("handshaker", new SslHandshakeCompletionHandler(ar -> { if (ar.succeeded()) { handler.handle(null); } else { chctx.channel().closeFuture(); handleException(ar.cause()); } })); if (remoteAddress != null) { sslHandler = new SslHandler(helper.createEngine(vertx, remoteAddress, serverName)); } else { if (helper.isSNI()) { sslHandler = new SniHandler(helper.serverNameMapper(vertx)); } else { sslHandler = new SslHandler(helper.createEngine(vertx)); } } chctx.pipeline().addFirst("ssl", sslHandler); } return this; }
@Test public void testUseJdkCiphersWhenNotSpecified() throws Exception { SSLContext context = SSLContext.getInstance("TLS"); context.init(null, null, null); SSLEngine engine = context.createSSLEngine(); String[] expected = engine.getEnabledCipherSuites(); SSLHelper helper = new SSLHelper(new HttpClientOptions(), Cert.CLIENT_JKS.get(), Trust.SERVER_JKS.get()); SslContext ctx = helper.getContext((VertxInternal) vertx); assertEquals(new HashSet<>(Arrays.asList(expected)), new HashSet<>(ctx.cipherSuites())); }
private ActualServer(Vertx vertx, ServerID id, HttpServerOptions options, NettyServerBuilder builder) { // SSL if (options.isSsl()) { SSLHelper helper = new SSLHelper(options, options.getKeyCertOptions(), options.getTrustOptions()); helper.setApplicationProtocols(Collections.singletonList(HttpVersion.HTTP_2)); SslContext ctx = helper.getContext((VertxInternal) vertx); builder.sslContext(new DelegatingSslContext(ctx) { @Override protected void initEngine(SSLEngine engine) { helper.configureEngine(engine, null); } }); } Transport transport = ((VertxInternal) vertx).transport(); this.id = id; this.options = options; this.server = builder .executor(command -> { contextLocal.get().get(0).executeFromIO(event -> command.run()); }) .channelType(transport.serverChannelFactory(false).newChannel().getClass()) .bossEventLoopGroup(group) .workerEventLoopGroup(group) .build(); }
public synchronized void validate(VertxInternal vertx) { if (ssl) { getContext(vertx, null); } }
this.sslHelper = new SSLHelper(options, options.getKeyCertOptions(), options.getTrustOptions()). setApplicationProtocols(alpnVersions); sslHelper.validate(vertx); this.creatingContext = vertx.getContext(); closeHook = completionHandler -> {
public NetServerImpl(VertxInternal vertx, NetServerOptions options) { this.vertx = vertx; this.options = new NetServerOptions(options); this.sslHelper = new SSLHelper(options, options.getKeyCertOptions(), options.getTrustOptions()); this.creatingContext = vertx.getContext(); this.logEnabled = options.getLogActivity(); if (creatingContext != null) { creatingContext.addCloseHook(this); } }
@Test public void testPreserveEnabledCipherSuitesOrder() throws Exception { SSLContext context = SSLContext.getInstance("TLS"); context.init(null, null, null); SSLEngine engine = context.createSSLEngine(); HttpServerOptions options = new HttpServerOptions(); for (String suite : engine.getEnabledCipherSuites()) { options.addEnabledCipherSuite(suite); } assertEquals(new ArrayList<>(options.getEnabledCipherSuites()), Arrays.asList(engine.getEnabledCipherSuites())); assertEquals(new ArrayList<>(new HttpServerOptions(options).getEnabledCipherSuites()), Arrays.asList(engine.getEnabledCipherSuites())); JsonObject json = options.toJson(); assertEquals(new ArrayList<>(new HttpServerOptions(json).getEnabledCipherSuites()), Arrays.asList(engine.getEnabledCipherSuites())); SSLHelper helper = new SSLHelper(options, Cert.SERVER_JKS.get(), null); assertEquals(Arrays.asList(helper.createEngine((VertxInternal) vertx).getEnabledCipherSuites()), Arrays.asList(engine.getEnabledCipherSuites())); }
applicationProtocols = applicationProtocols.stream().filter(v -> v != HttpVersion.HTTP_2).collect(Collectors.toList()); sslHelper.setApplicationProtocols(applicationProtocols); synchronized (vertx.sharedHttpServers()) { this.actualPort = port; // Will be updated on bind for a wildcard port bootstrap.group(vertx.getAcceptorEventLoopGroup(), availableWorkers); applyConnectionOptions(address.path() != null, bootstrap); sslHelper.validate(vertx); bootstrap.childHandler(new ChannelInitializer<Channel>() { @Override
public SSLEngine createEngine(SslContext sslContext) { SSLEngine engine = sslContext.newEngine(ByteBufAllocator.DEFAULT); configureEngine(engine, null); return engine; }
private void initSSL(SocketAddress peerAddress, String serverName, Channel ch, Handler<AsyncResult<Channel>> channelHandler) { if (ssl) { SslHandler sslHandler = new SslHandler(sslHelper.createEngine(context.owner(), peerAddress, serverName)); ChannelPipeline pipeline = ch.pipeline(); pipeline.addLast("ssl", sslHandler);
private TrustManagerFactory getTrustMgrFactory(VertxInternal vertx, String serverName) throws Exception { TrustManager[] mgrs = null; if (trustAll) { mgrs = new TrustManager[]{createTrustAllTrustManager()}; } else if (trustOptions != null) { if (serverName != null) { crls.addAll(certificatefactory.generateCRLs(new ByteArrayInputStream(crlValue.getBytes()))); mgrs = createUntrustRevokedCertTrustManager(mgrs, crls);
switch (getClientAuth()) { case REQUEST: { engine.setWantClientAuth(true);
@Test public void testUseOpenSSLCiphersWhenNotSpecified() throws Exception { Set<String> expected = OpenSsl.availableOpenSslCipherSuites(); SSLHelper helper = new SSLHelper( new HttpClientOptions().setOpenSslEngineOptions(new OpenSSLEngineOptions()), Cert.CLIENT_PEM.get(), Trust.SERVER_PEM.get()); SslContext ctx = helper.getContext((VertxInternal) vertx); assertEquals(expected, new HashSet<>(ctx.cipherSuites())); }
@Override public ManagedChannel build() { // SSL if (options.isSsl()) { SSLHelper helper = new SSLHelper(options, options.getKeyCertOptions(), options.getTrustOptions()); helper.setApplicationProtocols(Collections.singletonList(HttpVersion.HTTP_2)); SslContext ctx = helper.getContext((VertxInternal) vertx); builder.sslContext(new DelegatingSslContext(ctx) { @Override protected void initEngine(SSLEngine engine) { helper.configureEngine(engine, null); } }); } Transport transport = ((VertxInternal) vertx).transport(); return builder .eventLoopGroup(context.nettyEventLoop()) .channelType(transport.channelFactory(false).newChannel().getClass()) // Ugly work around / perhaps contribute change to grpc .executor(command -> { if (Context.isOnEventLoopThread()) { context.executeFromIO(event -> command.run()); } else { command.run(); } }).build(); } }
public Mapping<? super String, ? extends SslContext> serverNameMapper(VertxInternal vertx) { return serverName -> { SslContext ctx = getContext(vertx, serverName); if (ctx != null) { ctx = new DelegatingSslContext(ctx) { @Override protected void initEngine(SSLEngine engine) { configureEngine(engine, serverName); } }; } return ctx; }; }
this.sslHelper = new SSLHelper(options, options.getKeyCertOptions(), options.getTrustOptions()). setApplicationProtocols(alpnVersions); sslHelper.validate(vertx); this.creatingContext = vertx.getContext(); closeHook = completionHandler -> {
public HttpServerImpl(VertxInternal vertx, HttpServerOptions options) { this.options = new HttpServerOptions(options); this.vertx = vertx; this.creatingContext = vertx.getContext(); if (creatingContext != null) { creatingContext.addCloseHook(this); } this.sslHelper = new SSLHelper(options, options.getKeyCertOptions(), options.getTrustOptions()); this.subProtocols = options.getWebsocketSubProtocols(); this.logEnabled = options.getLogActivity(); }