public static SslContext createNettySslContextForServer(boolean allowInsecureConnection, String trustCertsFilePath, String certFilePath, String keyFilePath, Set<String> ciphers, Set<String> protocols, boolean requireTrustedClientCertOnConnect) throws GeneralSecurityException, SSLException, FileNotFoundException, IOException { X509Certificate[] certificates = loadCertificatesFromPemFile(certFilePath); PrivateKey privateKey = loadPrivateKeyFromPemFile(keyFilePath); SslContextBuilder builder = SslContextBuilder.forServer(privateKey, (X509Certificate[]) certificates); setupCiphers(builder, ciphers); setupProtocols(builder, protocols); setupTrustCerts(builder, allowInsecureConnection, trustCertsFilePath); setupKeyManager(builder, privateKey, certificates); setupClientAuthentication(builder, requireTrustedClientCertOnConnect); return builder.build(); }
public static SslContext createNettySslContextForClient(boolean allowInsecureConnection, String trustCertsFilePath, String certFilePath, String keyFilePath) throws GeneralSecurityException, SSLException, FileNotFoundException, IOException { X509Certificate[] certificates = loadCertificatesFromPemFile(certFilePath); PrivateKey privateKey = loadPrivateKeyFromPemFile(keyFilePath); return createNettySslContextForClient(allowInsecureConnection, trustCertsFilePath, certificates, privateKey); }
public static SSLContext createSslContext(boolean allowInsecureConnection, String trustCertsFilePath, String certFilePath, String keyFilePath) throws GeneralSecurityException { X509Certificate[] trustCertificates = loadCertificatesFromPemFile(trustCertsFilePath); X509Certificate[] certificates = loadCertificatesFromPemFile(certFilePath); PrivateKey privateKey = loadPrivateKeyFromPemFile(keyFilePath); return createSslContext(allowInsecureConnection, trustCertificates, certificates, privateKey); }
try { X509Certificate trustCertificates[] = SecurityUtility .loadCertificatesFromPemFile(config.getTlsTrustCertsFilePath()); sslCtx = SecurityUtility.createSslContext( config.isTlsAllowInsecureConnection(), trustCertificates, ); } else { sslCtx = SecurityUtility.createSslContext( config.isTlsAllowInsecureConnection(), trustCertificates
public AuthenticationDataTls(String certFilePath, String keyFilePath) throws KeyManagementException { if (certFilePath == null) { throw new IllegalArgumentException("certFilePath must not be null"); } if (keyFilePath == null) { throw new IllegalArgumentException("keyFilePath must not be null"); } certificates = SecurityUtility.loadCertificatesFromPemFile(certFilePath); privateKey = SecurityUtility.loadPrivateKeyFromPemFile(keyFilePath); }
public WebServer(ProxyConfiguration config, AuthenticationService authenticationService) { this.webServiceExecutor = Executors.newFixedThreadPool(32, new DefaultThreadFactory("pulsar-external-web")); this.server = new Server(new ExecutorThreadPool(webServiceExecutor)); this.externalServicePort = config.getWebServicePort(); this.authenticationService = authenticationService; this.config = config; List<ServerConnector> connectors = Lists.newArrayList(); ServerConnector connector = new ServerConnector(server, 1, 1); connector.setPort(externalServicePort); connectors.add(connector); if (config.isTlsEnabledInProxy()) { try { SslContextFactory sslCtxFactory = SecurityUtility.createSslContextFactory( config.isTlsAllowInsecureConnection(), config.getTlsTrustCertsFilePath(), config.getTlsCertificateFilePath(), config.getTlsKeyFilePath(), config.getTlsRequireTrustedClientCertOnConnect()); ServerConnector tlsConnector = new ServerConnector(server, 1, 1, sslCtxFactory); tlsConnector.setPort(config.getWebServicePortTls()); connectors.add(tlsConnector); } catch (GeneralSecurityException e) { throw new RuntimeException(e); } } // Limit number of concurrent HTTP connections to avoid getting out of file descriptors connectors.stream().forEach(c -> c.setAcceptQueueSize(1024 / connectors.size())); server.setConnectors(connectors.toArray(new ServerConnector[connectors.size()])); }
public static SslContext createNettySslContextForClient(boolean allowInsecureConnection, String trustCertsFilePath) throws GeneralSecurityException, SSLException, FileNotFoundException, IOException { return createNettySslContextForClient(allowInsecureConnection, trustCertsFilePath, (Certificate[]) null, (PrivateKey) null); }
public static SSLContext createSslContext(boolean allowInsecureConnection, Certificate[] trustCertificates) throws GeneralSecurityException { return createSslContext(allowInsecureConnection, trustCertificates, (Certificate[]) null, (PrivateKey) null); }
@Override protected void initChannel(SocketChannel ch) throws Exception { if (enableTLS) { SslContext sslCtx = SecurityUtility.createNettySslContextForServer(true /* to allow InsecureConnection */, serviceConfig.getTlsTrustCertsFilePath(), serviceConfig.getTlsCertificateFilePath(), serviceConfig.getTlsKeyFilePath(), serviceConfig.getTlsCiphers(), serviceConfig.getTlsProtocols(), serviceConfig.getTlsRequireTrustedClientCertOnConnect()); ch.pipeline().addLast(TLS_HANDLER, sslCtx.newHandler(ch.alloc())); } ch.pipeline().addLast("frameDecoder", new LengthFieldBasedFrameDecoder(PulsarDecoder.MaxFrameSize, 0, 4, 0, 4)); ch.pipeline().addLast("handler", new ProxyConnection(proxyService)); } }
.loadCertificatesFromPemFile(clientConfigData.getTlsTrustCertsFilePath()); sslCtx = SecurityUtility.createSslContext(clientConfigData.isTlsAllowInsecureConnection(), trustCertificates, authData.getTlsCertificates(), authData.getTlsPrivateKey()); } else { sslCtx = SecurityUtility.createSslContext(clientConfigData.isTlsAllowInsecureConnection(), trustCertificates);
public AuthenticationDataTls(String certFilePath, String keyFilePath) throws KeyManagementException { if (certFilePath == null) { throw new IllegalArgumentException("certFilePath must not be null"); } if (keyFilePath == null) { throw new IllegalArgumentException("keyFilePath must not be null"); } certificates = SecurityUtility.loadCertificatesFromPemFile(certFilePath); privateKey = SecurityUtility.loadPrivateKeyFromPemFile(keyFilePath); }
public ServerManager(ServiceConfig config) { this.webServiceExecutor = Executors.newFixedThreadPool(32, new DefaultThreadFactory("pulsar-external-web")); this.server = new Server(new ExecutorThreadPool(webServiceExecutor)); this.externalServicePort = config.getWebServicePort(); List<ServerConnector> connectors = Lists.newArrayList(); ServerConnector connector = new ServerConnector(server, 1, 1); connector.setPort(externalServicePort); connectors.add(connector); if (config.isTlsEnabled()) { try { SslContextFactory sslCtxFactory = SecurityUtility.createSslContextFactory( config.isTlsAllowInsecureConnection(), config.getTlsTrustCertsFilePath(), config.getTlsCertificateFilePath(), config.getTlsKeyFilePath(), config.getTlsRequireTrustedClientCertOnConnect()); ServerConnector tlsConnector = new ServerConnector(server, 1, 1, sslCtxFactory); tlsConnector.setPort(config.getWebServicePortTls()); connectors.add(tlsConnector); } catch (GeneralSecurityException e) { throw new RestException(e); } } // Limit number of concurrent HTTP connections to avoid getting out of file descriptors connectors.stream().forEach(c -> c.setAcceptQueueSize(1024 / connectors.size())); server.setConnectors(connectors.toArray(new ServerConnector[connectors.size()])); }
public void initChannel(SocketChannel ch) throws Exception { if (conf.isUseTls()) { SslContext sslCtx; // Set client certificate if available AuthenticationDataProvider authData = conf.getAuthentication().getAuthData(); if (authData.hasDataForTls()) { sslCtx = SecurityUtility.createNettySslContextForClient(conf.isTlsAllowInsecureConnection(), conf.getTlsTrustCertsFilePath(), (X509Certificate[]) authData.getTlsCertificates(), authData.getTlsPrivateKey()); } else { sslCtx = SecurityUtility.createNettySslContextForClient(conf.isTlsAllowInsecureConnection(), conf.getTlsTrustCertsFilePath()); } ch.pipeline().addLast(TLS_HANDLER, sslCtx.newHandler(ch.alloc())); ch.pipeline().addLast("ByteBufPairEncoder", ByteBufPair.COPYING_ENCODER); } else { ch.pipeline().addLast("ByteBufPairEncoder", ByteBufPair.ENCODER); } ch.pipeline().addLast("frameDecoder", new LengthFieldBasedFrameDecoder(MaxMessageSize, 0, 4, 0, 4)); ch.pipeline().addLast("handler", clientCnxSupplier.get()); } });
public static SslContextFactory createSslContextFactory(boolean tlsAllowInsecureConnection, String tlsTrustCertsFilePath, String tlsCertificateFilePath, String tlsKeyFilePath, boolean tlsRequireTrustedClientCertOnConnect) throws GeneralSecurityException { SslContextFactory sslCtxFactory = new SslContextFactory(); SSLContext sslCtx = createSslContext(tlsAllowInsecureConnection, tlsTrustCertsFilePath, tlsCertificateFilePath, tlsKeyFilePath); sslCtxFactory.setSslContext(sslCtx); if (tlsRequireTrustedClientCertOnConnect) { sslCtxFactory.setNeedClientAuth(true); } else { sslCtxFactory.setWantClientAuth(true); } sslCtxFactory.setTrustAll(true); return sslCtxFactory; } }
@Override protected void initChannel(SocketChannel ch) throws Exception { ServiceConfiguration serviceConfig = pulsar.getConfiguration(); if (enableTLS) { SslContext sslCtx = SecurityUtility.createNettySslContextForServer( serviceConfig.isTlsAllowInsecureConnection(), serviceConfig.getTlsTrustCertsFilePath(), serviceConfig.getTlsCertificateFilePath(), serviceConfig.getTlsKeyFilePath(), serviceConfig.getTlsCiphers(), serviceConfig.getTlsProtocols(), serviceConfig.getTlsRequireTrustedClientCertOnConnect()); ch.pipeline().addLast(TLS_HANDLER, sslCtx.newHandler(ch.alloc())); ch.pipeline().addLast("ByteBufPairEncoder", ByteBufPair.COPYING_ENCODER); } else { ch.pipeline().addLast("ByteBufPairEncoder", ByteBufPair.ENCODER); } ch.pipeline().addLast("frameDecoder", new LengthFieldBasedFrameDecoder(PulsarDecoder.MaxFrameSize, 0, 4, 0, 4)); ch.pipeline().addLast("handler", new ServerCnx(pulsar)); } }
public static SslContext createNettySslContextForServer(boolean allowInsecureConnection, String trustCertsFilePath, String certFilePath, String keyFilePath, Set<String> ciphers, Set<String> protocols, boolean requireTrustedClientCertOnConnect) throws GeneralSecurityException, SSLException, FileNotFoundException, IOException { X509Certificate[] certificates = loadCertificatesFromPemFile(certFilePath); PrivateKey privateKey = loadPrivateKeyFromPemFile(keyFilePath); SslContextBuilder builder = SslContextBuilder.forServer(privateKey, (X509Certificate[]) certificates); setupCiphers(builder, ciphers); setupProtocols(builder, protocols); setupTrustCerts(builder, allowInsecureConnection, trustCertsFilePath); setupKeyManager(builder, privateKey, certificates); setupClientAuthentication(builder, requireTrustedClientCertOnConnect); return builder.build(); }
public static SSLContext createSslContext(boolean allowInsecureConnection, String trustCertsFilePath, String certFilePath, String keyFilePath) throws GeneralSecurityException { X509Certificate[] trustCertificates = loadCertificatesFromPemFile(trustCertsFilePath); X509Certificate[] certificates = loadCertificatesFromPemFile(certFilePath); PrivateKey privateKey = loadPrivateKeyFromPemFile(keyFilePath); return createSslContext(allowInsecureConnection, trustCertificates, certificates, privateKey); }
public static SslContext createNettySslContextForClient(boolean allowInsecureConnection, String trustCertsFilePath, String certFilePath, String keyFilePath) throws GeneralSecurityException, SSLException, FileNotFoundException, IOException { X509Certificate[] certificates = loadCertificatesFromPemFile(certFilePath); PrivateKey privateKey = loadPrivateKeyFromPemFile(keyFilePath); return createNettySslContextForClient(allowInsecureConnection, trustCertsFilePath, certificates, privateKey); }
SslContextFactory sslCtxFactory = SecurityUtility.createSslContextFactory( config.isTlsAllowInsecureConnection(), config.getTlsTrustCertsFilePath(),
sslCtx = SecurityUtility.createNettySslContextForClient(tlsAllowInsecureConnection, tlsTrustCertsFilePath, authData.getTlsCertificates(), authData.getTlsPrivateKey()); } else { sslCtx = SecurityUtility.createNettySslContextForClient(tlsAllowInsecureConnection, tlsTrustCertsFilePath);