private SslContext getDefaultClientSslContext() { try { return SslContextBuilder.forClient().build(); } catch (SSLException ex) { throw new IllegalStateException("Could not create default client SslContext", ex); } }
private SslContext getDefaultClientSslContext() { try { return SslContextBuilder.forClient().build(); } catch (SSLException ex) { throw new IllegalStateException("Could not create default client SslContext", ex); } }
/** * Create an {@link javax.net.ssl.SSLContext} for the Netty Bootstrap. * * @param uri URI of request. * @return Null if not over SSL, otherwise configured {@link javax.net.ssl.SSLContext} to use. */ private SslContext getSslContext(URI uri) { if (!"https".equalsIgnoreCase(uri.getScheme())) { return null; } try { return SslContextBuilder.forClient().build(); } catch (SSLException e) { throw new SdkClientException("Could not create SSL context", e); } }
public static SslContext createNettySslContextForClient(boolean allowInsecureConnection, String trustCertsFilePath, Certificate[] certificates, PrivateKey privateKey) throws GeneralSecurityException, SSLException, FileNotFoundException, IOException { SslContextBuilder builder = SslContextBuilder.forClient(); setupTrustCerts(builder, allowInsecureConnection, trustCertsFilePath); setupKeyManager(builder, privateKey, (X509Certificate[]) certificates); return builder.build(); }
public synchronized SslContext createClientSslContext() { if (clientSslContext == null || ConfigurationProperties.rebuildKeyStore()) { try { clientSslContext = SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .build(); } catch (SSLException e) { throw new RuntimeException("Exception creating SSL context for client", e); } } return clientSslContext; }
SslClientChannelInitializer(CompletableFuture<Channel> future, Address address) throws SSLException { this.future = future; this.address = address; this.sslContext = SslContextBuilder.forClient().keyManager(keyManager).trustManager(trustManager).build(); }
public static SslContext createNettyClientContext(final String keystoreProvider, final String keystorePath, final String keystorePassword, final String trustStoreProvider, final String trustStorePath, final String trustStorePassword, final String sslProvider, final boolean trustAll ) throws Exception { KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keystorePassword == null ? null : keystorePassword.toCharArray()); return SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null)).build(); }
@Override public SSLEngine call(ByteBufAllocator allocator) { try { return SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .build() .newEngine(allocator); } catch (Exception e) { throw Exceptions.propagate(e); } } }));
public SslContext nettyClientContext() throws SSLException { return SslContextBuilder.forClient() .sslProvider( sslProvider ) .keyManager( privateKey, keyCertChain ) .protocols( tlsVersions ) .ciphers( ciphers ) .trustManager( trustManagerFactory ) .build(); }
public SslContext getClientSslContext() { try { return SslContextBuilder .forClient() .sslProvider(chooseSslProvider()) .ciphers(getCiphers(), getCiphersFilter()) .protocols(getProtocols()) .build(); } catch (Exception e) { log.error("Error loading SslContext client request.", e); throw new RuntimeException("Error configuring SslContext for client request!", e); } } }
protected AppClient(String host, int port, Random msgIdGenerator, ServerProperties properties) { super(host, port, msgIdGenerator, properties); log.info("Creating app client. Host {}, sslPort : {}", host, port); File serverCert = makeCertificateFile("server.ssl.cert"); File clientCert = makeCertificateFile("client.ssl.cert"); File clientKey = makeCertificateFile("client.ssl.key"); try { if (!serverCert.exists() || !clientCert.exists() || !clientKey.exists()) { log.info("Enabling one-way auth with no certs checks."); this.sslCtx = SslContextBuilder.forClient().sslProvider(SslProvider.JDK) .trustManager(InsecureTrustManagerFactory.INSTANCE) .build(); } else { log.info("Enabling mutual auth."); String clientPass = props.getProperty("client.ssl.key.pass"); this.sslCtx = SslContextBuilder.forClient() .sslProvider(SslProvider.JDK) .trustManager(serverCert) .keyManager(clientCert, clientKey, clientPass) .build(); } } catch (SSLException e) { log.error("Error initializing SSL context. Reason : {}", e.getMessage()); log.debug(e); throw new RuntimeException(e); } }
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient().sslProvider(provided); if (config.getSslTruststore() != null) { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient().sslProvider(provided); if (config.getSslTruststore() != null) { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
/** * Creates a netty SslContext for use when connecting to upstream servers. Retrieves the list of trusted root CAs * from the trustSource. When trustSource is true, no upstream certificate verification will be performed. * <b>This will make it possible for attackers to MITM communications with the upstream server</b>, so always * supply an appropriate trustSource except in extraordinary circumstances (e.g. testing with dynamically-generated * certificates). * * @param cipherSuites cipher suites to allow when connecting to the upstream server * @param trustSource the trust store that will be used to validate upstream servers' certificates, or null to accept all upstream server certificates * @return an SSLContext to connect to upstream servers with */ public static SslContext getUpstreamServerSslContext(Collection<String> cipherSuites, TrustSource trustSource) { SslContextBuilder sslContextBuilder = SslContextBuilder.forClient(); if (trustSource == null) { log.warn("Disabling upstream server certificate verification. This will allow attackers to intercept communications with upstream servers."); sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE); } else { sslContextBuilder.trustManager(trustSource.getTrustedCAs()); } sslContextBuilder.ciphers(cipherSuites, SupportedCipherSuiteFilter.INSTANCE); try { return sslContextBuilder.build(); } catch (SSLException e) { throw new SslContextInitializationException("Error creating new SSL context for connection to upstream server", e); } }
SslContextBuilder builder; if (client) { builder = SslContextBuilder.forClient(); KeyManagerFactory keyMgrFactory = getKeyMgrFactory(vertx); if (keyMgrFactory != null) {
@SuppressWarnings("Duplicates") @Override public Optional<SslContext> build() { if (!ssl.isEnabled()) { return Optional.empty(); } SslContextBuilder sslBuilder = SslContextBuilder .forClient() .keyManager(getKeyManagerFactory()) .trustManager(getTrustManagerFactory()); if (ssl.getProtocols().isPresent()) { sslBuilder.protocols(ssl.getProtocols().get()); } if (ssl.getCiphers().isPresent()) { sslBuilder = sslBuilder.ciphers(Arrays.asList(ssl.getCiphers().get())); } if (ssl.getClientAuthentication().isPresent()) { ClientAuthentication clientAuth = ssl.getClientAuthentication().get(); if (clientAuth == ClientAuthentication.NEED) { sslBuilder = sslBuilder.clientAuth(ClientAuth.REQUIRE); } else if (clientAuth == ClientAuthentication.WANT) { sslBuilder = sslBuilder.clientAuth(ClientAuth.OPTIONAL); } } try { return Optional.of(sslBuilder.build()); } catch (SSLException ex) { throw new SslConfigurationException("An error occurred while setting up SSL", ex); } }
public SslContext getClientSslContext() { try { return SslContextBuilder .forClient() .sslProvider(chooseSslProvider()) .ciphers(getCiphers(), getCiphersFilter()) .protocols(getProtocols()) .build(); } catch (Exception e) { log.error("Error loading SslContext client request.", e); throw new RuntimeException("Error configuring SslContext for client request!", e); } } }
private SslContext buildSslContext(AsyncHttpClientConfig config) throws SSLException { if (config.getSslContext() != null) { return config.getSslContext(); } SslContextBuilder sslContextBuilder = SslContextBuilder.forClient() .sslProvider(config.isUseOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK) .sessionCacheSize(config.getSslSessionCacheSize()) .sessionTimeout(config.getSslSessionTimeout()); if (isNonEmpty(config.getEnabledProtocols())) { sslContextBuilder.protocols(config.getEnabledProtocols()); } if (isNonEmpty(config.getEnabledCipherSuites())) { sslContextBuilder.ciphers(Arrays.asList(config.getEnabledCipherSuites())); } else if (!config.isFilterInsecureCipherSuites()) { sslContextBuilder.ciphers(null, IdentityCipherSuiteFilter.INSTANCE_DEFAULTING_TO_SUPPORTED_CIPHERS); } if (config.isUseInsecureTrustManager()) { sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE); } return configureSslContextBuilder(sslContextBuilder).build(); }
@Before public void setup() { try { SslContext sslContext = SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE).build(); HttpClient httpClient = HttpClient.create().secure(ssl -> { ssl.sslContext(sslContext); }); ClientHttpConnector httpConnector = new ReactorClientHttpConnector( httpClient); baseUri = "https://localhost:" + port; this.webClient = WebClient.builder().clientConnector(httpConnector) .baseUrl(baseUri).build(); this.testClient = WebTestClient.bindToServer(httpConnector).baseUrl(baseUri).build(); } catch (SSLException e) { throw new RuntimeException(e); } }