@Override public HttpServer apply(HttpServer server) { try { return server.secure((contextSpec) -> { SslProvider.DefaultConfigurationSpec spec = contextSpec .sslContext(getContextBuilder()); if (this.http2 != null && this.http2.isEnabled()) { spec.defaultConfiguration(SslProvider.DefaultConfigurationType.H2); } }); } catch (Exception ex) { throw new IllegalStateException(ex); } }
private static WebClientProvider getWebClientProvider(ClientConfiguration clientConfiguration) { Duration connectTimeout = clientConfiguration.getConnectTimeout(); Duration soTimeout = clientConfiguration.getSocketTimeout(); TcpClient tcpClient = TcpClient.create(); if (!connectTimeout.isNegative()) { tcpClient = tcpClient.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, Math.toIntExact(connectTimeout.toMillis())); } if (!soTimeout.isNegative()) { tcpClient = tcpClient.doOnConnected(connection -> connection // .addHandlerLast(new ReadTimeoutHandler(soTimeout.toMillis(), TimeUnit.MILLISECONDS)) .addHandlerLast(new WriteTimeoutHandler(soTimeout.toMillis(), TimeUnit.MILLISECONDS))); } String scheme = "http"; HttpClient httpClient = HttpClient.from(tcpClient); if (clientConfiguration.useSsl()) { httpClient = httpClient.secure(sslConfig -> { Optional<SSLContext> sslContext = clientConfiguration.getSslContext(); sslContext.ifPresent(it -> sslConfig.sslContext(new JdkSslContext(it, true, ClientAuth.NONE))); }); scheme = "https"; } ReactorClientHttpConnector connector = new ReactorClientHttpConnector(httpClient); WebClientProvider provider = WebClientProvider.create(scheme, connector); return provider.withDefaultHeaders(clientConfiguration.getDefaultHeaders()); }
@Before public void setup() { try { SslContext sslContext = SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE).build(); HttpClient httpClient = HttpClient.create().secure(ssl -> { ssl.sslContext(sslContext); }); ClientHttpConnector httpConnector = new ReactorClientHttpConnector( httpClient); baseUri = "https://localhost:" + port; this.webClient = WebClient.builder().clientConnector(httpConnector) .baseUrl(baseUri).build(); this.testClient = WebTestClient.bindToServer(httpConnector).baseUrl(baseUri).build(); } catch (SSLException e) { throw new RuntimeException(e); } }
@Test @Ignore public void testHttp1or2Secure() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); SslContextBuilder serverOptions = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()); DisposableServer server = HttpServer.create() .protocol(HttpProtocol.H2, HttpProtocol.HTTP11) .secure(ssl -> ssl.sslContext(serverOptions)) .port(8080) .handle((req, res) -> res.sendString(Mono.just("Hello"))) .wiretap(true) .bindNow(); new CountDownLatch(1).await(); server.disposeNow(); }
/** * Apply an SSL configuration customization via the passed {@link SslContext}. * with a default value of {@code 10} seconds handshake timeout unless * the environment property {@code reactor.netty.tcp.sslHandshakeTimeout} is set. * * @param sslContext The context to set when configuring SSL * * @return a new {@link TcpClient} * @deprecated Use {@link TcpClient#secure(Consumer)} */ @Deprecated public final TcpClient secure(SslContext sslContext) { return secure(sslProviderBuilder -> sslProviderBuilder.sslContext(sslContext)); }
@Test @Ignore public void testHttpSsl() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); SslContextBuilder serverOptions = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()); DisposableServer server = HttpServer.create() .port(8080) .secure(sslContextSpec -> sslContextSpec.sslContext(serverOptions)) .handle((req, res) -> res.sendString(Mono.just("Hello"))) .wiretap(true) .bindNow(); new CountDownLatch(1).await(); server.disposeNow(); }
@Test @Ignore public void testH2OrH1Secure() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); SslContextBuilder serverOptions = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()); DisposableServer server = HttpServer.create() .protocol(HttpProtocol.H2, HttpProtocol.HTTP11) .secure(ssl -> ssl.sslContext(serverOptions)) .port(8080) .handle((req, res) -> res.sendString(Mono.just("Hello"))) .wiretap(true) .bindNow(); new CountDownLatch(1).await(); server.disposeNow(); }
@Test public void testSslConfigurationProtocolH2_2() { DisposableServer disposableServer = server.protocol(HttpProtocol.HTTP11) .secure(spec -> spec.sslContext(builder)) .protocol(HttpProtocol.H2) .bindNow(); assertEquals(2, protocols.size()); assertTrue(protocols.contains("h2")); assertTrue(OpenSsl.isAlpnSupported() ? sslContext instanceof OpenSslContext : sslContext instanceof JdkSslContext); disposableServer.disposeNow(); } }
@Test public void testHttpSslH2CFails() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); SslContextBuilder serverOptions = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()); StepVerifier.create( HttpServer.create() .protocol(HttpProtocol.H2C) .secure(ssl -> ssl.sslContext(serverOptions)) .handle((req, res) -> res.sendString(Mono.just("Hello"))) .wiretap(true) .bind() ).verifyErrorMessage("Configured H2 Clear-Text protocol with TLS. Use the non clear-text h2 protocol via HttpServer#protocol or disable TLS via HttpServer#tcpConfiguration(tcp -> tcp.noSSL())"); }
protected ReactorClientHttpConnector buildTrustAllSslConnector() { HttpClient client = HttpClient.create().secure( (sslContextSpec) -> sslContextSpec.sslContext(createSslContext())); return new ReactorClientHttpConnector(client); }
/** * Apply an SSL configuration customization via the passed {@link SslContext}. * with a default value of {@code 10} seconds handshake timeout unless * the environment property {@code reactor.netty.tcp.sslHandshakeTimeout} is set. * * @param sslContext The context to set when configuring SSL * * @return a new {@link TcpClient} * @deprecated Use {@link TcpClient#secure(Consumer)} */ @Deprecated public final TcpClient secure(SslContext sslContext) { return secure(sslProviderBuilder -> sslProviderBuilder.sslContext(sslContext)); }
@Override protected HttpServer customizeServerOptions(HttpServer server) { try { SslContext ctx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).build(); return server.secure(ssl -> ssl.sslContext(ctx)); } catch (SSLException e) { throw new RuntimeException(e); } }
@Test public void testSslConfigurationProtocolHttp11_2() { DisposableServer disposableServer = server.protocol(HttpProtocol.H2) .secure(spec -> spec.sslContext(builder)) .protocol(HttpProtocol.HTTP11) .bindNow(); assertTrue(protocols.isEmpty()); assertTrue(OpenSsl.isAvailable() ? sslContext instanceof OpenSslContext : sslContext instanceof JdkSslContext); disposableServer.disposeNow(); }
@Test public void testProtocolHttp11SslConfiguration() { DisposableServer disposableServer = server.protocol(HttpProtocol.HTTP11) .secure(spec -> spec.sslContext(builder)) .bindNow(); assertTrue(protocols.isEmpty()); assertTrue(OpenSsl.isAvailable() ? sslContext instanceof OpenSslContext : sslContext instanceof JdkSslContext); disposableServer.disposeNow(); }
@Test public void testSslConfigurationProtocolHttp11_1() { DisposableServer disposableServer = server.secure(spec -> spec.sslContext(builder)) .protocol(HttpProtocol.HTTP11) .bindNow(); assertTrue(protocols.isEmpty()); assertTrue(OpenSsl.isAvailable() ? sslContext instanceof OpenSslContext : sslContext instanceof JdkSslContext); disposableServer.disposeNow(); }
@Override protected HttpClient customizeClientOptions(HttpClient httpClient) { try { SslContext ctx = SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE).build(); return httpClient.secure(ssl -> ssl.sslContext(ctx)); } catch (SSLException e) { throw new RuntimeException(e); } } }
@Test public void testProtocolH2SslConfiguration() { DisposableServer disposableServer = server.protocol(HttpProtocol.H2) .secure(spec -> spec.sslContext(builder)) .bindNow(); assertEquals(2, protocols.size()); assertTrue(protocols.contains("h2")); assertTrue(OpenSsl.isAlpnSupported() ? sslContext instanceof OpenSslContext : sslContext instanceof JdkSslContext); disposableServer.disposeNow(); }
@Test public void testSslConfigurationProtocolH2_1() { DisposableServer disposableServer = server.secure(spec -> spec.sslContext(builder)) .protocol(HttpProtocol.H2) .bindNow(); assertEquals(2, protocols.size()); assertTrue(protocols.contains("h2")); assertTrue(OpenSsl.isAlpnSupported() ? sslContext instanceof OpenSslContext : sslContext instanceof JdkSslContext); disposableServer.disposeNow(); }
sslContextSpec.sslContext(sslContextBuilder) .defaultConfiguration(ssl.getDefaultConfigurationType()) .handshakeTimeout(ssl.getHandshakeTimeout())
@Override protected void initServer() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate(); SslContextBuilder builder = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()); this.reactorHandler = createHttpHandlerAdapter(); this.reactorServer = reactor.netty.http.server.HttpServer.create() .host(getHost()) .port(getPort()) .secure(spec -> spec.sslContext(builder).defaultConfiguration(DefaultConfigurationType.TCP)); }