List of usage examples for javax.net.ssl SSLContext createSSLEngine
public final SSLEngine createSSLEngine(String peerHost, int peerPort)
From source file:org.elasticsearch.xpack.core.ssl.SSLService.java
/** * Creates an {@link SSLEngine} based on the provided configuration. This SSLEngine can be used for a connection that requires * hostname verification assuming the provided * host and port are correct. The SSLEngine created by this method is most useful for clients with hostname verification enabled * @param configuration the ssl configuration * @param host the host of the remote endpoint. If using hostname verification, this should match what is in the remote endpoint's * certificate/*from w ww .ja va 2 s . c o m*/ * @param port the port of the remote endpoint * @return {@link SSLEngine} * @see #sslConfiguration(Settings, Settings) */ public SSLEngine createSSLEngine(SSLConfiguration configuration, String host, int port) { SSLContext sslContext = sslContext(configuration); SSLEngine sslEngine = sslContext.createSSLEngine(host, port); String[] ciphers = supportedCiphers(sslEngine.getSupportedCipherSuites(), configuration.cipherSuites(), false); String[] supportedProtocols = configuration.supportedProtocols().toArray(Strings.EMPTY_ARRAY); SSLParameters parameters = new SSLParameters(ciphers, supportedProtocols); if (configuration.verificationMode().isHostnameVerificationEnabled() && host != null) { // By default, a SSLEngine will not perform hostname verification. In order to perform hostname verification // we need to specify a EndpointIdentificationAlgorithm. We use the HTTPS algorithm to prevent against // man in the middle attacks for all of our connections. parameters.setEndpointIdentificationAlgorithm("HTTPS"); } // we use the cipher suite order so that we can prefer the ciphers we set first in the list parameters.setUseCipherSuitesOrder(true); configuration.sslClientAuth().configure(parameters); // many SSLEngine options can be configured using either SSLParameters or direct methods on the engine itself, but there is one // tricky aspect; if you set a value directly on the engine and then later set the SSLParameters the value set directly on the // engine will be overwritten by the value in the SSLParameters sslEngine.setSSLParameters(parameters); return sslEngine; }
From source file:org.opendaylight.ovsdb.lib.impl.OvsdbConnectionService.java
@Override public OvsdbClient connectWithSsl(final InetAddress address, final int port, final SSLContext sslContext) { try {//from w w w . j a v a 2 s . c o m Bootstrap bootstrap = new Bootstrap(); bootstrap.group(new NioEventLoopGroup()); bootstrap.channel(NioSocketChannel.class); bootstrap.option(ChannelOption.TCP_NODELAY, true); bootstrap.option(ChannelOption.RCVBUF_ALLOCATOR, new AdaptiveRecvByteBufAllocator(65535, 65535, 65535)); bootstrap.handler(new ChannelInitializer<SocketChannel>() { @Override public void initChannel(SocketChannel channel) throws Exception { if (sslContext != null) { /* First add ssl handler if ssl context is given */ SSLEngine engine = sslContext.createSSLEngine(address.toString(), port); engine.setUseClientMode(true); channel.pipeline().addLast("ssl", new SslHandler(engine)); } channel.pipeline().addLast( //new LoggingHandler(LogLevel.INFO), new JsonRpcDecoder(100000), new StringEncoder(CharsetUtil.UTF_8), new ExceptionHandler()); } }); ChannelFuture future = bootstrap.connect(address, port).sync(); Channel channel = future.channel(); OvsdbClient client = getChannelClient(channel, ConnectionType.ACTIVE, Executors.newFixedThreadPool(NUM_THREADS)); return client; } catch (InterruptedException e) { System.out.println("Thread was interrupted during connect"); } return null; }