public static SslPolicy MakeSslPolicy(SslResource sslResource, SslProvider sslProvider, string protocols, string ciphers)
{
IDictionary <string, string> config = new Dictionary <string, string>();
config[SslSystemSettings.netty_ssl_provider.name()] = sslProvider.name();
SslPolicyConfig policyConfig = new SslPolicyConfig("default");
File baseDirectory = sslResource.PrivateKey().ParentFile;
(new File(baseDirectory, "trusted")).mkdirs();
(new File(baseDirectory, "revoked")).mkdirs();
config[policyConfig.BaseDirectory.name()] = baseDirectory.Path;
config[policyConfig.PrivateKey.name()] = sslResource.PrivateKey().Path;
config[policyConfig.PublicCertificate.name()] = sslResource.PublicCertificate().Path;
config[policyConfig.TrustedDir.name()] = sslResource.TrustedDirectory().Path;
config[policyConfig.RevokedDir.name()] = sslResource.RevokedDirectory().Path;
config[policyConfig.VerifyHostname.name()] = "false";
if (!string.ReferenceEquals(protocols, null))
{
config[policyConfig.TlsVersions.name()] = protocols;
}
if (!string.ReferenceEquals(ciphers, null))
{
config[policyConfig.Ciphers.name()] = ciphers;
}
SslPolicyLoader sslPolicyFactory = SslPolicyLoader.create(Config.fromSettings(config).build(), NullLogProvider.Instance);
return(sslPolicyFactory.GetPolicy("default"));
}
private void SetSslOptions()
{
// SSL Options should be set regardless of the type of the original request,
// in case an http->https redirection occurs.
//
// While this does slow down the theoretical best path of the request the code
// to decide that we need to register the callback is more complicated than, and
// potentially more expensive than, just always setting the callback.
SslProvider.SetSslOptions(this, _handler.ClientCertificateOptions);
}
public SslPolicy(PrivateKey privateKey, X509Certificate[] keyCertChain, IList <string> tlsVersions, IList <string> ciphers, ClientAuth clientAuth, TrustManagerFactory trustManagerFactory, SslProvider sslProvider, bool verifyHostname, LogProvider logProvider)
{
this._privateKey = privateKey;
this._keyCertChain = keyCertChain;
this._tlsVersions = tlsVersions == null ? null : tlsVersions.ToArray();
this._ciphers = ciphers;
this._clientAuth = clientAuth;
this._trustManagerFactory = trustManagerFactory;
this._sslProvider = sslProvider;
this._verifyHostname = verifyHostname;
this._log = logProvider.GetLog(typeof(SslPolicy));
}
public static SslPolicy MakeSslPolicy(SslResource sslResource, SslProvider sslProvider)
{
return(MakeSslPolicy(sslResource, sslProvider, null, null));
}
private SslPolicyLoader(Config config, LogProvider logProvider)
{
this._config = config;
this._sslProvider = config.Get(SslSystemSettings.NettySslProvider);
this._logProvider = logProvider;
}
