diff options
15 files changed, 79 insertions, 83 deletions
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/monitoring/ZKMetricUpdater.java b/configserver/src/main/java/com/yahoo/vespa/config/server/monitoring/ZKMetricUpdater.java index d4ca6045789..1bbeee64932 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/monitoring/ZKMetricUpdater.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/monitoring/ZKMetricUpdater.java @@ -112,7 +112,7 @@ public class ZKMetricUpdater implements Runnable { if (tlsContext == null || TransportSecurityUtils.getInsecureMixedMode() == MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) { return new Socket(); } - return tlsContext.context().getSocketFactory().createSocket(); + return tlsContext.createClientSslSocket(); } private static final Pattern MONITORING_REPORT = Pattern.compile("^(\\w+)\\s+(\\d+)$", Pattern.MULTILINE); diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProvider.java b/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProvider.java index 33b765284cc..1f35415b167 100644 --- a/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProvider.java +++ b/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProvider.java @@ -21,7 +21,7 @@ public abstract class TlsContextBasedProvider extends AbstractComponent implemen public void configureSsl(ConnectorSsl ssl, String name, int port) { TlsContext tlsContext = getTlsContext(name, port); SSLParameters parameters = tlsContext.parameters(); - ssl.setSslContext(tlsContext.context()); + ssl.setSslContext(tlsContext.sslContext().context()); ssl.setEnabledProtocolVersions(List.of(parameters.getProtocols())); ssl.setEnabledCipherSuites(List.of(parameters.getCipherSuites())); if (parameters.getNeedClientAuth()) { diff --git a/container-core/src/test/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProviderTest.java b/container-core/src/test/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProviderTest.java index 19481c412b0..6ddbb65e012 100644 --- a/container-core/src/test/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProviderTest.java +++ b/container-core/src/test/java/com/yahoo/jdisc/http/ssl/impl/TlsContextBasedProviderTest.java @@ -49,8 +49,9 @@ public class TlsContextBasedProviderTest { SHA256_WITH_ECDSA, BigInteger.ONE) .build(); - return new DefaultTlsContext( - List.of(certificate), keyPair.getPrivate(), List.of(certificate), new AuthorizedPeers(Set.of()), AuthorizationMode.ENFORCE, PeerAuthentication.NEED, HostnameVerification.ENABLED); + return DefaultTlsContext.of( + List.of(certificate), keyPair.getPrivate(), List.of(certificate), new AuthorizedPeers(Set.of()), + AuthorizationMode.ENFORCE, PeerAuthentication.NEED, HostnameVerification.ENABLED); } private static class SimpleTlsContextBasedProvider extends TlsContextBasedProvider { diff --git a/http-utils/src/main/java/ai/vespa/util/http/hc4/SslConnectionSocketFactory.java b/http-utils/src/main/java/ai/vespa/util/http/hc4/SslConnectionSocketFactory.java index 91c5f6ec8f8..3c13cec7a66 100644 --- a/http-utils/src/main/java/ai/vespa/util/http/hc4/SslConnectionSocketFactory.java +++ b/http-utils/src/main/java/ai/vespa/util/http/hc4/SslConnectionSocketFactory.java @@ -29,7 +29,7 @@ public class SslConnectionSocketFactory { public static SSLConnectionSocketFactory of(TlsContext ctx, HostnameVerifier verifier) { return new SSLConnectionSocketFactory( - ctx.context(), ctx.parameters().getProtocols(), ctx.parameters().getCipherSuites(), verifier); + ctx.sslContext().context(), ctx.parameters().getProtocols(), ctx.parameters().getCipherSuites(), verifier); } public static SSLConnectionSocketFactory of(SSLSocketFactory fac, HostnameVerifier verifier) { diff --git a/http-utils/src/main/java/ai/vespa/util/http/hc5/SslConnectionSocketFactory.java b/http-utils/src/main/java/ai/vespa/util/http/hc5/SslConnectionSocketFactory.java index 563d3e2a1c9..03d38f30a5e 100644 --- a/http-utils/src/main/java/ai/vespa/util/http/hc5/SslConnectionSocketFactory.java +++ b/http-utils/src/main/java/ai/vespa/util/http/hc5/SslConnectionSocketFactory.java @@ -31,7 +31,7 @@ public class SslConnectionSocketFactory { public static SSLConnectionSocketFactory of(TlsContext ctx, HostnameVerifier verifier) { return new SSLConnectionSocketFactory( - ctx.context(), ctx.parameters().getProtocols(), ctx.parameters().getCipherSuites(), verifier); + ctx.sslContext().context(), ctx.parameters().getProtocols(), ctx.parameters().getCipherSuites(), verifier); } public static SSLConnectionSocketFactory of(TlsContext ctx) { return of(ctx, defaultVerifier()); } diff --git a/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaAsyncHttpClientBuilder.java b/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaAsyncHttpClientBuilder.java index 8078ffdec96..1bf7d56469e 100644 --- a/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaAsyncHttpClientBuilder.java +++ b/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaAsyncHttpClientBuilder.java @@ -49,7 +49,7 @@ public class VespaAsyncHttpClientBuilder { SSLParameters vespaTlsParameters = vespaTlsContext.parameters(); tlsStrategy = ClientTlsStrategyBuilder.create() .setHostnameVerifier(hostnameVerifier) - .setSslContext(vespaTlsContext.context()) + .setSslContext(vespaTlsContext.sslContext().context()) .setTlsVersions(vespaTlsParameters.getProtocols()) .setCiphers(vespaTlsParameters.getCipherSuites()) .build(); diff --git a/jrt/tests/com/yahoo/jrt/CryptoUtils.java b/jrt/tests/com/yahoo/jrt/CryptoUtils.java index 223ed6ca2ba..7bad0e64aa8 100644 --- a/jrt/tests/com/yahoo/jrt/CryptoUtils.java +++ b/jrt/tests/com/yahoo/jrt/CryptoUtils.java @@ -17,6 +17,7 @@ import javax.security.auth.x500.X500Principal; import java.security.KeyPair; import java.security.cert.X509Certificate; import java.time.Instant; +import java.util.List; import static com.yahoo.security.KeyAlgorithm.EC; import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA; @@ -45,8 +46,8 @@ class CryptoUtils { RequiredPeerCredential.of(Field.CN, "localhost"))))); static TlsContext createTestTlsContext() { - return new DefaultTlsContext( - singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, + return DefaultTlsContext.of( + List.of(certificate), keyPair.getPrivate(), List.of(certificate), authorizedPeers, AuthorizationMode.ENFORCE, PeerAuthentication.NEED, HostnameVerification.ENABLED); } diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java index ef1762ea7cd..176c6f95749 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java @@ -8,9 +8,8 @@ import com.yahoo.security.MutableX509KeyManager; import com.yahoo.security.MutableX509TrustManager; import com.yahoo.security.SslContextBuilder; import com.yahoo.security.X509CertificateUtils; +import com.yahoo.security.X509SslContext; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; import java.io.IOException; import java.io.UncheckedIOException; @@ -113,22 +112,20 @@ public class ConfigFileBasedTlsContext implements TlsContext { HostnameVerification hostnameVerification = options.isHostnameValidationDisabled() ? HostnameVerification.DISABLED : HostnameVerification.ENABLED; PeerAuthorizerTrustManager authorizerTrustManager = new PeerAuthorizerTrustManager(options.getAuthorizedPeers(), mode, hostnameVerification, mutableTrustManager); - SSLContext sslContext = new SslContextBuilder() + var sslContext = new SslContextBuilder() .withKeyManager(mutableKeyManager) .withTrustManager(authorizerTrustManager) - .build(); + .buildContext(); List<String> acceptedCiphers = options.getAcceptedCiphers(); Set<String> ciphers = acceptedCiphers.isEmpty() ? TlsContext.ALLOWED_CIPHER_SUITES : new HashSet<>(acceptedCiphers); List<String> acceptedProtocols = options.getAcceptedProtocols(); Set<String> protocols = acceptedProtocols.isEmpty() ? TlsContext.ALLOWED_PROTOCOLS : new HashSet<>(acceptedProtocols); - return new DefaultTlsContext(sslContext, ciphers, protocols, peerAuthentication); + return DefaultTlsContext.of(sslContext, ciphers, protocols, peerAuthentication); } // Wrapped methods from TlsContext - @Override public SSLContext context() { return tlsContext.context(); } + @Override public X509SslContext sslContext() { return tlsContext.sslContext(); } @Override public SSLParameters parameters() { return tlsContext.parameters(); } - @Override public SSLEngine createSslEngine() { return tlsContext.createSslEngine(); } - @Override public SSLEngine createSslEngine(String peerHost, int peerPort) { return tlsContext.createSslEngine(peerHost, peerPort); } @Override public void close() { diff --git a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java index 8f4838c9940..4e810c2d304 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java @@ -2,9 +2,9 @@ package com.yahoo.security.tls; import com.yahoo.security.SslContextBuilder; +import com.yahoo.security.X509SslContext; import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; import java.security.PrivateKey; import java.security.cert.X509Certificate; @@ -23,30 +23,35 @@ public class DefaultTlsContext implements TlsContext { private static final Logger log = Logger.getLogger(DefaultTlsContext.class.getName()); - private final SSLContext sslContext; + private final X509SslContext sslContext; private final String[] validCiphers; private final String[] validProtocols; private final PeerAuthentication peerAuthentication; - public DefaultTlsContext(List<X509Certificate> certificates, - PrivateKey privateKey, - List<X509Certificate> caCertificates, - AuthorizedPeers authorizedPeers, - AuthorizationMode mode, - PeerAuthentication peerAuthentication, - HostnameVerification hostnameVerification) { - this(createSslContext(certificates, privateKey, caCertificates, authorizedPeers, mode, hostnameVerification), peerAuthentication); + public static DefaultTlsContext of(X509SslContext sslContext, PeerAuthentication peerAuthentication) { + return new DefaultTlsContext(sslContext, TlsContext.ALLOWED_CIPHER_SUITES, TlsContext.ALLOWED_PROTOCOLS, peerAuthentication); } - public DefaultTlsContext(SSLContext sslContext, PeerAuthentication peerAuthentication) { - this(sslContext, TlsContext.ALLOWED_CIPHER_SUITES, TlsContext.ALLOWED_PROTOCOLS, peerAuthentication); + public static DefaultTlsContext of( + List<X509Certificate> certificates, PrivateKey privateKey, List<X509Certificate> caCertificates, + AuthorizedPeers authorizedPeers, AuthorizationMode mode, PeerAuthentication peerAuthentication, + HostnameVerification hostnameVerification) { + var ctx = createSslContext(certificates, privateKey, caCertificates, authorizedPeers, mode, hostnameVerification); + return of(ctx, peerAuthentication); } - DefaultTlsContext(SSLContext sslContext, Set<String> acceptedCiphers, Set<String> acceptedProtocols, PeerAuthentication peerAuthentication) { + public static DefaultTlsContext of( + X509SslContext sslContext, Set<String> acceptedCiphers, Set<String> acceptedProtocols, + PeerAuthentication peerAuthentication) { + return new DefaultTlsContext(sslContext, acceptedCiphers, acceptedProtocols, peerAuthentication); + } + + private DefaultTlsContext(X509SslContext sslContext, Set<String> acceptedCiphers, Set<String> acceptedProtocols, + PeerAuthentication peerAuthentication) { this.sslContext = sslContext; this.peerAuthentication = peerAuthentication; - this.validCiphers = getAllowedCiphers(sslContext, acceptedCiphers); - this.validProtocols = getAllowedProtocols(sslContext, acceptedProtocols); + this.validCiphers = getAllowedCiphers(sslContext.context(), acceptedCiphers); + this.validProtocols = getAllowedProtocols(sslContext.context(), acceptedProtocols); } private static String[] getAllowedCiphers(SSLContext sslContext, Set<String> acceptedCiphers) { @@ -78,7 +83,7 @@ public class DefaultTlsContext implements TlsContext { } @Override - public SSLContext context() { + public X509SslContext sslContext() { return sslContext; } @@ -87,22 +92,8 @@ public class DefaultTlsContext implements TlsContext { return createSslParameters(); } - @Override - public SSLEngine createSslEngine() { - SSLEngine sslEngine = sslContext.createSSLEngine(); - sslEngine.setSSLParameters(createSslParameters()); - return sslEngine; - } - - @Override - public SSLEngine createSslEngine(String peerHost, int peerPort) { - SSLEngine sslEngine = sslContext.createSSLEngine(peerHost, peerPort); - sslEngine.setSSLParameters(createSslParameters()); - return sslEngine; - } - private SSLParameters createSslParameters() { - SSLParameters newParameters = sslContext.getDefaultSSLParameters(); + SSLParameters newParameters = sslContext.context().getDefaultSSLParameters(); newParameters.setCipherSuites(validCiphers); newParameters.setProtocols(validProtocols); switch (peerAuthentication) { @@ -120,12 +111,9 @@ public class DefaultTlsContext implements TlsContext { return newParameters; } - private static SSLContext createSslContext(List<X509Certificate> certificates, - PrivateKey privateKey, - List<X509Certificate> caCertificates, - AuthorizedPeers authorizedPeers, - AuthorizationMode mode, - HostnameVerification hostnameVerification) { + private static X509SslContext createSslContext( + List<X509Certificate> certificates, PrivateKey privateKey, List<X509Certificate> caCertificates, + AuthorizedPeers authorizedPeers, AuthorizationMode mode, HostnameVerification hostnameVerification) { SslContextBuilder builder = new SslContextBuilder(); if (!certificates.isEmpty()) { builder.withKeyStore(privateKey, certificates); @@ -135,7 +123,7 @@ public class DefaultTlsContext implements TlsContext { } return builder.withTrustManagerFactory(truststore -> new PeerAuthorizerTrustManager(authorizedPeers, mode, hostnameVerification, truststore)) - .build(); + .buildContext(); } } diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java index fff942ba6ab..6a530718363 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java @@ -1,9 +1,14 @@ // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security.tls; +import com.yahoo.security.X509SslContext; + import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLSocket; +import java.io.IOException; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.util.Arrays; @@ -92,13 +97,32 @@ public interface TlsContext extends AutoCloseable { } catch (KeyManagementException e) { throw new IllegalStateException(e); } } - SSLContext context(); - + X509SslContext sslContext(); SSLParameters parameters(); - SSLEngine createSslEngine(); + default SSLEngine createSslEngine() { + SSLEngine sslEngine = sslContext().context().createSSLEngine(); + sslEngine.setSSLParameters(parameters()); + return sslEngine; + } + + default SSLEngine createSslEngine(String peerHost, int peerPort) { + SSLEngine sslEngine = sslContext().context().createSSLEngine(peerHost, peerPort); + sslEngine.setSSLParameters(parameters()); + return sslEngine; + } + + default SSLSocket createClientSslSocket() throws IOException { + var socket = (SSLSocket) sslContext().context().getSocketFactory().createSocket(); + socket.setSSLParameters(parameters()); + return socket; + } - SSLEngine createSslEngine(String peerHost, int peerPort); + default SSLServerSocket createServerSslSocket() throws IOException { + var socket = (SSLServerSocket) sslContext().context().getServerSocketFactory().createServerSocket(); + socket.setSSLParameters(parameters()); + return socket; + } @Override default void close() {} diff --git a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java index a8012f52e5c..ec7d5b8ca05 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java @@ -10,6 +10,7 @@ import javax.security.auth.x500.X500Principal; import java.security.KeyPair; import java.security.cert.X509Certificate; import java.time.Instant; +import java.util.List; import static com.yahoo.security.KeyAlgorithm.EC; import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA; @@ -40,8 +41,8 @@ public class DefaultTlsContextTest { singletonList(RequiredPeerCredential.of(RequiredPeerCredential.Field.CN, "dummy"))))); DefaultTlsContext tlsContext = - new DefaultTlsContext( - singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, + DefaultTlsContext.of( + List.of(certificate), keyPair.getPrivate(), List.of(certificate), authorizedPeers, AuthorizationMode.ENFORCE, PeerAuthentication.NEED, HostnameVerification.ENABLED); SSLEngine sslEngine = tlsContext.createSslEngine(); diff --git a/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/VespaSslContextProvider.java b/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/VespaSslContextProvider.java index 76844ec1f8c..9cc71eab96e 100644 --- a/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/VespaSslContextProvider.java +++ b/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/VespaSslContextProvider.java @@ -1,7 +1,6 @@ // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.zookeeper.client; -import com.yahoo.security.tls.TlsContext; import com.yahoo.security.tls.TransportSecurityUtils; import javax.net.ssl.SSLContext; @@ -14,7 +13,8 @@ import java.util.function.Supplier; */ public class VespaSslContextProvider implements Supplier<SSLContext> { - private static final SSLContext sslContext = TransportSecurityUtils.getSystemTlsContext().map(TlsContext::context).orElse(null); + private static final SSLContext sslContext = TransportSecurityUtils.getSystemTlsContext() + .map(tc -> tc.sslContext().context()).orElse(null); @Override public SSLContext get() { diff --git a/zookeeper-client-common/src/test/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilderTest.java b/zookeeper-client-common/src/test/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilderTest.java index eae0ae48ab5..56bfe8381c2 100644 --- a/zookeeper-client-common/src/test/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilderTest.java +++ b/zookeeper-client-common/src/test/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilderTest.java @@ -1,14 +1,12 @@ // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.zookeeper.client; +import com.yahoo.security.X509SslContext; import com.yahoo.security.tls.TlsContext; import org.apache.zookeeper.client.ZKClientConfig; import org.junit.jupiter.api.Test; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; - import java.util.List; import static com.yahoo.vespa.zookeeper.client.ZkClientConfigBuilder.CLIENT_CONNECTION_SOCKET; @@ -49,10 +47,7 @@ public class ZkClientConfigBuilderTest { private static class MockTlsContext implements TlsContext { - @Override - public SSLContext context() { - return null; - } + @Override public X509SslContext sslContext() { return X509SslContext.getDefault(); } @Override public SSLParameters parameters() { @@ -62,16 +57,6 @@ public class ZkClientConfigBuilderTest { parameters.setNeedClientAuth(true); return parameters; } - - @Override - public SSLEngine createSslEngine() { - return null; - } - - @Override - public SSLEngine createSslEngine(String peerHost, int peerPort) { - return null; - } } diff --git a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java index d42e91c41ee..a1b88635204 100644 --- a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java +++ b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java @@ -19,7 +19,7 @@ public class VespaSslContextProvider implements Supplier<SSLContext> { public SSLContext get() { synchronized (VespaSslContextProvider.class) { if (tlsContext == null) throw new IllegalStateException("Vespa TLS is not enabled"); - return tlsContext.context(); + return tlsContext.sslContext().context(); } } diff --git a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java index 35aef873a82..3cf1d07be65 100644 --- a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java +++ b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java @@ -24,7 +24,6 @@ import java.math.BigInteger; import java.nio.file.Files; import java.security.KeyPair; import java.security.cert.X509Certificate; -import java.util.Iterator; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; @@ -285,7 +284,7 @@ public class ConfiguratorTest { X509Certificate certificate = X509CertificateBuilder .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, EPOCH.plus(1, DAYS), SHA256_WITH_ECDSA, BigInteger.ONE) .build(); - return new DefaultTlsContext( + return DefaultTlsContext.of( List.of(certificate), keyPair.getPrivate(), List.of(certificate), new AuthorizedPeers(Set.of()), AuthorizationMode.ENFORCE, PeerAuthentication.NEED, HostnameVerification.DISABLED); } |