Example 1 with SslContext
use of io.netty.handler.ssl.SslContext in project neo4j by neo4j.
the class BoltKernelExtension method newInstance.
@Override
public Lifecycle newInstance(KernelContext context, Dependencies dependencies) throws Throwable {
Config config = dependencies.config();
GraphDatabaseService gdb = dependencies.db();
GraphDatabaseAPI api = (GraphDatabaseAPI) gdb;
LogService logService = dependencies.logService();
Clock clock = dependencies.clock();
Log log = logService.getInternalLog(WorkerFactory.class);
LifeSupport life = new LifeSupport();
JobScheduler scheduler = dependencies.scheduler();
InternalLoggerFactory.setDefaultFactory(new Netty4LoggerFactory(logService.getInternalLogProvider()));
Authentication authentication = authentication(dependencies.authManager(), dependencies.userManagerSupplier());
BoltFactory boltFactory = life.add(new BoltFactoryImpl(api, dependencies.usageData(), logService, dependencies.txBridge(), authentication, dependencies.sessionTracker(), config));
WorkerFactory workerFactory = createWorkerFactory(boltFactory, scheduler, dependencies, logService, clock);
List<ProtocolInitializer> connectors = config.enabledBoltConnectors().stream().map((connConfig) -> {
ListenSocketAddress listenAddress = config.get(connConfig.listen_address);
AdvertisedSocketAddress advertisedAddress = config.get(connConfig.advertised_address);
SslContext sslCtx;
boolean requireEncryption;
final BoltConnector.EncryptionLevel encryptionLevel = config.get(connConfig.encryption_level);
switch(encryptionLevel) {
case REQUIRED:
// Encrypted connections are mandatory, a self-signed certificate may be generated.
requireEncryption = true;
sslCtx = createSslContext(config, log, advertisedAddress);
break;
case OPTIONAL:
// Encrypted connections are optional, a self-signed certificate may be generated.
requireEncryption = false;
sslCtx = createSslContext(config, log, advertisedAddress);
break;
case DISABLED:
// Encryption is turned off, no self-signed certificate will be generated.
requireEncryption = false;
sslCtx = null;
break;
default:
// In the unlikely event that we happen to fall through to the default option here,
// there is a mismatch between the BoltConnector.EncryptionLevel enum and the options
// handled in this switch statement. In this case, we'll log a warning and default to
// disabling encryption, since this mirrors the functionality introduced in 3.0.
log.warn(format("Unhandled encryption level %s - assuming DISABLED.", encryptionLevel.name()));
requireEncryption = false;
sslCtx = null;
break;
}
final Map<Long, BiFunction<Channel, Boolean, BoltProtocol>> versions = newVersions(logService, workerFactory);
return new SocketTransport(listenAddress, sslCtx, requireEncryption, logService.getInternalLogProvider(), versions);
}).collect(toList());
if (connectors.size() > 0 && !config.get(GraphDatabaseSettings.disconnected)) {
life.add(new NettyServer(scheduler.threadFactory(boltNetworkIO), connectors));
log.info("Bolt Server extension loaded.");
for (ProtocolInitializer connector : connectors) {
logService.getUserLog(WorkerFactory.class).info("Bolt enabled on %s.", connector.address());
}
}
return life;
}
Also used :
Service(org.neo4j.helpers.Service)
UsageData(org.neo4j.udc.UsageData)
Log(org.neo4j.logging.Log)
Authentication(org.neo4j.bolt.security.auth.Authentication)
BiFunction(java.util.function.BiFunction)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
KernelContext(org.neo4j.kernel.impl.spi.KernelContext)
SocketTransport(org.neo4j.bolt.transport.SocketTransport)
BoltProtocol(org.neo4j.bolt.transport.BoltProtocol)
LifeSupport(org.neo4j.kernel.lifecycle.LifeSupport)
KeyStoreFactory(org.neo4j.bolt.security.ssl.KeyStoreFactory)
AdvertisedSocketAddress(org.neo4j.helpers.AdvertisedSocketAddress)
GeneralSecurityException(java.security.GeneralSecurityException)
ProtocolInitializer(org.neo4j.bolt.transport.NettyServer.ProtocolInitializer)
Map(java.util.Map)
KeyStoreInformation(org.neo4j.bolt.security.ssl.KeyStoreInformation)
Groups.boltNetworkIO(org.neo4j.kernel.impl.util.JobScheduler.Groups.boltNetworkIO)
BoltConnectionDescriptor(org.neo4j.bolt.v1.runtime.BoltConnectionDescriptor)
BoltFactory(org.neo4j.bolt.v1.runtime.BoltFactory)
BoltConnector(org.neo4j.kernel.configuration.BoltConnector)
ThreadToStatementContextBridge(org.neo4j.kernel.impl.core.ThreadToStatementContextBridge)
LogService(org.neo4j.kernel.impl.logging.LogService)
String.format(java.lang.String.format)
GraphDatabaseAPI(org.neo4j.kernel.internal.GraphDatabaseAPI)
Netty4LoggerFactory(org.neo4j.bolt.transport.Netty4LoggerFactory)
Settings.derivedSetting(org.neo4j.kernel.configuration.Settings.derivedSetting)
List(java.util.List)
Description(org.neo4j.configuration.Description)
BoltFactoryImpl(org.neo4j.bolt.v1.runtime.BoltFactoryImpl)
KernelExtensionFactory(org.neo4j.kernel.extension.KernelExtensionFactory)
WorkerFactory(org.neo4j.bolt.v1.runtime.WorkerFactory)
BasicAuthentication(org.neo4j.bolt.security.auth.BasicAuthentication)
GraphDatabaseSettings(org.neo4j.graphdb.factory.GraphDatabaseSettings)
Settings.pathSetting(org.neo4j.kernel.configuration.Settings.pathSetting)
Internal(org.neo4j.configuration.Internal)
Monitors(org.neo4j.kernel.monitoring.Monitors)
HashMap(java.util.HashMap)
JobScheduler(org.neo4j.kernel.impl.util.JobScheduler)
Configuration(org.neo4j.graphdb.config.Configuration)
ListenSocketAddress(org.neo4j.helpers.ListenSocketAddress)
BoltProtocolV1(org.neo4j.bolt.v1.transport.BoltProtocolV1)
Certificates(org.neo4j.bolt.security.ssl.Certificates)
GraphDatabaseService(org.neo4j.graphdb.GraphDatabaseService)
NettyServer(org.neo4j.bolt.transport.NettyServer)
ThreadedWorkerFactory(org.neo4j.bolt.v1.runtime.concurrent.ThreadedWorkerFactory)
Lifecycle(org.neo4j.kernel.lifecycle.Lifecycle)
Config(org.neo4j.kernel.configuration.Config)
SslContext(io.netty.handler.ssl.SslContext)
BoltConnectionTracker(org.neo4j.kernel.api.bolt.BoltConnectionTracker)
Setting(org.neo4j.graphdb.config.Setting)
IOException(java.io.IOException)
PATH(org.neo4j.kernel.configuration.Settings.PATH)
File(java.io.File)
Channel(io.netty.channel.Channel)
UserManagerSupplier(org.neo4j.kernel.api.security.UserManagerSupplier)
BoltWorker(org.neo4j.bolt.v1.runtime.BoltWorker)
Collectors.toList(java.util.stream.Collectors.toList)
SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)
Clock(java.time.Clock)
InternalLoggerFactory(io.netty.util.internal.logging.InternalLoggerFactory)
MonitoredWorkerFactory(org.neo4j.bolt.v1.runtime.MonitoredWorkerFactory)
AuthManager(org.neo4j.kernel.api.security.AuthManager)
Config(org.neo4j.kernel.configuration.Config)
AdvertisedSocketAddress(org.neo4j.helpers.AdvertisedSocketAddress)
Clock(java.time.Clock)
BoltFactory(org.neo4j.bolt.v1.runtime.BoltFactory)
WorkerFactory(org.neo4j.bolt.v1.runtime.WorkerFactory)
ThreadedWorkerFactory(org.neo4j.bolt.v1.runtime.concurrent.ThreadedWorkerFactory)
MonitoredWorkerFactory(org.neo4j.bolt.v1.runtime.MonitoredWorkerFactory)
NettyServer(org.neo4j.bolt.transport.NettyServer)
BoltFactoryImpl(org.neo4j.bolt.v1.runtime.BoltFactoryImpl)
GraphDatabaseAPI(org.neo4j.kernel.internal.GraphDatabaseAPI)
LifeSupport(org.neo4j.kernel.lifecycle.LifeSupport)
SslContext(io.netty.handler.ssl.SslContext)
ProtocolInitializer(org.neo4j.bolt.transport.NettyServer.ProtocolInitializer)
JobScheduler(org.neo4j.kernel.impl.util.JobScheduler)
GraphDatabaseService(org.neo4j.graphdb.GraphDatabaseService)
Log(org.neo4j.logging.Log)
SocketTransport(org.neo4j.bolt.transport.SocketTransport)
Channel(io.netty.channel.Channel)
BoltProtocol(org.neo4j.bolt.transport.BoltProtocol)
Authentication(org.neo4j.bolt.security.auth.Authentication)
BasicAuthentication(org.neo4j.bolt.security.auth.BasicAuthentication)
ListenSocketAddress(org.neo4j.helpers.ListenSocketAddress)
Netty4LoggerFactory(org.neo4j.bolt.transport.Netty4LoggerFactory)
Map(java.util.Map)
HashMap(java.util.HashMap)
LogService(org.neo4j.kernel.impl.logging.LogService)
Example 2 with SslContext
use of io.netty.handler.ssl.SslContext in project pulsar by yahoo.
the class DiscoveryServiceTest method connectToService.
/**
* creates ClientHandler channel to connect and communicate with server
*
* @param serviceUrl
* @param latch
* @return
* @throws URISyntaxException
*/
public static NioEventLoopGroup connectToService(String serviceUrl, CountDownLatch latch, boolean tls) throws URISyntaxException {
NioEventLoopGroup workerGroup = new NioEventLoopGroup();
Bootstrap b = new Bootstrap();
b.group(workerGroup);
b.channel(NioSocketChannel.class);
b.handler(new ChannelInitializer<SocketChannel>() {
@Override
public void initChannel(SocketChannel ch) throws Exception {
if (tls) {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
X509Certificate[] certificates = SecurityUtility.loadCertificatesFromPemFile(TLS_CLIENT_CERT_FILE_PATH);
PrivateKey privateKey = SecurityUtility.loadPrivateKeyFromPemFile(TLS_CLIENT_KEY_FILE_PATH);
builder.keyManager(privateKey, (X509Certificate[]) certificates);
SslContext sslCtx = builder.build();
ch.pipeline().addLast("tls", sslCtx.newHandler(ch.alloc()));
}
ch.pipeline().addLast(new ClientHandler(latch));
}
});
URI uri = new URI(serviceUrl);
InetSocketAddress serviceAddress = new InetSocketAddress(uri.getHost(), uri.getPort());
b.connect(serviceAddress).addListener((ChannelFuture future) -> {
if (!future.isSuccess()) {
throw new IllegalStateException(future.cause());
}
});
return workerGroup;
}
Also used :
ChannelFuture(io.netty.channel.ChannelFuture)
NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel)
SocketChannel(io.netty.channel.socket.SocketChannel)
PrivateKey(java.security.PrivateKey)
InetSocketAddress(java.net.InetSocketAddress)
URI(java.net.URI)
URISyntaxException(java.net.URISyntaxException)
SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)
Bootstrap(io.netty.bootstrap.Bootstrap)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
SslContext(io.netty.handler.ssl.SslContext)
Example 3 with SslContext
use of io.netty.handler.ssl.SslContext in project grpc-java by grpc.
the class Utils method newNettyClientChannel.
private static NettyChannelBuilder newNettyClientChannel(Transport transport, SocketAddress address, boolean tls, boolean testca, int flowControlWindow, boolean useDefaultCiphers) throws IOException {
NettyChannelBuilder builder = NettyChannelBuilder.forAddress(address).flowControlWindow(flowControlWindow);
if (tls) {
builder.negotiationType(NegotiationType.TLS);
SslContext sslContext = null;
if (testca) {
File cert = TestUtils.loadCert("ca.pem");
SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient().trustManager(cert);
if (transport == Transport.NETTY_NIO) {
sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.JDK);
} else {
// Native transport with OpenSSL
sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.OPENSSL);
}
if (useDefaultCiphers) {
sslContextBuilder.ciphers(null);
}
sslContext = sslContextBuilder.build();
}
builder.sslContext(sslContext);
} else {
builder.negotiationType(NegotiationType.PLAINTEXT);
}
DefaultThreadFactory tf = new DefaultThreadFactory("client-elg-", true);
switch(transport) {
case NETTY_NIO:
builder.eventLoopGroup(new NioEventLoopGroup(0, tf)).channelType(NioSocketChannel.class);
break;
case NETTY_EPOLL:
// These classes only work on Linux.
builder.eventLoopGroup(new EpollEventLoopGroup(0, tf)).channelType(EpollSocketChannel.class);
break;
case NETTY_UNIX_DOMAIN_SOCKET:
// These classes only work on Linux.
builder.eventLoopGroup(new EpollEventLoopGroup(0, tf)).channelType(EpollDomainSocketChannel.class);
break;
default:
// Should never get here.
throw new IllegalArgumentException("Unsupported transport: " + transport);
}
return builder;
}
Also used :
DefaultThreadFactory(io.netty.util.concurrent.DefaultThreadFactory)
SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)
EpollEventLoopGroup(io.netty.channel.epoll.EpollEventLoopGroup)
NettyChannelBuilder(io.grpc.netty.NettyChannelBuilder)
File(java.io.File)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
SslContext(io.netty.handler.ssl.SslContext)
Example 4 with SslContext
use of io.netty.handler.ssl.SslContext in project CorfuDB by CorfuDB.
the class CorfuServer method main.
public static void main(String[] args) {
serverRunning = true;
// Parse the options given, using docopt.
Map<String, Object> opts = new Docopt(USAGE).withVersion(GitRepositoryState.getRepositoryState().describe).parse(args);
int port = Integer.parseInt((String) opts.get("<port>"));
// Print a nice welcome message.
AnsiConsole.systemInstall();
printLogo();
System.out.println(ansi().a("Welcome to ").fg(RED).a("CORFU ").fg(MAGENTA).a("SERVER").reset());
System.out.println(ansi().a("Version ").a(Version.getVersionString()).a(" (").fg(BLUE).a(GitRepositoryState.getRepositoryState().commitIdAbbrev).reset().a(")"));
System.out.println(ansi().a("Serving on port ").fg(WHITE).a(port).reset());
System.out.println(ansi().a("Service directory: ").fg(WHITE).a((Boolean) opts.get("--memory") ? "MEMORY mode" : opts.get("--log-path")).reset());
// Pick the correct logging level before outputting error messages.
Logger root = (Logger) LoggerFactory.getLogger(Logger.ROOT_LOGGER_NAME);
switch((String) opts.get("--log-level")) {
case "ERROR":
root.setLevel(Level.ERROR);
break;
case "WARN":
root.setLevel(Level.WARN);
break;
case "INFO":
root.setLevel(Level.INFO);
break;
case "DEBUG":
root.setLevel(Level.DEBUG);
break;
case "TRACE":
root.setLevel(Level.TRACE);
break;
default:
root.setLevel(Level.INFO);
log.warn("Level {} not recognized, defaulting to level INFO", opts.get("--log-level"));
}
log.debug("Started with arguments: " + opts);
// Create the service directory if it does not exist.
if (!(Boolean) opts.get("--memory")) {
File serviceDir = new File((String) opts.get("--log-path"));
if (!serviceDir.exists()) {
if (serviceDir.mkdirs()) {
log.info("Created new service directory at {}.", serviceDir);
}
} else if (!serviceDir.isDirectory()) {
log.error("Service directory {} does not point to a directory. Aborting.", serviceDir);
throw new RuntimeException("Service directory must be a directory!");
}
}
// Now, we start the Netty router, and have it route to the correct port.
router = new NettyServerRouter(opts);
// Create a common Server Context for all servers to access.
serverContext = new ServerContext(opts, router);
// Add each role to the router.
addSequencer();
addLayoutServer();
addLogUnit();
addManagementServer();
router.baseServer.setOptionsMap(opts);
// Setup SSL if needed
Boolean tlsEnabled = (Boolean) opts.get("--enable-tls");
Boolean tlsMutualAuthEnabled = (Boolean) opts.get("--enable-tls-mutual-auth");
if (tlsEnabled) {
// Get the TLS cipher suites to enable
String ciphs = (String) opts.get("--tls-ciphers");
if (ciphs != null) {
List<String> ciphers = Pattern.compile(",").splitAsStream(ciphs).map(String::trim).collect(Collectors.toList());
enabledTlsCipherSuites = ciphers.toArray(new String[ciphers.size()]);
}
// Get the TLS protocols to enable
String protos = (String) opts.get("--tls-protocols");
if (protos != null) {
List<String> protocols = Pattern.compile(",").splitAsStream(protos).map(String::trim).collect(Collectors.toList());
enabledTlsProtocols = protocols.toArray(new String[protocols.size()]);
}
try {
sslContext = TlsUtils.enableTls(TlsUtils.SslContextType.SERVER_CONTEXT, (String) opts.get("--keystore"), e -> {
log.error("Could not load keys from the key store.");
System.exit(1);
}, (String) opts.get("--keystore-password-file"), e -> {
log.error("Could not read the key store password file.");
System.exit(1);
}, (String) opts.get("--truststore"), e -> {
log.error("Could not load keys from the trust store.");
System.exit(1);
}, (String) opts.get("--truststore-password-file"), e -> {
log.error("Could not read the trust store password file.");
System.exit(1);
});
} catch (Exception ex) {
log.error("Could not build the SSL context");
System.exit(1);
}
}
Boolean saslPlainTextAuth = (Boolean) opts.get("--enable-sasl-plain-text-auth");
// Create the event loops responsible for servicing inbound messages.
EventLoopGroup bossGroup;
EventLoopGroup workerGroup;
EventExecutorGroup ee;
bossGroup = new NioEventLoopGroup(1, new ThreadFactory() {
final AtomicInteger threadNum = new AtomicInteger(0);
@Override
public Thread newThread(Runnable r) {
Thread t = new Thread(r);
t.setName("accept-" + threadNum.getAndIncrement());
return t;
}
});
workerGroup = new NioEventLoopGroup(Runtime.getRuntime().availableProcessors() * 2, new ThreadFactory() {
final AtomicInteger threadNum = new AtomicInteger(0);
@Override
public Thread newThread(Runnable r) {
Thread t = new Thread(r);
t.setName("io-" + threadNum.getAndIncrement());
return t;
}
});
ee = new DefaultEventExecutorGroup(Runtime.getRuntime().availableProcessors() * 2, new ThreadFactory() {
final AtomicInteger threadNum = new AtomicInteger(0);
@Override
public Thread newThread(Runnable r) {
Thread t = new Thread(r);
t.setName("event-" + threadNum.getAndIncrement());
return t;
}
});
try {
ServerBootstrap b = new ServerBootstrap();
b.group(bossGroup, workerGroup).channel(NioServerSocketChannel.class).option(ChannelOption.SO_BACKLOG, 100).childOption(ChannelOption.SO_KEEPALIVE, true).childOption(ChannelOption.SO_REUSEADDR, true).childOption(ChannelOption.TCP_NODELAY, true).childOption(ChannelOption.ALLOCATOR, PooledByteBufAllocator.DEFAULT).childHandler(new ChannelInitializer<SocketChannel>() {
@Override
public void initChannel(io.netty.channel.socket.SocketChannel ch) throws Exception {
if (tlsEnabled) {
SSLEngine engine = sslContext.newEngine(ch.alloc());
engine.setEnabledCipherSuites(enabledTlsCipherSuites);
engine.setEnabledProtocols(enabledTlsProtocols);
if (tlsMutualAuthEnabled) {
engine.setNeedClientAuth(true);
}
ch.pipeline().addLast("ssl", new SslHandler(engine));
}
ch.pipeline().addLast(new LengthFieldPrepender(4));
ch.pipeline().addLast(new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4));
if (saslPlainTextAuth) {
ch.pipeline().addLast("sasl/plain-text", new PlainTextSaslNettyServer());
}
ch.pipeline().addLast(ee, new NettyCorfuMessageDecoder());
ch.pipeline().addLast(ee, new NettyCorfuMessageEncoder());
ch.pipeline().addLast(ee, router);
}
});
ChannelFuture f = b.bind(port).sync();
while (true) {
try {
f.channel().closeFuture().sync();
} catch (InterruptedException ie) {
}
}
} catch (InterruptedException ie) {
} catch (Exception ex) {
log.error("Corfu server shut down unexpectedly due to exception", ex);
} finally {
bossGroup.shutdownGracefully();
workerGroup.shutdownGracefully();
}
}
Also used :
ChannelOption(io.netty.channel.ChannelOption)
Getter(lombok.Getter)
GitRepositoryState(org.corfudb.util.GitRepositoryState)
LoggerFactory(org.slf4j.LoggerFactory)
NettyCorfuMessageEncoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageEncoder)
Docopt(org.docopt.Docopt)
SSLEngine(javax.net.ssl.SSLEngine)
PlainTextSaslNettyServer(org.corfudb.security.sasl.plaintext.PlainTextSaslNettyServer)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
DefaultEventExecutorGroup(io.netty.util.concurrent.DefaultEventExecutorGroup)
Map(java.util.Map)
Color(org.fusesource.jansi.Ansi.Color)
ThreadFactory(java.util.concurrent.ThreadFactory)
SocketChannel(io.netty.channel.socket.SocketChannel)
LengthFieldPrepender(io.netty.handler.codec.LengthFieldPrepender)
TlsUtils(org.corfudb.security.tls.TlsUtils)
Ansi.ansi(org.fusesource.jansi.Ansi.ansi)
LengthFieldBasedFrameDecoder(io.netty.handler.codec.LengthFieldBasedFrameDecoder)
NettyCorfuMessageDecoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageDecoder)
EventLoopGroup(io.netty.channel.EventLoopGroup)
ChannelInitializer(io.netty.channel.ChannelInitializer)
SslContext(io.netty.handler.ssl.SslContext)
NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel)
PooledByteBufAllocator(io.netty.buffer.PooledByteBufAllocator)
EventExecutorGroup(io.netty.util.concurrent.EventExecutorGroup)
Collectors(java.util.stream.Collectors)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
File(java.io.File)
ChannelFuture(io.netty.channel.ChannelFuture)
Level(ch.qos.logback.classic.Level)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
AnsiConsole(org.fusesource.jansi.AnsiConsole)
Logger(ch.qos.logback.classic.Logger)
SslHandler(io.netty.handler.ssl.SslHandler)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
Pattern(java.util.regex.Pattern)
Version(org.corfudb.util.Version)
ThreadFactory(java.util.concurrent.ThreadFactory)
SocketChannel(io.netty.channel.socket.SocketChannel)
NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel)
DefaultEventExecutorGroup(io.netty.util.concurrent.DefaultEventExecutorGroup)
SSLEngine(javax.net.ssl.SSLEngine)
NettyCorfuMessageEncoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageEncoder)
Logger(ch.qos.logback.classic.Logger)
LengthFieldPrepender(io.netty.handler.codec.LengthFieldPrepender)
Docopt(org.docopt.Docopt)
PlainTextSaslNettyServer(org.corfudb.security.sasl.plaintext.PlainTextSaslNettyServer)
SocketChannel(io.netty.channel.socket.SocketChannel)
LengthFieldBasedFrameDecoder(io.netty.handler.codec.LengthFieldBasedFrameDecoder)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
DefaultEventExecutorGroup(io.netty.util.concurrent.DefaultEventExecutorGroup)
EventExecutorGroup(io.netty.util.concurrent.EventExecutorGroup)
ChannelFuture(io.netty.channel.ChannelFuture)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
SslHandler(io.netty.handler.ssl.SslHandler)
NettyCorfuMessageDecoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageDecoder)
EventLoopGroup(io.netty.channel.EventLoopGroup)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
File(java.io.File)
Example 5 with SslContext
use of io.netty.handler.ssl.SslContext in project pravega by pravega.
the class ConnectionFactoryImpl method establishConnection.
@Override
public CompletableFuture<ClientConnection> establishConnection(PravegaNodeUri location, ReplyProcessor rp) {
Preconditions.checkNotNull(location);
Exceptions.checkNotClosed(closed.get(), this);
final SslContext sslCtx;
if (clientConfig.isEnableTls()) {
try {
SslContextBuilder sslCtxFactory = SslContextBuilder.forClient();
if (Strings.isNullOrEmpty(clientConfig.getTrustStore())) {
sslCtxFactory = sslCtxFactory.trustManager(FingerprintTrustManagerFactory.getInstance(FingerprintTrustManagerFactory.getDefaultAlgorithm()));
} else {
sslCtxFactory = SslContextBuilder.forClient().trustManager(new File(clientConfig.getTrustStore()));
}
sslCtx = sslCtxFactory.build();
} catch (SSLException | NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
} else {
sslCtx = null;
}
AppendBatchSizeTracker batchSizeTracker = new AppendBatchSizeTrackerImpl();
ClientConnectionInboundHandler handler = new ClientConnectionInboundHandler(location.getEndpoint(), rp, batchSizeTracker);
Bootstrap b = new Bootstrap();
b.group(group).channel(nio ? NioSocketChannel.class : EpollSocketChannel.class).option(ChannelOption.TCP_NODELAY, true).handler(new ChannelInitializer<SocketChannel>() {
@Override
public void initChannel(SocketChannel ch) throws Exception {
ChannelPipeline p = ch.pipeline();
if (sslCtx != null) {
SslHandler sslHandler = sslCtx.newHandler(ch.alloc(), location.getEndpoint(), location.getPort());
if (clientConfig.isValidateHostName()) {
SSLEngine sslEngine = sslHandler.engine();
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
sslEngine.setSSLParameters(sslParameters);
}
p.addLast(sslHandler);
}
// p.addLast(new LoggingHandler(LogLevel.INFO));
p.addLast(new ExceptionLoggingHandler(location.getEndpoint()), new CommandEncoder(batchSizeTracker), new LengthFieldBasedFrameDecoder(WireCommands.MAX_WIRECOMMAND_SIZE, 4, 4), new CommandDecoder(), handler);
}
});
// Start the client.
CompletableFuture<ClientConnection> connectionComplete = new CompletableFuture<>();
try {
b.connect(location.getEndpoint(), location.getPort()).addListener(new ChannelFutureListener() {
@Override
public void operationComplete(ChannelFuture future) {
if (future.isSuccess()) {
// since ChannelFuture is complete future.channel() is not a blocking call.
Channel ch = future.channel();
log.debug("Connect operation completed for channel:{}, local address:{}, remote address:{}", ch.id(), ch.localAddress(), ch.remoteAddress());
// Once a channel is closed the channel group implementation removes it.
allChannels.add(ch);
connectionComplete.complete(handler);
} else {
connectionComplete.completeExceptionally(new ConnectionFailedException(future.cause()));
}
}
});
} catch (Exception e) {
connectionComplete.completeExceptionally(new ConnectionFailedException(e));
}
// check if channel is registered.
CompletableFuture<Void> channelRegisteredFuture = new CompletableFuture<>();
handler.completeWhenRegistered(channelRegisteredFuture);
return connectionComplete.thenCombine(channelRegisteredFuture, (clientConnection, v) -> clientConnection);
}
Also used :
NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel)
EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel)
SocketChannel(io.netty.channel.socket.SocketChannel)
SSLEngine(javax.net.ssl.SSLEngine)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CommandEncoder(io.pravega.shared.protocol.netty.CommandEncoder)
SSLException(javax.net.ssl.SSLException)
CompletableFuture(java.util.concurrent.CompletableFuture)
SSLParameters(javax.net.ssl.SSLParameters)
ExceptionLoggingHandler(io.pravega.shared.protocol.netty.ExceptionLoggingHandler)
Bootstrap(io.netty.bootstrap.Bootstrap)
EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel)
LengthFieldBasedFrameDecoder(io.netty.handler.codec.LengthFieldBasedFrameDecoder)
SslContext(io.netty.handler.ssl.SslContext)
ChannelFuture(io.netty.channel.ChannelFuture)
AppendBatchSizeTracker(io.pravega.shared.protocol.netty.AppendBatchSizeTracker)
CommandDecoder(io.pravega.shared.protocol.netty.CommandDecoder)
NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel)
EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel)
SocketChannel(io.netty.channel.socket.SocketChannel)
Channel(io.netty.channel.Channel)
ChannelFutureListener(io.netty.channel.ChannelFutureListener)
ConnectionFailedException(io.pravega.shared.protocol.netty.ConnectionFailedException)
SSLException(javax.net.ssl.SSLException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ChannelPipeline(io.netty.channel.ChannelPipeline)
SslHandler(io.netty.handler.ssl.SslHandler)
NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel)
SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)
File(java.io.File)
ConnectionFailedException(io.pravega.shared.protocol.netty.ConnectionFailedException)
Aggregations
SslContext (io.netty.handler.ssl.SslContext)198
NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)62
EventLoopGroup (io.netty.channel.EventLoopGroup)52
SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)50
Test (org.junit.Test)48
ServerBootstrap (io.netty.bootstrap.ServerBootstrap)41
Channel (io.netty.channel.Channel)41
SSLException (javax.net.ssl.SSLException)39
LoggingHandler (io.netty.handler.logging.LoggingHandler)35
SocketChannel (io.netty.channel.socket.SocketChannel)34
NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)34
Bootstrap (io.netty.bootstrap.Bootstrap)33
NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)33
SslHandler (io.netty.handler.ssl.SslHandler)26
SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)25
ChannelPipeline (io.netty.channel.ChannelPipeline)23
InetSocketAddress (java.net.InetSocketAddress)23
ChannelFuture (io.netty.channel.ChannelFuture)21
File (java.io.File)21
CertificateException (java.security.cert.CertificateException)20
