Example 16 with SslHandler
use of io.netty.handler.ssl.SslHandler in project pulsar by yahoo.
the class ServerCnx method handleConnect.
@Override
protected void handleConnect(CommandConnect connect) {
checkArgument(state == State.Start);
if (service.isAuthenticationEnabled()) {
try {
String authMethod = "none";
if (connect.hasAuthMethodName()) {
authMethod = connect.getAuthMethodName();
} else if (connect.hasAuthMethod()) {
// Legacy client is passing enum
authMethod = connect.getAuthMethod().name().substring(10).toLowerCase();
}
String authData = connect.getAuthData().toStringUtf8();
ChannelHandler sslHandler = ctx.channel().pipeline().get(PulsarChannelInitializer.TLS_HANDLER);
SSLSession sslSession = null;
if (sslHandler != null) {
sslSession = ((SslHandler) sslHandler).engine().getSession();
}
authRole = getBrokerService().getAuthenticationService().authenticate(new AuthenticationDataCommand(authData, remoteAddress, sslSession), authMethod);
log.info("[{}] Client successfully authenticated with {} role {}", remoteAddress, authMethod, authRole);
} catch (AuthenticationException e) {
String msg = "Unable to authenticate";
log.warn("[{}] {}: {}", remoteAddress, msg, e.getMessage());
ctx.writeAndFlush(Commands.newError(-1, ServerError.AuthenticationError, msg));
close();
return;
}
}
if (log.isDebugEnabled()) {
log.debug("Received CONNECT from {}", remoteAddress);
}
ctx.writeAndFlush(Commands.newConnected(connect));
state = State.Connected;
remoteEndpointProtocolVersion = connect.getProtocolVersion();
}
Also used :
AuthenticationDataCommand(com.yahoo.pulsar.broker.authentication.AuthenticationDataCommand)
AuthenticationException(javax.naming.AuthenticationException)
SSLSession(javax.net.ssl.SSLSession)
ChannelHandler(io.netty.channel.ChannelHandler)
SslHandler(io.netty.handler.ssl.SslHandler)
Example 17 with SslHandler
use of io.netty.handler.ssl.SslHandler in project async-http-client by AsyncHttpClient.
the class ChannelManager method addSslHandler.
public SslHandler addSslHandler(ChannelPipeline pipeline, Uri uri, String virtualHost) {
String peerHost;
int peerPort;
if (virtualHost != null) {
int i = virtualHost.indexOf(':');
if (i == -1) {
peerHost = virtualHost;
peerPort = uri.getSchemeDefaultPort();
} else {
peerHost = virtualHost.substring(0, i);
peerPort = Integer.valueOf(virtualHost.substring(i + 1));
}
} else {
peerHost = uri.getHost();
peerPort = uri.getExplicitPort();
}
SslHandler sslHandler = createSslHandler(peerHost, peerPort);
pipeline.addFirst(ChannelManager.SSL_HANDLER, sslHandler);
return sslHandler;
}
Also used :
SslHandler(io.netty.handler.ssl.SslHandler)
Example 18 with SslHandler
use of io.netty.handler.ssl.SslHandler in project async-http-client by AsyncHttpClient.
the class NettyConnectListener method onSuccess.
public void onSuccess(Channel channel, InetSocketAddress remoteAddress) {
Channels.setInactiveToken(channel);
TimeoutsHolder timeoutsHolder = future.getTimeoutsHolder();
if (futureIsAlreadyCancelled(channel)) {
return;
}
Request request = future.getTargetRequest();
Uri uri = request.getUri();
timeoutsHolder.initRemoteAddress(remoteAddress);
// in case of proxy tunneling, we'll add the SslHandler later, after the CONNECT request
if (future.getProxyServer() == null && uri.isSecured()) {
SslHandler sslHandler = null;
try {
sslHandler = channelManager.addSslHandler(channel.pipeline(), uri, request.getVirtualHost());
} catch (Exception sslError) {
NettyConnectListener.this.onFailure(channel, sslError);
return;
}
final AsyncHandlerExtensions asyncHandlerExtensions = toAsyncHandlerExtensions(future.getAsyncHandler());
if (asyncHandlerExtensions != null)
asyncHandlerExtensions.onTlsHandshakeAttempt();
sslHandler.handshakeFuture().addListener(new SimpleFutureListener<Channel>() {
@Override
protected void onSuccess(Channel value) throws Exception {
if (asyncHandlerExtensions != null)
asyncHandlerExtensions.onTlsHandshakeSuccess();
writeRequest(channel);
}
@Override
protected void onFailure(Throwable cause) throws Exception {
if (asyncHandlerExtensions != null)
asyncHandlerExtensions.onTlsHandshakeFailure(cause);
NettyConnectListener.this.onFailure(channel, cause);
}
});
} else {
writeRequest(channel);
}
}
Also used :
Channel(io.netty.channel.Channel)
HttpRequest(io.netty.handler.codec.http.HttpRequest)
Request(org.asynchttpclient.Request)
Uri(org.asynchttpclient.uri.Uri)
SslHandler(io.netty.handler.ssl.SslHandler)
ConnectException(java.net.ConnectException)
AsyncHandlerExtensionsUtils.toAsyncHandlerExtensions(org.asynchttpclient.handler.AsyncHandlerExtensionsUtils.toAsyncHandlerExtensions)
AsyncHandlerExtensions(org.asynchttpclient.handler.AsyncHandlerExtensions)
TimeoutsHolder(org.asynchttpclient.netty.timeout.TimeoutsHolder)
Example 19 with SslHandler
use of io.netty.handler.ssl.SslHandler in project sissi by KimShen.
the class FixDomainStartTls method startTls.
@Override
public boolean startTls(String domain) {
try {
if (this.isTls.compareAndSet(false, true)) {
SSLEngine engine = this.sslContextBuilder.build().createSSLEngine();
engine.setNeedClientAuth(false);
engine.setUseClientMode(false);
this.handler = new SslHandler(engine);
this.prepareTls.compareAndSet(false, true);
}
return true;
} catch (Exception e) {
log.error(e.toString());
Trace.trace(log, e);
return this.rollbackSSL();
}
}
Also used :
SSLEngine(javax.net.ssl.SSLEngine)
SslHandler(io.netty.handler.ssl.SslHandler)
Example 20 with SslHandler
use of io.netty.handler.ssl.SslHandler in project CorfuDB by CorfuDB.
the class CorfuServer method main.
public static void main(String[] args) {
serverRunning = true;
// Parse the options given, using docopt.
Map<String, Object> opts = new Docopt(USAGE).withVersion(GitRepositoryState.getRepositoryState().describe).parse(args);
int port = Integer.parseInt((String) opts.get("<port>"));
// Print a nice welcome message.
AnsiConsole.systemInstall();
printLogo();
System.out.println(ansi().a("Welcome to ").fg(RED).a("CORFU ").fg(MAGENTA).a("SERVER").reset());
System.out.println(ansi().a("Version ").a(Version.getVersionString()).a(" (").fg(BLUE).a(GitRepositoryState.getRepositoryState().commitIdAbbrev).reset().a(")"));
System.out.println(ansi().a("Serving on port ").fg(WHITE).a(port).reset());
System.out.println(ansi().a("Service directory: ").fg(WHITE).a((Boolean) opts.get("--memory") ? "MEMORY mode" : opts.get("--log-path")).reset());
// Pick the correct logging level before outputting error messages.
Logger root = (Logger) LoggerFactory.getLogger(Logger.ROOT_LOGGER_NAME);
switch((String) opts.get("--log-level")) {
case "ERROR":
root.setLevel(Level.ERROR);
break;
case "WARN":
root.setLevel(Level.WARN);
break;
case "INFO":
root.setLevel(Level.INFO);
break;
case "DEBUG":
root.setLevel(Level.DEBUG);
break;
case "TRACE":
root.setLevel(Level.TRACE);
break;
default:
root.setLevel(Level.INFO);
log.warn("Level {} not recognized, defaulting to level INFO", opts.get("--log-level"));
}
log.debug("Started with arguments: " + opts);
// Create the service directory if it does not exist.
if (!(Boolean) opts.get("--memory")) {
File serviceDir = new File((String) opts.get("--log-path"));
if (!serviceDir.exists()) {
if (serviceDir.mkdirs()) {
log.info("Created new service directory at {}.", serviceDir);
}
} else if (!serviceDir.isDirectory()) {
log.error("Service directory {} does not point to a directory. Aborting.", serviceDir);
throw new RuntimeException("Service directory must be a directory!");
}
}
// Now, we start the Netty router, and have it route to the correct port.
router = new NettyServerRouter(opts);
// Create a common Server Context for all servers to access.
serverContext = new ServerContext(opts, router);
// Add each role to the router.
addSequencer();
addLayoutServer();
addLogUnit();
addManagementServer();
router.baseServer.setOptionsMap(opts);
// Setup SSL if needed
Boolean tlsEnabled = (Boolean) opts.get("--enable-tls");
Boolean tlsMutualAuthEnabled = (Boolean) opts.get("--enable-tls-mutual-auth");
if (tlsEnabled) {
// Get the TLS cipher suites to enable
String ciphs = (String) opts.get("--tls-ciphers");
if (ciphs != null) {
List<String> ciphers = Pattern.compile(",").splitAsStream(ciphs).map(String::trim).collect(Collectors.toList());
enabledTlsCipherSuites = ciphers.toArray(new String[ciphers.size()]);
}
// Get the TLS protocols to enable
String protos = (String) opts.get("--tls-protocols");
if (protos != null) {
List<String> protocols = Pattern.compile(",").splitAsStream(protos).map(String::trim).collect(Collectors.toList());
enabledTlsProtocols = protocols.toArray(new String[protocols.size()]);
}
try {
sslContext = TlsUtils.enableTls(TlsUtils.SslContextType.SERVER_CONTEXT, (String) opts.get("--keystore"), e -> {
log.error("Could not load keys from the key store.");
System.exit(1);
}, (String) opts.get("--keystore-password-file"), e -> {
log.error("Could not read the key store password file.");
System.exit(1);
}, (String) opts.get("--truststore"), e -> {
log.error("Could not load keys from the trust store.");
System.exit(1);
}, (String) opts.get("--truststore-password-file"), e -> {
log.error("Could not read the trust store password file.");
System.exit(1);
});
} catch (Exception ex) {
log.error("Could not build the SSL context");
System.exit(1);
}
}
Boolean saslPlainTextAuth = (Boolean) opts.get("--enable-sasl-plain-text-auth");
// Create the event loops responsible for servicing inbound messages.
EventLoopGroup bossGroup;
EventLoopGroup workerGroup;
EventExecutorGroup ee;
bossGroup = new NioEventLoopGroup(1, new ThreadFactory() {
final AtomicInteger threadNum = new AtomicInteger(0);
@Override
public Thread newThread(Runnable r) {
Thread t = new Thread(r);
t.setName("accept-" + threadNum.getAndIncrement());
return t;
}
});
workerGroup = new NioEventLoopGroup(Runtime.getRuntime().availableProcessors() * 2, new ThreadFactory() {
final AtomicInteger threadNum = new AtomicInteger(0);
@Override
public Thread newThread(Runnable r) {
Thread t = new Thread(r);
t.setName("io-" + threadNum.getAndIncrement());
return t;
}
});
ee = new DefaultEventExecutorGroup(Runtime.getRuntime().availableProcessors() * 2, new ThreadFactory() {
final AtomicInteger threadNum = new AtomicInteger(0);
@Override
public Thread newThread(Runnable r) {
Thread t = new Thread(r);
t.setName("event-" + threadNum.getAndIncrement());
return t;
}
});
try {
ServerBootstrap b = new ServerBootstrap();
b.group(bossGroup, workerGroup).channel(NioServerSocketChannel.class).option(ChannelOption.SO_BACKLOG, 100).childOption(ChannelOption.SO_KEEPALIVE, true).childOption(ChannelOption.SO_REUSEADDR, true).childOption(ChannelOption.TCP_NODELAY, true).childOption(ChannelOption.ALLOCATOR, PooledByteBufAllocator.DEFAULT).childHandler(new ChannelInitializer<SocketChannel>() {
@Override
public void initChannel(io.netty.channel.socket.SocketChannel ch) throws Exception {
if (tlsEnabled) {
SSLEngine engine = sslContext.newEngine(ch.alloc());
engine.setEnabledCipherSuites(enabledTlsCipherSuites);
engine.setEnabledProtocols(enabledTlsProtocols);
if (tlsMutualAuthEnabled) {
engine.setNeedClientAuth(true);
}
ch.pipeline().addLast("ssl", new SslHandler(engine));
}
ch.pipeline().addLast(new LengthFieldPrepender(4));
ch.pipeline().addLast(new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4));
if (saslPlainTextAuth) {
ch.pipeline().addLast("sasl/plain-text", new PlainTextSaslNettyServer());
}
ch.pipeline().addLast(ee, new NettyCorfuMessageDecoder());
ch.pipeline().addLast(ee, new NettyCorfuMessageEncoder());
ch.pipeline().addLast(ee, router);
}
});
ChannelFuture f = b.bind(port).sync();
while (true) {
try {
f.channel().closeFuture().sync();
} catch (InterruptedException ie) {
}
}
} catch (InterruptedException ie) {
} catch (Exception ex) {
log.error("Corfu server shut down unexpectedly due to exception", ex);
} finally {
bossGroup.shutdownGracefully();
workerGroup.shutdownGracefully();
}
}
Also used :
ChannelOption(io.netty.channel.ChannelOption)
Getter(lombok.Getter)
GitRepositoryState(org.corfudb.util.GitRepositoryState)
LoggerFactory(org.slf4j.LoggerFactory)
NettyCorfuMessageEncoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageEncoder)
Docopt(org.docopt.Docopt)
SSLEngine(javax.net.ssl.SSLEngine)
PlainTextSaslNettyServer(org.corfudb.security.sasl.plaintext.PlainTextSaslNettyServer)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
DefaultEventExecutorGroup(io.netty.util.concurrent.DefaultEventExecutorGroup)
Map(java.util.Map)
Color(org.fusesource.jansi.Ansi.Color)
ThreadFactory(java.util.concurrent.ThreadFactory)
SocketChannel(io.netty.channel.socket.SocketChannel)
LengthFieldPrepender(io.netty.handler.codec.LengthFieldPrepender)
TlsUtils(org.corfudb.security.tls.TlsUtils)
Ansi.ansi(org.fusesource.jansi.Ansi.ansi)
LengthFieldBasedFrameDecoder(io.netty.handler.codec.LengthFieldBasedFrameDecoder)
NettyCorfuMessageDecoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageDecoder)
EventLoopGroup(io.netty.channel.EventLoopGroup)
ChannelInitializer(io.netty.channel.ChannelInitializer)
SslContext(io.netty.handler.ssl.SslContext)
NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel)
PooledByteBufAllocator(io.netty.buffer.PooledByteBufAllocator)
EventExecutorGroup(io.netty.util.concurrent.EventExecutorGroup)
Collectors(java.util.stream.Collectors)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
File(java.io.File)
ChannelFuture(io.netty.channel.ChannelFuture)
Level(ch.qos.logback.classic.Level)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
AnsiConsole(org.fusesource.jansi.AnsiConsole)
Logger(ch.qos.logback.classic.Logger)
SslHandler(io.netty.handler.ssl.SslHandler)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
Pattern(java.util.regex.Pattern)
Version(org.corfudb.util.Version)
ThreadFactory(java.util.concurrent.ThreadFactory)
SocketChannel(io.netty.channel.socket.SocketChannel)
NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel)
DefaultEventExecutorGroup(io.netty.util.concurrent.DefaultEventExecutorGroup)
SSLEngine(javax.net.ssl.SSLEngine)
NettyCorfuMessageEncoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageEncoder)
Logger(ch.qos.logback.classic.Logger)
LengthFieldPrepender(io.netty.handler.codec.LengthFieldPrepender)
Docopt(org.docopt.Docopt)
PlainTextSaslNettyServer(org.corfudb.security.sasl.plaintext.PlainTextSaslNettyServer)
SocketChannel(io.netty.channel.socket.SocketChannel)
LengthFieldBasedFrameDecoder(io.netty.handler.codec.LengthFieldBasedFrameDecoder)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
DefaultEventExecutorGroup(io.netty.util.concurrent.DefaultEventExecutorGroup)
EventExecutorGroup(io.netty.util.concurrent.EventExecutorGroup)
ChannelFuture(io.netty.channel.ChannelFuture)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
SslHandler(io.netty.handler.ssl.SslHandler)
NettyCorfuMessageDecoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageDecoder)
EventLoopGroup(io.netty.channel.EventLoopGroup)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
File(java.io.File)
Aggregations
SslHandler (io.netty.handler.ssl.SslHandler)41
SSLEngine (javax.net.ssl.SSLEngine)19
ChannelPipeline (io.netty.channel.ChannelPipeline)13
ChannelHandler (io.netty.channel.ChannelHandler)11
Channel (io.netty.channel.Channel)6
SocketChannel (io.netty.channel.socket.SocketChannel)6
ByteBuf (io.netty.buffer.ByteBuf)5
ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)5
ChunkedWriteHandler (io.netty.handler.stream.ChunkedWriteHandler)5
IdleStateHandler (io.netty.handler.timeout.IdleStateHandler)5
ServerTlsHandler (io.grpc.netty.ProtocolNegotiators.ServerTlsHandler)4
Bootstrap (io.netty.bootstrap.Bootstrap)4
ServerBootstrap (io.netty.bootstrap.ServerBootstrap)4
NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)4
IOException (java.io.IOException)4
Test (org.junit.Test)4
ChannelFuture (io.netty.channel.ChannelFuture)3
ChannelInitializer (io.netty.channel.ChannelInitializer)3
NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)3
NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)3
