Search in sources :

Example 1 with SslContext

use of io.netty.handler.ssl.SslContext in project neo4j by neo4j.

the class BoltKernelExtension method newInstance.

@Override
public Lifecycle newInstance(KernelContext context, Dependencies dependencies) throws Throwable {
    Config config = dependencies.config();
    GraphDatabaseService gdb = dependencies.db();
    GraphDatabaseAPI api = (GraphDatabaseAPI) gdb;
    LogService logService = dependencies.logService();
    Clock clock = dependencies.clock();
    Log log = logService.getInternalLog(WorkerFactory.class);
    LifeSupport life = new LifeSupport();
    JobScheduler scheduler = dependencies.scheduler();
    InternalLoggerFactory.setDefaultFactory(new Netty4LoggerFactory(logService.getInternalLogProvider()));
    Authentication authentication = authentication(dependencies.authManager(), dependencies.userManagerSupplier());
    BoltFactory boltFactory = life.add(new BoltFactoryImpl(api, dependencies.usageData(), logService, dependencies.txBridge(), authentication, dependencies.sessionTracker(), config));
    WorkerFactory workerFactory = createWorkerFactory(boltFactory, scheduler, dependencies, logService, clock);
    List<ProtocolInitializer> connectors = config.enabledBoltConnectors().stream().map((connConfig) -> {
        ListenSocketAddress listenAddress = config.get(connConfig.listen_address);
        AdvertisedSocketAddress advertisedAddress = config.get(connConfig.advertised_address);
        SslContext sslCtx;
        boolean requireEncryption;
        final BoltConnector.EncryptionLevel encryptionLevel = config.get(connConfig.encryption_level);
        switch(encryptionLevel) {
            case REQUIRED:
                // Encrypted connections are mandatory, a self-signed certificate may be generated.
                requireEncryption = true;
                sslCtx = createSslContext(config, log, advertisedAddress);
                break;
            case OPTIONAL:
                // Encrypted connections are optional, a self-signed certificate may be generated.
                requireEncryption = false;
                sslCtx = createSslContext(config, log, advertisedAddress);
                break;
            case DISABLED:
                // Encryption is turned off, no self-signed certificate will be generated.
                requireEncryption = false;
                sslCtx = null;
                break;
            default:
                // In the unlikely event that we happen to fall through to the default option here,
                // there is a mismatch between the BoltConnector.EncryptionLevel enum and the options
                // handled in this switch statement. In this case, we'll log a warning and default to
                // disabling encryption, since this mirrors the functionality introduced in 3.0.
                log.warn(format("Unhandled encryption level %s - assuming DISABLED.", encryptionLevel.name()));
                requireEncryption = false;
                sslCtx = null;
                break;
        }
        final Map<Long, BiFunction<Channel, Boolean, BoltProtocol>> versions = newVersions(logService, workerFactory);
        return new SocketTransport(listenAddress, sslCtx, requireEncryption, logService.getInternalLogProvider(), versions);
    }).collect(toList());
    if (connectors.size() > 0 && !config.get(GraphDatabaseSettings.disconnected)) {
        life.add(new NettyServer(scheduler.threadFactory(boltNetworkIO), connectors));
        log.info("Bolt Server extension loaded.");
        for (ProtocolInitializer connector : connectors) {
            logService.getUserLog(WorkerFactory.class).info("Bolt enabled on %s.", connector.address());
        }
    }
    return life;
}
Also used : Service(org.neo4j.helpers.Service) UsageData(org.neo4j.udc.UsageData) Log(org.neo4j.logging.Log) Authentication(org.neo4j.bolt.security.auth.Authentication) BiFunction(java.util.function.BiFunction) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) KernelContext(org.neo4j.kernel.impl.spi.KernelContext) SocketTransport(org.neo4j.bolt.transport.SocketTransport) BoltProtocol(org.neo4j.bolt.transport.BoltProtocol) LifeSupport(org.neo4j.kernel.lifecycle.LifeSupport) KeyStoreFactory(org.neo4j.bolt.security.ssl.KeyStoreFactory) AdvertisedSocketAddress(org.neo4j.helpers.AdvertisedSocketAddress) GeneralSecurityException(java.security.GeneralSecurityException) ProtocolInitializer(org.neo4j.bolt.transport.NettyServer.ProtocolInitializer) Map(java.util.Map) KeyStoreInformation(org.neo4j.bolt.security.ssl.KeyStoreInformation) Groups.boltNetworkIO(org.neo4j.kernel.impl.util.JobScheduler.Groups.boltNetworkIO) BoltConnectionDescriptor(org.neo4j.bolt.v1.runtime.BoltConnectionDescriptor) BoltFactory(org.neo4j.bolt.v1.runtime.BoltFactory) BoltConnector(org.neo4j.kernel.configuration.BoltConnector) ThreadToStatementContextBridge(org.neo4j.kernel.impl.core.ThreadToStatementContextBridge) LogService(org.neo4j.kernel.impl.logging.LogService) String.format(java.lang.String.format) GraphDatabaseAPI(org.neo4j.kernel.internal.GraphDatabaseAPI) Netty4LoggerFactory(org.neo4j.bolt.transport.Netty4LoggerFactory) Settings.derivedSetting(org.neo4j.kernel.configuration.Settings.derivedSetting) List(java.util.List) Description(org.neo4j.configuration.Description) BoltFactoryImpl(org.neo4j.bolt.v1.runtime.BoltFactoryImpl) KernelExtensionFactory(org.neo4j.kernel.extension.KernelExtensionFactory) WorkerFactory(org.neo4j.bolt.v1.runtime.WorkerFactory) BasicAuthentication(org.neo4j.bolt.security.auth.BasicAuthentication) GraphDatabaseSettings(org.neo4j.graphdb.factory.GraphDatabaseSettings) Settings.pathSetting(org.neo4j.kernel.configuration.Settings.pathSetting) Internal(org.neo4j.configuration.Internal) Monitors(org.neo4j.kernel.monitoring.Monitors) HashMap(java.util.HashMap) JobScheduler(org.neo4j.kernel.impl.util.JobScheduler) Configuration(org.neo4j.graphdb.config.Configuration) ListenSocketAddress(org.neo4j.helpers.ListenSocketAddress) BoltProtocolV1(org.neo4j.bolt.v1.transport.BoltProtocolV1) Certificates(org.neo4j.bolt.security.ssl.Certificates) GraphDatabaseService(org.neo4j.graphdb.GraphDatabaseService) NettyServer(org.neo4j.bolt.transport.NettyServer) ThreadedWorkerFactory(org.neo4j.bolt.v1.runtime.concurrent.ThreadedWorkerFactory) Lifecycle(org.neo4j.kernel.lifecycle.Lifecycle) Config(org.neo4j.kernel.configuration.Config) SslContext(io.netty.handler.ssl.SslContext) BoltConnectionTracker(org.neo4j.kernel.api.bolt.BoltConnectionTracker) Setting(org.neo4j.graphdb.config.Setting) IOException(java.io.IOException) PATH(org.neo4j.kernel.configuration.Settings.PATH) File(java.io.File) Channel(io.netty.channel.Channel) UserManagerSupplier(org.neo4j.kernel.api.security.UserManagerSupplier) BoltWorker(org.neo4j.bolt.v1.runtime.BoltWorker) Collectors.toList(java.util.stream.Collectors.toList) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) Clock(java.time.Clock) InternalLoggerFactory(io.netty.util.internal.logging.InternalLoggerFactory) MonitoredWorkerFactory(org.neo4j.bolt.v1.runtime.MonitoredWorkerFactory) AuthManager(org.neo4j.kernel.api.security.AuthManager) Config(org.neo4j.kernel.configuration.Config) AdvertisedSocketAddress(org.neo4j.helpers.AdvertisedSocketAddress) Clock(java.time.Clock) BoltFactory(org.neo4j.bolt.v1.runtime.BoltFactory) WorkerFactory(org.neo4j.bolt.v1.runtime.WorkerFactory) ThreadedWorkerFactory(org.neo4j.bolt.v1.runtime.concurrent.ThreadedWorkerFactory) MonitoredWorkerFactory(org.neo4j.bolt.v1.runtime.MonitoredWorkerFactory) NettyServer(org.neo4j.bolt.transport.NettyServer) BoltFactoryImpl(org.neo4j.bolt.v1.runtime.BoltFactoryImpl) GraphDatabaseAPI(org.neo4j.kernel.internal.GraphDatabaseAPI) LifeSupport(org.neo4j.kernel.lifecycle.LifeSupport) SslContext(io.netty.handler.ssl.SslContext) ProtocolInitializer(org.neo4j.bolt.transport.NettyServer.ProtocolInitializer) JobScheduler(org.neo4j.kernel.impl.util.JobScheduler) GraphDatabaseService(org.neo4j.graphdb.GraphDatabaseService) Log(org.neo4j.logging.Log) SocketTransport(org.neo4j.bolt.transport.SocketTransport) Channel(io.netty.channel.Channel) BoltProtocol(org.neo4j.bolt.transport.BoltProtocol) Authentication(org.neo4j.bolt.security.auth.Authentication) BasicAuthentication(org.neo4j.bolt.security.auth.BasicAuthentication) ListenSocketAddress(org.neo4j.helpers.ListenSocketAddress) Netty4LoggerFactory(org.neo4j.bolt.transport.Netty4LoggerFactory) Map(java.util.Map) HashMap(java.util.HashMap) LogService(org.neo4j.kernel.impl.logging.LogService)

Example 2 with SslContext

use of io.netty.handler.ssl.SslContext in project pulsar by yahoo.

the class DiscoveryServiceTest method connectToService.

/**
     * creates ClientHandler channel to connect and communicate with server
     * 
     * @param serviceUrl
     * @param latch
     * @return
     * @throws URISyntaxException
     */
public static NioEventLoopGroup connectToService(String serviceUrl, CountDownLatch latch, boolean tls) throws URISyntaxException {
    NioEventLoopGroup workerGroup = new NioEventLoopGroup();
    Bootstrap b = new Bootstrap();
    b.group(workerGroup);
    b.channel(NioSocketChannel.class);
    b.handler(new ChannelInitializer<SocketChannel>() {

        @Override
        public void initChannel(SocketChannel ch) throws Exception {
            if (tls) {
                SslContextBuilder builder = SslContextBuilder.forClient();
                builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
                X509Certificate[] certificates = SecurityUtility.loadCertificatesFromPemFile(TLS_CLIENT_CERT_FILE_PATH);
                PrivateKey privateKey = SecurityUtility.loadPrivateKeyFromPemFile(TLS_CLIENT_KEY_FILE_PATH);
                builder.keyManager(privateKey, (X509Certificate[]) certificates);
                SslContext sslCtx = builder.build();
                ch.pipeline().addLast("tls", sslCtx.newHandler(ch.alloc()));
            }
            ch.pipeline().addLast(new ClientHandler(latch));
        }
    });
    URI uri = new URI(serviceUrl);
    InetSocketAddress serviceAddress = new InetSocketAddress(uri.getHost(), uri.getPort());
    b.connect(serviceAddress).addListener((ChannelFuture future) -> {
        if (!future.isSuccess()) {
            throw new IllegalStateException(future.cause());
        }
    });
    return workerGroup;
}
Also used : ChannelFuture(io.netty.channel.ChannelFuture) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) SocketChannel(io.netty.channel.socket.SocketChannel) PrivateKey(java.security.PrivateKey) InetSocketAddress(java.net.InetSocketAddress) URI(java.net.URI) URISyntaxException(java.net.URISyntaxException) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) Bootstrap(io.netty.bootstrap.Bootstrap) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) SslContext(io.netty.handler.ssl.SslContext)

Example 3 with SslContext

use of io.netty.handler.ssl.SslContext in project grpc-java by grpc.

the class Utils method newNettyClientChannel.

private static NettyChannelBuilder newNettyClientChannel(Transport transport, SocketAddress address, boolean tls, boolean testca, int flowControlWindow, boolean useDefaultCiphers) throws IOException {
    NettyChannelBuilder builder = NettyChannelBuilder.forAddress(address).flowControlWindow(flowControlWindow);
    if (tls) {
        builder.negotiationType(NegotiationType.TLS);
        SslContext sslContext = null;
        if (testca) {
            File cert = TestUtils.loadCert("ca.pem");
            SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient().trustManager(cert);
            if (transport == Transport.NETTY_NIO) {
                sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.JDK);
            } else {
                // Native transport with OpenSSL
                sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.OPENSSL);
            }
            if (useDefaultCiphers) {
                sslContextBuilder.ciphers(null);
            }
            sslContext = sslContextBuilder.build();
        }
        builder.sslContext(sslContext);
    } else {
        builder.negotiationType(NegotiationType.PLAINTEXT);
    }
    DefaultThreadFactory tf = new DefaultThreadFactory("client-elg-", true);
    switch(transport) {
        case NETTY_NIO:
            builder.eventLoopGroup(new NioEventLoopGroup(0, tf)).channelType(NioSocketChannel.class);
            break;
        case NETTY_EPOLL:
            // These classes only work on Linux.
            builder.eventLoopGroup(new EpollEventLoopGroup(0, tf)).channelType(EpollSocketChannel.class);
            break;
        case NETTY_UNIX_DOMAIN_SOCKET:
            // These classes only work on Linux.
            builder.eventLoopGroup(new EpollEventLoopGroup(0, tf)).channelType(EpollDomainSocketChannel.class);
            break;
        default:
            // Should never get here.
            throw new IllegalArgumentException("Unsupported transport: " + transport);
    }
    return builder;
}
Also used : DefaultThreadFactory(io.netty.util.concurrent.DefaultThreadFactory) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) EpollEventLoopGroup(io.netty.channel.epoll.EpollEventLoopGroup) NettyChannelBuilder(io.grpc.netty.NettyChannelBuilder) File(java.io.File) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) SslContext(io.netty.handler.ssl.SslContext)

Example 4 with SslContext

use of io.netty.handler.ssl.SslContext in project CorfuDB by CorfuDB.

the class CorfuServer method main.

public static void main(String[] args) {
    serverRunning = true;
    // Parse the options given, using docopt.
    Map<String, Object> opts = new Docopt(USAGE).withVersion(GitRepositoryState.getRepositoryState().describe).parse(args);
    int port = Integer.parseInt((String) opts.get("<port>"));
    // Print a nice welcome message.
    AnsiConsole.systemInstall();
    printLogo();
    System.out.println(ansi().a("Welcome to ").fg(RED).a("CORFU ").fg(MAGENTA).a("SERVER").reset());
    System.out.println(ansi().a("Version ").a(Version.getVersionString()).a(" (").fg(BLUE).a(GitRepositoryState.getRepositoryState().commitIdAbbrev).reset().a(")"));
    System.out.println(ansi().a("Serving on port ").fg(WHITE).a(port).reset());
    System.out.println(ansi().a("Service directory: ").fg(WHITE).a((Boolean) opts.get("--memory") ? "MEMORY mode" : opts.get("--log-path")).reset());
    // Pick the correct logging level before outputting error messages.
    Logger root = (Logger) LoggerFactory.getLogger(Logger.ROOT_LOGGER_NAME);
    switch((String) opts.get("--log-level")) {
        case "ERROR":
            root.setLevel(Level.ERROR);
            break;
        case "WARN":
            root.setLevel(Level.WARN);
            break;
        case "INFO":
            root.setLevel(Level.INFO);
            break;
        case "DEBUG":
            root.setLevel(Level.DEBUG);
            break;
        case "TRACE":
            root.setLevel(Level.TRACE);
            break;
        default:
            root.setLevel(Level.INFO);
            log.warn("Level {} not recognized, defaulting to level INFO", opts.get("--log-level"));
    }
    log.debug("Started with arguments: " + opts);
    // Create the service directory if it does not exist.
    if (!(Boolean) opts.get("--memory")) {
        File serviceDir = new File((String) opts.get("--log-path"));
        if (!serviceDir.exists()) {
            if (serviceDir.mkdirs()) {
                log.info("Created new service directory at {}.", serviceDir);
            }
        } else if (!serviceDir.isDirectory()) {
            log.error("Service directory {} does not point to a directory. Aborting.", serviceDir);
            throw new RuntimeException("Service directory must be a directory!");
        }
    }
    // Now, we start the Netty router, and have it route to the correct port.
    router = new NettyServerRouter(opts);
    // Create a common Server Context for all servers to access.
    serverContext = new ServerContext(opts, router);
    // Add each role to the router.
    addSequencer();
    addLayoutServer();
    addLogUnit();
    addManagementServer();
    router.baseServer.setOptionsMap(opts);
    // Setup SSL if needed
    Boolean tlsEnabled = (Boolean) opts.get("--enable-tls");
    Boolean tlsMutualAuthEnabled = (Boolean) opts.get("--enable-tls-mutual-auth");
    if (tlsEnabled) {
        // Get the TLS cipher suites to enable
        String ciphs = (String) opts.get("--tls-ciphers");
        if (ciphs != null) {
            List<String> ciphers = Pattern.compile(",").splitAsStream(ciphs).map(String::trim).collect(Collectors.toList());
            enabledTlsCipherSuites = ciphers.toArray(new String[ciphers.size()]);
        }
        // Get the TLS protocols to enable
        String protos = (String) opts.get("--tls-protocols");
        if (protos != null) {
            List<String> protocols = Pattern.compile(",").splitAsStream(protos).map(String::trim).collect(Collectors.toList());
            enabledTlsProtocols = protocols.toArray(new String[protocols.size()]);
        }
        try {
            sslContext = TlsUtils.enableTls(TlsUtils.SslContextType.SERVER_CONTEXT, (String) opts.get("--keystore"), e -> {
                log.error("Could not load keys from the key store.");
                System.exit(1);
            }, (String) opts.get("--keystore-password-file"), e -> {
                log.error("Could not read the key store password file.");
                System.exit(1);
            }, (String) opts.get("--truststore"), e -> {
                log.error("Could not load keys from the trust store.");
                System.exit(1);
            }, (String) opts.get("--truststore-password-file"), e -> {
                log.error("Could not read the trust store password file.");
                System.exit(1);
            });
        } catch (Exception ex) {
            log.error("Could not build the SSL context");
            System.exit(1);
        }
    }
    Boolean saslPlainTextAuth = (Boolean) opts.get("--enable-sasl-plain-text-auth");
    // Create the event loops responsible for servicing inbound messages.
    EventLoopGroup bossGroup;
    EventLoopGroup workerGroup;
    EventExecutorGroup ee;
    bossGroup = new NioEventLoopGroup(1, new ThreadFactory() {

        final AtomicInteger threadNum = new AtomicInteger(0);

        @Override
        public Thread newThread(Runnable r) {
            Thread t = new Thread(r);
            t.setName("accept-" + threadNum.getAndIncrement());
            return t;
        }
    });
    workerGroup = new NioEventLoopGroup(Runtime.getRuntime().availableProcessors() * 2, new ThreadFactory() {

        final AtomicInteger threadNum = new AtomicInteger(0);

        @Override
        public Thread newThread(Runnable r) {
            Thread t = new Thread(r);
            t.setName("io-" + threadNum.getAndIncrement());
            return t;
        }
    });
    ee = new DefaultEventExecutorGroup(Runtime.getRuntime().availableProcessors() * 2, new ThreadFactory() {

        final AtomicInteger threadNum = new AtomicInteger(0);

        @Override
        public Thread newThread(Runnable r) {
            Thread t = new Thread(r);
            t.setName("event-" + threadNum.getAndIncrement());
            return t;
        }
    });
    try {
        ServerBootstrap b = new ServerBootstrap();
        b.group(bossGroup, workerGroup).channel(NioServerSocketChannel.class).option(ChannelOption.SO_BACKLOG, 100).childOption(ChannelOption.SO_KEEPALIVE, true).childOption(ChannelOption.SO_REUSEADDR, true).childOption(ChannelOption.TCP_NODELAY, true).childOption(ChannelOption.ALLOCATOR, PooledByteBufAllocator.DEFAULT).childHandler(new ChannelInitializer<SocketChannel>() {

            @Override
            public void initChannel(io.netty.channel.socket.SocketChannel ch) throws Exception {
                if (tlsEnabled) {
                    SSLEngine engine = sslContext.newEngine(ch.alloc());
                    engine.setEnabledCipherSuites(enabledTlsCipherSuites);
                    engine.setEnabledProtocols(enabledTlsProtocols);
                    if (tlsMutualAuthEnabled) {
                        engine.setNeedClientAuth(true);
                    }
                    ch.pipeline().addLast("ssl", new SslHandler(engine));
                }
                ch.pipeline().addLast(new LengthFieldPrepender(4));
                ch.pipeline().addLast(new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4));
                if (saslPlainTextAuth) {
                    ch.pipeline().addLast("sasl/plain-text", new PlainTextSaslNettyServer());
                }
                ch.pipeline().addLast(ee, new NettyCorfuMessageDecoder());
                ch.pipeline().addLast(ee, new NettyCorfuMessageEncoder());
                ch.pipeline().addLast(ee, router);
            }
        });
        ChannelFuture f = b.bind(port).sync();
        while (true) {
            try {
                f.channel().closeFuture().sync();
            } catch (InterruptedException ie) {
            }
        }
    } catch (InterruptedException ie) {
    } catch (Exception ex) {
        log.error("Corfu server shut down unexpectedly due to exception", ex);
    } finally {
        bossGroup.shutdownGracefully();
        workerGroup.shutdownGracefully();
    }
}
Also used : ChannelOption(io.netty.channel.ChannelOption) Getter(lombok.Getter) GitRepositoryState(org.corfudb.util.GitRepositoryState) LoggerFactory(org.slf4j.LoggerFactory) NettyCorfuMessageEncoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageEncoder) Docopt(org.docopt.Docopt) SSLEngine(javax.net.ssl.SSLEngine) PlainTextSaslNettyServer(org.corfudb.security.sasl.plaintext.PlainTextSaslNettyServer) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) DefaultEventExecutorGroup(io.netty.util.concurrent.DefaultEventExecutorGroup) Map(java.util.Map) Color(org.fusesource.jansi.Ansi.Color) ThreadFactory(java.util.concurrent.ThreadFactory) SocketChannel(io.netty.channel.socket.SocketChannel) LengthFieldPrepender(io.netty.handler.codec.LengthFieldPrepender) TlsUtils(org.corfudb.security.tls.TlsUtils) Ansi.ansi(org.fusesource.jansi.Ansi.ansi) LengthFieldBasedFrameDecoder(io.netty.handler.codec.LengthFieldBasedFrameDecoder) NettyCorfuMessageDecoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageDecoder) EventLoopGroup(io.netty.channel.EventLoopGroup) ChannelInitializer(io.netty.channel.ChannelInitializer) SslContext(io.netty.handler.ssl.SslContext) NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel) PooledByteBufAllocator(io.netty.buffer.PooledByteBufAllocator) EventExecutorGroup(io.netty.util.concurrent.EventExecutorGroup) Collectors(java.util.stream.Collectors) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) File(java.io.File) ChannelFuture(io.netty.channel.ChannelFuture) Level(ch.qos.logback.classic.Level) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) AnsiConsole(org.fusesource.jansi.AnsiConsole) Logger(ch.qos.logback.classic.Logger) SslHandler(io.netty.handler.ssl.SslHandler) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) Pattern(java.util.regex.Pattern) Version(org.corfudb.util.Version) ThreadFactory(java.util.concurrent.ThreadFactory) SocketChannel(io.netty.channel.socket.SocketChannel) NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel) DefaultEventExecutorGroup(io.netty.util.concurrent.DefaultEventExecutorGroup) SSLEngine(javax.net.ssl.SSLEngine) NettyCorfuMessageEncoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageEncoder) Logger(ch.qos.logback.classic.Logger) LengthFieldPrepender(io.netty.handler.codec.LengthFieldPrepender) Docopt(org.docopt.Docopt) PlainTextSaslNettyServer(org.corfudb.security.sasl.plaintext.PlainTextSaslNettyServer) SocketChannel(io.netty.channel.socket.SocketChannel) LengthFieldBasedFrameDecoder(io.netty.handler.codec.LengthFieldBasedFrameDecoder) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) DefaultEventExecutorGroup(io.netty.util.concurrent.DefaultEventExecutorGroup) EventExecutorGroup(io.netty.util.concurrent.EventExecutorGroup) ChannelFuture(io.netty.channel.ChannelFuture) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) SslHandler(io.netty.handler.ssl.SslHandler) NettyCorfuMessageDecoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageDecoder) EventLoopGroup(io.netty.channel.EventLoopGroup) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) File(java.io.File)

Example 5 with SslContext

use of io.netty.handler.ssl.SslContext in project pravega by pravega.

the class ConnectionFactoryImpl method establishConnection.

@Override
public CompletableFuture<ClientConnection> establishConnection(PravegaNodeUri location, ReplyProcessor rp) {
    Preconditions.checkNotNull(location);
    Exceptions.checkNotClosed(closed.get(), this);
    final SslContext sslCtx;
    if (clientConfig.isEnableTls()) {
        try {
            SslContextBuilder sslCtxFactory = SslContextBuilder.forClient();
            if (Strings.isNullOrEmpty(clientConfig.getTrustStore())) {
                sslCtxFactory = sslCtxFactory.trustManager(FingerprintTrustManagerFactory.getInstance(FingerprintTrustManagerFactory.getDefaultAlgorithm()));
            } else {
                sslCtxFactory = SslContextBuilder.forClient().trustManager(new File(clientConfig.getTrustStore()));
            }
            sslCtx = sslCtxFactory.build();
        } catch (SSLException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    } else {
        sslCtx = null;
    }
    AppendBatchSizeTracker batchSizeTracker = new AppendBatchSizeTrackerImpl();
    ClientConnectionInboundHandler handler = new ClientConnectionInboundHandler(location.getEndpoint(), rp, batchSizeTracker);
    Bootstrap b = new Bootstrap();
    b.group(group).channel(nio ? NioSocketChannel.class : EpollSocketChannel.class).option(ChannelOption.TCP_NODELAY, true).handler(new ChannelInitializer<SocketChannel>() {

        @Override
        public void initChannel(SocketChannel ch) throws Exception {
            ChannelPipeline p = ch.pipeline();
            if (sslCtx != null) {
                SslHandler sslHandler = sslCtx.newHandler(ch.alloc(), location.getEndpoint(), location.getPort());
                if (clientConfig.isValidateHostName()) {
                    SSLEngine sslEngine = sslHandler.engine();
                    SSLParameters sslParameters = sslEngine.getSSLParameters();
                    sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
                    sslEngine.setSSLParameters(sslParameters);
                }
                p.addLast(sslHandler);
            }
            // p.addLast(new LoggingHandler(LogLevel.INFO));
            p.addLast(new ExceptionLoggingHandler(location.getEndpoint()), new CommandEncoder(batchSizeTracker), new LengthFieldBasedFrameDecoder(WireCommands.MAX_WIRECOMMAND_SIZE, 4, 4), new CommandDecoder(), handler);
        }
    });
    // Start the client.
    CompletableFuture<ClientConnection> connectionComplete = new CompletableFuture<>();
    try {
        b.connect(location.getEndpoint(), location.getPort()).addListener(new ChannelFutureListener() {

            @Override
            public void operationComplete(ChannelFuture future) {
                if (future.isSuccess()) {
                    // since ChannelFuture is complete future.channel() is not a blocking call.
                    Channel ch = future.channel();
                    log.debug("Connect operation completed for channel:{}, local address:{}, remote address:{}", ch.id(), ch.localAddress(), ch.remoteAddress());
                    // Once a channel is closed the channel group implementation removes it.
                    allChannels.add(ch);
                    connectionComplete.complete(handler);
                } else {
                    connectionComplete.completeExceptionally(new ConnectionFailedException(future.cause()));
                }
            }
        });
    } catch (Exception e) {
        connectionComplete.completeExceptionally(new ConnectionFailedException(e));
    }
    // check if channel is registered.
    CompletableFuture<Void> channelRegisteredFuture = new CompletableFuture<>();
    handler.completeWhenRegistered(channelRegisteredFuture);
    return connectionComplete.thenCombine(channelRegisteredFuture, (clientConnection, v) -> clientConnection);
}
Also used : NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel) SocketChannel(io.netty.channel.socket.SocketChannel) SSLEngine(javax.net.ssl.SSLEngine) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CommandEncoder(io.pravega.shared.protocol.netty.CommandEncoder) SSLException(javax.net.ssl.SSLException) CompletableFuture(java.util.concurrent.CompletableFuture) SSLParameters(javax.net.ssl.SSLParameters) ExceptionLoggingHandler(io.pravega.shared.protocol.netty.ExceptionLoggingHandler) Bootstrap(io.netty.bootstrap.Bootstrap) EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel) LengthFieldBasedFrameDecoder(io.netty.handler.codec.LengthFieldBasedFrameDecoder) SslContext(io.netty.handler.ssl.SslContext) ChannelFuture(io.netty.channel.ChannelFuture) AppendBatchSizeTracker(io.pravega.shared.protocol.netty.AppendBatchSizeTracker) CommandDecoder(io.pravega.shared.protocol.netty.CommandDecoder) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel) SocketChannel(io.netty.channel.socket.SocketChannel) Channel(io.netty.channel.Channel) ChannelFutureListener(io.netty.channel.ChannelFutureListener) ConnectionFailedException(io.pravega.shared.protocol.netty.ConnectionFailedException) SSLException(javax.net.ssl.SSLException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ChannelPipeline(io.netty.channel.ChannelPipeline) SslHandler(io.netty.handler.ssl.SslHandler) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) File(java.io.File) ConnectionFailedException(io.pravega.shared.protocol.netty.ConnectionFailedException)

Aggregations

SslContext (io.netty.handler.ssl.SslContext)198 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)62 EventLoopGroup (io.netty.channel.EventLoopGroup)52 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)50 Test (org.junit.Test)48 ServerBootstrap (io.netty.bootstrap.ServerBootstrap)41 Channel (io.netty.channel.Channel)41 SSLException (javax.net.ssl.SSLException)39 LoggingHandler (io.netty.handler.logging.LoggingHandler)35 SocketChannel (io.netty.channel.socket.SocketChannel)34 NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)34 Bootstrap (io.netty.bootstrap.Bootstrap)33 NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)33 SslHandler (io.netty.handler.ssl.SslHandler)26 SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)25 ChannelPipeline (io.netty.channel.ChannelPipeline)23 InetSocketAddress (java.net.InetSocketAddress)23 ChannelFuture (io.netty.channel.ChannelFuture)21 File (java.io.File)21 CertificateException (java.security.cert.CertificateException)20