use of io.netty.handler.ssl.SslContext in project pulsar by yahoo.
the class PulsarChannelInitializer method initChannel.
@Override
protected void initChannel(SocketChannel ch) throws Exception {
if (enableTLS) {
File tlsCert = new File(serviceConfig.getTlsCertificateFilePath());
File tlsKey = new File(serviceConfig.getTlsKeyFilePath());
SslContextBuilder builder = SslContextBuilder.forServer(tlsCert, tlsKey);
if (serviceConfig.isTlsAllowInsecureConnection()) {
builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
} else {
if (serviceConfig.getTlsTrustCertsFilePath().isEmpty()) {
// Use system default
builder.trustManager((File) null);
} else {
File trustCertCollection = new File(serviceConfig.getTlsTrustCertsFilePath());
builder.trustManager(trustCertCollection);
}
}
SslContext sslCtx = builder.clientAuth(ClientAuth.OPTIONAL).build();
ch.pipeline().addLast(TLS_HANDLER, sslCtx.newHandler(ch.alloc()));
}
ch.pipeline().addLast("frameDecoder", new PulsarLengthFieldFrameDecoder(PulsarDecoder.MaxFrameSize, 0, 4, 0, 4));
ch.pipeline().addLast("handler", new ServerCnx(brokerService));
}
use of io.netty.handler.ssl.SslContext in project pulsar by yahoo.
the class ServiceChannelInitializer method initChannel.
@Override
protected void initChannel(SocketChannel ch) throws Exception {
if (enableTLS) {
File tlsCert = new File(serviceConfig.getTlsCertificateFilePath());
File tlsKey = new File(serviceConfig.getTlsKeyFilePath());
SslContextBuilder builder = SslContextBuilder.forServer(tlsCert, tlsKey);
// allows insecure connection
builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
SslContext sslCtx = builder.clientAuth(ClientAuth.OPTIONAL).build();
ch.pipeline().addLast(TLS_HANDLER, sslCtx.newHandler(ch.alloc()));
}
ch.pipeline().addLast("frameDecoder", new PulsarLengthFieldFrameDecoder(PulsarDecoder.MaxFrameSize, 0, 4, 0, 4));
ch.pipeline().addLast("handler", new ServerConnection(discoveryService));
}
use of io.netty.handler.ssl.SslContext in project jackrabbit-oak by apache.
the class StandbyClient method connect.
void connect(String host, int port) throws Exception {
final SslContext sslContext;
if (secure) {
sslContext = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build();
} else {
sslContext = null;
}
Bootstrap b = new Bootstrap().group(group).channel(NioSocketChannel.class).option(ChannelOption.CONNECT_TIMEOUT_MILLIS, readTimeoutMs).option(ChannelOption.TCP_NODELAY, true).option(ChannelOption.SO_REUSEADDR, true).option(ChannelOption.SO_KEEPALIVE, true).handler(new ChannelInitializer<SocketChannel>() {
@Override
public void initChannel(SocketChannel ch) throws Exception {
ChannelPipeline p = ch.pipeline();
if (sslContext != null) {
p.addLast(sslContext.newHandler(ch.alloc()));
}
p.addLast(new ReadTimeoutHandler(readTimeoutMs, TimeUnit.MILLISECONDS));
// Decoders
p.addLast(new SnappyFramedDecoder(true));
// Such a big max frame length is needed because blob
// values are sent in one big message. In future
// versions of the protocol, sending binaries in chunks
// should be considered instead.
p.addLast(new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4));
p.addLast(new ResponseDecoder());
// Encoders
p.addLast(new StringEncoder(CharsetUtil.UTF_8));
p.addLast(new GetHeadRequestEncoder());
p.addLast(new GetSegmentRequestEncoder());
p.addLast(new GetBlobRequestEncoder());
p.addLast(new GetReferencesRequestEncoder());
// Handlers
p.addLast(new GetHeadResponseHandler(headQueue));
p.addLast(new GetSegmentResponseHandler(segmentQueue));
p.addLast(new GetBlobResponseHandler(blobQueue));
p.addLast(new GetReferencesResponseHandler(referencesQueue));
// Exception handler
p.addLast(new ExceptionHandler(clientId));
}
});
channel = b.connect(host, port).sync().channel();
}
Aggregations