use of io.netty.handler.ssl.SslContext in project pulsar by yahoo.
the class DiscoveryServiceTest method connectToService.
/**
* creates ClientHandler channel to connect and communicate with server
*
* @param serviceUrl
* @param latch
* @return
* @throws URISyntaxException
*/
public static NioEventLoopGroup connectToService(String serviceUrl, CountDownLatch latch, boolean tls) throws URISyntaxException {
NioEventLoopGroup workerGroup = new NioEventLoopGroup();
Bootstrap b = new Bootstrap();
b.group(workerGroup);
b.channel(NioSocketChannel.class);
b.handler(new ChannelInitializer<SocketChannel>() {
@Override
public void initChannel(SocketChannel ch) throws Exception {
if (tls) {
SslContextBuilder builder = SslContextBuilder.forClient();
builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
X509Certificate[] certificates = SecurityUtility.loadCertificatesFromPemFile(TLS_CLIENT_CERT_FILE_PATH);
PrivateKey privateKey = SecurityUtility.loadPrivateKeyFromPemFile(TLS_CLIENT_KEY_FILE_PATH);
builder.keyManager(privateKey, (X509Certificate[]) certificates);
SslContext sslCtx = builder.build();
ch.pipeline().addLast("tls", sslCtx.newHandler(ch.alloc()));
}
ch.pipeline().addLast(new ClientHandler(latch));
}
});
URI uri = new URI(serviceUrl);
InetSocketAddress serviceAddress = new InetSocketAddress(uri.getHost(), uri.getPort());
b.connect(serviceAddress).addListener((ChannelFuture future) -> {
if (!future.isSuccess()) {
throw new IllegalStateException(future.cause());
}
});
return workerGroup;
}
use of io.netty.handler.ssl.SslContext in project riposte by Nike-Inc.
the class HttpChannelInitializerTest method constructor_works_with_valid_args.
@Test
public void constructor_works_with_valid_args() {
// given
SslContext sslCtx = mock(SslContext.class);
int maxRequestSizeInBytes = 42;
Collection<Endpoint<?>> endpoints = Arrays.asList(getMockEndpoint("/some/path", HttpMethod.GET));
RequestAndResponseFilter beforeSecurityRequestFilter = mock(RequestAndResponseFilter.class);
doReturn(true).when(beforeSecurityRequestFilter).shouldExecuteBeforeSecurityValidation();
RequestAndResponseFilter afterSecurityRequestFilter = mock(RequestAndResponseFilter.class);
doReturn(false).when(afterSecurityRequestFilter).shouldExecuteBeforeSecurityValidation();
List<RequestAndResponseFilter> reqResFilters = Arrays.asList(beforeSecurityRequestFilter, afterSecurityRequestFilter);
Executor longRunningTaskExecutor = mock(Executor.class);
RiposteErrorHandler riposteErrorHandler = mock(RiposteErrorHandler.class);
RiposteUnhandledErrorHandler riposteUnhandledErrorHandler = mock(RiposteUnhandledErrorHandler.class);
RequestValidator validationService = mock(RequestValidator.class);
ObjectMapper requestContentDeserializer = mock(ObjectMapper.class);
ResponseSender responseSender = mock(ResponseSender.class);
@SuppressWarnings("unchecked") MetricsListener metricsListener = mock(MetricsListener.class);
long defaultCompletableFutureTimeoutMillis = 4242L;
AccessLogger accessLogger = mock(AccessLogger.class);
List<PipelineCreateHook> pipelineCreateHooks = mock(List.class);
RequestSecurityValidator requestSecurityValidator = mock(RequestSecurityValidator.class);
long workerChannelIdleTimeoutMillis = 121000;
long proxyRouterConnectTimeoutMillis = 4200;
long incompleteHttpCallTimeoutMillis = 1234;
int maxOpenChannelsThreshold = 1000;
boolean debugChannelLifecycleLoggingEnabled = true;
List<String> userIdHeaderKeys = mock(List.class);
// when
HttpChannelInitializer hci = new HttpChannelInitializer(sslCtx, maxRequestSizeInBytes, endpoints, reqResFilters, longRunningTaskExecutor, riposteErrorHandler, riposteUnhandledErrorHandler, validationService, requestContentDeserializer, responseSender, metricsListener, defaultCompletableFutureTimeoutMillis, accessLogger, pipelineCreateHooks, requestSecurityValidator, workerChannelIdleTimeoutMillis, proxyRouterConnectTimeoutMillis, incompleteHttpCallTimeoutMillis, maxOpenChannelsThreshold, debugChannelLifecycleLoggingEnabled, userIdHeaderKeys);
// then
assertThat(extractField(hci, "sslCtx"), is(sslCtx));
assertThat(extractField(hci, "maxRequestSizeInBytes"), is(maxRequestSizeInBytes));
assertThat(extractField(hci, "endpoints"), is(endpoints));
assertThat(extractField(hci, "longRunningTaskExecutor"), is(longRunningTaskExecutor));
assertThat(extractField(hci, "riposteErrorHandler"), is(riposteErrorHandler));
assertThat(extractField(hci, "riposteUnhandledErrorHandler"), is(riposteUnhandledErrorHandler));
assertThat(extractField(hci, "validationService"), is(validationService));
assertThat(extractField(hci, "requestContentDeserializer"), is(requestContentDeserializer));
assertThat(extractField(hci, "responseSender"), is(responseSender));
assertThat(extractField(hci, "metricsListener"), is(metricsListener));
assertThat(extractField(hci, "defaultCompletableFutureTimeoutMillis"), is(defaultCompletableFutureTimeoutMillis));
assertThat(extractField(hci, "accessLogger"), is(accessLogger));
assertThat(extractField(hci, "pipelineCreateHooks"), is(pipelineCreateHooks));
assertThat(extractField(hci, "requestSecurityValidator"), is(requestSecurityValidator));
assertThat(extractField(hci, "workerChannelIdleTimeoutMillis"), is(workerChannelIdleTimeoutMillis));
assertThat(extractField(hci, "incompleteHttpCallTimeoutMillis"), is(incompleteHttpCallTimeoutMillis));
assertThat(extractField(hci, "maxOpenChannelsThreshold"), is(maxOpenChannelsThreshold));
assertThat(extractField(hci, "debugChannelLifecycleLoggingEnabled"), is(debugChannelLifecycleLoggingEnabled));
assertThat(extractField(hci, "userIdHeaderKeys"), is(userIdHeaderKeys));
StreamingAsyncHttpClient sahc = extractField(hci, "streamingAsyncHttpClientForProxyRouterEndpoints");
assertThat(extractField(sahc, "idleChannelTimeoutMillis"), is(workerChannelIdleTimeoutMillis));
assertThat(extractField(sahc, "downstreamConnectionTimeoutMillis"), is((int) proxyRouterConnectTimeoutMillis));
assertThat(extractField(sahc, "debugChannelLifecycleLoggingEnabled"), is(debugChannelLifecycleLoggingEnabled));
RequestFilterHandler beforeSecReqFH = extractField(hci, "beforeSecurityRequestFilterHandler");
assertThat(extractField(beforeSecReqFH, "filters"), is(Collections.singletonList(beforeSecurityRequestFilter)));
RequestFilterHandler afterSecReqFH = extractField(hci, "afterSecurityRequestFilterHandler");
assertThat(extractField(afterSecReqFH, "filters"), is(Collections.singletonList(afterSecurityRequestFilter)));
ResponseFilterHandler resFH = extractField(hci, "cachedResponseFilterHandler");
List<RequestAndResponseFilter> reversedFilters = new ArrayList<>(reqResFilters);
Collections.reverse(reversedFilters);
assertThat(extractField(resFH, "filtersInResponseProcessingOrder"), is(reversedFilters));
}
use of io.netty.handler.ssl.SslContext in project riposte by Nike-Inc.
the class HttpChannelInitializerTest method initChannel_adds_sslCtx_handler_first_if_available_and_no_utility_handlers.
@Test
public void initChannel_adds_sslCtx_handler_first_if_available_and_no_utility_handlers() throws SSLException {
// given
SslContext sslCtx = new JdkSslClientContext();
HttpChannelInitializer hci = basicHttpChannelInitializer(sslCtx, 0, 100, false, mock(RequestValidator.class), createRequestAndResponseFilterMock());
// when
hci.initChannel(socketChannelMock);
// then
ArgumentCaptor<ChannelHandler> channelHandlerArgumentCaptor = ArgumentCaptor.forClass(ChannelHandler.class);
verify(channelPipelineMock, atLeastOnce()).addLast(anyString(), channelHandlerArgumentCaptor.capture());
List<ChannelHandler> handlers = channelHandlerArgumentCaptor.getAllValues();
assertThat(handlers.get(0), instanceOf(SslHandler.class));
}
use of io.netty.handler.ssl.SslContext in project riposte by Nike-Inc.
the class Server method startup.
public void startup() throws CertificateException, IOException, InterruptedException {
if (startedUp) {
throw new IllegalArgumentException("This Server instance has already started. " + "You can only call startup() once");
}
// Figure out what port to bind to.
int port = Integer.parseInt(System.getProperty("endpointsPort", serverConfig.isEndpointsUseSsl() ? String.valueOf(serverConfig.endpointsSslPort()) : String.valueOf(serverConfig.endpointsPort())));
// Configure SSL if desired.
final SslContext sslCtx;
if (serverConfig.isEndpointsUseSsl()) {
sslCtx = serverConfig.createSslContext();
} else {
sslCtx = null;
}
// Configure the server
EventLoopGroup bossGroup;
EventLoopGroup workerGroup;
Class<? extends ServerChannel> channelClass;
// NIO event loop group.
if (Epoll.isAvailable()) {
logger.info("The epoll native transport is available. Using epoll instead of NIO. " + "riposte_server_using_native_epoll_transport=true");
bossGroup = (serverConfig.bossThreadFactory() == null) ? new EpollEventLoopGroup(serverConfig.numBossThreads()) : new EpollEventLoopGroup(serverConfig.numBossThreads(), serverConfig.bossThreadFactory());
workerGroup = (serverConfig.workerThreadFactory() == null) ? new EpollEventLoopGroup(serverConfig.numWorkerThreads()) : new EpollEventLoopGroup(serverConfig.numWorkerThreads(), serverConfig.workerThreadFactory());
channelClass = EpollServerSocketChannel.class;
} else {
logger.info("The epoll native transport is NOT available or you are not running on a compatible " + "OS/architecture. Using NIO. riposte_server_using_native_epoll_transport=false");
bossGroup = (serverConfig.bossThreadFactory() == null) ? new NioEventLoopGroup(serverConfig.numBossThreads()) : new NioEventLoopGroup(serverConfig.numBossThreads(), serverConfig.bossThreadFactory());
workerGroup = (serverConfig.workerThreadFactory() == null) ? new NioEventLoopGroup(serverConfig.numWorkerThreads()) : new NioEventLoopGroup(serverConfig.numWorkerThreads(), serverConfig.workerThreadFactory());
channelClass = NioServerSocketChannel.class;
}
eventLoopGroups.add(bossGroup);
eventLoopGroups.add(workerGroup);
// Figure out which channel initializer should set up the channel pipelines for new channels.
ChannelInitializer<SocketChannel> channelInitializer = serverConfig.customChannelInitializer();
if (channelInitializer == null) {
// No custom channel initializer, so use the default
channelInitializer = new HttpChannelInitializer(sslCtx, serverConfig.maxRequestSizeInBytes(), serverConfig.appEndpoints(), serverConfig.requestAndResponseFilters(), serverConfig.longRunningTaskExecutor(), serverConfig.riposteErrorHandler(), serverConfig.riposteUnhandledErrorHandler(), serverConfig.requestContentValidationService(), serverConfig.defaultRequestContentDeserializer(), new ResponseSender(serverConfig.defaultResponseContentSerializer(), serverConfig.errorResponseBodySerializer()), serverConfig.metricsListener(), serverConfig.defaultCompletableFutureTimeoutInMillisForNonblockingEndpoints(), serverConfig.accessLogger(), serverConfig.pipelineCreateHooks(), serverConfig.requestSecurityValidator(), serverConfig.workerChannelIdleTimeoutMillis(), serverConfig.proxyRouterConnectTimeoutMillis(), serverConfig.incompleteHttpCallTimeoutMillis(), serverConfig.maxOpenIncomingServerChannels(), serverConfig.isDebugChannelLifecycleLoggingEnabled(), serverConfig.userIdHeaderKeys());
}
// Create the server bootstrap
ServerBootstrap b = new ServerBootstrap();
b.group(bossGroup, workerGroup).channel(channelClass).childHandler(channelInitializer);
// execute pre startup hooks
if (serverConfig.preServerStartupHooks() != null) {
for (PreServerStartupHook hook : serverConfig.preServerStartupHooks()) {
hook.executePreServerStartupHook(b);
}
}
if (serverConfig.isDebugChannelLifecycleLoggingEnabled())
b.handler(new LoggingHandler(SERVER_BOSS_CHANNEL_DEBUG_LOGGER_NAME, LogLevel.DEBUG));
// Bind the server to the desired port and start it up so it is ready to receive requests
Channel ch = b.bind(port).sync().channel();
// execute post startup hooks
if (serverConfig.postServerStartupHooks() != null) {
for (PostServerStartupHook hook : serverConfig.postServerStartupHooks()) {
hook.executePostServerStartupHook(serverConfig, ch);
}
}
channels.add(ch);
logger.info("Server channel open and accepting " + (serverConfig.isEndpointsUseSsl() ? "https" : "http") + " requests on port " + port);
startedUp = true;
// Add a shutdown hook so we can gracefully stop the server when the JVM is going down
Runtime.getRuntime().addShutdownHook(new Thread() {
@Override
public void run() {
try {
shutdown();
} catch (Exception e) {
logger.warn("Error shutting down Riposte", e);
}
}
});
}
use of io.netty.handler.ssl.SslContext in project Glowstone by GlowstoneMC.
the class HttpClient method connect.
public static void connect(String url, EventLoop eventLoop, HttpCallback callback) {
URI uri = URI.create(url);
String scheme = uri.getScheme() == null ? "http" : uri.getScheme();
String host = uri.getHost() == null ? "127.0.0.1" : uri.getHost();
int port = uri.getPort();
SslContext sslCtx = null;
if ("https".equalsIgnoreCase(scheme)) {
if (port == -1)
port = 443;
try {
sslCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build();
} catch (SSLException e) {
callback.error(e);
return;
}
} else if ("http".equalsIgnoreCase(scheme)) {
if (port == -1)
port = 80;
} else {
throw new IllegalArgumentException("Only http(s) is supported!");
}
new Bootstrap().group(eventLoop).resolver(resolverGroup).channel(Epoll.isAvailable() ? EpollSocketChannel.class : NioSocketChannel.class).handler(new HttpChannelInitializer(sslCtx, callback)).option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 5000).connect(InetSocketAddress.createUnresolved(host, port)).addListener((ChannelFutureListener) future -> {
if (future.isSuccess()) {
String path = uri.getRawPath() + (uri.getRawQuery() == null ? "" : "?" + uri.getRawQuery());
HttpRequest request = new DefaultHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, path);
request.headers().set(HttpHeaderNames.HOST, host);
future.channel().writeAndFlush(request);
} else {
callback.error(future.cause());
}
});
}
Aggregations