Search in sources :

Example 31 with SslContext

use of io.netty.handler.ssl.SslContext in project pulsar by yahoo.

the class DiscoveryServiceTest method connectToService.

/**
     * creates ClientHandler channel to connect and communicate with server
     * 
     * @param serviceUrl
     * @param latch
     * @return
     * @throws URISyntaxException
     */
public static NioEventLoopGroup connectToService(String serviceUrl, CountDownLatch latch, boolean tls) throws URISyntaxException {
    NioEventLoopGroup workerGroup = new NioEventLoopGroup();
    Bootstrap b = new Bootstrap();
    b.group(workerGroup);
    b.channel(NioSocketChannel.class);
    b.handler(new ChannelInitializer<SocketChannel>() {

        @Override
        public void initChannel(SocketChannel ch) throws Exception {
            if (tls) {
                SslContextBuilder builder = SslContextBuilder.forClient();
                builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
                X509Certificate[] certificates = SecurityUtility.loadCertificatesFromPemFile(TLS_CLIENT_CERT_FILE_PATH);
                PrivateKey privateKey = SecurityUtility.loadPrivateKeyFromPemFile(TLS_CLIENT_KEY_FILE_PATH);
                builder.keyManager(privateKey, (X509Certificate[]) certificates);
                SslContext sslCtx = builder.build();
                ch.pipeline().addLast("tls", sslCtx.newHandler(ch.alloc()));
            }
            ch.pipeline().addLast(new ClientHandler(latch));
        }
    });
    URI uri = new URI(serviceUrl);
    InetSocketAddress serviceAddress = new InetSocketAddress(uri.getHost(), uri.getPort());
    b.connect(serviceAddress).addListener((ChannelFuture future) -> {
        if (!future.isSuccess()) {
            throw new IllegalStateException(future.cause());
        }
    });
    return workerGroup;
}
Also used : ChannelFuture(io.netty.channel.ChannelFuture) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) SocketChannel(io.netty.channel.socket.SocketChannel) PrivateKey(java.security.PrivateKey) InetSocketAddress(java.net.InetSocketAddress) URI(java.net.URI) URISyntaxException(java.net.URISyntaxException) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) Bootstrap(io.netty.bootstrap.Bootstrap) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) SslContext(io.netty.handler.ssl.SslContext)

Example 32 with SslContext

use of io.netty.handler.ssl.SslContext in project riposte by Nike-Inc.

the class HttpChannelInitializerTest method constructor_works_with_valid_args.

@Test
public void constructor_works_with_valid_args() {
    // given
    SslContext sslCtx = mock(SslContext.class);
    int maxRequestSizeInBytes = 42;
    Collection<Endpoint<?>> endpoints = Arrays.asList(getMockEndpoint("/some/path", HttpMethod.GET));
    RequestAndResponseFilter beforeSecurityRequestFilter = mock(RequestAndResponseFilter.class);
    doReturn(true).when(beforeSecurityRequestFilter).shouldExecuteBeforeSecurityValidation();
    RequestAndResponseFilter afterSecurityRequestFilter = mock(RequestAndResponseFilter.class);
    doReturn(false).when(afterSecurityRequestFilter).shouldExecuteBeforeSecurityValidation();
    List<RequestAndResponseFilter> reqResFilters = Arrays.asList(beforeSecurityRequestFilter, afterSecurityRequestFilter);
    Executor longRunningTaskExecutor = mock(Executor.class);
    RiposteErrorHandler riposteErrorHandler = mock(RiposteErrorHandler.class);
    RiposteUnhandledErrorHandler riposteUnhandledErrorHandler = mock(RiposteUnhandledErrorHandler.class);
    RequestValidator validationService = mock(RequestValidator.class);
    ObjectMapper requestContentDeserializer = mock(ObjectMapper.class);
    ResponseSender responseSender = mock(ResponseSender.class);
    @SuppressWarnings("unchecked") MetricsListener metricsListener = mock(MetricsListener.class);
    long defaultCompletableFutureTimeoutMillis = 4242L;
    AccessLogger accessLogger = mock(AccessLogger.class);
    List<PipelineCreateHook> pipelineCreateHooks = mock(List.class);
    RequestSecurityValidator requestSecurityValidator = mock(RequestSecurityValidator.class);
    long workerChannelIdleTimeoutMillis = 121000;
    long proxyRouterConnectTimeoutMillis = 4200;
    long incompleteHttpCallTimeoutMillis = 1234;
    int maxOpenChannelsThreshold = 1000;
    boolean debugChannelLifecycleLoggingEnabled = true;
    List<String> userIdHeaderKeys = mock(List.class);
    // when
    HttpChannelInitializer hci = new HttpChannelInitializer(sslCtx, maxRequestSizeInBytes, endpoints, reqResFilters, longRunningTaskExecutor, riposteErrorHandler, riposteUnhandledErrorHandler, validationService, requestContentDeserializer, responseSender, metricsListener, defaultCompletableFutureTimeoutMillis, accessLogger, pipelineCreateHooks, requestSecurityValidator, workerChannelIdleTimeoutMillis, proxyRouterConnectTimeoutMillis, incompleteHttpCallTimeoutMillis, maxOpenChannelsThreshold, debugChannelLifecycleLoggingEnabled, userIdHeaderKeys);
    // then
    assertThat(extractField(hci, "sslCtx"), is(sslCtx));
    assertThat(extractField(hci, "maxRequestSizeInBytes"), is(maxRequestSizeInBytes));
    assertThat(extractField(hci, "endpoints"), is(endpoints));
    assertThat(extractField(hci, "longRunningTaskExecutor"), is(longRunningTaskExecutor));
    assertThat(extractField(hci, "riposteErrorHandler"), is(riposteErrorHandler));
    assertThat(extractField(hci, "riposteUnhandledErrorHandler"), is(riposteUnhandledErrorHandler));
    assertThat(extractField(hci, "validationService"), is(validationService));
    assertThat(extractField(hci, "requestContentDeserializer"), is(requestContentDeserializer));
    assertThat(extractField(hci, "responseSender"), is(responseSender));
    assertThat(extractField(hci, "metricsListener"), is(metricsListener));
    assertThat(extractField(hci, "defaultCompletableFutureTimeoutMillis"), is(defaultCompletableFutureTimeoutMillis));
    assertThat(extractField(hci, "accessLogger"), is(accessLogger));
    assertThat(extractField(hci, "pipelineCreateHooks"), is(pipelineCreateHooks));
    assertThat(extractField(hci, "requestSecurityValidator"), is(requestSecurityValidator));
    assertThat(extractField(hci, "workerChannelIdleTimeoutMillis"), is(workerChannelIdleTimeoutMillis));
    assertThat(extractField(hci, "incompleteHttpCallTimeoutMillis"), is(incompleteHttpCallTimeoutMillis));
    assertThat(extractField(hci, "maxOpenChannelsThreshold"), is(maxOpenChannelsThreshold));
    assertThat(extractField(hci, "debugChannelLifecycleLoggingEnabled"), is(debugChannelLifecycleLoggingEnabled));
    assertThat(extractField(hci, "userIdHeaderKeys"), is(userIdHeaderKeys));
    StreamingAsyncHttpClient sahc = extractField(hci, "streamingAsyncHttpClientForProxyRouterEndpoints");
    assertThat(extractField(sahc, "idleChannelTimeoutMillis"), is(workerChannelIdleTimeoutMillis));
    assertThat(extractField(sahc, "downstreamConnectionTimeoutMillis"), is((int) proxyRouterConnectTimeoutMillis));
    assertThat(extractField(sahc, "debugChannelLifecycleLoggingEnabled"), is(debugChannelLifecycleLoggingEnabled));
    RequestFilterHandler beforeSecReqFH = extractField(hci, "beforeSecurityRequestFilterHandler");
    assertThat(extractField(beforeSecReqFH, "filters"), is(Collections.singletonList(beforeSecurityRequestFilter)));
    RequestFilterHandler afterSecReqFH = extractField(hci, "afterSecurityRequestFilterHandler");
    assertThat(extractField(afterSecReqFH, "filters"), is(Collections.singletonList(afterSecurityRequestFilter)));
    ResponseFilterHandler resFH = extractField(hci, "cachedResponseFilterHandler");
    List<RequestAndResponseFilter> reversedFilters = new ArrayList<>(reqResFilters);
    Collections.reverse(reversedFilters);
    assertThat(extractField(resFH, "filtersInResponseProcessingOrder"), is(reversedFilters));
}
Also used : RiposteUnhandledErrorHandler(com.nike.riposte.server.error.handler.RiposteUnhandledErrorHandler) ResponseFilterHandler(com.nike.riposte.server.handler.ResponseFilterHandler) ArrayList(java.util.ArrayList) Matchers.anyString(org.mockito.Matchers.anyString) PipelineCreateHook(com.nike.riposte.server.hooks.PipelineCreateHook) RiposteErrorHandler(com.nike.riposte.server.error.handler.RiposteErrorHandler) ResponseSender(com.nike.riposte.server.http.ResponseSender) ThreadPoolExecutor(java.util.concurrent.ThreadPoolExecutor) Executor(java.util.concurrent.Executor) Endpoint(com.nike.riposte.server.http.Endpoint) RequestValidator(com.nike.riposte.server.error.validation.RequestValidator) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) SslContext(io.netty.handler.ssl.SslContext) StreamingAsyncHttpClient(com.nike.riposte.client.asynchttp.netty.StreamingAsyncHttpClient) RequestAndResponseFilter(com.nike.riposte.server.http.filter.RequestAndResponseFilter) RequestSecurityValidator(com.nike.riposte.server.error.validation.RequestSecurityValidator) Endpoint(com.nike.riposte.server.http.Endpoint) RequestFilterHandler(com.nike.riposte.server.handler.RequestFilterHandler) MetricsListener(com.nike.riposte.metrics.MetricsListener) AccessLogger(com.nike.riposte.server.logging.AccessLogger) Test(org.junit.Test)

Example 33 with SslContext

use of io.netty.handler.ssl.SslContext in project riposte by Nike-Inc.

the class HttpChannelInitializerTest method initChannel_adds_sslCtx_handler_first_if_available_and_no_utility_handlers.

@Test
public void initChannel_adds_sslCtx_handler_first_if_available_and_no_utility_handlers() throws SSLException {
    // given
    SslContext sslCtx = new JdkSslClientContext();
    HttpChannelInitializer hci = basicHttpChannelInitializer(sslCtx, 0, 100, false, mock(RequestValidator.class), createRequestAndResponseFilterMock());
    // when
    hci.initChannel(socketChannelMock);
    // then
    ArgumentCaptor<ChannelHandler> channelHandlerArgumentCaptor = ArgumentCaptor.forClass(ChannelHandler.class);
    verify(channelPipelineMock, atLeastOnce()).addLast(anyString(), channelHandlerArgumentCaptor.capture());
    List<ChannelHandler> handlers = channelHandlerArgumentCaptor.getAllValues();
    assertThat(handlers.get(0), instanceOf(SslHandler.class));
}
Also used : RequestValidator(com.nike.riposte.server.error.validation.RequestValidator) JdkSslClientContext(io.netty.handler.ssl.JdkSslClientContext) ChannelHandler(io.netty.channel.ChannelHandler) SslHandler(io.netty.handler.ssl.SslHandler) SslContext(io.netty.handler.ssl.SslContext) Test(org.junit.Test)

Example 34 with SslContext

use of io.netty.handler.ssl.SslContext in project riposte by Nike-Inc.

the class Server method startup.

public void startup() throws CertificateException, IOException, InterruptedException {
    if (startedUp) {
        throw new IllegalArgumentException("This Server instance has already started. " + "You can only call startup() once");
    }
    // Figure out what port to bind to.
    int port = Integer.parseInt(System.getProperty("endpointsPort", serverConfig.isEndpointsUseSsl() ? String.valueOf(serverConfig.endpointsSslPort()) : String.valueOf(serverConfig.endpointsPort())));
    // Configure SSL if desired.
    final SslContext sslCtx;
    if (serverConfig.isEndpointsUseSsl()) {
        sslCtx = serverConfig.createSslContext();
    } else {
        sslCtx = null;
    }
    // Configure the server
    EventLoopGroup bossGroup;
    EventLoopGroup workerGroup;
    Class<? extends ServerChannel> channelClass;
    //      NIO event loop group.
    if (Epoll.isAvailable()) {
        logger.info("The epoll native transport is available. Using epoll instead of NIO. " + "riposte_server_using_native_epoll_transport=true");
        bossGroup = (serverConfig.bossThreadFactory() == null) ? new EpollEventLoopGroup(serverConfig.numBossThreads()) : new EpollEventLoopGroup(serverConfig.numBossThreads(), serverConfig.bossThreadFactory());
        workerGroup = (serverConfig.workerThreadFactory() == null) ? new EpollEventLoopGroup(serverConfig.numWorkerThreads()) : new EpollEventLoopGroup(serverConfig.numWorkerThreads(), serverConfig.workerThreadFactory());
        channelClass = EpollServerSocketChannel.class;
    } else {
        logger.info("The epoll native transport is NOT available or you are not running on a compatible " + "OS/architecture. Using NIO. riposte_server_using_native_epoll_transport=false");
        bossGroup = (serverConfig.bossThreadFactory() == null) ? new NioEventLoopGroup(serverConfig.numBossThreads()) : new NioEventLoopGroup(serverConfig.numBossThreads(), serverConfig.bossThreadFactory());
        workerGroup = (serverConfig.workerThreadFactory() == null) ? new NioEventLoopGroup(serverConfig.numWorkerThreads()) : new NioEventLoopGroup(serverConfig.numWorkerThreads(), serverConfig.workerThreadFactory());
        channelClass = NioServerSocketChannel.class;
    }
    eventLoopGroups.add(bossGroup);
    eventLoopGroups.add(workerGroup);
    // Figure out which channel initializer should set up the channel pipelines for new channels.
    ChannelInitializer<SocketChannel> channelInitializer = serverConfig.customChannelInitializer();
    if (channelInitializer == null) {
        // No custom channel initializer, so use the default
        channelInitializer = new HttpChannelInitializer(sslCtx, serverConfig.maxRequestSizeInBytes(), serverConfig.appEndpoints(), serverConfig.requestAndResponseFilters(), serverConfig.longRunningTaskExecutor(), serverConfig.riposteErrorHandler(), serverConfig.riposteUnhandledErrorHandler(), serverConfig.requestContentValidationService(), serverConfig.defaultRequestContentDeserializer(), new ResponseSender(serverConfig.defaultResponseContentSerializer(), serverConfig.errorResponseBodySerializer()), serverConfig.metricsListener(), serverConfig.defaultCompletableFutureTimeoutInMillisForNonblockingEndpoints(), serverConfig.accessLogger(), serverConfig.pipelineCreateHooks(), serverConfig.requestSecurityValidator(), serverConfig.workerChannelIdleTimeoutMillis(), serverConfig.proxyRouterConnectTimeoutMillis(), serverConfig.incompleteHttpCallTimeoutMillis(), serverConfig.maxOpenIncomingServerChannels(), serverConfig.isDebugChannelLifecycleLoggingEnabled(), serverConfig.userIdHeaderKeys());
    }
    // Create the server bootstrap
    ServerBootstrap b = new ServerBootstrap();
    b.group(bossGroup, workerGroup).channel(channelClass).childHandler(channelInitializer);
    // execute pre startup hooks
    if (serverConfig.preServerStartupHooks() != null) {
        for (PreServerStartupHook hook : serverConfig.preServerStartupHooks()) {
            hook.executePreServerStartupHook(b);
        }
    }
    if (serverConfig.isDebugChannelLifecycleLoggingEnabled())
        b.handler(new LoggingHandler(SERVER_BOSS_CHANNEL_DEBUG_LOGGER_NAME, LogLevel.DEBUG));
    // Bind the server to the desired port and start it up so it is ready to receive requests
    Channel ch = b.bind(port).sync().channel();
    // execute post startup hooks
    if (serverConfig.postServerStartupHooks() != null) {
        for (PostServerStartupHook hook : serverConfig.postServerStartupHooks()) {
            hook.executePostServerStartupHook(serverConfig, ch);
        }
    }
    channels.add(ch);
    logger.info("Server channel open and accepting " + (serverConfig.isEndpointsUseSsl() ? "https" : "http") + " requests on port " + port);
    startedUp = true;
    // Add a shutdown hook so we can gracefully stop the server when the JVM is going down
    Runtime.getRuntime().addShutdownHook(new Thread() {

        @Override
        public void run() {
            try {
                shutdown();
            } catch (Exception e) {
                logger.warn("Error shutting down Riposte", e);
            }
        }
    });
}
Also used : EpollServerSocketChannel(io.netty.channel.epoll.EpollServerSocketChannel) SocketChannel(io.netty.channel.socket.SocketChannel) NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel) LoggingHandler(io.netty.handler.logging.LoggingHandler) EpollServerSocketChannel(io.netty.channel.epoll.EpollServerSocketChannel) SocketChannel(io.netty.channel.socket.SocketChannel) NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel) ServerChannel(io.netty.channel.ServerChannel) Channel(io.netty.channel.Channel) ResponseSender(com.nike.riposte.server.http.ResponseSender) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) EpollEventLoopGroup(io.netty.channel.epoll.EpollEventLoopGroup) EventLoopGroup(io.netty.channel.EventLoopGroup) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) EpollEventLoopGroup(io.netty.channel.epoll.EpollEventLoopGroup) HttpChannelInitializer(com.nike.riposte.server.channelpipeline.HttpChannelInitializer) PostServerStartupHook(com.nike.riposte.server.hooks.PostServerStartupHook) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) SslContext(io.netty.handler.ssl.SslContext) PreServerStartupHook(com.nike.riposte.server.hooks.PreServerStartupHook)

Example 35 with SslContext

use of io.netty.handler.ssl.SslContext in project Glowstone by GlowstoneMC.

the class HttpClient method connect.

public static void connect(String url, EventLoop eventLoop, HttpCallback callback) {
    URI uri = URI.create(url);
    String scheme = uri.getScheme() == null ? "http" : uri.getScheme();
    String host = uri.getHost() == null ? "127.0.0.1" : uri.getHost();
    int port = uri.getPort();
    SslContext sslCtx = null;
    if ("https".equalsIgnoreCase(scheme)) {
        if (port == -1)
            port = 443;
        try {
            sslCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build();
        } catch (SSLException e) {
            callback.error(e);
            return;
        }
    } else if ("http".equalsIgnoreCase(scheme)) {
        if (port == -1)
            port = 80;
    } else {
        throw new IllegalArgumentException("Only http(s) is supported!");
    }
    new Bootstrap().group(eventLoop).resolver(resolverGroup).channel(Epoll.isAvailable() ? EpollSocketChannel.class : NioSocketChannel.class).handler(new HttpChannelInitializer(sslCtx, callback)).option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 5000).connect(InetSocketAddress.createUnresolved(host, port)).addListener((ChannelFutureListener) future -> {
        if (future.isSuccess()) {
            String path = uri.getRawPath() + (uri.getRawQuery() == null ? "" : "?" + uri.getRawQuery());
            HttpRequest request = new DefaultHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, path);
            request.headers().set(HttpHeaderNames.HOST, host);
            future.channel().writeAndFlush(request);
        } else {
            callback.error(future.cause());
        }
    });
}
Also used : NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) SslContext(io.netty.handler.ssl.SslContext) ReadTimeoutHandler(io.netty.handler.timeout.ReadTimeoutHandler) InetSocketAddress(java.net.InetSocketAddress) EpollDatagramChannel(io.netty.channel.epoll.EpollDatagramChannel) Epoll(io.netty.channel.epoll.Epoll) EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel) TimeUnit(java.util.concurrent.TimeUnit) Bootstrap(io.netty.bootstrap.Bootstrap) InsecureTrustManagerFactory(io.netty.handler.ssl.util.InsecureTrustManagerFactory) io.netty.handler.codec.http(io.netty.handler.codec.http) SSLException(javax.net.ssl.SSLException) DnsServerAddresses(io.netty.resolver.dns.DnsServerAddresses) NioDatagramChannel(io.netty.channel.socket.nio.NioDatagramChannel) io.netty.channel(io.netty.channel) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) URI(java.net.URI) AllArgsConstructor(lombok.AllArgsConstructor) DnsAddressResolverGroup(io.netty.resolver.dns.DnsAddressResolverGroup) URI(java.net.URI) SSLException(javax.net.ssl.SSLException) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) Bootstrap(io.netty.bootstrap.Bootstrap) EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel) SslContext(io.netty.handler.ssl.SslContext)

Aggregations

SslContext (io.netty.handler.ssl.SslContext)68 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)41 EventLoopGroup (io.netty.channel.EventLoopGroup)38 ServerBootstrap (io.netty.bootstrap.ServerBootstrap)24 NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)23 LoggingHandler (io.netty.handler.logging.LoggingHandler)22 Channel (io.netty.channel.Channel)21 SocketChannel (io.netty.channel.socket.SocketChannel)20 NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)19 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)19 Bootstrap (io.netty.bootstrap.Bootstrap)17 File (java.io.File)14 ChannelFuture (io.netty.channel.ChannelFuture)13 ChannelPipeline (io.netty.channel.ChannelPipeline)13 Test (org.junit.Test)10 SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)8 LengthFieldBasedFrameDecoder (io.netty.handler.codec.LengthFieldBasedFrameDecoder)6 ApplicationProtocolConfig (io.netty.handler.ssl.ApplicationProtocolConfig)5 EpollEventLoopGroup (io.netty.channel.epoll.EpollEventLoopGroup)4 SslHandler (io.netty.handler.ssl.SslHandler)4