Search in sources :

Example 1 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project pulsar by yahoo.

the class DiscoveryServiceTest method connectToService.

/**
     * creates ClientHandler channel to connect and communicate with server
     * 
     * @param serviceUrl
     * @param latch
     * @return
     * @throws URISyntaxException
     */
public static NioEventLoopGroup connectToService(String serviceUrl, CountDownLatch latch, boolean tls) throws URISyntaxException {
    NioEventLoopGroup workerGroup = new NioEventLoopGroup();
    Bootstrap b = new Bootstrap();
    b.group(workerGroup);
    b.channel(NioSocketChannel.class);
    b.handler(new ChannelInitializer<SocketChannel>() {

        @Override
        public void initChannel(SocketChannel ch) throws Exception {
            if (tls) {
                SslContextBuilder builder = SslContextBuilder.forClient();
                builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
                X509Certificate[] certificates = SecurityUtility.loadCertificatesFromPemFile(TLS_CLIENT_CERT_FILE_PATH);
                PrivateKey privateKey = SecurityUtility.loadPrivateKeyFromPemFile(TLS_CLIENT_KEY_FILE_PATH);
                builder.keyManager(privateKey, (X509Certificate[]) certificates);
                SslContext sslCtx = builder.build();
                ch.pipeline().addLast("tls", sslCtx.newHandler(ch.alloc()));
            }
            ch.pipeline().addLast(new ClientHandler(latch));
        }
    });
    URI uri = new URI(serviceUrl);
    InetSocketAddress serviceAddress = new InetSocketAddress(uri.getHost(), uri.getPort());
    b.connect(serviceAddress).addListener((ChannelFuture future) -> {
        if (!future.isSuccess()) {
            throw new IllegalStateException(future.cause());
        }
    });
    return workerGroup;
}
Also used : ChannelFuture(io.netty.channel.ChannelFuture) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) SocketChannel(io.netty.channel.socket.SocketChannel) PrivateKey(java.security.PrivateKey) InetSocketAddress(java.net.InetSocketAddress) URI(java.net.URI) URISyntaxException(java.net.URISyntaxException) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) Bootstrap(io.netty.bootstrap.Bootstrap) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) SslContext(io.netty.handler.ssl.SslContext)

Example 2 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project grpc-java by grpc.

the class Utils method newNettyClientChannel.

private static NettyChannelBuilder newNettyClientChannel(Transport transport, SocketAddress address, boolean tls, boolean testca, int flowControlWindow, boolean useDefaultCiphers) throws IOException {
    NettyChannelBuilder builder = NettyChannelBuilder.forAddress(address).flowControlWindow(flowControlWindow);
    if (tls) {
        builder.negotiationType(NegotiationType.TLS);
        SslContext sslContext = null;
        if (testca) {
            File cert = TestUtils.loadCert("ca.pem");
            SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient().trustManager(cert);
            if (transport == Transport.NETTY_NIO) {
                sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.JDK);
            } else {
                // Native transport with OpenSSL
                sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder, SslProvider.OPENSSL);
            }
            if (useDefaultCiphers) {
                sslContextBuilder.ciphers(null);
            }
            sslContext = sslContextBuilder.build();
        }
        builder.sslContext(sslContext);
    } else {
        builder.negotiationType(NegotiationType.PLAINTEXT);
    }
    DefaultThreadFactory tf = new DefaultThreadFactory("client-elg-", true);
    switch(transport) {
        case NETTY_NIO:
            builder.eventLoopGroup(new NioEventLoopGroup(0, tf)).channelType(NioSocketChannel.class);
            break;
        case NETTY_EPOLL:
            // These classes only work on Linux.
            builder.eventLoopGroup(new EpollEventLoopGroup(0, tf)).channelType(EpollSocketChannel.class);
            break;
        case NETTY_UNIX_DOMAIN_SOCKET:
            // These classes only work on Linux.
            builder.eventLoopGroup(new EpollEventLoopGroup(0, tf)).channelType(EpollDomainSocketChannel.class);
            break;
        default:
            // Should never get here.
            throw new IllegalArgumentException("Unsupported transport: " + transport);
    }
    return builder;
}
Also used : DefaultThreadFactory(io.netty.util.concurrent.DefaultThreadFactory) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) EpollEventLoopGroup(io.netty.channel.epoll.EpollEventLoopGroup) NettyChannelBuilder(io.grpc.netty.NettyChannelBuilder) File(java.io.File) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) SslContext(io.netty.handler.ssl.SslContext)

Example 3 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project grpc-java by grpc.

the class Http2OkHttpTest method startServer.

/** Starts the server with HTTPS. */
@BeforeClass
public static void startServer() throws Exception {
    try {
        SslProvider sslProvider = SslContext.defaultServerProvider();
        if (sslProvider == SslProvider.OPENSSL && !OpenSsl.isAlpnSupported()) {
            // OkHttp only supports Jetty ALPN on OpenJDK. So if OpenSSL doesn't support ALPN, then we
            // are forced to use Jetty ALPN for Netty instead of OpenSSL.
            sslProvider = SslProvider.JDK;
        }
        SslContextBuilder contextBuilder = SslContextBuilder.forServer(TestUtils.loadCert("server1.pem"), TestUtils.loadCert("server1.key"));
        GrpcSslContexts.configure(contextBuilder, sslProvider);
        contextBuilder.ciphers(TestUtils.preferredTestCiphers(), SupportedCipherSuiteFilter.INSTANCE);
        startStaticServer(NettyServerBuilder.forPort(0).flowControlWindow(65 * 1024).maxMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE).sslContext(contextBuilder.build()));
    } catch (IOException ex) {
        throw new RuntimeException(ex);
    }
}
Also used : SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) IOException(java.io.IOException) SslProvider(io.netty.handler.ssl.SslProvider) BeforeClass(org.junit.BeforeClass)

Example 4 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project pulsar by yahoo.

the class SecurityUtility method createNettySslContext.

public static SslContext createNettySslContext(boolean allowInsecureConnection, String trustCertsFilePath, Certificate[] certificates, PrivateKey privateKey) throws GeneralSecurityException, SSLException, FileNotFoundException {
    SslContextBuilder builder = SslContextBuilder.forClient();
    if (allowInsecureConnection) {
        builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
    } else {
        if (trustCertsFilePath != null && trustCertsFilePath.length() != 0) {
            builder.trustManager(new FileInputStream(trustCertsFilePath));
        }
    }
    builder.keyManager(privateKey, (X509Certificate[]) certificates);
    return builder.build();
}
Also used : SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) X509Certificate(java.security.cert.X509Certificate)

Example 5 with SslContextBuilder

use of io.netty.handler.ssl.SslContextBuilder in project nifi by apache.

the class TestGRPCServer method start.

/**
 * Starts the gRPC server @localhost:port.
 */
public int start(final int port) throws Exception {
    final NettyServerBuilder nettyServerBuilder = NettyServerBuilder.forPort(port).directExecutor().addService(clazz.newInstance()).compressorRegistry(CompressorRegistry.getDefaultInstance()).decompressorRegistry(DecompressorRegistry.getDefaultInstance());
    if (this.sslProperties != null) {
        if (sslProperties.get(StandardSSLContextService.KEYSTORE.getName()) == null) {
            throw new RuntimeException("You must configure a keystore in order to use SSL with gRPC.");
        }
        final KeyManagerFactory keyManager = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        final KeyStore keyStore = KeyStore.getInstance(sslProperties.get(StandardSSLContextService.KEYSTORE_TYPE.getName()));
        final String keyStoreFile = sslProperties.get(StandardSSLContextService.KEYSTORE.getName());
        final String keyStorePassword = sslProperties.get(StandardSSLContextService.KEYSTORE_PASSWORD.getName());
        try (final InputStream is = new FileInputStream(keyStoreFile)) {
            keyStore.load(is, keyStorePassword.toCharArray());
        }
        keyManager.init(keyStore, keyStorePassword.toCharArray());
        SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(keyManager);
        if (sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName()) != null) {
            final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            final KeyStore trustStore = KeyStore.getInstance(sslProperties.get(StandardSSLContextService.TRUSTSTORE_TYPE.getName()));
            final String trustStoreFile = sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName());
            final String trustStorePassword = sslProperties.get(StandardSSLContextService.TRUSTSTORE_PASSWORD.getName());
            try (final InputStream is = new FileInputStream(trustStoreFile)) {
                trustStore.load(is, trustStorePassword.toCharArray());
            }
            trustManagerFactory.init(trustStore);
            sslContextBuilder = sslContextBuilder.trustManager(trustManagerFactory);
        }
        final String clientAuth = sslProperties.get(NEED_CLIENT_AUTH);
        if (clientAuth == null) {
            sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
        } else {
            sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.valueOf(clientAuth));
        }
        sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder);
        nettyServerBuilder.sslContext(sslContextBuilder.build());
    }
    server = nettyServerBuilder.build().start();
    final int actualPort = server.getPort();
    Runtime.getRuntime().addShutdownHook(new Thread() {

        @Override
        public void run() {
            // Use stderr here since the logger may have been reset by its JVM shutdown hook.
            System.err.println("*** shutting down gRPC server since JVM is shutting down");
            TestGRPCServer.this.stop();
            System.err.println("*** server shut down");
        }
    });
    return actualPort;
}
Also used : NettyServerBuilder(io.grpc.netty.NettyServerBuilder) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Aggregations

SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)48 SslContext (io.netty.handler.ssl.SslContext)14 SSLException (javax.net.ssl.SSLException)12 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)11 InputStream (java.io.InputStream)10 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)10 SslProvider (io.netty.handler.ssl.SslProvider)9 File (java.io.File)9 IOException (java.io.IOException)9 KeyStore (java.security.KeyStore)7 X509Certificate (java.security.cert.X509Certificate)7 ApplicationProtocolConfig (io.netty.handler.ssl.ApplicationProtocolConfig)5 PrivateKey (java.security.PrivateKey)5 SslHandler (io.netty.handler.ssl.SslHandler)4 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)4 FileInputStream (java.io.FileInputStream)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 CertificateException (java.security.cert.CertificateException)4 NettyChannelBuilder (io.grpc.netty.NettyChannelBuilder)3 Bootstrap (io.netty.bootstrap.Bootstrap)3