Search in sources :

Example 41 with SelfSignedCertificate

use of io.netty.handler.ssl.util.SelfSignedCertificate in project netty by netty.

the class SslContextBuilderTest method testClientContextFromFile.

private static void testClientContextFromFile(SslProvider provider) throws Exception {
    SelfSignedCertificate cert = new SelfSignedCertificate();
    SslContextBuilder builder = SslContextBuilder.forClient().sslProvider(provider).keyManager(cert.certificate(), cert.privateKey()).trustManager(cert.certificate()).clientAuth(ClientAuth.OPTIONAL);
    SslContext context = builder.build();
    SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
    assertFalse(engine.getWantClientAuth());
    assertFalse(engine.getNeedClientAuth());
    engine.closeInbound();
    engine.closeOutbound();
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) SSLEngine(javax.net.ssl.SSLEngine)

Example 42 with SelfSignedCertificate

use of io.netty.handler.ssl.util.SelfSignedCertificate in project netty by netty.

the class SslErrorTest method testCorrectAlert.

@Test(timeout = 30000)
public void testCorrectAlert() throws Exception {
    // As this only works correctly at the moment when OpenSslEngine is used on the server-side there is
    // no need to run it if there is no openssl is available at all.
    Assume.assumeTrue(OpenSsl.isAvailable());
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    final SslContext sslServerCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(serverProvider).trustManager(new SimpleTrustManagerFactory() {

        @Override
        protected void engineInit(KeyStore keyStore) {
        }

        @Override
        protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
        }

        @Override
        protected TrustManager[] engineGetTrustManagers() {
            return new TrustManager[] { new X509TrustManager() {

                @Override
                public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
                    throw exception;
                }

                @Override
                public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
                // NOOP
                }

                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return EmptyArrays.EMPTY_X509_CERTIFICATES;
                }
            } };
        }
    }).clientAuth(ClientAuth.REQUIRE).build();
    final SslContext sslClientCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).keyManager(new File(getClass().getResource("test.crt").getFile()), new File(getClass().getResource("test_unencrypted.pem").getFile())).sslProvider(clientProvider).build();
    Channel serverChannel = null;
    Channel clientChannel = null;
    EventLoopGroup group = new NioEventLoopGroup();
    try {
        serverChannel = new ServerBootstrap().group(group).channel(NioServerSocketChannel.class).handler(new LoggingHandler(LogLevel.INFO)).childHandler(new ChannelInitializer<Channel>() {

            @Override
            protected void initChannel(Channel ch) throws Exception {
                ch.pipeline().addLast(sslServerCtx.newHandler(ch.alloc()));
                ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {

                    @Override
                    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
                        ctx.close();
                    }
                });
            }
        }).bind(0).sync().channel();
        final Promise<Void> promise = group.next().newPromise();
        clientChannel = new Bootstrap().group(group).channel(NioSocketChannel.class).handler(new ChannelInitializer<Channel>() {

            @Override
            protected void initChannel(Channel ch) throws Exception {
                ch.pipeline().addLast(sslClientCtx.newHandler(ch.alloc()));
                ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {

                    @Override
                    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
                        // Unwrap as its wrapped by a DecoderException
                        Throwable unwrappedCause = cause.getCause();
                        if (unwrappedCause instanceof SSLException) {
                            if (exception instanceof TestCertificateException) {
                                CertPathValidatorException.Reason reason = ((CertPathValidatorException) exception.getCause()).getReason();
                                if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
                                    verifyException(unwrappedCause, "expired", promise);
                                } else if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
                                    verifyException(unwrappedCause, "bad", promise);
                                } else if (reason == CertPathValidatorException.BasicReason.REVOKED) {
                                    verifyException(unwrappedCause, "revoked", promise);
                                }
                            } else if (exception instanceof CertificateExpiredException) {
                                verifyException(unwrappedCause, "expired", promise);
                            } else if (exception instanceof CertificateNotYetValidException) {
                                verifyException(unwrappedCause, "bad", promise);
                            } else if (exception instanceof CertificateRevokedException) {
                                verifyException(unwrappedCause, "revoked", promise);
                            }
                        }
                    }
                });
            }
        }).connect(serverChannel.localAddress()).syncUninterruptibly().channel();
        // Block until we received the correct exception
        promise.syncUninterruptibly();
    } finally {
        if (clientChannel != null) {
            clientChannel.close().syncUninterruptibly();
        }
        if (serverChannel != null) {
            serverChannel.close().syncUninterruptibly();
        }
        group.shutdownGracefully();
        ReferenceCountUtil.release(sslServerCtx);
        ReferenceCountUtil.release(sslClientCtx);
    }
}
Also used : LoggingHandler(io.netty.handler.logging.LoggingHandler) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) CertificateExpiredException(java.security.cert.CertificateExpiredException) CertificateException(java.security.cert.CertificateException) ChannelHandlerContext(io.netty.channel.ChannelHandlerContext) SSLException(javax.net.ssl.SSLException) Bootstrap(io.netty.bootstrap.Bootstrap) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) CertificateRevokedException(java.security.cert.CertificateRevokedException) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel) Channel(io.netty.channel.Channel) SimpleTrustManagerFactory(io.netty.handler.ssl.util.SimpleTrustManagerFactory) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateExpiredException(java.security.cert.CertificateExpiredException) CertPathValidatorException(java.security.cert.CertPathValidatorException) CertificateRevokedException(java.security.cert.CertificateRevokedException) CertificateException(java.security.cert.CertificateException) SSLException(javax.net.ssl.SSLException) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) CertPathValidatorException(java.security.cert.CertPathValidatorException) EventLoopGroup(io.netty.channel.EventLoopGroup) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) X509TrustManager(javax.net.ssl.X509TrustManager) File(java.io.File) ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters) ChannelInboundHandlerAdapter(io.netty.channel.ChannelInboundHandlerAdapter) Test(org.junit.Test)

Example 43 with SelfSignedCertificate

use of io.netty.handler.ssl.util.SelfSignedCertificate in project netty by netty.

the class SslHandlerTest method testReleaseSslEngine.

@Test
public void testReleaseSslEngine() throws Exception {
    assumeTrue(OpenSsl.isAvailable());
    SelfSignedCertificate cert = new SelfSignedCertificate();
    try {
        SslContext sslContext = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()).sslProvider(SslProvider.OPENSSL).build();
        try {
            SSLEngine sslEngine = sslContext.newEngine(ByteBufAllocator.DEFAULT);
            EmbeddedChannel ch = new EmbeddedChannel(new SslHandler(sslEngine));
            assertEquals(1, ((ReferenceCounted) sslContext).refCnt());
            assertEquals(1, ((ReferenceCounted) sslEngine).refCnt());
            assertTrue(ch.finishAndReleaseAll());
            ch.close().syncUninterruptibly();
            assertEquals(1, ((ReferenceCounted) sslContext).refCnt());
            assertEquals(0, ((ReferenceCounted) sslEngine).refCnt());
        } finally {
            ReferenceCountUtil.release(sslContext);
        }
    } finally {
        cert.delete();
    }
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) SSLEngine(javax.net.ssl.SSLEngine) EmbeddedChannel(io.netty.channel.embedded.EmbeddedChannel) Test(org.junit.Test)

Example 44 with SelfSignedCertificate

use of io.netty.handler.ssl.util.SelfSignedCertificate in project netty by netty.

the class SslHandlerTest method compositeBufSizeEstimationGuaranteesSynchronousWrite.

private void compositeBufSizeEstimationGuaranteesSynchronousWrite(SslProvider serverProvider, SslProvider clientProvider) throws CertificateException, SSLException, ExecutionException, InterruptedException {
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    final SslContext sslServerCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(serverProvider).build();
    final SslContext sslClientCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(clientProvider).build();
    EventLoopGroup group = new NioEventLoopGroup();
    Channel sc = null;
    Channel cc = null;
    try {
        final Promise<Void> donePromise = group.next().newPromise();
        final int expectedBytes = 469 + 1024 + 1024;
        sc = new ServerBootstrap().group(group).channel(NioServerSocketChannel.class).childHandler(new ChannelInitializer<Channel>() {

            @Override
            protected void initChannel(Channel ch) throws Exception {
                ch.pipeline().addLast(sslServerCtx.newHandler(ch.alloc()));
                ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {

                    @Override
                    public void userEventTriggered(ChannelHandlerContext ctx, Object evt) {
                        if (evt instanceof SslHandshakeCompletionEvent) {
                            SslHandshakeCompletionEvent sslEvt = (SslHandshakeCompletionEvent) evt;
                            if (sslEvt.isSuccess()) {
                                final ByteBuf input = ctx.alloc().buffer();
                                input.writeBytes(new byte[expectedBytes]);
                                CompositeByteBuf content = ctx.alloc().compositeBuffer();
                                content.addComponent(true, input.readRetainedSlice(469));
                                content.addComponent(true, input.readRetainedSlice(1024));
                                content.addComponent(true, input.readRetainedSlice(1024));
                                ctx.writeAndFlush(content).addListener(new ChannelFutureListener() {

                                    @Override
                                    public void operationComplete(ChannelFuture future) {
                                        input.release();
                                    }
                                });
                            } else {
                                donePromise.tryFailure(sslEvt.cause());
                            }
                        }
                        ctx.fireUserEventTriggered(evt);
                    }

                    @Override
                    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
                        donePromise.tryFailure(cause);
                    }

                    @Override
                    public void channelInactive(ChannelHandlerContext ctx) {
                        donePromise.tryFailure(new IllegalStateException("server closed"));
                    }
                });
            }
        }).bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
        cc = new Bootstrap().group(group).channel(NioSocketChannel.class).handler(new ChannelInitializer<Channel>() {

            @Override
            protected void initChannel(Channel ch) throws Exception {
                ch.pipeline().addLast(sslClientCtx.newHandler(ch.alloc()));
                ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {

                    private int bytesSeen;

                    @Override
                    public void channelRead(ChannelHandlerContext ctx, Object msg) {
                        if (msg instanceof ByteBuf) {
                            bytesSeen += ((ByteBuf) msg).readableBytes();
                            if (bytesSeen == expectedBytes) {
                                donePromise.trySuccess(null);
                            }
                        }
                        ReferenceCountUtil.release(msg);
                    }

                    @Override
                    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
                        donePromise.tryFailure(cause);
                    }

                    @Override
                    public void channelInactive(ChannelHandlerContext ctx) {
                        donePromise.tryFailure(new IllegalStateException("client closed"));
                    }
                });
            }
        }).connect(sc.localAddress()).syncUninterruptibly().channel();
        donePromise.get();
    } finally {
        if (cc != null) {
            cc.close().syncUninterruptibly();
        }
        if (sc != null) {
            sc.close().syncUninterruptibly();
        }
        group.shutdownGracefully();
        ReferenceCountUtil.release(sslServerCtx);
        ReferenceCountUtil.release(sslClientCtx);
        ssc.delete();
    }
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) InetSocketAddress(java.net.InetSocketAddress) ChannelHandlerContext(io.netty.channel.ChannelHandlerContext) CompositeByteBuf(io.netty.buffer.CompositeByteBuf) ByteBuf(io.netty.buffer.ByteBuf) CompositeByteBuf(io.netty.buffer.CompositeByteBuf) Bootstrap(io.netty.bootstrap.Bootstrap) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) ChannelFuture(io.netty.channel.ChannelFuture) NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel) NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) EmbeddedChannel(io.netty.channel.embedded.EmbeddedChannel) Channel(io.netty.channel.Channel) ChannelFutureListener(io.netty.channel.ChannelFutureListener) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) IllegalReferenceCountException(io.netty.util.IllegalReferenceCountException) CodecException(io.netty.handler.codec.CodecException) SSLProtocolException(javax.net.ssl.SSLProtocolException) DecoderException(io.netty.handler.codec.DecoderException) SSLException(javax.net.ssl.SSLException) ClosedChannelException(java.nio.channels.ClosedChannelException) CertificateException(java.security.cert.CertificateException) ExecutionException(java.util.concurrent.ExecutionException) UnsupportedMessageTypeException(io.netty.handler.codec.UnsupportedMessageTypeException) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) EventLoopGroup(io.netty.channel.EventLoopGroup) ChannelInboundHandlerAdapter(io.netty.channel.ChannelInboundHandlerAdapter)

Example 45 with SelfSignedCertificate

use of io.netty.handler.ssl.util.SelfSignedCertificate in project netty by netty.

the class OpenSslEngineTest method testSNIMatchersThrows.

@Test(expected = IllegalArgumentException.class)
public void testSNIMatchersThrows() throws Exception {
    assumeTrue(PlatformDependent.javaVersion() >= 8);
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    serverSslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslServerProvider()).build();
    SSLEngine engine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    try {
        SSLParameters parameters = new SSLParameters();
        Java8SslUtils.setSNIMatcher(parameters);
        engine.setSSLParameters(parameters);
    } finally {
        cleanupServerSslEngine(engine);
        ssc.delete();
    }
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) SSLParameters(javax.net.ssl.SSLParameters) SSLEngine(javax.net.ssl.SSLEngine) Test(org.junit.Test)

Aggregations

SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)63 Test (org.junit.Test)32 ServerBootstrap (io.netty.bootstrap.ServerBootstrap)28 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)26 EventLoopGroup (io.netty.channel.EventLoopGroup)25 SSLEngine (javax.net.ssl.SSLEngine)25 NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)21 LoggingHandler (io.netty.handler.logging.LoggingHandler)19 SslContext (io.netty.handler.ssl.SslContext)19 Channel (io.netty.channel.Channel)17 ByteBuffer (java.nio.ByteBuffer)11 SSLEngineResult (javax.net.ssl.SSLEngineResult)10 Bootstrap (io.netty.bootstrap.Bootstrap)9 ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)7 NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)7 ChannelFuture (io.netty.channel.ChannelFuture)6 ChannelInboundHandlerAdapter (io.netty.channel.ChannelInboundHandlerAdapter)6 EmbeddedChannel (io.netty.channel.embedded.EmbeddedChannel)6 SocketChannel (io.netty.channel.socket.SocketChannel)6 File (java.io.File)6