Examples with SSLEngine javax.net.ssl.SSLEngine used on opensource projects

Example 51 with SSLEngine

use of javax.net.ssl.SSLEngine in project blade by biezhi.

the class SslClientConnectionFactory method newConnection.

@Override
public Connection newConnection(EndPoint endPoint, Map<String, Object> context) throws IOException {
    String host = (String) context.get(SSL_PEER_HOST_CONTEXT_KEY);
    int port = (Integer) context.get(SSL_PEER_PORT_CONTEXT_KEY);
    SSLEngine engine = sslContextFactory.newSSLEngine(host, port);
    engine.setUseClientMode(true);
    context.put(SSL_ENGINE_CONTEXT_KEY, engine);
    SslConnection sslConnection = newSslConnection(byteBufferPool, executor, endPoint, engine);
    endPoint.setConnection(sslConnection);
    customize(sslConnection, context);
    EndPoint appEndPoint = sslConnection.getDecryptedEndPoint();
    appEndPoint.setConnection(connectionFactory.newConnection(appEndPoint, context));
    return sslConnection;
}

Example 52 with SSLEngine

use of javax.net.ssl.SSLEngine in project apn-proxy by apn-proxy.

the class ApnProxyServerChannelInitializer method initChannel.

@Override
public void initChannel(SocketChannel channel) throws Exception {
    ChannelPipeline pipeline = channel.pipeline();
    pipeline.addLast("idlestate", new IdleStateHandler(0, 0, 3, TimeUnit.MINUTES));
    pipeline.addLast("idlehandler", new ApnProxyIdleHandler());
    pipeline.addLast("datalog", new LoggingHandler("PRE_BYTE_LOGGER", LogLevel.DEBUG));
    if (ApnProxyConfig.getConfig().getListenType() == ApnProxyListenType.SSL) {
        SSLEngine engine = ApnProxySSLContextFactory.createServerSSLSSLEngine();
        pipeline.addLast("apnproxy.encrypt", new SslHandler(engine));
    } else if (ApnProxyConfig.getConfig().getListenType() == ApnProxyListenType.AES) {
        byte[] key = ApnProxyConfig.getConfig().getKey();
        byte[] iv = ApnProxyConfig.getConfig().getIv();
        pipeline.addLast("apnproxy.encrypt", new ApnProxyAESEncoder(key, iv));
        pipeline.addLast("apnproxy.decrypt", new ApnProxyAESDecoder(key, iv));
    }
    pipeline.addLast("log", new LoggingHandler("BYTE_LOGGER", LogLevel.INFO));
    pipeline.addLast("codec", new HttpServerCodec());
    pipeline.addLast(ApnProxyPreHandler.HANDLER_NAME, new ApnProxyPreHandler());
    pipeline.addLast(ApnProxySchemaHandler.HANDLER_NAME, new ApnProxySchemaHandler());
}

Example 53 with SSLEngine

use of javax.net.ssl.SSLEngine in project apn-proxy by apn-proxy.

the class ApnProxyTunnelChannelInitializer method initChannel.

/**
     * @see io.netty.channel.ChannelInitializer#initChannel(io.netty.channel.Channel)
     */
@Override
protected void initChannel(SocketChannel channel) throws Exception {
    ApnProxyRemote apnProxyRemote = uaChannel.attr(ApnProxyConnectionAttribute.ATTRIBUTE_KEY).get().getRemote();
    channel.attr(ApnProxyConnectionAttribute.ATTRIBUTE_KEY).set(uaChannel.attr(ApnProxyConnectionAttribute.ATTRIBUTE_KEY).get());
    ChannelPipeline pipeline = channel.pipeline();
    pipeline.addLast("idlestate", new IdleStateHandler(0, 0, 3, TimeUnit.MINUTES));
    pipeline.addLast("idlehandler", new ApnProxyIdleHandler());
    if (apnProxyRemote.getRemoteListenType() == ApnProxyListenType.SSL) {
        SSLEngine engine = ApnProxySSLContextFactory.createClientSSLEnginForRemoteAddress(apnProxyRemote.getRemoteHost(), apnProxyRemote.getRemotePort());
        engine.setUseClientMode(true);
        pipeline.addLast("ssl", new SslHandler(engine));
    } else if (apnProxyRemote.getRemoteListenType() == ApnProxyListenType.AES) {
        byte[] key = ((ApnProxyAESRemote) apnProxyRemote).getKey();
        byte[] iv = ((ApnProxyAESRemote) apnProxyRemote).getIv();
        pipeline.addLast("apnproxy.encrypt", new ApnProxyAESEncoder(key, iv));
        pipeline.addLast("apnproxy.decrypt", new ApnProxyAESDecoder(key, iv));
    }
    if (apnProxyRemote.getRemoteListenType() == ApnProxyListenType.PLAIN) {
    // nothing to do
    }
    pipeline.addLast(new ApnProxyRelayHandler(apnProxyRemote.getRemoteAddr() + " --> UA", uaChannel));
}

Example 54 with SSLEngine

use of javax.net.ssl.SSLEngine in project netty by netty.

the class SSLEngineTest method testBeginHandshakeCloseOutbound.

@Test
public void testBeginHandshakeCloseOutbound() throws Exception {
    SelfSignedCertificate cert = new SelfSignedCertificate();
    clientSslCtx = SslContextBuilder.forClient().sslProvider(sslClientProvider()).build();
    SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    serverSslCtx = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()).sslProvider(sslServerProvider()).build();
    SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    try {
        testBeginHandshakeCloseOutbound(client);
        testBeginHandshakeCloseOutbound(server);
    } finally {
        cleanupClientSslEngine(client);
        cleanupServerSslEngine(server);
    }
}

Example 55 with SSLEngine

use of javax.net.ssl.SSLEngine in project netty by netty.

the class SSLEngineTest method testUnwrapBehavior.

@Test
public void testUnwrapBehavior() throws Exception {
    SelfSignedCertificate cert = new SelfSignedCertificate();
    clientSslCtx = SslContextBuilder.forClient().trustManager(cert.cert()).sslProvider(sslClientProvider()).build();
    SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    serverSslCtx = SslContextBuilder.forServer(cert.certificate(), cert.privateKey()).sslProvider(sslServerProvider()).build();
    SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
    byte[] bytes = "Hello World".getBytes(CharsetUtil.US_ASCII);
    try {
        ByteBuffer plainClientOut = allocateBuffer(client.getSession().getApplicationBufferSize());
        ByteBuffer encryptedClientToServer = allocateBuffer(server.getSession().getPacketBufferSize() * 2);
        ByteBuffer plainServerIn = allocateBuffer(server.getSession().getApplicationBufferSize());
        handshake(client, server);
        // create two TLS frames
        // first frame
        plainClientOut.put(bytes, 0, 5);
        plainClientOut.flip();
        SSLEngineResult result = client.wrap(plainClientOut, encryptedClientToServer);
        assertEquals(SSLEngineResult.Status.OK, result.getStatus());
        assertEquals(5, result.bytesConsumed());
        assertTrue(result.bytesProduced() > 0);
        assertFalse(plainClientOut.hasRemaining());
        // second frame
        plainClientOut.clear();
        plainClientOut.put(bytes, 5, 6);
        plainClientOut.flip();
        result = client.wrap(plainClientOut, encryptedClientToServer);
        assertEquals(SSLEngineResult.Status.OK, result.getStatus());
        assertEquals(6, result.bytesConsumed());
        assertTrue(result.bytesProduced() > 0);
        // send over to server
        encryptedClientToServer.flip();
        // try with too small output buffer first (to check BUFFER_OVERFLOW case)
        int remaining = encryptedClientToServer.remaining();
        ByteBuffer small = allocateBuffer(3);
        result = server.unwrap(encryptedClientToServer, small);
        assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus());
        assertEquals(remaining, encryptedClientToServer.remaining());
        // now with big enough buffer
        result = server.unwrap(encryptedClientToServer, plainServerIn);
        assertEquals(SSLEngineResult.Status.OK, result.getStatus());
        assertEquals(5, result.bytesProduced());
        assertTrue(encryptedClientToServer.hasRemaining());
        result = server.unwrap(encryptedClientToServer, plainServerIn);
        assertEquals(SSLEngineResult.Status.OK, result.getStatus());
        assertEquals(6, result.bytesProduced());
        assertFalse(encryptedClientToServer.hasRemaining());
        plainServerIn.flip();
        assertEquals(ByteBuffer.wrap(bytes), plainServerIn);
    } finally {
        cleanupClientSslEngine(client);
        cleanupServerSslEngine(server);
    }
}