Example 76 with SSLEngine
use of javax.net.ssl.SSLEngine in project cdap by caskdata.
the class SSLHandlerFactory method create.
public SslHandler create() {
SSLEngine engine = serverContext.createSSLEngine();
engine.setUseClientMode(false);
SslHandler handler = new SslHandler(engine);
handler.setEnableRenegotiation(false);
return handler;
}
Also used :
SSLEngine(javax.net.ssl.SSLEngine)
SslHandler(org.jboss.netty.handler.ssl.SslHandler)
Example 77 with SSLEngine
use of javax.net.ssl.SSLEngine in project CorfuDB by CorfuDB.
the class CorfuServer method main.
public static void main(String[] args) {
serverRunning = true;
// Parse the options given, using docopt.
Map<String, Object> opts = new Docopt(USAGE).withVersion(GitRepositoryState.getRepositoryState().describe).parse(args);
int port = Integer.parseInt((String) opts.get("<port>"));
// Print a nice welcome message.
AnsiConsole.systemInstall();
printLogo();
System.out.println(ansi().a("Welcome to ").fg(RED).a("CORFU ").fg(MAGENTA).a("SERVER").reset());
System.out.println(ansi().a("Version ").a(Version.getVersionString()).a(" (").fg(BLUE).a(GitRepositoryState.getRepositoryState().commitIdAbbrev).reset().a(")"));
System.out.println(ansi().a("Serving on port ").fg(WHITE).a(port).reset());
System.out.println(ansi().a("Service directory: ").fg(WHITE).a((Boolean) opts.get("--memory") ? "MEMORY mode" : opts.get("--log-path")).reset());
// Pick the correct logging level before outputting error messages.
Logger root = (Logger) LoggerFactory.getLogger(Logger.ROOT_LOGGER_NAME);
switch((String) opts.get("--log-level")) {
case "ERROR":
root.setLevel(Level.ERROR);
break;
case "WARN":
root.setLevel(Level.WARN);
break;
case "INFO":
root.setLevel(Level.INFO);
break;
case "DEBUG":
root.setLevel(Level.DEBUG);
break;
case "TRACE":
root.setLevel(Level.TRACE);
break;
default:
root.setLevel(Level.INFO);
log.warn("Level {} not recognized, defaulting to level INFO", opts.get("--log-level"));
}
log.debug("Started with arguments: " + opts);
// Create the service directory if it does not exist.
if (!(Boolean) opts.get("--memory")) {
File serviceDir = new File((String) opts.get("--log-path"));
if (!serviceDir.exists()) {
if (serviceDir.mkdirs()) {
log.info("Created new service directory at {}.", serviceDir);
}
} else if (!serviceDir.isDirectory()) {
log.error("Service directory {} does not point to a directory. Aborting.", serviceDir);
throw new RuntimeException("Service directory must be a directory!");
}
}
// Now, we start the Netty router, and have it route to the correct port.
router = new NettyServerRouter(opts);
// Create a common Server Context for all servers to access.
serverContext = new ServerContext(opts, router);
// Add each role to the router.
addSequencer();
addLayoutServer();
addLogUnit();
addManagementServer();
router.baseServer.setOptionsMap(opts);
// Setup SSL if needed
Boolean tlsEnabled = (Boolean) opts.get("--enable-tls");
Boolean tlsMutualAuthEnabled = (Boolean) opts.get("--enable-tls-mutual-auth");
if (tlsEnabled) {
// Get the TLS cipher suites to enable
String ciphs = (String) opts.get("--tls-ciphers");
if (ciphs != null) {
List<String> ciphers = Pattern.compile(",").splitAsStream(ciphs).map(String::trim).collect(Collectors.toList());
enabledTlsCipherSuites = ciphers.toArray(new String[ciphers.size()]);
}
// Get the TLS protocols to enable
String protos = (String) opts.get("--tls-protocols");
if (protos != null) {
List<String> protocols = Pattern.compile(",").splitAsStream(protos).map(String::trim).collect(Collectors.toList());
enabledTlsProtocols = protocols.toArray(new String[protocols.size()]);
}
try {
sslContext = TlsUtils.enableTls(TlsUtils.SslContextType.SERVER_CONTEXT, (String) opts.get("--keystore"), e -> {
log.error("Could not load keys from the key store.");
System.exit(1);
}, (String) opts.get("--keystore-password-file"), e -> {
log.error("Could not read the key store password file.");
System.exit(1);
}, (String) opts.get("--truststore"), e -> {
log.error("Could not load keys from the trust store.");
System.exit(1);
}, (String) opts.get("--truststore-password-file"), e -> {
log.error("Could not read the trust store password file.");
System.exit(1);
});
} catch (Exception ex) {
log.error("Could not build the SSL context");
System.exit(1);
}
}
Boolean saslPlainTextAuth = (Boolean) opts.get("--enable-sasl-plain-text-auth");
// Create the event loops responsible for servicing inbound messages.
EventLoopGroup bossGroup;
EventLoopGroup workerGroup;
EventExecutorGroup ee;
bossGroup = new NioEventLoopGroup(1, new ThreadFactory() {
final AtomicInteger threadNum = new AtomicInteger(0);
@Override
public Thread newThread(Runnable r) {
Thread t = new Thread(r);
t.setName("accept-" + threadNum.getAndIncrement());
return t;
}
});
workerGroup = new NioEventLoopGroup(Runtime.getRuntime().availableProcessors() * 2, new ThreadFactory() {
final AtomicInteger threadNum = new AtomicInteger(0);
@Override
public Thread newThread(Runnable r) {
Thread t = new Thread(r);
t.setName("io-" + threadNum.getAndIncrement());
return t;
}
});
ee = new DefaultEventExecutorGroup(Runtime.getRuntime().availableProcessors() * 2, new ThreadFactory() {
final AtomicInteger threadNum = new AtomicInteger(0);
@Override
public Thread newThread(Runnable r) {
Thread t = new Thread(r);
t.setName("event-" + threadNum.getAndIncrement());
return t;
}
});
try {
ServerBootstrap b = new ServerBootstrap();
b.group(bossGroup, workerGroup).channel(NioServerSocketChannel.class).option(ChannelOption.SO_BACKLOG, 100).childOption(ChannelOption.SO_KEEPALIVE, true).childOption(ChannelOption.SO_REUSEADDR, true).childOption(ChannelOption.TCP_NODELAY, true).childOption(ChannelOption.ALLOCATOR, PooledByteBufAllocator.DEFAULT).childHandler(new ChannelInitializer<SocketChannel>() {
@Override
public void initChannel(io.netty.channel.socket.SocketChannel ch) throws Exception {
if (tlsEnabled) {
SSLEngine engine = sslContext.newEngine(ch.alloc());
engine.setEnabledCipherSuites(enabledTlsCipherSuites);
engine.setEnabledProtocols(enabledTlsProtocols);
if (tlsMutualAuthEnabled) {
engine.setNeedClientAuth(true);
}
ch.pipeline().addLast("ssl", new SslHandler(engine));
}
ch.pipeline().addLast(new LengthFieldPrepender(4));
ch.pipeline().addLast(new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4));
if (saslPlainTextAuth) {
ch.pipeline().addLast("sasl/plain-text", new PlainTextSaslNettyServer());
}
ch.pipeline().addLast(ee, new NettyCorfuMessageDecoder());
ch.pipeline().addLast(ee, new NettyCorfuMessageEncoder());
ch.pipeline().addLast(ee, router);
}
});
ChannelFuture f = b.bind(port).sync();
while (true) {
try {
f.channel().closeFuture().sync();
} catch (InterruptedException ie) {
}
}
} catch (InterruptedException ie) {
} catch (Exception ex) {
log.error("Corfu server shut down unexpectedly due to exception", ex);
} finally {
bossGroup.shutdownGracefully();
workerGroup.shutdownGracefully();
}
}
Also used :
ChannelOption(io.netty.channel.ChannelOption)
Getter(lombok.Getter)
GitRepositoryState(org.corfudb.util.GitRepositoryState)
LoggerFactory(org.slf4j.LoggerFactory)
NettyCorfuMessageEncoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageEncoder)
Docopt(org.docopt.Docopt)
SSLEngine(javax.net.ssl.SSLEngine)
PlainTextSaslNettyServer(org.corfudb.security.sasl.plaintext.PlainTextSaslNettyServer)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
DefaultEventExecutorGroup(io.netty.util.concurrent.DefaultEventExecutorGroup)
Map(java.util.Map)
Color(org.fusesource.jansi.Ansi.Color)
ThreadFactory(java.util.concurrent.ThreadFactory)
SocketChannel(io.netty.channel.socket.SocketChannel)
LengthFieldPrepender(io.netty.handler.codec.LengthFieldPrepender)
TlsUtils(org.corfudb.security.tls.TlsUtils)
Ansi.ansi(org.fusesource.jansi.Ansi.ansi)
LengthFieldBasedFrameDecoder(io.netty.handler.codec.LengthFieldBasedFrameDecoder)
NettyCorfuMessageDecoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageDecoder)
EventLoopGroup(io.netty.channel.EventLoopGroup)
ChannelInitializer(io.netty.channel.ChannelInitializer)
SslContext(io.netty.handler.ssl.SslContext)
NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel)
PooledByteBufAllocator(io.netty.buffer.PooledByteBufAllocator)
EventExecutorGroup(io.netty.util.concurrent.EventExecutorGroup)
Collectors(java.util.stream.Collectors)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
File(java.io.File)
ChannelFuture(io.netty.channel.ChannelFuture)
Level(ch.qos.logback.classic.Level)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
AnsiConsole(org.fusesource.jansi.AnsiConsole)
Logger(ch.qos.logback.classic.Logger)
SslHandler(io.netty.handler.ssl.SslHandler)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
Pattern(java.util.regex.Pattern)
Version(org.corfudb.util.Version)
ThreadFactory(java.util.concurrent.ThreadFactory)
SocketChannel(io.netty.channel.socket.SocketChannel)
NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel)
DefaultEventExecutorGroup(io.netty.util.concurrent.DefaultEventExecutorGroup)
SSLEngine(javax.net.ssl.SSLEngine)
NettyCorfuMessageEncoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageEncoder)
Logger(ch.qos.logback.classic.Logger)
LengthFieldPrepender(io.netty.handler.codec.LengthFieldPrepender)
Docopt(org.docopt.Docopt)
PlainTextSaslNettyServer(org.corfudb.security.sasl.plaintext.PlainTextSaslNettyServer)
SocketChannel(io.netty.channel.socket.SocketChannel)
LengthFieldBasedFrameDecoder(io.netty.handler.codec.LengthFieldBasedFrameDecoder)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
DefaultEventExecutorGroup(io.netty.util.concurrent.DefaultEventExecutorGroup)
EventExecutorGroup(io.netty.util.concurrent.EventExecutorGroup)
ChannelFuture(io.netty.channel.ChannelFuture)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
SslHandler(io.netty.handler.ssl.SslHandler)
NettyCorfuMessageDecoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageDecoder)
EventLoopGroup(io.netty.channel.EventLoopGroup)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
File(java.io.File)
Example 78 with SSLEngine
use of javax.net.ssl.SSLEngine in project webpieces by deanhiller.
the class WebSSLFactory method createSslEngine.
@Override
public SSLEngine createSslEngine() {
// Create/startPing the SSLContext with key material
try (InputStream keySt = WebSSLFactory.class.getResourceAsStream(serverKeystore)) {
char[] passphrase = password.toCharArray();
// First startPing the key and trust material.
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(keySt, passphrase);
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
//****************Server side specific*********************
// KeyManager's decide which key material to use.
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, passphrase);
sslContext.init(kmf.getKeyManagers(), null, null);
//****************Server side specific*********************
SSLEngine engine = sslContext.createSSLEngine();
engine.setUseClientMode(false);
return engine;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Also used :
InputStream(java.io.InputStream)
SSLEngine(javax.net.ssl.SSLEngine)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
IOException(java.io.IOException)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 79 with SSLEngine
use of javax.net.ssl.SSLEngine in project load-balancer by RestComm.
the class ServerChannelConnector method channelConnected.
@Override
public void channelConnected(ChannelHandlerContext ctx, ChannelStateEvent e) throws Exception {
Channel channel = e.getChannel();
channels.add(channel);
if (configuration.isUseSsl()) {
SslConfiguration sslConfig = configuration.getSslConfiguration();
if (sslConfig == null)
throw new IllegalStateException("sslConfiguration must be set");
SslContextFactory factory = new SslContextFactory(sslConfig);
SSLEngine sslEngine = factory.newSslEngine();
sslEngine.setUseClientMode(false);
channel.getPipeline().addLast(SmppChannelConstants.PIPELINE_SESSION_SSL_NAME, new SslHandler(sslEngine));
}
channel.getPipeline().addLast(SmppChannelConstants.PIPELINE_SESSION_PDU_DECODER_NAME, new SmppSessionPduDecoder(new DefaultPduTranscoder(new DefaultPduTranscoderContext())));
ServerConnectionImpl serverConnectionImpl = new ServerConnectionImpl(server.nextSessionId(), channel, lbServerListener, balancerRunner, monitorExecutor, configuration.isUseSsl());
channel.getPipeline().addLast(SmppChannelConstants.PIPELINE_SESSION_WRAPPER_NAME, new ServerConnectionHandlerImpl(serverConnectionImpl));
}
Also used :
SslContextFactory(com.cloudhopper.smpp.ssl.SslContextFactory)
SslConfiguration(com.cloudhopper.smpp.ssl.SslConfiguration)
SSLEngine(javax.net.ssl.SSLEngine)
SmppSessionPduDecoder(com.cloudhopper.smpp.channel.SmppSessionPduDecoder)
Channel(org.jboss.netty.channel.Channel)
DefaultPduTranscoderContext(com.cloudhopper.smpp.transcoder.DefaultPduTranscoderContext)
DefaultPduTranscoder(com.cloudhopper.smpp.transcoder.DefaultPduTranscoder)
SslHandler(org.jboss.netty.handler.ssl.SslHandler)
Example 80 with SSLEngine
use of javax.net.ssl.SSLEngine in project load-balancer by RestComm.
the class MClientConnectionImpl method connect.
@Override
public Boolean connect() {
// prevent create connection if it's already established https://github.com/RestComm/load-balancer/issues/95
if (channelFuture != null && channelFuture.getChannel().isConnected()) {
// if(logger.isDebugEnabled())
logger.info("LB trying to connect to server but connection is already established so we disconnect it" + "channel is: " + channelFuture.getChannel().getRemoteAddress().toString());
channelFuture.getChannel().disconnect();
}
try {
if (logger.isDebugEnabled())
logger.debug("LB trying to connect to server " + config.getHost() + " " + config.getPort());
channelFuture = clientBootstrap.connect(new InetSocketAddress(config.getHost(), config.getPort()), new InetSocketAddress(localSmppAddress, 0)).sync();
channel = channelFuture.getChannel();
if (config.isUseSsl()) {
isSslConnection = true;
SslConfiguration sslConfig = config.getSslConfiguration();
if (sslConfig == null)
throw new IllegalStateException("sslConfiguration must be set");
try {
SslContextFactory factory = new SslContextFactory(sslConfig);
SSLEngine sslEngine = factory.newSslEngine();
sslEngine.setUseClientMode(true);
channel.getPipeline().addFirst(SmppChannelConstants.PIPELINE_SESSION_SSL_NAME, new SslHandler(sslEngine));
} catch (Exception e) {
logger.error("Unable to create SSL session: " + e.getMessage(), e);
}
}
} catch (Exception ex) {
return false;
}
if (clientState != ClientState.REBINDING)
clientState = ClientState.OPEN;
return true;
}
Also used :
SslContextFactory(com.cloudhopper.smpp.ssl.SslContextFactory)
SslConfiguration(com.cloudhopper.smpp.ssl.SslConfiguration)
InetSocketAddress(java.net.InetSocketAddress)
SSLEngine(javax.net.ssl.SSLEngine)
SslHandler(org.jboss.netty.handler.ssl.SslHandler)
UnrecoverablePduException(com.cloudhopper.smpp.type.UnrecoverablePduException)
RecoverablePduException(com.cloudhopper.smpp.type.RecoverablePduException)
Aggregations
SSLEngine (javax.net.ssl.SSLEngine)494
IOException (java.io.IOException)97
SSLContext (javax.net.ssl.SSLContext)97
ByteBuffer (java.nio.ByteBuffer)91
SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)75
SSLException (javax.net.ssl.SSLException)71
Test (org.junit.Test)64
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)54
SslHandler (io.netty.handler.ssl.SslHandler)52
SSLEngineResult (javax.net.ssl.SSLEngineResult)50
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)47
MethodSource (org.junit.jupiter.params.provider.MethodSource)44
SSLParameters (javax.net.ssl.SSLParameters)43
InetSocketAddress (java.net.InetSocketAddress)42
KeyManagementException (java.security.KeyManagementException)42
ReadOnlyBufferException (java.nio.ReadOnlyBufferException)35
KeyStore (java.security.KeyStore)28
Test (org.junit.jupiter.api.Test)22
ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)21
Socket (java.net.Socket)21
