Examples with SSLEngine - javax.net.ssl.SSLEngine

Example 81 with SSLEngine

use of javax.net.ssl.SSLEngine in project load-balancer by RestComm.

the class MServerChannelConnector method channelConnected.

@Override
public void channelConnected(ChannelHandlerContext ctx, ChannelStateEvent e) throws Exception {
    Channel channel = e.getChannel();
    channels.add(channel);
    if (configuration.isUseSsl()) {
        SslConfiguration sslConfig = configuration.getSslConfiguration();
        if (sslConfig == null)
            throw new IllegalStateException("sslConfiguration must be set");
        SslContextFactory factory = new SslContextFactory(sslConfig);
        SSLEngine sslEngine = factory.newSslEngine();
        sslEngine.setUseClientMode(false);
        channel.getPipeline().addLast(SmppChannelConstants.PIPELINE_SESSION_SSL_NAME, new SslHandler(sslEngine));
    }
    channel.getPipeline().addLast(SmppChannelConstants.PIPELINE_SESSION_PDU_DECODER_NAME, new SmppSessionPduDecoder(new DefaultPduTranscoder(new DefaultPduTranscoderContext())));
    MServerConnectionImpl serverConnectionImpl = new MServerConnectionImpl(server.nextSessionId(), channel, lbServerListener, balancerRunner, monitorExecutor, configuration.isUseSsl());
    channel.getPipeline().addLast(SmppChannelConstants.PIPELINE_SESSION_WRAPPER_NAME, new MServerConnectionHandlerImpl(serverConnectionImpl));
}

Also used : SslContextFactory(com.cloudhopper.smpp.ssl.SslContextFactory) SslConfiguration(com.cloudhopper.smpp.ssl.SslConfiguration) SSLEngine(javax.net.ssl.SSLEngine) SmppSessionPduDecoder(com.cloudhopper.smpp.channel.SmppSessionPduDecoder) Channel(org.jboss.netty.channel.Channel) DefaultPduTranscoderContext(com.cloudhopper.smpp.transcoder.DefaultPduTranscoderContext) DefaultPduTranscoder(com.cloudhopper.smpp.transcoder.DefaultPduTranscoder) SslHandler(org.jboss.netty.handler.ssl.SslHandler)

Example 82 with SSLEngine

use of javax.net.ssl.SSLEngine in project load-balancer by RestComm.

the class HttpClientPipelineFactory method getPipeline.

public ChannelPipeline getPipeline() throws Exception {
    // Create a default pipeline implementation.
    ChannelPipeline pipeline = pipeline();
    pipeline.addLast("decoder", new HttpResponseDecoder());
    // Remove the following line if you don't want automatic content decompression.
    // pipeline.addLast("inflater", new HttpContentDecompressor());
    pipeline.addLast("encoder", new HttpRequestEncoder());
    // http://code.google.com/p/commscale/issues/detail?id=5 support for HttpChunks,
    // https://telestax.atlassian.net/browse/LB-8 if commented accessing the RestComm Management console fails, so making the maxContentLength Configurable
    // pipeline.addLast("aggregator", new HttpChunkAggregator(maxContentLength));
    pipeline.addLast("handler", new HttpResponseHandler(balancerRunner));
    if (isUseSsl) {
        SslConfiguration sslConfig = new SslConfiguration();
        sslConfig.setTrustAll(true);
        sslConfig.setValidateCerts(true);
        sslConfig.setValidatePeerCerts(true);
        SslContextFactory factory = new SslContextFactory(sslConfig);
        SSLEngine sslEngine = factory.newSslEngine();
        sslEngine.setUseClientMode(true);
        pipeline.addFirst("ssl", new SslHandler(sslEngine));
    }
    return pipeline;
}

Also used : SslContextFactory(com.cloudhopper.smpp.ssl.SslContextFactory) SslConfiguration(com.cloudhopper.smpp.ssl.SslConfiguration) SSLEngine(javax.net.ssl.SSLEngine) HttpRequestEncoder(org.jboss.netty.handler.codec.http.HttpRequestEncoder) HttpResponseDecoder(org.jboss.netty.handler.codec.http.HttpResponseDecoder) ChannelPipeline(org.jboss.netty.channel.ChannelPipeline) SslHandler(org.jboss.netty.handler.ssl.SslHandler)

Example 83 with SSLEngine

use of javax.net.ssl.SSLEngine in project load-balancer by RestComm.

the class HttpServerPipelineFactory method getPipeline.

public ChannelPipeline getPipeline() throws Exception {
    // Create a default pipeline implementation.
    ChannelPipeline pipeline = pipeline();
    if (isSecure) {
        SslConfiguration sslConfig = new SslConfiguration();
        sslConfig.setKeyStorePath(balancerRunner.balancerContext.lbConfig.getSslConfiguration().getKeyStore());
        sslConfig.setKeyStorePassword(balancerRunner.balancerContext.lbConfig.getSslConfiguration().getKeyStorePassword());
        sslConfig.setTrustStorePath(balancerRunner.balancerContext.lbConfig.getSslConfiguration().getTrustStore());
        sslConfig.setTrustStorePassword(balancerRunner.balancerContext.lbConfig.getSslConfiguration().getTrustStorePassword());
        String sProtocols = balancerRunner.balancerContext.lbConfig.getSslConfiguration().getTlsClientProtocols();
        String sCipherSuites = balancerRunner.balancerContext.lbConfig.getSslConfiguration().getEnabledCipherSuites();
        if (sProtocols != null) {
            String[] protocols = sProtocols.split(",");
            sslConfig.setIncludeProtocols(protocols);
        }
        if (sCipherSuites != null) {
            String[] cipherSuites = sCipherSuites.split(",");
            sslConfig.setIncludeCipherSuites(cipherSuites);
        }
        SslContextFactory factory = new SslContextFactory(sslConfig);
        SSLEngine sslEngine = factory.newSslEngine();
        sslEngine.setUseClientMode(false);
        pipeline.addLast("ssl", new SslHandler(sslEngine));
    }
    pipeline.addLast("decoder", new HttpRequestDecoder());
    // http://code.google.com/p/commscale/issues/detail?id=5 support for HttpChunks
    // https://telestax.atlassian.net/browse/LB-8 if commented accessing the RestComm Management console fails, so making the maxContentLength Configurable
    // pipeline.addLast("aggregator", new HttpChunkAggregator(maxContentLength));
    pipeline.addLast("encoder", new HttpResponseEncoder());
    // pipeline.addLast("deflater", new HttpContentCompressor());
    if (balancerRunner.balancerContext.terminateTLSTraffic)
        pipeline.addLast("handler", new HttpRequestHandler(balancerRunner, false));
    else
        pipeline.addLast("handler", new HttpRequestHandler(balancerRunner, isSecure));
    return pipeline;
}

Also used : HttpResponseEncoder(org.jboss.netty.handler.codec.http.HttpResponseEncoder) SslContextFactory(com.cloudhopper.smpp.ssl.SslContextFactory) SslConfiguration(com.cloudhopper.smpp.ssl.SslConfiguration) SSLEngine(javax.net.ssl.SSLEngine) HttpRequestDecoder(org.jboss.netty.handler.codec.http.HttpRequestDecoder) ChannelPipeline(org.jboss.netty.channel.ChannelPipeline) SslHandler(org.jboss.netty.handler.ssl.SslHandler)

Example 84 with SSLEngine

use of javax.net.ssl.SSLEngine in project cxf by apache.

the class SSLUtils method createServerSSLEngine.

public static SSLEngine createServerSSLEngine(TLSServerParameters parameters) throws Exception {
    SSLContext sslContext = getSSLContext(parameters);
    SSLEngine serverEngine = sslContext.createSSLEngine();
    serverEngine.setUseClientMode(false);
    serverEngine.setNeedClientAuth(parameters.getClientAuthentication().isRequired());
    return serverEngine;
}

Also used : SSLEngine(javax.net.ssl.SSLEngine) SSLContext(javax.net.ssl.SSLContext)

Example 85 with SSLEngine

use of javax.net.ssl.SSLEngine in project pravega by pravega.

the class ConnectionFactoryImpl method establishConnection.

@Override
public CompletableFuture<ClientConnection> establishConnection(PravegaNodeUri location, ReplyProcessor rp) {
    Preconditions.checkNotNull(location);
    Exceptions.checkNotClosed(closed.get(), this);
    final SslContext sslCtx;
    if (clientConfig.isEnableTls()) {
        try {
            SslContextBuilder sslCtxFactory = SslContextBuilder.forClient();
            if (Strings.isNullOrEmpty(clientConfig.getTrustStore())) {
                sslCtxFactory = sslCtxFactory.trustManager(FingerprintTrustManagerFactory.getInstance(FingerprintTrustManagerFactory.getDefaultAlgorithm()));
            } else {
                sslCtxFactory = SslContextBuilder.forClient().trustManager(new File(clientConfig.getTrustStore()));
            }
            sslCtx = sslCtxFactory.build();
        } catch (SSLException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    } else {
        sslCtx = null;
    }
    AppendBatchSizeTracker batchSizeTracker = new AppendBatchSizeTrackerImpl();
    ClientConnectionInboundHandler handler = new ClientConnectionInboundHandler(location.getEndpoint(), rp, batchSizeTracker);
    Bootstrap b = new Bootstrap();
    b.group(group).channel(nio ? NioSocketChannel.class : EpollSocketChannel.class).option(ChannelOption.TCP_NODELAY, true).handler(new ChannelInitializer<SocketChannel>() {

        @Override
        public void initChannel(SocketChannel ch) throws Exception {
            ChannelPipeline p = ch.pipeline();
            if (sslCtx != null) {
                SslHandler sslHandler = sslCtx.newHandler(ch.alloc(), location.getEndpoint(), location.getPort());
                if (clientConfig.isValidateHostName()) {
                    SSLEngine sslEngine = sslHandler.engine();
                    SSLParameters sslParameters = sslEngine.getSSLParameters();
                    sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
                    sslEngine.setSSLParameters(sslParameters);
                }
                p.addLast(sslHandler);
            }
            // p.addLast(new LoggingHandler(LogLevel.INFO));
            p.addLast(new ExceptionLoggingHandler(location.getEndpoint()), new CommandEncoder(batchSizeTracker), new LengthFieldBasedFrameDecoder(WireCommands.MAX_WIRECOMMAND_SIZE, 4, 4), new CommandDecoder(), handler);
        }
    });
    // Start the client.
    CompletableFuture<ClientConnection> connectionComplete = new CompletableFuture<>();
    try {
        b.connect(location.getEndpoint(), location.getPort()).addListener(new ChannelFutureListener() {

            @Override
            public void operationComplete(ChannelFuture future) {
                if (future.isSuccess()) {
                    // since ChannelFuture is complete future.channel() is not a blocking call.
                    Channel ch = future.channel();
                    log.debug("Connect operation completed for channel:{}, local address:{}, remote address:{}", ch.id(), ch.localAddress(), ch.remoteAddress());
                    // Once a channel is closed the channel group implementation removes it.
                    allChannels.add(ch);
                    connectionComplete.complete(handler);
                } else {
                    connectionComplete.completeExceptionally(new ConnectionFailedException(future.cause()));
                }
            }
        });
    } catch (Exception e) {
        connectionComplete.completeExceptionally(new ConnectionFailedException(e));
    }
    // check if channel is registered.
    CompletableFuture<Void> channelRegisteredFuture = new CompletableFuture<>();
    handler.completeWhenRegistered(channelRegisteredFuture);
    return connectionComplete.thenCombine(channelRegisteredFuture, (clientConnection, v) -> clientConnection);
}

Also used : NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel) SocketChannel(io.netty.channel.socket.SocketChannel) SSLEngine(javax.net.ssl.SSLEngine) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CommandEncoder(io.pravega.shared.protocol.netty.CommandEncoder) SSLException(javax.net.ssl.SSLException) CompletableFuture(java.util.concurrent.CompletableFuture) SSLParameters(javax.net.ssl.SSLParameters) ExceptionLoggingHandler(io.pravega.shared.protocol.netty.ExceptionLoggingHandler) Bootstrap(io.netty.bootstrap.Bootstrap) EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel) LengthFieldBasedFrameDecoder(io.netty.handler.codec.LengthFieldBasedFrameDecoder) SslContext(io.netty.handler.ssl.SslContext) ChannelFuture(io.netty.channel.ChannelFuture) AppendBatchSizeTracker(io.pravega.shared.protocol.netty.AppendBatchSizeTracker) CommandDecoder(io.pravega.shared.protocol.netty.CommandDecoder) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel) SocketChannel(io.netty.channel.socket.SocketChannel) Channel(io.netty.channel.Channel) ChannelFutureListener(io.netty.channel.ChannelFutureListener) ConnectionFailedException(io.pravega.shared.protocol.netty.ConnectionFailedException) SSLException(javax.net.ssl.SSLException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ChannelPipeline(io.netty.channel.ChannelPipeline) SslHandler(io.netty.handler.ssl.SslHandler) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) File(java.io.File) ConnectionFailedException(io.pravega.shared.protocol.netty.ConnectionFailedException)

Aggregations

SSLEngine (javax.net.ssl.SSLEngine)494 IOException (java.io.IOException)97 SSLContext (javax.net.ssl.SSLContext)97 ByteBuffer (java.nio.ByteBuffer)91 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)75 SSLException (javax.net.ssl.SSLException)71 Test (org.junit.Test)64 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)54 SslHandler (io.netty.handler.ssl.SslHandler)52 SSLEngineResult (javax.net.ssl.SSLEngineResult)50 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)47 MethodSource (org.junit.jupiter.params.provider.MethodSource)44 SSLParameters (javax.net.ssl.SSLParameters)43 InetSocketAddress (java.net.InetSocketAddress)42 KeyManagementException (java.security.KeyManagementException)42 ReadOnlyBufferException (java.nio.ReadOnlyBufferException)35 KeyStore (java.security.KeyStore)28 Test (org.junit.jupiter.api.Test)22 ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)21 Socket (java.net.Socket)21