Search in sources :

Example 6 with SSLEngine

use of javax.net.ssl.SSLEngine in project jetty.project by eclipse.

the class SslBytesServerTest method init.

@Before
public void init() throws Exception {
    threadPool = Executors.newCachedThreadPool();
    server = new Server();
    File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks");
    sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(keyStore.getAbsolutePath());
    sslContextFactory.setKeyStorePassword("storepwd");
    HttpConnectionFactory httpFactory = new HttpConnectionFactory() {

        @Override
        public Connection newConnection(Connector connector, EndPoint endPoint) {
            return configure(new HttpConnection(getHttpConfiguration(), connector, endPoint, getHttpCompliance(), isRecordHttpComplianceViolations()) {

                @Override
                protected HttpParser newHttpParser(HttpCompliance compliance) {
                    return new HttpParser(newRequestHandler(), getHttpConfiguration().getRequestHeaderSize(), compliance) {

                        @Override
                        public boolean parseNext(ByteBuffer buffer) {
                            httpParses.incrementAndGet();
                            return super.parseNext(buffer);
                        }
                    };
                }

                @Override
                protected boolean onReadTimeout() {
                    final Runnable idleHook = SslBytesServerTest.this.idleHook;
                    if (idleHook != null)
                        idleHook.run();
                    return super.onReadTimeout();
                }
            }, connector, endPoint);
        }
    };
    httpFactory.getHttpConfiguration().addCustomizer(new SecureRequestCustomizer());
    SslConnectionFactory sslFactory = new SslConnectionFactory(sslContextFactory, httpFactory.getProtocol()) {

        @Override
        protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) {
            return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine) {

                @Override
                protected DecryptedEndPoint newDecryptedEndPoint() {
                    return new DecryptedEndPoint() {

                        @Override
                        public int fill(ByteBuffer buffer) throws IOException {
                            sslFills.incrementAndGet();
                            return super.fill(buffer);
                        }

                        @Override
                        public boolean flush(ByteBuffer... appOuts) throws IOException {
                            sslFlushes.incrementAndGet();
                            return super.flush(appOuts);
                        }
                    };
                }
            };
        }
    };
    ServerConnector connector = new ServerConnector(server, null, null, null, 1, 1, sslFactory, httpFactory) {

        @Override
        protected ChannelEndPoint newEndPoint(SocketChannel channel, ManagedSelector selectSet, SelectionKey key) throws IOException {
            ChannelEndPoint endp = super.newEndPoint(channel, selectSet, key);
            serverEndPoint.set(endp);
            return endp;
        }
    };
    connector.setIdleTimeout(idleTimeout);
    connector.setPort(0);
    server.addConnector(connector);
    server.setHandler(new AbstractHandler() {

        @Override
        public void handle(String target, Request request, HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws IOException, ServletException {
            try {
                request.setHandled(true);
                String contentLength = request.getHeader("Content-Length");
                if (contentLength != null) {
                    int length = Integer.parseInt(contentLength);
                    ServletInputStream input = httpRequest.getInputStream();
                    ServletOutputStream output = httpResponse.getOutputStream();
                    byte[] buffer = new byte[32 * 1024];
                    while (length > 0) {
                        int read = input.read(buffer);
                        if (read < 0)
                            throw new EOFException();
                        length -= read;
                        if (target.startsWith("/echo"))
                            output.write(buffer, 0, read);
                    }
                }
            } catch (IOException x) {
                if (!(target.endsWith("suppress_exception")))
                    throw x;
            }
        }
    });
    server.start();
    serverPort = connector.getLocalPort();
    sslContext = sslContextFactory.getSslContext();
    proxy = new SimpleProxy(threadPool, "localhost", serverPort);
    proxy.start();
    logger.info("proxy:{} <==> server:{}", proxy.getPort(), serverPort);
}
Also used : ManagedSelector(org.eclipse.jetty.io.ManagedSelector) ServerConnector(org.eclipse.jetty.server.ServerConnector) Connector(org.eclipse.jetty.server.Connector) SocketChannel(java.nio.channels.SocketChannel) Server(org.eclipse.jetty.server.Server) HttpConnection(org.eclipse.jetty.server.HttpConnection) ChannelEndPoint(org.eclipse.jetty.io.ChannelEndPoint) ServletOutputStream(javax.servlet.ServletOutputStream) SSLEngine(javax.net.ssl.SSLEngine) EndPoint(org.eclipse.jetty.io.EndPoint) ChannelEndPoint(org.eclipse.jetty.io.ChannelEndPoint) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) AbstractHandler(org.eclipse.jetty.server.handler.AbstractHandler) ServerConnector(org.eclipse.jetty.server.ServerConnector) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) ServletInputStream(javax.servlet.ServletInputStream) EOFException(java.io.EOFException) HttpParser(org.eclipse.jetty.http.HttpParser) SelectionKey(java.nio.channels.SelectionKey) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) Request(org.eclipse.jetty.server.Request) HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) ByteBuffer(java.nio.ByteBuffer) HttpCompliance(org.eclipse.jetty.http.HttpCompliance) SslConnection(org.eclipse.jetty.io.ssl.SslConnection) File(java.io.File) Before(org.junit.Before)

Example 7 with SSLEngine

use of javax.net.ssl.SSLEngine in project jetty.project by eclipse.

the class HttpClientTimeoutTest method testIdleTimeout.

@Test
public void testIdleTimeout() throws Throwable {
    long timeout = 1000;
    start(new TimeoutHandler(2 * timeout));
    client.stop();
    final AtomicBoolean sslIdle = new AtomicBoolean();
    client = new HttpClient(new HttpClientTransportOverHTTP() {

        @Override
        public HttpDestination newHttpDestination(Origin origin) {
            return new HttpDestinationOverHTTP(getHttpClient(), origin) {

                @Override
                protected ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory) {
                    HttpClient client = getHttpClient();
                    return new SslClientConnectionFactory(client.getSslContextFactory(), client.getByteBufferPool(), client.getExecutor(), connectionFactory) {

                        @Override
                        protected SslConnection newSslConnection(ByteBufferPool byteBufferPool, Executor executor, EndPoint endPoint, SSLEngine engine) {
                            return new SslConnection(byteBufferPool, executor, endPoint, engine) {

                                @Override
                                protected boolean onReadTimeout() {
                                    sslIdle.set(true);
                                    return super.onReadTimeout();
                                }
                            };
                        }
                    };
                }
            };
        }
    }, sslContextFactory);
    client.setIdleTimeout(timeout);
    client.start();
    try {
        client.newRequest("localhost", connector.getLocalPort()).scheme(scheme).send();
        Assert.fail();
    } catch (Exception x) {
        Assert.assertFalse(sslIdle.get());
        Assert.assertThat(x.getCause(), Matchers.instanceOf(TimeoutException.class));
    }
}
Also used : ByteBufferPool(org.eclipse.jetty.io.ByteBufferPool) SSLEngine(javax.net.ssl.SSLEngine) SslClientConnectionFactory(org.eclipse.jetty.io.ssl.SslClientConnectionFactory) HttpClientTransportOverHTTP(org.eclipse.jetty.client.http.HttpClientTransportOverHTTP) ClientConnectionFactory(org.eclipse.jetty.io.ClientConnectionFactory) SslClientConnectionFactory(org.eclipse.jetty.io.ssl.SslClientConnectionFactory) EndPoint(org.eclipse.jetty.io.EndPoint) ServletException(javax.servlet.ServletException) TimeoutException(java.util.concurrent.TimeoutException) SocketTimeoutException(java.net.SocketTimeoutException) IOException(java.io.IOException) SslConnection(org.eclipse.jetty.io.ssl.SslConnection) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) Executor(java.util.concurrent.Executor) HttpDestinationOverHTTP(org.eclipse.jetty.client.http.HttpDestinationOverHTTP) Test(org.junit.Test)

Example 8 with SSLEngine

use of javax.net.ssl.SSLEngine in project jetty.project by eclipse.

the class ALPNClientConnectionFactory method newConnection.

@Override
public Connection newConnection(EndPoint endPoint, Map<String, Object> context) throws IOException {
    SSLEngine sslEngine = (SSLEngine) context.get(SslClientConnectionFactory.SSL_ENGINE_CONTEXT_KEY);
    getALPNProcessor().configure(sslEngine, protocols);
    ContainerLifeCycle connector = (ContainerLifeCycle) context.get(ClientConnectionFactory.CONNECTOR_CONTEXT_KEY);
    // Method addBean() has set semantic, so the listener is added only once.
    connector.addBean(alpnListener);
    ALPNClientConnection connection = new ALPNClientConnection(endPoint, executor, getClientConnectionFactory(), sslEngine, context, protocols);
    return customize(connection, context);
}
Also used : SSLEngine(javax.net.ssl.SSLEngine) ContainerLifeCycle(org.eclipse.jetty.util.component.ContainerLifeCycle)

Example 9 with SSLEngine

use of javax.net.ssl.SSLEngine in project jetty.project by eclipse.

the class SslConnectionFactory method newConnection.

@Override
public Connection newConnection(Connector connector, EndPoint endPoint) {
    SSLEngine engine = _sslContextFactory.newSSLEngine(endPoint.getRemoteAddress());
    engine.setUseClientMode(false);
    SslConnection sslConnection = newSslConnection(connector, endPoint, engine);
    sslConnection.setRenegotiationAllowed(_sslContextFactory.isRenegotiationAllowed());
    configure(sslConnection, connector, endPoint);
    ConnectionFactory next = connector.getConnectionFactory(_nextProtocol);
    EndPoint decryptedEndPoint = sslConnection.getDecryptedEndPoint();
    Connection connection = next.newConnection(connector, decryptedEndPoint);
    decryptedEndPoint.setConnection(connection);
    return sslConnection;
}
Also used : SslConnection(org.eclipse.jetty.io.ssl.SslConnection) SSLEngine(javax.net.ssl.SSLEngine) Connection(org.eclipse.jetty.io.Connection) AbstractConnection(org.eclipse.jetty.io.AbstractConnection) SslConnection(org.eclipse.jetty.io.ssl.SslConnection) EndPoint(org.eclipse.jetty.io.EndPoint)

Example 10 with SSLEngine

use of javax.net.ssl.SSLEngine in project jetty.project by eclipse.

the class SslContextFactory method dump.

@Override
public void dump(Appendable out, String indent) throws IOException {
    out.append(String.valueOf(this)).append(" trustAll=").append(Boolean.toString(_trustAll)).append(System.lineSeparator());
    try {
        /* Use a pristine SSLEngine (not one from this SslContextFactory).
             * This will allow for proper detection and identification
             * of JRE/lib/security/java.security level disabled features
             */
        SSLEngine sslEngine = SSLContext.getDefault().createSSLEngine();
        List<Object> selections = new ArrayList<>();
        // protocols
        selections.add(new SslSelectionDump("Protocol", sslEngine.getSupportedProtocols(), sslEngine.getEnabledProtocols(), getExcludeProtocols(), getIncludeProtocols()));
        // ciphers
        selections.add(new SslSelectionDump("Cipher Suite", sslEngine.getSupportedCipherSuites(), sslEngine.getEnabledCipherSuites(), getExcludeCipherSuites(), getIncludeCipherSuites()));
        ContainerLifeCycle.dump(out, indent, selections);
    } catch (NoSuchAlgorithmException ignore) {
        LOG.ignore(ignore);
    }
}
Also used : SSLEngine(javax.net.ssl.SSLEngine) ArrayList(java.util.ArrayList) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Aggregations

SSLEngine (javax.net.ssl.SSLEngine)494 IOException (java.io.IOException)97 SSLContext (javax.net.ssl.SSLContext)97 ByteBuffer (java.nio.ByteBuffer)91 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)75 SSLException (javax.net.ssl.SSLException)71 Test (org.junit.Test)64 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)54 SslHandler (io.netty.handler.ssl.SslHandler)52 SSLEngineResult (javax.net.ssl.SSLEngineResult)50 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)47 MethodSource (org.junit.jupiter.params.provider.MethodSource)44 SSLParameters (javax.net.ssl.SSLParameters)43 InetSocketAddress (java.net.InetSocketAddress)42 KeyManagementException (java.security.KeyManagementException)42 ReadOnlyBufferException (java.nio.ReadOnlyBufferException)35 KeyStore (java.security.KeyStore)28 Test (org.junit.jupiter.api.Test)22 ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)21 Socket (java.net.Socket)21