Example 71 with SslContext
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project netty by netty.
the class Http2MultiplexTransportTest method testFireChannelReadAfterHandshakeSuccess.
private void testFireChannelReadAfterHandshakeSuccess(SslProvider provider) throws Exception {
SelfSignedCertificate ssc = null;
try {
ssc = new SelfSignedCertificate();
final SslContext serverCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(provider).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)).build();
ServerBootstrap sb = new ServerBootstrap();
sb.group(eventLoopGroup);
sb.channel(NioServerSocketChannel.class);
sb.childHandler(new ChannelInitializer<Channel>() {
@Override
protected void initChannel(Channel ch) {
ch.pipeline().addLast(serverCtx.newHandler(ch.alloc()));
ch.pipeline().addLast(new ApplicationProtocolNegotiationHandler(ApplicationProtocolNames.HTTP_1_1) {
@Override
protected void configurePipeline(ChannelHandlerContext ctx, String protocol) {
ctx.pipeline().addLast(new Http2FrameCodecBuilder(true).build());
ctx.pipeline().addLast(new Http2MultiplexHandler(new ChannelInboundHandlerAdapter() {
@Override
public void channelRead(final ChannelHandlerContext ctx, Object msg) {
if (msg instanceof Http2HeadersFrame && ((Http2HeadersFrame) msg).isEndStream()) {
ctx.writeAndFlush(new DefaultHttp2HeadersFrame(new DefaultHttp2Headers(), false)).addListener(new ChannelFutureListener() {
@Override
public void operationComplete(ChannelFuture future) {
ctx.writeAndFlush(new DefaultHttp2DataFrame(Unpooled.copiedBuffer("Hello World", CharsetUtil.US_ASCII), true));
}
});
}
ReferenceCountUtil.release(msg);
}
}));
}
});
}
});
serverChannel = sb.bind(new InetSocketAddress(NetUtil.LOCALHOST, 0)).sync().channel();
final SslContext clientCtx = SslContextBuilder.forClient().sslProvider(provider).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).trustManager(InsecureTrustManagerFactory.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)).build();
final CountDownLatch latch = new CountDownLatch(1);
Bootstrap bs = new Bootstrap();
bs.group(eventLoopGroup);
bs.channel(NioSocketChannel.class);
bs.handler(new ChannelInitializer<Channel>() {
@Override
protected void initChannel(Channel ch) {
ch.pipeline().addLast(clientCtx.newHandler(ch.alloc()));
ch.pipeline().addLast(new Http2FrameCodecBuilder(false).build());
ch.pipeline().addLast(new Http2MultiplexHandler(DISCARD_HANDLER));
ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) {
if (evt instanceof SslHandshakeCompletionEvent) {
SslHandshakeCompletionEvent handshakeCompletionEvent = (SslHandshakeCompletionEvent) evt;
if (handshakeCompletionEvent.isSuccess()) {
Http2StreamChannelBootstrap h2Bootstrap = new Http2StreamChannelBootstrap(clientChannel);
h2Bootstrap.handler(new ChannelInboundHandlerAdapter() {
@Override
public void channelRead(ChannelHandlerContext ctx, Object msg) {
if (msg instanceof Http2DataFrame && ((Http2DataFrame) msg).isEndStream()) {
latch.countDown();
}
ReferenceCountUtil.release(msg);
}
});
h2Bootstrap.open().addListener(new FutureListener<Channel>() {
@Override
public void operationComplete(Future<Channel> future) {
if (future.isSuccess()) {
future.getNow().writeAndFlush(new DefaultHttp2HeadersFrame(new DefaultHttp2Headers(), true));
}
}
});
}
}
}
});
}
});
clientChannel = bs.connect(serverChannel.localAddress()).sync().channel();
latch.await();
} finally {
if (ssc != null) {
ssc.delete();
}
}
}
Also used :
SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate)
SslHandshakeCompletionEvent(io.netty.handler.ssl.SslHandshakeCompletionEvent)
InetSocketAddress(java.net.InetSocketAddress)
ChannelHandlerContext(io.netty.channel.ChannelHandlerContext)
ApplicationProtocolConfig(io.netty.handler.ssl.ApplicationProtocolConfig)
Bootstrap(io.netty.bootstrap.Bootstrap)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
SslContext(io.netty.handler.ssl.SslContext)
ChannelFuture(io.netty.channel.ChannelFuture)
NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel)
NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel)
Channel(io.netty.channel.Channel)
CountDownLatch(java.util.concurrent.CountDownLatch)
ChannelFutureListener(io.netty.channel.ChannelFutureListener)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
ApplicationProtocolNegotiationHandler(io.netty.handler.ssl.ApplicationProtocolNegotiationHandler)
ChannelInboundHandlerAdapter(io.netty.channel.ChannelInboundHandlerAdapter)
Example 72 with SslContext
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project netty by netty.
the class Http2SecurityUtilTest method testCiphersIncluded.
private static void testCiphersIncluded(String protocol) throws SSLException {
SslContext context = SslContextBuilder.forClient().sslProvider(SslProvider.JDK).protocols(protocol).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).build();
SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
Assertions.assertTrue(engine.getEnabledCipherSuites().length > 0, "No " + protocol + " ciphers found");
}
Also used :
SSLEngine(javax.net.ssl.SSLEngine)
SslContext(io.netty.handler.ssl.SslContext)
Example 73 with SslContext
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project netty by netty.
the class Http2StreamFrameToHttpObjectCodecTest method testEncodeHttpsSchemeWhenSslHandlerExists.
@Test
public void testEncodeHttpsSchemeWhenSslHandlerExists() throws Exception {
final Queue<Http2StreamFrame> frames = new ConcurrentLinkedQueue<Http2StreamFrame>();
final SslContext ctx = SslContextBuilder.forClient().sslProvider(SslProvider.JDK).build();
EmbeddedChannel ch = new EmbeddedChannel(ctx.newHandler(ByteBufAllocator.DEFAULT), new ChannelOutboundHandlerAdapter() {
@Override
public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise) throws Exception {
if (msg instanceof Http2StreamFrame) {
frames.add((Http2StreamFrame) msg);
ctx.write(Unpooled.EMPTY_BUFFER, promise);
} else {
ctx.write(msg, promise);
}
}
}, new Http2StreamFrameToHttpObjectCodec(false));
try {
FullHttpRequest req = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, "/hello/world");
assertTrue(ch.writeOutbound(req));
ch.finishAndReleaseAll();
Http2HeadersFrame headersFrame = (Http2HeadersFrame) frames.poll();
Http2Headers headers = headersFrame.headers();
assertThat(headers.scheme().toString(), is("https"));
assertThat(headers.method().toString(), is("GET"));
assertThat(headers.path().toString(), is("/hello/world"));
assertTrue(headersFrame.isEndStream());
assertNull(frames.poll());
} finally {
ch.finishAndReleaseAll();
}
}
Also used :
DefaultFullHttpRequest(io.netty.handler.codec.http.DefaultFullHttpRequest)
FullHttpRequest(io.netty.handler.codec.http.FullHttpRequest)
DefaultFullHttpRequest(io.netty.handler.codec.http.DefaultFullHttpRequest)
EmbeddedChannel(io.netty.channel.embedded.EmbeddedChannel)
ChannelOutboundHandlerAdapter(io.netty.channel.ChannelOutboundHandlerAdapter)
ChannelHandlerContext(io.netty.channel.ChannelHandlerContext)
ChannelPromise(io.netty.channel.ChannelPromise)
EncoderException(io.netty.handler.codec.EncoderException)
ConcurrentLinkedQueue(java.util.concurrent.ConcurrentLinkedQueue)
SslContext(io.netty.handler.ssl.SslContext)
Test(org.junit.jupiter.api.Test)
Example 74 with SslContext
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project netty by netty.
the class NettyBlockHoundIntegrationTest method testSslHandlerWrapAllowsBlockingCalls.
@Test
public void testSslHandlerWrapAllowsBlockingCalls() throws Exception {
final SslContext sslClientCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(SslProvider.JDK).build();
final SslHandler sslHandler = sslClientCtx.newHandler(UnpooledByteBufAllocator.DEFAULT);
final EventLoopGroup group = new NioEventLoopGroup();
final CountDownLatch activeLatch = new CountDownLatch(1);
final AtomicReference<Throwable> error = new AtomicReference<>();
Channel sc = null;
Channel cc = null;
try {
sc = new ServerBootstrap().group(group).channel(NioServerSocketChannel.class).childHandler(new ChannelInboundHandlerAdapter()).bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
cc = new Bootstrap().group(group).channel(NioSocketChannel.class).handler(new ChannelInitializer<Channel>() {
@Override
protected void initChannel(Channel ch) {
ch.pipeline().addLast(sslHandler);
ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {
@Override
public void channelActive(ChannelHandlerContext ctx) {
activeLatch.countDown();
}
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) {
if (evt instanceof SslHandshakeCompletionEvent && ((SslHandshakeCompletionEvent) evt).cause() != null) {
Throwable cause = ((SslHandshakeCompletionEvent) evt).cause();
cause.printStackTrace();
error.set(cause);
}
ctx.fireUserEventTriggered(evt);
}
});
}
}).connect(sc.localAddress()).addListener((ChannelFutureListener) future -> future.channel().writeAndFlush(wrappedBuffer(new byte[] { 1, 2, 3, 4 }))).syncUninterruptibly().channel();
assertTrue(activeLatch.await(5, TimeUnit.SECONDS));
assertNull(error.get());
} finally {
if (cc != null) {
cc.close().syncUninterruptibly();
}
if (sc != null) {
sc.close().syncUninterruptibly();
}
group.shutdownGracefully();
ReferenceCountUtil.release(sslClientCtx);
}
}
Also used :
NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel)
SslHandshakeCompletionEvent(io.netty.handler.ssl.SslHandshakeCompletionEvent)
InetSocketAddress(java.net.InetSocketAddress)
NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel)
NioDatagramChannel(io.netty.channel.socket.nio.NioDatagramChannel)
NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel)
Channel(io.netty.channel.Channel)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
ChannelHandlerContext(io.netty.channel.ChannelHandlerContext)
CountDownLatch(java.util.concurrent.CountDownLatch)
ChannelFutureListener(io.netty.channel.ChannelFutureListener)
SslHandler(io.netty.handler.ssl.SslHandler)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
EventLoopGroup(io.netty.channel.EventLoopGroup)
Bootstrap(io.netty.bootstrap.Bootstrap)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
ChannelInitializer(io.netty.channel.ChannelInitializer)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
SslContext(io.netty.handler.ssl.SslContext)
ChannelInboundHandlerAdapter(io.netty.channel.ChannelInboundHandlerAdapter)
Test(org.junit.jupiter.api.Test)
Example 75 with SslContext
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project netty by netty.
the class NettyBlockHoundIntegrationTest method testTrustManagerVerify.
private static void testTrustManagerVerify(SslProvider provider, String tlsVersion) throws Exception {
final SslContext sslClientCtx = SslContextBuilder.forClient().sslProvider(provider).protocols(tlsVersion).trustManager(ResourcesUtil.getFile(NettyBlockHoundIntegrationTest.class, "mutual_auth_ca.pem")).build();
final SslContext sslServerCtx = SslContextBuilder.forServer(ResourcesUtil.getFile(NettyBlockHoundIntegrationTest.class, "localhost_server.pem"), ResourcesUtil.getFile(NettyBlockHoundIntegrationTest.class, "localhost_server.key"), null).sslProvider(provider).protocols(tlsVersion).build();
final SslHandler clientSslHandler = sslClientCtx.newHandler(UnpooledByteBufAllocator.DEFAULT);
final SslHandler serverSslHandler = sslServerCtx.newHandler(UnpooledByteBufAllocator.DEFAULT);
testHandshake(sslClientCtx, clientSslHandler, serverSslHandler);
}
Also used :
SslHandler(io.netty.handler.ssl.SslHandler)
SslContext(io.netty.handler.ssl.SslContext)
Aggregations
SslContext (io.netty.handler.ssl.SslContext)221
NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)67
SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)59
EventLoopGroup (io.netty.channel.EventLoopGroup)52
Channel (io.netty.channel.Channel)48
Test (org.junit.Test)48
SSLException (javax.net.ssl.SSLException)46
ServerBootstrap (io.netty.bootstrap.ServerBootstrap)41
SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)37
NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)36
Bootstrap (io.netty.bootstrap.Bootstrap)35
LoggingHandler (io.netty.handler.logging.LoggingHandler)35
SocketChannel (io.netty.channel.socket.SocketChannel)34
NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)33
InetSocketAddress (java.net.InetSocketAddress)31
SslHandler (io.netty.handler.ssl.SslHandler)30
CertificateException (java.security.cert.CertificateException)29
IOException (java.io.IOException)26
File (java.io.File)24
ChannelPipeline (io.netty.channel.ChannelPipeline)23
