Examples with SslContext org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext used on opensource projects

Example 96 with SslContext

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project netty by netty.

the class Http2Server method main.

public static void main(String[] args) throws Exception {
    // Configure SSL.
    final SslContext sslCtx;
    if (SSL) {
        SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
        SelfSignedCertificate ssc = new SelfSignedCertificate();
        sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(provider).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
        SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
        SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)).build();
    } else {
        sslCtx = null;
    }
    // Configure the server.
    EventLoopGroup group = new NioEventLoopGroup();
    try {
        ServerBootstrap b = new ServerBootstrap();
        b.option(ChannelOption.SO_BACKLOG, 1024);
        b.group(group).channel(NioServerSocketChannel.class).handler(new LoggingHandler(LogLevel.INFO)).childHandler(new Http2ServerInitializer(sslCtx));
        Channel ch = b.bind(PORT).sync().channel();
        System.err.println("Open your HTTP/2-enabled web browser and navigate to " + (SSL ? "https" : "http") + "://127.0.0.1:" + PORT + '/');
        ch.closeFuture().sync();
    } finally {
        group.shutdownGracefully();
    }
}

Example 97 with SslContext

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project netty by netty.

the class Http2Server method start.

public ChannelFuture start() throws Exception {
    final SslContext sslCtx = configureTLS();
    ServerBootstrap b = new ServerBootstrap();
    b.option(ChannelOption.SO_BACKLOG, 1024);
    b.group(group).channel(NioServerSocketChannel.class).childHandler(new ChannelInitializer<SocketChannel>() {

        @Override
        protected void initChannel(SocketChannel ch) throws Exception {
            ch.pipeline().addLast(sslCtx.newHandler(ch.alloc()), new Http2OrHttpHandler());
        }
    });
    Channel ch = b.bind(PORT).sync().channel();
    return ch.closeFuture();
}

Example 98 with SslContext

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project netty by netty.

the class Http2Server method main.

public static void main(String[] args) throws Exception {
    // Configure SSL.
    final SslContext sslCtx;
    if (SSL) {
        SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
        SelfSignedCertificate ssc = new SelfSignedCertificate();
        sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(provider).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
        SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
        SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)).build();
    } else {
        sslCtx = null;
    }
    // Configure the server.
    EventLoopGroup group = new NioEventLoopGroup();
    try {
        ServerBootstrap b = new ServerBootstrap();
        b.option(ChannelOption.SO_BACKLOG, 1024);
        b.group(group).channel(NioServerSocketChannel.class).handler(new LoggingHandler(LogLevel.INFO)).childHandler(new Http2ServerInitializer(sslCtx));
        Channel ch = b.bind(PORT).sync().channel();
        System.err.println("Open your HTTP/2-enabled web browser and navigate to " + (SSL ? "https" : "http") + "://127.0.0.1:" + PORT + '/');
        ch.closeFuture().sync();
    } finally {
        group.shutdownGracefully();
    }
}

Example 99 with SslContext

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project grpc-java by grpc.

the class NettyServerBuilder method useTransportSecurity.

@Override
public NettyServerBuilder useTransportSecurity(File certChain, File privateKey) {
    checkState(!freezeProtocolNegotiatorFactory, "Cannot change security when using ServerCredentials");
    SslContext sslContext;
    try {
        sslContext = GrpcSslContexts.forServer(certChain, privateKey).build();
    } catch (SSLException e) {
        // This should likely be some other, easier to catch exception.
        throw new RuntimeException(e);
    }
    protocolNegotiatorFactory = ProtocolNegotiators.serverTlsFactory(sslContext);
    return this;
}

Example 100 with SslContext

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project grpc-java by grpc.

the class ProtocolNegotiatorsTest method clientTlsHandler_firesNegotiation.

@Test
public void clientTlsHandler_firesNegotiation() throws Exception {
    SelfSignedCertificate cert = new SelfSignedCertificate("authority");
    SslContext clientSslContext = GrpcSslContexts.configure(SslContextBuilder.forClient().trustManager(cert.cert())).build();
    SslContext serverSslContext = GrpcSslContexts.configure(SslContextBuilder.forServer(cert.key(), cert.cert())).build();
    FakeGrpcHttp2ConnectionHandler gh = FakeGrpcHttp2ConnectionHandler.newHandler();
    ClientTlsProtocolNegotiator pn = new ClientTlsProtocolNegotiator(clientSslContext, null);
    WriteBufferingAndExceptionHandler clientWbaeh = new WriteBufferingAndExceptionHandler(pn.newHandler(gh));
    SocketAddress addr = new LocalAddress("addr");
    ChannelHandler sh = ProtocolNegotiators.serverTls(serverSslContext).newHandler(FakeGrpcHttp2ConnectionHandler.noopHandler());
    WriteBufferingAndExceptionHandler serverWbaeh = new WriteBufferingAndExceptionHandler(sh);
    Channel s = new ServerBootstrap().childHandler(serverWbaeh).group(group).channel(LocalServerChannel.class).bind(addr).sync().channel();
    Channel c = new Bootstrap().handler(clientWbaeh).channel(LocalChannel.class).group(group).register().sync().channel();
    ChannelFuture write = c.writeAndFlush(NettyClientHandler.NOOP_MESSAGE);
    c.connect(addr).sync();
    write.sync();
    boolean completed = gh.negotiated.await(TIMEOUT_SECONDS, TimeUnit.SECONDS);
    if (!completed) {
        assertTrue("failed to negotiated", write.await(TIMEOUT_SECONDS, TimeUnit.SECONDS));
        // sync should fail if we are in this block.
        write.sync();
        throw new AssertionError("neither wrote nor negotiated");
    }
    c.close();
    s.close();
    pn.close();
    assertThat(gh.securityInfo).isNotNull();
    assertThat(gh.securityInfo.tls).isNotNull();
    assertThat(gh.attrs.get(GrpcAttributes.ATTR_SECURITY_LEVEL)).isEqualTo(SecurityLevel.PRIVACY_AND_INTEGRITY);
    assertThat(gh.attrs.get(Grpc.TRANSPORT_ATTR_SSL_SESSION)).isInstanceOf(SSLSession.class);
    // This is not part of the ClientTls negotiation, but shows that the negotiation event happens
    // in the right order.
    assertThat(gh.attrs.get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR)).isEqualTo(addr);
}