Examples with SslContext org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext used on opensource projects

Search in sources :

Example 36 with SslContext

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project cassandra by apache.

the class PipelineConfigurator method encryptionConfig.

protected EncryptionConfig encryptionConfig() {
    final EncryptionOptions encryptionOptions = DatabaseDescriptor.getNativeProtocolEncryptionOptions();
    switch(tlsEncryptionPolicy) {
        case UNENCRYPTED:
            // if encryption is not enabled, no further steps are required after the initial setup
            return channel -> {
            };
        case OPTIONAL:
            // If optional, install a handler which detects whether or not the client is sending
            // encrypted bytes. If so, on receipt of the next bytes, replace that handler with
            // an SSL Handler, otherwise just remove it and proceed with an unencrypted channel.
            logger.debug("Enabling optionally encrypted CQL connections between client and server");
            return channel -> {
                SslContext sslContext = SSLFactory.getOrCreateSslContext(encryptionOptions, encryptionOptions.require_client_auth, ISslContextFactory.SocketType.SERVER);
                channel.pipeline().addFirst(SSL_HANDLER, new ByteToMessageDecoder() {

                    @Override
                    protected void decode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
                        if (byteBuf.readableBytes() < 5) {
                            // once more bytes a ready.
                            return;
                        }
                        if (SslHandler.isEncrypted(byteBuf)) {
                            // Connection uses SSL/TLS, replace the detection handler with a SslHandler and so use
                            // encryption.
                            SslHandler sslHandler = sslContext.newHandler(channel.alloc());
                            channelHandlerContext.pipeline().replace(SSL_HANDLER, SSL_HANDLER, sslHandler);
                        } else {
                            // Connection use no TLS/SSL encryption, just remove the detection handler and continue without
                            // SslHandler in the pipeline.
                            channelHandlerContext.pipeline().remove(SSL_HANDLER);
                        }
                    }
                });
            };
        case ENCRYPTED:
            logger.debug("Enabling encrypted CQL connections between client and server");
            return channel -> {
                SslContext sslContext = SSLFactory.getOrCreateSslContext(encryptionOptions, encryptionOptions.require_client_auth, ISslContextFactory.SocketType.SERVER);
                channel.pipeline().addFirst(SSL_HANDLER, sslContext.newHandler(channel.alloc()));
            };
        default:
            throw new IllegalStateException("Unrecognized TLS encryption policy: " + this.tlsEncryptionPolicy);
    }
}
Also used : LoggingHandler(io.netty.handler.logging.LoggingHandler) ISslContextFactory(org.apache.cassandra.security.ISslContextFactory) LoggerFactory(org.slf4j.LoggerFactory) EncryptionOptions(org.apache.cassandra.config.EncryptionOptions) Strings(com.google.common.base.Strings) ByteBuf(io.netty.buffer.ByteBuf) EpollServerSocketChannel(io.netty.channel.epoll.EpollServerSocketChannel) SSLFactory(org.apache.cassandra.security.SSLFactory) Map(java.util.Map) StartupMessage(org.apache.cassandra.transport.messages.StartupMessage) io.netty.channel(io.netty.channel) ByteToMessageDecoder(io.netty.handler.codec.ByteToMessageDecoder) DatabaseDescriptor(org.apache.cassandra.config.DatabaseDescriptor) Logger(org.slf4j.Logger) IdleStateEvent(io.netty.handler.timeout.IdleStateEvent) SslContext(io.netty.handler.ssl.SslContext) NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel) InetSocketAddress(java.net.InetSocketAddress) TimeUnit(java.util.concurrent.TimeUnit) IdleStateHandler(io.netty.handler.timeout.IdleStateHandler) Version(io.netty.util.Version) List(java.util.List) LogLevel(io.netty.handler.logging.LogLevel) SslHandler(io.netty.handler.ssl.SslHandler) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) org.apache.cassandra.net(org.apache.cassandra.net) List(java.util.List) EncryptionOptions(org.apache.cassandra.config.EncryptionOptions) ByteToMessageDecoder(io.netty.handler.codec.ByteToMessageDecoder) ByteBuf(io.netty.buffer.ByteBuf) SslHandler(io.netty.handler.ssl.SslHandler) SslContext(io.netty.handler.ssl.SslContext)

Example 37 with SslContext

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project cassandra by apache.

the class SSLFactoryTest method getSslContext_ParamChanges.

@Test
public void getSslContext_ParamChanges() throws IOException {
    EncryptionOptions options = addKeystoreOptions(encryptionOptions).withEnabled(true).withCipherSuites("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
    SslContext ctx1 = SSLFactory.getOrCreateSslContext(options, true, ISslContextFactory.SocketType.SERVER);
    Assert.assertTrue(ctx1.isServer());
    Assert.assertEquals(ctx1.cipherSuites(), options.cipher_suites);
    options = options.withCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
    SslContext ctx2 = SSLFactory.getOrCreateSslContext(options, true, ISslContextFactory.SocketType.CLIENT);
    Assert.assertTrue(ctx2.isClient());
    Assert.assertEquals(ctx2.cipherSuites(), options.cipher_suites);
}
Also used : EncryptionOptions(org.apache.cassandra.config.EncryptionOptions) ServerEncryptionOptions(org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions) SslContext(io.netty.handler.ssl.SslContext) Test(org.junit.Test)

Example 38 with SslContext

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project cassandra by apache.

the class SSLFactoryTest method testSslContextReload_HappyPath.

@Test
public void testSslContextReload_HappyPath() throws IOException, InterruptedException {
    try {
        ServerEncryptionOptions options = addKeystoreOptions(encryptionOptions).withInternodeEncryption(ServerEncryptionOptions.InternodeEncryption.all);
        SSLFactory.initHotReloading(options, options, true);
        SslContext oldCtx = SSLFactory.getOrCreateSslContext(options, true, ISslContextFactory.SocketType.CLIENT);
        File keystoreFile = new File(options.keystore);
        SSLFactory.checkCertFilesForHotReloading(options, options);
        keystoreFile.trySetLastModified(System.currentTimeMillis() + 15000);
        SSLFactory.checkCertFilesForHotReloading(options, options);
        SslContext newCtx = SSLFactory.getOrCreateSslContext(options, true, ISslContextFactory.SocketType.CLIENT);
        Assert.assertNotSame(oldCtx, newCtx);
    } catch (Exception e) {
        throw e;
    } finally {
        DatabaseDescriptor.loadConfig();
    }
}
Also used : ServerEncryptionOptions(org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions) File(org.apache.cassandra.io.util.File) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SslContext(io.netty.handler.ssl.SslContext) Test(org.junit.Test)

Example 39 with SslContext

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project cassandra by apache.

the class SSLFactoryTest method testSslFactoryHotReload_CorruptOrNonExistentFile_DoesNotClearExistingSslContext.

@Test
public void testSslFactoryHotReload_CorruptOrNonExistentFile_DoesNotClearExistingSslContext() throws IOException {
    try {
        ServerEncryptionOptions options = addKeystoreOptions(encryptionOptions);
        File testKeystoreFile = new File(options.keystore + ".test");
        FileUtils.copyFile(new File(options.keystore).toJavaIOFile(), testKeystoreFile.toJavaIOFile());
        options = options.withKeyStore(testKeystoreFile.path());
        SSLFactory.initHotReloading(options, options, true);
        SslContext oldCtx = SSLFactory.getOrCreateSslContext(options, true, ISslContextFactory.SocketType.CLIENT);
        SSLFactory.checkCertFilesForHotReloading(options, options);
        testKeystoreFile.trySetLastModified(System.currentTimeMillis() + 15000);
        FileUtils.forceDelete(testKeystoreFile.toJavaIOFile());
        SSLFactory.checkCertFilesForHotReloading(options, options);
        SslContext newCtx = SSLFactory.getOrCreateSslContext(options, true, ISslContextFactory.SocketType.CLIENT);
        Assert.assertSame(oldCtx, newCtx);
    } catch (Exception e) {
        throw e;
    } finally {
        DatabaseDescriptor.loadConfig();
        FileUtils.deleteQuietly(new File(encryptionOptions.keystore + ".test").toJavaIOFile());
    }
}
Also used : ServerEncryptionOptions(org.apache.cassandra.config.EncryptionOptions.ServerEncryptionOptions) File(org.apache.cassandra.io.util.File) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SslContext(io.netty.handler.ssl.SslContext) Test(org.junit.Test)

Example 40 with SslContext

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext in project cassandra by apache.

the class PEMBasedSslContextFactoryTest method getSslContextOpenSSL.

@Test
public void getSslContextOpenSSL() throws IOException {
    ParameterizedClass sslContextFactory = new ParameterizedClass(PEMBasedSslContextFactory.class.getSimpleName(), new HashMap<>());
    EncryptionOptions options = new EncryptionOptions().withTrustStore("test/conf/cassandra_ssl_test.truststore.pem").withKeyStore("test/conf/cassandra_ssl_test.keystore.pem").withKeyStorePassword("cassandra").withRequireClientAuth(false).withCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA").withSslContextFactory(sslContextFactory);
    SslContext sslContext = SSLFactory.getOrCreateSslContext(options, true, ISslContextFactory.SocketType.CLIENT);
    Assert.assertNotNull(sslContext);
    if (OpenSsl.isAvailable())
        Assert.assertTrue(sslContext instanceof OpenSslContext);
    else
        Assert.assertTrue(sslContext instanceof SslContext);
}
Also used : OpenSslContext(io.netty.handler.ssl.OpenSslContext) ParameterizedClass(org.apache.cassandra.config.ParameterizedClass) EncryptionOptions(org.apache.cassandra.config.EncryptionOptions) SslContext(io.netty.handler.ssl.SslContext) OpenSslContext(io.netty.handler.ssl.OpenSslContext) Test(org.junit.Test)

Aggregations

SslContext (io.netty.handler.ssl.SslContext)220 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)67 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)59 EventLoopGroup (io.netty.channel.EventLoopGroup)52 Channel (io.netty.channel.Channel)48 Test (org.junit.Test)48 SSLException (javax.net.ssl.SSLException)46 ServerBootstrap (io.netty.bootstrap.ServerBootstrap)41 SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)37 NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)36 Bootstrap (io.netty.bootstrap.Bootstrap)35 LoggingHandler (io.netty.handler.logging.LoggingHandler)35 SocketChannel (io.netty.channel.socket.SocketChannel)34 NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)33 InetSocketAddress (java.net.InetSocketAddress)31 SslHandler (io.netty.handler.ssl.SslHandler)30 CertificateException (java.security.cert.CertificateException)29 IOException (java.io.IOException)26 ChannelPipeline (io.netty.channel.ChannelPipeline)23 File (java.io.File)23
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial