use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project flink by apache.
the class SSLUtilsTest method testCreateSSLEngineFactory.
/**
* Tests that {@link SSLHandlerFactory} is created correctly.
*/
@Test
public void testCreateSSLEngineFactory() throws Exception {
Configuration serverConfig = createInternalSslConfigWithKeyAndTrustStores();
final String[] sslAlgorithms;
final String[] expectedSslProtocols;
if (sslProvider.equalsIgnoreCase("OPENSSL")) {
// openSSL does not support the same set of cipher algorithms!
sslAlgorithms = new String[] { "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384" };
expectedSslProtocols = new String[] { "SSLv2Hello", "TLSv1" };
} else {
sslAlgorithms = new String[] { "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" };
expectedSslProtocols = new String[] { "TLSv1" };
}
// set custom protocol and cipher suites
serverConfig.setString(SecurityOptions.SSL_PROTOCOL, "TLSv1");
serverConfig.setString(SecurityOptions.SSL_ALGORITHMS, String.join(",", sslAlgorithms));
final SSLHandlerFactory serverSSLHandlerFactory = SSLUtils.createInternalServerSSLEngineFactory(serverConfig);
final SslHandler sslHandler = serverSSLHandlerFactory.createNettySSLHandler(UnpooledByteBufAllocator.DEFAULT);
assertEquals(expectedSslProtocols.length, sslHandler.engine().getEnabledProtocols().length);
assertThat(sslHandler.engine().getEnabledProtocols(), arrayContainingInAnyOrder(expectedSslProtocols));
assertEquals(sslAlgorithms.length, sslHandler.engine().getEnabledCipherSuites().length);
assertThat(sslHandler.engine().getEnabledCipherSuites(), arrayContainingInAnyOrder(sslAlgorithms));
}
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project netty-socketio by mrniko.
the class SocketIOChannelInitializer method addSslHandler.
/**
* Adds the ssl handler
*
* @param pipeline - channel pipeline
*/
protected void addSslHandler(ChannelPipeline pipeline) {
if (sslContext != null) {
SSLEngine engine = sslContext.createSSLEngine();
engine.setUseClientMode(false);
pipeline.addLast(SSL_HANDLER, new SslHandler(engine));
}
}
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project netty by netty.
the class OcspTest method testServerOcspNotEnabled.
private static void testServerOcspNotEnabled(SslProvider sslProvider) throws Exception {
SelfSignedCertificate ssc = new SelfSignedCertificate();
try {
SslContext context = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslProvider).build();
try {
SslHandler sslHandler = context.newHandler(ByteBufAllocator.DEFAULT);
final ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) sslHandler.engine();
try {
assertThrows(IllegalStateException.class, new Executable() {
@Override
public void execute() {
engine.setOcspResponse(new byte[] { 1, 2, 3 });
}
});
} finally {
engine.release();
}
} finally {
ReferenceCountUtil.release(context);
}
} finally {
ssc.delete();
}
}
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project netty by netty.
the class NettyBlockHoundIntegrationTest method testSslHandlerWrapAllowsBlockingCalls.
@Test
public void testSslHandlerWrapAllowsBlockingCalls() throws Exception {
final SslContext sslClientCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(SslProvider.JDK).build();
final SslHandler sslHandler = sslClientCtx.newHandler(UnpooledByteBufAllocator.DEFAULT);
final EventLoopGroup group = new NioEventLoopGroup();
final CountDownLatch activeLatch = new CountDownLatch(1);
final AtomicReference<Throwable> error = new AtomicReference<>();
Channel sc = null;
Channel cc = null;
try {
sc = new ServerBootstrap().group(group).channel(NioServerSocketChannel.class).childHandler(new ChannelInboundHandlerAdapter()).bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
cc = new Bootstrap().group(group).channel(NioSocketChannel.class).handler(new ChannelInitializer<Channel>() {
@Override
protected void initChannel(Channel ch) {
ch.pipeline().addLast(sslHandler);
ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {
@Override
public void channelActive(ChannelHandlerContext ctx) {
activeLatch.countDown();
}
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) {
if (evt instanceof SslHandshakeCompletionEvent && ((SslHandshakeCompletionEvent) evt).cause() != null) {
Throwable cause = ((SslHandshakeCompletionEvent) evt).cause();
cause.printStackTrace();
error.set(cause);
}
ctx.fireUserEventTriggered(evt);
}
});
}
}).connect(sc.localAddress()).addListener((ChannelFutureListener) future -> future.channel().writeAndFlush(wrappedBuffer(new byte[] { 1, 2, 3, 4 }))).syncUninterruptibly().channel();
assertTrue(activeLatch.await(5, TimeUnit.SECONDS));
assertNull(error.get());
} finally {
if (cc != null) {
cc.close().syncUninterruptibly();
}
if (sc != null) {
sc.close().syncUninterruptibly();
}
group.shutdownGracefully();
ReferenceCountUtil.release(sslClientCtx);
}
}
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project netty by netty.
the class NettyBlockHoundIntegrationTest method testTrustManagerVerify.
private static void testTrustManagerVerify(SslProvider provider, String tlsVersion) throws Exception {
final SslContext sslClientCtx = SslContextBuilder.forClient().sslProvider(provider).protocols(tlsVersion).trustManager(ResourcesUtil.getFile(NettyBlockHoundIntegrationTest.class, "mutual_auth_ca.pem")).build();
final SslContext sslServerCtx = SslContextBuilder.forServer(ResourcesUtil.getFile(NettyBlockHoundIntegrationTest.class, "localhost_server.pem"), ResourcesUtil.getFile(NettyBlockHoundIntegrationTest.class, "localhost_server.key"), null).sslProvider(provider).protocols(tlsVersion).build();
final SslHandler clientSslHandler = sslClientCtx.newHandler(UnpooledByteBufAllocator.DEFAULT);
final SslHandler serverSslHandler = sslServerCtx.newHandler(UnpooledByteBufAllocator.DEFAULT);
testHandshake(sslClientCtx, clientSslHandler, serverSslHandler);
}
Aggregations