Search in sources :

Example 46 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project flink by apache.

the class SSLUtilsTest method testCreateSSLEngineFactory.

/**
 * Tests that {@link SSLHandlerFactory} is created correctly.
 */
@Test
public void testCreateSSLEngineFactory() throws Exception {
    Configuration serverConfig = createInternalSslConfigWithKeyAndTrustStores();
    final String[] sslAlgorithms;
    final String[] expectedSslProtocols;
    if (sslProvider.equalsIgnoreCase("OPENSSL")) {
        // openSSL does not support the same set of cipher algorithms!
        sslAlgorithms = new String[] { "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384" };
        expectedSslProtocols = new String[] { "SSLv2Hello", "TLSv1" };
    } else {
        sslAlgorithms = new String[] { "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" };
        expectedSslProtocols = new String[] { "TLSv1" };
    }
    // set custom protocol and cipher suites
    serverConfig.setString(SecurityOptions.SSL_PROTOCOL, "TLSv1");
    serverConfig.setString(SecurityOptions.SSL_ALGORITHMS, String.join(",", sslAlgorithms));
    final SSLHandlerFactory serverSSLHandlerFactory = SSLUtils.createInternalServerSSLEngineFactory(serverConfig);
    final SslHandler sslHandler = serverSSLHandlerFactory.createNettySSLHandler(UnpooledByteBufAllocator.DEFAULT);
    assertEquals(expectedSslProtocols.length, sslHandler.engine().getEnabledProtocols().length);
    assertThat(sslHandler.engine().getEnabledProtocols(), arrayContainingInAnyOrder(expectedSslProtocols));
    assertEquals(sslAlgorithms.length, sslHandler.engine().getEnabledCipherSuites().length);
    assertThat(sslHandler.engine().getEnabledCipherSuites(), arrayContainingInAnyOrder(sslAlgorithms));
}
Also used : Configuration(org.apache.flink.configuration.Configuration) Matchers.containsString(org.hamcrest.Matchers.containsString) SSLHandlerFactory(org.apache.flink.runtime.io.network.netty.SSLHandlerFactory) SslHandler(org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler) Test(org.junit.Test)

Example 47 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project netty-socketio by mrniko.

the class SocketIOChannelInitializer method addSslHandler.

/**
 * Adds the ssl handler
 *
 * @param pipeline - channel pipeline
 */
protected void addSslHandler(ChannelPipeline pipeline) {
    if (sslContext != null) {
        SSLEngine engine = sslContext.createSSLEngine();
        engine.setUseClientMode(false);
        pipeline.addLast(SSL_HANDLER, new SslHandler(engine));
    }
}
Also used : SSLEngine(javax.net.ssl.SSLEngine) SslHandler(io.netty.handler.ssl.SslHandler)

Example 48 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project netty by netty.

the class OcspTest method testServerOcspNotEnabled.

private static void testServerOcspNotEnabled(SslProvider sslProvider) throws Exception {
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    try {
        SslContext context = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslProvider).build();
        try {
            SslHandler sslHandler = context.newHandler(ByteBufAllocator.DEFAULT);
            final ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) sslHandler.engine();
            try {
                assertThrows(IllegalStateException.class, new Executable() {

                    @Override
                    public void execute() {
                        engine.setOcspResponse(new byte[] { 1, 2, 3 });
                    }
                });
            } finally {
                engine.release();
            }
        } finally {
            ReferenceCountUtil.release(context);
        }
    } finally {
        ssc.delete();
    }
}
Also used : ReferenceCountedOpenSslEngine(io.netty.handler.ssl.ReferenceCountedOpenSslEngine) SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) Executable(org.junit.jupiter.api.function.Executable) SslHandler(io.netty.handler.ssl.SslHandler) SslContext(io.netty.handler.ssl.SslContext)

Example 49 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project netty by netty.

the class NettyBlockHoundIntegrationTest method testSslHandlerWrapAllowsBlockingCalls.

@Test
public void testSslHandlerWrapAllowsBlockingCalls() throws Exception {
    final SslContext sslClientCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(SslProvider.JDK).build();
    final SslHandler sslHandler = sslClientCtx.newHandler(UnpooledByteBufAllocator.DEFAULT);
    final EventLoopGroup group = new NioEventLoopGroup();
    final CountDownLatch activeLatch = new CountDownLatch(1);
    final AtomicReference<Throwable> error = new AtomicReference<>();
    Channel sc = null;
    Channel cc = null;
    try {
        sc = new ServerBootstrap().group(group).channel(NioServerSocketChannel.class).childHandler(new ChannelInboundHandlerAdapter()).bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
        cc = new Bootstrap().group(group).channel(NioSocketChannel.class).handler(new ChannelInitializer<Channel>() {

            @Override
            protected void initChannel(Channel ch) {
                ch.pipeline().addLast(sslHandler);
                ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {

                    @Override
                    public void channelActive(ChannelHandlerContext ctx) {
                        activeLatch.countDown();
                    }

                    @Override
                    public void userEventTriggered(ChannelHandlerContext ctx, Object evt) {
                        if (evt instanceof SslHandshakeCompletionEvent && ((SslHandshakeCompletionEvent) evt).cause() != null) {
                            Throwable cause = ((SslHandshakeCompletionEvent) evt).cause();
                            cause.printStackTrace();
                            error.set(cause);
                        }
                        ctx.fireUserEventTriggered(evt);
                    }
                });
            }
        }).connect(sc.localAddress()).addListener((ChannelFutureListener) future -> future.channel().writeAndFlush(wrappedBuffer(new byte[] { 1, 2, 3, 4 }))).syncUninterruptibly().channel();
        assertTrue(activeLatch.await(5, TimeUnit.SECONDS));
        assertNull(error.get());
    } finally {
        if (cc != null) {
            cc.close().syncUninterruptibly();
        }
        if (sc != null) {
            sc.close().syncUninterruptibly();
        }
        group.shutdownGracefully();
        ReferenceCountUtil.release(sslClientCtx);
    }
}
Also used : NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel) SslHandshakeCompletionEvent(io.netty.handler.ssl.SslHandshakeCompletionEvent) InetSocketAddress(java.net.InetSocketAddress) NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel) NioDatagramChannel(io.netty.channel.socket.nio.NioDatagramChannel) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) Channel(io.netty.channel.Channel) AtomicReference(java.util.concurrent.atomic.AtomicReference) ChannelHandlerContext(io.netty.channel.ChannelHandlerContext) CountDownLatch(java.util.concurrent.CountDownLatch) ChannelFutureListener(io.netty.channel.ChannelFutureListener) SslHandler(io.netty.handler.ssl.SslHandler) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) EventLoopGroup(io.netty.channel.EventLoopGroup) Bootstrap(io.netty.bootstrap.Bootstrap) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) ChannelInitializer(io.netty.channel.ChannelInitializer) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) SslContext(io.netty.handler.ssl.SslContext) ChannelInboundHandlerAdapter(io.netty.channel.ChannelInboundHandlerAdapter) Test(org.junit.jupiter.api.Test)

Example 50 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project netty by netty.

the class NettyBlockHoundIntegrationTest method testTrustManagerVerify.

private static void testTrustManagerVerify(SslProvider provider, String tlsVersion) throws Exception {
    final SslContext sslClientCtx = SslContextBuilder.forClient().sslProvider(provider).protocols(tlsVersion).trustManager(ResourcesUtil.getFile(NettyBlockHoundIntegrationTest.class, "mutual_auth_ca.pem")).build();
    final SslContext sslServerCtx = SslContextBuilder.forServer(ResourcesUtil.getFile(NettyBlockHoundIntegrationTest.class, "localhost_server.pem"), ResourcesUtil.getFile(NettyBlockHoundIntegrationTest.class, "localhost_server.key"), null).sslProvider(provider).protocols(tlsVersion).build();
    final SslHandler clientSslHandler = sslClientCtx.newHandler(UnpooledByteBufAllocator.DEFAULT);
    final SslHandler serverSslHandler = sslServerCtx.newHandler(UnpooledByteBufAllocator.DEFAULT);
    testHandshake(sslClientCtx, clientSslHandler, serverSslHandler);
}
Also used : SslHandler(io.netty.handler.ssl.SslHandler) SslContext(io.netty.handler.ssl.SslContext)

Aggregations

SslHandler (io.netty.handler.ssl.SslHandler)141 SSLEngine (javax.net.ssl.SSLEngine)51 ChannelPipeline (io.netty.channel.ChannelPipeline)37 Channel (io.netty.channel.Channel)29 ChannelHandler (io.netty.channel.ChannelHandler)23 ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)23 SslContext (io.netty.handler.ssl.SslContext)21 IOException (java.io.IOException)16 NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)15 Test (org.junit.Test)15 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)14 ChannelInitializer (io.netty.channel.ChannelInitializer)13 SocketChannel (io.netty.channel.socket.SocketChannel)13 SSLSession (javax.net.ssl.SSLSession)12 ByteBuf (io.netty.buffer.ByteBuf)11 ChunkedWriteHandler (io.netty.handler.stream.ChunkedWriteHandler)11 IdleStateHandler (io.netty.handler.timeout.IdleStateHandler)11 ServerBootstrap (io.netty.bootstrap.ServerBootstrap)10 HttpObjectAggregator (io.netty.handler.codec.http.HttpObjectAggregator)10 File (java.io.File)10