Example 61 with SslHandler
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project vert.x by eclipse.
the class HttpChannelConnector method wrap.
public Future<HttpClientConnection> wrap(EventLoopContext context, NetSocket so_) {
NetSocketImpl so = (NetSocketImpl) so_;
Object metric = so.metric();
Promise<HttpClientConnection> promise = context.promise();
// Remove all un-necessary handlers
ChannelPipeline pipeline = so.channelHandlerContext().pipeline();
List<ChannelHandler> removedHandlers = new ArrayList<>();
for (Map.Entry<String, ChannelHandler> stringChannelHandlerEntry : pipeline) {
ChannelHandler handler = stringChannelHandlerEntry.getValue();
if (!(handler instanceof SslHandler)) {
removedHandlers.add(handler);
}
}
removedHandlers.forEach(pipeline::remove);
//
Channel ch = so.channelHandlerContext().channel();
if (ssl) {
String protocol = so.applicationLayerProtocol();
if (useAlpn) {
if ("h2".equals(protocol)) {
applyHttp2ConnectionOptions(ch.pipeline());
http2Connected(context, metric, ch, promise);
} else {
applyHttp1xConnectionOptions(ch.pipeline());
HttpVersion fallbackProtocol = "http/1.0".equals(protocol) ? HttpVersion.HTTP_1_0 : HttpVersion.HTTP_1_1;
http1xConnected(fallbackProtocol, server, true, context, metric, ch, promise);
}
} else {
applyHttp1xConnectionOptions(ch.pipeline());
http1xConnected(version, server, true, context, metric, ch, promise);
}
} else {
if (version == HttpVersion.HTTP_2) {
if (this.options.isHttp2ClearTextUpgrade()) {
applyHttp1xConnectionOptions(pipeline);
http1xConnected(version, server, false, context, metric, ch, promise);
} else {
applyHttp2ConnectionOptions(pipeline);
http2Connected(context, metric, ch, promise);
}
} else {
applyHttp1xConnectionOptions(pipeline);
http1xConnected(version, server, false, context, metric, ch, promise);
}
}
return promise.future();
}
Also used :
Channel(io.netty.channel.Channel)
ArrayList(java.util.ArrayList)
ChannelHandler(io.netty.channel.ChannelHandler)
ChannelPipeline(io.netty.channel.ChannelPipeline)
SslHandler(io.netty.handler.ssl.SslHandler)
NetSocketImpl(io.vertx.core.net.impl.NetSocketImpl)
Map(java.util.Map)
HttpVersion(io.vertx.core.http.HttpVersion)
Example 62 with SslHandler
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project vert.x by eclipse.
the class Http2ClientTest method createH2Server.
private ServerBootstrap createH2Server(BiFunction<Http2ConnectionDecoder, Http2ConnectionEncoder, Http2FrameListener> handler) {
ServerBootstrap bootstrap = new ServerBootstrap();
bootstrap.channel(NioServerSocketChannel.class);
NioEventLoopGroup eventLoopGroup = new NioEventLoopGroup();
eventLoopGroups.add(eventLoopGroup);
bootstrap.group(eventLoopGroup);
bootstrap.childHandler(new ChannelInitializer<Channel>() {
@Override
protected void initChannel(Channel ch) throws Exception {
SSLHelper sslHelper = new SSLHelper(serverOptions, Cert.SERVER_JKS.get(), null);
SslHandler sslHandler = new SslHandler(sslHelper.setApplicationProtocols(Arrays.asList(HttpVersion.HTTP_2.alpnName(), HttpVersion.HTTP_1_1.alpnName())).createEngine((VertxInternal) vertx, DEFAULT_HTTPS_HOST, DEFAULT_HTTPS_PORT));
ch.pipeline().addLast(sslHandler);
ch.pipeline().addLast(new ApplicationProtocolNegotiationHandler("whatever") {
@Override
protected void configurePipeline(ChannelHandlerContext ctx, String protocol) {
if (ApplicationProtocolNames.HTTP_2.equals(protocol)) {
ChannelPipeline p = ctx.pipeline();
Http2ConnectionHandler clientHandler = createHttpConnectionHandler(handler);
p.addLast("handler", clientHandler);
return;
}
ctx.close();
throw new IllegalStateException("unknown protocol: " + protocol);
}
});
}
});
return bootstrap;
}
Also used :
NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel)
Channel(io.netty.channel.Channel)
ChannelHandlerContext(io.netty.channel.ChannelHandlerContext)
AsciiString(io.netty.util.AsciiString)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
ConnectException(java.net.ConnectException)
SslHandler(io.netty.handler.ssl.SslHandler)
ChannelPipeline(io.netty.channel.ChannelPipeline)
ApplicationProtocolNegotiationHandler(io.netty.handler.ssl.ApplicationProtocolNegotiationHandler)
SSLHelper(io.vertx.core.net.impl.SSLHelper)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
Example 63 with SslHandler
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project sissi by KimShen.
the class FixDomainStartTls method startTls.
@Override
public boolean startTls(String domain) {
try {
if (this.isTls.compareAndSet(false, true)) {
SSLEngine engine = this.sslContextBuilder.build().createSSLEngine();
engine.setNeedClientAuth(false);
engine.setUseClientMode(false);
this.handler = new SslHandler(engine);
this.prepareTls.compareAndSet(false, true);
}
return true;
} catch (Exception e) {
log.error(e.toString());
Trace.trace(log, e);
return this.rollbackSSL();
}
}
Also used :
SSLEngine(javax.net.ssl.SSLEngine)
SslHandler(io.netty.handler.ssl.SslHandler)
Example 64 with SslHandler
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project graylog2-server by Graylog2.
the class AbstractTcpTransport method buildSslHandlerCallable.
private Callable<ChannelHandler> buildSslHandlerCallable(SslProvider tlsProvider, File certFile, File keyFile, String password, ClientAuth clientAuth, File clientAuthCertFile, MessageInput input) {
return new Callable<ChannelHandler>() {
@Override
public ChannelHandler call() throws Exception {
try {
return new SslHandler(createSslEngine(input));
} catch (SSLException e) {
LOG.error("Error creating SSL context. Make sure the certificate and key are in the correct format: cert=X.509 key=PKCS#8");
throw e;
}
}
private SSLEngine createSslEngine(MessageInput input) throws IOException, CertificateException, OperatorCreationException, PKCSException {
final X509Certificate[] clientAuthCerts;
if (EnumSet.of(ClientAuth.OPTIONAL, ClientAuth.REQUIRE).contains(clientAuth)) {
if (clientAuthCertFile.exists()) {
clientAuthCerts = KeyUtil.loadX509Certificates(clientAuthCertFile.toPath());
} else {
LOG.warn("Client auth configured, but no authorized certificates / certificate authorities configured for input [{}/{}]", input.getName(), input.getId());
clientAuthCerts = null;
}
} else {
clientAuthCerts = null;
}
// Netty's SSLContextBuilder chokes on some PKCS8 key file formats. So we need to pass a
// private key and keyCertChain instead of the corresponding files.
PrivateKey privateKey = KeyUtil.privateKeyFromFile(password, keyFile);
X509Certificate[] keyCertChain = KeyUtil.loadX509Certificates(certFile.toPath());
final SslContextBuilder sslContext = SslContextBuilder.forServer(privateKey, keyCertChain).sslProvider(tlsProvider).clientAuth(clientAuth).trustManager(clientAuthCerts);
sslContext.protocols(enabledTLSProtocols);
if (tlsProvider.equals(SslProvider.OPENSSL)) {
if (!enabledTLSProtocols.contains("TLSv1") && !enabledTLSProtocols.contains("TLSv1.1")) {
// Netty tcnative does not adhere jdk.tls.disabledAlgorithms: https://github.com/netty/netty-tcnative/issues/530
// We need to build our own cipher list
sslContext.ciphers(secureDefaultCiphers.get());
}
}
// TODO: Use byte buffer allocator of channel
return sslContext.build().newEngine(ByteBufAllocator.DEFAULT);
}
};
}
Also used :
PrivateKey(java.security.PrivateKey)
SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)
MessageInput(org.graylog2.plugin.inputs.MessageInput)
SSLException(javax.net.ssl.SSLException)
Callable(java.util.concurrent.Callable)
SslHandler(io.netty.handler.ssl.SslHandler)
X509Certificate(java.security.cert.X509Certificate)
Example 65 with SslHandler
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project rest.li by linkedin.
the class TestSslHandlerUtil method testGetSslHandler.
@Test
public void testGetSslHandler() throws Exception {
final SSLContext sslContext = SSLContext.getDefault();
final SSLParameters sslParameters = sslContext.getDefaultSSLParameters();
sslParameters.setCipherSuites(CIPHER_SUITE_WHITELIST);
sslParameters.setEndpointIdentificationAlgorithm(ENDPOINT_IDENTIFICATION_ALGORITHM);
sslParameters.setNeedClientAuth(NEED_CLIENT_AUTH);
sslParameters.setProtocols(PROTOCOLS);
final SslHandler sslHandler = SslHandlerUtil.getClientSslHandler(sslContext, sslParameters, "localhost", 1234);
Assert.assertNotNull(sslHandler);
final SSLEngine sslEngine = sslHandler.engine();
Assert.assertNotNull(sslEngine);
Assert.assertEquals(sslEngine.getSSLParameters().getEndpointIdentificationAlgorithm(), ENDPOINT_IDENTIFICATION_ALGORITHM);
Assert.assertEquals(sslEngine.getSSLParameters().getNeedClientAuth(), NEED_CLIENT_AUTH);
ArrayAsserts.assertArrayEquals(sslEngine.getSSLParameters().getCipherSuites(), CIPHER_SUITE_WHITELIST);
ArrayAsserts.assertArrayEquals(sslEngine.getSSLParameters().getProtocols(), PROTOCOLS);
}
Also used :
SSLParameters(javax.net.ssl.SSLParameters)
SSLEngine(javax.net.ssl.SSLEngine)
SSLContext(javax.net.ssl.SSLContext)
SslHandler(io.netty.handler.ssl.SslHandler)
Test(org.testng.annotations.Test)
Aggregations
SslHandler (io.netty.handler.ssl.SslHandler)141
SSLEngine (javax.net.ssl.SSLEngine)51
ChannelPipeline (io.netty.channel.ChannelPipeline)37
Channel (io.netty.channel.Channel)29
ChannelHandler (io.netty.channel.ChannelHandler)23
ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)23
SslContext (io.netty.handler.ssl.SslContext)21
IOException (java.io.IOException)16
NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)15
Test (org.junit.Test)15
NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)14
ChannelInitializer (io.netty.channel.ChannelInitializer)13
SocketChannel (io.netty.channel.socket.SocketChannel)13
SSLSession (javax.net.ssl.SSLSession)12
ByteBuf (io.netty.buffer.ByteBuf)11
ChunkedWriteHandler (io.netty.handler.stream.ChunkedWriteHandler)11
IdleStateHandler (io.netty.handler.timeout.IdleStateHandler)11
ServerBootstrap (io.netty.bootstrap.ServerBootstrap)10
HttpObjectAggregator (io.netty.handler.codec.http.HttpObjectAggregator)10
File (java.io.File)10
