Search in sources :

Example 71 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project moco by dreamhead.

the class MocoHttpServer method toSslHandler.

private Function<HttpsCertificate, SslHandler> toSslHandler() {
    return new Function<HttpsCertificate, SslHandler>() {

        @Override
        public SslHandler apply(final HttpsCertificate certificate) {
            SSLEngine sslEngine = certificate.createSSLEngine();
            sslEngine.setUseClientMode(false);
            return new SslHandler(sslEngine);
        }
    };
}
Also used : Function(com.google.common.base.Function) HttpsCertificate(com.github.dreamhead.moco.HttpsCertificate) SSLEngine(javax.net.ssl.SSLEngine) SslHandler(io.netty.handler.ssl.SslHandler)

Example 72 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project netty by netty.

the class SocketSslSessionReuseTest method testSslSessionReuse.

public void testSslSessionReuse(ServerBootstrap sb, Bootstrap cb) throws Throwable {
    final ReadAndDiscardHandler sh = new ReadAndDiscardHandler(true, true);
    final ReadAndDiscardHandler ch = new ReadAndDiscardHandler(false, true);
    final String[] protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
    sb.childHandler(new ChannelInitializer<SocketChannel>() {

        @Override
        protected void initChannel(SocketChannel sch) throws Exception {
            SSLEngine engine = serverCtx.newEngine(sch.alloc());
            engine.setUseClientMode(false);
            engine.setEnabledProtocols(protocols);
            sch.pipeline().addLast(new SslHandler(engine));
            sch.pipeline().addLast(sh);
        }
    });
    final Channel sc = sb.bind().sync().channel();
    cb.handler(new ChannelInitializer<SocketChannel>() {

        @Override
        protected void initChannel(SocketChannel sch) throws Exception {
            InetSocketAddress serverAddr = (InetSocketAddress) sc.localAddress();
            SSLEngine engine = clientCtx.newEngine(sch.alloc(), serverAddr.getHostString(), serverAddr.getPort());
            engine.setUseClientMode(true);
            engine.setEnabledProtocols(protocols);
            sch.pipeline().addLast(new SslHandler(engine));
            sch.pipeline().addLast(ch);
        }
    });
    try {
        SSLSessionContext clientSessionCtx = ((JdkSslContext) clientCtx).sessionContext();
        ByteBuf msg = Unpooled.wrappedBuffer(new byte[] { 0xa, 0xb, 0xc, 0xd }, 0, 4);
        Channel cc = cb.connect().sync().channel();
        cc.writeAndFlush(msg).sync();
        cc.closeFuture().sync();
        rethrowHandlerExceptions(sh, ch);
        Set<String> sessions = sessionIdSet(clientSessionCtx.getIds());
        msg = Unpooled.wrappedBuffer(new byte[] { 0xa, 0xb, 0xc, 0xd }, 0, 4);
        cc = cb.connect().sync().channel();
        cc.writeAndFlush(msg).sync();
        cc.closeFuture().sync();
        assertEquals("Expected no new sessions", sessions, sessionIdSet(clientSessionCtx.getIds()));
        rethrowHandlerExceptions(sh, ch);
    } finally {
        sc.close().awaitUninterruptibly();
    }
}
Also used : SocketChannel(io.netty.channel.socket.SocketChannel) JdkSslContext(io.netty.handler.ssl.JdkSslContext) SSLSessionContext(javax.net.ssl.SSLSessionContext) SSLEngine(javax.net.ssl.SSLEngine) InetSocketAddress(java.net.InetSocketAddress) SocketChannel(io.netty.channel.socket.SocketChannel) Channel(io.netty.channel.Channel) ByteBuf(io.netty.buffer.ByteBuf) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SslHandler(io.netty.handler.ssl.SslHandler)

Example 73 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project okhttp by square.

the class NettyHttpClient method prepare.

@Override
public void prepare(final Benchmark benchmark) {
    this.concurrencyLevel = benchmark.concurrencyLevel;
    this.targetBacklog = benchmark.targetBacklog;
    ChannelInitializer<SocketChannel> channelInitializer = new ChannelInitializer<SocketChannel>() {

        @Override
        public void initChannel(SocketChannel channel) throws Exception {
            ChannelPipeline pipeline = channel.pipeline();
            if (benchmark.tls) {
                SslClient sslClient = SslClient.localhost();
                SSLEngine engine = sslClient.sslContext.createSSLEngine();
                engine.setUseClientMode(true);
                pipeline.addLast("ssl", new SslHandler(engine));
            }
            pipeline.addLast("codec", new HttpClientCodec());
            pipeline.addLast("inflater", new HttpContentDecompressor());
            pipeline.addLast("handler", new HttpChannel(channel));
        }
    };
    bootstrap = new Bootstrap();
    bootstrap.group(new NioEventLoopGroup(concurrencyLevel)).option(ChannelOption.ALLOCATOR, PooledByteBufAllocator.DEFAULT).channel(NioSocketChannel.class).handler(channelInitializer);
}
Also used : NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) SocketChannel(io.netty.channel.socket.SocketChannel) SSLEngine(javax.net.ssl.SSLEngine) SslClient(okhttp3.internal.tls.SslClient) HttpClientCodec(io.netty.handler.codec.http.HttpClientCodec) ChannelPipeline(io.netty.channel.ChannelPipeline) SslHandler(io.netty.handler.ssl.SslHandler) HttpContentDecompressor(io.netty.handler.codec.http.HttpContentDecompressor) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) Bootstrap(io.netty.bootstrap.Bootstrap) ChannelInitializer(io.netty.channel.ChannelInitializer) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)

Example 74 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project mongo-java-driver by mongodb.

the class NettyStream method openAsync.

@Override
public void openAsync(final AsyncCompletionHandler<Void> handler) {
    Bootstrap bootstrap = new Bootstrap();
    bootstrap.group(workerGroup);
    bootstrap.channel(socketChannelClass);
    bootstrap.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, settings.getConnectTimeout(MILLISECONDS));
    bootstrap.option(ChannelOption.TCP_NODELAY, true);
    bootstrap.option(ChannelOption.SO_KEEPALIVE, settings.isKeepAlive());
    if (settings.getReceiveBufferSize() > 0) {
        bootstrap.option(ChannelOption.SO_RCVBUF, settings.getReceiveBufferSize());
    }
    if (settings.getSendBufferSize() > 0) {
        bootstrap.option(ChannelOption.SO_SNDBUF, settings.getSendBufferSize());
    }
    bootstrap.option(ChannelOption.ALLOCATOR, allocator);
    bootstrap.handler(new ChannelInitializer<SocketChannel>() {

        @Override
        public void initChannel(final SocketChannel ch) throws Exception {
            if (sslSettings.isEnabled()) {
                SSLEngine engine = SSLContext.getDefault().createSSLEngine(address.getHost(), address.getPort());
                engine.setUseClientMode(true);
                SSLParameters sslParameters = engine.getSSLParameters();
                enableSni(address, sslParameters);
                if (!sslSettings.isInvalidHostNameAllowed()) {
                    enableHostNameVerification(sslParameters);
                }
                engine.setSSLParameters(sslParameters);
                ch.pipeline().addFirst("ssl", new SslHandler(engine, false));
            }
            int readTimeout = settings.getReadTimeout(MILLISECONDS);
            if (readTimeout > 0) {
                ch.pipeline().addLast(READ_HANDLER_NAME, new ReadTimeoutHandler(readTimeout));
            }
            ch.pipeline().addLast(new InboundBufferHandler());
        }
    });
    final ChannelFuture channelFuture = bootstrap.connect(address.getHost(), address.getPort());
    channelFuture.addListener(new ChannelFutureListener() {

        @Override
        public void operationComplete(final ChannelFuture future) throws Exception {
            if (future.isSuccess()) {
                channel = channelFuture.channel();
                channel.closeFuture().addListener(new ChannelFutureListener() {

                    @Override
                    public void operationComplete(final ChannelFuture f2) throws Exception {
                        handleReadResponse(null, new IOException("The connection to the server was closed"));
                    }
                });
                handler.completed(null);
            } else {
                handler.failed(new MongoSocketOpenException("Exception opening socket", getAddress(), future.cause()));
            }
        }
    });
}
Also used : ChannelFuture(io.netty.channel.ChannelFuture) SocketChannel(io.netty.channel.socket.SocketChannel) SSLEngine(javax.net.ssl.SSLEngine) IOException(java.io.IOException) ChannelFutureListener(io.netty.channel.ChannelFutureListener) MongoInternalException(com.mongodb.MongoInternalException) MongoSocketOpenException(com.mongodb.MongoSocketOpenException) ReadTimeoutException(io.netty.handler.timeout.ReadTimeoutException) MongoInterruptedException(com.mongodb.MongoInterruptedException) MongoException(com.mongodb.MongoException) IOException(java.io.IOException) MongoSocketReadTimeoutException(com.mongodb.MongoSocketReadTimeoutException) SslHandler(io.netty.handler.ssl.SslHandler) MongoSocketOpenException(com.mongodb.MongoSocketOpenException) SSLParameters(javax.net.ssl.SSLParameters) Bootstrap(io.netty.bootstrap.Bootstrap)

Example 75 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project intellij-community by JetBrains.

the class PortUnificationServerHandler method decode.

protected void decode(@NotNull ChannelHandlerContext context, @NotNull ByteBuf buffer) throws Exception {
    ChannelPipeline pipeline = context.pipeline();
    if (detectSsl && SslHandler.isEncrypted(buffer)) {
        SSLEngine engine = SSL_SERVER_CONTEXT.getValue().createSSLEngine();
        engine.setUseClientMode(false);
        pipeline.addLast(new SslHandler(engine), new ChunkedWriteHandler(), new PortUnificationServerHandler(delegatingHttpRequestHandler, false, detectGzip));
    } else {
        int magic1 = buffer.getUnsignedByte(buffer.readerIndex());
        int magic2 = buffer.getUnsignedByte(buffer.readerIndex() + 1);
        if (detectGzip && magic1 == 31 && magic2 == 139) {
            pipeline.addLast(ZlibCodecFactory.newZlibEncoder(ZlibWrapper.GZIP), ZlibCodecFactory.newZlibDecoder(ZlibWrapper.GZIP), new PortUnificationServerHandler(delegatingHttpRequestHandler, detectSsl, false));
        } else if (isHttp(magic1, magic2)) {
            NettyUtil.addHttpServerCodec(pipeline);
            pipeline.addLast("delegatingHttpHandler", delegatingHttpRequestHandler);
            final Logger logger = Logger.getInstance(BuiltInServer.class);
            if (logger.isDebugEnabled()) {
                pipeline.addLast(new ChannelOutboundHandlerAdapter() {

                    @Override
                    public void write(ChannelHandlerContext context, Object message, ChannelPromise promise) throws Exception {
                        if (message instanceof HttpResponse) {
                            HttpResponse response = (HttpResponse) message;
                            logger.debug("OUT HTTP: " + response.toString());
                        }
                        super.write(context, message, promise);
                    }
                });
            }
        } else if (magic1 == 'C' && magic2 == 'H') {
            buffer.skipBytes(2);
            pipeline.addLast(new CustomHandlerDelegator());
        } else {
            Logger.getInstance(BuiltInServer.class).warn("unknown request, first two bytes " + magic1 + " " + magic2);
            context.close();
        }
    }
    // must be after new channels handlers addition (netty bug?)
    pipeline.remove(this);
    // Buffer will be automatically released after messageReceived, but we pass it to next handler, and next handler will also release, so, we must retain.
    // We can introduce Decoder.isAutoRelease, but in this case, if error will be thrown while we are executing, buffer will not be released.
    // So, it is robust solution just always release (Decoder does) and just retain (we - client) if autorelease behavior is not suitable.
    buffer.retain();
    // we must fire channel read - new added handler must read buffer
    context.fireChannelRead(buffer);
}
Also used : SSLEngine(javax.net.ssl.SSLEngine) HttpResponse(io.netty.handler.codec.http.HttpResponse) Logger(com.intellij.openapi.diagnostic.Logger) SslHandler(io.netty.handler.ssl.SslHandler) ChunkedWriteHandler(io.netty.handler.stream.ChunkedWriteHandler)

Aggregations

SslHandler (io.netty.handler.ssl.SslHandler)141 SSLEngine (javax.net.ssl.SSLEngine)51 ChannelPipeline (io.netty.channel.ChannelPipeline)37 Channel (io.netty.channel.Channel)29 ChannelHandler (io.netty.channel.ChannelHandler)23 ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)23 SslContext (io.netty.handler.ssl.SslContext)21 IOException (java.io.IOException)16 NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)15 Test (org.junit.Test)15 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)14 ChannelInitializer (io.netty.channel.ChannelInitializer)13 SocketChannel (io.netty.channel.socket.SocketChannel)13 SSLSession (javax.net.ssl.SSLSession)12 ByteBuf (io.netty.buffer.ByteBuf)11 ChunkedWriteHandler (io.netty.handler.stream.ChunkedWriteHandler)11 IdleStateHandler (io.netty.handler.timeout.IdleStateHandler)11 ServerBootstrap (io.netty.bootstrap.ServerBootstrap)10 HttpObjectAggregator (io.netty.handler.codec.http.HttpObjectAggregator)10 File (java.io.File)10