Example 76 with SslHandler
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project pulsar by yahoo.
the class ServerConnection method handleConnect.
/**
* handles connect request and sends {@code State.Connected} ack to client
*/
@Override
protected void handleConnect(CommandConnect connect) {
checkArgument(state == State.Start);
if (LOG.isDebugEnabled()) {
LOG.debug("Received CONNECT from {}", remoteAddress);
}
if (service.getConfiguration().isAuthenticationEnabled()) {
try {
String authMethod = "none";
if (connect.hasAuthMethodName()) {
authMethod = connect.getAuthMethodName();
} else if (connect.hasAuthMethod()) {
// Legacy client is passing enum
authMethod = connect.getAuthMethod().name().substring(10).toLowerCase();
}
String authData = connect.getAuthData().toStringUtf8();
ChannelHandler sslHandler = ctx.channel().pipeline().get(TLS_HANDLER);
SSLSession sslSession = null;
if (sslHandler != null) {
sslSession = ((SslHandler) sslHandler).engine().getSession();
}
authRole = service.getAuthenticationService().authenticate(new AuthenticationDataCommand(authData, remoteAddress, sslSession), authMethod);
LOG.info("[{}] Client successfully authenticated with {} role {}", remoteAddress, authMethod, authRole);
} catch (AuthenticationException e) {
String msg = "Unable to authenticate";
LOG.warn("[{}] {}: {}", remoteAddress, msg, e.getMessage());
ctx.writeAndFlush(Commands.newError(-1, ServerError.AuthenticationError, msg));
close();
return;
}
}
ctx.writeAndFlush(Commands.newConnected(connect));
state = State.Connected;
remoteEndpointProtocolVersion = connect.getProtocolVersion();
}
Also used :
AuthenticationDataCommand(com.yahoo.pulsar.broker.authentication.AuthenticationDataCommand)
AuthenticationException(javax.naming.AuthenticationException)
SSLSession(javax.net.ssl.SSLSession)
ChannelHandler(io.netty.channel.ChannelHandler)
SslHandler(io.netty.handler.ssl.SslHandler)
Example 77 with SslHandler
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project async-http-client by AsyncHttpClient.
the class ChannelManager method createSslHandler.
private SslHandler createSslHandler(String peerHost, int peerPort) {
SSLEngine sslEngine = sslEngineFactory.newSslEngine(config, peerHost, peerPort);
SslHandler sslHandler = new SslHandler(sslEngine);
if (handshakeTimeout > 0)
sslHandler.setHandshakeTimeoutMillis(handshakeTimeout);
return sslHandler;
}
Also used :
SSLEngine(javax.net.ssl.SSLEngine)
SslHandler(io.netty.handler.ssl.SslHandler)
Example 78 with SslHandler
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project camel by apache.
the class DefaultClientInitializerFactory method initChannel.
protected void initChannel(Channel ch) throws Exception {
// create a new pipeline
ChannelPipeline channelPipeline = ch.pipeline();
SslHandler sslHandler = configureClientSSLOnDemand();
if (sslHandler != null) {
//TODO must close on SSL exception
//sslHandler.setCloseOnSSLException(true);
LOG.debug("Client SSL handler configured and added to the ChannelPipeline: {}", sslHandler);
addToPipeline("ssl", channelPipeline, sslHandler);
}
List<ChannelHandler> decoders = producer.getConfiguration().getDecoders();
for (int x = 0; x < decoders.size(); x++) {
ChannelHandler decoder = decoders.get(x);
if (decoder instanceof ChannelHandlerFactory) {
// use the factory to create a new instance of the channel as it may not be shareable
decoder = ((ChannelHandlerFactory) decoder).newChannelHandler();
}
addToPipeline("decoder-" + x, channelPipeline, decoder);
}
List<ChannelHandler> encoders = producer.getConfiguration().getEncoders();
for (int x = 0; x < encoders.size(); x++) {
ChannelHandler encoder = encoders.get(x);
if (encoder instanceof ChannelHandlerFactory) {
// use the factory to create a new instance of the channel as it may not be shareable
encoder = ((ChannelHandlerFactory) encoder).newChannelHandler();
}
addToPipeline("encoder-" + x, channelPipeline, encoder);
}
// do we use request timeout?
if (producer.getConfiguration().getRequestTimeout() > 0) {
if (LOG.isTraceEnabled()) {
LOG.trace("Using request timeout {} millis", producer.getConfiguration().getRequestTimeout());
}
ChannelHandler timeout = new ReadTimeoutHandler(producer.getConfiguration().getRequestTimeout(), TimeUnit.MILLISECONDS);
addToPipeline("timeout", channelPipeline, timeout);
}
// our handler must be added last
addToPipeline("handler", channelPipeline, new ClientChannelHandler(producer));
LOG.trace("Created ChannelPipeline: {}", channelPipeline);
}
Also used :
ReadTimeoutHandler(io.netty.handler.timeout.ReadTimeoutHandler)
ClientChannelHandler(org.apache.camel.component.netty4.handlers.ClientChannelHandler)
ChannelHandler(io.netty.channel.ChannelHandler)
ChannelPipeline(io.netty.channel.ChannelPipeline)
SslHandler(io.netty.handler.ssl.SslHandler)
ClientChannelHandler(org.apache.camel.component.netty4.handlers.ClientChannelHandler)
Example 79 with SslHandler
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project ambry by linkedin.
the class NettyServerChannelInitializer method initChannel.
@Override
protected void initChannel(SocketChannel ch) throws Exception {
// If channel handler implementations are not annotated with @Sharable, Netty creates a new instance of every class
// in the pipeline for every connection.
// i.e. if there are a 1000 active connections there will be a 1000 NettyMessageProcessor instances.
ChannelPipeline pipeline = ch.pipeline();
// connection stats handler to track connection related metrics
pipeline.addLast("connectionStatsHandler", connectionStatsHandler);
// if SSL is enabled, add an SslHandler before the HTTP codec
if (sslFactory != null) {
InetSocketAddress peerAddress = ch.remoteAddress();
pipeline.addLast("sslHandler", new SslHandler(sslFactory.createSSLEngine(peerAddress.getHostName(), peerAddress.getPort(), SSLFactory.Mode.SERVER)));
}
pipeline.addLast("codec", new HttpServerCodec(nettyConfig.nettyServerMaxInitialLineLength, nettyConfig.nettyServerMaxHeaderSize, nettyConfig.nettyServerMaxChunkSize)).addLast("healthCheckHandler", new HealthCheckHandler(restServerState, nettyMetrics)).addLast("publicAccessLogHandler", new PublicAccessLogHandler(publicAccessLogger, nettyMetrics)).addLast("idleStateHandler", new IdleStateHandler(0, 0, nettyConfig.nettyServerIdleTimeSeconds)).addLast("chunker", new ChunkedWriteHandler()).addLast("processor", new NettyMessageProcessor(nettyMetrics, nettyConfig, requestHandler));
}
Also used :
ChunkedWriteHandler(io.netty.handler.stream.ChunkedWriteHandler)
InetSocketAddress(java.net.InetSocketAddress)
IdleStateHandler(io.netty.handler.timeout.IdleStateHandler)
HttpServerCodec(io.netty.handler.codec.http.HttpServerCodec)
ChannelPipeline(io.netty.channel.ChannelPipeline)
SslHandler(io.netty.handler.ssl.SslHandler)
Example 80 with SslHandler
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project ambry by linkedin.
the class PublicAccessLogHandler method logSSLInfo.
/**
* If this is an SSL channel, log information about the peer certificate.
* @param ctx the {@link ChannelHandlerContext} for this channel.
*/
private void logSSLInfo(ChannelHandlerContext ctx) {
if (sslLogMessage == null) {
sslLogMessage = new StringBuilder();
sslLogMessage.append("SSL (");
try {
SslHandler sslHandler = ctx.pipeline().get(SslHandler.class);
boolean sslUsed = sslHandler != null;
sslLogMessage.append("[used=").append(sslUsed).append("]");
if (sslUsed) {
SSLEngine sslEngine = sslHandler.engine();
if (sslEngine.getNeedClientAuth()) {
for (Certificate certificate : sslEngine.getSession().getPeerCertificates()) {
if (certificate instanceof X509Certificate) {
X500Principal principal = ((X509Certificate) certificate).getSubjectX500Principal();
Collection subjectAlternativeNames = ((X509Certificate) certificate).getSubjectAlternativeNames();
sslLogMessage.append(", [principal=").append(principal).append("]");
sslLogMessage.append(", [san=").append(subjectAlternativeNames).append("]");
}
}
}
}
} catch (Exception e) {
logger.error("Unexpected error while getting SSL connection info for public access logger", e);
}
sslLogMessage.append(")");
}
logMessage.append(sslLogMessage);
}
Also used :
SSLEngine(javax.net.ssl.SSLEngine)
X500Principal(javax.security.auth.x500.X500Principal)
Collection(java.util.Collection)
SslHandler(io.netty.handler.ssl.SslHandler)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
SslHandler (io.netty.handler.ssl.SslHandler)141
SSLEngine (javax.net.ssl.SSLEngine)51
ChannelPipeline (io.netty.channel.ChannelPipeline)37
Channel (io.netty.channel.Channel)29
ChannelHandler (io.netty.channel.ChannelHandler)23
ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)23
SslContext (io.netty.handler.ssl.SslContext)21
IOException (java.io.IOException)16
NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)15
Test (org.junit.Test)15
NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)14
ChannelInitializer (io.netty.channel.ChannelInitializer)13
SocketChannel (io.netty.channel.socket.SocketChannel)13
SSLSession (javax.net.ssl.SSLSession)12
ByteBuf (io.netty.buffer.ByteBuf)11
ChunkedWriteHandler (io.netty.handler.stream.ChunkedWriteHandler)11
IdleStateHandler (io.netty.handler.timeout.IdleStateHandler)11
ServerBootstrap (io.netty.bootstrap.ServerBootstrap)10
HttpObjectAggregator (io.netty.handler.codec.http.HttpObjectAggregator)10
File (java.io.File)10
