Example 11 with SslHandler
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project rest.li by linkedin.
the class Http2InitializerHandler method configureHttpsPipeline.
/**
* Sets up HTTP/2 over TLS through ALPN (h2) pipeline
*/
private void configureHttpsPipeline(ChannelHandlerContext ctx) throws Exception {
JdkSslContext context = new JdkSslContext(_sslContext, IS_CLIENT, Arrays.asList(_sslParameters.getCipherSuites()), IdentityCipherSuiteFilter.INSTANCE, new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1), _sslParameters.getNeedClientAuth() ? ClientAuth.REQUIRE : ClientAuth.OPTIONAL);
SslHandler sslHandler = context.newHandler(ctx.alloc());
Http2StreamCodec http2Codec = new Http2StreamCodecBuilder().connection(_connection).maxContentLength(_maxResponseSize).maxHeaderSize(_maxHeaderSize).gracefulShutdownTimeoutMillis(_gracefulShutdownTimeout).streamingTimeout(_streamingTimeout).scheduler(_scheduler).build();
Http2AlpnHandler alpnHandler = new Http2AlpnHandler(sslHandler, http2Codec);
Http2SchemeHandler schemeHandler = new Http2SchemeHandler(HttpScheme.HTTPS.toString());
Http2StreamResponseHandler responseHandler = new Http2StreamResponseHandler();
Http2ChannelPoolHandler channelPoolHandler = new Http2ChannelPoolHandler();
ctx.pipeline().addBefore(ctx.name(), "alpnHandler", alpnHandler);
ctx.pipeline().addBefore(ctx.name(), "schemeHandler", schemeHandler);
ctx.pipeline().addBefore(ctx.name(), "responseHandler", responseHandler);
ctx.pipeline().addBefore(ctx.name(), "channelHandler", channelPoolHandler);
_setupComplete = true;
}
Also used :
JdkSslContext(io.netty.handler.ssl.JdkSslContext)
SslHandler(io.netty.handler.ssl.SslHandler)
ApplicationProtocolConfig(io.netty.handler.ssl.ApplicationProtocolConfig)
Example 12 with SslHandler
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project camel by apache.
the class HttpServerSharedInitializerFactory method initChannel.
@Override
protected void initChannel(Channel ch) throws Exception {
// create a new pipeline
ChannelPipeline pipeline = ch.pipeline();
SslHandler sslHandler = configureServerSSLOnDemand();
if (sslHandler != null) {
LOG.debug("Server SSL handler configured and added as an interceptor against the ChannelPipeline: {}", sslHandler);
pipeline.addLast("ssl", sslHandler);
}
pipeline.addLast("decoder", new HttpRequestDecoder(409, configuration.getMaxHeaderSize(), 8192));
pipeline.addLast("encoder", new HttpResponseEncoder());
if (configuration.isChunked()) {
pipeline.addLast("aggregator", new HttpObjectAggregator(configuration.getChunkedMaxContentLength()));
}
if (configuration.isCompression()) {
pipeline.addLast("deflater", new HttpContentCompressor());
}
pipeline.addLast("handler", channelFactory.getChannelHandler());
}
Also used :
HttpResponseEncoder(io.netty.handler.codec.http.HttpResponseEncoder)
HttpObjectAggregator(io.netty.handler.codec.http.HttpObjectAggregator)
HttpRequestDecoder(io.netty.handler.codec.http.HttpRequestDecoder)
HttpContentCompressor(io.netty.handler.codec.http.HttpContentCompressor)
ChannelPipeline(io.netty.channel.ChannelPipeline)
SslHandler(io.netty.handler.ssl.SslHandler)
Example 13 with SslHandler
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project CorfuDB by CorfuDB.
the class CorfuServer method main.
public static void main(String[] args) {
serverRunning = true;
// Parse the options given, using docopt.
Map<String, Object> opts = new Docopt(USAGE).withVersion(GitRepositoryState.getRepositoryState().describe).parse(args);
int port = Integer.parseInt((String) opts.get("<port>"));
// Print a nice welcome message.
AnsiConsole.systemInstall();
printLogo();
System.out.println(ansi().a("Welcome to ").fg(RED).a("CORFU ").fg(MAGENTA).a("SERVER").reset());
System.out.println(ansi().a("Version ").a(Version.getVersionString()).a(" (").fg(BLUE).a(GitRepositoryState.getRepositoryState().commitIdAbbrev).reset().a(")"));
System.out.println(ansi().a("Serving on port ").fg(WHITE).a(port).reset());
System.out.println(ansi().a("Service directory: ").fg(WHITE).a((Boolean) opts.get("--memory") ? "MEMORY mode" : opts.get("--log-path")).reset());
// Pick the correct logging level before outputting error messages.
Logger root = (Logger) LoggerFactory.getLogger(Logger.ROOT_LOGGER_NAME);
switch((String) opts.get("--log-level")) {
case "ERROR":
root.setLevel(Level.ERROR);
break;
case "WARN":
root.setLevel(Level.WARN);
break;
case "INFO":
root.setLevel(Level.INFO);
break;
case "DEBUG":
root.setLevel(Level.DEBUG);
break;
case "TRACE":
root.setLevel(Level.TRACE);
break;
default:
root.setLevel(Level.INFO);
log.warn("Level {} not recognized, defaulting to level INFO", opts.get("--log-level"));
}
log.debug("Started with arguments: " + opts);
// Create the service directory if it does not exist.
if (!(Boolean) opts.get("--memory")) {
File serviceDir = new File((String) opts.get("--log-path"));
if (!serviceDir.exists()) {
if (serviceDir.mkdirs()) {
log.info("Created new service directory at {}.", serviceDir);
}
} else if (!serviceDir.isDirectory()) {
log.error("Service directory {} does not point to a directory. Aborting.", serviceDir);
throw new RuntimeException("Service directory must be a directory!");
}
}
// Now, we start the Netty router, and have it route to the correct port.
router = new NettyServerRouter(opts);
// Create a common Server Context for all servers to access.
serverContext = new ServerContext(opts, router);
// Add each role to the router.
addSequencer();
addLayoutServer();
addLogUnit();
addManagementServer();
router.baseServer.setOptionsMap(opts);
// Setup SSL if needed
Boolean tlsEnabled = (Boolean) opts.get("--enable-tls");
Boolean tlsMutualAuthEnabled = (Boolean) opts.get("--enable-tls-mutual-auth");
if (tlsEnabled) {
// Get the TLS cipher suites to enable
String ciphs = (String) opts.get("--tls-ciphers");
if (ciphs != null) {
List<String> ciphers = Pattern.compile(",").splitAsStream(ciphs).map(String::trim).collect(Collectors.toList());
enabledTlsCipherSuites = ciphers.toArray(new String[ciphers.size()]);
}
// Get the TLS protocols to enable
String protos = (String) opts.get("--tls-protocols");
if (protos != null) {
List<String> protocols = Pattern.compile(",").splitAsStream(protos).map(String::trim).collect(Collectors.toList());
enabledTlsProtocols = protocols.toArray(new String[protocols.size()]);
}
try {
sslContext = TlsUtils.enableTls(TlsUtils.SslContextType.SERVER_CONTEXT, (String) opts.get("--keystore"), e -> {
log.error("Could not load keys from the key store.");
System.exit(1);
}, (String) opts.get("--keystore-password-file"), e -> {
log.error("Could not read the key store password file.");
System.exit(1);
}, (String) opts.get("--truststore"), e -> {
log.error("Could not load keys from the trust store.");
System.exit(1);
}, (String) opts.get("--truststore-password-file"), e -> {
log.error("Could not read the trust store password file.");
System.exit(1);
});
} catch (Exception ex) {
log.error("Could not build the SSL context");
System.exit(1);
}
}
Boolean saslPlainTextAuth = (Boolean) opts.get("--enable-sasl-plain-text-auth");
// Create the event loops responsible for servicing inbound messages.
EventLoopGroup bossGroup;
EventLoopGroup workerGroup;
EventExecutorGroup ee;
bossGroup = new NioEventLoopGroup(1, new ThreadFactory() {
final AtomicInteger threadNum = new AtomicInteger(0);
@Override
public Thread newThread(Runnable r) {
Thread t = new Thread(r);
t.setName("accept-" + threadNum.getAndIncrement());
return t;
}
});
workerGroup = new NioEventLoopGroup(Runtime.getRuntime().availableProcessors() * 2, new ThreadFactory() {
final AtomicInteger threadNum = new AtomicInteger(0);
@Override
public Thread newThread(Runnable r) {
Thread t = new Thread(r);
t.setName("io-" + threadNum.getAndIncrement());
return t;
}
});
ee = new DefaultEventExecutorGroup(Runtime.getRuntime().availableProcessors() * 2, new ThreadFactory() {
final AtomicInteger threadNum = new AtomicInteger(0);
@Override
public Thread newThread(Runnable r) {
Thread t = new Thread(r);
t.setName("event-" + threadNum.getAndIncrement());
return t;
}
});
try {
ServerBootstrap b = new ServerBootstrap();
b.group(bossGroup, workerGroup).channel(NioServerSocketChannel.class).option(ChannelOption.SO_BACKLOG, 100).childOption(ChannelOption.SO_KEEPALIVE, true).childOption(ChannelOption.SO_REUSEADDR, true).childOption(ChannelOption.TCP_NODELAY, true).childOption(ChannelOption.ALLOCATOR, PooledByteBufAllocator.DEFAULT).childHandler(new ChannelInitializer<SocketChannel>() {
@Override
public void initChannel(io.netty.channel.socket.SocketChannel ch) throws Exception {
if (tlsEnabled) {
SSLEngine engine = sslContext.newEngine(ch.alloc());
engine.setEnabledCipherSuites(enabledTlsCipherSuites);
engine.setEnabledProtocols(enabledTlsProtocols);
if (tlsMutualAuthEnabled) {
engine.setNeedClientAuth(true);
}
ch.pipeline().addLast("ssl", new SslHandler(engine));
}
ch.pipeline().addLast(new LengthFieldPrepender(4));
ch.pipeline().addLast(new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4));
if (saslPlainTextAuth) {
ch.pipeline().addLast("sasl/plain-text", new PlainTextSaslNettyServer());
}
ch.pipeline().addLast(ee, new NettyCorfuMessageDecoder());
ch.pipeline().addLast(ee, new NettyCorfuMessageEncoder());
ch.pipeline().addLast(ee, router);
}
});
ChannelFuture f = b.bind(port).sync();
while (true) {
try {
f.channel().closeFuture().sync();
} catch (InterruptedException ie) {
}
}
} catch (InterruptedException ie) {
} catch (Exception ex) {
log.error("Corfu server shut down unexpectedly due to exception", ex);
} finally {
bossGroup.shutdownGracefully();
workerGroup.shutdownGracefully();
}
}
Also used :
ChannelOption(io.netty.channel.ChannelOption)
Getter(lombok.Getter)
GitRepositoryState(org.corfudb.util.GitRepositoryState)
LoggerFactory(org.slf4j.LoggerFactory)
NettyCorfuMessageEncoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageEncoder)
Docopt(org.docopt.Docopt)
SSLEngine(javax.net.ssl.SSLEngine)
PlainTextSaslNettyServer(org.corfudb.security.sasl.plaintext.PlainTextSaslNettyServer)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
DefaultEventExecutorGroup(io.netty.util.concurrent.DefaultEventExecutorGroup)
Map(java.util.Map)
Color(org.fusesource.jansi.Ansi.Color)
ThreadFactory(java.util.concurrent.ThreadFactory)
SocketChannel(io.netty.channel.socket.SocketChannel)
LengthFieldPrepender(io.netty.handler.codec.LengthFieldPrepender)
TlsUtils(org.corfudb.security.tls.TlsUtils)
Ansi.ansi(org.fusesource.jansi.Ansi.ansi)
LengthFieldBasedFrameDecoder(io.netty.handler.codec.LengthFieldBasedFrameDecoder)
NettyCorfuMessageDecoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageDecoder)
EventLoopGroup(io.netty.channel.EventLoopGroup)
ChannelInitializer(io.netty.channel.ChannelInitializer)
SslContext(io.netty.handler.ssl.SslContext)
NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel)
PooledByteBufAllocator(io.netty.buffer.PooledByteBufAllocator)
EventExecutorGroup(io.netty.util.concurrent.EventExecutorGroup)
Collectors(java.util.stream.Collectors)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
File(java.io.File)
ChannelFuture(io.netty.channel.ChannelFuture)
Level(ch.qos.logback.classic.Level)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
AnsiConsole(org.fusesource.jansi.AnsiConsole)
Logger(ch.qos.logback.classic.Logger)
SslHandler(io.netty.handler.ssl.SslHandler)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
Pattern(java.util.regex.Pattern)
Version(org.corfudb.util.Version)
ThreadFactory(java.util.concurrent.ThreadFactory)
SocketChannel(io.netty.channel.socket.SocketChannel)
NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel)
DefaultEventExecutorGroup(io.netty.util.concurrent.DefaultEventExecutorGroup)
SSLEngine(javax.net.ssl.SSLEngine)
NettyCorfuMessageEncoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageEncoder)
Logger(ch.qos.logback.classic.Logger)
LengthFieldPrepender(io.netty.handler.codec.LengthFieldPrepender)
Docopt(org.docopt.Docopt)
PlainTextSaslNettyServer(org.corfudb.security.sasl.plaintext.PlainTextSaslNettyServer)
SocketChannel(io.netty.channel.socket.SocketChannel)
LengthFieldBasedFrameDecoder(io.netty.handler.codec.LengthFieldBasedFrameDecoder)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
DefaultEventExecutorGroup(io.netty.util.concurrent.DefaultEventExecutorGroup)
EventExecutorGroup(io.netty.util.concurrent.EventExecutorGroup)
ChannelFuture(io.netty.channel.ChannelFuture)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
SslHandler(io.netty.handler.ssl.SslHandler)
NettyCorfuMessageDecoder(org.corfudb.protocols.wireprotocol.NettyCorfuMessageDecoder)
EventLoopGroup(io.netty.channel.EventLoopGroup)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
File(java.io.File)
Example 14 with SslHandler
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project cxf by apache.
the class NettyHttpServletPipelineFactory method getDefaulHttpChannelPipeline.
protected ChannelPipeline getDefaulHttpChannelPipeline(Channel channel) throws Exception {
// Create a default pipeline implementation.
ChannelPipeline pipeline = channel.pipeline();
SslHandler sslHandler = configureServerSSLOnDemand();
if (sslHandler != null) {
LOG.log(Level.FINE, "Server SSL handler configured and added as an interceptor against the ChannelPipeline: {}", sslHandler);
pipeline.addLast("ssl", sslHandler);
}
pipeline.addLast("decoder", new HttpRequestDecoder());
pipeline.addLast("encoder", new HttpResponseEncoder());
pipeline.addLast("aggregator", new HttpObjectAggregator(maxChunkContentSize));
// Remove the following line if you don't want automatic content
// compression.
pipeline.addLast("deflater", new HttpContentCompressor());
// Set up the idle handler
pipeline.addLast("idle", new IdleStateHandler(nettyHttpServerEngine.getReadIdleTime(), nettyHttpServerEngine.getWriteIdleTime(), 0));
return pipeline;
}
Also used :
HttpResponseEncoder(io.netty.handler.codec.http.HttpResponseEncoder)
HttpObjectAggregator(io.netty.handler.codec.http.HttpObjectAggregator)
HttpRequestDecoder(io.netty.handler.codec.http.HttpRequestDecoder)
HttpContentCompressor(io.netty.handler.codec.http.HttpContentCompressor)
IdleStateHandler(io.netty.handler.timeout.IdleStateHandler)
ChannelPipeline(io.netty.channel.ChannelPipeline)
SslHandler(io.netty.handler.ssl.SslHandler)
Example 15 with SslHandler
use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project pravega by pravega.
the class ConnectionFactoryImpl method establishConnection.
@Override
public CompletableFuture<ClientConnection> establishConnection(PravegaNodeUri location, ReplyProcessor rp) {
Preconditions.checkNotNull(location);
Exceptions.checkNotClosed(closed.get(), this);
final SslContext sslCtx;
if (clientConfig.isEnableTls()) {
try {
SslContextBuilder sslCtxFactory = SslContextBuilder.forClient();
if (Strings.isNullOrEmpty(clientConfig.getTrustStore())) {
sslCtxFactory = sslCtxFactory.trustManager(FingerprintTrustManagerFactory.getInstance(FingerprintTrustManagerFactory.getDefaultAlgorithm()));
} else {
sslCtxFactory = SslContextBuilder.forClient().trustManager(new File(clientConfig.getTrustStore()));
}
sslCtx = sslCtxFactory.build();
} catch (SSLException | NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
} else {
sslCtx = null;
}
AppendBatchSizeTracker batchSizeTracker = new AppendBatchSizeTrackerImpl();
ClientConnectionInboundHandler handler = new ClientConnectionInboundHandler(location.getEndpoint(), rp, batchSizeTracker);
Bootstrap b = new Bootstrap();
b.group(group).channel(nio ? NioSocketChannel.class : EpollSocketChannel.class).option(ChannelOption.TCP_NODELAY, true).handler(new ChannelInitializer<SocketChannel>() {
@Override
public void initChannel(SocketChannel ch) throws Exception {
ChannelPipeline p = ch.pipeline();
if (sslCtx != null) {
SslHandler sslHandler = sslCtx.newHandler(ch.alloc(), location.getEndpoint(), location.getPort());
if (clientConfig.isValidateHostName()) {
SSLEngine sslEngine = sslHandler.engine();
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
sslEngine.setSSLParameters(sslParameters);
}
p.addLast(sslHandler);
}
// p.addLast(new LoggingHandler(LogLevel.INFO));
p.addLast(new ExceptionLoggingHandler(location.getEndpoint()), new CommandEncoder(batchSizeTracker), new LengthFieldBasedFrameDecoder(WireCommands.MAX_WIRECOMMAND_SIZE, 4, 4), new CommandDecoder(), handler);
}
});
// Start the client.
CompletableFuture<ClientConnection> connectionComplete = new CompletableFuture<>();
try {
b.connect(location.getEndpoint(), location.getPort()).addListener(new ChannelFutureListener() {
@Override
public void operationComplete(ChannelFuture future) {
if (future.isSuccess()) {
// since ChannelFuture is complete future.channel() is not a blocking call.
Channel ch = future.channel();
log.debug("Connect operation completed for channel:{}, local address:{}, remote address:{}", ch.id(), ch.localAddress(), ch.remoteAddress());
// Once a channel is closed the channel group implementation removes it.
allChannels.add(ch);
connectionComplete.complete(handler);
} else {
connectionComplete.completeExceptionally(new ConnectionFailedException(future.cause()));
}
}
});
} catch (Exception e) {
connectionComplete.completeExceptionally(new ConnectionFailedException(e));
}
// check if channel is registered.
CompletableFuture<Void> channelRegisteredFuture = new CompletableFuture<>();
handler.completeWhenRegistered(channelRegisteredFuture);
return connectionComplete.thenCombine(channelRegisteredFuture, (clientConnection, v) -> clientConnection);
}
Also used :
NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel)
EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel)
SocketChannel(io.netty.channel.socket.SocketChannel)
SSLEngine(javax.net.ssl.SSLEngine)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CommandEncoder(io.pravega.shared.protocol.netty.CommandEncoder)
SSLException(javax.net.ssl.SSLException)
CompletableFuture(java.util.concurrent.CompletableFuture)
SSLParameters(javax.net.ssl.SSLParameters)
ExceptionLoggingHandler(io.pravega.shared.protocol.netty.ExceptionLoggingHandler)
Bootstrap(io.netty.bootstrap.Bootstrap)
EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel)
LengthFieldBasedFrameDecoder(io.netty.handler.codec.LengthFieldBasedFrameDecoder)
SslContext(io.netty.handler.ssl.SslContext)
ChannelFuture(io.netty.channel.ChannelFuture)
AppendBatchSizeTracker(io.pravega.shared.protocol.netty.AppendBatchSizeTracker)
CommandDecoder(io.pravega.shared.protocol.netty.CommandDecoder)
NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel)
EpollSocketChannel(io.netty.channel.epoll.EpollSocketChannel)
SocketChannel(io.netty.channel.socket.SocketChannel)
Channel(io.netty.channel.Channel)
ChannelFutureListener(io.netty.channel.ChannelFutureListener)
ConnectionFailedException(io.pravega.shared.protocol.netty.ConnectionFailedException)
SSLException(javax.net.ssl.SSLException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ChannelPipeline(io.netty.channel.ChannelPipeline)
SslHandler(io.netty.handler.ssl.SslHandler)
NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel)
SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)
File(java.io.File)
ConnectionFailedException(io.pravega.shared.protocol.netty.ConnectionFailedException)
Aggregations
SslHandler (io.netty.handler.ssl.SslHandler)165
SSLEngine (javax.net.ssl.SSLEngine)57
ChannelPipeline (io.netty.channel.ChannelPipeline)47
Channel (io.netty.channel.Channel)33
SslContext (io.netty.handler.ssl.SslContext)30
ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)26
ChannelHandler (io.netty.channel.ChannelHandler)25
NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)19
SocketChannel (io.netty.channel.socket.SocketChannel)18
NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)17
Test (org.junit.Test)17
IOException (java.io.IOException)15
InetSocketAddress (java.net.InetSocketAddress)15
IdleStateHandler (io.netty.handler.timeout.IdleStateHandler)14
SSLSession (javax.net.ssl.SSLSession)14
ServerBootstrap (io.netty.bootstrap.ServerBootstrap)13
ByteBuf (io.netty.buffer.ByteBuf)13
ChannelInitializer (io.netty.channel.ChannelInitializer)13
ChunkedWriteHandler (io.netty.handler.stream.ChunkedWriteHandler)13
SSLParameters (javax.net.ssl.SSLParameters)13
