Examples with SslHandler org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler used on opensource projects

Example 26 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project flink by apache.

the class NettyClient method connect.

// ------------------------------------------------------------------------
// Client connections
// ------------------------------------------------------------------------
ChannelFuture connect(final InetSocketAddress serverSocketAddress) {
    checkState(bootstrap != null, "Client has not been initialized yet.");
    // --------------------------------------------------------------------
    // Child channel pipeline for accepted connections
    // --------------------------------------------------------------------
    bootstrap.handler(new ChannelInitializer<SocketChannel>() {

        @Override
        public void initChannel(SocketChannel channel) throws Exception {
            // SSL handler should be added first in the pipeline
            if (clientSSLFactory != null) {
                SslHandler sslHandler = clientSSLFactory.createNettySSLHandler(channel.alloc(), serverSocketAddress.getAddress().getCanonicalHostName(), serverSocketAddress.getPort());
                channel.pipeline().addLast("ssl", sslHandler);
            }
            channel.pipeline().addLast(protocol.getClientChannelHandlers());
        }
    });
    try {
        return bootstrap.connect(serverSocketAddress);
    } catch (ChannelException e) {
        if ((e.getCause() instanceof java.net.SocketException && e.getCause().getMessage().equals("Too many open files")) || (e.getCause() instanceof ChannelException && e.getCause().getCause() instanceof java.net.SocketException && e.getCause().getCause().getMessage().equals("Too many open files"))) {
            throw new ChannelException("The operating system does not offer enough file handles to open the network connection. " + "Please increase the number of available file handles.", e.getCause());
        } else {
            throw e;
        }
    }
}

Example 27 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project flink by apache.

the class NettyClientServerSslTest method testValidSslConnection.

private void testValidSslConnection(Configuration sslConfig) throws Exception {
    OneShotLatch serverChannelInitComplete = new OneShotLatch();
    final SslHandler[] serverSslHandler = new SslHandler[1];
    NettyProtocol protocol = new NoOpProtocol();
    NettyServerAndClient serverAndClient;
    try (NetUtils.Port port = NetUtils.getAvailablePort()) {
        NettyConfig nettyConfig = createNettyConfig(sslConfig, port);
        final NettyBufferPool bufferPool = new NettyBufferPool(1);
        final NettyServer server = NettyTestUtil.initServer(nettyConfig, bufferPool, sslHandlerFactory -> new TestingServerChannelInitializer(protocol, sslHandlerFactory, serverChannelInitComplete, serverSslHandler));
        final NettyClient client = NettyTestUtil.initClient(nettyConfig, protocol, bufferPool);
        serverAndClient = new NettyServerAndClient(server, client);
    }
    Assert.assertNotNull("serverAndClient is null due to fail to get a free port", serverAndClient);
    Channel ch = NettyTestUtil.connect(serverAndClient);
    SslHandler clientSslHandler = (SslHandler) ch.pipeline().get("ssl");
    assertEqualsOrDefault(sslConfig, SSL_INTERNAL_HANDSHAKE_TIMEOUT, clientSslHandler.getHandshakeTimeoutMillis());
    assertEqualsOrDefault(sslConfig, SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT, clientSslHandler.getCloseNotifyFlushTimeoutMillis());
    // should be able to send text data
    ch.pipeline().addLast(new StringDecoder()).addLast(new StringEncoder());
    ch.writeAndFlush("test").sync();
    // session context is only be available after a session was setup -> this should be true
    // after data was sent
    serverChannelInitComplete.await();
    assertNotNull(serverSslHandler[0]);
    // verify server parameters
    assertEqualsOrDefault(sslConfig, SSL_INTERNAL_HANDSHAKE_TIMEOUT, serverSslHandler[0].getHandshakeTimeoutMillis());
    assertEqualsOrDefault(sslConfig, SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT, serverSslHandler[0].getCloseNotifyFlushTimeoutMillis());
    SSLSessionContext sessionContext = serverSslHandler[0].engine().getSession().getSessionContext();
    assertNotNull("bug in unit test setup: session context not available", sessionContext);
    // note: can't verify session cache setting at the client - delegate to server instead (with
    // our own channel initializer)
    assertEqualsOrDefault(sslConfig, SSL_INTERNAL_SESSION_CACHE_SIZE, sessionContext.getSessionCacheSize());
    int sessionTimeout = sslConfig.getInteger(SSL_INTERNAL_SESSION_TIMEOUT);
    if (sessionTimeout != -1) {
        // session timeout config is in milliseconds but the context returns it in seconds
        assertEquals(sessionTimeout / 1000, sessionContext.getSessionTimeout());
    } else {
        assertTrue("default value (-1) should not be propagated", sessionContext.getSessionTimeout() >= 0);
    }
    NettyTestUtil.shutdown(serverAndClient);
}

Example 28 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project flink by apache.

the class SSLUtilsTest method testCreateSSLEngineFactory.

/**
 * Tests that {@link SSLHandlerFactory} is created correctly.
 */
@Test
public void testCreateSSLEngineFactory() throws Exception {
    Configuration serverConfig = createInternalSslConfigWithKeyAndTrustStores();
    final String[] sslAlgorithms;
    final String[] expectedSslProtocols;
    if (sslProvider.equalsIgnoreCase("OPENSSL")) {
        // openSSL does not support the same set of cipher algorithms!
        sslAlgorithms = new String[] { "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384" };
        expectedSslProtocols = new String[] { "SSLv2Hello", "TLSv1" };
    } else {
        sslAlgorithms = new String[] { "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" };
        expectedSslProtocols = new String[] { "TLSv1" };
    }
    // set custom protocol and cipher suites
    serverConfig.setString(SecurityOptions.SSL_PROTOCOL, "TLSv1");
    serverConfig.setString(SecurityOptions.SSL_ALGORITHMS, String.join(",", sslAlgorithms));
    final SSLHandlerFactory serverSSLHandlerFactory = SSLUtils.createInternalServerSSLEngineFactory(serverConfig);
    final SslHandler sslHandler = serverSSLHandlerFactory.createNettySSLHandler(UnpooledByteBufAllocator.DEFAULT);
    assertEquals(expectedSslProtocols.length, sslHandler.engine().getEnabledProtocols().length);
    assertThat(sslHandler.engine().getEnabledProtocols(), arrayContainingInAnyOrder(expectedSslProtocols));
    assertEquals(sslAlgorithms.length, sslHandler.engine().getEnabledCipherSuites().length);
    assertThat(sslHandler.engine().getEnabledCipherSuites(), arrayContainingInAnyOrder(sslAlgorithms));
}

Example 29 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project netty-socketio by mrniko.

the class SocketIOChannelInitializer method addSslHandler.

/**
 * Adds the ssl handler
 *
 * @param pipeline - channel pipeline
 */
protected void addSslHandler(ChannelPipeline pipeline) {
    if (sslContext != null) {
        SSLEngine engine = sslContext.createSSLEngine();
        engine.setUseClientMode(false);
        pipeline.addLast(SSL_HANDLER, new SslHandler(engine));
    }
}

Example 30 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project netty by netty.

the class OcspTest method testServerOcspNotEnabled.

private static void testServerOcspNotEnabled(SslProvider sslProvider) throws Exception {
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    try {
        SslContext context = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(sslProvider).build();
        try {
            SslHandler sslHandler = context.newHandler(ByteBufAllocator.DEFAULT);
            final ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) sslHandler.engine();
            try {
                assertThrows(IllegalStateException.class, new Executable() {

                    @Override
                    public void execute() {
                        engine.setOcspResponse(new byte[] { 1, 2, 3 });
                    }
                });
            } finally {
                engine.release();
            }
        } finally {
            ReferenceCountUtil.release(context);
        }
    } finally {
        ssc.delete();
    }
}