Examples with SslHandler - org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler

Example 36 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project cassandra by apache.

the class PipelineConfigurator method encryptionConfig.

protected EncryptionConfig encryptionConfig() {
    final EncryptionOptions encryptionOptions = DatabaseDescriptor.getNativeProtocolEncryptionOptions();
    switch(tlsEncryptionPolicy) {
        case UNENCRYPTED:
            // if encryption is not enabled, no further steps are required after the initial setup
            return channel -> {
            };
        case OPTIONAL:
            // If optional, install a handler which detects whether or not the client is sending
            // encrypted bytes. If so, on receipt of the next bytes, replace that handler with
            // an SSL Handler, otherwise just remove it and proceed with an unencrypted channel.
            logger.debug("Enabling optionally encrypted CQL connections between client and server");
            return channel -> {
                SslContext sslContext = SSLFactory.getOrCreateSslContext(encryptionOptions, encryptionOptions.require_client_auth, ISslContextFactory.SocketType.SERVER);
                channel.pipeline().addFirst(SSL_HANDLER, new ByteToMessageDecoder() {

                    @Override
                    protected void decode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
                        if (byteBuf.readableBytes() < 5) {
                            // once more bytes a ready.
                            return;
                        }
                        if (SslHandler.isEncrypted(byteBuf)) {
                            // Connection uses SSL/TLS, replace the detection handler with a SslHandler and so use
                            // encryption.
                            SslHandler sslHandler = sslContext.newHandler(channel.alloc());
                            channelHandlerContext.pipeline().replace(SSL_HANDLER, SSL_HANDLER, sslHandler);
                        } else {
                            // Connection use no TLS/SSL encryption, just remove the detection handler and continue without
                            // SslHandler in the pipeline.
                            channelHandlerContext.pipeline().remove(SSL_HANDLER);
                        }
                    }
                });
            };
        case ENCRYPTED:
            logger.debug("Enabling encrypted CQL connections between client and server");
            return channel -> {
                SslContext sslContext = SSLFactory.getOrCreateSslContext(encryptionOptions, encryptionOptions.require_client_auth, ISslContextFactory.SocketType.SERVER);
                channel.pipeline().addFirst(SSL_HANDLER, sslContext.newHandler(channel.alloc()));
            };
        default:
            throw new IllegalStateException("Unrecognized TLS encryption policy: " + this.tlsEncryptionPolicy);
    }
}

Also used : LoggingHandler(io.netty.handler.logging.LoggingHandler) ISslContextFactory(org.apache.cassandra.security.ISslContextFactory) LoggerFactory(org.slf4j.LoggerFactory) EncryptionOptions(org.apache.cassandra.config.EncryptionOptions) Strings(com.google.common.base.Strings) ByteBuf(io.netty.buffer.ByteBuf) EpollServerSocketChannel(io.netty.channel.epoll.EpollServerSocketChannel) SSLFactory(org.apache.cassandra.security.SSLFactory) Map(java.util.Map) StartupMessage(org.apache.cassandra.transport.messages.StartupMessage) io.netty.channel(io.netty.channel) ByteToMessageDecoder(io.netty.handler.codec.ByteToMessageDecoder) DatabaseDescriptor(org.apache.cassandra.config.DatabaseDescriptor) Logger(org.slf4j.Logger) IdleStateEvent(io.netty.handler.timeout.IdleStateEvent) SslContext(io.netty.handler.ssl.SslContext) NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel) InetSocketAddress(java.net.InetSocketAddress) TimeUnit(java.util.concurrent.TimeUnit) IdleStateHandler(io.netty.handler.timeout.IdleStateHandler) Version(io.netty.util.Version) List(java.util.List) LogLevel(io.netty.handler.logging.LogLevel) SslHandler(io.netty.handler.ssl.SslHandler) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) org.apache.cassandra.net(org.apache.cassandra.net) List(java.util.List) EncryptionOptions(org.apache.cassandra.config.EncryptionOptions) ByteToMessageDecoder(io.netty.handler.codec.ByteToMessageDecoder) ByteBuf(io.netty.buffer.ByteBuf) SslHandler(io.netty.handler.ssl.SslHandler) SslContext(io.netty.handler.ssl.SslContext)

Example 37 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project cassandra by apache.

the class ServerConnection method certificates.

private X509Certificate[] certificates() {
    SslHandler sslHandler = (SslHandler) channel().pipeline().get("ssl");
    X509Certificate[] certificates = null;
    if (sslHandler != null) {
        try {
            certificates = sslHandler.engine().getSession().getPeerCertificateChain();
        } catch (SSLPeerUnverifiedException e) {
            logger.debug("Failed to get peer certificates for peer {}", channel().remoteAddress(), e);
        }
    }
    return certificates;
}

Also used : SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException) SslHandler(io.netty.handler.ssl.SslHandler) X509Certificate(javax.security.cert.X509Certificate)

Example 38 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project neo4j by neo4j.

the class ClientSideOnConnectSslHandler method connect.

/**
 * Main event that is triggered for connections and swapping out SslHandler for this handler. channelActive and handlerAdded handlers are
 * secondary boundary cases to this.
 *
 * @param ctx Context of the existing channel
 * @param remoteAddress the address used for initating a connection to a remote host (has type InetSocketAddress)
 * @param localAddress the local address that will be used for receiving responses from the remote host
 * @param promise the Channel promise to notify once the operation completes
 * @throws Exception when there is an error of any sort
 */
@Override
public void connect(ChannelHandlerContext ctx, SocketAddress remoteAddress, SocketAddress localAddress, ChannelPromise promise) throws Exception {
    SslHandler sslHandler = createSslHandler(ctx, (InetSocketAddress) remoteAddress);
    replaceSelfWith(sslHandler);
    ctx.connect(remoteAddress, localAddress, promise);
}

Also used : SslHandler(io.netty.handler.ssl.SslHandler)

Example 39 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project neo4j by neo4j.

the class TransportSelectionHandlerTest method channelHandlerContextMockSslAlreadyConfigured.

private static ChannelHandlerContext channelHandlerContextMockSslAlreadyConfigured() {
    Channel channel = mock(Channel.class);
    ChannelHandlerContext context = mock(ChannelHandlerContext.class);
    ChannelPipeline pipeline = mock(ChannelPipeline.class);
    SslHandler sslHandler = mock(SslHandler.class);
    when(context.channel()).thenReturn(channel);
    when(context.pipeline()).thenReturn(pipeline);
    when(context.pipeline().get(SslHandler.class)).thenReturn(sslHandler);
    return context;
}

Also used : EmbeddedChannel(io.netty.channel.embedded.EmbeddedChannel) Channel(io.netty.channel.Channel) ChannelHandlerContext(io.netty.channel.ChannelHandlerContext) ChannelPipeline(io.netty.channel.ChannelPipeline) SslHandler(io.netty.handler.ssl.SslHandler)

Example 40 with SslHandler

use of org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler in project spring-framework by spring-projects.

the class ReactorServerHttpRequest method initSslInfo.

@Override
@Nullable
protected SslInfo initSslInfo() {
    Channel channel = ((Connection) this.request).channel();
    SslHandler sslHandler = channel.pipeline().get(SslHandler.class);
    if (sslHandler == null && channel.parent() != null) {
        // HTTP/2
        sslHandler = channel.parent().pipeline().get(SslHandler.class);
    }
    if (sslHandler != null) {
        SSLSession session = sslHandler.engine().getSession();
        return new DefaultSslInfo(session);
    }
    return null;
}

Also used : Channel(io.netty.channel.Channel) Connection(reactor.netty.Connection) SSLSession(javax.net.ssl.SSLSession) SslHandler(io.netty.handler.ssl.SslHandler) Nullable(org.springframework.lang.Nullable)

Aggregations

SslHandler (io.netty.handler.ssl.SslHandler)177 SSLEngine (javax.net.ssl.SSLEngine)62 ChannelPipeline (io.netty.channel.ChannelPipeline)51 Channel (io.netty.channel.Channel)35 SslContext (io.netty.handler.ssl.SslContext)31 ChannelHandler (io.netty.channel.ChannelHandler)28 ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)26 NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)21 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)19 Test (org.junit.Test)19 SocketChannel (io.netty.channel.socket.SocketChannel)18 IOException (java.io.IOException)17 InetSocketAddress (java.net.InetSocketAddress)16 IdleStateHandler (io.netty.handler.timeout.IdleStateHandler)15 SSLParameters (javax.net.ssl.SSLParameters)15 SSLSession (javax.net.ssl.SSLSession)15 ChannelInitializer (io.netty.channel.ChannelInitializer)14 ChunkedWriteHandler (io.netty.handler.stream.ChunkedWriteHandler)14 ServerBootstrap (io.netty.bootstrap.ServerBootstrap)13 ByteBuf (io.netty.buffer.ByteBuf)13