List of usage examples for io.netty.handler.ssl SslContext newEngine
public abstract SSLEngine newEngine(ByteBufAllocator alloc, String peerHost, int peerPort);
From source file:com.github.ambry.rest.NettySslFactory.java
License:Open Source License
@Override public SSLEngine createSSLEngine(String peerHost, int peerPort, Mode mode) { SslContext context = mode == Mode.CLIENT ? nettyClientSslContext : nettyServerSslContext; SSLEngine sslEngine = context.newEngine(ByteBufAllocator.DEFAULT, peerHost, peerPort); if (mode == Mode.CLIENT) { SSLParameters sslParams = sslEngine.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm(endpointIdentification); sslEngine.setSSLParameters(sslParams); }/*from ww w . j a va 2 s. c o m*/ return sslEngine; }
From source file:com.ibm.mqlight.api.impl.network.NettyNetworkService.java
License:Apache License
@Override public void connect(Endpoint endpoint, NetworkListener listener, Promise<NetworkChannel> promise) { final String methodName = "connect"; logger.entry(this, methodName, endpoint, listener, promise); SslContext sslCtx = null; try {//from w w w . j av a 2s.com if (endpoint.getCertChainFile() != null && endpoint.getCertChainFile().exists()) { try (FileInputStream fileInputStream = new FileInputStream(endpoint.getCertChainFile())) { KeyStore jks = KeyStore.getInstance("JKS"); jks.load(fileInputStream, null); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(jks); sslCtx = SslContext.newClientContext(); if (sslCtx instanceof JdkSslContext) { ((JdkSslContext) sslCtx).context().init(null, trustManagerFactory.getTrustManagers(), null); } } catch (IOException | NoSuchAlgorithmException | CertificateException | KeyStoreException | KeyManagementException e) { logger.data(this, methodName, e.toString()); } } // fallback to passing as .PEM file (or null, which loads default cacerts) if (sslCtx == null) { sslCtx = SslContext.newClientContext(endpoint.getCertChainFile()); } final SSLEngine sslEngine = sslCtx.newEngine(null, endpoint.getHost(), endpoint.getPort()); sslEngine.setUseClientMode(true); final LinkedList<String> enabledProtocols = new LinkedList<String>() { private static final long serialVersionUID = 7838479468739671083L; { for (String protocol : sslEngine.getSupportedProtocols()) { if (!disabledProtocolPattern.matcher(protocol).matches()) { add(protocol); } } } }; sslEngine.setEnabledProtocols(enabledProtocols.toArray(new String[0])); logger.data(this, methodName, "enabledProtocols", Arrays.toString(sslEngine.getEnabledProtocols())); final LinkedList<String> enabledCipherSuites = new LinkedList<String>() { private static final long serialVersionUID = 7838479468739671083L; { for (String cipher : sslEngine.getSupportedCipherSuites()) { if (!disabledCipherPattern.matcher(cipher).matches()) { add(cipher); } } } }; sslEngine.setEnabledCipherSuites(enabledCipherSuites.toArray(new String[0])); logger.data(this, methodName, "enabledCipherSuites", Arrays.toString(sslEngine.getEnabledCipherSuites())); if (endpoint.getVerifyName()) { SSLParameters sslParams = sslEngine.getSSLParameters(); sslParams.setEndpointIdentificationAlgorithm("HTTPS"); sslEngine.setSSLParameters(sslParams); } // The listener must be added to the ChannelFuture before the bootstrap channel initialisation completes (i.e. // before the NettyInboundHandler is added to the channel pipeline) otherwise the listener may not be able to // see the NettyInboundHandler, when its operationComplete() method is called (there is a small window where // the socket connection fails just after initChannel has complete but before ConnectListener is added, with // the ConnectListener.operationComplete() being called as though the connection was successful) // Hence we synchronise here and within the ChannelInitializer.initChannel() method. synchronized (bootstrapSync) { final ChannelHandler handler; if (endpoint.useSsl()) { handler = new ChannelInitializer<SocketChannel>() { @Override public void initChannel(SocketChannel ch) throws Exception { synchronized (bootstrapSync) { ch.pipeline().addFirst(new SslHandler(sslEngine)); ch.pipeline().addLast(new NettyInboundHandler(ch)); } } }; } else { handler = new ChannelInitializer<SocketChannel>() { @Override public void initChannel(SocketChannel ch) throws Exception { synchronized (bootstrapSync) { ch.pipeline().addLast(new NettyInboundHandler(ch)); } } }; } final Bootstrap bootstrap = getBootstrap(endpoint.useSsl(), sslEngine, handler); final ChannelFuture f = bootstrap.connect(endpoint.getHost(), endpoint.getPort()); f.addListener(new ConnectListener(endpoint, f, promise, listener)); } } catch (SSLException e) { if (e.getCause() == null) { promise.setFailure(new SecurityException(e.getMessage(), e)); } else { promise.setFailure(new SecurityException(e.getCause().getMessage(), e.getCause())); } } logger.exit(this, methodName); }
From source file:com.mastfrog.netty.http.client.Initializer.java
License:Open Source License
@Override protected void initChannel(Channel ch) throws Exception { ChannelPipeline pipeline = ch.pipeline(); if (ssl) {/* w w w .j a va 2 s . c o m*/ SslContext clientContext = context == null ? SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build() : context; pipeline.addLast("ssl", new ExceptionForwardingSslHandler( clientContext.newEngine(ByteBufAllocator.DEFAULT, hostPort.host(), hostPort.port()))); } pipeline.addLast("http-codec", new HttpClientCodec(maxInitialLineLength, maxChunkSize, maxChunkSize)); if (compress) { pipeline.addLast("decompressor", new HttpContentDecompressor()); } pipeline.addLast("handler", handler); }
From source file:io.gatling.http.client.impl.SslHandlers.java
License:Apache License
private static SslHandler createSslHandler(SslContext sslContext, String peerHost, int peerPort, ByteBufAllocator allocator, HttpClientConfig config) { SSLEngine sslEngine = config.isEnableSni() ? sslContext.newEngine(allocator, Tls.domain(peerHost), peerPort) : sslContext.newEngine(allocator); sslEngine.setUseClientMode(true);// w w w.j a va2s .c om if (config.isEnableHostnameVerification()) { SSLParameters params = sslEngine.getSSLParameters(); params.setEndpointIdentificationAlgorithm("HTTPS"); sslEngine.setSSLParameters(params); } SslHandler sslHandler = new SslHandler(sslEngine); if (config.getHandshakeTimeout() > 0) sslHandler.setHandshakeTimeoutMillis(config.getHandshakeTimeout()); return sslHandler; }
From source file:org.redisson.client.handler.RedisChannelInitializer.java
License:Apache License
private void initSsl(final RedisClientConfig config, Channel ch) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, SSLException, UnrecoverableKeyException { if (!config.getAddress().isSsl()) { return;/*from w w w .j a v a2 s .c om*/ } io.netty.handler.ssl.SslProvider provided = io.netty.handler.ssl.SslProvider.JDK; if (config.getSslProvider() == SslProvider.OPENSSL) { provided = io.netty.handler.ssl.SslProvider.OPENSSL; } SslContextBuilder sslContextBuilder = SslContextBuilder.forClient().sslProvider(provided); if (config.getSslTruststore() != null) { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream stream = config.getSslTruststore().openStream(); try { char[] password = null; if (config.getSslTruststorePassword() != null) { password = config.getSslTruststorePassword().toCharArray(); } keyStore.load(stream, password); } finally { stream.close(); } TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); sslContextBuilder.trustManager(trustManagerFactory); } if (config.getSslKeystore() != null) { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream stream = config.getSslKeystore().openStream(); char[] password = null; if (config.getSslKeystorePassword() != null) { password = config.getSslKeystorePassword().toCharArray(); } try { keyStore.load(stream, password); } finally { stream.close(); } KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, password); sslContextBuilder.keyManager(keyManagerFactory); } SSLParameters sslParams = new SSLParameters(); if (config.isSslEnableEndpointIdentification()) { // TODO remove for JDK 1.7+ try { Method method = sslParams.getClass().getDeclaredMethod("setEndpointIdentificationAlgorithm", String.class); method.invoke(sslParams, "HTTPS"); } catch (Exception e) { throw new SSLException(e); } } else { if (config.getSslTruststore() == null) { sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE); } } SslContext sslContext = sslContextBuilder.build(); String hostname = config.getSslHostname(); if (hostname == null || NetUtil.createByteArrayFromIpAddressString(hostname) != null) { hostname = config.getAddress().getHost(); } SSLEngine sslEngine = sslContext.newEngine(ch.alloc(), hostname, config.getAddress().getPort()); sslEngine.setSSLParameters(sslParams); SslHandler sslHandler = new SslHandler(sslEngine); ch.pipeline().addLast(sslHandler); ch.pipeline().addLast(new ChannelInboundHandlerAdapter() { volatile boolean sslInitDone; @Override public void channelActive(ChannelHandlerContext ctx) throws Exception { if (sslInitDone) { super.channelActive(ctx); } } @Override public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception { if (!sslInitDone && (evt instanceof SslHandshakeCompletionEvent)) { SslHandshakeCompletionEvent e = (SslHandshakeCompletionEvent) evt; if (e.isSuccess()) { sslInitDone = true; ctx.fireChannelActive(); } else { RedisConnection connection = RedisConnection.getFrom(ctx.channel()); connection.getConnectionPromise().tryFailure(e.cause()); } } super.userEventTriggered(ctx, evt); } }); }