Example usage for io.netty.handler.ssl SslContext newServerContext

Introduction

In this page you can find the example usage for io.netty.handler.ssl SslContext newServerContext.

Prototype

@Deprecated
public static SslContext newServerContext(SslProvider provider, File trustCertCollectionFile,
        TrustManagerFactory trustManagerFactory, File keyCertChainFile, File keyFile, String keyPassword,
        KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
        ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws SSLException 

Source Link

Document

Creates a new server-side SslContext .

Usage

From source file:com.foilen.smalltools.net.netty.NettyServer.java

License:Open Source License

/**
 * Start the server.//from w ww .j  ava2 s  .c om
 *
 * @param port
 *            the port to listen on (0 for a random port ; get it with {@link #getPort()})
 * @param trustedCertificates
 *            (optional) the certificate to trust connections from
 * @param certificate
 *            (optional) the server's certificate
 * @param channelHandlerContainers
 *            the channel handlers for the incoming connections
 */
public void start(final int port, final RSATrustedCertificates trustedCertificates,
        final RSACertificate certificate, final List<ChannelHandlerContainer> channelHandlerContainers) {

    AssertTools.assertNull(thread, "Server is already started");

    final CountDownLatch countDownLatch = new CountDownLatch(1);
    thread = new Thread(() -> {
        try {
            ServerBootstrap serverBootstrap = new ServerBootstrap();
            serverBootstrap.group(NettyCommon.EVENT_LOOP_GROUP, NettyCommon.EVENT_LOOP_GROUP);
            serverBootstrap.channel(NioServerSocketChannel.class);

            serverBootstrap.childHandler(new ChannelInitializer<SocketChannel>() {

                @Override
                protected void initChannel(SocketChannel socketChannel) throws Exception {

                    InetSocketAddress remoteAddress = socketChannel.remoteAddress();
                    logger.info("Got a connection from {}:{}", remoteAddress.getHostName(),
                            remoteAddress.getPort());

                    // Add sslCtx if needed
                    if (trustedCertificates != null || certificate != null) {
                        TrustManagerFactory trustManagerFactory = trustedCertificates == null ? null
                                : RSATools.createTrustManagerFactory(trustedCertificates);
                        KeyManagerFactory keyManagerFactory = certificate == null ? null
                                : RSATools.createKeyManagerFactory(certificate);

                        CipherSuiteFilter cipherFilter = IdentityCipherSuiteFilter.INSTANCE;
                        SslContext sslCtx = SslContext.newServerContext(SslProvider.JDK, null,
                                trustManagerFactory, null, null, null, keyManagerFactory, null, cipherFilter,
                                null, 0, 0);
                        SslHandler sslHandler = sslCtx.newHandler(socketChannel.alloc());

                        if (trustManagerFactory == null) {
                            logger.debug("Will not verify client's identity");
                        } else {
                            logger.debug("Will verify client's identity");
                            SSLEngine sslEngine = sslHandler.engine();
                            sslEngine.setNeedClientAuth(true);
                        }

                        socketChannel.pipeline().addLast(sslHandler);
                    }

                    // Add the channel handlers
                    for (ChannelHandlerContainer channelHandlerContainer : channelHandlerContainers) {
                        socketChannel.pipeline()
                                .addLast(ReflectionTools.instantiate(
                                        channelHandlerContainer.getChannelHandlerClass(),
                                        channelHandlerContainer.getConstructorParams()));
                    }
                }
            }) //
                    .option(ChannelOption.SO_BACKLOG, 128) //
                    .childOption(ChannelOption.SO_KEEPALIVE, true);

            bindedPort = port;
            logger.info("Server on port {} is starting...", port);
            ChannelFuture channelFuture = serverBootstrap.bind(port).sync();
            SocketAddress socketAddress = channelFuture.channel().localAddress();
            if (socketAddress instanceof InetSocketAddress) {
                InetSocketAddress inetSocketAddress = (InetSocketAddress) socketAddress;
                bindedPort = inetSocketAddress.getPort();
            }
            logger.info("Server on port {} is started", bindedPort);
            countDownLatch.countDown();
            channelFuture.channel().closeFuture().sync();
        } catch (InterruptedException e) {
            logger.info("Server on port {} is interrupted", bindedPort);
        } finally {
            countDownLatch.countDown();
        }
        logger.info("Server on port {} is stopped", bindedPort);
    });
    thread.setName("Netty Server-" + bindedPort);
    thread.start();

    try {
        countDownLatch.await();
    } catch (InterruptedException e) {
        logger.error("Interrupted while waiting for the server to start");
    }
}

---

From source file:org.opendaylight.usc.manager.UscSecureServiceImpl.java

License:Open Source License

@Override
public ChannelOutboundHandler getTcpServerHandler(Channel ch) throws SSLException {
    SslContext sslServerCtx = SslContext.newServerContext(null, trustCertChainFile, null, publicCertChainFile,
            privateKeyFile, null, null, null, IdentityCipherSuiteFilter.INSTANCE, null, 0, 0);
    // mutual authentication as server
    SSLEngine sslServerEngine = sslServerCtx.newEngine(ch.alloc());
    // require client (mutual) authentication
    sslServerEngine.setNeedClientAuth(true);
    return new SslHandler(sslServerEngine);
}

---