• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• iot-mqtt-master
  • iot-mqtt-common
    • src
      • main
        • java
          • org
            • iot
              • mqtt
                • test
                  • utils
                    • ByteUtil.java
                    • RejectHandler.java
                    • SerializeHelper.java
                    • ThreadFactoryImpl.java
                    • MixAll.java
                • common
                  • config
                    • NettyConfig.java
                    • AbstractConfig.java
                    • TestConfig.java
                    • MqttConfig.java
                  • bean
                    • Qos.java
                    • Subscription.java
                    • MessageHeader.java
                    • Message.java
                    • Topic.java
    • pom.xml
    • .gitignore
  • iot-mqtt-broker
    • src
      • main
        • resources
          • logback-broker.xml
          • broker.properties
        • java
          • org
            • iot
              • mqtt
                • broker
                  • sys
                    • SysMessageService.java
                    • SysToipc.java
                    • ClientInfo.java
                    • SysInfo.java
                    • TopicInfo.java
                  • acl
                    • impl
                      • DefaultConnectPermission.java
                      • DefaultPubSubPermission.java
                    • PubSubPermission.java
                    • ConnectPermission.java
                  • utils
                    • MessageUtil.java
                    • NettyUtil.java
                  • netty
                    • NettyConnectHandler.java
                    • codec
                      • WebSocket2ByteBufDecoder.java
                      • ByteBuf2WebSocketEncoder.java
                    • ChannelEventListener.java
                    • NettyEventType.java
                    • NettySslHandler.java
                    • NettyEvent.java
                    • NettyEventExcutor.java
                  • processor
                    • SubscribeProcessor.java
                    • PubAckProcessor.java
                    • ConnectProcessor.java
                    • DisconnectProcessor.java
                    • PingProcessor.java
                    • PublishProcessor.java
                    • PubRelProcessor.java
                    • UnSubscribeProcessor.java
                    • RequestProcessor.java
                    • AbstractMessageProcessor.java
                    • PubRecProcessor.java
                    • PubCompProcessor.java
                  • BrokerRoom.java
                  • client
                    • ClientLifeCycleHookService.java
                  • subscribe
                    • DefaultSubscriptionTreeMatcher.java
                    • SubscriptionMatcher.java
                  • dispatcher
                    • DefaultDispatcherMessage.java
                    • MessageDispatcher.java
                  • exception
                    • BrokerException.java
                    • ConnectException.java
                    • TimeoutException.java
                    • TooMuchRequestException.java
                    • SendRequestException.java
                  • BrokerService.java
                  • recover
                    • ReSendMessageService.java
                  • session
                    • ClientSession.java
                    • ConnectManager.java
                  • BrokerStartup.java
    • pom.xml
    • .gitignore
  • pom.xml
  • LICENSE
  • pic
  • iot-mqtt-store
    • src
      • main
        • java
          • org
            • iot
              • mqtt
                • store
                  • AbstractMqttStore.java
                  • OfflineMessageStore.java
                  • WillMessageStore.java
                  • RetainMessageStore.java
                  • SessionStore.java
                  • FlowMessageStore.java
                  • rocksdb
                    • db
                      • RDB.java
                      • RDBStorePrefix.java
                    • RDBWillMessageStore.java
                    • RDBFlowMessageStore.java
                    • RDBSessionStore.java
                    • RDBRetainMessageStore.java
                    • RDBOfflineMessageStore.java
                    • RDBMqttStore.java
                    • RDBSubscriptionStore.java
                  • SubscriptionStore.java
                  • memory
                    • DefaultOfflineMessageStore.java
                    • DefaultWillMessageStore.java
                    • DefaultRetainMessageStore.java
                    • DefaultSessionStore.java
                    • DefaultFlowMessageStore.java
                    • DefaultSubscriptionStore.java
                    • DefaultMqttStore.java
    • pom.xml
    • .gitignore
  • release
    • config
      • logback-test.xml
      • logback-broker.xml
      • test.properties
      • broker.properties
    • bin
      • subscribe_sys.cmd
      • subscribe_test.cmd
      • send_test.cmd
      • server
      • subscribe_test
      • subscribe_sys
      • send_test
      • server.cmd
  • iot-mqtt-test
    • src
      • main
        • resources
          • logback-test.xml
          • test.properties
        • java
          • org
            • iot
              • mqtt
                • test
                  • MqttSendTest.java
                  • support
                    • MyMqtt.java
                    • TestSize.java
                  • MqttMutiClientSendTest.java
                  • MqttMutiClientSubTest.java
                  • MqttSysTest.java
                  • MqttSubTest.java
                • handler
                  • MqttHandler.java
                  • MqttBaseHandler.java
    • pom.xml
    • .gitignore
  • README.md
  • .gitignore

package org.iot.mqtt.broker.netty;

import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import io.netty.channel.ChannelHandler;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslProvider;

public class NettySslHandler {
    private static final Logger log = LoggerFactory.getLogger(NettySslHandler.class);

    public static ChannelHandler getSslHandler(SocketChannel channel, boolean useClientCA, String sslKeyStoreType, String sslKeyFilePath, String sslManagerPwd, String sslStorePwd) {

        SslContext sslContext = createSSLContext(useClientCA, sslKeyStoreType, sslKeyFilePath, sslManagerPwd, sslStorePwd);
        SSLEngine sslEngine = sslContext.newEngine(
                channel.alloc(),
                channel.remoteAddress().getHostString(),
                channel.remoteAddress().getPort());
        sslEngine.setUseClientMode(false); // server mode
        if (useClientCA) {
            sslEngine.setNeedClientAuth(true);
        }
        return new SslHandler(sslEngine);
    }

    private static SslContext createSSLContext(boolean useClientCA, String sslKeyStoreType, String sslKeyFilePath, String sslManagerPwd, String sslStorePwd) {
        try {
            InputStream ksInputStream = new FileInputStream(sslKeyFilePath);
            KeyStore ks = KeyStore.getInstance(sslKeyStoreType);
            ks.load(ksInputStream, sslStorePwd.toCharArray());


            final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            kmf.init(ks, sslManagerPwd.toCharArray());
            SslContextBuilder contextBuilder = SslContextBuilder.forServer(kmf);

            // whether need client CA(two-way authentication)
            if (useClientCA) {
                contextBuilder.clientAuth(ClientAuth.REQUIRE);
                TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                tmf.init(ks);
                contextBuilder.trustManager(tmf);
            }
            return contextBuilder.sslProvider(SslProvider.valueOf("JDK")).build();
        } catch (Exception ex) {
            log.error("Create ssl context failure.cause={}", ex);
            return null;
        }
    }

}