Java Code Examples for org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler

The following examples show how to use org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source Project: Flink-CEPplus   Author: ljygz   File: SSLUtilsTest.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Tests that {@link SSLHandlerFactory} is created correctly.
 */
@Test
public void testCreateSSLEngineFactory() throws Exception {
	Configuration serverConfig = createInternalSslConfigWithKeyAndTrustStores();

	// set custom protocol and cipher suites
	serverConfig.setString(SecurityOptions.SSL_PROTOCOL, "TLSv1");
	serverConfig.setString(SecurityOptions.SSL_ALGORITHMS, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256");

	final SSLHandlerFactory serverSSLHandlerFactory = SSLUtils.createInternalServerSSLEngineFactory(serverConfig);
	final SslHandler sslHandler = serverSSLHandlerFactory.createNettySSLHandler();

	assertEquals(1, sslHandler.engine().getEnabledProtocols().length);
	assertEquals("TLSv1", sslHandler.engine().getEnabledProtocols()[0]);

	assertEquals(2, sslHandler.engine().getEnabledCipherSuites().length);
	assertThat(sslHandler.engine().getEnabledCipherSuites(), arrayContainingInAnyOrder(
			"TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"));
}
 
Example #2
Source Project: Flink-CEPplus   Author: ljygz   File: RedirectingSslHandler.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void decode(ChannelHandlerContext context, ByteBuf in, List<Object> out) {
	if (in.readableBytes() >= SSL_RECORD_HEADER_LENGTH && SslHandler.isEncrypted(in)) {
		handleSsl(context);
	} else {
		context.pipeline().replace(this, HTTP_CODEC_HANDLER_NAME, new HttpServerCodec());
		context.pipeline().addAfter(HTTP_CODEC_HANDLER_NAME, NON_SSL_HANDLER_NAME, new NonSslHandler());
	}
}
 
Example #3
Source Project: Flink-CEPplus   Author: ljygz   File: RedirectingSslHandler.java    License: Apache License 2.0 5 votes vote down vote up
private void handleSsl(ChannelHandlerContext context) {
	SslHandler sslHandler = sslHandlerFactory.createNettySSLHandler();
	try {
		context.pipeline().replace(this, SSL_HANDLER_NAME, sslHandler);
	} catch (Throwable t) {
		ReferenceCountUtil.safeRelease(sslHandler.engine());
		throw t;
	}
}
 
Example #4
Source Project: Flink-CEPplus   Author: ljygz   File: SSLHandlerFactory.java    License: Apache License 2.0 5 votes vote down vote up
private SslHandler createNettySSLHandler(SSLEngine sslEngine) {
	SslHandler sslHandler = new SslHandler(sslEngine);
	if (handshakeTimeoutMs >= 0) {
		sslHandler.setHandshakeTimeoutMillis(handshakeTimeoutMs);
	}
	if (closeNotifyFlushTimeoutMs >= 0) {
		sslHandler.setCloseNotifyFlushTimeoutMillis(closeNotifyFlushTimeoutMs);
	}

	return sslHandler;
}
 
Example #5
Source Project: Flink-CEPplus   Author: ljygz   File: NettyClientServerSslTest.java    License: Apache License 2.0 5 votes vote down vote up
private void testValidSslConnection(Configuration sslConfig) throws Exception {
	NettyProtocol protocol = new NoOpProtocol();

	NettyConfig nettyConfig = createNettyConfig(sslConfig);

	NettyTestUtil.NettyServerAndClient serverAndClient = NettyTestUtil.initServerAndClient(protocol, nettyConfig);

	Channel ch = NettyTestUtil.connect(serverAndClient);

	SslHandler sslHandler = (SslHandler) ch.pipeline().get("ssl");
	assertEqualsOrDefault(sslConfig, SSL_INTERNAL_HANDSHAKE_TIMEOUT, sslHandler.getHandshakeTimeoutMillis());
	assertEqualsOrDefault(sslConfig, SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT, sslHandler.getCloseNotifyFlushTimeoutMillis());

	// should be able to send text data
	ch.pipeline().addLast(new StringDecoder()).addLast(new StringEncoder());
	assertTrue(ch.writeAndFlush("test").await().isSuccess());

	// session context is only be available after a session was setup -> this should be true after data was sent
	SSLSessionContext sessionContext = sslHandler.engine().getSession().getSessionContext();
	assertNotNull("bug in unit test setup: session context not available", sessionContext);
	assertEqualsOrDefault(sslConfig, SSL_INTERNAL_SESSION_CACHE_SIZE, sessionContext.getSessionCacheSize());
	int sessionTimeout = sslConfig.getInteger(SSL_INTERNAL_SESSION_TIMEOUT);
	if (sessionTimeout != -1) {
		// session timeout config is in milliseconds but the context returns it in seconds
		assertEquals(sessionTimeout / 1000, sessionContext.getSessionTimeout());
	} else {
		assertTrue("default value (-1) should not be propagated", sessionContext.getSessionTimeout() >= 0);
	}

	NettyTestUtil.shutdown(serverAndClient);
}
 
Example #6
Source Project: flink   Author: flink-tpc-ds   File: RedirectingSslHandler.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void decode(ChannelHandlerContext context, ByteBuf in, List<Object> out) {
	if (in.readableBytes() >= SSL_RECORD_HEADER_LENGTH && SslHandler.isEncrypted(in)) {
		handleSsl(context);
	} else {
		context.pipeline().replace(this, HTTP_CODEC_HANDLER_NAME, new HttpServerCodec());
		context.pipeline().addAfter(HTTP_CODEC_HANDLER_NAME, NON_SSL_HANDLER_NAME, new NonSslHandler());
	}
}
 
Example #7
Source Project: flink   Author: flink-tpc-ds   File: RedirectingSslHandler.java    License: Apache License 2.0 5 votes vote down vote up
private void handleSsl(ChannelHandlerContext context) {
	SslHandler sslHandler = sslHandlerFactory.createNettySSLHandler(context.alloc());
	try {
		context.pipeline().replace(this, SSL_HANDLER_NAME, sslHandler);
	} catch (Throwable t) {
		ReferenceCountUtil.safeRelease(sslHandler.engine());
		throw t;
	}
}
 
Example #8
Source Project: flink   Author: flink-tpc-ds   File: SSLHandlerFactory.java    License: Apache License 2.0 5 votes vote down vote up
private SslHandler createNettySSLHandler(SSLEngine sslEngine) {
	SslHandler sslHandler = new SslHandler(sslEngine);
	if (handshakeTimeoutMs >= 0) {
		sslHandler.setHandshakeTimeoutMillis(handshakeTimeoutMs);
	}
	if (closeNotifyFlushTimeoutMs >= 0) {
		sslHandler.setCloseNotifyFlushTimeoutMillis(closeNotifyFlushTimeoutMs);
	}

	return sslHandler;
}
 
Example #9
Source Project: flink   Author: flink-tpc-ds   File: SSLUtilsTest.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Tests that {@link SSLHandlerFactory} is created correctly.
 */
@Test
public void testCreateSSLEngineFactory() throws Exception {
	Configuration serverConfig = createInternalSslConfigWithKeyAndTrustStores();
	final String[] sslAlgorithms;
	final String[] expectedSslProtocols;
	if (sslProvider.equalsIgnoreCase("OPENSSL")) {
		// openSSL does not support the same set of cipher algorithms!
		sslAlgorithms = new String[] {"TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384"};
		expectedSslProtocols = new String[] {"SSLv2Hello", "TLSv1"};
	} else {
		sslAlgorithms = new String[] {"TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"};
		expectedSslProtocols = new String[] {"TLSv1"};
	}

	// set custom protocol and cipher suites
	serverConfig.setString(SecurityOptions.SSL_PROTOCOL, "TLSv1");
	serverConfig.setString(SecurityOptions.SSL_ALGORITHMS, String.join(",", sslAlgorithms));

	final SSLHandlerFactory serverSSLHandlerFactory = SSLUtils.createInternalServerSSLEngineFactory(serverConfig);
	final SslHandler sslHandler = serverSSLHandlerFactory.createNettySSLHandler(UnpooledByteBufAllocator.DEFAULT);

	assertEquals(expectedSslProtocols.length, sslHandler.engine().getEnabledProtocols().length);
	assertThat(
		sslHandler.engine().getEnabledProtocols(),
		arrayContainingInAnyOrder(expectedSslProtocols));

	assertEquals(sslAlgorithms.length, sslHandler.engine().getEnabledCipherSuites().length);
	assertThat(
		sslHandler.engine().getEnabledCipherSuites(),
		arrayContainingInAnyOrder(sslAlgorithms));
}
 
Example #10
Source Project: flink   Author: flink-tpc-ds   File: NettyClientServerSslTest.java    License: Apache License 2.0 5 votes vote down vote up
TestingServerChannelInitializer(
	NettyProtocol protocol,
	SSLHandlerFactory sslHandlerFactory,
	OneShotLatch latch,
	SslHandler[] serverHandler) {
	super(protocol, sslHandlerFactory);
	this.latch = latch;
	this.serverHandler = serverHandler;
}
 
Example #11
Source Project: flink   Author: flink-tpc-ds   File: NettyClientServerSslTest.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void initChannel(SocketChannel channel) throws Exception {
	super.initChannel(channel);

	SslHandler sslHandler = (SslHandler) channel.pipeline().get("ssl");
	assertNotNull(sslHandler);
	serverHandler[0] = sslHandler;

	latch.trigger();
}
 
Example #12
Source Project: flink   Author: apache   File: RedirectingSslHandler.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void decode(ChannelHandlerContext context, ByteBuf in, List<Object> out) {
	if (in.readableBytes() >= SSL_RECORD_HEADER_LENGTH && SslHandler.isEncrypted(in)) {
		handleSsl(context);
	} else {
		context.pipeline().replace(this, HTTP_CODEC_HANDLER_NAME, new HttpServerCodec());
		context.pipeline().addAfter(HTTP_CODEC_HANDLER_NAME, NON_SSL_HANDLER_NAME, new NonSslHandler());
	}
}
 
Example #13
Source Project: flink   Author: apache   File: RedirectingSslHandler.java    License: Apache License 2.0 5 votes vote down vote up
private void handleSsl(ChannelHandlerContext context) {
	SslHandler sslHandler = sslHandlerFactory.createNettySSLHandler(context.alloc());
	try {
		context.pipeline().replace(this, SSL_HANDLER_NAME, sslHandler);
	} catch (Throwable t) {
		ReferenceCountUtil.safeRelease(sslHandler.engine());
		throw t;
	}
}
 
Example #14
Source Project: flink   Author: apache   File: SSLHandlerFactory.java    License: Apache License 2.0 5 votes vote down vote up
private SslHandler createNettySSLHandler(SSLEngine sslEngine) {
	SslHandler sslHandler = new SslHandler(sslEngine);
	if (handshakeTimeoutMs >= 0) {
		sslHandler.setHandshakeTimeoutMillis(handshakeTimeoutMs);
	}
	if (closeNotifyFlushTimeoutMs >= 0) {
		sslHandler.setCloseNotifyFlushTimeoutMillis(closeNotifyFlushTimeoutMs);
	}

	return sslHandler;
}
 
Example #15
Source Project: flink   Author: apache   File: SSLUtilsTest.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Tests that {@link SSLHandlerFactory} is created correctly.
 */
@Test
public void testCreateSSLEngineFactory() throws Exception {
	Configuration serverConfig = createInternalSslConfigWithKeyAndTrustStores();
	final String[] sslAlgorithms;
	final String[] expectedSslProtocols;
	if (sslProvider.equalsIgnoreCase("OPENSSL")) {
		// openSSL does not support the same set of cipher algorithms!
		sslAlgorithms = new String[] {"TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384"};
		expectedSslProtocols = new String[] {"SSLv2Hello", "TLSv1"};
	} else {
		sslAlgorithms = new String[] {"TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"};
		expectedSslProtocols = new String[] {"TLSv1"};
	}

	// set custom protocol and cipher suites
	serverConfig.setString(SecurityOptions.SSL_PROTOCOL, "TLSv1");
	serverConfig.setString(SecurityOptions.SSL_ALGORITHMS, String.join(",", sslAlgorithms));

	final SSLHandlerFactory serverSSLHandlerFactory = SSLUtils.createInternalServerSSLEngineFactory(serverConfig);
	final SslHandler sslHandler = serverSSLHandlerFactory.createNettySSLHandler(UnpooledByteBufAllocator.DEFAULT);

	assertEquals(expectedSslProtocols.length, sslHandler.engine().getEnabledProtocols().length);
	assertThat(
		sslHandler.engine().getEnabledProtocols(),
		arrayContainingInAnyOrder(expectedSslProtocols));

	assertEquals(sslAlgorithms.length, sslHandler.engine().getEnabledCipherSuites().length);
	assertThat(
		sslHandler.engine().getEnabledCipherSuites(),
		arrayContainingInAnyOrder(sslAlgorithms));
}
 
Example #16
Source Project: flink   Author: apache   File: NettyClientServerSslTest.java    License: Apache License 2.0 5 votes vote down vote up
TestingServerChannelInitializer(
	NettyProtocol protocol,
	SSLHandlerFactory sslHandlerFactory,
	OneShotLatch latch,
	SslHandler[] serverHandler) {
	super(protocol, sslHandlerFactory);
	this.latch = latch;
	this.serverHandler = serverHandler;
}
 
Example #17
Source Project: flink   Author: apache   File: NettyClientServerSslTest.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void initChannel(SocketChannel channel) throws Exception {
	super.initChannel(channel);

	SslHandler sslHandler = (SslHandler) channel.pipeline().get("ssl");
	assertNotNull(sslHandler);
	serverHandler[0] = sslHandler;

	latch.trigger();
}
 
Example #18
Source Project: Flink-CEPplus   Author: ljygz   File: NettyClient.java    License: Apache License 2.0 4 votes vote down vote up
ChannelFuture connect(final InetSocketAddress serverSocketAddress) {
	checkState(bootstrap != null, "Client has not been initialized yet.");

	// --------------------------------------------------------------------
	// Child channel pipeline for accepted connections
	// --------------------------------------------------------------------

	bootstrap.handler(new ChannelInitializer<SocketChannel>() {
		@Override
		public void initChannel(SocketChannel channel) throws Exception {

			// SSL handler should be added first in the pipeline
			if (clientSSLFactory != null) {
				SslHandler sslHandler = clientSSLFactory.createNettySSLHandler(
						serverSocketAddress.getAddress().getCanonicalHostName(),
						serverSocketAddress.getPort());
				channel.pipeline().addLast("ssl", sslHandler);
			}
			channel.pipeline().addLast(protocol.getClientChannelHandlers());
		}
	});

	try {
		return bootstrap.connect(serverSocketAddress);
	}
	catch (ChannelException e) {
		if ((e.getCause() instanceof java.net.SocketException &&
				e.getCause().getMessage().equals("Too many open files")) ||
			(e.getCause() instanceof ChannelException &&
					e.getCause().getCause() instanceof java.net.SocketException &&
					e.getCause().getCause().getMessage().equals("Too many open files")))
		{
			throw new ChannelException(
					"The operating system does not offer enough file handles to open the network connection. " +
							"Please increase the number of available file handles.", e.getCause());
		}
		else {
			throw e;
		}
	}
}
 
Example #19
Source Project: Flink-CEPplus   Author: ljygz   File: SSLHandlerFactory.java    License: Apache License 2.0 4 votes vote down vote up
public SslHandler createNettySSLHandler() {
	return createNettySSLHandler(createSSLEngine());
}
 
Example #20
Source Project: Flink-CEPplus   Author: ljygz   File: SSLHandlerFactory.java    License: Apache License 2.0 4 votes vote down vote up
public SslHandler createNettySSLHandler(String hostname, int port) {
	return createNettySSLHandler(createSSLEngine(hostname, port));
}
 
Example #21
Source Project: flink   Author: flink-tpc-ds   File: NettyClient.java    License: Apache License 2.0 4 votes vote down vote up
ChannelFuture connect(final InetSocketAddress serverSocketAddress) {
	checkState(bootstrap != null, "Client has not been initialized yet.");

	// --------------------------------------------------------------------
	// Child channel pipeline for accepted connections
	// --------------------------------------------------------------------

	bootstrap.handler(new ChannelInitializer<SocketChannel>() {
		@Override
		public void initChannel(SocketChannel channel) throws Exception {

			// SSL handler should be added first in the pipeline
			if (clientSSLFactory != null) {
				SslHandler sslHandler = clientSSLFactory.createNettySSLHandler(
						channel.alloc(),
						serverSocketAddress.getAddress().getCanonicalHostName(),
						serverSocketAddress.getPort());
				channel.pipeline().addLast("ssl", sslHandler);
			}
			channel.pipeline().addLast(protocol.getClientChannelHandlers());
		}
	});

	try {
		return bootstrap.connect(serverSocketAddress);
	}
	catch (ChannelException e) {
		if ((e.getCause() instanceof java.net.SocketException &&
				e.getCause().getMessage().equals("Too many open files")) ||
			(e.getCause() instanceof ChannelException &&
					e.getCause().getCause() instanceof java.net.SocketException &&
					e.getCause().getCause().getMessage().equals("Too many open files")))
		{
			throw new ChannelException(
					"The operating system does not offer enough file handles to open the network connection. " +
							"Please increase the number of available file handles.", e.getCause());
		}
		else {
			throw e;
		}
	}
}
 
Example #22
Source Project: flink   Author: flink-tpc-ds   File: SSLHandlerFactory.java    License: Apache License 2.0 4 votes vote down vote up
public SslHandler createNettySSLHandler(ByteBufAllocator allocator) {
	return createNettySSLHandler(createSSLEngine(allocator));
}
 
Example #23
Source Project: flink   Author: flink-tpc-ds   File: SSLHandlerFactory.java    License: Apache License 2.0 4 votes vote down vote up
public SslHandler createNettySSLHandler(ByteBufAllocator allocator, String hostname, int port) {
	return createNettySSLHandler(createSSLEngine(allocator, hostname, port));
}
 
Example #24
Source Project: flink   Author: flink-tpc-ds   File: NettyClientServerSslTest.java    License: Apache License 2.0 4 votes vote down vote up
private void testValidSslConnection(Configuration sslConfig) throws Exception {
	OneShotLatch serverChannelInitComplete = new OneShotLatch();
	final SslHandler[] serverSslHandler = new SslHandler[1];

	NettyProtocol protocol = new NoOpProtocol();

	NettyConfig nettyConfig = createNettyConfig(sslConfig);

	final NettyBufferPool bufferPool = new NettyBufferPool(1);
	final NettyServer server = NettyTestUtil.initServer(
		nettyConfig,
		bufferPool,
		sslHandlerFactory ->
			new TestingServerChannelInitializer(
				protocol,
				sslHandlerFactory,
				serverChannelInitComplete,
				serverSslHandler));
	final NettyClient client = NettyTestUtil.initClient(nettyConfig, protocol, bufferPool);
	final NettyServerAndClient serverAndClient = new NettyServerAndClient(server, client);

	Channel ch = NettyTestUtil.connect(serverAndClient);

	SslHandler clientSslHandler = (SslHandler) ch.pipeline().get("ssl");
	assertEqualsOrDefault(sslConfig, SSL_INTERNAL_HANDSHAKE_TIMEOUT, clientSslHandler.getHandshakeTimeoutMillis());
	assertEqualsOrDefault(sslConfig, SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT, clientSslHandler.getCloseNotifyFlushTimeoutMillis());

	// should be able to send text data
	ch.pipeline().addLast(new StringDecoder()).addLast(new StringEncoder());
	ch.writeAndFlush("test").sync();

	// session context is only be available after a session was setup -> this should be true after data was sent
	serverChannelInitComplete.await();
	assertNotNull(serverSslHandler[0]);

	// verify server parameters
	assertEqualsOrDefault(sslConfig, SSL_INTERNAL_HANDSHAKE_TIMEOUT, serverSslHandler[0].getHandshakeTimeoutMillis());
	assertEqualsOrDefault(sslConfig, SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT, serverSslHandler[0].getCloseNotifyFlushTimeoutMillis());
	SSLSessionContext sessionContext = serverSslHandler[0].engine().getSession().getSessionContext();
	assertNotNull("bug in unit test setup: session context not available", sessionContext);
	// note: can't verify session cache setting at the client - delegate to server instead (with our own channel initializer)
	assertEqualsOrDefault(sslConfig, SSL_INTERNAL_SESSION_CACHE_SIZE, sessionContext.getSessionCacheSize());
	int sessionTimeout = sslConfig.getInteger(SSL_INTERNAL_SESSION_TIMEOUT);
	if (sessionTimeout != -1) {
		// session timeout config is in milliseconds but the context returns it in seconds
		assertEquals(sessionTimeout / 1000, sessionContext.getSessionTimeout());
	} else {
		assertTrue("default value (-1) should not be propagated", sessionContext.getSessionTimeout() >= 0);
	}

	NettyTestUtil.shutdown(serverAndClient);
}
 
Example #25
Source Project: flink   Author: apache   File: NettyClient.java    License: Apache License 2.0 4 votes vote down vote up
ChannelFuture connect(final InetSocketAddress serverSocketAddress) {
	checkState(bootstrap != null, "Client has not been initialized yet.");

	// --------------------------------------------------------------------
	// Child channel pipeline for accepted connections
	// --------------------------------------------------------------------

	bootstrap.handler(new ChannelInitializer<SocketChannel>() {
		@Override
		public void initChannel(SocketChannel channel) throws Exception {

			// SSL handler should be added first in the pipeline
			if (clientSSLFactory != null) {
				SslHandler sslHandler = clientSSLFactory.createNettySSLHandler(
						channel.alloc(),
						serverSocketAddress.getAddress().getCanonicalHostName(),
						serverSocketAddress.getPort());
				channel.pipeline().addLast("ssl", sslHandler);
			}
			channel.pipeline().addLast(protocol.getClientChannelHandlers());
		}
	});

	try {
		return bootstrap.connect(serverSocketAddress);
	}
	catch (ChannelException e) {
		if ((e.getCause() instanceof java.net.SocketException &&
				e.getCause().getMessage().equals("Too many open files")) ||
			(e.getCause() instanceof ChannelException &&
					e.getCause().getCause() instanceof java.net.SocketException &&
					e.getCause().getCause().getMessage().equals("Too many open files")))
		{
			throw new ChannelException(
					"The operating system does not offer enough file handles to open the network connection. " +
							"Please increase the number of available file handles.", e.getCause());
		}
		else {
			throw e;
		}
	}
}
 
Example #26
Source Project: flink   Author: apache   File: SSLHandlerFactory.java    License: Apache License 2.0 4 votes vote down vote up
public SslHandler createNettySSLHandler(ByteBufAllocator allocator) {
	return createNettySSLHandler(createSSLEngine(allocator));
}
 
Example #27
Source Project: flink   Author: apache   File: SSLHandlerFactory.java    License: Apache License 2.0 4 votes vote down vote up
public SslHandler createNettySSLHandler(ByteBufAllocator allocator, String hostname, int port) {
	return createNettySSLHandler(createSSLEngine(allocator, hostname, port));
}
 
Example #28
Source Project: flink   Author: apache   File: NettyClientServerSslTest.java    License: Apache License 2.0 4 votes vote down vote up
private void testValidSslConnection(Configuration sslConfig) throws Exception {
	OneShotLatch serverChannelInitComplete = new OneShotLatch();
	final SslHandler[] serverSslHandler = new SslHandler[1];

	NettyProtocol protocol = new NoOpProtocol();

	NettyConfig nettyConfig = createNettyConfig(sslConfig);

	final NettyBufferPool bufferPool = new NettyBufferPool(1);
	final NettyServer server = NettyTestUtil.initServer(
		nettyConfig,
		bufferPool,
		sslHandlerFactory ->
			new TestingServerChannelInitializer(
				protocol,
				sslHandlerFactory,
				serverChannelInitComplete,
				serverSslHandler));
	final NettyClient client = NettyTestUtil.initClient(nettyConfig, protocol, bufferPool);
	final NettyServerAndClient serverAndClient = new NettyServerAndClient(server, client);

	Channel ch = NettyTestUtil.connect(serverAndClient);

	SslHandler clientSslHandler = (SslHandler) ch.pipeline().get("ssl");
	assertEqualsOrDefault(sslConfig, SSL_INTERNAL_HANDSHAKE_TIMEOUT, clientSslHandler.getHandshakeTimeoutMillis());
	assertEqualsOrDefault(sslConfig, SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT, clientSslHandler.getCloseNotifyFlushTimeoutMillis());

	// should be able to send text data
	ch.pipeline().addLast(new StringDecoder()).addLast(new StringEncoder());
	ch.writeAndFlush("test").sync();

	// session context is only be available after a session was setup -> this should be true after data was sent
	serverChannelInitComplete.await();
	assertNotNull(serverSslHandler[0]);

	// verify server parameters
	assertEqualsOrDefault(sslConfig, SSL_INTERNAL_HANDSHAKE_TIMEOUT, serverSslHandler[0].getHandshakeTimeoutMillis());
	assertEqualsOrDefault(sslConfig, SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT, serverSslHandler[0].getCloseNotifyFlushTimeoutMillis());
	SSLSessionContext sessionContext = serverSslHandler[0].engine().getSession().getSessionContext();
	assertNotNull("bug in unit test setup: session context not available", sessionContext);
	// note: can't verify session cache setting at the client - delegate to server instead (with our own channel initializer)
	assertEqualsOrDefault(sslConfig, SSL_INTERNAL_SESSION_CACHE_SIZE, sessionContext.getSessionCacheSize());
	int sessionTimeout = sslConfig.getInteger(SSL_INTERNAL_SESSION_TIMEOUT);
	if (sessionTimeout != -1) {
		// session timeout config is in milliseconds but the context returns it in seconds
		assertEquals(sessionTimeout / 1000, sessionContext.getSessionTimeout());
	} else {
		assertTrue("default value (-1) should not be propagated", sessionContext.getSessionTimeout() >= 0);
	}

	NettyTestUtil.shutdown(serverAndClient);
}