Java Code Examples for io.netty.handler.ssl.SslHandler#handshakeFuture()
The following examples show how to use
io.netty.handler.ssl.SslHandler#handshakeFuture() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ProxyConnection.java From PowerTunnel with MIT License | 6 votes |
|
/**
* Encrypts traffic on this connection with SSL/TLS.
*
* @param pipeline
* the ChannelPipeline on which to enable encryption
* @param sslEngine
* the {@link SSLEngine} for doing the encryption
* @param authenticateClients
* determines whether to authenticate clients or not
* @return a Future for when the SSL handshake has completed
*/
protected Future<Channel> encrypt(ChannelPipeline pipeline,
SSLEngine sslEngine,
boolean authenticateClients) {
LOG.debug("Enabling encryption with SSLEngine: {}",
sslEngine);
this.sslEngine = sslEngine;
sslEngine.setUseClientMode(runsAsSslClient);
sslEngine.setNeedClientAuth(authenticateClients);
if (null != channel) {
channel.config().setAutoRead(true);
}
SslHandler handler = new SslHandler(sslEngine);
if(pipeline.get("ssl") == null) {
pipeline.addFirst("ssl", handler);
} else {
// The second SSL handler is added to handle the case
// where the proxy (running as MITM) has to chain with
// another SSL enabled proxy. The second SSL handler
// is to perform SSL with the server.
pipeline.addAfter("ssl", "sslWithServer", handler);
}
return handler.handshakeFuture();
}
Example 2
| Source File: ProxyConnection.java From g4proxy with Apache License 2.0 | 6 votes |
|
/**
* Encrypts traffic on this connection with SSL/TLS.
*
* @param pipeline
* the ChannelPipeline on which to enable encryption
* @param sslEngine
* the {@link SSLEngine} for doing the encryption
* @param authenticateClients
* determines whether to authenticate clients or not
* @return a Future for when the SSL handshake has completed
*/
protected Future<Channel> encrypt(ChannelPipeline pipeline,
SSLEngine sslEngine,
boolean authenticateClients) {
LOG.debug("Enabling encryption with SSLEngine: {}",
sslEngine);
this.sslEngine = sslEngine;
sslEngine.setUseClientMode(runsAsSslClient);
sslEngine.setNeedClientAuth(authenticateClients);
if (null != channel) {
channel.config().setAutoRead(true);
}
SslHandler handler = new SslHandler(sslEngine);
if(pipeline.get("ssl") == null) {
pipeline.addFirst("ssl", handler);
} else {
// The second SSL handler is added to handle the case
// where the proxy (running as MITM) has to chain with
// another SSL enabled proxy. The second SSL handler
// is to perform SSL with the server.
pipeline.addAfter("ssl", "sslWithServer", handler);
}
return handler.handshakeFuture();
}
Example 3
| Source File: ProxyConnection.java From yfs with Apache License 2.0 | 6 votes |
|
/**
* Encrypts traffic on this connection with SSL/TLS.
*
* @param pipeline
* the ChannelPipeline on which to enable encryption
* @param sslEngine
* the {@link SSLEngine} for doing the encryption
* @param authenticateClients
* determines whether to authenticate clients or not
* @return a Future for when the SSL handshake has completed
*/
protected Future<Channel> encrypt(ChannelPipeline pipeline,
SSLEngine sslEngine,
boolean authenticateClients) {
LOG.debug("Enabling encryption with SSLEngine: {}",
sslEngine);
this.sslEngine = sslEngine;
sslEngine.setUseClientMode(runsAsSslClient);
sslEngine.setNeedClientAuth(authenticateClients);
if (null != channel) {
channel.config().setAutoRead(true);
}
SslHandler handler = new SslHandler(sslEngine);
if(pipeline.get("ssl") == null) {
pipeline.addFirst("ssl", handler);
} else {
// The second SSL handler is added to handle the case
// where the proxy (running as MITM) has to chain with
// another SSL enabled proxy. The second SSL handler
// is to perform SSL with the server.
pipeline.addAfter("ssl", "sslWithServer", handler);
}
return handler.handshakeFuture();
}
Example 4
| Source File: SocketSslEchoTest.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
|
@Override
public void channelRead0(ChannelHandlerContext ctx, ByteBuf in) throws Exception {
byte[] actual = new byte[in.readableBytes()];
in.readBytes(actual);
int lastIdx = recvCounter.get();
for (int i = 0; i < actual.length; i ++) {
assertEquals(data[i + lastIdx], actual[i]);
}
ByteBuf buf = Unpooled.wrappedBuffer(actual);
if (useCompositeByteBuf) {
buf = Unpooled.compositeBuffer().addComponent(true, buf);
}
ctx.write(buf);
recvCounter.addAndGet(actual.length);
// Perform server-initiated renegotiation if necessary.
if (renegotiation.type == RenegotiationType.SERVER_INITIATED &&
recvCounter.get() > data.length / 2 && renegoFuture == null) {
SslHandler sslHandler = ctx.pipeline().get(SslHandler.class);
Future<Channel> hf = sslHandler.handshakeFuture();
assertThat(hf.isDone(), is(true));
sslHandler.engine().setEnabledCipherSuites(new String[] { renegotiation.cipherSuite });
logStats("SERVER RENEGOTIATES");
renegoFuture = sslHandler.renegotiate();
assertThat(renegoFuture, is(not(sameInstance(hf))));
assertThat(renegoFuture, is(sameInstance(sslHandler.handshakeFuture())));
assertThat(renegoFuture.isDone(), is(false));
}
}
Example 5
| Source File: ChannelMediator.java From flashback with BSD 2-Clause "Simplified" License | 5 votes |
|
/**
* Create {@link io.netty.handler.ssl.SslHandler} and send TCP handshaking using
* {@link javax.net.ssl.SSLEngine}
* After add ssl handler to the end of {@link io.netty.channel.ChannelPipeline}, it enable
* secure communications over SSL/TLS
*
* @param isSslClient true if the channel start handshaking or false if accept handshaking
* @param channel the channel to start handshaking
* */
private Future<Channel> handshake(SSLEngine sslEngine, boolean isSslClient, Channel channel) {
sslEngine.setUseClientMode(isSslClient);
if (channel != null) {
channel.config().setAutoRead(true);
}
SslHandler handler = new SslHandler(sslEngine);
channel.pipeline().addFirst("ssl", handler);
LOG.debug("About to start handshaking...");
return handler.handshakeFuture();
}
Example 6
| Source File: SocketSslEchoTest.java From netty4.0.27Learn with Apache License 2.0 | 5 votes |
|
@Override
public void channelRead0(ChannelHandlerContext ctx, ByteBuf in) throws Exception {
byte[] actual = new byte[in.readableBytes()];
in.readBytes(actual);
int lastIdx = recvCounter.get();
for (int i = 0; i < actual.length; i ++) {
assertEquals(data[i + lastIdx], actual[i]);
}
ByteBuf buf = Unpooled.wrappedBuffer(actual);
if (useCompositeByteBuf) {
buf = Unpooled.compositeBuffer().addComponent(buf).writerIndex(buf.writerIndex());
}
ctx.write(buf);
recvCounter.addAndGet(actual.length);
// Perform server-initiated renegotiation if necessary.
if (renegotiation.type == RenegotiationType.SERVER_INITIATED &&
recvCounter.get() > data.length / 2 && renegoFuture == null) {
SslHandler sslHandler = ctx.pipeline().get(SslHandler.class);
Future<Channel> hf = sslHandler.handshakeFuture();
assertThat(hf.isDone(), is(true));
sslHandler.engine().setEnabledCipherSuites(new String[] { renegotiation.cipherSuite });
logStats("SERVER RENEGOTIATES");
renegoFuture = sslHandler.renegotiate();
assertThat(renegoFuture, is(not(sameInstance(hf))));
assertThat(renegoFuture, is(sameInstance(sslHandler.handshakeFuture())));
assertThat(renegoFuture.isDone(), is(false));
}
}
Example 7
| Source File: ServerSecurityHandlerTest.java From ambry with Apache License 2.0 | 5 votes |
|
/**
* Test the code flow where {@link ServerSecurityHandler} waits for the SSL handshake complete event and
* apply security policy from channelActive method.
* @throws Exception
*/
@Test
public void securityCheckerTest() throws Exception {
//secuirty validation success case, channel should not be closed.
ServerMetrics metrics = new ServerMetrics(new MetricRegistry(), this.getClass(), this.getClass());
EmbeddedChannel channel = createChannelSsl(metrics);
SslHandler sslHandler = channel.pipeline().get(SslHandler.class);
Promise<Channel> promise = (Promise<Channel>) sslHandler.handshakeFuture();
promise.setSuccess(channel);
Assert.assertTrue("channel should not be closed", channel.isActive());
Assert.assertEquals("validation success counter mismatch", 1,
metrics.serverValidateConnectionSuccess.getCount());
//security validation failure case (throw exception), channel should be closed.
MockServerSecurityService mockServerSecurityService = (MockServerSecurityService)serverSecurityService;
mockServerSecurityService.setThrowException(true);
metrics = new ServerMetrics(new MetricRegistry(), this.getClass(), this.getClass());
channel = createChannelSsl(metrics);
sslHandler = channel.pipeline().get(SslHandler.class);
promise = (Promise<Channel>) sslHandler.handshakeFuture();
promise.setSuccess(channel);
Assert.assertTrue("channel should be closed", !channel.isActive());
Assert.assertEquals("validation success counter mismatch", 1,
metrics.serverValidateConnectionFailure.getCount());
//security validation failure case (service closed), channel should be closed.
serverSecurityService.close();
metrics = new ServerMetrics(new MetricRegistry(), this.getClass(), this.getClass());
channel = createChannelSsl(metrics);
sslHandler = channel.pipeline().get(SslHandler.class);
promise = (Promise<Channel>) sslHandler.handshakeFuture();
promise.setSuccess(channel);
Assert.assertTrue("channel should be closed", !channel.isActive());
Assert.assertEquals("validation success counter mismatch", 1,
metrics.serverValidateConnectionFailure.getCount());
}
