@Override public SslHandler create(ByteBufAllocator bufferAllocator) { SslHandler handler = super.create(bufferAllocator); handler.engine().setNeedClientAuth(clientAuthEnabled); return handler; } }
/** * Enable SSL by using the provided SSL information. * * @param sslConfig the SSL configuration * @return instance of {@code Builder}. */ public Builder enableSSL(SSLConfig sslConfig) { return enableSSL(new SSLHandlerFactory(sslConfig)); }
public SSLHandlerFactory(SSLConfig sslConfig) { String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); if (algorithm == null) { algorithm = "SunX509"; } try { KeyStore ks = getKeyStore(sslConfig.getKeyStore(), sslConfig.getKeyStorePassword()); // Set up key manager factory to use our key store KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(ks, sslConfig.getCertificatePassword() != null ? sslConfig.getCertificatePassword().toCharArray() : sslConfig.getKeyStorePassword().toCharArray()); SslContextBuilder builder = SslContextBuilder.forServer(kmf); if (sslConfig.getTrustKeyStore() != null) { this.needClientAuth = true; KeyStore tks = getKeyStore(sslConfig.getTrustKeyStore(), sslConfig.getTrustKeyStorePassword()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); tmf.init(tks); builder.trustManager(tmf); } this.sslContext = builder.build(); } catch (Exception e) { throw new IllegalArgumentException("Failed to initialize the server-side SSLContext", e); } }
@Override protected void initChannel(SocketChannel ch) { channelGroup.add(ch); ChannelPipeline pipeline = ch.pipeline(); if (sslEnabled) { pipeline.addLast("ssl", sslHandlerFactory.create(ch.alloc())); } pipeline.addLast("http-codec", new HttpServerCodec()); pipeline.addLast("http-status-request-handler", new HttpStatusRequestHandler()); if (securityEnabled) { pipeline.addLast("access-token-authenticator", new AuthenticationHandler(cConf, tokenValidator, discoveryServiceClient, accessTokenTransformer)); } if (cConf.getBoolean(Constants.Router.ROUTER_AUDIT_LOG_ENABLED)) { pipeline.addLast("audit-log", new AuditLogHandler()); } // Always let the client to continue sending the request body after the authentication passed pipeline.addLast("expect-continue", new HttpServerExpectContinueHandler()); // for now there's only one hardcoded rule, but if there will be more, we may want it generic and configurable pipeline.addLast("http-request-handler", new HttpRequestRouter(cConf, serviceLookup)); } });
.build(); this.sslHandlerFactory = new SSLHandlerFactory(sslConfig); } else { this.port = cConf.getInt(Constants.Router.ROUTER_PORT);
@Override protected void initChannel(SocketChannel ch) throws Exception { channelGroup.add(ch); ChannelPipeline pipeline = ch.pipeline(); if (sslHandlerFactory != null) { // Add SSLHandler if SSL is enabled pipeline.addLast("ssl", sslHandlerFactory.create(ch.alloc())); } pipeline.addLast("codec", new HttpServerCodec()); pipeline.addLast("compressor", new HttpContentCompressor()); pipeline.addLast("chunkedWriter", new ChunkedWriteHandler()); pipeline.addLast("keepAlive", new HttpServerKeepAliveHandler()); pipeline.addLast("router", new RequestRouter(resourceHandler, httpChunkLimit, sslHandlerFactory != null)); if (eventExecutorGroup == null) { pipeline.addLast("dispatcher", new HttpDispatcher()); } else { pipeline.addLast(eventExecutorGroup, "dispatcher", new HttpDispatcher()); } if (pipelineModifier != null) { pipelineModifier.modify(pipeline); } } });