@Override protected void initChannel(SocketChannel channel) throws Exception { configureChannel(channel.config()); ChannelPipeline pipeline = channel.pipeline(); if (isSecure) { Assert.notNull(sslContext, "sslContext should not be null"); pipeline.addLast(sslContext.newHandler(channel.alloc(), uri.getHost(), uri.getPort())); } pipeline.addLast(new HttpClientCodec()); pipeline.addLast(new HttpObjectAggregator(maxResponseSize)); if (readTimeout > 0) { pipeline.addLast(new ReadTimeoutHandler(readTimeout, TimeUnit.MILLISECONDS)); } } });
@Override protected void initChannel(Channel ch) throws Exception { ChannelPipeline pipeline = ch.pipeline(); SSLEngine engine = context.newEngine(ch.alloc()); pipeline.addFirst("ssl", new SslHandler(engine)); if (isClient) { pipeline.addLast("codec", new HttpClientCodec()); } else { pipeline.addLast("codec", new HttpServerCodec()); } } }
/** * Creates a new client-side {@link SslContext}. * * @return a new client-side {@link SslContext} * @deprecated Replaced by {@link SslContextBuilder} */ @Deprecated public static SslContext newClientContext() throws SSLException { return newClientContext(null, null, null); }
/** * Creates a new server-side {@link SslContext}. * * @param provider the {@link SslContext} implementation to use. * {@code null} to use the current default one. * @param certChainFile an X.509 certificate chain file in PEM format * @param keyFile a PKCS#8 private key file in PEM format * @param keyPassword the password of the {@code keyFile}. * {@code null} if it's not password-protected. * @param ciphers the cipher suites to enable, in the order of preference. * {@code null} to use the default cipher suites. * @param nextProtocols the application layer protocols to accept, in the order of preference. * {@code null} to disable TLS NPN/ALPN extension. * @param sessionCacheSize the size of the cache used for storing SSL session objects. * {@code 0} to use the default value. * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. * {@code 0} to use the default value. * @return a new server-side {@link SslContext} * @deprecated Replaced by {@link SslContextBuilder} */ @Deprecated public static SslContext newServerContext( SslProvider provider, File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException { return newServerContext(provider, certChainFile, keyFile, keyPassword, ciphers, IdentityCipherSuiteFilter.INSTANCE, toApplicationProtocolConfig(nextProtocols), sessionCacheSize, sessionTimeout); }
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient().sslProvider(provided); if (config.getSslTruststore() != null) { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); sslContextBuilder.trustManager(trustManagerFactory); SSLEngine sslEngine = sslContext.newEngine(ch.alloc(), hostname, config.getAddress().getPort()); sslEngine.setSSLParameters(sslParams); SslHandler sslHandler = new SslHandler(sslEngine); ch.pipeline().addLast(sslHandler); ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {
@Override protected void initChannel(SocketChannel ch) throws Exception { ChannelPipeline p = ch.pipeline(); if (httpProxyHandler != null) { p.addLast(httpProxyHandler); } if (ssl) { SslContext sslContext = SslContextBuilder.forClient().build(); p.addLast(sslContext.newHandler(ch.alloc(), host, port)); } p.addLast(new HttpClientCodec()); p.addLast(new HttpObjectAggregator(1048576)); p.addLast(handler); } });
@Override public void initChannel(Channel channel) throws Exception { ChannelPipeline pipeline = channel.pipeline(); if (log.isDebugEnabled()) { pipeline.addLast(new LoggingHandler()); } if (sslContext != null) { pipeline.addLast("ssl", sslContext.newHandler(channel.alloc())); } pipeline.addLast("http-codec", new HttpClientCodec()); for (ChannelHandler handler : handlers) { pipeline.addLast(handler); } pipeline.addLast("chunkedWriter", new ChunkedWriteHandler()); } }
@Override protected void initChannel(Channel ch) throws Exception { SslHandler sslHandler = sslContext.newHandler(ch.alloc()); sslHandler.engine().setEnabledProtocols(sslContextFactory.getProtocols()); // Configure our pipeline of ChannelHandlerS. ChannelPipeline pipeline = ch.pipeline(); storeChannel(ch); addTimeoutHandlers(pipeline); addPassportHandler(pipeline); addTcpRelatedHandlers(pipeline); pipeline.addLast("ssl", sslHandler); addSslInfoHandlers(pipeline, isSSlFromIntermediary); addSslClientCertChecks(pipeline); addHttp1Handlers(pipeline); addHttpRelatedHandlers(pipeline); addZuulHandlers(pipeline); } }
@Override protected void initChannel(SocketChannel ch) throws Exception { if (enableTLS) { File tlsCert = new File(serviceConfig.getTlsCertificateFilePath()); File tlsKey = new File(serviceConfig.getTlsKeyFilePath()); SslContextBuilder builder = SslContextBuilder.forServer(tlsCert, tlsKey); // allows insecure connection builder.trustManager(InsecureTrustManagerFactory.INSTANCE); SslContext sslCtx = builder.clientAuth(ClientAuth.OPTIONAL).build(); ch.pipeline().addLast(TLS_HANDLER, sslCtx.newHandler(ch.alloc())); } ch.pipeline().addLast("frameDecoder", new PulsarLengthFieldFrameDecoder(PulsarDecoder.MaxFrameSize, 0, 4, 0, 4)); ch.pipeline().addLast("handler", new ServerConnection(discoveryService)); } }
@Override protected void initChannel(SocketChannel ch) throws Exception { SslContext sslCtx = SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE).build(); ChannelPipeline pipeline = ch.pipeline(); pipeline.addLast(sslCtx.newHandler(ch.alloc())); // 开启SSL pipeline.addLast(new LoggingHandler(LogLevel.INFO)); // 开启日志,可以设置日志等级 // pipeline.addLast(new IdleStateHandler(30, 60, 100)); pipeline.addLast(new NettyClientHandler(listener)); } }
ChannelPipeline p = ch.pipeline(); ch.config().setAutoRead(false); SslHandler sslHandler = sslContext.newHandler( ch.alloc(), host, port ); p.addFirst(HANDLER_SSL, sslHandler); readTimeout.ifPresent(duration -> { if (!duration.isNegative()) { p.addLast(HANDLER_READ_TIMEOUT, new ReadTimeoutHandler(duration.toMillis(), TimeUnit.MILLISECONDS)); Duration duration = readIdleTime.get(); if (!duration.isNegative()) { p.addLast(HANDLER_IDLE_STATE, new IdleStateHandler(duration.toMillis(), duration.toMillis(), duration.toMillis(), TimeUnit.MILLISECONDS)); p.addLast(HANDLER_HTTP_CLIENT_CODEC, new HttpClientCodec()); p.addLast(HANDLER_DECODER, new HttpContentDecompressor());
@Override public void initChannel(SocketChannel ch) { final ChannelPipeline p = ch.pipeline(); SslHandler sslHandler = sslContext.newHandler(ch.alloc()); sslEngine = sslHandler.engine(); p.addLast(sslHandler); if (experimental != null && experimental.http2() != null && experimental.http2().enable()) { Http2Configuration http2Config = experimental.http2(); HttpServerCodec sourceCodec = new HttpServerCodec(); HelidonConnectionHandler helidonHandler = new HelidonHttp2ConnectionHandlerBuilder() .maxContentLength(http2Config.maxContentLength()).build(); new CleartextHttp2ServerUpgradeHandler(sourceCodec, upgradeHandler, helidonHandler); p.addLast(cleartextHttp2ServerUpgradeHandler); p.addLast(new HelidonEventLogger()); } else { p.addLast(new HttpRequestDecoder()); ch.eventLoop().execute(this::clearQueues);
@Override protected void initChannel(Channel ch) throws Exception { ch.pipeline().addLast( "timeout", new ReadTimeoutHandler( HttpClient.TIMEOUT, TimeUnit.MILLISECONDS ) ); if ( ssl ) { SSLEngine engine = SslContext.newClientContext().newEngine( ch.alloc(), host, port ); ch.pipeline().addLast( "ssl", new SslHandler( engine ) ); } ch.pipeline().addLast( "http", new HttpClientCodec() ); ch.pipeline().addLast( "handler", new HttpHandler( callback ) ); } }
private void enableSsl( ChannelHandlerContext ctx ) { ChannelPipeline p = ctx.pipeline(); p.addLast( sslCtx.newHandler( ctx.alloc() ) ); p.addLast( new TransportSelectionHandler( boltChannel, null, encryptionRequired, true, logging, boltProtocolFactory ) ); p.remove( this ); }
@Override public void channelCreated(Channel channel) { NioSocketChannel nioSocketChannel = (NioSocketChannel) channel; nioSocketChannel.config().setTcpNoDelay(true).setKeepAlive(true); final ChannelPipeline p = nioSocketChannel.pipeline(); //HTTPS if (sslCtx != null) { p.addLast(sslCtx.newHandler(channel.alloc())); } p.addLast(new HttpClientCodec(Integer.MAX_VALUE, Integer.MAX_VALUE, Integer.MAX_VALUE)); p.addLast(new HttpObjectAggregator(Integer.MAX_VALUE)); } }
@Override protected void initChannel(Channel ch) throws Exception { SSLEngine engine = context.newEngine(ch.alloc()); ch.pipeline().addFirst("ssl", new SslHandler(engine, startTls)); } }
private SSLEngine createSslEngine(MessageInput input) throws IOException, CertificateException { final X509Certificate[] clientAuthCerts; if (EnumSet.of(ClientAuth.OPTIONAL, ClientAuth.REQUIRE).contains(clientAuth)) { if (clientAuthCertFile.exists()) { clientAuthCerts = KeyUtil.loadCertificates(clientAuthCertFile.toPath()).stream() .filter(certificate -> certificate instanceof X509Certificate) .map(certificate -> (X509Certificate) certificate) .toArray(X509Certificate[]::new); } else { LOG.warn("Client auth configured, but no authorized certificates / certificate authorities configured for input [{}/{}]", input.getName(), input.getId()); clientAuthCerts = null; } } else { clientAuthCerts = null; } final SslContext sslContext = SslContextBuilder.forServer(certFile, keyFile, Strings.emptyToNull(password)) .sslProvider(tlsProvider) .clientAuth(clientAuth) .trustManager(clientAuthCerts) .build(); // TODO: Use byte buffer allocator of channel return sslContext.newEngine(ByteBufAllocator.DEFAULT); } };
@Override public SSLEngine newServerEngine(ByteBufAllocator allocator, String peerHost, int peerPort) throws SSLException { final SslContext sslContext = SslContextBuilder.forServer(keyManagerFactory) .trustManager(trustManagerFactory) .clientAuth(sslConfig.disablePeerVerification() ? ClientAuth.OPTIONAL : ClientAuth.REQUIRE) .sslProvider(SSL_PROVIDER) .protocols(SSL_PROTOCOLS) .ciphers(SSL_CIPHERS) .build(); final SSLEngine engine = sslContext.newEngine(allocator, peerHost, peerPort); try { engine.setEnableSessionCreation(true); } catch (UnsupportedOperationException ignored) { // see ReferenceCountedOpenSslEngine#setEnableSessionCreation logger.trace("Session creation not enabled", ignored); } return engine; }
@Override public SSLEngine call(ByteBufAllocator allocator) { try { return SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .build() .newEngine(allocator); } catch (Exception e) { throw Exceptions.propagate(e); } } }));