private synchronized void initSSL(ChannelPipeline p) throws X509Exception, KeyManagementException, NoSuchAlgorithmException { String authProviderProp = System.getProperty(x509Util.getSslAuthProviderProperty()); SSLContext sslContext; if (authProviderProp == null) { sslContext = x509Util.getDefaultSSLContext(); } else { sslContext = SSLContext.getInstance("TLSv1"); X509AuthenticationProvider authProvider = (X509AuthenticationProvider)ProviderRegistry.getProvider( System.getProperty(x509Util.getSslAuthProviderProperty(), "x509")); if (authProvider == null) { LOG.error("Auth provider not found: {}", authProviderProp); throw new SSLContextException( "Could not create SSLContext with specified auth provider: " + authProviderProp); } sslContext.init(new X509KeyManager[] { authProvider.getKeyManager() }, new X509TrustManager[] { authProvider.getTrustManager() }, null); } SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(false); sslEngine.setNeedClientAuth(true); p.addLast("ssl", new SslHandler(sslEngine)); LOG.info("SSL handler added for channel: {}", p.channel()); }
@Override @Nullable protected SslInfo initSslInfo() { SslHandler sslHandler = ((Connection) this.request).channel().pipeline().get(SslHandler.class); if (sslHandler != null) { SSLSession session = sslHandler.engine().getSession(); return new DefaultSslInfo(session); } return null; }
@Override public void channelActive(ChannelHandlerContext ctx) throws Exception { if (LOG.isTraceEnabled()) { LOG.trace("Channel active {}", ctx.channel()); } final Channel channel = ctx.channel(); InetAddress addr = ((InetSocketAddress) channel.remoteAddress()) .getAddress(); if (maxClientCnxns > 0 && getClientCnxnCount(addr) >= maxClientCnxns) { ServerMetrics.CONNECTION_REJECTED.add(1); LOG.warn("Too many connections from {} - max is {}", addr, maxClientCnxns); channel.close(); return; } NettyServerCnxn cnxn = new NettyServerCnxn(channel, zkServer, NettyServerCnxnFactory.this); ctx.channel().attr(CONNECTION_ATTRIBUTE).set(cnxn); if (secure) { SslHandler sslHandler = ctx.pipeline().get(SslHandler.class); Future<Channel> handshakeFuture = sslHandler.handshakeFuture(); handshakeFuture.addListener(new CertificateVerifier(sslHandler, cnxn)); } else { allChannels.add(ctx.channel()); addCnxn(cnxn); } }
private SslHandler createSslHandler(String peerHost, int peerPort) { SSLEngine sslEngine = sslEngineFactory.newSslEngine(config, peerHost, peerPort); SslHandler sslHandler = new SslHandler(sslEngine); if (handshakeTimeout > 0) sslHandler.setHandshakeTimeoutMillis(handshakeTimeout); return sslHandler; }
if (sslEvent.isSuccess()) { CurrentPassport.fromChannel(ctx.channel()).add(PassportState.SERVER_CH_SSL_HANDSHAKE_COMPLETE); SslHandler sslhandler = (SslHandler) ctx.channel().pipeline().get("ssl"); SSLSession session = sslhandler.engine().getSession(); && session.getPeerCertificateChain() != null && session.getPeerCertificateChain().length > 0) { peerCert = session.getPeerCertificateChain()[0]; if (session.getLocalCertificates() != null && session.getLocalCertificates().length > 0) { SslHandshakeInfo info = new SslHandshakeInfo(isSSlFromIntermediary, session.getProtocol(), session.getCipherSuite(), clientAuth, serverCert, peerCert); ctx.channel().attr(ATTR_SSL_INFO).set(info); String clientIP = ctx.channel().attr(SourceAddressChannelHandler.ATTR_SOURCE_ADDRESS).get(); Throwable cause = sslEvent.cause(); ctx.pipeline().remove(this);
/** * Adds the ssl handler * * @param pipeline - channel pipeline */ protected void addSslHandler(ChannelPipeline pipeline) { if (sslContext != null) { SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(false); pipeline.addLast(SSL_HANDLER, new SslHandler(engine)); } }
@Override public void initChannel(final SocketChannel ch) { if (sslSettings.isEnabled()) { SSLEngine engine = getSslContext().createSSLEngine(address.getHost(), address.getPort()); engine.setUseClientMode(true); SSLParameters sslParameters = engine.getSSLParameters(); enableSni(address.getHost(), sslParameters); if (!sslSettings.isInvalidHostNameAllowed()) { enableHostNameVerification(sslParameters); } engine.setSSLParameters(sslParameters); ch.pipeline().addFirst("ssl", new SslHandler(engine, false)); } int readTimeout = settings.getReadTimeout(MILLISECONDS); if (readTimeout > 0) { ch.pipeline().addLast(READ_HANDLER_NAME, new ReadTimeoutHandler(readTimeout)); } ch.pipeline().addLast(new InboundBufferHandler()); } });
@Override public void operationComplete(ChannelFuture channelFuture) throws Exception { if (channelFuture.isSuccess()) { Channel channel = channelFuture.channel(); if ("https".equals(uri.getScheme())) { SSLContext sslContext; if (params != null && params.getSSLContext() != null) { sslContext = params.getSSLContext(); } else { sslContext = HttpClientFactory .allowSSLContext(); } SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(true); channel.pipeline().addFirst( new SslHandler(sslEngine)); } channel.pipeline().addLast(new RequestHandler(future)); DefaultHttpRequest uriRequest = createRequest(request); channel.writeAndFlush(uriRequest); } else { future.setException(channelFuture.cause()); } } };
@Override protected void initChannel(Channel ch) throws Exception { SslHandler sslHandler = sslContext.newHandler(ch.alloc()); sslHandler.engine().setEnabledProtocols(serverSslConfig.getProtocols()); LOG.debug("ssl protocols supported: {}", String.join(", ", sslHandler.engine().getSupportedProtocols())); LOG.debug("ssl protocols enabled: {}", String.join(", ", sslHandler.engine().getEnabledProtocols())); LOG.debug("ssl ciphers supported: {}", String.join(", ", sslHandler.engine().getSupportedCipherSuites())); LOG.debug("ssl ciphers enabled: {}", String.join(", ", sslHandler.engine().getEnabledCipherSuites())); ChannelPipeline pipeline = ch.pipeline(); addPassportHandler(pipeline); addTcpRelatedHandlers(pipeline); pipeline.addLast(new Http2FrameLoggingPerClientIpHandler()); pipeline.addLast("ssl", sslHandler); addSslInfoHandlers(pipeline, isSSlFromIntermediary); addSslClientCertChecks(pipeline); Http2ConnectionExpiryHandler connectionExpiryHandler = new Http2ConnectionExpiryHandler(maxRequestsPerConnection, maxRequestsPerConnectionInBrownout, connectionExpiry); pipeline.addLast("http2CodecSwapper", new Http2OrHttpHandler( new Http2StreamInitializer(ch, this::http1Handlers, http2MetricsChannelHandlers, connectionCloseHandler, connectionExpiryHandler), channelConfig,
protected void initChannel(Channel channel) throws Exception { super.initChannel(channel); SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(true); String[] suites = SSLFactory.filterCipherSuites(sslEngine.getSupportedCipherSuites(), encryptionOptions.cipher_suites); sslEngine.setEnabledCipherSuites(suites); channel.pipeline().addFirst("ssl", new SslHandler(sslEngine)); } }
ChannelHandler sslHandler = ctx.channel().pipeline().get("tls"); sslSession = ((SslHandler) sslHandler).engine().getSession(); if (log.isDebugEnabled()) { log.debug("Verifying HostName for {}, Cipher {}, Protocols {}", hostname, sslSession.getCipherSuite(), sslSession.getProtocol());
@Override protected void initChannel(SocketChannel sch) throws Exception { InetSocketAddress serverAddr = (InetSocketAddress) sc.localAddress(); SSLEngine engine = clientCtx.newEngine(sch.alloc(), serverAddr.getHostString(), serverAddr.getPort()); engine.setUseClientMode(true); engine.setEnabledProtocols(protocols); sch.pipeline().addLast(new SslHandler(engine)); sch.pipeline().addLast(ch); } });
@Override protected void initChannel(final SocketChannel channel) { final SslHandler sslHandler = sslContext.newHandler(channel.alloc()); channel.pipeline().addLast(sslHandler); channel.pipeline().addLast(ConnectionNegotiationErrorHandler.INSTANCE); sslHandler.handshakeFuture().addListener(new GenericFutureListener<Future<Channel>>() { @Override public void operationComplete(final Future<Channel> handshakeFuture) throws Exception { if (handshakeFuture.isSuccess()) { BaseHttp2Server.this.addHandlersToPipeline(sslHandler.engine().getSession(), channel.pipeline()); channel.pipeline().remove(ConnectionNegotiationErrorHandler.INSTANCE); BaseHttp2Server.this.allChannels.add(channel); } else { log.debug("TLS handshake failed.", handshakeFuture.cause()); } } }); } });
@Override protected void initChannel(Channel ch) throws Exception { SSLEngine engine = context.newEngine(ch.alloc()); ch.pipeline().addFirst("ssl", new SslHandler(engine, startTls)); } }
@Override public void initChannel(SocketChannel ch) throws Exception { SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(false); ch.pipeline().addFirst(new SslHandler(engine)); setupHandlers(ch, dispatcher, HTTPS); } };
@Override public NetSocket upgradeToSsl(String serverName, Handler<Void> handler) { ChannelOutboundHandler sslHandler = (ChannelOutboundHandler) chctx.pipeline().get("ssl"); if (sslHandler == null) { chctx.pipeline().addFirst("handshaker", new SslHandshakeCompletionHandler(ar -> { if (ar.succeeded()) { handler.handle(null); } else { chctx.channel().closeFuture(); handleException(ar.cause()); } })); if (remoteAddress != null) { sslHandler = new SslHandler(helper.createEngine(vertx, remoteAddress, serverName)); } else { if (helper.isSNI()) { sslHandler = new SniHandler(helper.serverNameMapper(vertx)); } else { sslHandler = new SslHandler(helper.createEngine(vertx)); } } chctx.pipeline().addFirst("ssl", sslHandler); } return this; }
@Override protected void initChannel(Channel ch) throws Exception { SslHandler sslHandler = sslContext.newHandler(ch.alloc()); sslHandler.engine().setEnabledProtocols(sslContextFactory.getProtocols()); // Configure our pipeline of ChannelHandlerS. ChannelPipeline pipeline = ch.pipeline(); storeChannel(ch); addTimeoutHandlers(pipeline); addPassportHandler(pipeline); addTcpRelatedHandlers(pipeline); pipeline.addLast("ssl", sslHandler); addSslInfoHandlers(pipeline, isSSlFromIntermediary); addSslClientCertChecks(pipeline); addHttp1Handlers(pipeline); addHttpRelatedHandlers(pipeline); addZuulHandlers(pipeline); } }
SslHandler sslHandler = ch.pipeline().get(SslHandler.class); if (sslHandler != null) { Future<Channel> handshakeFuture = sslHandler.handshakeFuture(); if (handshakeFuture.awaitUninterruptibly(30000)) { if (handshakeFuture.isSuccess()) { ChannelPipeline channelPipeline = ch.pipeline(); ActiveMQChannelHandler channelHandler = channelPipeline.get(ActiveMQChannelHandler.class); channelHandler.active = true; } else { ch.close().awaitUninterruptibly(); ActiveMQClientLogger.LOGGER.errorCreatingNettyConnection(handshakeFuture.cause()); return null; HttpUpgradeHandler httpUpgradeHandler = (HttpUpgradeHandler) ch.pipeline().get("http-upgrade"); String scheme = "http"; if (sslEnabled) {
@Override public void operationComplete(Future<Channel> future) throws Exception { ctx.writeAndFlush("Welcome to " + InetAddress.getLocalHost().getHostName() + " secure chat service!\n"); ctx.writeAndFlush("Your session is protected by " + ctx.pipeline().get(SslHandler.class).engine() .getSession().getCipherSuite() + " cipher suite.\n"); channels.add(ctx.channel()); } });
private void enableSsl(ChannelHandlerContext ctx) { ChannelPipeline p = ctx.getPipeline(); SSLEngine engine = SecureChatSslContextFactory.getServerContext().createSSLEngine(); engine.setUseClientMode(false); p.addLast("ssl", new SslHandler(engine)); p.addLast("unificationA", new PortUnificationServerHandler(false, detectGzip)); p.remove(this); }