io.netty.handler.ssl.IdentityCipherSuiteFilter Java Examples

The following examples show how to use io.netty.handler.ssl.IdentityCipherSuiteFilter. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SslFactory.java    From hxy-socket with GNU General Public License v3.0 6 votes vote down vote up 
public static SslContext createSslContext(String certFilePath, String keyFilePath) {
    if (null == sslContext) {
        synchronized (SslFactory.class) {
            if (null == sslContext) {
                File certFile = new File(certFilePath);
                File keyFile = new File(keyFilePath);//此处需要PKS8编码的.key后缀文件
                try {
                    sslContext = SslContextBuilder.forServer(certFile, keyFile)
                            .clientAuth(ClientAuth.NONE).ciphers(Arrays.asList(CIPHER_ARRAY), IdentityCipherSuiteFilter.INSTANCE_DEFAULTING_TO_SUPPORTED_CIPHERS)//只允许用上面的三种128位加密套件,一般情况下去除这一行
                            .build();
                } catch (SSLException e) {
                    logger.error("SSL错误:" + e.toString());
                }
            }
        }
    }
    return sslContext;
}
Example #2
Source File: HttpServerSPDY.java    From netty-cookbook with Apache License 2.0 6 votes vote down vote up 
public static void main(String[] args) throws Exception {
	String ip = "127.0.0.1";
	int port = 8080;
	// Configure SSL.
	SelfSignedCertificate ssc = new SelfSignedCertificate();
	final SslContext sslCtx = SslContext.newServerContext(
			ssc.certificate(), ssc.privateKey(), null, null,
			IdentityCipherSuiteFilter.INSTANCE,
			new ApplicationProtocolConfig(Protocol.ALPN,
					SelectorFailureBehavior.FATAL_ALERT,
					SelectedListenerFailureBehavior.FATAL_ALERT,
					SelectedProtocol.SPDY_3_1.protocolName(),
					SelectedProtocol.HTTP_1_1.protocolName()), 0, 0);

	ChannelInitializer<SocketChannel> channelInit = new ChannelInitializer<SocketChannel>() {
		@Override
		protected void initChannel(SocketChannel ch) throws Exception {
			ChannelPipeline p = ch.pipeline();
			p.addLast(sslCtx.newHandler(ch.alloc()));				
			p.addLast(new SpdyOrHttpHandler());
		}
	};
	NettyServerUtil.newHttpServerBootstrap(ip, port, channelInit);
}
Example #3
Source File: HttpApiHandler.java    From component-runtime with Apache License 2.0 5 votes vote down vote up 
public T activeSsl() {
    if (sslContext == null) {
        try {
            final SelfSignedCertificate certificate = new SelfSignedCertificate();
            final SslContext nettyContext = SslContext
                    .newServerContext(SslProvider.JDK, null, InsecureTrustManagerFactory.INSTANCE,
                            certificate.certificate(), certificate.privateKey(), null, null, null,
                            IdentityCipherSuiteFilter.INSTANCE, null, 0, 0);
            sslContext = JdkSslContext.class.cast(nettyContext).context();
        } catch (final SSLException | CertificateException e) {
            throw new IllegalStateException(e);
        }
    }
    return (T) this;
}
Example #4
Source File: ClientHttpConnectorFactory.java    From spring-credhub with Apache License 2.0 5 votes vote down vote up 
/**
 * Create a {@link ClientHttpConnector} for the given {@link ClientOptions}.
 * @param options must not be {@literal null}
 * @return a new {@link ClientHttpConnector}.
 */
public static ClientHttpConnector create(ClientOptions options) {
	HttpClient httpClient = HttpClient.create();

	if (usingCustomCerts(options)) {
		TrustManagerFactory trustManagerFactory = sslCertificateUtils
				.createTrustManagerFactory(options.getCaCertFiles());

		httpClient = httpClient.secure((sslContextSpec) -> sslContextSpec.sslContext(
				SslContextBuilder.forClient().sslProvider(SslProvider.JDK).trustManager(trustManagerFactory)));
	}
	else {
		httpClient = httpClient.secure((sslContextSpec) -> {
			try {
				sslContextSpec.sslContext(new JdkSslContext(SSLContext.getDefault(), true, null,
						IdentityCipherSuiteFilter.INSTANCE, null, ClientAuth.REQUIRE, null, false));
			}
			catch (NoSuchAlgorithmException ex) {
				logger.error("Error configuring HTTP connections", ex);
				throw new RuntimeException("Error configuring HTTP connections", ex);
			}
		});
	}

	if (options.getConnectionTimeout() != null) {
		httpClient = httpClient
				.tcpConfiguration((tcpClient) -> tcpClient.option(ChannelOption.CONNECT_TIMEOUT_MILLIS,
						Math.toIntExact(options.getConnectionTimeout().toMillis())));
	}

	return new ReactorClientHttpConnector(httpClient);
}
Example #5
Source File: SslProvider.java    From reactor-netty with Apache License 2.0 5 votes vote down vote up 
void updateDefaultConfiguration() {
	switch (type) {
		case H2:
			sslContextBuilder.sslProvider(
			                     io.netty.handler.ssl.SslProvider.isAlpnSupported(io.netty.handler.ssl.SslProvider.OPENSSL) ?
			                             io.netty.handler.ssl.SslProvider.OPENSSL :
			                             io.netty.handler.ssl.SslProvider.JDK)
			                 .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
			                 .applicationProtocolConfig(new ApplicationProtocolConfig(
			                     ApplicationProtocolConfig.Protocol.ALPN,
			                     ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
			                     ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
			                     ApplicationProtocolNames.HTTP_2,
			                     ApplicationProtocolNames.HTTP_1_1));
			break;
		case TCP:
			sslContextBuilder.sslProvider(
			                     OpenSsl.isAvailable() ?
			                             io.netty.handler.ssl.SslProvider.OPENSSL :
			                             io.netty.handler.ssl.SslProvider.JDK)
			                 .ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
			                 .applicationProtocolConfig(null);
			break;
		case NONE:
			break; //no default configuration
	}
}
Example #6
Source File: SpdyServer.java    From netty4.0.27Learn with Apache License 2.0 5 votes vote down vote up 
public static void main(String[] args) throws Exception {
    // Configure SSL.
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    SslContext sslCtx = SslContext.newServerContext(
            ssc.certificate(), ssc.privateKey(), null, null, IdentityCipherSuiteFilter.INSTANCE,
            new ApplicationProtocolConfig(
                    Protocol.NPN,
                    SelectorFailureBehavior.FATAL_ALERT,
                    SelectedListenerFailureBehavior.FATAL_ALERT,
                    SelectedProtocol.SPDY_3_1.protocolName(),
                    SelectedProtocol.HTTP_1_1.protocolName()),
            0, 0);

    // Configure the server.
    EventLoopGroup bossGroup = new NioEventLoopGroup(1);
    EventLoopGroup workerGroup = new NioEventLoopGroup();
    try {
        ServerBootstrap b = new ServerBootstrap();
        b.option(ChannelOption.SO_BACKLOG, 1024);
        b.group(bossGroup, workerGroup)
         .channel(NioServerSocketChannel.class)
         .handler(new LoggingHandler(LogLevel.INFO))
         .childHandler(new SpdyServerInitializer(sslCtx));

        Channel ch = b.bind(PORT).sync().channel();

        System.err.println("Open your SPDY-enabled web browser and navigate to https://127.0.0.1:" + PORT + '/');
        System.err.println("If using Chrome browser, check your SPDY sessions at chrome://net-internals/#spdy");

        ch.closeFuture().sync();
    } finally {
        bossGroup.shutdownGracefully();
        workerGroup.shutdownGracefully();
    }
}