io.netty.handler.ssl.SslContext类的使用及代码示例

x33g5p2x  于2022-01-29 转载在 其他  
字(12.3k)|赞(0)|评价(0)|浏览(350)

本文整理了Java中io.netty.handler.ssl.SslContext类的一些代码示例,展示了SslContext类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。SslContext类的具体详情如下:
包路径:io.netty.handler.ssl.SslContext
类名称:SslContext

SslContext介绍

[英]A secure socket protocol implementation which acts as a factory for SSLEngine and SslHandler. Internally, it is implemented via JDK's SSLContext or OpenSSL's SSL_CTX.

Making your server support SSL/TLS

  1. // In your
  2. ChannelInitializer:
  3. ChannelPipeline p = channel.pipeline();
  4. SslContext sslCtx =
  5. SslContextBuilder#forServer(File,File).build();
  6. p.addLast("ssl",
  7. #newHandler(ByteBufAllocator));
  8. ...

Making your client support SSL/TLS

  1. // In your
  2. ChannelInitializer:
  3. ChannelPipeline p = channel.pipeline();
  4. SslContext sslCtx =
  5. SslContextBuilder#forClient().build();
  6. p.addLast("ssl",
  7. #newHandler(ByteBufAllocator,String,int));
  8. ...

[中]一种安全套接字协议实现,充当SSLEngine和SslHandler的工厂。在内部,它是通过JDK的SSLContext或OpenSSL的SSL_CTX实现的。
####让您的服务器支持SSL/TLS

  1. // In your
  2. ChannelInitializer:
  3. ChannelPipeline p = channel.pipeline();
  4. SslContext sslCtx =
  5. SslContextBuilder#forServer(File,File).build();
  6. p.addLast("ssl",
  7. #newHandler(ByteBufAllocator));
  8. ...

####让您的客户机支持SSL/TLS

  1. // In your
  2. ChannelInitializer:
  3. ChannelPipeline p = channel.pipeline();
  4. SslContext sslCtx =
  5. SslContextBuilder#forClient().build();
  6. p.addLast("ssl",
  7. #newHandler(ByteBufAllocator,String,int));
  8. ...

代码示例

代码示例来源:origin: spring-projects/spring-framework

  1. @Override
  2. protected void initChannel(SocketChannel channel) throws Exception {
  3. configureChannel(channel.config());
  4. ChannelPipeline pipeline = channel.pipeline();
  5. if (isSecure) {
  6. Assert.notNull(sslContext, "sslContext should not be null");
  7. pipeline.addLast(sslContext.newHandler(channel.alloc(), uri.getHost(), uri.getPort()));
  8. }
  9. pipeline.addLast(new HttpClientCodec());
  10. pipeline.addLast(new HttpObjectAggregator(maxResponseSize));
  11. if (readTimeout > 0) {
  12. pipeline.addLast(new ReadTimeoutHandler(readTimeout,
  13. TimeUnit.MILLISECONDS));
  14. }
  15. }
  16. });

代码示例来源:origin: normanmaurer/netty-in-action

  1. @Override
  2. protected void initChannel(Channel ch) throws Exception {
  3. ChannelPipeline pipeline = ch.pipeline();
  4. SSLEngine engine = context.newEngine(ch.alloc());
  5. pipeline.addFirst("ssl", new SslHandler(engine));
  6. if (isClient) {
  7. pipeline.addLast("codec", new HttpClientCodec());
  8. } else {
  9. pipeline.addLast("codec", new HttpServerCodec());
  10. }
  11. }
  12. }

代码示例来源:origin: redisson/redisson

  1. /**
  2. * Creates a new client-side {@link SslContext}.
  3. *
  4. * @return a new client-side {@link SslContext}
  5. * @deprecated Replaced by {@link SslContextBuilder}
  6. */
  7. @Deprecated
  8. public static SslContext newClientContext() throws SSLException {
  9. return newClientContext(null, null, null);
  10. }

代码示例来源:origin: redisson/redisson

  1. /**
  2. * Creates a new server-side {@link SslContext}.
  3. *
  4. * @param provider the {@link SslContext} implementation to use.
  5. * {@code null} to use the current default one.
  6. * @param certChainFile an X.509 certificate chain file in PEM format
  7. * @param keyFile a PKCS#8 private key file in PEM format
  8. * @param keyPassword the password of the {@code keyFile}.
  9. * {@code null} if it's not password-protected.
  10. * @param ciphers the cipher suites to enable, in the order of preference.
  11. * {@code null} to use the default cipher suites.
  12. * @param nextProtocols the application layer protocols to accept, in the order of preference.
  13. * {@code null} to disable TLS NPN/ALPN extension.
  14. * @param sessionCacheSize the size of the cache used for storing SSL session objects.
  15. * {@code 0} to use the default value.
  16. * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
  17. * {@code 0} to use the default value.
  18. * @return a new server-side {@link SslContext}
  19. * @deprecated Replaced by {@link SslContextBuilder}
  20. */
  21. @Deprecated
  22. public static SslContext newServerContext(
  23. SslProvider provider,
  24. File certChainFile, File keyFile, String keyPassword,
  25. Iterable<String> ciphers, Iterable<String> nextProtocols,
  26. long sessionCacheSize, long sessionTimeout) throws SSLException {
  27. return newServerContext(provider, certChainFile, keyFile, keyPassword,
  28. ciphers, IdentityCipherSuiteFilter.INSTANCE,
  29. toApplicationProtocolConfig(nextProtocols), sessionCacheSize, sessionTimeout);
  30. }

代码示例来源:origin: redisson/redisson

  1. SslContextBuilder sslContextBuilder = SslContextBuilder.forClient().sslProvider(provided);
  2. if (config.getSslTruststore() != null) {
  3. KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
  4. sslContextBuilder.trustManager(trustManagerFactory);
  5. SSLEngine sslEngine = sslContext.newEngine(ch.alloc(), hostname, config.getAddress().getPort());
  6. sslEngine.setSSLParameters(sslParams);
  7. SslHandler sslHandler = new SslHandler(sslEngine);
  8. ch.pipeline().addLast(sslHandler);
  9. ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {

代码示例来源:origin: glowroot/glowroot

  1. @Override
  2. protected void initChannel(SocketChannel ch) throws Exception {
  3. ChannelPipeline p = ch.pipeline();
  4. if (httpProxyHandler != null) {
  5. p.addLast(httpProxyHandler);
  6. }
  7. if (ssl) {
  8. SslContext sslContext = SslContextBuilder.forClient().build();
  9. p.addLast(sslContext.newHandler(ch.alloc(), host, port));
  10. }
  11. p.addLast(new HttpClientCodec());
  12. p.addLast(new HttpObjectAggregator(1048576));
  13. p.addLast(handler);
  14. }
  15. });

代码示例来源:origin: aws/aws-sdk-java

  1. @Override
  2. public void initChannel(Channel channel) throws Exception {
  3. ChannelPipeline pipeline = channel.pipeline();
  4. if (log.isDebugEnabled()) {
  5. pipeline.addLast(new LoggingHandler());
  6. }
  7. if (sslContext != null) {
  8. pipeline.addLast("ssl", sslContext.newHandler(channel.alloc()));
  9. }
  10. pipeline.addLast("http-codec", new HttpClientCodec());
  11. for (ChannelHandler handler : handlers) {
  12. pipeline.addLast(handler);
  13. }
  14. pipeline.addLast("chunkedWriter", new ChunkedWriteHandler());
  15. }
  16. }

代码示例来源:origin: Netflix/zuul

  1. @Override
  2. protected void initChannel(Channel ch) throws Exception
  3. {
  4. SslHandler sslHandler = sslContext.newHandler(ch.alloc());
  5. sslHandler.engine().setEnabledProtocols(sslContextFactory.getProtocols());
  6. // Configure our pipeline of ChannelHandlerS.
  7. ChannelPipeline pipeline = ch.pipeline();
  8. storeChannel(ch);
  9. addTimeoutHandlers(pipeline);
  10. addPassportHandler(pipeline);
  11. addTcpRelatedHandlers(pipeline);
  12. pipeline.addLast("ssl", sslHandler);
  13. addSslInfoHandlers(pipeline, isSSlFromIntermediary);
  14. addSslClientCertChecks(pipeline);
  15. addHttp1Handlers(pipeline);
  16. addHttpRelatedHandlers(pipeline);
  17. addZuulHandlers(pipeline);
  18. }
  19. }

代码示例来源:origin: com.yahoo.pulsar/pulsar-discovery-service

  1. @Override
  2. protected void initChannel(SocketChannel ch) throws Exception {
  3. if (enableTLS) {
  4. File tlsCert = new File(serviceConfig.getTlsCertificateFilePath());
  5. File tlsKey = new File(serviceConfig.getTlsKeyFilePath());
  6. SslContextBuilder builder = SslContextBuilder.forServer(tlsCert, tlsKey);
  7. // allows insecure connection
  8. builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
  9. SslContext sslCtx = builder.clientAuth(ClientAuth.OPTIONAL).build();
  10. ch.pipeline().addLast(TLS_HANDLER, sslCtx.newHandler(ch.alloc()));
  11. }
  12. ch.pipeline().addLast("frameDecoder",
  13. new PulsarLengthFieldFrameDecoder(PulsarDecoder.MaxFrameSize, 0, 4, 0, 4));
  14. ch.pipeline().addLast("handler", new ServerConnection(discoveryService));
  15. }
  16. }

代码示例来源:origin: treasure-lau/NettyDemo4Android

  1. @Override
  2. protected void initChannel(SocketChannel ch) throws Exception {
  3. SslContext sslCtx = SslContextBuilder.forClient()
  4. .trustManager(InsecureTrustManagerFactory.INSTANCE).build();
  5. ChannelPipeline pipeline = ch.pipeline();
  6. pipeline.addLast(sslCtx.newHandler(ch.alloc())); // 开启SSL
  7. pipeline.addLast(new LoggingHandler(LogLevel.INFO)); // 开启日志,可以设置日志等级
  8. // pipeline.addLast(new IdleStateHandler(30, 60, 100));
  9. pipeline.addLast(new NettyClientHandler(listener));
  10. }
  11. }

代码示例来源:origin: micronaut-projects/micronaut-core

  1. ChannelPipeline p = ch.pipeline();
  2. ch.config().setAutoRead(false);
  3. SslHandler sslHandler = sslContext.newHandler(
  4. ch.alloc(),
  5. host,
  6. port
  7. );
  8. p.addFirst(HANDLER_SSL, sslHandler);
  9. readTimeout.ifPresent(duration -> {
  10. if (!duration.isNegative()) {
  11. p.addLast(HANDLER_READ_TIMEOUT, new ReadTimeoutHandler(duration.toMillis(), TimeUnit.MILLISECONDS));
  12. Duration duration = readIdleTime.get();
  13. if (!duration.isNegative()) {
  14. p.addLast(HANDLER_IDLE_STATE, new IdleStateHandler(duration.toMillis(), duration.toMillis(), duration.toMillis(), TimeUnit.MILLISECONDS));
  15. p.addLast(HANDLER_HTTP_CLIENT_CODEC, new HttpClientCodec());
  16. p.addLast(HANDLER_DECODER, new HttpContentDecompressor());

代码示例来源:origin: oracle/helidon

  1. @Override
  2. public void initChannel(SocketChannel ch) {
  3. final ChannelPipeline p = ch.pipeline();
  4. SslHandler sslHandler = sslContext.newHandler(ch.alloc());
  5. sslEngine = sslHandler.engine();
  6. p.addLast(sslHandler);
  7. if (experimental != null && experimental.http2() != null && experimental.http2().enable()) {
  8. Http2Configuration http2Config = experimental.http2();
  9. HttpServerCodec sourceCodec = new HttpServerCodec();
  10. HelidonConnectionHandler helidonHandler = new HelidonHttp2ConnectionHandlerBuilder()
  11. .maxContentLength(http2Config.maxContentLength()).build();
  12. new CleartextHttp2ServerUpgradeHandler(sourceCodec, upgradeHandler, helidonHandler);
  13. p.addLast(cleartextHttp2ServerUpgradeHandler);
  14. p.addLast(new HelidonEventLogger());
  15. } else {
  16. p.addLast(new HttpRequestDecoder());
  17. ch.eventLoop().execute(this::clearQueues);

代码示例来源:origin: normanmaurer/netty-in-action

  1. @Override
  2. protected void initChannel(Channel ch) throws Exception {
  3. ChannelPipeline pipeline = ch.pipeline();
  4. pipeline.addLast(new SslHandler(sslCtx.newEngine(ch.alloc())));
  5. pipeline.addLast(new ChunkedWriteHandler());
  6. pipeline.addLast(new WriteStreamHandler());
  7. }

代码示例来源:origin: SpigotMC/BungeeCord

  1. @Override
  2. protected void initChannel(Channel ch) throws Exception
  3. {
  4. ch.pipeline().addLast( "timeout", new ReadTimeoutHandler( HttpClient.TIMEOUT, TimeUnit.MILLISECONDS ) );
  5. if ( ssl )
  6. {
  7. SSLEngine engine = SslContext.newClientContext().newEngine( ch.alloc(), host, port );
  8. ch.pipeline().addLast( "ssl", new SslHandler( engine ) );
  9. }
  10. ch.pipeline().addLast( "http", new HttpClientCodec() );
  11. ch.pipeline().addLast( "handler", new HttpHandler( callback ) );
  12. }
  13. }

代码示例来源:origin: neo4j/neo4j

  1. private void enableSsl( ChannelHandlerContext ctx )
  2. {
  3. ChannelPipeline p = ctx.pipeline();
  4. p.addLast( sslCtx.newHandler( ctx.alloc() ) );
  5. p.addLast( new TransportSelectionHandler( boltChannel, null, encryptionRequired, true, logging, boltProtocolFactory ) );
  6. p.remove( this );
  7. }

代码示例来源:origin: SeanDragon/protools

  1. @Override
  2. public void channelCreated(Channel channel) {
  3. NioSocketChannel nioSocketChannel = (NioSocketChannel) channel;
  4. nioSocketChannel.config().setTcpNoDelay(true).setKeepAlive(true);
  5. final ChannelPipeline p = nioSocketChannel.pipeline();
  6. //HTTPS
  7. if (sslCtx != null) {
  8. p.addLast(sslCtx.newHandler(channel.alloc()));
  9. }
  10. p.addLast(new HttpClientCodec(Integer.MAX_VALUE, Integer.MAX_VALUE, Integer.MAX_VALUE));
  11. p.addLast(new HttpObjectAggregator(Integer.MAX_VALUE));
  12. }
  13. }

代码示例来源:origin: normanmaurer/netty-in-action

  1. @Override
  2. protected void initChannel(Channel ch) throws Exception {
  3. SSLEngine engine = context.newEngine(ch.alloc());
  4. ch.pipeline().addFirst("ssl",
  5. new SslHandler(engine, startTls));
  6. }
  7. }

代码示例来源:origin: Graylog2/graylog2-server

  1. private SSLEngine createSslEngine(MessageInput input) throws IOException, CertificateException {
  2. final X509Certificate[] clientAuthCerts;
  3. if (EnumSet.of(ClientAuth.OPTIONAL, ClientAuth.REQUIRE).contains(clientAuth)) {
  4. if (clientAuthCertFile.exists()) {
  5. clientAuthCerts = KeyUtil.loadCertificates(clientAuthCertFile.toPath()).stream()
  6. .filter(certificate -> certificate instanceof X509Certificate)
  7. .map(certificate -> (X509Certificate) certificate)
  8. .toArray(X509Certificate[]::new);
  9. } else {
  10. LOG.warn("Client auth configured, but no authorized certificates / certificate authorities configured for input [{}/{}]",
  11. input.getName(), input.getId());
  12. clientAuthCerts = null;
  13. }
  14. } else {
  15. clientAuthCerts = null;
  16. }
  17. final SslContext sslContext = SslContextBuilder.forServer(certFile, keyFile, Strings.emptyToNull(password))
  18. .sslProvider(tlsProvider)
  19. .clientAuth(clientAuth)
  20. .trustManager(clientAuthCerts)
  21. .build();
  22. // TODO: Use byte buffer allocator of channel
  23. return sslContext.newEngine(ByteBufAllocator.DEFAULT);
  24. }
  25. };

代码示例来源:origin: dremio/dremio-oss

  1. @Override
  2. public SSLEngine newServerEngine(ByteBufAllocator allocator, String peerHost, int peerPort)
  3. throws SSLException {
  4. final SslContext sslContext =
  5. SslContextBuilder.forServer(keyManagerFactory)
  6. .trustManager(trustManagerFactory)
  7. .clientAuth(sslConfig.disablePeerVerification() ? ClientAuth.OPTIONAL : ClientAuth.REQUIRE)
  8. .sslProvider(SSL_PROVIDER)
  9. .protocols(SSL_PROTOCOLS)
  10. .ciphers(SSL_CIPHERS)
  11. .build();
  12. final SSLEngine engine = sslContext.newEngine(allocator, peerHost, peerPort);
  13. try {
  14. engine.setEnableSessionCreation(true);
  15. } catch (UnsupportedOperationException ignored) {
  16. // see ReferenceCountedOpenSslEngine#setEnableSessionCreation
  17. logger.trace("Session creation not enabled", ignored);
  18. }
  19. return engine;
  20. }

代码示例来源:origin: ReactiveX/RxNetty

  1. @Override
  2. public SSLEngine call(ByteBufAllocator allocator) {
  3. try {
  4. return SslContextBuilder.forClient()
  5. .trustManager(InsecureTrustManagerFactory.INSTANCE)
  6. .build()
  7. .newEngine(allocator);
  8. } catch (Exception e) {
  9. throw Exceptions.propagate(e);
  10. }
  11. }
  12. }));

相关文章