netty SSL尝试

郗亦

2023-12-01

1. 5.0.0.Alpha2
   <dependencies>
       <dependency>
           <groupId>io.netty</groupId>
           <artifactId>netty-all</artifactId>
           <version>5.0.0.Alpha2</version>
       </dependency>

       <dependency>
           <groupId>org.apache.bcel</groupId>
           <artifactId>bcel</artifactId>
           <version>6.2</version>
       </dependency>

       <dependency>
           <groupId>org.jibx</groupId>
           <artifactId>jibx-run</artifactId>
           <version>1.3.1</version>
       </dependency>
       <dependency>
           <groupId>org.jibx</groupId>
           <artifactId>jibx-extras</artifactId>
           <version>1.3.1</version>
       </dependency>
       <dependency>
           <groupId>org.jibx</groupId>
           <artifactId>jibx-bind</artifactId>
           <version>1.3.1</version>
       </dependency>
       <dependency>
           <groupId>org.jibx</groupId>
           <artifactId>jibx-schema</artifactId>
           <version>1.3.1</version>
       </dependency>
       <dependency>
           <groupId>org.jibx</groupId>
           <artifactId>jibx-tools</artifactId>
           <version>1.3.1</version>
       </dependency>

       <dependency>
           <groupId>javax.xml.stream</groupId>
           <artifactId>stax-api</artifactId>
           <version>1.0-2</version>
       </dependency>

       <dependency>
           <groupId>com.alibaba</groupId>
           <artifactId>fastjson</artifactId>
           <version>1.2.47</version>
       </dependency>

       <dependency>
           <groupId>org.slf4j</groupId>
           <artifactId>slf4j-api</artifactId>
           <version>1.7.25</version>
       </dependency>
       <dependency>
           <groupId>org.slf4j</groupId>
           <artifactId>jcl-over-slf4j</artifactId>
           <version>1.7.25</version>
       </dependency>
       <dependency>
           <groupId>commons-io</groupId>
           <artifactId>commons-io</artifactId>
           <version>2.6</version>
       </dependency>

       <dependency>
           <groupId>org.apache.commons</groupId>
           <artifactId>commons-lang3</artifactId>
           <version>3.7</version>
       </dependency>
   </dependencies>

2. serverInitializer

   @Override
   public void initChannel(SocketChannel ch) throws Exception {
       ChannelPipeline pipeline = ch.pipeline();

       // Add SSL handler first to encrypt and decrypt everything.
       // In this example, we use a bogus certificate in the server side
       // and accept any invalid certificates in the client side.
       // You will need something more complicated to identify both
       // and server in the real world.
       //
       // Read SecureChatSslContextFactory
       // if you need client certificate authentication.

       SSLEngine engine = null;
       switch (SSLMODE.valueOf(tlsMode)) {
       case CA:
           URL url = this.getClass().getClassLoader().getResource("sslconf/client/sChat.jks");
           if (null == url) {
               log.error("ca jks file does not exists !!!", new Throwable());
           }
           log.info("SSL Server initializing ,wait");
           engine = SecureChatSslContextFactory.getServerContext(tlsMode, url.getFile(), null).createSSLEngine();
           if(null==engine ) {
               log.error("SSL Server create faild, please check your configs...",new Throwable());
           }
           log.info("SSL Server initialized ,OK");
           break;
       case CSA:
           URL pkUrl = this.getClass().getClassLoader().getResource("sslconf/twoway/sChat.jks");
           URL caUrl = this.getClass().getClassLoader().getResource("sslconf/twoway/sChat.jks");
           engine = SecureChatSslContextFactory.getServerContext(tlsMode, pkUrl.getFile(), caUrl.getFile())
                   .createSSLEngine();
           // Client auth
           engine.setNeedClientAuth(true);
           break;
       default:
           log.error("ERROR : " + tlsMode);
           System.exit(-1);
           break;

}
engine.setUseClientMode(false);

pipeline.addLast("ssl", new SslHandler(engine));

       // On top of the SSL handler, add the text line codec.
       pipeline.addLast("framer", new DelimiterBasedFrameDecoder(8192, Delimiters.lineDelimiter()));
       pipeline.addLast("decoder", new StringDecoder());
       pipeline.addLast("encoder", new StringEncoder());

       // and then business logic.
       pipeline.addLast("handler", new SecureChatServerHandler());
   }

3. clientInitializer

   @Override
   public void initChannel(SocketChannel ch) throws Exception {
       ChannelPipeline pipeline = ch.pipeline();

       SSLEngine engine = null;
       switch (SSLMODE.valueOf(tlsMode)) {
       case CA:
           URL url = this.getClass().getClassLoader().getResource("sslconf/client/cChat.jks");
           if (null == url) {
               log.error("ca jks file does not exists !!!", new Throwable());
           }
           engine = SecureChatSslContextFactory.getClientContext(tlsMode, null, url.getFile()).createSSLEngine();
           break;
       case CSA:
           URL pkUrl = this.getClass().getClassLoader().getResource("sslconf/twoway/cChat.jks");
           URL caUrl = this.getClass().getClassLoader().getResource("sslconf/twoway/cChat.jks");
           engine = SecureChatSslContextFactory.getClientContext(tlsMode, pkUrl.getFile(), caUrl.getFile()).createSSLEngine();
           break;
       default:
           log.error("ERROR : " + tlsMode);
           System.exit(-1);
           break;

}

engine.setUseClientMode(true);
pipeline.addLast("ssl", new SslHandler(engine));

       // and then business logic.
       pipeline.addLast("handler", new SecureChatClientHandler());
   }

netty SSL尝试

相关阅读

相关文章

相关问答

相关文档