Java SSLEngine.setUseClientMode方法代码示例

import javax.net.ssl.SSLEngine; //导入方法依赖的package包/类
private void emmit(FlowableEmitter<Message> emitter, String roomId) throws Exception {
    SSLContext sslCtx = SSLContext.getDefault();
    SSLEngine sslEngine = sslCtx.createSSLEngine("stream.gitter.im", 443);
    sslEngine.setUseClientMode(true);

    HttpClient
            .newClient("stream.gitter.im", 443)
            .secure(sslEngine)
            .createGet("/v1/rooms/" + roomId + "/chatMessages")
            .addHeader("Authorization", "Bearer 3cd4820adf59b6a7116f99d92f68a1b786895ce7")
            .flatMap(HttpClientResponse::getContent)
            .filter(bb -> bb.capacity() > 2)
            .map(MessageEncoder::mapToMessage)
            .doOnNext(m -> System.out.println("Log Emit: " + m))
            .subscribe(emitter::onNext, emitter::onError, emitter::onComplete);
}
 

import javax.net.ssl.SSLEngine; //导入方法依赖的package包/类
protected SSLEngine createSSLEngine() {
	SSLEngine engine = sslContext.createSSLEngine();
	if ("false".equals(getClientAuth())) {
		engine.setNeedClientAuth(false);
		engine.setWantClientAuth(false);
	} else if ("true".equals(getClientAuth()) || "yes".equals(getClientAuth())) {
		engine.setNeedClientAuth(true);
	} else if ("want".equals(getClientAuth())) {
		engine.setWantClientAuth(true);
	}
	engine.setUseClientMode(false);
	engine.setEnabledCipherSuites(enabledCiphers);
	engine.setEnabledProtocols(enabledProtocols);

	configureUseServerCipherSuitesOrder(engine);

	return engine;
}
 

import javax.net.ssl.SSLEngine; //导入方法依赖的package包/类
/**
 * Returns client ssl engine.
 *
 * @param context - SSLContext to get SSLEngine from.
 * @param useSNI  - flag used to enable or disable using SNI extension.
 *                Needed for Kerberos.
 */
public static SSLEngine getClientSSLEngine(
        SSLContext context, boolean useSNI) {

    SSLEngine clientEngine = context.createSSLEngine(HOST, 80);
    clientEngine.setUseClientMode(true);
    if (useSNI) {
        SNIHostName serverName = new SNIHostName(SERVER_NAME);
        List<SNIServerName> serverNames = new ArrayList<>();
        serverNames.add(serverName);
        SSLParameters params = clientEngine.getSSLParameters();
        params.setServerNames(serverNames);
        clientEngine.setSSLParameters(params);
    }
    return clientEngine;
}
 

import javax.net.ssl.SSLEngine; //导入方法依赖的package包/类
@Override
public SocketChannel newChannel(ChannelPipeline pipeline) {
  try {
    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(null, new TrustManager[]{new PermissiveTrustManager()},
                    null);
    SSLEngine sslEngine = sslContext.createSSLEngine();
    sslEngine.setUseClientMode(true);
    // addFirst() will make SSL handling the first stage of decoding
    // and the last stage of encoding
    pipeline.addFirst("ssl", new SslHandler(sslEngine));
    return super.newChannel(pipeline);
  } catch (Exception ex) {
    throw new RuntimeException("Cannot create SSL channel", ex);
  }
}
 

import javax.net.ssl.SSLEngine; //导入方法依赖的package包/类
protected SSLEngine createSSLEngine() {
    SSLEngine engine = sslContext.createSSLEngine();
    if ("false".equals(getClientAuth())) {
        engine.setNeedClientAuth(false);
        engine.setWantClientAuth(false);
    } else if ("true".equals(getClientAuth()) || "yes".equals(getClientAuth())){
        engine.setNeedClientAuth(true);
    } else if ("want".equals(getClientAuth())) {
        engine.setWantClientAuth(true);
    }
    engine.setUseClientMode(false);
    engine.setEnabledCipherSuites(enabledCiphers);
    engine.setEnabledProtocols(enabledProtocols);

    configureUseServerCipherSuitesOrder(engine);

    return engine;
}
 

import javax.net.ssl.SSLEngine; //导入方法依赖的package包/类
@Override public void prepare(final Benchmark benchmark) {
  this.concurrencyLevel = benchmark.concurrencyLevel;
  this.targetBacklog = benchmark.targetBacklog;

  ChannelInitializer<SocketChannel> channelInitializer = new ChannelInitializer<SocketChannel>() {
    @Override public void initChannel(SocketChannel channel) throws Exception {
      ChannelPipeline pipeline = channel.pipeline();

      if (benchmark.tls) {
        SslClient sslClient = SslClient.localhost();
        SSLEngine engine = sslClient.sslContext.createSSLEngine();
        engine.setUseClientMode(true);
        pipeline.addLast("ssl", new SslHandler(engine));
      }

      pipeline.addLast("codec", new HttpClientCodec());
      pipeline.addLast("inflater", new HttpContentDecompressor());
      pipeline.addLast("handler", new HttpChannel(channel));
    }
  };

  bootstrap = new Bootstrap();
  bootstrap.group(new NioEventLoopGroup(concurrencyLevel))
      .option(ChannelOption.ALLOCATOR, PooledByteBufAllocator.DEFAULT)
      .channel(NioSocketChannel.class)
      .handler(channelInitializer);
}
 

import javax.net.ssl.SSLEngine; //导入方法依赖的package包/类
public static void main(String[] s) throws Exception {
    SSLContext context = SSLEngineTestCase.getContext();
    SSLEngine clientEngine = context.createSSLEngine();
    clientEngine.setUseClientMode(true);
    SSLEngine serverEngine = context.createSSLEngine();
    serverEngine.setUseClientMode(false);
    String[] cliEnabledCiphers = clientEngine.getEnabledCipherSuites();
    rc4Test(cliEnabledCiphers, true);
    String[] srvEnabledCiphers = serverEngine.getEnabledCipherSuites();
    rc4Test(srvEnabledCiphers, false);
}
 

import javax.net.ssl.SSLEngine; //导入方法依赖的package包/类
/**
 * Returns a configured SSLEngine.
 *
 * @return the configured SSLEngine.
 * @throws GeneralSecurityException thrown if the SSL engine could not
 * be initialized.
 * @throws IOException thrown if and IO error occurred while loading
 * the server keystore.
 */
public SSLEngine createSSLEngine()
  throws GeneralSecurityException, IOException {
  SSLEngine sslEngine = context.createSSLEngine();
  if (mode == Mode.CLIENT) {
    sslEngine.setUseClientMode(true);
  } else {
    sslEngine.setUseClientMode(false);
    sslEngine.setNeedClientAuth(requireClientCert);
  }
  sslEngine.setEnabledProtocols(enabledProtocols);
  return sslEngine;
}
 

import javax.net.ssl.SSLEngine; //导入方法依赖的package包/类
@Override
protected void initChannel(SocketChannel channel) throws Exception {
    TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    KeyStore ts = KeyStore.getInstance("JKS");
    ts.load(new FileInputStream(tsLocation), tsPwd);
    tmFactory.init(ts);

    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream(ksLocation), ksPwd);
    kmf.init(ks, ksPwd);

    SSLContext serverContext = SSLContext.getInstance("TLS");
    serverContext.init(kmf.getKeyManagers(), tmFactory.getTrustManagers(), null);

    SSLEngine serverSslEngine = serverContext.createSSLEngine();

    serverSslEngine.setNeedClientAuth(true);
    serverSslEngine.setUseClientMode(false);
    serverSslEngine.setEnabledProtocols(serverSslEngine.getSupportedProtocols());
    serverSslEngine.setEnabledCipherSuites(serverSslEngine.getSupportedCipherSuites());
    serverSslEngine.setEnableSessionCreation(true);

    channel.pipeline().addLast("ssl", new io.netty.handler.ssl.SslHandler(serverSslEngine))
            .addLast("encoder", encoder)
            .addLast("decoder", new MessageDecoder())
            .addLast("handler", dispatcher);
}
 

import javax.net.ssl.SSLEngine; //导入方法依赖的package包/类
private void unsupTest(String cipher, boolean clientTest) {
    SSLContext context = getContext();
    SSLEngine clientEngine = context.createSSLEngine();
    clientEngine.setUseClientMode(true);
    SSLEngine serverEngine = context.createSSLEngine();
    serverEngine.setUseClientMode(false);
    if (clientTest) {
        clientEngine.setEnabledCipherSuites(new String[]{cipher});
    } else {
        serverEngine.setEnabledCipherSuites(new String[]{cipher});
    }
}
 

import javax.net.ssl.SSLEngine; //导入方法依赖的package包/类
public SslHandler getSslHandler() {
    try {
        URL ksUrl = Resources.getResource(keyStoreFile);
        File ksFile = new File(ksUrl.toURI());
        URL tsUrl = Resources.getResource(keyStoreFile);
        File tsFile = new File(tsUrl.toURI());

        TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore trustStore = KeyStore.getInstance(keyStoreType);
        trustStore.load(new FileInputStream(tsFile), keyStorePassword.toCharArray());
        tmFactory.init(trustStore);

        KeyStore ks = KeyStore.getInstance(keyStoreType);

        ks.load(new FileInputStream(ksFile), keyStorePassword.toCharArray());
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(ks, keyPassword.toCharArray());

        KeyManager[] km = kmf.getKeyManagers();
        TrustManager x509wrapped = getX509TrustManager(tmFactory);
        TrustManager[] tm = {x509wrapped};
        SSLContext sslContext = SSLContext.getInstance(TLS);
        sslContext.init(km, tm, null);
        SSLEngine sslEngine = sslContext.createSSLEngine();
        sslEngine.setUseClientMode(false);
        sslEngine.setNeedClientAuth(false);
        sslEngine.setWantClientAuth(true);
        sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols());
        sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
        sslEngine.setEnableSessionCreation(true);
        return new SslHandler(sslEngine);
    } catch (Exception e) {
        log.error("Unable to set up SSL context. Reason: " + e.getMessage(), e);
        throw new RuntimeException("Failed to get SSL handler", e);
    }
}
 

import javax.net.ssl.SSLEngine; //导入方法依赖的package包/类
@Override
public ChannelPipeline getPipeline() throws Exception {
    OFChannelHandler handler = new OFChannelHandler(controller);

    ChannelPipeline pipeline = Channels.pipeline();
    if (sslContext != null) {
        log.debug("OpenFlow SSL enabled.");
        SSLEngine sslEngine = sslContext.createSSLEngine();

        sslEngine.setNeedClientAuth(true);
        sslEngine.setUseClientMode(false);
        sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols());
        sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
        sslEngine.setEnableSessionCreation(true);

        SslHandler sslHandler = new SslHandler(sslEngine);
        pipeline.addLast("ssl", sslHandler);
    } else {
        log.debug("OpenFlow SSL disabled.");
    }
    pipeline.addLast("ofmessagedecoder", new OFMessageDecoder());
    pipeline.addLast("ofmessageencoder", new OFMessageEncoder());
    pipeline.addLast("idle", idleHandler);
    pipeline.addLast("timeout", readTimeoutHandler);
    // XXX S ONOS: was 15 increased it to fix Issue #296
    pipeline.addLast("handshaketimeout",
                     new HandshakeTimeoutHandler(handler, timer, 60));
    if (pipelineExecutor != null) {
        pipeline.addLast("pipelineExecutor",
                         new ExecutionHandler(pipelineExecutor));
    }
    pipeline.addLast("handler", handler);
    return pipeline;
}
 

import javax.net.ssl.SSLEngine; //导入方法依赖的package包/类
@Override
protected void initChannel(Channel ch) throws Exception {
	ChannelPipeline pipeline = ch.pipeline();
	OFChannelHandler handler = new OFChannelHandler(
			switchManager,
			connectionListener,
			pipeline,
			debugCounters,
			timer,
			ofBitmaps,
			defaultFactory);

	if (keyStore != null && keyStorePassword != null) {
		try {
			/* Set up factories and stores. */
			TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
			KeyStore tmpKS = null;
			tmFactory.init(tmpKS);

			/* Use keystore/pass defined in properties file. */
			KeyStore ks = KeyStore.getInstance("JKS");
			ks.load(new FileInputStream(keyStore), keyStorePassword.toCharArray());

			KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
			kmf.init(ks, keyStorePassword.toCharArray());

			KeyManager[] km = kmf.getKeyManagers();
			TrustManager[] tm = tmFactory.getTrustManagers();

			/* Set up SSL prereqs for Netty. */
			SSLContext sslContext = SSLContext.getInstance("TLS");
			sslContext.init(km, tm, null);
			SSLEngine sslEngine = sslContext.createSSLEngine();

			/* We are the server and we will create secure sessions. */
			sslEngine.setUseClientMode(false);
			sslEngine.setEnableSessionCreation(true);

			/* These are redundant (default), but for clarity... */
			sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols()); 
			sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
			
			/* First, decrypt w/handler+engine; then, proceed with rest of handlers. */
			pipeline.addLast(PipelineHandler.SSL_TLS_ENCODER_DECODER, new SslHandler(sslEngine));
			log.info("SSL OpenFlow socket initialized and handler ready for switch.");
		} catch (Exception e) { /* There are lots of possible exceptions to catch, so this should get them all. */
			log.error("Exception initializing SSL OpenFlow socket: {}", e.getMessage());
			throw e; /* If we wanted secure but didn't get it, we should bail. */
		}
	}
	
	pipeline.addLast(PipelineHandler.OF_MESSAGE_DECODER,
			new OFMessageDecoder());
	pipeline.addLast(PipelineHandler.OF_MESSAGE_ENCODER,
			new OFMessageEncoder());
	pipeline.addLast(PipelineHandler.MAIN_IDLE,
			new IdleStateHandler(PipelineIdleReadTimeout.MAIN,
					PipelineIdleWriteTimeout.MAIN,
					0));
	pipeline.addLast(PipelineHandler.READ_TIMEOUT, new ReadTimeoutHandler(30));
	pipeline.addLast(PipelineHandler.CHANNEL_HANDSHAKE_TIMEOUT,
			new HandshakeTimeoutHandler(
					handler,
					timer,
					PipelineHandshakeTimeout.CHANNEL));

	pipeline.addLast(PipelineHandler.CHANNEL_HANDLER, handler);
}
 

import javax.net.ssl.SSLEngine; //导入方法依赖的package包/类
private synchronized void initSSL(ChannelPipeline p)
        throws X509Exception, KeyManagementException, NoSuchAlgorithmException {
    String authProviderProp = System.getProperty(ZKConfig.SSL_AUTHPROVIDER);
    SSLContext sslContext;
    if (authProviderProp == null) {
        sslContext = X509Util.createSSLContext();
    } else {
        sslContext = SSLContext.getInstance("TLSv1");
        X509AuthenticationProvider authProvider =
                (X509AuthenticationProvider)ProviderRegistry.getProvider(
                        System.getProperty(ZKConfig.SSL_AUTHPROVIDER,
                                "x509"));

        if (authProvider == null)
        {
            LOG.error("Auth provider not found: {}", authProviderProp);
            throw new SSLContextException(
                    "Could not create SSLContext with specified auth provider: " +
                    authProviderProp);
        }

        sslContext.init(new X509KeyManager[] { authProvider.getKeyManager() },
                        new X509TrustManager[] { authProvider.getTrustManager() },
                        null);
    }

    SSLEngine sslEngine = sslContext.createSSLEngine();
    sslEngine.setUseClientMode(false);
    sslEngine.setNeedClientAuth(true);

    p.addLast("ssl", new SslHandler(sslEngine));
    LOG.info("SSL handler added for channel: {}", p.getChannel());
}
 

import javax.net.ssl.SSLEngine; //导入方法依赖的package包/类
public ChannelHandler create() {
    SSLEngine sslEngine = sslContext.createSSLEngine();
    sslEngine.setUseClientMode(false);
    return new SslHandler(sslEngine);
}