javax.net.ssl.SSLEngine#setEnableSessionCreation ( )源码实例Demo

@Override
public SSLEngine createSSLEngine(BufferAllocator allocator, String peerHost, int peerPort) {
  SSLEngine engine = super.createSSLEngine(allocator, peerHost, peerPort);

  engine.setUseClientMode(false);

  // No need for client side authentication (HTTPS like behaviour)
  engine.setNeedClientAuth(false);

  try {
    engine.setEnableSessionCreation(true);
  } catch (Exception e) {
    // Openssl implementation may throw this.
    logger.debug("Session creation not enabled. Exception: {}", e.getMessage());
  }

  return engine;
}
 

@Override
public SSLEngine createSSLEngine(BufferAllocator allocator, String peerHost, int peerPort) {
  SSLEngine engine = super.createSSLEngine(allocator, peerHost, peerPort);

  if (!this.disableHostVerification()) {
    SSLParameters sslParameters = engine.getSSLParameters();
    // only available since Java 7
    sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
    engine.setSSLParameters(sslParameters);
  }

  engine.setUseClientMode(true);

  try {
    engine.setEnableSessionCreation(true);
  } catch (Exception e) {
    // Openssl implementation may throw this.
    logger.debug("Session creation not enabled. Exception: {}", e.getMessage());
  }

  return engine;
}
 

@Override
public SSLEngine newClientEngine(ByteBufAllocator allocator, String peerHost, int peerPort)
  throws SSLException {
  final SslContext sslContext = newClientContextBuilder().build();

  final SSLEngine engine = sslContext.newEngine(allocator, peerHost, peerPort);

  if (!sslConfig.disableHostVerification()) {
    final SSLParameters sslParameters = engine.getSSLParameters();
    // only available since Java 7
    sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
    engine.setSSLParameters(sslParameters);
  }

  try {
    engine.setEnableSessionCreation(true);
  } catch (UnsupportedOperationException ignored) {
    // see ReferenceCountedOpenSslEngine#setEnableSessionCreation
    logger.trace("Session creation not enabled", ignored);
  }

  return engine;
}
 

@Override
protected void initChannel(SocketChannel channel) throws Exception {

    ChannelPipeline pipeline = channel.pipeline();
    if (sslContext != null) {
        log.info("OVSDB SSL enabled.");
        SSLEngine sslEngine = sslContext.createSSLEngine();

        sslEngine.setNeedClientAuth(true);
        sslEngine.setUseClientMode(false);
        sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols());
        sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
        sslEngine.setEnableSessionCreation(true);

        SslHandler sslHandler = new SslHandler(sslEngine);
        pipeline.addLast("ssl", sslHandler);
    } else {
        log.info("OVSDB SSL disabled.");
    }
    pipeline.addLast(new StringEncoder(CharsetUtil.UTF_8));
    pipeline.addLast(new MessageDecoder());

    pipeline.addLast(new IdleStateHandler(READER_IDLE_TIME, WRITER_IDLE_TIME, ALL_IDLE_TIME));
    pipeline.addLast(new ReadTimeoutHandler(TIMEOUT));
    controller.handleNewNodeConnection(channel);
}
 

public SSLEngineResult unwrap(final ByteBuffer src, final ByteBuffer[] dsts, final int offset, final int length) throws SSLException {
    SSLEngine next;
    final int mark = src.position();
    try {
        if (src.remaining() < SNISSLExplorer.RECORD_HEADER_SIZE) {
            packetBufferSize = SNISSLExplorer.RECORD_HEADER_SIZE;
            return UNDERFLOW_UNWRAP;
        }
        final int requiredSize = SNISSLExplorer.getRequiredSize(src);
        if (src.remaining() < requiredSize) {
            packetBufferSize = requiredSize;
            return UNDERFLOW_UNWRAP;
        }
        List<SNIServerName> names = SNISSLExplorer.explore(src);
        SSLContext sslContext = selector.getContext(names);
        if (sslContext == null) {
            // no SSL context is available
            throw UndertowMessages.MESSAGES.noContextForSslConnection();
        }
        next = engineFunction.apply(sslContext);
        next.setUseClientMode(false);
        final int flagsVal = flags.get();
        if ((flagsVal & FL_WANT_C_AUTH) != 0) {
            next.setWantClientAuth(true);
        } else if ((flagsVal & FL_NEED_C_AUTH) != 0) {
            next.setNeedClientAuth(true);
        }
        if ((flagsVal & FL_SESSION_CRE) != 0) {
            next.setEnableSessionCreation(true);
        }
        next = selectionCallback.apply(next);
        currentRef.set(next);
    } finally {
        src.position(mark);
    }
    return next.unwrap(src, dsts, offset, length);
}
 

@Override
public SSLEngine newServerEngine(ByteBufAllocator allocator, String peerHost, int peerPort)
  throws SSLException {
  final SslContext sslContext = newServerContextBuilder().build();

  final SSLEngine engine = sslContext.newEngine(allocator, peerHost, peerPort);
  try {
    engine.setEnableSessionCreation(true);
  } catch (UnsupportedOperationException ignored) {
    // see ReferenceCountedOpenSslEngine#setEnableSessionCreation
    logger.trace("Session creation not enabled", ignored);
  }

  return engine;
}
 

public SslHandler getSslHandler() {
    try {
        URL ksUrl = Resources.getResource(keyStoreFile);
        File ksFile = new File(ksUrl.toURI());
        URL tsUrl = Resources.getResource(keyStoreFile);
        File tsFile = new File(tsUrl.toURI());

        TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore trustStore = KeyStore.getInstance(keyStoreType);
        trustStore.load(new FileInputStream(tsFile), keyStorePassword.toCharArray());
        tmFactory.init(trustStore);

        KeyStore ks = KeyStore.getInstance(keyStoreType);

        ks.load(new FileInputStream(ksFile), keyStorePassword.toCharArray());
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(ks, keyPassword.toCharArray());

        KeyManager[] km = kmf.getKeyManagers();
        TrustManager x509wrapped = getX509TrustManager(tmFactory);
        TrustManager[] tm = {x509wrapped};
        SSLContext sslContext = SSLContext.getInstance(TLS);
        sslContext.init(km, tm, null);
        SSLEngine sslEngine = sslContext.createSSLEngine();
        sslEngine.setUseClientMode(false);
        sslEngine.setNeedClientAuth(false);
        sslEngine.setWantClientAuth(true);
        sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols());
        sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
        sslEngine.setEnableSessionCreation(true);
        return new SslHandler(sslEngine);
    } catch (Exception e) {
        log.error("Unable to set up SSL context. Reason: " + e.getMessage(), e);
        throw new RuntimeException("Failed to get SSL handler", e);
    }
}
 

public SSLEngine createSslEngine() {
  SSLEngine sslEngine = createBaseSslEngine();
  sslEngine.setEnabledProtocols(getFinalProtocols());

  sslEngine.setEnabledCipherSuites(getFinalCipherSuites());

  sslEngine.setEnableSessionCreation(true);
  sslEngine.setUseClientMode(isClientMode());
  return sslEngine;
}
 

public ChannelPipeline getPipeline() throws Exception {

        Integer max = Integer.valueOf(Play.configuration.getProperty("play.netty.maxContentLength", "-1"));
        String mode = Play.configuration.getProperty("play.netty.clientAuth", "none");

        ChannelPipeline pipeline = pipeline();

        // Add SSL handler first to encrypt and decrypt everything.
        SSLEngine engine = SslHttpServerContextFactory.getServerContext().createSSLEngine();
        engine.setUseClientMode(false);
        
        if ("want".equalsIgnoreCase(mode)) {
            engine.setWantClientAuth(true);
        } else if ("need".equalsIgnoreCase(mode)) {
            engine.setNeedClientAuth(true);
        }
        
        engine.setEnableSessionCreation(true);

        pipeline.addLast("flashPolicy", new FlashPolicyHandler());
        pipeline.addLast("ssl", new SslHandler(engine));
        pipeline.addLast("decoder", new HttpRequestDecoder());
        pipeline.addLast("aggregator", new StreamChunkAggregator(max));
        pipeline.addLast("encoder", new HttpResponseEncoder());
        pipeline.addLast("chunkedWriter", new ChunkedWriteHandler());

        pipeline.addLast("handler", new SslPlayHandler());

        return pipeline;
    }
 

@Override
protected void initChannel(SocketChannel ch) throws Exception {

    OFChannelHandler handler = new OFChannelHandler(controller);

    ChannelPipeline pipeline = ch.pipeline();
    if (sslContext != null) {
        log.info("OpenFlow SSL enabled.");
        SSLEngine sslEngine = sslContext.createSSLEngine();

        sslEngine.setNeedClientAuth(true);
        sslEngine.setUseClientMode(false);
        sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols());
        sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
        sslEngine.setEnableSessionCreation(true);

        SslHandler sslHandler = new SslHandler(sslEngine);
        pipeline.addLast("ssl", sslHandler);
    } else {
        log.debug("OpenFlow SSL disabled.");
    }
    pipeline.addLast("ofmessageencoder", OFMessageEncoder.getInstance());
    pipeline.addLast("ofmessagedecoder", OFMessageDecoder.getInstance());

    pipeline.addLast("consolidateflush", new FlushConsolidationHandler(
                       FlushConsolidationHandler.DEFAULT_EXPLICIT_FLUSH_AFTER_FLUSHES, true));
    pipeline.addLast("idle", new IdleStateHandler(5, 25, 0));
    pipeline.addLast("timeout", new ReadTimeoutHandler(30));

    // XXX S ONOS: was 15 increased it to fix Issue #296
    pipeline.addLast("handshaketimeout",
                     new HandshakeTimeoutHandler(handler, 60));
    // ExecutionHandler equivalent now part of Netty core
    if (pipelineExecutor != null) {
        pipeline.addLast(pipelineExecutor, "handler", handler);
    } else {
        pipeline.addLast("handler", handler);
    }
}