下面列出了javax.net.ssl.SSLEngine#setEnableSessionCreation ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
public SSLEngine createSSLEngine(BufferAllocator allocator, String peerHost, int peerPort) {
SSLEngine engine = super.createSSLEngine(allocator, peerHost, peerPort);
engine.setUseClientMode(false);
// No need for client side authentication (HTTPS like behaviour)
engine.setNeedClientAuth(false);
try {
engine.setEnableSessionCreation(true);
} catch (Exception e) {
// Openssl implementation may throw this.
logger.debug("Session creation not enabled. Exception: {}", e.getMessage());
}
return engine;
}
@Override
public SSLEngine createSSLEngine(BufferAllocator allocator, String peerHost, int peerPort) {
SSLEngine engine = super.createSSLEngine(allocator, peerHost, peerPort);
if (!this.disableHostVerification()) {
SSLParameters sslParameters = engine.getSSLParameters();
// only available since Java 7
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
engine.setSSLParameters(sslParameters);
}
engine.setUseClientMode(true);
try {
engine.setEnableSessionCreation(true);
} catch (Exception e) {
// Openssl implementation may throw this.
logger.debug("Session creation not enabled. Exception: {}", e.getMessage());
}
return engine;
}
@Override
public SSLEngine newClientEngine(ByteBufAllocator allocator, String peerHost, int peerPort)
throws SSLException {
final SslContext sslContext = newClientContextBuilder().build();
final SSLEngine engine = sslContext.newEngine(allocator, peerHost, peerPort);
if (!sslConfig.disableHostVerification()) {
final SSLParameters sslParameters = engine.getSSLParameters();
// only available since Java 7
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
engine.setSSLParameters(sslParameters);
}
try {
engine.setEnableSessionCreation(true);
} catch (UnsupportedOperationException ignored) {
// see ReferenceCountedOpenSslEngine#setEnableSessionCreation
logger.trace("Session creation not enabled", ignored);
}
return engine;
}
@Override
protected void initChannel(SocketChannel channel) throws Exception {
ChannelPipeline pipeline = channel.pipeline();
if (sslContext != null) {
log.info("OVSDB SSL enabled.");
SSLEngine sslEngine = sslContext.createSSLEngine();
sslEngine.setNeedClientAuth(true);
sslEngine.setUseClientMode(false);
sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols());
sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
sslEngine.setEnableSessionCreation(true);
SslHandler sslHandler = new SslHandler(sslEngine);
pipeline.addLast("ssl", sslHandler);
} else {
log.info("OVSDB SSL disabled.");
}
pipeline.addLast(new StringEncoder(CharsetUtil.UTF_8));
pipeline.addLast(new MessageDecoder());
pipeline.addLast(new IdleStateHandler(READER_IDLE_TIME, WRITER_IDLE_TIME, ALL_IDLE_TIME));
pipeline.addLast(new ReadTimeoutHandler(TIMEOUT));
controller.handleNewNodeConnection(channel);
}
public SSLEngineResult unwrap(final ByteBuffer src, final ByteBuffer[] dsts, final int offset, final int length) throws SSLException {
SSLEngine next;
final int mark = src.position();
try {
if (src.remaining() < SNISSLExplorer.RECORD_HEADER_SIZE) {
packetBufferSize = SNISSLExplorer.RECORD_HEADER_SIZE;
return UNDERFLOW_UNWRAP;
}
final int requiredSize = SNISSLExplorer.getRequiredSize(src);
if (src.remaining() < requiredSize) {
packetBufferSize = requiredSize;
return UNDERFLOW_UNWRAP;
}
List<SNIServerName> names = SNISSLExplorer.explore(src);
SSLContext sslContext = selector.getContext(names);
if (sslContext == null) {
// no SSL context is available
throw UndertowMessages.MESSAGES.noContextForSslConnection();
}
next = engineFunction.apply(sslContext);
next.setUseClientMode(false);
final int flagsVal = flags.get();
if ((flagsVal & FL_WANT_C_AUTH) != 0) {
next.setWantClientAuth(true);
} else if ((flagsVal & FL_NEED_C_AUTH) != 0) {
next.setNeedClientAuth(true);
}
if ((flagsVal & FL_SESSION_CRE) != 0) {
next.setEnableSessionCreation(true);
}
next = selectionCallback.apply(next);
currentRef.set(next);
} finally {
src.position(mark);
}
return next.unwrap(src, dsts, offset, length);
}
@Override
public SSLEngine newServerEngine(ByteBufAllocator allocator, String peerHost, int peerPort)
throws SSLException {
final SslContext sslContext = newServerContextBuilder().build();
final SSLEngine engine = sslContext.newEngine(allocator, peerHost, peerPort);
try {
engine.setEnableSessionCreation(true);
} catch (UnsupportedOperationException ignored) {
// see ReferenceCountedOpenSslEngine#setEnableSessionCreation
logger.trace("Session creation not enabled", ignored);
}
return engine;
}
public SslHandler getSslHandler() {
try {
URL ksUrl = Resources.getResource(keyStoreFile);
File ksFile = new File(ksUrl.toURI());
URL tsUrl = Resources.getResource(keyStoreFile);
File tsFile = new File(tsUrl.toURI());
TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore trustStore = KeyStore.getInstance(keyStoreType);
trustStore.load(new FileInputStream(tsFile), keyStorePassword.toCharArray());
tmFactory.init(trustStore);
KeyStore ks = KeyStore.getInstance(keyStoreType);
ks.load(new FileInputStream(ksFile), keyStorePassword.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, keyPassword.toCharArray());
KeyManager[] km = kmf.getKeyManagers();
TrustManager x509wrapped = getX509TrustManager(tmFactory);
TrustManager[] tm = {x509wrapped};
SSLContext sslContext = SSLContext.getInstance(TLS);
sslContext.init(km, tm, null);
SSLEngine sslEngine = sslContext.createSSLEngine();
sslEngine.setUseClientMode(false);
sslEngine.setNeedClientAuth(false);
sslEngine.setWantClientAuth(true);
sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols());
sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
sslEngine.setEnableSessionCreation(true);
return new SslHandler(sslEngine);
} catch (Exception e) {
log.error("Unable to set up SSL context. Reason: " + e.getMessage(), e);
throw new RuntimeException("Failed to get SSL handler", e);
}
}
public SSLEngine createSslEngine() {
SSLEngine sslEngine = createBaseSslEngine();
sslEngine.setEnabledProtocols(getFinalProtocols());
sslEngine.setEnabledCipherSuites(getFinalCipherSuites());
sslEngine.setEnableSessionCreation(true);
sslEngine.setUseClientMode(isClientMode());
return sslEngine;
}
public ChannelPipeline getPipeline() throws Exception {
Integer max = Integer.valueOf(Play.configuration.getProperty("play.netty.maxContentLength", "-1"));
String mode = Play.configuration.getProperty("play.netty.clientAuth", "none");
ChannelPipeline pipeline = pipeline();
// Add SSL handler first to encrypt and decrypt everything.
SSLEngine engine = SslHttpServerContextFactory.getServerContext().createSSLEngine();
engine.setUseClientMode(false);
if ("want".equalsIgnoreCase(mode)) {
engine.setWantClientAuth(true);
} else if ("need".equalsIgnoreCase(mode)) {
engine.setNeedClientAuth(true);
}
engine.setEnableSessionCreation(true);
pipeline.addLast("flashPolicy", new FlashPolicyHandler());
pipeline.addLast("ssl", new SslHandler(engine));
pipeline.addLast("decoder", new HttpRequestDecoder());
pipeline.addLast("aggregator", new StreamChunkAggregator(max));
pipeline.addLast("encoder", new HttpResponseEncoder());
pipeline.addLast("chunkedWriter", new ChunkedWriteHandler());
pipeline.addLast("handler", new SslPlayHandler());
return pipeline;
}
@Override
protected void initChannel(SocketChannel ch) throws Exception {
OFChannelHandler handler = new OFChannelHandler(controller);
ChannelPipeline pipeline = ch.pipeline();
if (sslContext != null) {
log.info("OpenFlow SSL enabled.");
SSLEngine sslEngine = sslContext.createSSLEngine();
sslEngine.setNeedClientAuth(true);
sslEngine.setUseClientMode(false);
sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols());
sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
sslEngine.setEnableSessionCreation(true);
SslHandler sslHandler = new SslHandler(sslEngine);
pipeline.addLast("ssl", sslHandler);
} else {
log.debug("OpenFlow SSL disabled.");
}
pipeline.addLast("ofmessageencoder", OFMessageEncoder.getInstance());
pipeline.addLast("ofmessagedecoder", OFMessageDecoder.getInstance());
pipeline.addLast("consolidateflush", new FlushConsolidationHandler(
FlushConsolidationHandler.DEFAULT_EXPLICIT_FLUSH_AFTER_FLUSHES, true));
pipeline.addLast("idle", new IdleStateHandler(5, 25, 0));
pipeline.addLast("timeout", new ReadTimeoutHandler(30));
// XXX S ONOS: was 15 increased it to fix Issue #296
pipeline.addLast("handshaketimeout",
new HandshakeTimeoutHandler(handler, 60));
// ExecutionHandler equivalent now part of Netty core
if (pipelineExecutor != null) {
pipeline.addLast(pipelineExecutor, "handler", handler);
} else {
pipeline.addLast("handler", handler);
}
}