Netty-Tcp using openssl/boringssl for ssl

最新推荐文章于 2022-01-04 18:39:38 发布

直岩

最新推荐文章于 2022-01-04 18:39:38 发布

阅读量1.1k

点赞数 1

本文链接：https://blog.csdn.net/foreveryangqin/article/details/87001998

版权

Netty-Tcp using openssl/boringssl for ssl

Pom.xml: 若发现找不到对应classifier变量，可以尝试重新编译

 <dependency>
            <groupId>io.netty</groupId>
            <artifactId>netty-all</artifactId>
            <version>4.1.32.Final</version>
            <exclusions>
                <exclusion>
                    <groupId>io.netty</groupId>
                    <artifactId>netty-tcnative-boringssl-static</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>io.netty</groupId>
            <artifactId>netty-tcnative-boringssl-static</artifactId>
            <version>2.0.20.Final</version>
            <classifier>${os.detected.classifier}</classifier>
        </dependency>

设定sslProvide属性为sslProvide.OPENSSL
openssl version >= 1.02g
如果因为openssl升级造成调用openssl library，无法找到library, netty 会自动生成.so到tomcat的tmp目录下，查看tomcatlog时可以看调用生成的xxxxxxx.so successful.

 private boolean initSocketChannel(SocketChannel socketChannel) {
        SslContext sslContext = initSSLContext();
        if (sslContext == null){
            logger.info("sslContext init fail, return.");
            return false;
        }

        SSLEngine sslEngine = sslContext.newEngine(socketChannel.alloc());
        sslEngine.setUseClientMode(false);
        sslEngine.setNeedClientAuth(false);

        SslHandler sslHandler = new SslHandler(sslEngine);
        sslHandler.setHandshakeTimeoutMillis(60 * 1000);

        socketChannel.pipeline().addFirst("ssl", new SslHandler(sslEngine));
        socketChannel.pipeline().addLast(new IdleStateHandler(60, 0, 0, TimeUnit.SECONDS));
        ByteBuf delimiter = Unpooled.copiedBuffer("\r\n".getBytes());
        socketChannel.pipeline().addLast(new DelimiterBasedFrameDecoder(2048, delimiter));
        socketChannel.pipeline().addLast("decode", new StringDecoder());
        socketChannel.pipeline().addLast("encode", new StringEncoder());
        socketChannel.pipeline().addLast(eventExecutorGroup, new HeartBeatServerHandler());
        socketChannel.pipeline().addLast(idleStateTrigger);
        return true;
    }

    private SslContext initSSLContext() {
        SslContext sslContext = null;
        try {
            final Decoder decoder = Base64.getDecoder();
//            String pass = new String(decoder.decodeBuffer("MTExMTEx"), "UTF-8");
            String pass = new String(decoder.decode("aWRzYmcxMjMu"), "UTF-8");
            KeyStore ks = KeyStore.getInstance(Util.SSL_JKS);
            InputStream ksInputStream = HeartBeatServer.class.getResourceAsStream("/server.jks");
            ks.load(ksInputStream, pass.toCharArray());
            OpenSslCachingX509KeyManagerFactory kmf = new OpenSslCachingX509KeyManagerFactory(KeyManagerFactory.getInstance(Util.SSL_MANAGER_X509));
            kmf.init(ks, pass.toCharArray());
            sslContext = SslContextBuilder.forServer(kmf).sslProvider(SslProvider.OPENSSL).build();
            //SSLContext.getInstance(Util.SSL_VERSION);
            //sslContext.init(kmf.getKeyManagers(), null, null);
        } catch (Exception e) {
            logger.error(e.toString());
        }
        if (sslContext != null) {
            logger.debug("sslContext初始化成功");
        }
        return sslContext;
    }

直岩

关注

1
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Netty-Tcp using openssl/boringssl for ssl

Netty-Tcp using openssl/boringssl for sslPom.xml: every change need to rebuild &amp;amp;lt;dependency&amp;amp;gt; &amp;amp;lt;groupId&amp;amp;gt;io.netty&amp;amp;lt;/groupId&amp;amp;gt; &amp;amp;lt;
复制链接

扫一扫