虽然我们在内部rpc通信中使用的是基于认证和报文头加密的方式实现安全性,但是有些时候仍然需要使用SSL加密,可能是因为对接的三方系统需要,也可能是由于open的考虑。中午特地测了下netty下集成ssl的功能,关于ssl的握手过程以及java安全框架中的相关组件说明,请参考如下链接:
http://www.cnblogs.com/zhjh256/p/6262620.html
http://www.cnblogs.com/zhjh256/p/6104537.html
网上搜了下,并没有看到完整的netty ssl示例例子,netty in action中也只是匆匆带过。特详细的测试和整理如下。
首先生成服务端证书:
D:\security\server>keytool -genkey -alias securechat -keysize 2048 -validity 365 -keyalg RSA -dname "CN=localhost" -keypass sNetty -storepass sNetty -keystore sChat.jks
D:\security\server>keytool -export -alias securechat -keystore sChat.jks -storepass sNetty -file sChat.cer
存储在文件 <sChat.cer> 中的证书
D:\security\server>cd /d ../client
D:\security\client>keytool -genkey -alias smcc -keysize 2048 -validity 365 -keyalg RSA -dname "CN=localhost" -keypass cNetty -storepass cNetty -keystore cChat.jks
D:\security\client>keytool -import -trustcacerts -alias securechat -file ../server\sChat.cer -storepass cNetty -keystore cChat.jks
所有者: CN=localhost
发布者: CN=localhost
序列号: 78384348
有效期开始日期: Wed Mar 01 12:48:48 CST 2017, 截止日期: Thu Mar 01 12:48:48 CST 2018
证书指纹:
MD5: 94:83:6C:6D:4B:0D:0B:E6:BF:39:B7:2C:17:29:E8:3C
SHA1: 9A:29:27:41:BE:71:38:C8:13:99:3A:8F:C6:37:C2:95:31:14:B4:98
SHA256: E9:31:40:C7:FC:EA:EF:24:54:EF:4C:59:50:44:CB:1F:9A:35:B7:26:07:2D:3B:1F:BC:30:8E:C0:63:45:4F:21
签名算法名称: SHA256withRSA
版本: 3
扩展:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>.
0010: 32 85 0D A8 2...
]
]
是否信任此证书? [否]: 是
证书已添加到密钥库中
netty服务端源码:
package com.ld.net.spider.server; import io.netty.channel.ChannelHandlerContext; import io.netty.channel.SimpleChannelInboundHandler; import java.net.InetSocketAddress; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class SpiderServerBusiHandler extends SimpleChannelInboundHandler<Object> { static final Logger logger = LoggerFactory.getLogger(SpiderServerBusiHandler.class); @Override protected void channelRead0(final ChannelHandlerContext ctx, final Object msg) throws Exception { System.out.println(msg.toString()); } @Override public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception { logger.error("channel " + ((InetSocketAddress)ctx.channel().remoteAddress()).toString() + " exception:",cause); ctx.close(); } }
package com.ld.net.spider.channel; import java.nio.charset.Charset; import javax.net.ssl.SSLEngine; import com.ld.net.spider.server.SpiderServerBusiHandler; import io.netty.channel.Channel; import io.netty.channel.ChannelInitializer; import io.netty.channel.ChannelPipeline; import io.netty.handler.codec.LengthFieldBasedFrameDecoder; import io.netty.handler.codec.LengthFieldPrepender; import io.netty.handler.codec.string.StringDecoder; import io.netty.handler.codec.string.StringEncoder; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslHandler; public class SslChannelInitializer extends ChannelInitializer<Channel> { private final SslContext context; public SslChannelInitializer(SslContext context) { this.context = context; } @Override protected void initChannel(Channel ch) throws Exception { SSLEngine engine = context.newEngine(ch.alloc()); engine.setUseClientMode(false); ch.pipeline().addFirst("ssl", new SslHandler(engine)); ChannelPipeline pipeline = ch.pipeline(); pipeline.addLast("frameDecoder", new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4)); pipeline.addLast("frameEncoder", new LengthFieldPrepender(4)); //最大16M pipeline.addLast("decoder", new StringDecoder(Charset.forName("UTF-8"))); pipeline.addLast("encoder", new StringEncoder(Charset.forName("UTF-8"))); pipeline.addLast("spiderServerBusiHandler", new SpiderServerBusiHandler()); } }
package com.ld.net.spider.channel; import io.netty.bootstrap.ServerBootstrap; import io.netty.buffer.PooledByteBufAllocator; import io.netty.channel.ChannelOption; import io.netty.channel.EventLoopGroup; import io.netty.channel.ServerChannel; import io.netty.channel.nio.NioEventLoopGroup; import io.netty.channel.socket.nio.NioServerSocketChannel; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; import java.io.FileInputStream; import java.security.KeyStore; import javax.net.ssl.KeyManagerFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class SocketServerHelper { static final Logger logger = LoggerFactory.getLogger(SocketServerHelper.class); private static int WORKER_GROUP_SIZE = Runtime.getRuntime().availableProcessors() * 2; private static EventLoopGroup bossGroup; private static EventLoopGroup workerGroup; private static Class<? extends ServerChannel> channelClass; public static void startSpiderServer() throws Exception { ServerBootstrap b = new ServerBootstrap(); b.childOption(ChannelOption.TCP_NODELAY, true) .childOption(ChannelOption.SO_KEEPALIVE, true) .childOption(ChannelOption.SO_REUSEADDR, true) .childOption(ChannelOption.ALLOCATOR, new PooledByteBufAllocator(false)) .childOption(ChannelOption.SO_RCVBUF, 1048576) .childOption(ChannelOption.SO_SNDBUF, 1048576); bossGroup = new NioEventLoopGroup(1); workerGroup = new NioEventLoopGroup(WORKER_GROUP_SIZE); channelClass = NioServerSocketChannel.class; logger.info("workerGroup size:" + WORKER_GROUP_SIZE); logger.info("preparing to start spider server..."); b.group(bossGroup, workerGroup); b.channel(channelClass); KeyManagerFactory keyManagerFactory = null; KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream("D:\\security\\server\\sChat.jks"), "sNetty".toCharArray()); keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); keyManagerFactory.init(keyStore,"sNetty".toCharArray()); SslContext sslContext = SslContextBuilder.forServer(keyManagerFactory).build(); b.childHandler(new SslChannelInitializer(sslContext)); b.bind(9912).sync(); logger.info("spider server start sucess, listening on port " + 9912 + "."); } public static void main(String[] args) throws Exception { SocketServerHelper.startSpiderServer(); } public static void shutdown() { logger.debug("preparing to shutdown spider server..."); bossGroup.shutdownGracefully(); workerGroup.shutdownGracefully(); logger.debug("spider server is shutdown."); } }
package com.ld.net.spider.channel; import java.net.InetSocketAddress; import java.nio.channels.ClosedChannelException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import io.netty.buffer.ByteBuf; import io.netty.channel.Channel; import io.netty.channel.ChannelFuture; public class SocketHelper { static final Logger logger = LoggerFactory.getLogger(SocketHelper.class); public static ChannelFuture writeMessage(Channel channel,String msg) { if(channel!=null){ try { return channel.writeAndFlush(msg).sync(); } catch (Exception e) { String otherInfo = ""; if(channel.remoteAddress() != null) { otherInfo = "remote address [" + ((InetSocketAddress)channel.remoteAddress()).toString() + "]"; } else { otherInfo = "channel is null."; } if(e instanceof ClosedChannelException) { logger.error("channel to " + otherInfo + " is closed",e); } else { logger.error("timeout occured during channel send msg, " + otherInfo,e); } } }else{ logger.error("send msg failed, channel is disconnected or not connect. channel is null, please see caller log."); } return null; } public static ChannelFuture writeMessage(Channel channel,ByteBuf msg) { if(channel!=null){ try { return channel.writeAndFlush(msg).sync(); } catch (Exception e) { logger.error("timeout occured during channel send msg. remote address is:" + ((InetSocketAddress)channel.remoteAddress()).toString(),e); } }else{ logger.error("send msg failed, channel is disconnected or not connect, channel is null, please see caller log."); } return null; } }
客户端源码:
package com.ld.net.spider.client; import io.netty.channel.ChannelHandlerContext; import io.netty.channel.SimpleChannelInboundHandler; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class SpiderClientBusiHandler extends SimpleChannelInboundHandler<Object> { static final Logger logger = LoggerFactory.getLogger(SpiderClientBusiHandler.class); @Override protected void channelRead0(ChannelHandlerContext ctx, Object origMsg) { System.out.println(origMsg.toString()); } @Override public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception { cause.printStackTrace(); } }
package com.ld.net.spider.channel; import java.nio.charset.Charset; import javax.net.ssl.SSLEngine; import com.ld.net.spider.client.SpiderClientBusiHandler; import io.netty.channel.Channel; import io.netty.channel.ChannelInitializer; import io.netty.channel.ChannelPipeline; import io.netty.handler.codec.LengthFieldBasedFrameDecoder; import io.netty.handler.codec.LengthFieldPrepender; import io.netty.handler.codec.string.StringDecoder; import io.netty.handler.codec.string.StringEncoder; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslHandler; public class SslChannelInitializer extends ChannelInitializer<Channel> { private final SslContext context; public SslChannelInitializer(SslContext context) { this.context = context; } @Override protected void initChannel(Channel ch) throws Exception { SSLEngine engine = context.newEngine(ch.alloc()); engine.setUseClientMode(true); ch.pipeline().addFirst("ssl", new SslHandler(engine)); ChannelPipeline pipeline = ch.pipeline(); pipeline.addLast("frameDecoder", new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4)); pipeline.addLast("frameEncoder", new LengthFieldPrepender(4)); //最大16M pipeline.addLast("decoder", new StringDecoder(Charset.forName("UTF-8"))); pipeline.addLast("encoder", new StringEncoder(Charset.forName("UTF-8"))); pipeline.addLast("spiderClientBusiHandler", new SpiderClientBusiHandler()); } }
package com.ld.net.spider.channel; import io.netty.bootstrap.Bootstrap; import io.netty.channel.Channel; import io.netty.channel.ChannelOption; import io.netty.channel.EventLoopGroup; import io.netty.channel.nio.NioEventLoopGroup; import io.netty.channel.socket.nio.NioSocketChannel; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; import java.io.FileInputStream; import java.security.KeyStore; import java.text.MessageFormat; import javax.net.ssl.TrustManagerFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class SocketClientHelper { static final Logger logger = LoggerFactory.getLogger(SocketClientHelper.class); public static void main(String[] args) { Channel channel = SocketClientHelper.createChannel("localhost",9912); try { Thread.sleep(100); } catch (InterruptedException e) { // TODO Auto-generated catch block e.printStackTrace(); } SocketHelper.writeMessage(channel, "ssh over tcp test 1"); SocketHelper.writeMessage(channel, "ssh over tcp test 2"); SocketHelper.writeMessage(channel, "ssh over tcp test 3"); SocketHelper.writeMessage(channel, "ssh over tcp test 4"); SocketHelper.writeMessage(channel, "ssh over tcp test 5"); } public static Channel createChannel(String host, int port) { Channel channel = null; Bootstrap b = getBootstrap(); try { channel = b.connect(host, port).sync().channel(); logger.info(MessageFormat.format("connect to spider server ({0}:{1,number,#}) success for thread [" + Thread.currentThread().getName() + "].", host,port)); } catch (Exception e) { e.printStackTrace(); } return channel; } public static Bootstrap getBootstrap(){ EventLoopGroup group; Class<? extends Channel> channelClass = NioSocketChannel.class; group = new NioEventLoopGroup(); Bootstrap b = new Bootstrap(); b.group(group).channel(channelClass); b.option(ChannelOption.SO_KEEPALIVE, true); b.option(ChannelOption.TCP_NODELAY, true); b.option(ChannelOption.SO_REUSEADDR, true); b.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 5000); TrustManagerFactory tf = null; try { KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream("D:\\security\\client\\cChat.jks"), "cNetty".toCharArray()); tf = TrustManagerFactory.getInstance("SunX509"); tf.init(keyStore); SslContext sslContext = SslContextBuilder.forClient().trustManager(tf).build(); b.handler(new SslChannelInitializer(sslContext)); return b; } catch(Exception e) { e.printStackTrace(); } return null; } }
package com.ld.net.spider.channel; import java.net.InetSocketAddress; import java.nio.channels.ClosedChannelException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import io.netty.buffer.ByteBuf; import io.netty.channel.Channel; import io.netty.channel.ChannelFuture; public class SocketHelper { static final Logger logger = LoggerFactory.getLogger(SocketHelper.class); //仅用于内部通信,不供业务直接使用 public static ChannelFuture writeMessage(Channel channel,String msg) { if(channel!=null){ try { System.out.println("send: " + msg); return channel.writeAndFlush(msg).sync(); } catch (Exception e) { String otherInfo = ""; if(channel.remoteAddress() != null) { otherInfo = "remote address [" + ((InetSocketAddress)channel.remoteAddress()).toString() + "]"; } else { otherInfo = "channel is null."; } if(e instanceof ClosedChannelException) { logger.error("channel to " + otherInfo + " is closed",e); } else { logger.error("timeout occured during channel send msg, " + otherInfo,e); } } }else{ logger.error("send msg failed, channel is disconnected or not connect. channel is null, please see caller log."); } return null; } public static ChannelFuture writeMessage(Channel channel,ByteBuf msg) { if(channel!=null){ try { return channel.writeAndFlush(msg).sync(); } catch (Exception e) { logger.error("timeout occured during channel send msg. remote address is:" + ((InetSocketAddress)channel.remoteAddress()).toString(),e); } }else{ logger.error("send msg failed, channel is disconnected or not connect, channel is null, please see caller log."); } return null; } }
服务端日志如下:
2017-03-01 16:58:51,130 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Using SLF4J as the default logging framework 2017-03-01 16:58:51,149 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) java.nio.Buffer.address: available 2017-03-01 16:58:51,152 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) sun.misc.Unsafe.theUnsafe: available 2017-03-01 16:58:51,153 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) sun.misc.Unsafe.copyMemory: available 2017-03-01 16:58:51,153 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) direct buffer constructor: available 2017-03-01 16:58:51,156 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.Bits.unaligned: available, true 2017-03-01 16:58:51,156 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.DirectByteBuffer.<init>(long, int): available 2017-03-01 16:58:51,157 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.ByteBuffer.cleaner(): available 2017-03-01 16:58:51,158 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Platform: Windows 2017-03-01 16:58:51,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Java version: 8 2017-03-01 16:58:51,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noUnsafe: false 2017-03-01 16:58:51,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) sun.misc.Unsafe: available 2017-03-01 16:58:51,160 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noJavassist: false 2017-03-01 16:58:51,263 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Javassist: available 2017-03-01 16:58:51,264 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.tmpdir: C:\Users\dell\AppData\Local\Temp (java.io.tmpdir) 2017-03-01 16:58:51,264 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.bitMode: 32 (sun.arch.data.model) 2017-03-01 16:58:51,266 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noPreferDirect: false 2017-03-01 16:58:51,266 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) io.netty.maxDirectMemory: 259522560 bytes 2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.numHeapArenas: 2 2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.numDirectArenas: 2 2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.pageSize: 8192 2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.maxOrder: 11 2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.chunkSize: 16777216 2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.tinyCacheSize: 512 2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.smallCacheSize: 256 2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.normalCacheSize: 64 2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.maxCachedBufferCapacity: 32768 2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.cacheTrimInterval: 8192 2017-03-01 16:58:51,294 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.eventLoopThreads: 16 2017-03-01 16:58:51,317 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noKeySetOptimization: false 2017-03-01 16:58:51,317 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.selectorAutoRebuildThreshold: 512 2017-03-01 16:58:51,321 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) org.jctools-core.MpscChunkedArrayQueue: available 2017-03-01 16:58:51,570 INFO main com.ld.net.spider.channel.SocketServerHelper.startSpiderServer(SocketServerHelper.java:87) workerGroup size:16 2017-03-01 16:58:51,571 INFO main com.ld.net.spider.channel.SocketServerHelper.startSpiderServer(SocketServerHelper.java:88) preparing to start spider server... *** found key for : securechat chain [0] = [ [ Version: V3 Subject: CN=localhost Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241 public exponent: 65537 Validity: [From: Wed Mar 01 12:48:48 CST 2017, To: Thu Mar 01 12:48:48 CST 2018] Issuer: CN=localhost SerialNumber: [ 78384348] Certificate Extensions: 1 [1]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>. 0010: 32 85 0D A8 2... ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: 06 75 9F E1 A1 60 22 F9 2A 62 A7 71 42 D5 05 B7 .u...`".*b.qB... 0010: FF CB 2C C9 2D 03 D9 34 37 04 61 F0 C3 5D DF 23 ..,.-..47.a..].# 0020: B8 6C 72 3D 8E 60 CC 13 6E 66 C2 3A 81 E9 82 A4 .lr=.`..nf.:.... 0030: FD BD 05 B7 73 B2 6D 15 09 29 D2 9C 1E C1 C2 95 ....s.m..)...... 0040: 8A CA DC C7 E7 0A 64 C6 6E 6A 49 B9 29 77 30 84 ......d.njI.)w0. 0050: 4C 76 01 ED 48 AF 69 06 57 95 D5 AD 0D A9 06 7C Lv..H.i.W....... 0060: 3C 92 34 C0 DF 6D 12 B0 61 BA 9D 34 E1 60 58 37 <.4..m..a..4.`X7 0070: 26 54 AB C4 83 00 C7 9D A4 AE 50 2D A5 0F 9C B8 &T........P-.... 0080: A3 A7 70 AE 7A FF AE 96 32 EA F0 CB 31 46 96 8C ..p.z...2...1F.. 0090: 68 B5 68 4F 6D 7D 63 8D 02 2D 96 75 12 E7 76 01 h.hOm.c..-.u..v. 00A0: 3F 61 46 E3 B9 7B CE E1 77 EC 87 BE B1 ED 3A 9E ?aF.....w.....:. 00B0: B9 86 5E 77 EF 95 9B 17 16 EA 65 A9 59 E2 81 79 ..^w......e.Y..y 00C0: 0E BF B0 E5 18 CE 7A 0B 4A A6 19 1F 60 36 74 32 ......z.J...`6t2 00D0: E3 87 57 8A E0 98 87 DE 94 B0 BA A1 17 0F F2 16 ..W............. 00E0: D2 59 76 08 2F 6D 29 63 DA B9 E2 51 80 E9 85 22 .Yv./m)c...Q..." 00F0: B6 02 FD 8A 9B 44 98 57 44 44 65 B4 CC 42 B3 38 .....D.WDDe..B.8 ] *** 2017-03-01 16:58:51,633 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) netty-tcnative not in the classpath; OpenSslEngine will be unavailable. trustStore is: C:\Java\jdk1.8.0_102\jre\lib\security\cacerts trustStore type is : jks trustStore provider is : init truststore adding as trusted cert: Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US Algorithm: RSA; Serial number: 0xc3517 Valid from Mon Jun 21 12:00:00 CST 1999 until Mon Jun 22 12:00:00 CST 2020 adding as trusted cert: Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0 Valid from Wed Nov 08 03:31:18 CST 2006 until Tue Jan 01 03:40:55 CST 2030 adding as trusted cert: Subject: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Issuer: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Algorithm: EC; Serial number: 0xa68b79290000000050d091f9 Valid from Tue Dec 18 23:25:36 CST 2012 until Fri Dec 18 23:55:36 CST 2037 adding as trusted cert: Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP Algorithm: RSA; Serial number: 0x0 Valid from Tue Sep 30 12:20:49 CST 2003 until Sat Sep 30 12:20:49 CST 2023 adding as trusted cert: Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a Valid from Fri Nov 10 08:00:00 CST 2006 until Mon Nov 10 08:00:00 CST 2031 adding as trusted cert: Subject: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x445734245b81899b35f2ceb82b3b5ba726f07528 Valid from Fri Jan 13 02:59:32 CST 2012 until Mon Jan 13 02:59:32 CST 2042 adding as trusted cert: Subject: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x59b1b579e8e2132e23907bda777755c Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038 adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1 Valid from Mon Nov 27 08:00:00 CST 2006 until Thu Jul 17 07:59:59 CST 2036 adding as trusted cert: Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP Issuer: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP Algorithm: RSA; Serial number: 0x0 Valid from Fri May 29 13:00:39 CST 2009 until Tue May 29 13:00:39 CST 2029 adding as trusted cert: Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6 Valid from Mon May 18 08:00:00 CST 1998 until Wed Aug 02 07:59:59 CST 2028 adding as trusted cert: Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW Issuer: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d Valid from Mon Dec 20 10:31:27 CST 2004 until Wed Dec 20 10:31:27 CST 2034 adding as trusted cert: Subject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Commercial, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x7777062726a9b17c Valid from Fri Jan 29 22:06:06 CST 2010 until Tue Dec 31 22:06:06 CST 2030 adding as trusted cert: Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL Algorithm: RSA; Serial number: 0x444c0 Valid from Wed Oct 22 20:07:37 CST 2008 until Mon Dec 31 20:07:37 CST 2029 adding as trusted cert: Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Issuer: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad Valid from Tue Nov 02 01:14:04 CST 2004 until Mon Jan 01 13:37:19 CST 2035 adding as trusted cert: Subject: CN=Sonera Class2 CA, O=Sonera, C=FI Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI A