netty集成ssl完整参考指南(含完整源码)

虽然我们在内部rpc通信中使用的是基于认证和报文头加密的方式实现安全性,但是有些时候仍然需要使用SSL加密,可能是因为对接的三方系统需要,也可能是由于open的考虑。中午特地测了下netty下集成ssl的功能,关于ssl的握手过程以及java安全框架中的相关组件说明,请参考如下链接:

http://www.cnblogs.com/zhjh256/p/6262620.html

http://www.cnblogs.com/zhjh256/p/6104537.html

网上搜了下,并没有看到完整的netty ssl示例例子,netty in action中也只是匆匆带过。特详细的测试和整理如下。

首先生成服务端证书:

D:\security\server>keytool -genkey -alias securechat -keysize 2048 -validity 365 -keyalg RSA -dname "CN=localhost" -keypass sNetty -storepass sNetty -keystore sChat.jks

D:\security\server>keytool -export -alias securechat -keystore sChat.jks -storepass sNetty -file sChat.cer
存储在文件 <sChat.cer> 中的证书

D:\security\server>cd /d ../client

D:\security\client>keytool -genkey -alias smcc -keysize 2048 -validity 365 -keyalg RSA -dname "CN=localhost" -keypass cNetty -storepass cNetty -keystore cChat.jks

D:\security\client>keytool -import -trustcacerts -alias securechat -file ../server\sChat.cer -storepass cNetty -keystore cChat.jks
所有者: CN=localhost
发布者: CN=localhost
序列号: 78384348
有效期开始日期: Wed Mar 01 12:48:48 CST 2017, 截止日期: Thu Mar 01 12:48:48 CST 2018
证书指纹:
MD5: 94:83:6C:6D:4B:0D:0B:E6:BF:39:B7:2C:17:29:E8:3C
SHA1: 9A:29:27:41:BE:71:38:C8:13:99:3A:8F:C6:37:C2:95:31:14:B4:98
SHA256: E9:31:40:C7:FC:EA:EF:24:54:EF:4C:59:50:44:CB:1F:9A:35:B7:26:07:2D:3B:1F:BC:30:8E:C0:63:45:4F:21
签名算法名称: SHA256withRSA
版本: 3

扩展:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>.
0010: 32 85 0D A8 2...
]
]

是否信任此证书? [否]: 是
证书已添加到密钥库中

netty服务端源码:

package com.ld.net.spider.server;

import io.netty.channel.ChannelHandlerContext;

import io.netty.channel.SimpleChannelInboundHandler;

import java.net.InetSocketAddress;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

public class SpiderServerBusiHandler extends SimpleChannelInboundHandler<Object> {

    static final Logger logger = LoggerFactory.getLogger(SpiderServerBusiHandler.class);

    @Override

    protected void channelRead0(final ChannelHandlerContext ctx, final Object msg)

            throws Exception {

        System.out.println(msg.toString());

    }

    @Override

    public void exceptionCaught(ChannelHandlerContext ctx,

            Throwable cause) throws Exception {

        logger.error("channel " + ((InetSocketAddress)ctx.channel().remoteAddress()).toString() + " exception:",cause);

        ctx.close();

    }

}
package com.ld.net.spider.channel;

import java.nio.charset.Charset;

import javax.net.ssl.SSLEngine;

import com.ld.net.spider.server.SpiderServerBusiHandler;

import io.netty.channel.Channel;

import io.netty.channel.ChannelInitializer;

import io.netty.channel.ChannelPipeline;

import io.netty.handler.codec.LengthFieldBasedFrameDecoder;

import io.netty.handler.codec.LengthFieldPrepender;

import io.netty.handler.codec.string.StringDecoder;

import io.netty.handler.codec.string.StringEncoder;

import io.netty.handler.ssl.SslContext;

import io.netty.handler.ssl.SslHandler;

public class SslChannelInitializer extends ChannelInitializer<Channel> {

    private final SslContext context;

    public SslChannelInitializer(SslContext context) {

        this.context = context;

    }

    @Override

    protected void initChannel(Channel ch) throws Exception {

        SSLEngine engine = context.newEngine(ch.alloc());

        engine.setUseClientMode(false);

        ch.pipeline().addFirst("ssl", new SslHandler(engine));

        ChannelPipeline pipeline = ch.pipeline();

        pipeline.addLast("frameDecoder", new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4));

        pipeline.addLast("frameEncoder", new LengthFieldPrepender(4));  //最大16M

        pipeline.addLast("decoder", new StringDecoder(Charset.forName("UTF-8")));

        pipeline.addLast("encoder", new StringEncoder(Charset.forName("UTF-8")));

        pipeline.addLast("spiderServerBusiHandler", new SpiderServerBusiHandler());

    }

}
package com.ld.net.spider.channel;

import io.netty.bootstrap.ServerBootstrap;

import io.netty.buffer.PooledByteBufAllocator;

import io.netty.channel.ChannelOption;

import io.netty.channel.EventLoopGroup;

import io.netty.channel.ServerChannel;

import io.netty.channel.nio.NioEventLoopGroup;

import io.netty.channel.socket.nio.NioServerSocketChannel;

import io.netty.handler.ssl.SslContext;

import io.netty.handler.ssl.SslContextBuilder;

import java.io.FileInputStream;

import java.security.KeyStore;

import javax.net.ssl.KeyManagerFactory;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

public class SocketServerHelper {

    static final Logger logger = LoggerFactory.getLogger(SocketServerHelper.class);

    private static int WORKER_GROUP_SIZE = Runtime.getRuntime().availableProcessors() * 2; 

    private static EventLoopGroup bossGroup;

    private static EventLoopGroup workerGroup;  

    private static Class<? extends ServerChannel> channelClass;

    public static void startSpiderServer() throws Exception {

        ServerBootstrap b = new ServerBootstrap();

        b.childOption(ChannelOption.TCP_NODELAY, true)

        .childOption(ChannelOption.SO_KEEPALIVE, true)

        .childOption(ChannelOption.SO_REUSEADDR, true)

        .childOption(ChannelOption.ALLOCATOR, new PooledByteBufAllocator(false))

        .childOption(ChannelOption.SO_RCVBUF, 1048576)

        .childOption(ChannelOption.SO_SNDBUF, 1048576);

        bossGroup = new NioEventLoopGroup(1);

        workerGroup = new NioEventLoopGroup(WORKER_GROUP_SIZE);

        channelClass = NioServerSocketChannel.class;

        logger.info("workerGroup size:" + WORKER_GROUP_SIZE);

        logger.info("preparing to start spider server...");

        b.group(bossGroup, workerGroup);

        b.channel(channelClass);

        KeyManagerFactory keyManagerFactory = null;

        KeyStore keyStore = KeyStore.getInstance("JKS");

        keyStore.load(new FileInputStream("D:\\security\\server\\sChat.jks"), "sNetty".toCharArray());

        keyManagerFactory = KeyManagerFactory.getInstance("SunX509");

        keyManagerFactory.init(keyStore,"sNetty".toCharArray());

        SslContext sslContext = SslContextBuilder.forServer(keyManagerFactory).build();

        b.childHandler(new SslChannelInitializer(sslContext));

        b.bind(9912).sync();

        logger.info("spider server start sucess, listening on port " + 9912 + ".");

    }

    public static void main(String[] args) throws Exception {

        SocketServerHelper.startSpiderServer();

    }

    public static void shutdown() {

        logger.debug("preparing to shutdown spider server...");

        bossGroup.shutdownGracefully();

        workerGroup.shutdownGracefully();

        logger.debug("spider server is shutdown.");

    }

}
package com.ld.net.spider.channel;

import java.net.InetSocketAddress;

import java.nio.channels.ClosedChannelException;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import io.netty.buffer.ByteBuf;

import io.netty.channel.Channel;

import io.netty.channel.ChannelFuture;

public class SocketHelper {

    static final Logger logger = LoggerFactory.getLogger(SocketHelper.class);

    public static ChannelFuture writeMessage(Channel channel,String msg) {

        if(channel!=null){

            try {

                return channel.writeAndFlush(msg).sync();

            } catch (Exception e) {

                String otherInfo = "";

                if(channel.remoteAddress() != null) {

                    otherInfo = "remote address [" + ((InetSocketAddress)channel.remoteAddress()).toString() + "]";

                } else {

                    otherInfo = "channel is null.";

                }

                if(e instanceof ClosedChannelException) {

                    logger.error("channel to " + otherInfo + " is closed",e);

                } else {

                    logger.error("timeout occured during channel send msg, " + otherInfo,e);

                }

            }

        }else{

            logger.error("send msg failed, channel is disconnected or not connect. channel is null, please see caller log.");

        }

        return null;

    }

    public static ChannelFuture writeMessage(Channel channel,ByteBuf msg) {

        if(channel!=null){

            try {

                return channel.writeAndFlush(msg).sync();

            } catch (Exception e) {

                logger.error("timeout occured during channel send msg. remote address is:" + ((InetSocketAddress)channel.remoteAddress()).toString(),e);

            }

        }else{

            logger.error("send msg failed, channel is disconnected or not connect, channel is null, please see caller log.");

        }

        return null;

    }

}

netty 集成 wss 安全链接的更多相关文章

  1. netty集成ssl完整参考指南(含完整源码)

    虽然我们在内部rpc通信中使用的是基于认证和报文头加密的方式实现安全性,但是有些时候仍然需要使用SSL加密,可能是因为对接的三方系统需要,也可能是由于open的考虑.中午特地测了下netty下集成ss ...

  2. 解决gdal集成libkml的链接错误

    作者:朱金灿 来源:http://blog.csdn.net/clever101 gdal库在集成libkml出现一些链接错误: 1>libkmldomD.lib(kml_factory.obj ...

  3. netty集成springboot

    一 前言 springboot 如何集成netty实现mapper调用不为null的问题让好多读者都头疼过,知识追寻者发了一点时间做了个基本入门集成应用给读者们指明条正确的集成方式,我相信,只要你有n ...

  4. Netty集成Protobuf

    一.创建Personproto.proto 创建Personproto.proto文件 syntax = "proto2"; package com.example.protobu ...

  5. 集成bug统计链接

    http://crab.baidu.com/http://bugly.qq.com/ http://bughd.com/ http://www.umeng.com/analyticshttp://tr ...

  6. netty 的 Google protobuf 开发

    根据上一篇博文 Google Protobuf 使用 Java 版 netty 集成 protobuf 的方法非常简单.代码如下: server package protobuf.server.imp ...

  7. Java项目集成SAP BO

    SAP BO报表查看需要登录SAP BO系统,为了方便公司希望将BO报表集成到OA系统中,所以参考网上资料加上与SAP BO的顾问咨询整理出一套通过Java来集成SAP BO的功能. SAPBO中的报 ...

  8. SpringBoot使用Druid数据库加密链接完整方案

    网上的坑 springboot 使用 Druid 数据库加密链接方案,不建议采用网上的一篇文章<springboot 结合 Druid 加密数据库密码遇到的坑!>介绍的方式来进行加密链接实 ...

  9. nginx lua集成kafka

    NGINX lua集成kafka 第一步:进入opresty目录 [root@node03 openresty]# cd /export/servers/openresty/ [root@node03 ...

随机推荐

  1. SpringBoot应用部署到Tomcat中无法启动问题(初识)

    参考http://blog.csdn.net/asdfsfsdgdfgh/article/details/52127562 背景 最近公司在做一些内部的小型Web应用时, 为了提高开发效率决定使用Sp ...

  2. isNAN的使用方法及介绍

    NaN为 Not a Number isNaN()函数在接到一个值后,会尝试将这个值转换为数值. alert(isNaN(NaN)); //true alert(isNaN(25)); //false ...

  3. Linux 虚拟机VMware安装失败,提示没有选择磁盘

    提示安装位置:没有选择磁盘 磁盘类型问题. 在新建虚拟机向导时会推荐选项 重新安装就有磁盘了

  4. java 怎样向一个已存在的文件中添加内容

    如果想向某个文件最后添加内容,可使用FileWriter fw = new FileWriter("log.txt",true);在创建FileWriter时加个true就可以了. ...

  5. 遇到的问题&思考

    MYSQL需要批量修改表前缀: http://jingyan.baidu.com/article/11c17a2c742561f446e39d2f.html Select CONCAT( 'ALTER ...

  6. IDEA 快捷操作 Windows

    1.查找Action  ctrl+shift+A :可通过其查询其他操作快捷键等. 2.项目之间跳转:ctrl+shift+[ 与  ctrl+shift+] 3.alt + 数字 展开对应窗口 4. ...

  7. [Android]数据篇 --- SharedPreferences

    转载请标注:转载于http://www.cnblogs.com/Liuyt-61/p/6637515.html -------------------------------------------- ...

  8. uva-10700-贪心

    题意:对于一个只有加法和乘法的序列,没有加法和乘法的优先级,问,结果最大值和最小值是多少,数字范围 1<=N <= 20 解题思路: (A+B)*C - (A+(B*C)) = AC + ...

  9. 《算法》第一章部分程序 part 2

    ▶ 书中第一章部分程序,加上自己补充的代码,包括简单的计时器,链表背包迭代器,表达式计算相关 ● 简单的计时器,分别记录墙上时间和 CPU 时间. package package01; import ...

  10. workerman-todpole 执行流程(3)

    通过前两篇文章的分析: workerman-todpole 执行流程(1) workerman-todpole 执行流程(2) 我们已经详细了解了主进程以及子进程的启动细节,但之前的文章并没有考虑 W ...