netty集成ssl完整参考指南(含完整源码)

虽然我们在内部rpc通信中使用的是基于认证和报文头加密的方式实现安全性,但是有些时候仍然需要使用SSL加密,可能是因为对接的三方系统需要,也可能是由于open的考虑。中午特地测了下netty下集成ssl的功能,关于ssl的握手过程以及java安全框架中的相关组件说明,请参考如下链接:

http://www.cnblogs.com/zhjh256/p/6262620.html

http://www.cnblogs.com/zhjh256/p/6104537.html

网上搜了下,并没有看到完整的netty ssl示例例子,netty in action中也只是匆匆带过。特详细的测试和整理如下。

首先生成服务端证书:

D:\security\server>keytool -genkey -alias securechat -keysize 2048 -validity 365 -keyalg RSA -dname "CN=localhost" -keypass sNetty -storepass sNetty -keystore sChat.jks

D:\security\server>keytool -export -alias securechat -keystore sChat.jks -storepass sNetty -file sChat.cer
存储在文件 <sChat.cer> 中的证书

D:\security\server>cd /d ../client

D:\security\client>keytool -genkey -alias smcc -keysize 2048 -validity 365 -keyalg RSA -dname "CN=localhost" -keypass cNetty -storepass cNetty -keystore cChat.jks

D:\security\client>keytool -import -trustcacerts -alias securechat -file ../server\sChat.cer -storepass cNetty -keystore cChat.jks
所有者: CN=localhost
发布者: CN=localhost
序列号: 78384348
有效期开始日期: Wed Mar 01 12:48:48 CST 2017, 截止日期: Thu Mar 01 12:48:48 CST 2018
证书指纹:
MD5: 94:83:6C:6D:4B:0D:0B:E6:BF:39:B7:2C:17:29:E8:3C
SHA1: 9A:29:27:41:BE:71:38:C8:13:99:3A:8F:C6:37:C2:95:31:14:B4:98
SHA256: E9:31:40:C7:FC:EA:EF:24:54:EF:4C:59:50:44:CB:1F:9A:35:B7:26:07:2D:3B:1F:BC:30:8E:C0:63:45:4F:21
签名算法名称: SHA256withRSA
版本: 3

扩展:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>.
0010: 32 85 0D A8 2...
]
]

是否信任此证书? [否]: 是
证书已添加到密钥库中

netty服务端源码:

package com.ld.net.spider.server;

import io.netty.channel.ChannelHandlerContext;

import io.netty.channel.SimpleChannelInboundHandler;

import java.net.InetSocketAddress;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

public class SpiderServerBusiHandler extends SimpleChannelInboundHandler<Object> {

    static final Logger logger = LoggerFactory.getLogger(SpiderServerBusiHandler.class);

    @Override

    protected void channelRead0(final ChannelHandlerContext ctx, final Object msg)

            throws Exception {

        System.out.println(msg.toString());

    }

    @Override

    public void exceptionCaught(ChannelHandlerContext ctx,

            Throwable cause) throws Exception {

        logger.error("channel " + ((InetSocketAddress)ctx.channel().remoteAddress()).toString() + " exception:",cause);

        ctx.close();

    }

}
package com.ld.net.spider.channel;

import java.nio.charset.Charset;

import javax.net.ssl.SSLEngine;

import com.ld.net.spider.server.SpiderServerBusiHandler;

import io.netty.channel.Channel;

import io.netty.channel.ChannelInitializer;

import io.netty.channel.ChannelPipeline;

import io.netty.handler.codec.LengthFieldBasedFrameDecoder;

import io.netty.handler.codec.LengthFieldPrepender;

import io.netty.handler.codec.string.StringDecoder;

import io.netty.handler.codec.string.StringEncoder;

import io.netty.handler.ssl.SslContext;

import io.netty.handler.ssl.SslHandler;

public class SslChannelInitializer extends ChannelInitializer<Channel> {

    private final SslContext context;

    public SslChannelInitializer(SslContext context) {

        this.context = context;

    }

    @Override

    protected void initChannel(Channel ch) throws Exception {

        SSLEngine engine = context.newEngine(ch.alloc());

        engine.setUseClientMode(false);

        ch.pipeline().addFirst("ssl", new SslHandler(engine));

        ChannelPipeline pipeline = ch.pipeline();

        pipeline.addLast("frameDecoder", new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4));

        pipeline.addLast("frameEncoder", new LengthFieldPrepender(4));  //最大16M

        pipeline.addLast("decoder", new StringDecoder(Charset.forName("UTF-8")));

        pipeline.addLast("encoder", new StringEncoder(Charset.forName("UTF-8")));

        pipeline.addLast("spiderServerBusiHandler", new SpiderServerBusiHandler());

    }

}
package com.ld.net.spider.channel;

import io.netty.bootstrap.ServerBootstrap;

import io.netty.buffer.PooledByteBufAllocator;

import io.netty.channel.ChannelOption;

import io.netty.channel.EventLoopGroup;

import io.netty.channel.ServerChannel;

import io.netty.channel.nio.NioEventLoopGroup;

import io.netty.channel.socket.nio.NioServerSocketChannel;

import io.netty.handler.ssl.SslContext;

import io.netty.handler.ssl.SslContextBuilder;

import java.io.FileInputStream;

import java.security.KeyStore;

import javax.net.ssl.KeyManagerFactory;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

public class SocketServerHelper {

    static final Logger logger = LoggerFactory.getLogger(SocketServerHelper.class);

    private static int WORKER_GROUP_SIZE = Runtime.getRuntime().availableProcessors() * 2; 

    private static EventLoopGroup bossGroup;

    private static EventLoopGroup workerGroup;  

    private static Class<? extends ServerChannel> channelClass;

    public static void startSpiderServer() throws Exception {

        ServerBootstrap b = new ServerBootstrap();

        b.childOption(ChannelOption.TCP_NODELAY, true)

        .childOption(ChannelOption.SO_KEEPALIVE, true)

        .childOption(ChannelOption.SO_REUSEADDR, true)

        .childOption(ChannelOption.ALLOCATOR, new PooledByteBufAllocator(false))

        .childOption(ChannelOption.SO_RCVBUF, 1048576)

        .childOption(ChannelOption.SO_SNDBUF, 1048576);

        bossGroup = new NioEventLoopGroup(1);

        workerGroup = new NioEventLoopGroup(WORKER_GROUP_SIZE);

        channelClass = NioServerSocketChannel.class;

        logger.info("workerGroup size:" + WORKER_GROUP_SIZE);

        logger.info("preparing to start spider server...");

        b.group(bossGroup, workerGroup);

        b.channel(channelClass);

        KeyManagerFactory keyManagerFactory = null;

        KeyStore keyStore = KeyStore.getInstance("JKS");

        keyStore.load(new FileInputStream("D:\\security\\server\\sChat.jks"), "sNetty".toCharArray());

        keyManagerFactory = KeyManagerFactory.getInstance("SunX509");

        keyManagerFactory.init(keyStore,"sNetty".toCharArray());

        SslContext sslContext = SslContextBuilder.forServer(keyManagerFactory).build();

        b.childHandler(new SslChannelInitializer(sslContext));

        b.bind(9912).sync();

        logger.info("spider server start sucess, listening on port " + 9912 + ".");

    }

    public static void main(String[] args) throws Exception {

        SocketServerHelper.startSpiderServer();

    }

    public static void shutdown() {

        logger.debug("preparing to shutdown spider server...");

        bossGroup.shutdownGracefully();

        workerGroup.shutdownGracefully();

        logger.debug("spider server is shutdown.");

    }

}
package com.ld.net.spider.channel;

import java.net.InetSocketAddress;

import java.nio.channels.ClosedChannelException;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import io.netty.buffer.ByteBuf;

import io.netty.channel.Channel;

import io.netty.channel.ChannelFuture;

public class SocketHelper {

    static final Logger logger = LoggerFactory.getLogger(SocketHelper.class);

    public static ChannelFuture writeMessage(Channel channel,String msg) {

        if(channel!=null){

            try {

                return channel.writeAndFlush(msg).sync();

            } catch (Exception e) {

                String otherInfo = "";

                if(channel.remoteAddress() != null) {

                    otherInfo = "remote address [" + ((InetSocketAddress)channel.remoteAddress()).toString() + "]";

                } else {

                    otherInfo = "channel is null.";

                }

                if(e instanceof ClosedChannelException) {

                    logger.error("channel to " + otherInfo + " is closed",e);

                } else {

                    logger.error("timeout occured during channel send msg, " + otherInfo,e);

                }

            }

        }else{

            logger.error("send msg failed, channel is disconnected or not connect. channel is null, please see caller log.");

        }

        return null;

    }

    public static ChannelFuture writeMessage(Channel channel,ByteBuf msg) {

        if(channel!=null){

            try {

                return channel.writeAndFlush(msg).sync();

            } catch (Exception e) {

                logger.error("timeout occured during channel send msg. remote address is:" + ((InetSocketAddress)channel.remoteAddress()).toString(),e);

            }

        }else{

            logger.error("send msg failed, channel is disconnected or not connect, channel is null, please see caller log.");

        }

        return null;

    }

}

netty 集成 wss 安全链接的更多相关文章

  1. netty集成ssl完整参考指南(含完整源码)

    虽然我们在内部rpc通信中使用的是基于认证和报文头加密的方式实现安全性,但是有些时候仍然需要使用SSL加密,可能是因为对接的三方系统需要,也可能是由于open的考虑.中午特地测了下netty下集成ss ...

  2. 解决gdal集成libkml的链接错误

    作者:朱金灿 来源:http://blog.csdn.net/clever101 gdal库在集成libkml出现一些链接错误: 1>libkmldomD.lib(kml_factory.obj ...

  3. netty集成springboot

    一 前言 springboot 如何集成netty实现mapper调用不为null的问题让好多读者都头疼过,知识追寻者发了一点时间做了个基本入门集成应用给读者们指明条正确的集成方式,我相信,只要你有n ...

  4. Netty集成Protobuf

    一.创建Personproto.proto 创建Personproto.proto文件 syntax = "proto2"; package com.example.protobu ...

  5. 集成bug统计链接

    http://crab.baidu.com/http://bugly.qq.com/ http://bughd.com/ http://www.umeng.com/analyticshttp://tr ...

  6. netty 的 Google protobuf 开发

    根据上一篇博文 Google Protobuf 使用 Java 版 netty 集成 protobuf 的方法非常简单.代码如下: server package protobuf.server.imp ...

  7. Java项目集成SAP BO

    SAP BO报表查看需要登录SAP BO系统,为了方便公司希望将BO报表集成到OA系统中,所以参考网上资料加上与SAP BO的顾问咨询整理出一套通过Java来集成SAP BO的功能. SAPBO中的报 ...

  8. SpringBoot使用Druid数据库加密链接完整方案

    网上的坑 springboot 使用 Druid 数据库加密链接方案,不建议采用网上的一篇文章<springboot 结合 Druid 加密数据库密码遇到的坑!>介绍的方式来进行加密链接实 ...

  9. nginx lua集成kafka

    NGINX lua集成kafka 第一步:进入opresty目录 [root@node03 openresty]# cd /export/servers/openresty/ [root@node03 ...

随机推荐

  1. JMeter性能(压力)测试--使用解锁

    1. 首先去官网下载JMeter:  http://jmeter.apache.org/download_jmeter.cgi 2. 解压缩后到目录 \apache-jmeter-5.0\bin 下找 ...

  2. Python Twisted系列教程3:初步认识Twisted

    作者:dave@http://krondo.com/our-eye-beams-begin-to-twist/ 译者:杨晓伟(采用意译) 可以从这里从头开始阅读这个系列. 用twisted的方式实现前 ...

  3. 传输模型, tcp socket套接字

    osi七层模型 tcp/ip四层模型 socket套接字 tcp 协议是可靠的  包括 三次握手 四次挥手 import socket # server server = socket.socket( ...

  4. JAVA 本地序列化。

    HashMap map = new HashMap(); map.put("province", "北京"); map.put("coding&quo ...

  5. SAP生产机该不该开放Debuger权限(转)

    前段时间公司定制系统在调用SAP RFC接口的时候报错了,看错误消息一时半会儿也不知道是哪里参数数据错误,就想着进到SAP系统里面对这个接口做远程Debuger,跟踪一下参数变量的变化,结果发现根本就 ...

  6. 代码:PC HTML——图片列表

    图片列表: 2016-6-12 可作为图片列表的规范性写法.这个例子只处理了单行的模式.( 一行多列 ) <link href="css/common.css" rel=&q ...

  7. ClientAbortException: java.net.SocketException: 断开的管道

    这次终于解决了 ClientAbortException ! [ERROR] [- ::] net.jweb.actions.CommonDiskAction - 系统异常 ClientAbortEx ...

  8. spring cloud之路(1)

    1.各个功能 springcloud 注册中心 Eureka负载均衡 Ribbon路由网关 Zuul断路器 Hystrix分布式配置 config服务调用跟踪 sleuth日志输出 elk 认证集成 ...

  9. CSS样式学习-1

    一.分类 ①内联,写在标签中,写法是style="样式属性".优先级最高. 优点:控制精确.缺点:代码重用性差,范围小. 例如: <div style="font- ...

  10. 机器学习进阶-光流估计 1.cv2.goodFeaturesToTrack(找出光流估计所需要的角点) 2.cv2.calcOpticalFlowPyrLK(获得光流检测后的角点位置) 3.cv2.add(进行像素点的加和)

    1.cv2.goodFeaturesToTrack(old_gray, mask=None, **feature_params)  用于获得光流估计所需要的角点参数说明:old_gray表示输入图片, ...