lang/java/ipc/src/test/java/org/apache/avro/ipc/TestNettyServerWithSSL.java - avro - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.avro.ipc;

 import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.security.KeyStore;
 import java.security.Security;
 import java.security.cert.X509Certificate;
 import java.util.concurrent.Executors;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;

 import org.jboss.netty.channel.ChannelFactory;
 import org.jboss.netty.channel.ChannelPipeline;
 import org.jboss.netty.channel.ChannelPipelineFactory;
 import org.jboss.netty.channel.Channels;
 import org.jboss.netty.channel.socket.SocketChannel;
 import org.jboss.netty.channel.socket.nio.NioClientSocketChannelFactory;
 import org.jboss.netty.channel.socket.nio.NioServerSocketChannelFactory;
 import org.jboss.netty.handler.ssl.SslHandler;

 public class TestNettyServerWithSSL extends TestNettyServer{
   public static final String TEST_CERTIFICATE = "servercert.p12";
   public static final String TEST_CERTIFICATE_PASSWORD = "s3cret";

   protected static Server initializeServer(Responder responder) {
     ChannelFactory channelFactory = new NioServerSocketChannelFactory(
         Executors.newCachedThreadPool(),
         Executors.newCachedThreadPool()
     );
     return new NettyServer(responder, new InetSocketAddress(0),
         channelFactory, new SSLChannelPipelineFactory(),
         null);
   }

   protected static Transceiver initializeTransceiver(int serverPort) throws IOException {
     return  new NettyTransceiver(new InetSocketAddress(serverPort),
         new SSLChannelFactory(),
         CONNECT_TIMEOUT_MILLIS);
   }


   /**
    * Factory of SSL-enabled client channels
    */
   private static class SSLChannelFactory extends NioClientSocketChannelFactory {
     public SSLChannelFactory() {
       super(Executors.newCachedThreadPool(), Executors.newCachedThreadPool());
     }

     @Override
     public SocketChannel newChannel(ChannelPipeline pipeline) {
       try {
         SSLContext sslContext = SSLContext.getInstance("TLS");
         sslContext.init(null, new TrustManager[]{new BogusTrustManager()},
                         null);
         SSLEngine sslEngine = sslContext.createSSLEngine();
         sslEngine.setUseClientMode(true);
         pipeline.addFirst("ssl", new SslHandler(sslEngine));
         return super.newChannel(pipeline);
       } catch (Exception ex) {
         throw new RuntimeException("Cannot create SSL channel", ex);
       }
     }
   }

   /**
    * Bogus trust manager accepting any certificate
    */
   private static class BogusTrustManager implements X509TrustManager {
     @Override
     public void checkClientTrusted(X509Certificate[] certs, String s) {
       // nothing
     }

     @Override
     public void checkServerTrusted(X509Certificate[] certs, String s) {
       // nothing
     }

     @Override
     public X509Certificate[] getAcceptedIssuers() {
       return new X509Certificate[0];
     }
   }

   /**
    * Factory of SSL-enabled server worker channel pipelines
    */
   private static class SSLChannelPipelineFactory
       implements ChannelPipelineFactory {

     private SSLContext createServerSSLContext() {
       try {
         KeyStore ks = KeyStore.getInstance("PKCS12");
         ks.load(
             TestNettyServer.class.getResource(TEST_CERTIFICATE).openStream(),
             TEST_CERTIFICATE_PASSWORD.toCharArray());

         // Set up key manager factory to use our key store
         KeyManagerFactory kmf = KeyManagerFactory.getInstance(getAlgorithm());
         kmf.init(ks, TEST_CERTIFICATE_PASSWORD.toCharArray());

         SSLContext serverContext = SSLContext.getInstance("TLS");
         serverContext.init(kmf.getKeyManagers(), null, null);
         return serverContext;
       } catch (Exception e) {
         throw new Error("Failed to initialize the server-side SSLContext", e);
       }
     }

     private String getAlgorithm() {
       String algorithm = Security.getProperty(
           "ssl.KeyManagerFactory.algorithm");
       if (algorithm == null) {
         algorithm = "SunX509";
       }
       return algorithm;
     }

     @Override
     public ChannelPipeline getPipeline() throws Exception {
       ChannelPipeline pipeline = Channels.pipeline();
       SSLEngine sslEngine = createServerSSLContext().createSSLEngine();
       sslEngine.setUseClientMode(false);
       pipeline.addLast("ssl", new SslHandler(sslEngine));
       return pipeline;
     }
   }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.avro.ipc;

	import java.io.IOException;
	import java.net.InetSocketAddress;
	import java.security.KeyStore;
	import java.security.Security;
	import java.security.cert.X509Certificate;
	import java.util.concurrent.Executors;
	import javax.net.ssl.KeyManagerFactory;
	import javax.net.ssl.SSLContext;
	import javax.net.ssl.SSLEngine;
	import javax.net.ssl.TrustManager;
	import javax.net.ssl.X509TrustManager;

	import org.jboss.netty.channel.ChannelFactory;
	import org.jboss.netty.channel.ChannelPipeline;
	import org.jboss.netty.channel.ChannelPipelineFactory;
	import org.jboss.netty.channel.Channels;
	import org.jboss.netty.channel.socket.SocketChannel;
	import org.jboss.netty.channel.socket.nio.NioClientSocketChannelFactory;
	import org.jboss.netty.channel.socket.nio.NioServerSocketChannelFactory;
	import org.jboss.netty.handler.ssl.SslHandler;

	public class TestNettyServerWithSSL extends TestNettyServer{
	public static final String TEST_CERTIFICATE = "servercert.p12";
	public static final String TEST_CERTIFICATE_PASSWORD = "s3cret";

	protected static Server initializeServer(Responder responder) {
	ChannelFactory channelFactory = new NioServerSocketChannelFactory(
	Executors.newCachedThreadPool(),
	Executors.newCachedThreadPool()
	);
	return new NettyServer(responder, new InetSocketAddress(0),
	channelFactory, new SSLChannelPipelineFactory(),
	null);
	}

	protected static Transceiver initializeTransceiver(int serverPort) throws IOException {
	return new NettyTransceiver(new InetSocketAddress(serverPort),
	new SSLChannelFactory(),
	CONNECT_TIMEOUT_MILLIS);
	}


	/**
	* Factory of SSL-enabled client channels
	*/
	private static class SSLChannelFactory extends NioClientSocketChannelFactory {
	public SSLChannelFactory() {
	super(Executors.newCachedThreadPool(), Executors.newCachedThreadPool());
	}

	@Override
	public SocketChannel newChannel(ChannelPipeline pipeline) {
	try {
	SSLContext sslContext = SSLContext.getInstance("TLS");
	sslContext.init(null, new TrustManager[]{new BogusTrustManager()},
	null);
	SSLEngine sslEngine = sslContext.createSSLEngine();
	sslEngine.setUseClientMode(true);
	pipeline.addFirst("ssl", new SslHandler(sslEngine));
	return super.newChannel(pipeline);
	} catch (Exception ex) {
	throw new RuntimeException("Cannot create SSL channel", ex);
	}
	}
	}

	/**
	* Bogus trust manager accepting any certificate
	*/
	private static class BogusTrustManager implements X509TrustManager {
	@Override
	public void checkClientTrusted(X509Certificate[] certs, String s) {
	// nothing
	}

	@Override
	public void checkServerTrusted(X509Certificate[] certs, String s) {
	// nothing
	}

	@Override
	public X509Certificate[] getAcceptedIssuers() {
	return new X509Certificate[0];
	}
	}

	/**
	* Factory of SSL-enabled server worker channel pipelines
	*/
	private static class SSLChannelPipelineFactory
	implements ChannelPipelineFactory {

	private SSLContext createServerSSLContext() {
	try {
	KeyStore ks = KeyStore.getInstance("PKCS12");
	ks.load(
	TestNettyServer.class.getResource(TEST_CERTIFICATE).openStream(),
	TEST_CERTIFICATE_PASSWORD.toCharArray());

	// Set up key manager factory to use our key store
	KeyManagerFactory kmf = KeyManagerFactory.getInstance(getAlgorithm());
	kmf.init(ks, TEST_CERTIFICATE_PASSWORD.toCharArray());

	SSLContext serverContext = SSLContext.getInstance("TLS");
	serverContext.init(kmf.getKeyManagers(), null, null);
	return serverContext;
	} catch (Exception e) {
	throw new Error("Failed to initialize the server-side SSLContext", e);
	}
	}

	private String getAlgorithm() {
	String algorithm = Security.getProperty(
	"ssl.KeyManagerFactory.algorithm");
	if (algorithm == null) {
	algorithm = "SunX509";
	}
	return algorithm;
	}

	@Override
	public ChannelPipeline getPipeline() throws Exception {
	ChannelPipeline pipeline = Channels.pipeline();
	SSLEngine sslEngine = createServerSSLContext().createSSLEngine();
	sslEngine.setUseClientMode(false);
	pipeline.addLast("ssl", new SslHandler(sslEngine));
	return pipeline;
	}
	}
	}