private static ApplicationProtocolConfig applicationProtocolConfig(NitmProxyConfig config, boolean http2) { if (http2) { return new ApplicationProtocolConfig( Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1); } else { return new ApplicationProtocolConfig( Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_1_1); } }
private SslContext getNettySslContextInner(String host, boolean useH2) throws Exception { long start = System.currentTimeMillis(); PrivateKeyAndCertChain keyAndCertChain = keyStoreGenerator.generateCertChain(host, Settings.certValidityDays); logger.debug("Create certificate for {}, cost {} ms", host, System.currentTimeMillis() - start); SslContextBuilder builder = SslContextBuilder .forServer(keyAndCertChain.getPrivateKey(), keyAndCertChain.getCertificateChain()); if (useH2) { // .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) builder.applicationProtocolConfig(new ApplicationProtocolConfig( ApplicationProtocolConfig.Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)); } return builder.build(); }
public static void main(String[] args) throws Exception { String ip = "127.0.0.1"; int port = 8080; // Configure SSL. SelfSignedCertificate ssc = new SelfSignedCertificate(); final SslContext sslCtx = SslContext.newServerContext( ssc.certificate(), ssc.privateKey(), null, null, IdentityCipherSuiteFilter.INSTANCE, new ApplicationProtocolConfig(Protocol.ALPN, SelectorFailureBehavior.FATAL_ALERT, SelectedListenerFailureBehavior.FATAL_ALERT, SelectedProtocol.SPDY_3_1.protocolName(), SelectedProtocol.HTTP_1_1.protocolName()), 0, 0); ChannelInitializer<SocketChannel> channelInit = new ChannelInitializer<SocketChannel>() { @Override protected void initChannel(SocketChannel ch) throws Exception { ChannelPipeline p = ch.pipeline(); p.addLast(sslCtx.newHandler(ch.alloc())); p.addLast(new SpdyOrHttpHandler()); } }; NettyServerUtil.newHttpServerBootstrap(ip, port, channelInit); }
private SslContext getSslContext() { SslContext sslCtx = null; final SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; try { sslCtx = SslContextBuilder.forClient() .sslProvider(provider) .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig( Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2)) .build(); } catch(SSLException exception) { return null; } return sslCtx; }
private SslContext buildSSLServerContext(final PrivateKey _key, final X509Certificate[] _cert, final X509Certificate[] _trustedCerts, final Iterable<String> ciphers, final SslProvider sslProvider, final ClientAuth authMode) throws SSLException { final SslContextBuilder _sslContextBuilder = SslContextBuilder .forServer(_key, _cert) .ciphers(ciphers) .applicationProtocolConfig(ApplicationProtocolConfig.DISABLED) .clientAuth(Objects.requireNonNull(authMode)) // https://github.com/netty/netty/issues/4722 .sessionCacheSize(0) .sessionTimeout(0) .sslProvider(sslProvider); if(_trustedCerts != null && _trustedCerts.length > 0) { _sslContextBuilder.trustManager(_trustedCerts); } return buildSSLContext0(_sslContextBuilder); }
private SslContext buildSSLServerContext(final File _key, final File _cert, final File _trustedCerts, final String pwd, final Iterable<String> ciphers, final SslProvider sslProvider, final ClientAuth authMode) throws SSLException { final SslContextBuilder _sslContextBuilder = SslContextBuilder .forServer(_cert, _key, pwd) .ciphers(ciphers) .applicationProtocolConfig(ApplicationProtocolConfig.DISABLED) .clientAuth(Objects.requireNonNull(authMode)) // https://github.com/netty/netty/issues/4722 .sessionCacheSize(0) .sessionTimeout(0) .sslProvider(sslProvider); if(_trustedCerts != null) { _sslContextBuilder.trustManager(_trustedCerts); } return buildSSLContext0(_sslContextBuilder); }
private SslContext buildSSLClientContext(final PrivateKey _key, final X509Certificate[] _cert, final X509Certificate[] _trustedCerts, final Iterable<String> ciphers, final SslProvider sslProvider) throws SSLException { final SslContextBuilder _sslClientContextBuilder = SslContextBuilder .forClient() .ciphers(ciphers) .applicationProtocolConfig(ApplicationProtocolConfig.DISABLED) .sessionCacheSize(0) .sessionTimeout(0) .sslProvider(sslProvider) .trustManager(_trustedCerts) .keyManager(_key, _cert); return buildSSLContext0(_sslClientContextBuilder); }
private SslContext buildSSLClientContext(final File _key, final File _cert, final File _trustedCerts, final String pwd, final Iterable<String> ciphers, final SslProvider sslProvider) throws SSLException { final SslContextBuilder _sslClientContextBuilder = SslContextBuilder .forClient() .ciphers(ciphers) .applicationProtocolConfig(ApplicationProtocolConfig.DISABLED) .sessionCacheSize(0) .sessionTimeout(0) .sslProvider(sslProvider) .trustManager(_trustedCerts) .keyManager(_cert, _key, pwd); return buildSSLContext0(_sslClientContextBuilder); }
/** * This method will provide netty ssl context which supports HTTP2 over TLS using * Application Layer Protocol Negotiation (ALPN) * * @return instance of {@link SslContext} * @throws SSLException if any error occurred during building SSL context. */ public SslContext createHttp2TLSContext() throws SSLException { // If listener configuration does not include cipher suites , default ciphers required by the HTTP/2 // specification will be added. List<String> ciphers = sslConfig.getCipherSuites() != null && sslConfig.getCipherSuites().length > 0 ? Arrays .asList(sslConfig.getCipherSuites()) : Http2SecurityUtil.CIPHERS; SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; return SslContextBuilder.forServer(this.getKeyManagerFactory()) .trustManager(this.getTrustStoreFactory()) .sslProvider(provider) .ciphers(ciphers, SupportedCipherSuiteFilter.INSTANCE) .clientAuth(needClientAuth ? ClientAuth.REQUIRE : ClientAuth.NONE) .applicationProtocolConfig(new ApplicationProtocolConfig( ApplicationProtocolConfig.Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers. ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers. ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)).build(); }
static SslContext build(final Config conf) throws IOException, CertificateException { String tmpdir = conf.getString("application.tmpdir"); boolean http2 = conf.getBoolean("server.http2.enabled"); File keyStoreCert = toFile(conf.getString("ssl.keystore.cert"), tmpdir); File keyStoreKey = toFile(conf.getString("ssl.keystore.key"), tmpdir); String keyStorePass = conf.hasPath("ssl.keystore.password") ? conf.getString("ssl.keystore.password") : null; SslContextBuilder scb = SslContextBuilder.forServer(keyStoreCert, keyStoreKey, keyStorePass); if (conf.hasPath("ssl.trust.cert")) { scb.trustManager(toFile(conf.getString("ssl.trust.cert"), tmpdir)) .clientAuth(ClientAuth.REQUIRE); } if (http2) { SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; return scb.sslProvider(provider) .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig( Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, Arrays.asList(ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1))) .build(); } return scb.build(); }
private Block alpn(final SslProvider provider) { return unit -> { SslContextBuilder scb = unit.get(SslContextBuilder.class); expect(scb.sslProvider(provider)).andReturn(scb); expect(scb.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)) .andReturn(scb); ApplicationProtocolConfig apc = unit.constructor(ApplicationProtocolConfig.class) .args(Protocol.class, SelectorFailureBehavior.class, SelectedListenerFailureBehavior.class, List.class) .build(Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, Arrays.asList(ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)); expect(scb.applicationProtocolConfig(apc)).andReturn(scb); }; }
Http2TestServerRunnable(File certFile, File keyFile) throws Exception { ApplicationProtocolConfig applicationProtocolConfig = new ApplicationProtocolConfig( Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2); mSslCtx = new OpenSslServerContext(certFile, keyFile, null, null, Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE, applicationProtocolConfig, 0, 0); }
protected SSLSocketFactory getSSLSocketFactory() throws Exception { SslContextBuilder builder = SslContextBuilder.forClient(); builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED); // Use server cert / key on client side builder.keyManager(serverCert.key(), (String) null, serverCert.cert()); builder.sslProvider(SslProvider.JDK); builder.trustManager(clientTrustStoreFile); // Trust the server cert SslContext ctx = builder.build(); Assert.assertEquals(JdkSslClientContext.class, ctx.getClass()); JdkSslContext jdk = (JdkSslContext) ctx; SSLContext jdkSslContext = jdk.context(); return jdkSslContext.getSocketFactory(); }
protected SSLSocketFactory getSSLSocketFactory() throws Exception { SslContextBuilder builder = SslContextBuilder.forClient(); builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED); // Use server cert / key on client side. builder.keyManager(serverCert.key(), (String) null, serverCert.cert()); builder.sslProvider(SslProvider.JDK); builder.trustManager(clientTrustStoreFile); // Trust the server cert SslContext ctx = builder.build(); Assert.assertEquals(JdkSslClientContext.class, ctx.getClass()); JdkSslContext jdk = (JdkSslContext) ctx; SSLContext jdkSslContext = jdk.context(); return jdkSslContext.getSocketFactory(); }
private void setupSslCtx() throws Exception { Assert.assertNotNull(clientTrustStoreFile); SslContextBuilder builder = SslContextBuilder.forClient(); builder.applicationProtocolConfig(ApplicationProtocolConfig.DISABLED); builder.sslProvider(SslProvider.JDK); builder.trustManager(clientTrustStoreFile); // Trust the server cert SslContext ctx = builder.build(); Assert.assertEquals(JdkSslClientContext.class, ctx.getClass()); JdkSslContext jdk = (JdkSslContext) ctx; sslCtx = jdk.context(); }
private static SslContext createNettyClientSSlContext() { try { return SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig( ApplicationProtocolConfig.Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)) .build(); } catch (SSLException e) { throw new SSLContextException(e); } }
private static SslContext configureTLS() throws CertificateException, SSLException { SelfSignedCertificate ssc = new SelfSignedCertificate(); ApplicationProtocolConfig apn = new ApplicationProtocolConfig( Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers. SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers. SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1); return SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey(), null) .ciphers(CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(apn).build(); }
public static void main(String[] args) throws Exception { // Configure SSL. SelfSignedCertificate ssc = new SelfSignedCertificate(); SslContext sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .applicationProtocolConfig(new ApplicationProtocolConfig( Protocol.NPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers. SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers. SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.SPDY_3_1, ApplicationProtocolNames.HTTP_1_1)) .build(); // Configure the server. EventLoopGroup bossGroup = new NioEventLoopGroup(1); EventLoopGroup workerGroup = new NioEventLoopGroup(); try { ServerBootstrap b = new ServerBootstrap(); b.option(ChannelOption.SO_BACKLOG, 1024); b.group(bossGroup, workerGroup) .channel(NioServerSocketChannel.class) .handler(new LoggingHandler(LogLevel.INFO)) .childHandler(new SpdyServerInitializer(sslCtx)); Channel ch = b.bind(PORT).sync().channel(); System.err.println("Open your SPDY-enabled web browser and navigate to https://127.0.0.1:" + PORT + '/'); System.err.println("If using Chrome browser, check your SPDY sessions at chrome://net-internals/#spdy"); ch.closeFuture().sync(); } finally { bossGroup.shutdownGracefully(); workerGroup.shutdownGracefully(); } }
private static SslContext configureTLS() throws CertificateException, SSLException { SelfSignedCertificate ssc = new SelfSignedCertificate(); ApplicationProtocolConfig apn = new ApplicationProtocolConfig(Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both // OpenSsl and JDK providers. SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl // and JDK providers. SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1); return SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey(), null) .ciphers(CIPHERS, SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(apn).build(); }
public static void main(String[] args) throws Exception { // Configure SSL. SelfSignedCertificate ssc = new SelfSignedCertificate(); SslContext sslCtx = SslContext.newServerContext( ssc.certificate(), ssc.privateKey(), null, null, IdentityCipherSuiteFilter.INSTANCE, new ApplicationProtocolConfig( Protocol.NPN, SelectorFailureBehavior.FATAL_ALERT, SelectedListenerFailureBehavior.FATAL_ALERT, SelectedProtocol.SPDY_3_1.protocolName(), SelectedProtocol.HTTP_1_1.protocolName()), 0, 0); // Configure the server. EventLoopGroup bossGroup = new NioEventLoopGroup(1); EventLoopGroup workerGroup = new NioEventLoopGroup(); try { ServerBootstrap b = new ServerBootstrap(); b.option(ChannelOption.SO_BACKLOG, 1024); b.group(bossGroup, workerGroup) .channel(NioServerSocketChannel.class) .handler(new LoggingHandler(LogLevel.INFO)) .childHandler(new SpdyServerInitializer(sslCtx)); Channel ch = b.bind(PORT).sync().channel(); System.err.println("Open your SPDY-enabled web browser and navigate to https://127.0.0.1:" + PORT + '/'); System.err.println("If using Chrome browser, check your SPDY sessions at chrome://net-internals/#spdy"); ch.closeFuture().sync(); } finally { bossGroup.shutdownGracefully(); workerGroup.shutdownGracefully(); } }
private static ApplicationProtocolConfig buildAlpnConfig(Config config) { ApplicationProtocolConfig.Protocol protocol = config.getEnum(ApplicationProtocolConfig.Protocol.class, "protocol"); ApplicationProtocolConfig.SelectorFailureBehavior selectorBehavior = config.getEnum(ApplicationProtocolConfig.SelectorFailureBehavior.class, "selectorBehavior"); ApplicationProtocolConfig.SelectedListenerFailureBehavior selectedBehavior = config.getEnum( ApplicationProtocolConfig.SelectedListenerFailureBehavior.class, "selectedBehavior"); List<String> supportedProtocols = config.getStringList("supportedProtocols"); return new ApplicationProtocolConfig( protocol, selectorBehavior, selectedBehavior, supportedProtocols); }
/** * Attempts to select the best {@link ApplicationProtocolConfig} for the given * {@link SslProvider}. */ private static ApplicationProtocolConfig selectApplicationProtocolConfig(SslProvider provider) { switch (provider) { case JDK: { if (JettyTlsUtil.isJettyAlpnConfigured()) { return ALPN; } if (JettyTlsUtil.isJettyNpnConfigured()) { return NPN; } if (JettyTlsUtil.isJava9AlpnAvailable()) { return ALPN; } // Use the ALPN cause since it is prefered. throw new IllegalArgumentException( "ALPN is not configured properly. See https://github.com/grpc/grpc-java/blob/master/SECURITY.md#troubleshooting" + " for more information.", JettyTlsUtil.getJettyAlpnUnavailabilityCause()); } case OPENSSL: { if (!OpenSsl.isAvailable()) { throw new IllegalArgumentException( "OpenSSL is not installed on the system.", OpenSsl.unavailabilityCause()); } return OpenSsl.isAlpnSupported() ? NPN_AND_ALPN : NPN; } default: throw new IllegalArgumentException("Unsupported provider: " + provider); } }
public static void main(String[] args) throws Exception { // Configure SSL. final SslContext sslCtx; if (SSL) { SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; SelfSignedCertificate ssc = new SelfSignedCertificate(); sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(provider) /* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification. * Please refer to the HTTP/2 specification for cipher requirements. */ .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig( Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers. SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers. SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)) .build(); } else { sslCtx = null; } // Configure the server. EventLoopGroup group = new NioEventLoopGroup(); try { ServerBootstrap b = new ServerBootstrap(); b.option(ChannelOption.SO_BACKLOG, 1024); b.group(group) .channel(NioServerSocketChannel.class) .handler(new LoggingHandler(LogLevel.INFO)) .childHandler(new Http2ServerInitializer(sslCtx)); Channel ch = b.bind(PORT).sync().channel(); System.err.println("Open your HTTP/2-enabled web browser and navigate to " + (SSL? "https" : "http") + "://127.0.0.1:" + PORT + '/'); ch.closeFuture().sync(); } finally { group.shutdownGracefully(); } }
THttp2Client(String uriStr, HttpHeaders defaultHeaders) throws TTransportException { uri = URI.create(uriStr); this.defaultHeaders = defaultHeaders; int port; switch (uri.getScheme()) { case "http": port = uri.getPort(); if (port < 0) { port = 80; } sslCtx = null; break; case "https": port = uri.getPort(); if (port < 0) { port = 443; } try { sslCtx = SslContextBuilder.forClient() .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig( Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and // JDK providers. SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and // JDK providers. SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2)) .build(); } catch (SSLException e) { throw new TTransportException(TTransportException.UNKNOWN, e); } break; default: throw new IllegalArgumentException("unknown scheme: " + uri.getScheme()); } String host = uri.getHost(); if (host == null) { throw new IllegalArgumentException("host not specified: " + uriStr); } String path = uri.getPath(); if (path == null) { throw new IllegalArgumentException("path not specified: " + uriStr); } this.host = host; this.port = port; this.path = path; }
HttpClientPipelineConfigurator(HttpClientFactory clientFactory, SessionProtocol sessionProtocol) { this.clientFactory = clientFactory; if (sessionProtocol == HTTP || sessionProtocol == HTTPS) { httpPreference = HttpPreference.HTTP2_PREFERRED; } else if (sessionProtocol == H1 || sessionProtocol == H1C) { httpPreference = HttpPreference.HTTP1_REQUIRED; } else if (sessionProtocol == H2 || sessionProtocol == H2C) { httpPreference = HttpPreference.HTTP2_REQUIRED; } else { // Should never reach here. throw new Error(); } if (sessionProtocol.isTls()) { try { final SslContextBuilder builder = SslContextBuilder.forClient(); builder.sslProvider( Flags.useOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK); clientFactory.sslContextCustomizer().accept(builder); if (httpPreference == HttpPreference.HTTP2_REQUIRED || httpPreference == HttpPreference.HTTP2_PREFERRED) { builder.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig( ApplicationProtocolConfig.Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and // JDK providers. ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK // providers. ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2)); } sslCtx = builder.build(); } catch (SSLException e) { throw new IllegalStateException("failed to create an SslContext", e); } } else { sslCtx = null; } }
public HTTP2Client(boolean ssl, String host, int port) throws Exception { try { final SslContext sslCtx; if (ssl) { SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; sslCtx = SslContextBuilder.forClient() .sslProvider(provider) .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig( Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers. SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers. SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)) .build(); } else { sslCtx = null; } workerGroup = new NioEventLoopGroup(); HTTP2ClientInitializer initializer = new HTTP2ClientInitializer(sslCtx, Integer.MAX_VALUE); // Configure the client. Bootstrap b = new Bootstrap(); b.group(workerGroup); b.channel(NioSocketChannel.class); b.option(ChannelOption.SO_KEEPALIVE, true); b.remoteAddress(host, port); b.handler(initializer); // Start the client. channel = b.connect().syncUninterruptibly().channel(); log.info("Connected to [" + host + ':' + port + ']'); // Wait for the HTTP/2 upgrade to occur. HTTP2SettingsHandler http2SettingsHandler = initializer.settingsHandler(); http2SettingsHandler.awaitSettings(TestUtil.HTTP2_RESPONSE_TIME_OUT, TestUtil.HTTP2_RESPONSE_TIME_UNIT); responseHandler = initializer.responseHandler(); scheme = ssl ? HttpScheme.HTTPS : HttpScheme.HTTP; hostName = new AsciiString(host + ':' + port); } catch (Exception ex) { log.error("Error while initializing http2 client " + ex); this.close(); } }
