private static ApplicationProtocolConfig applicationProtocolConfig(NitmProxyConfig config, boolean http2) { if (http2) { return new ApplicationProtocolConfig( Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1); } else { return new ApplicationProtocolConfig( Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_1_1); } }
private SslContext getNettySslContextInner(String host, boolean useH2) throws Exception { long start = System.currentTimeMillis(); PrivateKeyAndCertChain keyAndCertChain = keyStoreGenerator.generateCertChain(host, Settings.certValidityDays); logger.debug("Create certificate for {}, cost {} ms", host, System.currentTimeMillis() - start); SslContextBuilder builder = SslContextBuilder .forServer(keyAndCertChain.getPrivateKey(), keyAndCertChain.getCertificateChain()); if (useH2) { // .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) builder.applicationProtocolConfig(new ApplicationProtocolConfig( ApplicationProtocolConfig.Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)); } return builder.build(); }
@Override protected void configurePipeline(ChannelHandlerContext ctx, String protocol) throws Exception { if (ApplicationProtocolNames.HTTP_2.equals(protocol)) { ctx.pipeline().addLast(new Http2MultiplexCodec(true, new HelloWorldHttp2Handler())); return; } if (ApplicationProtocolNames.HTTP_1_1.equals(protocol)) { ctx.pipeline().addLast(new HttpServerCodec(), new HttpObjectAggregator(MAX_CONTENT_LENGTH), new HelloWorldHttp1Handler("ALPN Negotiation")); return; } throw new IllegalStateException("unknown protocol: " + protocol); }
/** * Configure the pipeline for TLS NPN negotiation to HTTP/2. */ private void configureSsl(SocketChannel ch) { ChannelPipeline pipeline = ch.pipeline(); pipeline.addLast(sslCtx.newHandler(ch.alloc())); // We must wait for the handshake to finish and the protocol to be negotiated before configuring // the HTTP/2 components of the pipeline. pipeline.addLast(new ApplicationProtocolNegotiationHandler("") { @Override protected void configurePipeline(ChannelHandlerContext ctx, String protocol) { if (ApplicationProtocolNames.HTTP_2.equals(protocol)) { ChannelPipeline p = ctx.pipeline(); p.addLast(connectionHandler); configureEndOfPipeline(p); return; } ctx.close(); throw new IllegalStateException("unknown protocol: " + protocol); } }); }
@Override protected void configurePipeline(ChannelHandlerContext ctx, String protocol) throws Exception { if (ApplicationProtocolNames.HTTP_2.equals(protocol)) { ctx.pipeline().addLast(new HelloWorldHttp2HandlerBuilder().build()); return; } if (ApplicationProtocolNames.HTTP_1_1.equals(protocol)) { ctx.pipeline().addLast(new HttpServerCodec(), new HttpObjectAggregator(MAX_CONTENT_LENGTH), new HelloWorldHttp1Handler("ALPN Negotiation")); return; } throw new IllegalStateException("unknown protocol: " + protocol); }
private SslContext getSslContext() { SslContext sslCtx = null; final SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; try { sslCtx = SslContextBuilder.forClient() .sslProvider(provider) .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig( Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2)) .build(); } catch(SSLException exception) { return null; } return sslCtx; }
/** * This method will provide netty ssl context which supports HTTP2 over TLS using * Application Layer Protocol Negotiation (ALPN) * * @return instance of {@link SslContext} * @throws SSLException if any error occurred during building SSL context. */ public SslContext createHttp2TLSContext() throws SSLException { // If listener configuration does not include cipher suites , default ciphers required by the HTTP/2 // specification will be added. List<String> ciphers = sslConfig.getCipherSuites() != null && sslConfig.getCipherSuites().length > 0 ? Arrays .asList(sslConfig.getCipherSuites()) : Http2SecurityUtil.CIPHERS; SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; return SslContextBuilder.forServer(this.getKeyManagerFactory()) .trustManager(this.getTrustStoreFactory()) .sslProvider(provider) .ciphers(ciphers, SupportedCipherSuiteFilter.INSTANCE) .clientAuth(needClientAuth ? ClientAuth.REQUIRE : ClientAuth.NONE) .applicationProtocolConfig(new ApplicationProtocolConfig( ApplicationProtocolConfig.Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers. ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers. ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)).build(); }
static SslContext build(final Config conf) throws IOException, CertificateException { String tmpdir = conf.getString("application.tmpdir"); boolean http2 = conf.getBoolean("server.http2.enabled"); File keyStoreCert = toFile(conf.getString("ssl.keystore.cert"), tmpdir); File keyStoreKey = toFile(conf.getString("ssl.keystore.key"), tmpdir); String keyStorePass = conf.hasPath("ssl.keystore.password") ? conf.getString("ssl.keystore.password") : null; SslContextBuilder scb = SslContextBuilder.forServer(keyStoreCert, keyStoreKey, keyStorePass); if (conf.hasPath("ssl.trust.cert")) { scb.trustManager(toFile(conf.getString("ssl.trust.cert"), tmpdir)) .clientAuth(ClientAuth.REQUIRE); } if (http2) { SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; return scb.sslProvider(provider) .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig( Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, Arrays.asList(ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1))) .build(); } return scb.build(); }
private Block alpn(final SslProvider provider) { return unit -> { SslContextBuilder scb = unit.get(SslContextBuilder.class); expect(scb.sslProvider(provider)).andReturn(scb); expect(scb.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)) .andReturn(scb); ApplicationProtocolConfig apc = unit.constructor(ApplicationProtocolConfig.class) .args(Protocol.class, SelectorFailureBehavior.class, SelectedListenerFailureBehavior.class, List.class) .build(Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, Arrays.asList(ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)); expect(scb.applicationProtocolConfig(apc)).andReturn(scb); }; }
@Override protected void configurePipeline(ChannelHandlerContext ctx, String protocol) throws Exception { if (ApplicationProtocolNames.HTTP_2.equals(protocol)) { configHttp2(tlsCtx); } else if (ApplicationProtocolNames.HTTP_1_1.equals(protocol)) { configHttp1(tlsCtx); } else { throw new IllegalStateException("unknown protocol: " + protocol); } }
Http2TestServerRunnable(File certFile, File keyFile) throws Exception { ApplicationProtocolConfig applicationProtocolConfig = new ApplicationProtocolConfig( Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2); mSslCtx = new OpenSslServerContext(certFile, keyFile, null, null, Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE, applicationProtocolConfig, 0, 0); }
@Override protected void configurePipeline(ChannelHandlerContext ctx, String protocol) throws Exception { if (ApplicationProtocolNames.HTTP_2.equals(protocol)) { ctx.pipeline().addLast(new Http2TestHandler.Builder().build()); return; } throw new IllegalStateException("unknown protocol: " + protocol); }
@Override public SSLEngine newClientEngine(String cipher, boolean useAlpn) { SSLEngine engine = initEngine(clientContext.createSSLEngine(), cipher, true); if (useAlpn) { Conscrypt.setApplicationProtocols(engine, new String[] {ApplicationProtocolNames.HTTP_2}); } return engine; }
@Override public SSLEngine newServerEngine(String cipher, boolean useAlpn) { SSLEngine engine = initEngine(serverContext.createSSLEngine(), cipher, false); if (useAlpn) { Conscrypt.setApplicationProtocols(engine, new String[] {ApplicationProtocolNames.HTTP_2}); } return engine; }
@Override public SSLEngine newClientEngine(String cipher, boolean useAlpn) { SSLEngine engine = initEngine(clientContext.createSSLEngine(), cipher, true); Conscrypt.setBufferAllocator(engine, NettyBufferAllocator.getInstance()); if (useAlpn) { Conscrypt.setApplicationProtocols(engine, new String[] {ApplicationProtocolNames.HTTP_2}); } return engine; }
@Override public SSLEngine newServerEngine(String cipher, boolean useAlpn) { SSLEngine engine = initEngine(serverContext.createSSLEngine(), cipher, false); Conscrypt.setBufferAllocator(engine, NettyBufferAllocator.getInstance()); if (useAlpn) { Conscrypt.setApplicationProtocols(engine, new String[] {ApplicationProtocolNames.HTTP_2}); } return engine; }
private static SslContext createNettyClientSSlContext() { try { return SslContextBuilder.forClient() .trustManager(InsecureTrustManagerFactory.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig( ApplicationProtocolConfig.Protocol.ALPN, SelectorFailureBehavior.NO_ADVERTISE, SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)) .build(); } catch (SSLException e) { throw new SSLContextException(e); } }
@Override protected void configurePipeline(ChannelHandlerContext ctx, String protocol) throws Exception { if (ApplicationProtocolNames.HTTP_2.equals(protocol)) { configureHttp2(ctx); return; } if (ApplicationProtocolNames.HTTP_1_1.equals(protocol)) { configureHttp1(ctx); return; } throw new IllegalStateException("unknown protocol: " + protocol); }
private static SslContext configureTLS() throws CertificateException, SSLException { SelfSignedCertificate ssc = new SelfSignedCertificate(); ApplicationProtocolConfig apn = new ApplicationProtocolConfig( Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers. SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers. SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1); return SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey(), null) .ciphers(CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(apn).build(); }
public static void main(String[] args) throws Exception { // Configure SSL. SelfSignedCertificate ssc = new SelfSignedCertificate(); SslContext sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .applicationProtocolConfig(new ApplicationProtocolConfig( Protocol.NPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers. SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers. SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.SPDY_3_1, ApplicationProtocolNames.HTTP_1_1)) .build(); // Configure the server. EventLoopGroup bossGroup = new NioEventLoopGroup(1); EventLoopGroup workerGroup = new NioEventLoopGroup(); try { ServerBootstrap b = new ServerBootstrap(); b.option(ChannelOption.SO_BACKLOG, 1024); b.group(bossGroup, workerGroup) .channel(NioServerSocketChannel.class) .handler(new LoggingHandler(LogLevel.INFO)) .childHandler(new SpdyServerInitializer(sslCtx)); Channel ch = b.bind(PORT).sync().channel(); System.err.println("Open your SPDY-enabled web browser and navigate to https://127.0.0.1:" + PORT + '/'); System.err.println("If using Chrome browser, check your SPDY sessions at chrome://net-internals/#spdy"); ch.closeFuture().sync(); } finally { bossGroup.shutdownGracefully(); workerGroup.shutdownGracefully(); } }
@Override protected void configurePipeline(ChannelHandlerContext ctx, String protocol) throws Exception { if (ApplicationProtocolNames.SPDY_3_1.equals(protocol)) { configureSpdy(ctx, SpdyVersion.SPDY_3_1); return; } if (ApplicationProtocolNames.HTTP_1_1.equals(protocol)) { configureHttp1(ctx); return; } throw new IllegalStateException("unknown protocol: " + protocol); }
private static SslContext configureTLS() throws CertificateException, SSLException { SelfSignedCertificate ssc = new SelfSignedCertificate(); ApplicationProtocolConfig apn = new ApplicationProtocolConfig(Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both // OpenSsl and JDK providers. SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl // and JDK providers. SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1); return SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey(), null) .ciphers(CIPHERS, SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(apn).build(); }
@Override protected void configurePipeline(ChannelHandlerContext ctx, String protocol) throws Exception { if (ApplicationProtocolNames.HTTP_2.equals(protocol)) { addHttp2Handlers(ctx); return; } if (ApplicationProtocolNames.HTTP_1_1.equals(protocol)) { addHttpHandlers(ctx); return; } throw new IllegalStateException("unknown protocol: " + protocol); }
public HTTPProtocolNegotiationHandler(ConnectionManager connectionManager, ListenerConfiguration listenerConfiguration) { super(ApplicationProtocolNames.HTTP_1_1); this.listenerConfiguration = listenerConfiguration; this.connectionManager = connectionManager; this.requestSizeValidationConfig = listenerConfiguration.getRequestSizeValidationConfig(); }
@Override /** * Configure pipeline after SSL handshake */ protected void configurePipeline(ChannelHandlerContext ctx, String protocol) throws Exception { ChannelPipeline p = ctx.pipeline(); // handles pipeline for HTTP/2 requests after SSL handshake if (ApplicationProtocolNames.HTTP_2.equals(protocol)) { ctx.pipeline().addLast("http2-handler", new HTTP2SourceHandlerBuilder(connectionManager, listenerConfiguration).build()); return; } // handles pipeline for HTTP/1 requests after SSL handshake if (ApplicationProtocolNames.HTTP_1_1.equals(protocol)) { p.addLast("encoder", new HttpResponseEncoder()); if (requestSizeValidationConfig.isHeaderSizeValidation()) { p.addLast("decoder", new CustomHttpRequestDecoder(requestSizeValidationConfig)); } else { p.addLast("decoder", new HttpRequestDecoder()); } if (requestSizeValidationConfig.isRequestSizeValidation()) { p.addLast("custom-aggregator", new CustomHttpObjectAggregator(requestSizeValidationConfig)); } p.addLast("compressor", new HttpContentCompressor()); p.addLast("chunkWriter", new ChunkedWriteHandler()); try { // TODO: Properly fix this part once we start HTTP2 integration p.addLast("handler", new SourceHandler( new HttpWsServerConnectorFuture(null), null)); } catch (Exception e) { log.error("Cannot Create SourceHandler ", e); } return; } throw new IllegalStateException("unknown protocol: " + protocol); }
@Override protected void configurePipeline(ChannelHandlerContext ctx, String protocol) throws Exception { if (protocol.equals(ApplicationProtocolNames.HTTP_1_1)) { replaceCodec(ctx, new HttpClientCodec()); replaceApplicationCodec(ctx, new Http1ClientCodec()); ctx.fireUserEventTriggered(RequestBuffer.WriteReady.INSTANCE); } else if (protocol.equals(ApplicationProtocolNames.HTTP_2)) { replaceCodec(ctx, http2Handler.get()); replaceApplicationCodec(ctx, new Http2ClientCodec()); } else { throw new RuntimeException("Unknown Application Protocol '" + protocol + "'"); } }
@Override protected void configurePipeline(ChannelHandlerContext ctx, String protocol) throws Exception { if (protocol.equals(ApplicationProtocolNames.HTTP_1_1)) { replaceCodec(ctx, new HttpServerCodec()); replaceApplicationCodec(ctx, new Http1ServerCodec()); } else if (protocol.equals(ApplicationProtocolNames.HTTP_2)) { replaceCodec(ctx, http2Handler.get()); replaceApplicationCodec(ctx, new Http2ServerCodec()); } else { throw new RuntimeException("Unknown Application Protocol '" + protocol + "'"); } }
@Override public void configurePipeline(final ChannelHandlerContext ctx, final String protocol) throws Exception { if (supportH2 && ApplicationProtocolNames.HTTP_2.equals(protocol)) { http2(ctx.pipeline()); } else if (ApplicationProtocolNames.HTTP_1_1.equals(protocol)) { http1(ctx.pipeline()); } else { throw new IllegalStateException("Unknown protocol: " + protocol); } }
protected Http2OrHttpHandler(UrlRouter router, XrpcConnectionContext xctx) { super(ApplicationProtocolNames.HTTP_1_1); this.router = router; this.xctx = xctx; }
private AlpnHandler(ChannelHandlerContext tlsCtx) { super(ApplicationProtocolNames.HTTP_1_1); this.tlsCtx = tlsCtx; }
protected Http2NegotiationHandler() { super(ApplicationProtocolNames.HTTP_1_1); }
protected Http2OrHttpHandler() { super(ApplicationProtocolNames.HTTP_1_1); }
public static void main(String[] args) throws Exception { // Configure SSL. final SslContext sslCtx; if (SSL) { SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; SelfSignedCertificate ssc = new SelfSignedCertificate(); sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()) .sslProvider(provider) /* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification. * Please refer to the HTTP/2 specification for cipher requirements. */ .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig( Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers. SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers. SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)) .build(); } else { sslCtx = null; } // Configure the server. EventLoopGroup group = new NioEventLoopGroup(); try { ServerBootstrap b = new ServerBootstrap(); b.option(ChannelOption.SO_BACKLOG, 1024); b.group(group) .channel(NioServerSocketChannel.class) .handler(new LoggingHandler(LogLevel.INFO)) .childHandler(new Http2ServerInitializer(sslCtx)); Channel ch = b.bind(PORT).sync().channel(); System.err.println("Open your HTTP/2-enabled web browser and navigate to " + (SSL? "https" : "http") + "://127.0.0.1:" + PORT + '/'); ch.closeFuture().sync(); } finally { group.shutdownGracefully(); } }
protected SpdyOrHttpHandler() { super(ApplicationProtocolNames.HTTP_1_1); }
