Netty client and services demo over TLS

TLS

因为TCP作为传输层的很多协议的基础,大家用的都很嗨,得搞一手这个

netty支持

netty 提供了 SslHandler,只要在初始化channel 添加一下就行了
channel.addLast(“ssl”,new SslHandler(sslEngine))

import io.netty.bootstrap.Bootstrap;
import io.netty.channel.*;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.nio.NioSocketChannel;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.timeout.IdleStateHandler;

import javax.net.ssl.*;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;

public class ClientMain {
    public static SslHandler getsslHande(boolean isNeedClientAuth) {
        try {
            SSLContext sslContext = SSLContext.getInstance("TLS");


            KeyStore keyStore = KeyStore.getInstance("JKS");

            InputStream inputStream = null;
            String jksFilePath = "";
            inputStream = new FileInputStream(ClientMain.class.getClassLoader().getResource(jksFilePath).getFile());

            keyStore.load(inputStream, "123456".toCharArray());

            KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

            kmf.init(keyStore, "123456".toCharArray());

            TrustManager[] trustManagers = new TrustManager[]{
                    new X509TrustManager() {
                        @Override
                        public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {

                        }

                        @Override
                        public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {

                        }

                        @Override
                        public X509Certificate[] getAcceptedIssuers() {
                            return new X509Certificate[0];
                        }
                    }
            };

            sslContext.init(kmf.getKeyManagers(), trustManagers, new SecureRandom());
            SSLEngine sslEngine = sslContext.createSSLEngine();
            sslEngine.setUseClientMode(true);
            sslEngine.setNeedClientAuth(isNeedClientAuth);

            return new SslHandler(sslEngine);

        } catch (Exception e) {
            e.printStackTrace();
        }

        return null;
    }

    public static void main(String[] args) {

        EventLoopGroup boosGroup = new NioEventLoopGroup();

        Channel channel = new NioSocketChannel();

        Bootstrap bootstrap = new Bootstrap();

        bootstrap.group(boosGroup);

        ChannelInitializer channelInitializer = new ChannelInitializer() {
            @Override
            protected void initChannel(Channel channel) throws Exception {
                ChannelPipeline channelPipeline = channel.pipeline();
                channelPipeline.addFirst("idle", new IdleStateHandler(0, 10, 0, TimeUnit.SECONDS));
                channelPipeline.addFirst("ssl", getsslHande(false));


            }
        };
        bootstrap.handler(channelInitializer).channel(channel.getClass());

        Future feture = bootstrap.connect();


    }
}

评论

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注