/** * Only allow the connection to stay open if certificate passes auth */ public void operationComplete(ChannelFuture future) throws SSLPeerUnverifiedException { if (future.isSuccess()) { LOG.debug("Successful handshake with session 0x{}", Long.toHexString(cnxn.sessionId)); SSLEngine eng = sslHandler.getEngine(); SSLSession session = eng.getSession(); cnxn.setClientCertificateChain(session.getPeerCertificates()); String authProviderProp = System.getProperty(ZKConfig.SSL_AUTHPROVIDER, "x509"); X509AuthenticationProvider authProvider = (X509AuthenticationProvider) ProviderRegistry.getProvider(authProviderProp); if (authProvider == null) { LOG.error("Auth provider not found: {}", authProviderProp); cnxn.close(); return; } if (KeeperException.Code.OK != authProvider.handleAuthentication(cnxn, null)) { LOG.error("Authentication failed for session 0x{}", Long.toHexString(cnxn.sessionId)); cnxn.close(); return; } allChannels.add(future.getChannel()); addCnxn(cnxn); } else { LOG.error("Unsuccessful handshake with session 0x{}", Long.toHexString(cnxn.sessionId)); cnxn.close(); } }
private synchronized void initSSL(ChannelPipeline p) throws X509Exception, KeyManagementException, NoSuchAlgorithmException { String authProviderProp = System.getProperty(ZKConfig.SSL_AUTHPROVIDER); SSLContext sslContext; if (authProviderProp == null) { sslContext = X509Util.createSSLContext(); } else { sslContext = SSLContext.getInstance("TLSv1"); X509AuthenticationProvider authProvider = (X509AuthenticationProvider)ProviderRegistry.getProvider( System.getProperty(ZKConfig.SSL_AUTHPROVIDER, "x509")); if (authProvider == null) { LOG.error("Auth provider not found: {}", authProviderProp); throw new SSLContextException( "Could not create SSLContext with specified auth provider: " + authProviderProp); } sslContext.init(new X509KeyManager[] { authProvider.getKeyManager() }, new X509TrustManager[] { authProvider.getTrustManager() }, null); } SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(false); sslEngine.setNeedClientAuth(true); p.addLast("ssl", new SslHandler(sslEngine)); LOG.info("SSL handler added for channel: {}", p.getChannel()); }
private synchronized void initSSL(ChannelPipeline p) throws X509Exception, KeyManagementException, NoSuchAlgorithmException { String authProviderProp = System.getProperty(X509Util.SSL_AUTHPROVIDER); SSLContext sslContext; if (authProviderProp == null) { sslContext = X509Util.createSSLContext(); } else { sslContext = SSLContext.getInstance("TLSv1"); X509AuthenticationProvider authProvider = (X509AuthenticationProvider)ProviderRegistry.getProvider( System.getProperty(X509Util.SSL_AUTHPROVIDER, "x509")); if (authProvider == null) { LOG.error("Auth provider not found: {}", authProviderProp); throw new SSLContextException( "Could not create SSLContext with specified auth provider: " + authProviderProp); } sslContext.init(new X509KeyManager[] { authProvider.getKeyManager() }, new X509TrustManager[] { authProvider.getTrustManager() }, null); } SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(false); sslEngine.setNeedClientAuth(true); p.addLast("ssl", new SslHandler(sslEngine)); LOG.info("SSL handler added for channel: {}", p.getChannel()); }
/** * Only allow the connection to stay open if certificate passes auth */ public void operationComplete(ChannelFuture future) throws SSLPeerUnverifiedException { if (future.isSuccess()) { LOG.debug("Successful handshake with session 0x{}", Long.toHexString(cnxn.sessionId)); SSLEngine eng = sslHandler.getEngine(); SSLSession session = eng.getSession(); LOG.debug("ciphersuite: " + session.getCipherSuite()); LOG.debug("protocol: " + session.getProtocol()); cnxn.setClientCertificateChain(session.getPeerCertificates()); String authProviderProp = System.getProperty(X509Util.SSL_AUTHPROVIDER, "x509"); X509AuthenticationProvider authProvider = (X509AuthenticationProvider) ProviderRegistry.getProvider(authProviderProp); if (authProvider == null) { LOG.error("Auth provider not found: {}", authProviderProp); cnxn.close(); return; } if (KeeperException.Code.OK != authProvider.handleAuthentication(cnxn, null)) { LOG.error("Authentication failed for session 0x{}", Long.toHexString(cnxn.sessionId)); cnxn.close(); return; } allChannels.add(future.getChannel()); addCnxn(cnxn); } else { LOG.error("Unsuccessful handshake with session 0x{}", Long.toHexString(cnxn.sessionId)); cnxn.close(); } }
