This use of the Netty is the latest 5.0 ALPHA2 version, is: http://dl.bintray.com/netty/downloads/netty-5.0.0.Alpha2.tar.bz2, release time is March 2015, to now almost a year, I still do not update it? Some strange ...
Make a self-visa book (JKS format)
#keytool-genkey-keysize 2048-validity 365-keyalg rsa-dnam E "cn=gornix.com"-keypass 654321-storepass 123456-keysto Re Gornix.jks
Keytool Build Certificate tool for JDK
- -keysize 2048 key length 2048 bits (this length of the key can currently be considered not to be brute force)
- -validity 365 certificate valid for 365 days
- -KEYALG RSA using RSA Asymmetric encryption algorithm
- -dname "cn=gornix.com" setting common name is gornix.com, this is my domain name
- -keypass 654321 key access password is 654321
- -storepass 123456 keystore access password is 123456 (in fact, these two passwords can also be set, usually set the same, easy to remember)
- -keystore Gornix.jks Specifies that the generated KeyStore file is Gornix.jks
After the end of the Gornix.jks this keystore file, put it in their home directory, such as:/home/guogangj/gornix.jks
Generate Sslcontext when the program is initialized
KeyStore KS = keystore.getinstance ("JKS"new fileinputstream ("/home/guogangj/gornix.jks" "123456"="654321"= sslcontext.getinstance ("TLS"nullnull);
This process needs to be done only once during the entire program cycle, preferably Try-catch, in order to check for exceptions, and then save the sslcontext after that, which is used later.
In the Initchannel of Channelinitializer
@Override protected void Initchannel (socketchannel socketchannel) throws Exception {Sslengine sslengine = Sslcontext.createsslengine (); Sslengine.setuseclientmode ( false ); // server-side mode Sslengine.setneedclientauth (false ); // No need to validate client socketchannel.pipeline (). AddLast ("SSL", new Sslhandler (Sslengine)); // fix // ... }
Sslcontext is the previously generated sslcontext, which can usually be passed in as a parameter to Channelinitializer. Also, remember to put Sslhandler in front of other handler.
Complete
It's done, easy? Visible SSL is no mystery, it is in the ordinary TCP connection based on a layer of processing (but if you want to implement this layer of processing that is quite complex), this layer of processing embodied in the Netty is a sslhandler, Add this sslhandler to the TCP connection's processing pipeline. This article is not a complete tutorial, originally I intend to write it completely, but it takes a long time and space, although Netty greatly simplifies the development of Java Network program, but to be clear from beginning to end, but also quite difficult, learning Netty currently mainly have these two books: the author of the domestic " Netty authoritative guide and written by foreign authors of the "Netty in Action", English is certainly recommended to look at the latter, but the two books are not for the latest Netty 5.0 write, so want to go into the words also have to see Netty source code and official documents (personally feel not too perfect). Later to see if there is time, some words and then write some complete tutorial out.
Netty5 SSL secure connection using self-visa book