Netty5 SSL secure connection using self-visa book

Source: Internet
Author: User
Tags asymmetric encryption

This use of the Netty is the latest 5.0 ALPHA2 version, is: http://dl.bintray.com/netty/downloads/netty-5.0.0.Alpha2.tar.bz2, release time is March 2015, to now almost a year, I still do not update it? Some strange ...

Make a self-visa book (JKS format)
#keytool-genkey-keysize 2048-validity 365-keyalg rsa-dnam E "cn=gornix.com"-keypass 654321-storepass 123456-keysto Re Gornix.jks

Keytool Build Certificate tool for JDK

    • -keysize 2048 key length 2048 bits (this length of the key can currently be considered not to be brute force)
    • -validity 365 certificate valid for 365 days
    • -KEYALG RSA using RSA Asymmetric encryption algorithm
    • -dname "cn=gornix.com" setting common name is gornix.com, this is my domain name
    • -keypass 654321 key access password is 654321
    • -storepass 123456 keystore access password is 123456 (in fact, these two passwords can also be set, usually set the same, easy to remember)
    • -keystore Gornix.jks Specifies that the generated KeyStore file is Gornix.jks

After the end of the Gornix.jks this keystore file, put it in their home directory, such as:/home/guogangj/gornix.jks

Generate Sslcontext when the program is initialized
KeyStore KS = keystore.getinstance ("JKS"new fileinputstream ("/home/guogangj/gornix.jks"  "123456"="654321"= sslcontext.getinstance ("TLS"nullnull);

This process needs to be done only once during the entire program cycle, preferably Try-catch, in order to check for exceptions, and then save the sslcontext after that, which is used later.

In the Initchannel of Channelinitializer
  @Override  protected  void  Initchannel (socketchannel socketchannel) throws   Exception {Sslengine sslengine  = Sslcontext.createsslengine (); Sslengine.setuseclientmode ( false ); //  server-side mode  Sslengine.setneedclientauth (false ); //  No need to validate client  socketchannel.pipeline (). AddLast ("SSL", new  Sslhandler (Sslengine)); //  fix  //  ... } 

Sslcontext is the previously generated sslcontext, which can usually be passed in as a parameter to Channelinitializer. Also, remember to put Sslhandler in front of other handler.

Complete

It's done, easy? Visible SSL is no mystery, it is in the ordinary TCP connection based on a layer of processing (but if you want to implement this layer of processing that is quite complex), this layer of processing embodied in the Netty is a sslhandler, Add this sslhandler to the TCP connection's processing pipeline. This article is not a complete tutorial, originally I intend to write it completely, but it takes a long time and space, although Netty greatly simplifies the development of Java Network program, but to be clear from beginning to end, but also quite difficult, learning Netty currently mainly have these two books: the author of the domestic " Netty authoritative guide and written by foreign authors of the "Netty in Action", English is certainly recommended to look at the latter, but the two books are not for the latest Netty 5.0 write, so want to go into the words also have to see Netty source code and official documents (personally feel not too perfect). Later to see if there is time, some words and then write some complete tutorial out.

Netty5 SSL secure connection using self-visa book

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.