Skip to content

R
Rocketmq

Apache RocketMQ / Rocketmq
上一次同步 大约 3 年

通知 267
Star 16139
Fork 68
R
Rocketmq
提交 81507467 编写于 作者: Y yukon
浏览文件
操作

Add an interface DecryptionStrategy for SslHelper

上级 67cd5611
显示空白变更内容
内联 并排
Showing with 34 addition and 10 deletion
remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingClient.java
浏览文件 @ 81507467
......@@ -34,6 +34,7 @@ import io.netty.handler.timeout.IdleState;
import io.netty.handler.timeout.IdleStateEvent;
import io.netty.handler.timeout.IdleStateHandler;
import io.netty.util.concurrent.DefaultEventExecutorGroup;
import java.io.IOException;
import java.net.SocketAddress;
import java.security.cert.CertificateException;
import java.util.Collections;
......@@ -52,7 +53,6 @@ import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.net.ssl.SSLException;
import org.apache.rocketmq.remoting.ChannelEventListener;
import org.apache.rocketmq.remoting.InvokeCallback;
import org.apache.rocketmq.remoting.RPCHook;
......@@ -133,7 +133,7 @@ public class NettyRemotingClient extends NettyRemotingAbstract implements Remoti
try {
sslContext = SslHelper.buildSslContext(true);
log.info("SSL enabled for client");
} catch (SSLException e) {
} catch (IOException e) {
log.error("Failed to create SSLContext", e);
} catch (CertificateException e) {
log.error("Failed to create SSLContext", e);
......
remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java
浏览文件 @ 81507467
......@@ -37,6 +37,7 @@ import io.netty.handler.timeout.IdleState;
import io.netty.handler.timeout.IdleStateEvent;
import io.netty.handler.timeout.IdleStateHandler;
import io.netty.util.concurrent.DefaultEventExecutorGroup;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.cert.CertificateException;
import java.util.NoSuchElementException;
......@@ -46,7 +47,6 @@ import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.SSLException;
import org.apache.rocketmq.remoting.ChannelEventListener;
import org.apache.rocketmq.remoting.InvokeCallback;
import org.apache.rocketmq.remoting.RPCHook;
......@@ -148,7 +148,7 @@ public class NettyRemotingServer extends NettyRemotingAbstract implements Remoti
log.info("SSLContext created for server");
} catch (CertificateException e) {
log.error("Failed to create SSLContext for server", e);
} catch (SSLException e) {
} catch (IOException e) {
log.error("Failed to create SSLContext for server", e);
}
}
......
remoting/src/main/java/org/apache/rocketmq/remoting/netty/SslHelper.java
浏览文件 @ 81507467
......@@ -31,16 +31,40 @@ import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateException;
import java.util.Properties;
import javax.net.ssl.SSLException;
import org.apache.rocketmq.remoting.common.RemotingHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class SslHelper {
public interface DecryptionStrategy {
/**
* Decrypt the target encrpted private key file.
*
* @param privateKeyEncryptPath A pathname string
* @param forClient tells whether it's a client-side key file
* @return An input stream for a decrypted key file
* @throws IOException if an I/O error has occurred
*/
InputStream decryptPrivateKey(String privateKeyEncryptPath, boolean forClient) throws IOException;
}
private static final Logger LOGGER = LoggerFactory.getLogger(RemotingHelper.ROCKETMQ_REMOTING);
public static SslContext buildSslContext(boolean forClient) throws SSLException, CertificateException {
private static DecryptionStrategy decryptionStrategy = new DecryptionStrategy() {
@Override
public InputStream decryptPrivateKey(final String privateKeyEncryptPath,
final boolean forClient) throws IOException {
return new FileInputStream(privateKeyEncryptPath);
}
};
public static void registerDecryptionStrategy(final DecryptionStrategy decryptionStrategy) {
SslHelper.decryptionStrategy = decryptionStrategy;
}
public static SslContext buildSslContext(boolean forClient) throws IOException, CertificateException {
File configFile = new File(NettySystemConfig.sslConfigFile);
boolean testMode = !(configFile.exists() && configFile.isFile() && configFile.canRead());
......@@ -92,8 +116,8 @@ public class SslHelper {
}
return sslContextBuilder.keyManager(
properties.containsKey("client.keyCertChainFile") ? new File(properties.getProperty("client.keyCertChainFile")) : null,
properties.containsKey("client.keyFile") ? new File(properties.getProperty("client.keyFile")) : null,
properties.containsKey("client.keyCertChainFile") ? new FileInputStream(properties.getProperty("client.keyCertChainFile")) : null,
properties.containsKey("client.keyFile") ? decryptionStrategy.decryptPrivateKey(properties.getProperty("client.keyFile"), true) : null,
properties.containsKey("client.password") ? properties.getProperty("client.password") : null)
.build();
}
......@@ -108,8 +132,8 @@ public class SslHelper {
.build();
} else {
return SslContextBuilder.forServer(
properties.containsKey("server.keyCertChainFile") ? new File(properties.getProperty("server.keyCertChainFile")) : null,
properties.containsKey("server.keyFile") ? new File(properties.getProperty("server.keyFile")) : null,
properties.containsKey("server.keyCertChainFile") ? new FileInputStream(properties.getProperty("server.keyCertChainFile")) : null,
properties.containsKey("server.keyFile") ? decryptionStrategy.decryptPrivateKey(properties.getProperty("server.keyFile"), false) : null,
properties.containsKey("server.password") ? properties.getProperty("server.password") : null)
.sslProvider(provider)
.trustManager(new File(properties.getProperty("server.trustManager")))
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册