Netty ClientBootstrap SSL握手终止 - Channel / ClientBootstrap关闭?

时间:2012-03-26 16:18:35

标签: ssl client netty client-certificates sslengine

我与测试应用程序的连接始终在同一个地方终止,没有任何错误。

我想也许某事正在触发关闭频道/连接,但我不知道它可能是什么。如果我在代码中更改打印输出,它关闭的确切位置会稍微改变,因此时间似乎在不同的线程上。

我已经为此工作了四天,并将自己列为官方卡住。

这是我的连接代码:

   final HttpQueryRequestImpl realRequest = (HttpQueryRequestImpl) getPredecessorQueryResolver().resolvePredecessorResults(getPredecessorResults(), getQueryRequest(), getId());


    // Configure the client.
    // TODO determine if this ClientBootstrap object can be reused.  Indications in the doucmentation
    // seem to say yes, with caveats.  Reusing the pool would improve performance.  Caveats must be investigated. 
    final ClientBootstrap bootstrap = new ClientBootstrap(
            new NioClientSocketChannelFactory(
            Executors.newCachedThreadPool(),
            Executors.newCachedThreadPool()));

    // Set up the event pipeline factory.
    bootstrap.setPipelineFactory(new HttpSnoopClientPipelineFactory());

    // TODO audit and timestamp logging
    if (logger.isInfoEnabled()) {
        logger.info("Starting connection to !" + realRequest.getUri());
    }
    // Start the connection attempt.
    // ChannelFuture future = bootstrap.connect(new InetSocketAddress(realRequest.getHost(), realRequest.getPort()));
    logger.info(realRequest.getHost() + " " + realRequest.getPort());
    ChannelFuture future = bootstrap.connect(new InetSocketAddress("myname.organization.com", 8443));

    // register some things to happen after the channel completes     
    future.addListener(new ChannelFutureListener() {

        @Override
        public void operationComplete(ChannelFuture future) throws Exception {


            if (!future.isSuccess()) {
                logger.error("Error connecting to " + realRequest.getHost() + ":" + realRequest.getPort() + " " + realRequest.getUri());
                bootstrap.releaseExternalResources();

            } else {

                if (logger.isInfoEnabled()) {
                    logger.info("Connected to " + realRequest.getHost() + ":" + realRequest.getPort() + " " + realRequest.getUri());
                }

                // Send the HTTP request.
                Channel channel = future.getChannel();

                HttpRequest request = new DefaultHttpRequest(
                HttpVersion.HTTP_1_1, HttpMethod.GET, "/factorial");
                request.setHeader(HttpHeaders.Names.HOST, "myname.organization.com");
                request.setHeader(HttpHeaders.Names.CONNECTION, HttpHeaders.Values.CLOSE);
                request.setHeader(HttpHeaders.Names.ACCEPT_ENCODING, HttpHeaders.Values.GZIP);

                ChannelFuture writeFuture = channel.write(request);

                writeFuture.addListener(new ChannelFutureListener() {

                    @Override
                    public void operationComplete(ChannelFuture future) throws Exception {

                        logger.info("Wrote data complete");
                        // TODO once bootstrap is reused, get rid of this
                        // Shut down executor threads to exit.
                        // bootstrap.releaseExternalResources();
                    }
                });

            }
        }
    });

这是我的输出在启用SSL调试时的样子:

32 [main] INFO nettyliteserver.remotequeries.HttpsQuery - Starting connection to !https://myname.organization.com:8443/factorial
32 [main] INFO nettyliteserver.remotequeries.HttpsQuery - myname.organization.com 8443
***
found key for : myname.organization.com
chain [0] = [
[
  Version: V1
  Subject: CN=myname.organization.com, OU=myname.organization.com, O=myname.organization.com, L=myname.organization.com, ST=myname.organization.com, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 94642469145065852073118930371145672868332389407646565010478303790446281089121119363888463093443199472593726155607365724815252704927244864250811984977900576391208121343883948799873869280369621492901495505803717080952775289840654752626694613842653754724186814688913115288788127483906065658243886585022651573993
  public exponent: 65537
  Validity: [From: Fri Mar 09 13:29:22 EST 2012,
               To: Sat Mar 09 13:29:22 EST 2013]
  Issuer: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
  SerialNumber: [    71c8]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: C5 55 9C 1D 76 CE 05 87   45 0D C3 15 9C DB 0B 3A  .U..v...E......:
0010: 70 0E 50 0C DB DB B4 62   2F BA A3 30 48 C0 D2 E9  p.P....b/..0H...
0020: 45 9C 3C C0 4A 84 7B 21   51 78 93 F1 63 4C 61 37  E.<.J..!Qx..cLa7
0030: 21 97 E8 38 F9 62 C5 EA   02 53 28 4F F8 EC 01 F2  !..8.b...S(O....
0040: 08 70 DB 96 D5 1D 9E 0A   89 33 D3 1D C8 79 8B C1  .p.......3...y..
0050: 6E 07 C4 98 FA 55 85 80   D4 10 AF A7 E5 A7 94 FA  n....U..........
0060: 45 CB DA 7C FA 66 C6 FC   69 A4 B2 05 01 C6 DC 8E  E....f..i.......
0070: AC 15 7D A2 FC 25 DF FE   19 80 D4 27 07 EA D6 3F  .....%.....'...?
0080: 5C 73 5F 63 0B 4E 02 FC   49 EA 76 69 FA 82 5B 1B  \s_c.N..I.vi..[.
0090: 3B 45 6B 95 DC 8F C2 E8   A9 6C 10 CD 9B E0 59 D7  ;Ek......l....Y.
00A0: DC E6 69 2C F9 DB 99 F7   7F E3 76 81 13 CD B3 FE  ..i,......v.....
00B0: 1D AD 32 7D 6F 74 A9 12   4B 06 E2 9F E9 1F EF 8A  ..2.ot..K.......
00C0: 1F CA 1D B8 08 47 00 1D   19 53 87 0A E3 FA B4 B5  .....G...S......
00D0: 99 4F B9 97 5D D0 EE 0D   DD 09 5F 3C 41 31 D6 18  .O..]....._<A1..
00E0: 5C 39 01 8E DA D9 27 85   FE 0F C5 EE 00 A3 27 44  \9....'.......'D
00F0: C0 A1 42 EA 13 5B 66 3B   64 E3 EA 9B 23 20 0B C6  ..B..[f;d...# ..
0100: 66 DB AB 79 77 97 3E 4A   D0 C7 79 C4 D2 E7 BD 1A  f..yw.>J..y.....
0110: F3 90 39 A2 A4 69 A9 A1   4E A3 0B 92 93 9F 8F 4F  ..9..i..N......O
0120: C3 4F CE E7 20 D6 45 4D   9B E0 B2 58 EC 96 19 99  .O.. .EM...X....
0130: E0 F3 BB E4 EF 7E 1D C7   C3 48 8B D0 7D 2D 8C 3A  .........H...-.:
0140: 1A AF 77 3A 83 F4 51 C9   D6 DE BE 24 3B 03 7C A9  ..w:..Q....$;...
0150: 4B 5C C4 6E 59 AB E2 02   63 73 CE 98 8A D0 45 D5  K\.nY...cs....E.
0160: 6C FE 23 79 93 69 D5 74   0D AF FE 23 AE BB 3F E4  l.#y.i.t...#..?.
0170: 9C 05 87 E1 2E 91 51 D6   44 55 7E 66 73 1D BB C2  ......Q.DU.fs...
0180: F3 E8 4D CA 50 D9 6D 2A   AD 84 EF C7 70 4B 15 EA  ..M.P.m*....pK..
0190: C4 E0 33 3E 44 89 A3 97   8C 32 17 FD B9 DD 22 FB  ..3>D....2....".
01A0: 08 CF 1E 49 78 B7 2F 8E   60 66 58 3D 57 6F 21 72  ...Ix./.`fX=Wo!r
01B0: D3 87 38 9C DD EB 60 D8   BD 06 A8 04 FD 2D 59 EA  ..8...`......-Y.
01C0: 82 A8 E8 E7 73 81 1E DE   FD 51 33 0C F7 47 AE 34  ....s....Q3..G.4
01D0: 58 57 DD CE FD 12 68 A6   A8 2E 58 4F C7 6A 1E 27  XW....h...XO.j.'
01E0: 39 EF C7 BE 75 32 96 99   6B 1B E6 23 2A A5 0E 2F  9...u2..k..#*../
01F0: 35 0A 0C 0C FA 92 65 1D   DC 17 56 57 C4 08 89 48  5.....e...VW...H

]
chain [1] = [
[
  Version: V1
  Subject: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 4096 bits
  modulus: 806866056348410276765741718640530245144236832502515305762072630647553277327953919063172921502880537921571234334570551528531888439605163701867371172813984927986527584575335107418628498623377289440387978453125866503947773575289298639780740830349842738718874502642354354786938153803982142709595698253667527748252780647208422256786989310056682111281793756866001585577762899819782647308899956239433307951381179494148030342543127196354965114705680137760255253494869690234155019595101679874833401305309080790668924554791611347641826073186513714032079267845800910995372117962695304732667441462587341743926848435668491205343373472147947564642450777593350053051331533112897445884090255314793988795654376385927964164743689070718825504556057816253883950563232708345137230621100544965407234099088514072120925433729718654307794068734283314839693884400349895261851764957828001331060077733384251643023885026867016629337741393451760864161087662305445338147618921663305526880031574988450298248773113067904762125722376437187045162922144483754266350990810318433387352520742359961188082219224300651116723774686748606066644650420169490565673256120050113505389581136874611045622641221693918773655462724374483166653830081719164259720121105179323613660081321
  public exponent: 65537
  Validity: [From: Fri Mar 09 13:29:15 EST 2012,
               To: Sat Mar 09 13:29:15 EST 2013]
  Issuer: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
  SerialNumber: [    c1e2c18c f327ad81]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 8A EB 65 0E 88 09 BE 9A   BA 88 FB CA 9A D4 53 F4  ..e...........S.
0010: B0 5C 91 67 BD C9 35 67   2D 37 78 2D 5C E6 4B 26  .\.g..5g-7x-\.K&
0020: E9 8E 20 3D DE 92 9B 29   A7 CB CC 5F 4E E3 CD 1A  .. =...)..._N...
0030: FA 5B EB 0D 42 DC 17 05   4E D6 34 72 43 46 6C 55  .[..B...N.4rCFlU
0040: 99 FF AC 00 2E BF 28 5D   4A 6A 21 DE 72 9E 6C 7A  ......(]Jj!.r.lz
0050: A6 10 28 27 21 72 0F 69   09 04 D3 FB A7 83 DF 81  ..('!r.i........
0060: E2 78 BD 0B 4F D7 AA B4   CC E2 E4 3B A5 30 A3 14  .x..O......;.0..
0070: B4 83 75 DC E6 8C 01 9A   B2 BA FF 0D 3F AA F1 30  ..u.........?..0
0080: A0 33 A9 CC 13 08 72 8F   E2 75 1D 3B 30 B8 82 3C  .3....r..u.;0..<
0090: 9A A0 A3 68 18 60 C0 1F   E4 2E 06 D6 1B B8 46 6F  ...h.`........Fo
00A0: AB D3 C9 AD 89 E6 E7 48   12 0F 90 A5 B8 A2 17 51  .......H.......Q
00B0: 41 AF 1E 62 6C D2 48 B2   41 C6 CE 1D 4E B1 F7 90  A..bl.H.A...N...
00C0: 34 26 E0 5D 95 7B BD 93   BA 4C D1 7A 08 A9 1E 57  4&.].....L.z...W
00D0: 03 EE F2 EC BD 8E 36 43   1D 4F 9E 39 56 A8 E4 B6  ......6C.O.9V...
00E0: 44 6C D5 D3 8C F0 FE 1F   87 87 67 2D E6 05 7E BA  Dl........g-....
00F0: 18 FB 6C 0B D8 80 19 08   27 8F 60 09 A6 BA 68 55  ..l.....'.`...hU
0100: 05 13 A8 9C 04 06 F8 24   A1 52 DB 67 69 2E FE 12  .......$.R.gi...
0110: A5 23 D1 2E 56 EA 54 08   83 DD 91 43 45 8B F6 97  .#..V.T....CE...
0120: 01 65 CC 32 4C FA D6 89   81 83 B4 21 92 F4 EC 29  .e.2L......!...)
0130: 68 87 51 A0 FC B7 7D BD   90 F8 A1 F8 68 82 CF 03  h.Q.........h...
0140: 4E 9C C2 FA AF 4A D3 AD   0B AB AB 73 4B B4 95 B0  N....J.....sK...
0150: EC 64 6B 8E 2B D4 E1 41   96 19 EC E9 6B 92 51 8A  .dk.+..A....k.Q.
0160: D8 C1 87 FC DB B4 12 BD   14 AB 5C 07 73 AA DE CE  ..........\.s...
0170: E5 05 8F E9 CC 9F C4 2A   B6 0F 5D 40 8E 7A 82 7E  .......*..]@.z..
0180: CD 28 88 8F 01 3E 6C EF   E7 01 58 2E C9 3F 0E 44  .(...>l...X..?.D
0190: 4D 1A 2B BB 0D 51 76 38   26 D4 89 5C 9B AB 63 FA  M.+..Qv8&..\..c.
01A0: 4B 63 7C DC 0E 05 01 BB   E4 97 73 03 4F 83 71 1E  Kc........s.O.q.
01B0: B6 CB A6 62 F9 21 1B F2   24 D3 85 1D E6 31 87 E4  ...b.!..$....1..
01C0: D6 74 09 70 C3 D0 4C 35   7E F1 49 5A 60 B7 02 72  .t.p..L5..IZ`..r
01D0: 04 C9 83 AD 5E 63 1F 7B   97 4C 35 7F 15 88 D5 5D  ....^c...L5....]
01E0: DA 3B F6 80 9B 07 E5 86   4B 67 F6 B2 66 DE 81 6C  .;......Kg..f..l
01F0: FF B6 99 D1 06 EF 3A 27   68 8D F2 EE 72 C4 48 64  ......:'h...r.Hd

]
***
adding as trusted cert:
  Subject: CN=myname.organization.com, OU=myname.organization.com, O=myname.organization.com, L=myname.organization.com, ST=myname.organization.com, C=US
  Issuer:  C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
  Algorithm: RSA; Serial number: 0x71c8
  Valid from Fri Mar 09 13:29:22 EST 2012 until Sat Mar 09 13:29:22 EST 2013

adding as trusted cert:
  Subject: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
  Issuer:  C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
  Algorithm: RSA; Serial number: 0xc1e2c18cf327ad81
  Valid from Fri Mar 09 13:29:15 EST 2012 until Sat Mar 09 13:29:15 EST 2013

trigger seeding of SecureRandom
done seeding SecureRandom
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.

985 [main] INFO nettyliteserver.ssl.FlexibleErrorSslHandler - handleDownstream

这就是终止的地方。我已经改变了一点打印输出,所以有时候我还得到一行,来自logger.info的打印输出(“连接到”+ realRequest.getHost()+“:”+ realRequest.getPort()+“”+ realRequest.getUri());但我真的不知道是什么导致它关闭。

我尝试覆盖netty SSLHandler并在其所有公共操作上添加了打印输出,但是从不调用close(),channelConnected(),channelDisconnected()等方法。握手()也不是。

我的管道设置为握手:

public class HttpSnoopClientPipelineFactory implements ChannelPipelineFactory {

    public ChannelPipeline getPipeline() throws Exception {
        // Create a default pipeline implementation.
        ChannelPipeline pipeline = pipeline();

        // Enable HTTPS 

        SSLEngine engine =
            SecureChatSslContextFactory.getClientContext().createSSLEngine();
        engine.setUseClientMode(true);

        System.out.println("HERE!!!!!!!!!!!!");

        pipeline.addLast("ssl", new SslHandler(engine));


        pipeline.addLast("codec", new HttpClientCodec());

        // Remove the following line if you don't want automatic content decompression.
        pipeline.addLast("inflater", new HttpContentDecompressor());

        // Uncomment the following line if you don't want to handle HttpChunks.
        //pipeline.addLast("aggregator", new HttpChunkAggregator(1048576));

        pipeline.addLast("handler", new HttpSnoopClientHandler());
        return pipeline;
    }
}

我的自定义SSLHandler与库的SslHandler非常相似,我只是在委托超级版本之前覆盖了添加打印输出的方法。

看起来唯一被调用的是handleDownstream()

2 个答案:

答案 0 :(得分:2)

连接成功后,您需要自己调用SslHandler.handshake()。

类似的东西:

future.getChannel().getPipeline(SslHandler.class).handshake();

这需要在您添加到ChannelPipeline的connect方法或SimpleChannelUpstreamHandler实现返回的ChannelFuture中完成

答案 1 :(得分:0)

Netty文档声明:

  

<强>握手

     

如果isIssueHandshake()为false(默认值),则需要注意   你自己调用handshake()。在大多数情况下,SslHandler是   在“客户端模式”中使用,您希望一旦发出握手   建立了联系。如果setIssueHandshake(boolean)设置为   确实,你不需要像SslHandler那样担心这个问题   关心它。

请参阅javadoc

因此,您应该在建立连接之前在SslHandler上设置isIssueHandshake:

SslHandler sslHandler = new SslHandler(engine);
setIssueHandshake(boolean);
pipeline.addLast("ssl", sslHandler);