Netty SSL和websockets [英] Netty SSL and websockets

问题描述

我想以一种方式将SSL配置为websocket，基本上服务器将信息推送到网页，因此我需要对此进行保护.我已按照以下步骤设置了管道:

I want to configure SSL for one way websocket, basically server pushes information to the webpage and i need this secured. I have set up the pipeline as follows:

ChannelPipeline pipeline = Channels.pipeline();

SSLEngine engine = serverSslContext.getServerContext().createSSLEngine();
engine.setUseClientMode(false);
pipeline.addLast("ssl", new SslHandler(engine));        

pipeline.addLast("decoder", new HttpRequestDecoder());
pipeline.addLast("aggregator", new HttpChunkAggregator(65536));
pipeline.addLast("encoder", new HttpResponseEncoder());
pipeline.addLast("handler", webSocketHandler);

我的处理程序:

public class WebSocketHandler extends SimpleChannelUpstreamHandler {

public void messageReceived(ChannelHandlerContext ctx, MessageEvent event) throws Exception {.... }

public void channelDisconnected(ChannelHandlerContext ctx, ChannelStateEvent e) throws Exception {.... }

}

我的sslserverContext类:

my sslserverContext class:

 try {
            // Key store (Server side certificate)
            String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
            if (algorithm == null) {
                algorithm = "SunX509";
            }

            try {
                KeyStore ks = KeyStore.getInstance("JKS");
                FileInputStream fin = new FileInputStream(keyStoreFilePath);
                ks.load(fin, keyStoreFilePassword.toCharArray());

                // Set up key manager factory to use our key store
                // Assume key password is the same as the key store file
                // password
                KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
                kmf.init(ks, keyStoreFilePassword.toCharArray());

                // Initialise the SSLContext to work with our key managers.
                serverContext = SSLContext.getInstance(PROTOCOL);
                serverContext.init(kmf.getKeyManagers(), null, null);
            } catch (Exception e) {
                throw new Error("Failed to initialize the server-side SSLContext", e);
            }
        } catch (Exception ex) {
            if (LOGGER.isErrorEnabled()) {
                LOGGER.error("Error initializing SslContextManager. " + ex.getMessage(), ex);
            }
            //System.exit(1);
        } 

我的JavaScript页面:

my javascript page :

        var location =  ws://localhost:8989/websocket;

        ws = new WebSocket(location);
        ws.onopen = function(event) { alert("open"); }          
        ws.onclose = function(event) { alert("closed"); }

每次我尝试连接时，配置ssl都会调用"channelDisconnected"，但此后再也不会进行，方法"messageRecieved"也不会被调用.但是，如果我从管道中删除ssl处理程序，则一切正常，我已尝试按照以下示例进行操作:

Every time i try to connect, with ssl configured it calls "channelDisconnected", but never goes any further, the method "messageRecieved" is never called. However if i remove the ssl handler fromt he pipeline everything works fine, i have tried to follow the example :

https: //github.com/netty/netty/blob/3/src/main/java/org/jboss/netty/example/http/websocketx

有人有什么主意吗?

我得到的异常如下:

org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f70697420485454502f312e310d0a557067726164653a20776562736f636b65740d0a436f6e6e656374696f6e3a20557067726164650d0a486f73743a206c6f63616c686f73743a383538350d0a4f726967696e3a20687474703a2f2f6c6f63616c686f73743a383038300d0a507261676d613a206e6f2d63616368650d0a43616368652d436f6e74726f6c3a206e6f2d63616368650d0a5365632d576562536f636b65742d4b65793a204c7538506d6541477237474b35794c4431655a6679513d3d0d0a5365632d576562536f636b65742d56657273696f6e3a2031330d0a5365632d576562536f636b65742d457874656e73696f6e733a20782d7765626b69742d6465666c6174652d6672616d650d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e5420362e313b20574f57363429204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f32372e302e313435332e313136205361666172692f3533372e33360d0a436f6f6b69653a204a53455353494f4e494453534f3d38394439323935323630334642333832464246434330393933373436343043420d0a0d0a

推荐答案

使用 wss://localhost:8989/websocket 代替 ws ://localhost:8989/websocket .因为您使用的SSL与wss协议(安全协议)一起使用.如果只想使用ws协议，则需要从管道中删除SSLHandler.

Use wss://localhost:8989/websocket instead of ws://localhost:8989/websocket. Because you are using SSL which works with wss protocol, secured protocol. If you only want to work with ws protocol, you need to remove the SSLHandler from the pipeline.

这篇关于Netty SSL和websockets的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！