netty(十六)报文加密

本次作实践,序列号承接 netty(十三)protobuf + 心跳

1 对称加密AES

服务端

pipeline.addLast(new LengthFieldBasedFrameDecoder(10000, 0, 4, 0, 4));
pipeline.addLast(new MyProtobufDecoder());
pipeline.addLast(new ProtobufDecoder(MyBaseProtoV2.BaseProto.getDefaultInstance()));

pipeline.addLast(new LengthFieldPrepender(4));
pipeline.addLast(new MyProtobufEncoder());
pipeline.addLast(new ProtobufEncoder());

pipeline.addLast(new IdleStateHandler(61, 0, 0, TimeUnit.SECONDS));
pipeline.addLast(new ServerHeartbeatHandler());
//处理类
pipeline.addLast(new ServerHandler4V2Heart());

客户端

pipeline.addLast(new LengthFieldBasedFrameDecoder(10000, 0, 4, 0, 4));
pipeline.addLast(new MyProtobufDecoder());
pipeline.addLast(new ProtobufDecoder(MyBaseProto.BaseProto.getDefaultInstance()));

pipeline.addLast(new LengthFieldPrepender(4));
pipeline.addLast(new MyProtobufEncoder());
pipeline.addLast(new ProtobufEncoder());

pipeline.addLast(new IdleStateHandler(61, 30, 0, TimeUnit.SECONDS));主动发心跳
pipeline.addLast(new ClientHeartbeatHandler());

//处理类
pipeline.addLast(new ClientHandler4Heart());

 

AES算法,服务端、客户端两端使用同样的加密、解密handler

netty编码的顺序为:

pb encoder-aesencoder-tcp粘拆包

netty解码的顺序为:

tcp粘拆包-aesdecoder-pb decoder

 

加密:

public class MyProtobufEncoder extends MessageToMessageEncoder<ByteBuf> {

    @Override
    protected void encode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
        byte [] bytes = new byte[byteBuf.readableBytes()];
        byteBuf.readBytes(bytes);
        byte [] encoded = AESTest.encode(bytes);
        ByteBuf buf = Unpooled.wrappedBuffer(encoded);
        list.add(buf);

    }
}

 

解密:

public class MyProtobufDecoder extends MessageToMessageDecoder<ByteBuf> {

    @Override
    protected void decode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
        byte [] bytes = new byte[byteBuf.readableBytes()];
        byteBuf.readBytes(bytes);
        byte [] encoded = AESTest.decode(bytes);
        ByteBuf buf = Unpooled.wrappedBuffer(encoded);
        list.add(buf);
    }
}

 

这个地方性能会有些问题,Bytebuf——byte[]——Bytebuf,存在2次内存拷贝

 

 

 

2 非对称加密RSA

服务端使用私钥加解密

pipeline.addLast(new LengthFieldBasedFrameDecoder(10000, 0, 4, 0, 4));
pipeline.addLast(new MyProtobufServerDecoder());
pipeline.addLast(new ProtobufDecoder(MyBaseProtoV2.BaseProto.getDefaultInstance()));
pipeline.addLast(new LengthFieldPrepender(4));
pipeline.addLast(new MyProtobufServerEncoder());
pipeline.addLast(new ProtobufEncoder());

pipeline.addLast(new IdleStateHandler(61, 0, 0, TimeUnit.SECONDS));
pipeline.addLast(new ServerHeartbeatHandler());
//处理类
pipeline.addLast(new ServerHandler4V2Heart());

客户端使用公钥加解密

pipeline.addLast(new LengthFieldBasedFrameDecoder(10000, 0, 4, 0, 4));
pipeline.addLast(new MyProtobufClientDecoder());
pipeline.addLast(new ProtobufDecoder(MyBaseProto.BaseProto.getDefaultInstance()));
pipeline.addLast(new LengthFieldPrepender(4));
pipeline.addLast(new MyProtobufClientEncoder());
pipeline.addLast(new ProtobufEncoder());

pipeline.addLast(new IdleStateHandler(61, 30, 0, TimeUnit.SECONDS));
pipeline.addLast(new ClientHeartbeatHandler());

//处理类
pipeline.addLast(new ClientHandler4Heart());

 

netty服务端编码的顺序为:

pb encoder-rsa私钥加密-tcp粘拆包

public class MyProtobufServerEncoder extends MessageToMessageEncoder<ByteBuf> {

    @Override
    protected void encode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
        byte [] bytes = new byte[byteBuf.readableBytes()];
        byteBuf.readBytes(bytes);
        byte [] encoded = RSACoder.encryptByPrivateKey(bytes);
        ByteBuf buf = Unpooled.wrappedBuffer(encoded);
        list.add(buf);

    }
}

 

netty服务端解码的顺序为:

tcp粘拆包-rsa私钥解密-pb decoder

public class MyProtobufServerDecoder extends MessageToMessageDecoder<ByteBuf> {

    @Override
    protected void decode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
        byte [] bytes = new byte[byteBuf.readableBytes()];
        byteBuf.readBytes(bytes);
        byte [] encoded = RSACoder.decryptByPrivateKey(bytes);
        ByteBuf buf = Unpooled.wrappedBuffer(encoded);
        list.add(buf);
    }
}

 

netty客户端编码的顺序为:

pb encoder-rsa公钥加密-tcp粘拆包

public class MyProtobufClientEncoder extends MessageToMessageEncoder<ByteBuf> {

    @Override
    protected void encode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
        byte [] bytes = new byte[byteBuf.readableBytes()];
        byteBuf.readBytes(bytes);
        byte [] encoded = RSACoder.encryptByPublicKey(bytes);
        ByteBuf buf = Unpooled.wrappedBuffer(encoded);
        list.add(buf);

    }
}

 

netty客户端解码的顺序为:

tcp粘拆包-rsa公钥解密-pb decoder

public class MyProtobufClientDecoder extends MessageToMessageDecoder<ByteBuf> {

    @Override
    protected void decode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
        byte [] bytes = new byte[byteBuf.readableBytes()];
        byteBuf.readBytes(bytes);
        byte [] encoded = RSACoder.decryptByPublicKey(bytes);
        ByteBuf buf = Unpooled.wrappedBuffer(encoded);
        list.add(buf);
    }
}

 

posted on 2019-11-09 17:39  silyvin  阅读(2375)  评论(2编辑  收藏  举报