netty（十六）报文加密

本次作实践，序列号承接 netty（十三）protobuf + 心跳

1 对称加密AES

服务端

pipeline.addLast(new LengthFieldBasedFrameDecoder(10000, 0, 4, 0, 4));
pipeline.addLast(new MyProtobufDecoder());
pipeline.addLast(new ProtobufDecoder(MyBaseProtoV2.BaseProto.getDefaultInstance()));

pipeline.addLast(new LengthFieldPrepender(4));
pipeline.addLast(new MyProtobufEncoder());
pipeline.addLast(new ProtobufEncoder());

pipeline.addLast(new IdleStateHandler(61, 0, 0, TimeUnit.SECONDS));
pipeline.addLast(new ServerHeartbeatHandler());
//处理类
pipeline.addLast(new ServerHandler4V2Heart());

客户端

pipeline.addLast(new LengthFieldBasedFrameDecoder(10000, 0, 4, 0, 4));
pipeline.addLast(new MyProtobufDecoder());
pipeline.addLast(new ProtobufDecoder(MyBaseProto.BaseProto.getDefaultInstance()));

pipeline.addLast(new LengthFieldPrepender(4));
pipeline.addLast(new MyProtobufEncoder());
pipeline.addLast(new ProtobufEncoder());

pipeline.addLast(new IdleStateHandler(61, 30, 0, TimeUnit.SECONDS));主动发心跳
pipeline.addLast(new ClientHeartbeatHandler());

//处理类
pipeline.addLast(new ClientHandler4Heart());

AES算法，服务端、客户端两端使用同样的加密、解密handler

netty编码的顺序为：

pb encoder-aesencoder-tcp粘拆包

netty解码的顺序为：

tcp粘拆包-aesdecoder-pb decoder

加密：

public class MyProtobufEncoder extends MessageToMessageEncoder<ByteBuf> {

    @Override
    protected void encode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
        byte [] bytes = new byte[byteBuf.readableBytes()];
        byteBuf.readBytes(bytes);
        byte [] encoded = AESTest.encode(bytes);
        ByteBuf buf = Unpooled.wrappedBuffer(encoded);
        list.add(buf);

    }
}

解密：

public class MyProtobufDecoder extends MessageToMessageDecoder<ByteBuf> {

    @Override
    protected void decode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
        byte [] bytes = new byte[byteBuf.readableBytes()];
        byteBuf.readBytes(bytes);
        byte [] encoded = AESTest.decode(bytes);
        ByteBuf buf = Unpooled.wrappedBuffer(encoded);
        list.add(buf);
    }
}

这个地方性能会有些问题，Bytebuf——byte[]——Bytebuf，存在2次内存拷贝

2 非对称加密RSA

服务端使用私钥加解密

pipeline.addLast(new LengthFieldBasedFrameDecoder(10000, 0, 4, 0, 4));
pipeline.addLast(new MyProtobufServerDecoder());
pipeline.addLast(new ProtobufDecoder(MyBaseProtoV2.BaseProto.getDefaultInstance()));
pipeline.addLast(new LengthFieldPrepender(4));
pipeline.addLast(new MyProtobufServerEncoder());
pipeline.addLast(new ProtobufEncoder());

pipeline.addLast(new IdleStateHandler(61, 0, 0, TimeUnit.SECONDS));
pipeline.addLast(new ServerHeartbeatHandler());
//处理类
pipeline.addLast(new ServerHandler4V2Heart());

客户端使用公钥加解密

pipeline.addLast(new LengthFieldBasedFrameDecoder(10000, 0, 4, 0, 4));
pipeline.addLast(new MyProtobufClientDecoder());
pipeline.addLast(new ProtobufDecoder(MyBaseProto.BaseProto.getDefaultInstance()));
pipeline.addLast(new LengthFieldPrepender(4));
pipeline.addLast(new MyProtobufClientEncoder());
pipeline.addLast(new ProtobufEncoder());

pipeline.addLast(new IdleStateHandler(61, 30, 0, TimeUnit.SECONDS));
pipeline.addLast(new ClientHeartbeatHandler());

//处理类
pipeline.addLast(new ClientHandler4Heart());

netty服务端编码的顺序为：

pb encoder-rsa私钥加密-tcp粘拆包

public class MyProtobufServerEncoder extends MessageToMessageEncoder<ByteBuf> {

    @Override
    protected void encode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
        byte [] bytes = new byte[byteBuf.readableBytes()];
        byteBuf.readBytes(bytes);
        byte [] encoded = RSACoder.encryptByPrivateKey(bytes);
        ByteBuf buf = Unpooled.wrappedBuffer(encoded);
        list.add(buf);

    }
}

netty服务端解码的顺序为：

tcp粘拆包-rsa私钥解密-pb decoder

public class MyProtobufServerDecoder extends MessageToMessageDecoder<ByteBuf> {

    @Override
    protected void decode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
        byte [] bytes = new byte[byteBuf.readableBytes()];
        byteBuf.readBytes(bytes);
        byte [] encoded = RSACoder.decryptByPrivateKey(bytes);
        ByteBuf buf = Unpooled.wrappedBuffer(encoded);
        list.add(buf);
    }
}

netty客户端编码的顺序为：

pb encoder-rsa公钥加密-tcp粘拆包

public class MyProtobufClientEncoder extends MessageToMessageEncoder<ByteBuf> {

    @Override
    protected void encode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
        byte [] bytes = new byte[byteBuf.readableBytes()];
        byteBuf.readBytes(bytes);
        byte [] encoded = RSACoder.encryptByPublicKey(bytes);
        ByteBuf buf = Unpooled.wrappedBuffer(encoded);
        list.add(buf);

    }
}

netty客户端解码的顺序为：

tcp粘拆包-rsa公钥解密-pb decoder

public class MyProtobufClientDecoder extends MessageToMessageDecoder<ByteBuf> {

    @Override
    protected void decode(ChannelHandlerContext channelHandlerContext, ByteBuf byteBuf, List<Object> list) throws Exception {
        byte [] bytes = new byte[byteBuf.readableBytes()];
        byteBuf.readBytes(bytes);
        byte [] encoded = RSACoder.decryptByPublicKey(bytes);
        ByteBuf buf = Unpooled.wrappedBuffer(encoded);
        list.add(buf);
    }
}

posted on 2019-11-09 17:39 silyvin 阅读(2273) 评论(2) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

无

netty（十六）报文加密

导航

公告