@Override public void initChannel(SocketChannel ch) throws Exception { if (LOG.isDebugEnabled()) { LOG.debug("Initializing source channel pipeline"); } ChannelPipeline serverPipeline = ch.pipeline(); if (http2Enabled) { if (sslHandlerFactory != null) { if (ocspStaplingEnabled) { OCSPResp response = getOcspResponse(); ReferenceCountedOpenSslContext context = (ReferenceCountedOpenSslContext) keystoreHttp2SslContext; SslHandler sslHandler = context.newHandler(ch.alloc()); ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) sslHandler.engine(); engine.setOcspResponse(response.getEncoded()); ch.pipeline().addLast(sslHandler, new Http2PipelineConfiguratorForServer(this)); } else { serverPipeline.addLast(keystoreHttp2SslContext.newHandler(ch.alloc()), new Http2PipelineConfiguratorForServer(this)); } } else { configureH2cPipeline(serverPipeline); } } else { if (sslHandlerFactory != null) { configureSslForHttp(serverPipeline, ch); } else { configureHttpPipeline(serverPipeline, Constants.HTTP_SCHEME); } } }
private void configureSslForHttp(ChannelPipeline serverPipeline, SocketChannel ch) throws CertificateVerificationException, KeyStoreException, IOException, CertificateException { SSLEngine sslEngine; if (ocspStaplingEnabled) { OCSPResp response = getOcspResponse(); ReferenceCountedOpenSslContext context = sslHandlerFactory .getServerReferenceCountedOpenSslContext(ocspStaplingEnabled); SslHandler sslHandler = context.newHandler(ch.alloc()); sslEngine = sslHandler.engine(); ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) sslEngine; engine.setOcspResponse(response.getEncoded()); ch.pipeline().addLast(sslHandler); } else { if (sslConfig.getServerKeyFile() != null) { SslHandler sslHandler = certAndKeySslContext.newHandler(ch.alloc()); sslEngine = sslHandler.engine(); sslHandlerFactory.addCommonConfigs(sslEngine); } else { sslEngine = sslHandlerFactory.buildServerSSLEngine(keystoreSslContext); } serverPipeline.addLast(Constants.SSL_HANDLER, new SslHandler(sslEngine)); if (validateCertEnabled) { serverPipeline.addLast(Constants.HTTP_CERT_VALIDATION_HANDLER, new CertificateValidationHandler(sslEngine, cacheDelay, cacheSize)); } } serverPipeline.addLast(Constants.SSL_COMPLETION_HANDLER, new SslHandshakeCompletionHandlerForServer(this, serverPipeline, sslEngine)); }
SslHandler sslHandler = referenceCountedOpenSslContext.newHandler(socketChannel.alloc()); sslEngine = sslHandler.engine(); socketChannel.pipeline().addLast(sslHandler);
createHttp2TLSContextForClient(sslConfig.isOcspStaplingEnabled()); if (referenceCountedOpenSslContext != null) { SslHandler sslHandler = referenceCountedOpenSslContext.newHandler(ch.alloc()); ReferenceCountedOpenSslEngine engine = (ReferenceCountedOpenSslEngine) sslHandler.engine(); ch.pipeline().addLast(sslHandler);