@Override public void channelActive(ChannelHandlerContext ctx) throws Exception { if (LOG.isTraceEnabled()) { LOG.trace("Channel active {}", ctx.channel()); } final Channel channel = ctx.channel(); InetAddress addr = ((InetSocketAddress) channel.remoteAddress()) .getAddress(); if (maxClientCnxns > 0 && getClientCnxnCount(addr) >= maxClientCnxns) { ServerMetrics.CONNECTION_REJECTED.add(1); LOG.warn("Too many connections from {} - max is {}", addr, maxClientCnxns); channel.close(); return; } NettyServerCnxn cnxn = new NettyServerCnxn(channel, zkServer, NettyServerCnxnFactory.this); ctx.channel().attr(CONNECTION_ATTRIBUTE).set(cnxn); if (secure) { SslHandler sslHandler = ctx.pipeline().get(SslHandler.class); Future<Channel> handshakeFuture = sslHandler.handshakeFuture(); handshakeFuture.addListener(new CertificateVerifier(sslHandler, cnxn)); } else { allChannels.add(ctx.channel()); addCnxn(cnxn); } }
@Override protected void initChannel(final SocketChannel channel) { final SslHandler sslHandler = sslContext.newHandler(channel.alloc()); channel.pipeline().addLast(sslHandler); channel.pipeline().addLast(ConnectionNegotiationErrorHandler.INSTANCE); sslHandler.handshakeFuture().addListener(new GenericFutureListener<Future<Channel>>() { @Override public void operationComplete(final Future<Channel> handshakeFuture) throws Exception { if (handshakeFuture.isSuccess()) { BaseHttp2Server.this.addHandlersToPipeline(sslHandler.engine().getSession(), channel.pipeline()); channel.pipeline().remove(ConnectionNegotiationErrorHandler.INSTANCE); BaseHttp2Server.this.allChannels.add(channel); } else { log.debug("TLS handshake failed.", handshakeFuture.cause()); } } }); } });
sslHandler.handshakeFuture().addListener(new GenericFutureListener<Future<Channel>>() { @Override public void operationComplete(final Future<Channel> handshakeFuture) {
SslHandler sslHandler = ch.pipeline().get(SslHandler.class); if (sslHandler != null) { Future<Channel> handshakeFuture = sslHandler.handshakeFuture(); if (handshakeFuture.awaitUninterruptibly(30000)) { if (handshakeFuture.isSuccess()) {
public Future<Channel> updatePipelineForHttpTunneling(ChannelPipeline pipeline, Uri requestUri) { Future<Channel> whenHanshaked = null; if (pipeline.get(HTTP_CLIENT_CODEC) != null) pipeline.remove(HTTP_CLIENT_CODEC); if (requestUri.isSecured()) { if (!isSslHandlerConfigured(pipeline)) { SslHandler sslHandler = createSslHandler(requestUri.getHost(), requestUri.getExplicitPort()); whenHanshaked = sslHandler.handshakeFuture(); pipeline.addBefore(INFLATER_HANDLER, SSL_HANDLER, sslHandler); } pipeline.addAfter(SSL_HANDLER, HTTP_CLIENT_CODEC, newHttpClientCodec()); } else { pipeline.addBefore(AHC_HTTP_HANDLER, HTTP_CLIENT_CODEC, newHttpClientCodec()); } if (requestUri.isWebSocket()) { pipeline.addAfter(AHC_HTTP_HANDLER, AHC_WS_HANDLER, wsHandler); pipeline.remove(AHC_HTTP_HANDLER); } return whenHanshaked; }
sslHandler.handshakeFuture().addListener(new SimpleFutureListener<Channel>() { @Override protected void onSuccess(Channel value) {
/** * Create {@link io.netty.handler.ssl.SslHandler} and send TCP handshaking using * {@link javax.net.ssl.SSLEngine} * After add ssl handler to the end of {@link io.netty.channel.ChannelPipeline}, it enable * secure communications over SSL/TLS * * @param isSslClient true if the channel start handshaking or false if accept handshaking * @param channel the channel to start handshaking * */ private Future<Channel> handshake(SSLEngine sslEngine, boolean isSslClient, Channel channel) { sslEngine.setUseClientMode(isSslClient); if (channel != null) { channel.config().setAutoRead(true); } SslHandler handler = new SslHandler(sslEngine); channel.pipeline().addFirst("ssl", handler); LOG.debug("About to start handshaking..."); return handler.handshakeFuture(); }
@Override public void flush(ChannelHandlerContext ctx) throws Exception { _sslHandler.handshakeFuture().addListener(future -> ctx.flush()); } }
@Override public void channelActive(final ChannelHandlerContext ctx) throws Exception { // Once session is secured, send a greeting and register the channel to // the global channel // list so the channel received the messages from others. ctx.pipeline().get(SslHandler.class).handshakeFuture() .addListener(new GenericFutureListener<Future<Channel>>() { @Override public void operationComplete(Future<Channel> future) throws Exception { ctx.writeAndFlush("Welcome to " + InetAddress.getLocalHost().getHostName() + " secure chat service!\n"); ctx.writeAndFlush("Your session is protected by " + ctx.pipeline().get(SslHandler.class).engine() .getSession().getCipherSuite() + " cipher suite.\n"); channels.add(ctx.channel()); } }); }
@Override protected void initChannel(final SocketChannel channel) { final SslHandler sslHandler = sslContext.newHandler(channel.alloc()); channel.pipeline().addLast(sslHandler); channel.pipeline().addLast(ConnectionNegotiationErrorHandler.INSTANCE); sslHandler.handshakeFuture().addListener(new GenericFutureListener<Future<Channel>>() { @Override public void operationComplete(final Future<Channel> handshakeFuture) throws Exception { if (handshakeFuture.isSuccess()) { BaseHttp2Server.this.addHandlersToPipeline(sslHandler.engine().getSession(), channel.pipeline()); channel.pipeline().remove(ConnectionNegotiationErrorHandler.INSTANCE); BaseHttp2Server.this.allChannels.add(channel); } else { log.debug("TLS handshake failed.", handshakeFuture.cause()); } } }); } });
@Override public void channelRead0(ChannelHandlerContext ctx, String msg) throws Exception { if ("StartTlsResponse".equals(msg)) { ctx.pipeline().addAfter("logger", "ssl", sslHandler); handshakeFuture = sslHandler.handshakeFuture(); ctx.writeAndFlush("EncryptedRequest\n"); return; } assertEquals("EncryptedResponse", msg); assertNotNull(handshakeFuture); assertTrue(handshakeFuture.isSuccess()); ctx.close(); }
@Override public void channelActive(final ChannelHandlerContext ctx) throws Exception { ChannelListener listener = this.listenerFactory.createChannelListener(new ObjectChannelImpl(ctx.channel())); this.listeners.put(ctx.channel(), listener); maxChannels = Math.max(maxChannels, this.listeners.size()); SslHandler sslHandler = ctx.pipeline().get(SslHandler.class); if (sslHandler != null) { sslHandler.handshakeFuture().addListener(new GenericFutureListener<DefaultPromise<Channel>>() { @Override public void operationComplete(DefaultPromise<Channel> future) throws Exception { onConnection(ctx.channel()); } }); } else { onConnection(ctx.channel()); } }
private void onFutureSuccess(final Channel channel) throws ConnectException { SslHandler sslHandler = channel.pipeline().get(SslHandler.class); if (sslHandler != null) { sslHandler.handshakeFuture().addListener(new GenericFutureListener<Future<Channel>>() { @Override public void operationComplete(Future<Channel> handshakeFuture) throws Exception { if (handshakeFuture.isSuccess()) { final AsyncHandler<T> asyncHandler = future.getAsyncHandler(); if (asyncHandler instanceof AsyncHandlerExtensions) AsyncHandlerExtensions.class.cast(asyncHandler).onSslHandshakeCompleted(); writeRequest(channel); } else { onFutureFailure(channel, handshakeFuture.cause()); } } }); } else { writeRequest(channel); } }
@Override public void connect(ChannelHandlerContext ctx, SocketAddress remoteAddress, SocketAddress localAddress, ChannelPromise promise) throws Exception { InetSocketAddress address = ((InetSocketAddress) remoteAddress); SslHandler sslHandler = _hostPortToSslHandler.create(ctx, address.getHostName(), address.getPort()); ctx.pipeline().addAfter(PIPELINE_SESSION_RESUMPTION_HANDLER, SslHandlerUtil.PIPELINE_SSL_HANDLER, sslHandler); ctx.pipeline().addAfter(SslHandlerUtil.PIPELINE_SSL_HANDLER, SSL_HANDSHAKE_TIMING_HANDLER, new SslHandshakeTimingHandler(sslHandler.handshakeFuture())); // the certificate handler should be run only after the handshake is completed (and therefore after the ssl handler) ctx.pipeline().addAfter(SslHandlerUtil.PIPELINE_SSL_HANDLER, CertificateHandler.PIPELINE_CERTIFICATE_HANDLER, new CertificateHandler(sslHandler)); ctx.pipeline().remove(PIPELINE_SESSION_RESUMPTION_HANDLER); super.connect(ctx, remoteAddress, localAddress, promise); }
@Override protected final void startNegotiation() { final Optional<SslHandler> sslHandler = getSslHandler(channel); if (sslHandler.isPresent()) { Future<Channel> future = sslHandler.get().handshakeFuture(); future.addListener(new GenericFutureListener<Future<? super Channel>>() { @Override public void operationComplete(final Future<? super Channel> future) { Preconditions.checkState(future.isSuccess(), "Ssl handshake was not successful"); LOG.debug("Ssl handshake complete"); start(); } }); } else { start(); } }
@Override protected final void startNegotiation() { final Optional<SslHandler> sslHandler = getSslHandler(channel); if (sslHandler.isPresent()) { Future<Channel> future = sslHandler.get().handshakeFuture(); future.addListener(new GenericFutureListener<Future<? super Channel>>() { @Override public void operationComplete(final Future<? super Channel> future) { Preconditions.checkState(future.isSuccess(), "Ssl handshake was not successful"); LOG.debug("Ssl handshake complete"); start(); } }); } else { start(); } }
public void addSslHandler(ChannelPipeline p) { logger.debug("adding an SSL handler on {}", () -> p.channel()); SSLEngine engine = getEngine(); SslHandler sslHandler = new SslHandler(engine); p.addFirst("ssl", sslHandler); Future<Channel> future = sslHandler.handshakeFuture(); future.addListener(new GenericFutureListener<Future<Channel>>() { @Override public void operationComplete(Future<Channel> future) throws Exception { SSLSession sess = sslHandler.engine().getSession(); logger.trace("SSL started with {}", () -> sess); Principal p = checkSslClient(sess); logger.debug("Got SSL client identity {}", () -> (p != null ? p.getName() : "")); if (p != null) { future.get().attr(PRINCIPALATTRIBUTE).set(p); } future.get().attr(SSLSESSIONATTRIBUTE).set(sess); }}); }
@Override protected void setupSSL(ChannelPipeline pipe, ConnectionMultiListener.SSLHandshakeListener sslHandshakeListener) { String peerHost = endpoint.getAddress(); int peerPort = endpoint.getUserPort(); SSLEngine sslEngine = sslConfig.createSSLEngine(allocator, peerHost, peerPort); // Add SSL handler into pipeline SslHandler sslHandler = new SslHandler(sslEngine); sslHandler.setHandshakeTimeoutMillis(sslConfig.getHandshakeTimeout()); // Add a listener for SSL Handshake complete. The Drill client handshake will be enabled only // after this is done. sslHandler.handshakeFuture().addListener(sslHandshakeListener); pipe.addFirst(RpcConstants.SSL_HANDLER, sslHandler); logger.debug(sslConfig.toString()); }
@Override public void configureNewPipeline(ChannelPipeline pipeline) { final SslHandler sslHandler = new SslHandler(sslEngineFactory.createSSLEngine(pipeline.channel().alloc())); pipeline.addFirst(SSL_HANDLER_NAME, sslHandler); pipeline.addAfter(SSL_HANDLER_NAME, SSL_COMPLETION_HANDLER_NAME, new SslCompletionHandler(sslHandler.handshakeFuture())); } }
@Override public void configureNewPipeline(ChannelPipeline pipeline) { final SslHandler sslHandler = new SslHandler(sslEngineFactory.createSSLEngine(pipeline.channel().alloc())); if(proxy != null) { pipeline.addAfter(Constants.Properties.HTTP_PROXY_HANDLER_NAME,Constants.Properties.SSL_HANDLER_NAME, sslHandler); } else { pipeline.addFirst(Constants.Properties.SSL_HANDLER_NAME, sslHandler); } pipeline.addAfter(Constants.Properties.SSL_HANDLER_NAME, Constants.Properties.SSL_COMPLETION_HANDLER_NAME, new SslCompletionHandler(sslHandler.handshakeFuture())); } }