public void handleUpstream(ChannelHandlerContext ctx, ChannelEvent e) throws Exception { // Get the SslHandler from the ChannelPipeline so we can obtain the SslEngine from it. SslHandler handler = ctx.getPipeline().get(SslHandler.class); if (handler == null) { // SslHandler is needed by SPDY by design. throw new IllegalStateException("SslHandler is needed for SPDY"); } ChannelPipeline pipeline = ctx.getPipeline(); SelectedProtocol protocol = getProtocol(handler.getEngine()); switch (protocol) { case None: // Not done with choosing the protocol, so just return here for now, return; case SpdyVersion3_1: addSpdyHandlers(ctx, SpdyVersion.SPDY_3_1); break; case HttpVersion1_0: case HttpVersion1_1: addHttpHandlers(ctx); break; default: throw new IllegalStateException("Unknown SelectedProtocol"); } // When we reached here we can remove this handler as its now clear what protocol we want to use // from this point on. pipeline.remove(this); ctx.sendUpstream(e); }
protected SSLSession getSSLSession(ChannelHandlerContext ctx) { final SslHandler sslHandler = ctx.getPipeline().get(SslHandler.class); SSLSession sslSession = null; if (sslHandler != null) { sslSession = sslHandler.getEngine().getSession(); } return sslSession; }
private void turnSSLon(Channel channel) { if (sslContext != null) { channel.setReadable(false); SslHandler filter = new SslHandler(sslContext.createSSLEngine(), false); filter.getEngine().setUseClientMode(false); if (enabledCipherSuites != null && enabledCipherSuites.length > 0) { filter.getEngine().setEnabledCipherSuites(enabledCipherSuites); } channel.getPipeline().addFirst(SSL_HANDLER, filter); channel.setReadable(true); } } }
/** * Add the {@link SslHandler} to the pipeline and start encrypting after the next written message */ private void prepareStartTLS() { SslHandler filter = new SslHandler(engine, true); filter.getEngine().setUseClientMode(false); channel.getPipeline().addFirst(HandlerConstants.SSL_HANDLER, filter); }
@Override public Set<Credential> extractCredentials() { HashSet<Credential> credentials = new HashSet<Credential>(); ChannelHandlerContext handlerContext = getMessage().getHeader(NettyConstants.NETTY_CHANNEL_HANDLER_CONTEXT, ChannelHandlerContext.class); if (handlerContext != null) { SslHandler sslHandler = handlerContext.getPipeline().get(SslHandler.class); if (sslHandler != null) { credentials.addAll(new SSLSessionCredentialExtractor().extract(sslHandler.getEngine().getSession())); } } return credentials; }
/** * Add the {@link SslHandler} to the pipeline and start encrypting after the next written message */ private void prepareStartTLS() { SslHandler filter = new SslHandler(engine, true); filter.getEngine().setUseClientMode(false); channel.getPipeline().addFirst(HandlerConstants.SSL_HANDLER, filter); }
@Override public Set<Credential> extractCredentials() { HashSet<Credential> credentials = new HashSet<Credential>(); ChannelHandlerContext handlerContext = getMessage().getHeader(NettyConstants.NETTY_CHANNEL_HANDLER_CONTEXT, ChannelHandlerContext.class); if (handlerContext != null) { SslHandler sslHandler = handlerContext.getPipeline().get(SslHandler.class); if (sslHandler != null) { credentials.addAll(new SSLSessionCredentialExtractor().extract(sslHandler.getEngine().getSession())); } } return credentials; }
@Override public boolean startTLS() { if (!supportStartTLS()) { return false; } channel.setReadable(false); SslHandler filter = new SslHandler(sslContext.createSSLEngine(), false); filter.getEngine().setUseClientMode(false); if (enabledCipherSuites != null && enabledCipherSuites.length > 0) { filter.getEngine().setEnabledCipherSuites(enabledCipherSuites); } channel.getPipeline().addFirst(SSL_HANDLER, filter); channel.setReadable(true); return true; }
@Override public boolean startTLS() { if (supportStartTLS() == false) return false; // enable buffering of the stream ((StartTLSOutputStream)getAttachment(ctx).get(BUFFERED_OUT)).bufferTillCRLF(); SslHandler filter = new SslHandler(engine, true); filter.getEngine().setUseClientMode(false); ctx.getPipeline().addFirst("sslHandler", filter); return true; }
@Override public void operationComplete(ChannelFuture handshakeFuture) throws Exception { if (handshakeFuture.isSuccess()) { Channel channel = (Channel) handshakeFuture.getChannel(); SSLEngine engine = sslHandler.getEngine(); SSLSession session = engine.getSession(); if (LOGGER.isDebugEnabled()) LOGGER.debug("onFutureSuccess: session = {}, id = {}, isValid = {}, host = {}", session.toString(), Base64.encode(session.getId()), session.isValid(), host); if (hostnameVerifier.verify(host, session)) { writeRequest(channel, poolKey); } else { abortChannelPreemption(poolKey); ConnectException exception = new ConnectException("HostnameVerifier exception"); future.abort(exception); throw exception; } } } });
@Override public void channelDisconnected(ChannelHandlerContext ctx, ChannelStateEvent e) throws Exception { TlsClientChannel tlsClientChannel = this.tlsClientChannel; if (tlsClientChannel != null) { SslHandler tlsHandler = ctx.getPipeline().get(SslHandler.class); SSLEngine tlsEngine = tlsHandler.getEngine(); if (!tlsEngine.isInboundDone()) { if (tlsClientChannel.setReadAborted()) { fireInputAborted(tlsClientChannel); } } } }
@Override public void channelDisconnected(ChannelHandlerContext ctx, ChannelStateEvent e) throws Exception { TlsChildChannel tlsChildChannel = this.tlsChildChannel; if (tlsChildChannel != null) { SslHandler tlsHandler = ctx.getPipeline().get(SslHandler.class); SSLEngine tlsEngine = tlsHandler.getEngine(); if (!tlsEngine.isInboundDone()) { if (tlsChildChannel.setReadAborted()) { fireInputAborted(tlsChildChannel); } } } super.channelDisconnected(ctx, e); }
SSLEngine tlsEngine = handler.getEngine(); ExtendedSSLSession tlsSession = (ExtendedSSLSession) tlsEngine.getSession(); List<SNIServerName> sniServerNames = tlsSession.getRequestedServerNames();