Search in sources :

Example 1 with SslHandshakeCompletionEvent

use of io.netty.handler.ssl.SslHandshakeCompletionEvent in project rest.li by linkedin.

the class Http2AlpnHandler method userEventTriggered.

@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
    if (evt instanceof SslHandshakeCompletionEvent) {
        SslHandshakeCompletionEvent handshakeEvent = (SslHandshakeCompletionEvent) evt;
        if (handshakeEvent.isSuccess()) {
            LOG.debug("SSL handshake succeeded");
            SslHandler sslHandler = ctx.pipeline().get(SslHandler.class);
            if (sslHandler == null) {
                ctx.fireExceptionCaught(new IllegalStateException("cannot find a SslHandler in the pipeline (required for " + "application-level protocol negotiation)"));
                return;
            }
            String protocol = sslHandler.applicationProtocol();
            if (ApplicationProtocolNames.HTTP_2.equals(protocol)) {
                LOG.debug("HTTP/2 is negotiated");
                // Add HTTP/2 handler
                ctx.pipeline().addAfter("sslHandler", "http2Handler", _http2Handler);
                // Remove handler from pipeline after negotiation is complete
                ctx.pipeline().remove(this);
                _alpnPromise.setSuccess();
            } else {
                LOG.error("Protocol {}, instead of HTTP/2, is negotiated through ALPN", protocol);
                _alpnPromise.setFailure(new IllegalStateException("HTTP/2 ALPN negotiation failed"));
            }
        } else {
            LOG.error("SSL handshake failed", handshakeEvent.cause());
            _alpnPromise.setFailure(handshakeEvent.cause());
        }
    }
    ctx.fireUserEventTriggered(evt);
}
Also used : SslHandshakeCompletionEvent(io.netty.handler.ssl.SslHandshakeCompletionEvent) SslHandler(io.netty.handler.ssl.SslHandler)

Example 2 with SslHandshakeCompletionEvent

use of io.netty.handler.ssl.SslHandshakeCompletionEvent in project reactor-netty by reactor.

the class SslReadHandler method userEventTriggered.

@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
    if (evt instanceof SslHandshakeCompletionEvent) {
        handshakeDone = true;
        if (ctx.pipeline().context(this) != null) {
            ctx.pipeline().remove(this);
        }
        SslHandshakeCompletionEvent handshake = (SslHandshakeCompletionEvent) evt;
        if (handshake.isSuccess()) {
            ctx.fireChannelActive();
        } else {
            sink.fireContextError(handshake.cause());
        }
    }
    super.userEventTriggered(ctx, evt);
}
Also used : SslHandshakeCompletionEvent(io.netty.handler.ssl.SslHandshakeCompletionEvent)

Example 3 with SslHandshakeCompletionEvent

use of io.netty.handler.ssl.SslHandshakeCompletionEvent in project ratpack by ratpack.

the class NettyHandlerAdapter method userEventTriggered.

@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
    if (evt instanceof IdleStateEvent) {
        ConnectionClosureReason.setIdle(ctx.channel());
        ctx.close();
    }
    if (evt instanceof SslHandshakeCompletionEvent && ((SslHandshakeCompletionEvent) evt).isSuccess()) {
        SSLEngine engine = ctx.pipeline().get(SslHandler.class).engine();
        if (engine.getWantClientAuth() || engine.getNeedClientAuth()) {
            try {
                X509Certificate clientCert = engine.getSession().getPeerCertificateChain()[0];
                ctx.channel().attr(CLIENT_CERT_KEY).set(clientCert);
            } catch (SSLPeerUnverifiedException ignore) {
            // ignore - there is no way to avoid this exception that I can determine
            }
        }
    }
    super.userEventTriggered(ctx, evt);
}
Also used : IdleStateEvent(io.netty.handler.timeout.IdleStateEvent) SslHandshakeCompletionEvent(io.netty.handler.ssl.SslHandshakeCompletionEvent) SSLEngine(javax.net.ssl.SSLEngine) SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException) SslHandler(io.netty.handler.ssl.SslHandler) X509Certificate(javax.security.cert.X509Certificate)

Example 4 with SslHandshakeCompletionEvent

use of io.netty.handler.ssl.SslHandshakeCompletionEvent in project redisson by redisson.

the class RedisChannelInitializer method initSsl.

private void initSsl(final RedisClientConfig config, Channel ch) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, SSLException, UnrecoverableKeyException {
    if (!config.getAddress().isSsl()) {
        return;
    }
    io.netty.handler.ssl.SslProvider provided = io.netty.handler.ssl.SslProvider.JDK;
    if (config.getSslProvider() == SslProvider.OPENSSL) {
        provided = io.netty.handler.ssl.SslProvider.OPENSSL;
    }
    SslContextBuilder sslContextBuilder = SslContextBuilder.forClient().sslProvider(provided);
    sslContextBuilder.protocols(config.getSslProtocols());
    if (config.getSslTruststore() != null) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream stream = config.getSslTruststore().openStream();
        try {
            char[] password = null;
            if (config.getSslTruststorePassword() != null) {
                password = config.getSslTruststorePassword().toCharArray();
            }
            keyStore.load(stream, password);
        } finally {
            stream.close();
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        sslContextBuilder.trustManager(trustManagerFactory);
    }
    if (config.getSslKeystore() != null) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream stream = config.getSslKeystore().openStream();
        char[] password = null;
        if (config.getSslKeystorePassword() != null) {
            password = config.getSslKeystorePassword().toCharArray();
        }
        try {
            keyStore.load(stream, password);
        } finally {
            stream.close();
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, password);
        sslContextBuilder.keyManager(keyManagerFactory);
    }
    SSLParameters sslParams = new SSLParameters();
    if (config.isSslEnableEndpointIdentification()) {
        sslParams.setEndpointIdentificationAlgorithm("HTTPS");
    } else {
        if (config.getSslTruststore() == null) {
            sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
        }
    }
    SslContext sslContext = sslContextBuilder.build();
    String hostname = config.getSslHostname();
    if (hostname == null || NetUtil.createByteArrayFromIpAddressString(hostname) != null) {
        hostname = config.getAddress().getHost();
    }
    SSLEngine sslEngine = sslContext.newEngine(ch.alloc(), hostname, config.getAddress().getPort());
    sslEngine.setSSLParameters(sslParams);
    SslHandler sslHandler = new SslHandler(sslEngine);
    ch.pipeline().addLast(sslHandler);
    ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {

        volatile boolean sslInitDone;

        @Override
        public void channelActive(ChannelHandlerContext ctx) throws Exception {
            if (sslInitDone) {
                super.channelActive(ctx);
            }
        }

        @Override
        public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
            if (!sslInitDone && (evt instanceof SslHandshakeCompletionEvent)) {
                SslHandshakeCompletionEvent e = (SslHandshakeCompletionEvent) evt;
                if (e.isSuccess()) {
                    sslInitDone = true;
                    ctx.fireChannelActive();
                } else {
                    RedisConnection connection = RedisConnection.getFrom(ctx.channel());
                    connection.closeAsync();
                    connection.getConnectionPromise().completeExceptionally(e.cause());
                }
            }
            super.userEventTriggered(ctx, evt);
        }
    });
}
Also used : SslHandshakeCompletionEvent(io.netty.handler.ssl.SslHandshakeCompletionEvent) InputStream(java.io.InputStream) ChannelHandlerContext(io.netty.channel.ChannelHandlerContext) javax.net.ssl(javax.net.ssl) KeyStore(java.security.KeyStore) SslHandler(io.netty.handler.ssl.SslHandler) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) SslContextBuilder(io.netty.handler.ssl.SslContextBuilder) InsecureTrustManagerFactory(io.netty.handler.ssl.util.InsecureTrustManagerFactory) SslContext(io.netty.handler.ssl.SslContext) ChannelInboundHandlerAdapter(io.netty.channel.ChannelInboundHandlerAdapter) RedisConnection(org.redisson.client.RedisConnection)

Example 5 with SslHandshakeCompletionEvent

use of io.netty.handler.ssl.SslHandshakeCompletionEvent in project netty by netty.

the class OcspClientHandler method userEventTriggered.

@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
    if (evt instanceof SslHandshakeCompletionEvent) {
        ctx.pipeline().remove(this);
        SslHandshakeCompletionEvent event = (SslHandshakeCompletionEvent) evt;
        if (event.isSuccess() && !verify(ctx, engine)) {
            throw new SSLHandshakeException("Bad OCSP response");
        }
    }
    ctx.fireUserEventTriggered(evt);
}
Also used : SslHandshakeCompletionEvent(io.netty.handler.ssl.SslHandshakeCompletionEvent) SSLHandshakeException(javax.net.ssl.SSLHandshakeException)

Aggregations

SslHandshakeCompletionEvent (io.netty.handler.ssl.SslHandshakeCompletionEvent)17 ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)8 SslHandler (io.netty.handler.ssl.SslHandler)8 ChannelInboundHandlerAdapter (io.netty.channel.ChannelInboundHandlerAdapter)7 Channel (io.netty.channel.Channel)5 Bootstrap (io.netty.bootstrap.Bootstrap)4 ServerBootstrap (io.netty.bootstrap.ServerBootstrap)4 NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)4 NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)4 SslContext (io.netty.handler.ssl.SslContext)4 InetSocketAddress (java.net.InetSocketAddress)4 CountDownLatch (java.util.concurrent.CountDownLatch)4 ChannelFuture (io.netty.channel.ChannelFuture)3 IdleStateEvent (io.netty.handler.timeout.IdleStateEvent)3 ChannelFutureListener (io.netty.channel.ChannelFutureListener)2 ChannelInitializer (io.netty.channel.ChannelInitializer)2 EventLoopGroup (io.netty.channel.EventLoopGroup)2 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)2 NioDatagramChannel (io.netty.channel.socket.nio.NioDatagramChannel)2 ApplicationProtocolConfig (io.netty.handler.ssl.ApplicationProtocolConfig)2