use of io.netty.handler.ssl.SslHandshakeCompletionEvent in project rest.li by linkedin.
the class Http2AlpnHandler method userEventTriggered.
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
if (evt instanceof SslHandshakeCompletionEvent) {
SslHandshakeCompletionEvent handshakeEvent = (SslHandshakeCompletionEvent) evt;
if (handshakeEvent.isSuccess()) {
LOG.debug("SSL handshake succeeded");
SslHandler sslHandler = ctx.pipeline().get(SslHandler.class);
if (sslHandler == null) {
ctx.fireExceptionCaught(new IllegalStateException("cannot find a SslHandler in the pipeline (required for " + "application-level protocol negotiation)"));
return;
}
String protocol = sslHandler.applicationProtocol();
if (ApplicationProtocolNames.HTTP_2.equals(protocol)) {
LOG.debug("HTTP/2 is negotiated");
// Add HTTP/2 handler
ctx.pipeline().addAfter("sslHandler", "http2Handler", _http2Handler);
// Remove handler from pipeline after negotiation is complete
ctx.pipeline().remove(this);
_alpnPromise.setSuccess();
} else {
LOG.error("Protocol {}, instead of HTTP/2, is negotiated through ALPN", protocol);
_alpnPromise.setFailure(new IllegalStateException("HTTP/2 ALPN negotiation failed"));
}
} else {
LOG.error("SSL handshake failed", handshakeEvent.cause());
_alpnPromise.setFailure(handshakeEvent.cause());
}
}
ctx.fireUserEventTriggered(evt);
}
use of io.netty.handler.ssl.SslHandshakeCompletionEvent in project reactor-netty by reactor.
the class SslReadHandler method userEventTriggered.
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
if (evt instanceof SslHandshakeCompletionEvent) {
handshakeDone = true;
if (ctx.pipeline().context(this) != null) {
ctx.pipeline().remove(this);
}
SslHandshakeCompletionEvent handshake = (SslHandshakeCompletionEvent) evt;
if (handshake.isSuccess()) {
ctx.fireChannelActive();
} else {
sink.fireContextError(handshake.cause());
}
}
super.userEventTriggered(ctx, evt);
}
use of io.netty.handler.ssl.SslHandshakeCompletionEvent in project ratpack by ratpack.
the class NettyHandlerAdapter method userEventTriggered.
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
if (evt instanceof IdleStateEvent) {
ConnectionClosureReason.setIdle(ctx.channel());
ctx.close();
}
if (evt instanceof SslHandshakeCompletionEvent && ((SslHandshakeCompletionEvent) evt).isSuccess()) {
SSLEngine engine = ctx.pipeline().get(SslHandler.class).engine();
if (engine.getWantClientAuth() || engine.getNeedClientAuth()) {
try {
X509Certificate clientCert = engine.getSession().getPeerCertificateChain()[0];
ctx.channel().attr(CLIENT_CERT_KEY).set(clientCert);
} catch (SSLPeerUnverifiedException ignore) {
// ignore - there is no way to avoid this exception that I can determine
}
}
}
super.userEventTriggered(ctx, evt);
}
use of io.netty.handler.ssl.SslHandshakeCompletionEvent in project redisson by redisson.
the class RedisChannelInitializer method initSsl.
private void initSsl(final RedisClientConfig config, Channel ch) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, SSLException, UnrecoverableKeyException {
if (!config.getAddress().isSsl()) {
return;
}
io.netty.handler.ssl.SslProvider provided = io.netty.handler.ssl.SslProvider.JDK;
if (config.getSslProvider() == SslProvider.OPENSSL) {
provided = io.netty.handler.ssl.SslProvider.OPENSSL;
}
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient().sslProvider(provided);
sslContextBuilder.protocols(config.getSslProtocols());
if (config.getSslTruststore() != null) {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream stream = config.getSslTruststore().openStream();
try {
char[] password = null;
if (config.getSslTruststorePassword() != null) {
password = config.getSslTruststorePassword().toCharArray();
}
keyStore.load(stream, password);
} finally {
stream.close();
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
sslContextBuilder.trustManager(trustManagerFactory);
}
if (config.getSslKeystore() != null) {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream stream = config.getSslKeystore().openStream();
char[] password = null;
if (config.getSslKeystorePassword() != null) {
password = config.getSslKeystorePassword().toCharArray();
}
try {
keyStore.load(stream, password);
} finally {
stream.close();
}
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, password);
sslContextBuilder.keyManager(keyManagerFactory);
}
SSLParameters sslParams = new SSLParameters();
if (config.isSslEnableEndpointIdentification()) {
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
} else {
if (config.getSslTruststore() == null) {
sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
}
}
SslContext sslContext = sslContextBuilder.build();
String hostname = config.getSslHostname();
if (hostname == null || NetUtil.createByteArrayFromIpAddressString(hostname) != null) {
hostname = config.getAddress().getHost();
}
SSLEngine sslEngine = sslContext.newEngine(ch.alloc(), hostname, config.getAddress().getPort());
sslEngine.setSSLParameters(sslParams);
SslHandler sslHandler = new SslHandler(sslEngine);
ch.pipeline().addLast(sslHandler);
ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {
volatile boolean sslInitDone;
@Override
public void channelActive(ChannelHandlerContext ctx) throws Exception {
if (sslInitDone) {
super.channelActive(ctx);
}
}
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
if (!sslInitDone && (evt instanceof SslHandshakeCompletionEvent)) {
SslHandshakeCompletionEvent e = (SslHandshakeCompletionEvent) evt;
if (e.isSuccess()) {
sslInitDone = true;
ctx.fireChannelActive();
} else {
RedisConnection connection = RedisConnection.getFrom(ctx.channel());
connection.closeAsync();
connection.getConnectionPromise().completeExceptionally(e.cause());
}
}
super.userEventTriggered(ctx, evt);
}
});
}
use of io.netty.handler.ssl.SslHandshakeCompletionEvent in project netty by netty.
the class OcspClientHandler method userEventTriggered.
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
if (evt instanceof SslHandshakeCompletionEvent) {
ctx.pipeline().remove(this);
SslHandshakeCompletionEvent event = (SslHandshakeCompletionEvent) evt;
if (event.isSuccess() && !verify(ctx, engine)) {
throw new SSLHandshakeException("Bad OCSP response");
}
}
ctx.fireUserEventTriggered(evt);
}
Aggregations