public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundHandler
Channel
. Please refer
to the "SecureChat" example in the distribution or the web
site for the detailed usage.
Beside using the handshake ChannelFuture
to get notified about the completion of the handshake it's
also possible to detect it by implement the
ChannelInboundHandler.userEventTriggered(ChannelHandlerContext, Object)
method and check for a SslHandshakeCompletionEvent
.
The handshake will be automaticly issued for you once the Channel
is active and
SSLEngine.getUseClientMode()
returns true
.
So no need to bother with it by your self.
To close the SSL session, the close()
method should be
called to send the close_notify
message to the remote peer. One
exception is when you close the Channel
- SslHandler
intercepts the close request and send the close_notify
message
before the channel closure automatically. Once the SSL session is closed,
it is not reusable, and consequently you should create a new
SslHandler
with a new SSLEngine
as explained in the
following section.
To restart the SSL session, you must remove the existing closed
SslHandler
from the ChannelPipeline
, insert a new
SslHandler
with a new SSLEngine
into the pipeline,
and start the handshake process as described in the first section.
StartTLS is the communication pattern that secures the wire in the middle of the plaintext connection. Please note that it is different from SSL · TLS, that secures the wire from the beginning of the connection. Typically, StartTLS is composed of three steps:
SslHandler
instance with startTls
flag set
to true
,SslHandler
to the ChannelPipeline
, andSslHandler
before sending
the StartTLS response. Otherwise the client can send begin SSL handshake
before SslHandler
is inserted to the ChannelPipeline
, causing
data corruption.
The client-side implementation is much simpler.
SslHandler
instance with startTls
flag set
to false
,SslHandler
to the ChannelPipeline
, andBecause of a known issue with the current implementation of the SslEngine that comes with Java it may be possible that you see blocked IO-Threads while a full GC is done.
So if you are affected you can workaround this problem by adjust the cache settings like shown below:
SslContext context = ...; context.getServerSessionContext().setSessionCacheSize(someSaneSize); context.getServerSessionContext().setSessionTime(someSameTimeout);
What values to use here depends on the nature of your application and should be set based on monitoring and debugging of it. For more details see #832 in our issue tracker.
Modifier and Type | Class and Description |
---|---|
private class |
SslHandler.LazyChannelPromise |
ByteToMessageDecoder.Cumulator
ChannelHandler.Sharable
Modifier and Type | Field and Description |
---|---|
private static java.nio.channels.ClosedChannelException |
CHANNEL_CLOSED |
private long |
closeNotifyTimeoutMillis |
private ChannelHandlerContext |
ctx |
private java.util.concurrent.Executor |
delegatedTaskExecutor |
private javax.net.ssl.SSLEngine |
engine |
private boolean |
firedChannelRead
This flag is used to determine if we need to call
ChannelHandlerContext.read() to consume more data
when ChannelConfig.isAutoRead() is false . |
private boolean |
flushedBeforeHandshake |
private static javax.net.ssl.SSLException |
HANDSHAKE_TIMED_OUT |
private Promise<Channel> |
handshakePromise |
private long |
handshakeTimeoutMillis |
private static java.util.regex.Pattern |
IGNORABLE_CLASS_IN_STACK |
private static java.util.regex.Pattern |
IGNORABLE_ERROR_MESSAGE |
private static InternalLogger |
logger |
private static int |
MAX_CIPHERTEXT_LENGTH |
private static int |
MAX_COMPRESSED_LENGTH |
(package private) static int |
MAX_ENCRYPTED_PACKET_LENGTH |
(package private) static int |
MAX_ENCRYPTION_OVERHEAD_LENGTH |
private static int |
MAX_PLAINTEXT_LENGTH |
private int |
maxPacketBufferSize |
private boolean |
needsFlush
Set by wrap*() methods when something is produced.
|
private boolean |
outboundClosed |
private int |
packetLength |
private PendingWriteQueue |
pendingUnencryptedWrites |
private boolean |
readDuringHandshake |
private boolean |
sentFirstMessage |
private java.nio.ByteBuffer[] |
singleBuffer
Used if
SSLEngine.wrap(ByteBuffer[], ByteBuffer) and SSLEngine.unwrap(ByteBuffer, ByteBuffer[])
should be called with a ByteBuf that is only backed by one ByteBuffer to reduce the object
creation. |
private SslHandler.LazyChannelPromise |
sslCloseFuture |
private static javax.net.ssl.SSLException |
SSLENGINE_CLOSED
Used in
unwrapNonAppData(ChannelHandlerContext) as input for
unwrap(ChannelHandlerContext, ByteBuf, int, int) . |
private boolean |
startTls |
private boolean |
wantsDirectBuffer
true if and only if SSLEngine expects a direct buffer. |
private boolean |
wantsLargeOutboundNetworkBuffer
true if and only if SSLEngine.wrap(ByteBuffer, ByteBuffer) requires the output buffer
to be always as large as maxPacketBufferSize even if the input buffer contains small amount of data. |
COMPOSITE_CUMULATOR, MERGE_CUMULATOR
Constructor and Description |
---|
SslHandler(javax.net.ssl.SSLEngine engine)
Creates a new instance.
|
SslHandler(javax.net.ssl.SSLEngine engine,
boolean startTls)
Creates a new instance.
|
SslHandler(javax.net.ssl.SSLEngine engine,
boolean startTls,
java.util.concurrent.Executor delegatedTaskExecutor)
Deprecated.
Use
SslHandler(SSLEngine, boolean) instead. |
SslHandler(javax.net.ssl.SSLEngine engine,
java.util.concurrent.Executor delegatedTaskExecutor)
Deprecated.
Use
SslHandler(SSLEngine) instead. |
Modifier and Type | Method and Description |
---|---|
private static void |
addCloseListener(ChannelFuture future,
ChannelPromise promise) |
private ByteBuf |
allocate(ChannelHandlerContext ctx,
int capacity)
Always prefer a direct buffer when it's pooled, so that we reduce the number of memory copies
in
OpenSslEngine . |
private ByteBuf |
allocateOutNetBuf(ChannelHandlerContext ctx,
int pendingBytes)
Allocates an outbound network buffer for
SSLEngine.wrap(ByteBuffer, ByteBuffer) which can encrypt
the specified amount of pending bytes. |
java.lang.String |
applicationProtocol()
Returns the name of the current application-level protocol.
|
void |
bind(ChannelHandlerContext ctx,
java.net.SocketAddress localAddress,
ChannelPromise promise)
Called once a bind operation is made.
|
void |
channelActive(ChannelHandlerContext ctx)
Issues an initial TLS handshake once connected when used in client-mode
|
void |
channelInactive(ChannelHandlerContext ctx)
Calls
ChannelHandlerContext.fireChannelInactive() to forward
to the next ChannelInboundHandler in the ChannelPipeline . |
void |
channelReadComplete(ChannelHandlerContext ctx)
Calls
ChannelHandlerContext.fireChannelReadComplete() to forward
to the next ChannelInboundHandler in the ChannelPipeline . |
ChannelFuture |
close()
Sends an SSL
close_notify message to the specified channel and
destroys the underlying SSLEngine . |
void |
close(ChannelHandlerContext ctx,
ChannelPromise promise)
Called once a close operation is made.
|
ChannelFuture |
close(ChannelPromise promise)
See
close() |
private void |
closeOutboundAndChannel(ChannelHandlerContext ctx,
ChannelPromise promise,
boolean disconnect) |
void |
connect(ChannelHandlerContext ctx,
java.net.SocketAddress remoteAddress,
java.net.SocketAddress localAddress,
ChannelPromise promise)
Called once a connect operation is made.
|
protected void |
decode(ChannelHandlerContext ctx,
ByteBuf in,
java.util.List<java.lang.Object> out)
Decode the from one
ByteBuf to an other. |
void |
deregister(ChannelHandlerContext ctx,
ChannelPromise promise)
Called once a deregister operation is made from the current registered
EventLoop . |
void |
disconnect(ChannelHandlerContext ctx,
ChannelPromise promise)
Called once a disconnect operation is made.
|
javax.net.ssl.SSLEngine |
engine()
Returns the
SSLEngine which is used by this handler. |
void |
exceptionCaught(ChannelHandlerContext ctx,
java.lang.Throwable cause)
Calls
ChannelHandlerContext.fireExceptionCaught(Throwable) to forward
to the next ChannelHandler in the ChannelPipeline . |
private void |
finishWrap(ChannelHandlerContext ctx,
ByteBuf out,
ChannelPromise promise,
boolean inUnwrap,
boolean needUnwrap) |
void |
flush(ChannelHandlerContext ctx)
Called once a flush operation is made.
|
private void |
flush(ChannelHandlerContext ctx,
ChannelPromise promise) |
private void |
flushIfNeeded(ChannelHandlerContext ctx) |
long |
getCloseNotifyTimeoutMillis() |
long |
getHandshakeTimeoutMillis() |
void |
handlerAdded(ChannelHandlerContext ctx)
Do nothing by default, sub-classes may override this method.
|
void |
handlerRemoved0(ChannelHandlerContext ctx)
Gets called after the
ByteToMessageDecoder was removed from the actual context and it doesn't handle
events anymore. |
private void |
handshake(Promise<Channel> newHandshakePromise)
Performs TLS (re)negotiation.
|
Future<Channel> |
handshakeFuture()
Returns a
Future that will get notified once the current TLS handshake completes. |
private boolean |
ignoreException(java.lang.Throwable t)
Checks if the given
Throwable can be ignore and just "swallowed"
When an ssl connection is closed a close_notify message is sent. |
static boolean |
isEncrypted(ByteBuf buffer)
Returns
true if the given ByteBuf is encrypted. |
private void |
notifyHandshakeFailure(java.lang.Throwable cause) |
void |
read(ChannelHandlerContext ctx)
Intercepts
ChannelHandlerContext.read() . |
private void |
readIfNeeded(ChannelHandlerContext ctx) |
Future<Channel> |
renegotiate()
Performs TLS renegotiation.
|
Future<Channel> |
renegotiate(Promise<Channel> promise)
Performs TLS renegotiation.
|
private void |
runDelegatedTasks()
Fetches all delegated tasks from the
SSLEngine and runs them via the delegatedTaskExecutor . |
private void |
safeClose(ChannelHandlerContext ctx,
ChannelFuture flushFuture,
ChannelPromise promise) |
void |
setCloseNotifyTimeout(long closeNotifyTimeout,
java.util.concurrent.TimeUnit unit) |
void |
setCloseNotifyTimeoutMillis(long closeNotifyTimeoutMillis) |
private void |
setHandshakeFailure(ChannelHandlerContext ctx,
java.lang.Throwable cause)
Notify all the handshake futures about the failure during the handshake.
|
private void |
setHandshakeFailure(ChannelHandlerContext ctx,
java.lang.Throwable cause,
boolean closeInbound)
Notify all the handshake futures about the failure during the handshake.
|
private void |
setHandshakeSuccess()
Notify all the handshake futures about the successfully handshake
|
private boolean |
setHandshakeSuccessIfStillHandshaking()
Works around some Android
SSLEngine implementations that skip SSLEngineResult.HandshakeStatus.FINISHED and
go straight into SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING when handshake is finished. |
void |
setHandshakeTimeout(long handshakeTimeout,
java.util.concurrent.TimeUnit unit) |
void |
setHandshakeTimeoutMillis(long handshakeTimeoutMillis) |
Future<Channel> |
sslCloseFuture()
Return the
Future that will get notified if the inbound of the SSLEngine is closed. |
private static java.nio.ByteBuffer |
toByteBuffer(ByteBuf out,
int index,
int len) |
private boolean |
unwrap(ChannelHandlerContext ctx,
ByteBuf packet,
int offset,
int length)
Unwraps inbound SSL records.
|
private javax.net.ssl.SSLEngineResult |
unwrap(javax.net.ssl.SSLEngine engine,
ByteBuf in,
int readerIndex,
int len,
ByteBuf out) |
private void |
unwrapNonAppData(ChannelHandlerContext ctx)
Calls
SSLEngine.unwrap(ByteBuffer, ByteBuffer) with an empty buffer to handle handshakes, etc. |
private javax.net.ssl.SSLEngineResult |
wrap(ByteBufAllocator alloc,
javax.net.ssl.SSLEngine engine,
ByteBuf in,
ByteBuf out) |
private void |
wrap(ChannelHandlerContext ctx,
boolean inUnwrap) |
private void |
wrapNonAppData(ChannelHandlerContext ctx,
boolean inUnwrap) |
void |
write(ChannelHandlerContext ctx,
java.lang.Object msg,
ChannelPromise promise)
Called once a write operation is made.
|
actualReadableBytes, callDecode, channelRead, decodeLast, discardSomeReadBytes, handlerRemoved, internalBuffer, isSingleDecode, setCumulator, setDiscardAfterReads, setSingleDecode, userEventTriggered
channelRegistered, channelUnregistered, channelWritabilityChanged
isSharable
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
handlerRemoved
private static final int MAX_PLAINTEXT_LENGTH
private static final int MAX_COMPRESSED_LENGTH
private static final int MAX_CIPHERTEXT_LENGTH
static final int MAX_ENCRYPTED_PACKET_LENGTH
static final int MAX_ENCRYPTION_OVERHEAD_LENGTH
private static final InternalLogger logger
private static final java.util.regex.Pattern IGNORABLE_CLASS_IN_STACK
private static final java.util.regex.Pattern IGNORABLE_ERROR_MESSAGE
private static final javax.net.ssl.SSLException SSLENGINE_CLOSED
unwrapNonAppData(ChannelHandlerContext)
as input for
unwrap(ChannelHandlerContext, ByteBuf, int, int)
. Using this static instance reduce object
creation as Unpooled#EMPTY_BUFFER#nioBuffer()
creates a new ByteBuffer
everytime.private static final javax.net.ssl.SSLException HANDSHAKE_TIMED_OUT
private static final java.nio.channels.ClosedChannelException CHANNEL_CLOSED
private volatile ChannelHandlerContext ctx
private final javax.net.ssl.SSLEngine engine
private final int maxPacketBufferSize
private final java.util.concurrent.Executor delegatedTaskExecutor
private final java.nio.ByteBuffer[] singleBuffer
SSLEngine.wrap(ByteBuffer[], ByteBuffer)
and SSLEngine.unwrap(ByteBuffer, ByteBuffer[])
should be called with a ByteBuf
that is only backed by one ByteBuffer
to reduce the object
creation.private final boolean wantsDirectBuffer
true
if and only if SSLEngine
expects a direct buffer.private final boolean wantsLargeOutboundNetworkBuffer
true
if and only if SSLEngine.wrap(ByteBuffer, ByteBuffer)
requires the output buffer
to be always as large as maxPacketBufferSize
even if the input buffer contains small amount of data.
If this flag is false
, we allocate a smaller output buffer.
private final boolean startTls
private boolean sentFirstMessage
private boolean flushedBeforeHandshake
private boolean readDuringHandshake
private PendingWriteQueue pendingUnencryptedWrites
private final SslHandler.LazyChannelPromise sslCloseFuture
private boolean needsFlush
channelReadComplete(ChannelHandlerContext)
will check this flag, clear it, and call ctx.flush().private boolean outboundClosed
private int packetLength
private boolean firedChannelRead
ChannelHandlerContext.read()
to consume more data
when ChannelConfig.isAutoRead()
is false
.private volatile long handshakeTimeoutMillis
private volatile long closeNotifyTimeoutMillis
public SslHandler(javax.net.ssl.SSLEngine engine)
engine
- the SSLEngine
this handler will usepublic SslHandler(javax.net.ssl.SSLEngine engine, boolean startTls)
engine
- the SSLEngine
this handler will usestartTls
- true
if the first write request shouldn't be
encrypted by the SSLEngine
@Deprecated public SslHandler(javax.net.ssl.SSLEngine engine, java.util.concurrent.Executor delegatedTaskExecutor)
SslHandler(SSLEngine)
instead.@Deprecated public SslHandler(javax.net.ssl.SSLEngine engine, boolean startTls, java.util.concurrent.Executor delegatedTaskExecutor)
SslHandler(SSLEngine, boolean)
instead.public long getHandshakeTimeoutMillis()
public void setHandshakeTimeout(long handshakeTimeout, java.util.concurrent.TimeUnit unit)
public void setHandshakeTimeoutMillis(long handshakeTimeoutMillis)
public long getCloseNotifyTimeoutMillis()
public void setCloseNotifyTimeout(long closeNotifyTimeout, java.util.concurrent.TimeUnit unit)
public void setCloseNotifyTimeoutMillis(long closeNotifyTimeoutMillis)
public javax.net.ssl.SSLEngine engine()
SSLEngine
which is used by this handler.public java.lang.String applicationProtocol()
null
if application-level protocol has not been negotiatedpublic Future<Channel> handshakeFuture()
Future
that will get notified once the current TLS handshake completes.Future
for the iniital TLS handshake if renegotiate()
was not invoked.
The Future
for the most recent TLS renegotiation otherwise.public ChannelFuture close()
close_notify
message to the specified channel and
destroys the underlying SSLEngine
.public ChannelFuture close(ChannelPromise promise)
close()
public Future<Channel> sslCloseFuture()
Future
that will get notified if the inbound of the SSLEngine
is closed.
This method will return the same Future
all the time.SSLEngine
public void handlerRemoved0(ChannelHandlerContext ctx) throws java.lang.Exception
ByteToMessageDecoder
ByteToMessageDecoder
was removed from the actual context and it doesn't handle
events anymore.handlerRemoved0
in class ByteToMessageDecoder
java.lang.Exception
public void bind(ChannelHandlerContext ctx, java.net.SocketAddress localAddress, ChannelPromise promise) throws java.lang.Exception
ChannelOutboundHandler
bind
in interface ChannelOutboundHandler
ctx
- the ChannelHandlerContext
for which the bind operation is madelocalAddress
- the SocketAddress
to which it should boundpromise
- the ChannelPromise
to notify once the operation completesjava.lang.Exception
- thrown if an error accourpublic void connect(ChannelHandlerContext ctx, java.net.SocketAddress remoteAddress, java.net.SocketAddress localAddress, ChannelPromise promise) throws java.lang.Exception
ChannelOutboundHandler
connect
in interface ChannelOutboundHandler
ctx
- the ChannelHandlerContext
for which the connect operation is maderemoteAddress
- the SocketAddress
to which it should connectlocalAddress
- the SocketAddress
which is used as source on connectpromise
- the ChannelPromise
to notify once the operation completesjava.lang.Exception
- thrown if an error accourpublic void deregister(ChannelHandlerContext ctx, ChannelPromise promise) throws java.lang.Exception
ChannelOutboundHandler
EventLoop
.deregister
in interface ChannelOutboundHandler
ctx
- the ChannelHandlerContext
for which the close operation is madepromise
- the ChannelPromise
to notify once the operation completesjava.lang.Exception
- thrown if an error accourpublic void disconnect(ChannelHandlerContext ctx, ChannelPromise promise) throws java.lang.Exception
ChannelOutboundHandler
disconnect
in interface ChannelOutboundHandler
ctx
- the ChannelHandlerContext
for which the disconnect operation is madepromise
- the ChannelPromise
to notify once the operation completesjava.lang.Exception
- thrown if an error accourpublic void close(ChannelHandlerContext ctx, ChannelPromise promise) throws java.lang.Exception
ChannelOutboundHandler
close
in interface ChannelOutboundHandler
ctx
- the ChannelHandlerContext
for which the close operation is madepromise
- the ChannelPromise
to notify once the operation completesjava.lang.Exception
- thrown if an error accourpublic void read(ChannelHandlerContext ctx) throws java.lang.Exception
ChannelOutboundHandler
ChannelHandlerContext.read()
.read
in interface ChannelOutboundHandler
java.lang.Exception
public void write(ChannelHandlerContext ctx, java.lang.Object msg, ChannelPromise promise) throws java.lang.Exception
ChannelOutboundHandler
ChannelPipeline
. Those are then ready to be flushed to the actual Channel
once
Channel.flush()
is calledwrite
in interface ChannelOutboundHandler
ctx
- the ChannelHandlerContext
for which the write operation is mademsg
- the message to writepromise
- the ChannelPromise
to notify once the operation completesjava.lang.Exception
- thrown if an error accourpublic void flush(ChannelHandlerContext ctx) throws java.lang.Exception
ChannelOutboundHandler
flush
in interface ChannelOutboundHandler
ctx
- the ChannelHandlerContext
for which the flush operation is madejava.lang.Exception
- thrown if an error accourprivate void wrap(ChannelHandlerContext ctx, boolean inUnwrap) throws javax.net.ssl.SSLException
javax.net.ssl.SSLException
private void finishWrap(ChannelHandlerContext ctx, ByteBuf out, ChannelPromise promise, boolean inUnwrap, boolean needUnwrap)
private void wrapNonAppData(ChannelHandlerContext ctx, boolean inUnwrap) throws javax.net.ssl.SSLException
javax.net.ssl.SSLException
private javax.net.ssl.SSLEngineResult wrap(ByteBufAllocator alloc, javax.net.ssl.SSLEngine engine, ByteBuf in, ByteBuf out) throws javax.net.ssl.SSLException
javax.net.ssl.SSLException
public void channelInactive(ChannelHandlerContext ctx) throws java.lang.Exception
ChannelInboundHandlerAdapter
ChannelHandlerContext.fireChannelInactive()
to forward
to the next ChannelInboundHandler
in the ChannelPipeline
.
Sub-classes may override this method to change behavior.channelInactive
in interface ChannelInboundHandler
channelInactive
in class ByteToMessageDecoder
java.lang.Exception
public void exceptionCaught(ChannelHandlerContext ctx, java.lang.Throwable cause) throws java.lang.Exception
ChannelInboundHandlerAdapter
ChannelHandlerContext.fireExceptionCaught(Throwable)
to forward
to the next ChannelHandler
in the ChannelPipeline
.
Sub-classes may override this method to change behavior.exceptionCaught
in interface ChannelHandler
exceptionCaught
in interface ChannelInboundHandler
exceptionCaught
in class ChannelInboundHandlerAdapter
java.lang.Exception
private boolean ignoreException(java.lang.Throwable t)
Throwable
can be ignore and just "swallowed"
When an ssl connection is closed a close_notify message is sent.
After that the peer also sends close_notify however, it's not mandatory to receive
the close_notify. The party who sent the initial close_notify can close the connection immediately
then the peer will get connection reset error.public static boolean isEncrypted(ByteBuf buffer)
true
if the given ByteBuf
is encrypted. Be aware that this method
will not increase the readerIndex of the given ByteBuf
.buffer
- The ByteBuf
to read from. Be aware that it must have at least 5 bytes to read,
otherwise it will throw an IllegalArgumentException
.true
if the ByteBuf
is encrypted, false
otherwise.java.lang.IllegalArgumentException
- Is thrown if the given ByteBuf
has not at least 5 bytes to read.protected void decode(ChannelHandlerContext ctx, ByteBuf in, java.util.List<java.lang.Object> out) throws javax.net.ssl.SSLException
ByteToMessageDecoder
ByteBuf
to an other. This method will be called till either the input
ByteBuf
has nothing to read when return from this method or till nothing was read from the input
ByteBuf
.decode
in class ByteToMessageDecoder
ctx
- the ChannelHandlerContext
which this ByteToMessageDecoder
belongs toin
- the ByteBuf
from which to read dataout
- the List
to which decoded messages should be addedjavax.net.ssl.SSLException
public void channelReadComplete(ChannelHandlerContext ctx) throws java.lang.Exception
ChannelInboundHandlerAdapter
ChannelHandlerContext.fireChannelReadComplete()
to forward
to the next ChannelInboundHandler
in the ChannelPipeline
.
Sub-classes may override this method to change behavior.channelReadComplete
in interface ChannelInboundHandler
channelReadComplete
in class ByteToMessageDecoder
java.lang.Exception
private void readIfNeeded(ChannelHandlerContext ctx)
private void flushIfNeeded(ChannelHandlerContext ctx)
private void unwrapNonAppData(ChannelHandlerContext ctx) throws javax.net.ssl.SSLException
SSLEngine.unwrap(ByteBuffer, ByteBuffer)
with an empty buffer to handle handshakes, etc.javax.net.ssl.SSLException
private boolean unwrap(ChannelHandlerContext ctx, ByteBuf packet, int offset, int length) throws javax.net.ssl.SSLException
javax.net.ssl.SSLException
private javax.net.ssl.SSLEngineResult unwrap(javax.net.ssl.SSLEngine engine, ByteBuf in, int readerIndex, int len, ByteBuf out) throws javax.net.ssl.SSLException
javax.net.ssl.SSLException
private static java.nio.ByteBuffer toByteBuffer(ByteBuf out, int index, int len)
private void runDelegatedTasks()
SSLEngine
and runs them via the delegatedTaskExecutor
.
If the delegatedTaskExecutor
is ImmediateExecutor
, just call Runnable.run()
directly
instead of using Executor.execute(Runnable)
. Otherwise, run the tasks via
the delegatedTaskExecutor
and wait until the tasks are finished.private boolean setHandshakeSuccessIfStillHandshaking()
SSLEngine
implementations that skip SSLEngineResult.HandshakeStatus.FINISHED
and
go straight into SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING
when handshake is finished.true
if and only if the workaround has been applied and thus handshakeFuture()
has been
marked as success by this methodprivate void setHandshakeSuccess()
private void setHandshakeFailure(ChannelHandlerContext ctx, java.lang.Throwable cause)
private void setHandshakeFailure(ChannelHandlerContext ctx, java.lang.Throwable cause, boolean closeInbound)
private void notifyHandshakeFailure(java.lang.Throwable cause)
private void closeOutboundAndChannel(ChannelHandlerContext ctx, ChannelPromise promise, boolean disconnect) throws java.lang.Exception
java.lang.Exception
private void flush(ChannelHandlerContext ctx, ChannelPromise promise) throws java.lang.Exception
java.lang.Exception
public void handlerAdded(ChannelHandlerContext ctx) throws java.lang.Exception
ChannelHandlerAdapter
handlerAdded
in interface ChannelHandler
handlerAdded
in class ChannelHandlerAdapter
java.lang.Exception
public Future<Channel> renegotiate(Promise<Channel> promise)
private void handshake(Promise<Channel> newHandshakePromise)
newHandshakePromise
- if null
, use the existing handshakePromise
,
assuming that the current negotiation has not been finished.
Currently, null
is expected only for the initial handshake.public void channelActive(ChannelHandlerContext ctx) throws java.lang.Exception
channelActive
in interface ChannelInboundHandler
channelActive
in class ChannelInboundHandlerAdapter
java.lang.Exception
private void safeClose(ChannelHandlerContext ctx, ChannelFuture flushFuture, ChannelPromise promise)
private static void addCloseListener(ChannelFuture future, ChannelPromise promise)
private ByteBuf allocate(ChannelHandlerContext ctx, int capacity)
OpenSslEngine
.private ByteBuf allocateOutNetBuf(ChannelHandlerContext ctx, int pendingBytes)
SSLEngine.wrap(ByteBuffer, ByteBuffer)
which can encrypt
the specified amount of pending bytes.