Examples of org.jboss.netty.handler.ssl.SslHandler

• org.jboss.netty.handler.ssl.SslHandler
  kipedia.org/wiki/Transport_Layer_Security">SSL · TLS and StartTLS support to a {@link Channel}. Please refer to the "SecureChat" example in the distribution or the web site for the detailed usage.

  Beginning the handshake

  A user should make sure not to write a message while the {@linkplain #handshake(Channel) handshake} is in progress unless it is arenegotiation. You will be notified by the {@link ChannelFuture} which isreturned by the {@link #handshake(Channel)} method when the handshakeprocess succeeds or fails.

  Renegotiation

  Once the initial handshake is done successfully. You can always call {@link #handshake(Channel)} again to renegotiate the SSL session parameters.

  Closing the session

  To close the SSL session, the {@link #close(Channel)} method should becalled to send the {@code close_notify} message to the remote peer. Oneexception is when you close the {@link Channel} - {@link SslHandler}intercepts the close request and send the {@code close_notify} messagebefore the channel closure automatically. Once the SSL session is closed, it is not reusable, and consequently you should create a new {@link SslHandler} with a new {@link SSLEngine} as explained in thefollowing section.

  Restarting the session

  To restart the SSL session, you must remove the existing closed {@link SslHandler} from the {@link ChannelPipeline}, insert a new {@link SslHandler} with a new {@link SSLEngine} into the pipeline,and start the handshake process as described in the first section. @author The Netty Project (netty-dev@lists.jboss.org) @author Trustin Lee (tlee@redhat.com) @version $Rev: 981 $, $Date: 2009-03-04 23:11:54 +0900 (Wed, 04 Mar 2009) $ @apiviz.landmark @apiviz.uses org.jboss.netty.handler.ssl.SslBufferPool

               engine.setUseClientMode(false);

               if (needClientAuth)
                  engine.setNeedClientAuth(true);

               SslHandler handler = new SslHandler(engine);

               handlers.put("ssl", handler);
            }

            if (httpEnabled)
            {
               handlers.put("http-decoder", new HttpRequestDecoder());

               handlers.put("http-aggregator", new HttpChunkAggregator(Integer.MAX_VALUE));

               handlers.put("http-encoder", new HttpResponseEncoder());

               httpHandler = new HttpAcceptorHandler(httpKeepAliveRunnable, httpResponseTime);
               handlers.put("http-handler", httpHandler);
            }

            if (protocol == ProtocolType.CORE)
            {
               // Core protocol uses its own optimised decoder

               handlers.put("hornetq-decoder", new HornetQFrameDecoder2());
            }
            else if (protocol == ProtocolType.STOMP_WS)
            {
               handlers.put("http-decoder", new HttpRequestDecoder());
               handlers.put("http-aggregator", new HttpChunkAggregator(65536));
               handlers.put("http-encoder", new HttpResponseEncoder());
               handlers.put("hornetq-decoder", new HornetQFrameDecoder(decoder));
               handlers.put("websocket-handler", new WebSocketServerHandler());
            }
            else if (protocol == ProtocolType.STOMP || protocol == ProtocolType.AMQP)
            {
               //With STOMP & AMQP the decoding is handled in the StompFrame class
            }
            else
            {
               handlers.put("hornetq-decoder", new HornetQFrameDecoder(decoder));
            }

            handlers.put("handler", new HornetQServerChannelHandler(channelGroup, handler, new Listener()));

            /**
             * STOMP_WS protocol mandates use of named handlers to be able to replace http codecs
             * by websocket codecs after handshake.
             * Other protocols can use a faster static channel pipeline directly.
             */
            ChannelPipeline pipeline;
            if (protocol == ProtocolType.STOMP_WS)
            {
               pipeline = new DefaultChannelPipeline();
               for (Entry<String, ChannelHandler> handler : handlers.entrySet())
               {
                  pipeline.addLast(handler.getKey(), handler.getValue());
               }
            }
            else
            {
               pipeline = Channels.pipeline(handlers.values().toArray(new ChannelHandler[handlers.size()]));

         NettyConnection nc = new NettyConnection(configuration, e.getChannel(), connectionListener, !httpEnabled && batchDelay > 0, directDeliver);

         connectionListener.connectionCreated(NettyAcceptor.this, nc, ProtocolType.CORE);

         SslHandler sslHandler = ctx.getPipeline().get(SslHandler.class);
         if (sslHandler != null)
         {
            sslHandler.handshake().addListener(new ChannelFutureListener()
            {
               public void operationComplete(final ChannelFuture future) throws Exception
               {
                  if (future.isSuccess())
                  {

               engine.setUseClientMode(true);

               engine.setWantClientAuth(true);

               SslHandler handler = new SslHandler(engine);

               handlers.add(handler);
            }

            if (httpEnabled)

      future.awaitUninterruptibly();

      if (future.isSuccess())
      {
         final Channel ch = future.getChannel();
         SslHandler sslHandler = ch.getPipeline().get(SslHandler.class);
         if (sslHandler != null)
         {
            ChannelFuture handshakeFuture = sslHandler.handshake();
            handshakeFuture.awaitUninterruptibly();
            if (handshakeFuture.isSuccess())
            {
               ch.getPipeline().get(HornetQChannelHandler.class).active = true;
            }

        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, new TrustManager[]{new BogusTrustManager()},
                        null);
        SSLEngine sslEngine = sslContext.createSSLEngine();
        sslEngine.setUseClientMode(true);
        pipeline.addFirst("ssl", new SslHandler(sslEngine));
        return super.newChannel(pipeline);
      } catch (Exception ex) {
        throw new RuntimeException("Cannot create SSL channel", ex);
      }
    }

    @Override
    public ChannelPipeline getPipeline() throws Exception {
      ChannelPipeline pipeline = Channels.pipeline();
      SSLEngine sslEngine = createServerSSLContext().createSSLEngine();
      sslEngine.setUseClientMode(false);
      pipeline.addLast("ssl", new SslHandler(sslEngine));
      return pipeline;
    }

    public ChannelPipeline getPipeline() throws Exception {
        // create a new pipeline
        ChannelPipeline channelPipeline = Channels.pipeline();

        SslHandler sslHandler = configureClientSSLOnDemand();
        if (sslHandler != null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Client SSL handler configured and added to the ChannelPipeline");
            }
            channelPipeline.addLast("ssl", sslHandler);

                producer.getConfiguration().getSecurityProvider(),
                producer.getConfiguration().getKeyStoreFile(),
                producer.getConfiguration().getTrustStoreFile(),
                producer.getConfiguration().getPassphrase().toCharArray());
            SSLEngine sslEngine = sslEngineFactory.createClientSSLEngine();
            return new SslHandler(sslEngine);
        }
    }

    }

    public ChannelPipeline getPipeline() throws Exception {
        ChannelPipeline channelPipeline = Channels.pipeline();

        SslHandler sslHandler = configureServerSSLOnDemand();
        if (sslHandler != null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Server SSL handler configured and added as an interceptor against the ChannelPipeline");
            }
            channelPipeline.addLast("ssl", sslHandler);

                consumer.getConfiguration().getSecurityProvider(),
                consumer.getConfiguration().getKeyStoreFile(),
                consumer.getConfiguration().getTrustStoreFile(),
                consumer.getConfiguration().getPassphrase().toCharArray());
            SSLEngine sslEngine = sslEngineFactory.createServerSSLEngine();
            return new SslHandler(sslEngine);
        }
    }