View Javadoc
1   /*
2    * Copyright 2017 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.handler.ssl.ocsp;
17  
18  import io.netty.channel.ChannelHandlerContext;
19  import io.netty.channel.ChannelInboundHandlerAdapter;
20  import io.netty.handler.ssl.ReferenceCountedOpenSslContext;
21  import io.netty.handler.ssl.ReferenceCountedOpenSslEngine;
22  import io.netty.handler.ssl.SslHandshakeCompletionEvent;
23  import io.netty.util.internal.ObjectUtil;
24  import io.netty.util.internal.ThrowableUtil;
25  import io.netty.util.internal.UnstableApi;
26  
27  import javax.net.ssl.SSLHandshakeException;
28  
29  /**
30   * A handler for SSL clients to handle and act upon stapled OCSP responses.
31   *
32   * @see ReferenceCountedOpenSslContext#enableOcsp()
33   * @see ReferenceCountedOpenSslEngine#getOcspResponse()
34   */
35  @UnstableApi
36  public abstract class OcspClientHandler extends ChannelInboundHandlerAdapter {
37  
38      private static final SSLHandshakeException OCSP_VERIFICATION_EXCEPTION = ThrowableUtil.unknownStackTrace(
39              new SSLHandshakeException("Bad OCSP response"), OcspClientHandler.class, "verify(...)");
40  
41      private final ReferenceCountedOpenSslEngine engine;
42  
43      protected OcspClientHandler(ReferenceCountedOpenSslEngine engine) {
44          this.engine = ObjectUtil.checkNotNull(engine, "engine");
45      }
46  
47      /**
48       * @see ReferenceCountedOpenSslEngine#getOcspResponse()
49       */
50      protected abstract boolean verify(ChannelHandlerContext ctx, ReferenceCountedOpenSslEngine engine) throws Exception;
51  
52      @Override
53      public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
54          if (evt instanceof SslHandshakeCompletionEvent) {
55              ctx.pipeline().remove(this);
56  
57              SslHandshakeCompletionEvent event = (SslHandshakeCompletionEvent) evt;
58              if (event.isSuccess() && !verify(ctx, engine)) {
59                  throw OCSP_VERIFICATION_EXCEPTION;
60              }
61          }
62  
63          ctx.fireUserEventTriggered(evt);
64      }
65  }