Class OcspServerCertificateValidator
java.lang.Object
io.netty.channel.ChannelHandlerAdapter
io.netty.channel.ChannelInboundHandlerAdapter
io.netty.handler.codec.ByteToMessageDecoder
io.netty.handler.ssl.ocsp.OcspServerCertificateValidator
- All Implemented Interfaces:
ChannelHandler, ChannelInboundHandler, ChannelOutboundHandler
public class OcspServerCertificateValidator
extends ByteToMessageDecoder
implements ChannelOutboundHandler
OcspServerCertificateValidator validates incoming server's certificate
using OCSP. Once TLS handshake is completed, SslHandshakeCompletionEvent.SUCCESS is fired, validator
will perform certificate validation using OCSP over HTTP/1.1 with the server's certificate issuer OCSP responder.-
Nested Class Summary
Nested classes/interfaces inherited from class ByteToMessageDecoder
ByteToMessageDecoder.CumulatorNested classes/interfaces inherited from interface ChannelHandler
ChannelHandler.Sharable -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final AttributeKey<Boolean> An attribute used to mark all channels created by theOcspServerCertificateValidator.Fields inherited from class ByteToMessageDecoder
COMPOSITE_CUMULATOR, MERGE_CUMULATOR -
Constructor Summary
ConstructorsConstructorDescriptionCreate a newOcspServerCertificateValidatorinstance without nonce validation on OCSP response, using defaultIoTransport.DEFAULTinstance, defaultDnsNameResolverimplementation and withcloseAndThrowIfNotValidset totrueOcspServerCertificateValidator(boolean validateNonce) Create a newOcspServerCertificateValidatorinstance with defaultIoTransport.DEFAULTinstance and defaultDnsNameResolverimplementation andcloseAndThrowIfNotValidset totrue.OcspServerCertificateValidator(boolean closeAndThrowIfNotValid, boolean validateNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver) Create a newIoTransportinstanceOcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport) Create a newOcspServerCertificateValidatorinstanceOcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver) -
Method Summary
Modifier and TypeMethodDescriptionvoidbind(ChannelHandlerContext ctx, SocketAddress localAddress, ChannelPromise promise) Called once a bind operation is made.voidclose(ChannelHandlerContext ctx, ChannelPromise promise) Called once a close operation is made.voidconnect(ChannelHandlerContext ctx, SocketAddress remoteAddress, SocketAddress localAddress, ChannelPromise promise) Called once a connect operation is made.protected static DnsNameResolvercreateDefaultResolver(IoTransport ioTransport) protected voiddecode(ChannelHandlerContext ctx, ByteBuf in, List<Object> out) Decode the from oneByteBufto an other.voidderegister(ChannelHandlerContext ctx, ChannelPromise promise) Called once a deregister operation is made from the current registeredEventLoop.voiddisconnect(ChannelHandlerContext ctx, ChannelPromise promise) Called once a disconnect operation is made.voidexceptionCaught(ChannelHandlerContext ctx, Throwable cause) CallsChannelHandlerContext.fireExceptionCaught(Throwable)to forward to the nextChannelHandlerin theChannelPipeline.voidCalled once a flush operation is made.voidInterceptsChannelHandlerContext.read().voiduserEventTriggered(ChannelHandlerContext ctx, Object evt) CallsChannelHandlerContext.fireUserEventTriggered(Object)to forward to the nextChannelInboundHandlerin theChannelPipeline.voidwrite(ChannelHandlerContext ctx, Object msg, ChannelPromise promise) Called once a write operation is made.Methods inherited from class ByteToMessageDecoder
actualReadableBytes, callDecode, channelInactive, channelRead, channelReadComplete, decodeLast, discardSomeReadBytes, handlerRemoved, handlerRemoved0, internalBuffer, isSingleDecode, setCumulator, setDiscardAfterReads, setSingleDecodeMethods inherited from class ChannelInboundHandlerAdapter
channelActive, channelRegistered, channelUnregistered, channelWritabilityChangedMethods inherited from class ChannelHandlerAdapter
ensureNotSharable, handlerAdded, isSharableMethods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface ChannelHandler
handlerAdded, handlerRemoved
-
Field Details
-
OCSP_PIPELINE_ATTRIBUTE
An attribute used to mark all channels created by theOcspServerCertificateValidator.
-
-
Constructor Details
-
OcspServerCertificateValidator
public OcspServerCertificateValidator()Create a newOcspServerCertificateValidatorinstance without nonce validation on OCSP response, using defaultIoTransport.DEFAULTinstance, defaultDnsNameResolverimplementation and withcloseAndThrowIfNotValidset totrue -
OcspServerCertificateValidator
public OcspServerCertificateValidator(boolean validateNonce) Create a newOcspServerCertificateValidatorinstance with defaultIoTransport.DEFAULTinstance and defaultDnsNameResolverimplementation andcloseAndThrowIfNotValidset totrue.- Parameters:
validateNonce- Set totrueif we should force nonce validation on OCSP response else set tofalse
-
OcspServerCertificateValidator
Create a newOcspServerCertificateValidatorinstance- Parameters:
validateNonce- Set totrueif we should force nonce validation on OCSP response else set tofalseioTransport-IoTransportto use
-
OcspServerCertificateValidator
public OcspServerCertificateValidator(boolean validateNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver) - Parameters:
validateNonce- Set totrueif we should force nonce validation on OCSP response else set tofalseioTransport-IoTransportto usednsNameResolver-DnsNameResolverimplementation to use
-
OcspServerCertificateValidator
public OcspServerCertificateValidator(boolean closeAndThrowIfNotValid, boolean validateNonce, IoTransport ioTransport, DnsNameResolver dnsNameResolver) Create a newIoTransportinstance- Parameters:
closeAndThrowIfNotValid- If set totruethen we will close the channel and throw an exception when certificate is notOcspResponse.Status.VALID. If set tofalsethen we will simply pass theOcspValidationEventto the next handler in pipeline and let it decide what to do.validateNonce- Set totrueif we should force nonce validation on OCSP response else set tofalseioTransport-IoTransportto usednsNameResolver-DnsNameResolverimplementation to use
-
-
Method Details
-
createDefaultResolver
-
decode
Description copied from class:ByteToMessageDecoderDecode the from oneByteBufto an other. This method will be called till either the inputByteBufhas nothing to read when return from this method or till nothing was read from the inputByteBuf.- Specified by:
decodein classByteToMessageDecoder- Parameters:
ctx- theChannelHandlerContextwhich thisByteToMessageDecoderbelongs toin- theByteBuffrom which to read dataout- theListto which decoded messages should be added
-
userEventTriggered
Description copied from class:ChannelInboundHandlerAdapterCallsChannelHandlerContext.fireUserEventTriggered(Object)to forward to the nextChannelInboundHandlerin theChannelPipeline. Sub-classes may override this method to change behavior.- Specified by:
userEventTriggeredin interfaceChannelInboundHandler- Overrides:
userEventTriggeredin classByteToMessageDecoder- Throws:
Exception
-
exceptionCaught
Description copied from class:ChannelInboundHandlerAdapterCallsChannelHandlerContext.fireExceptionCaught(Throwable)to forward to the nextChannelHandlerin theChannelPipeline. Sub-classes may override this method to change behavior.- Specified by:
exceptionCaughtin interfaceChannelHandler- Specified by:
exceptionCaughtin interfaceChannelInboundHandler- Overrides:
exceptionCaughtin classChannelInboundHandlerAdapter
-
bind
public void bind(ChannelHandlerContext ctx, SocketAddress localAddress, ChannelPromise promise) throws Exception Description copied from interface:ChannelOutboundHandlerCalled once a bind operation is made.- Specified by:
bindin interfaceChannelOutboundHandler- Parameters:
ctx- theChannelHandlerContextfor which the bind operation is madelocalAddress- theSocketAddressto which it should boundpromise- theChannelPromiseto notify once the operation completes- Throws:
Exception- thrown if an error occurs
-
connect
public void connect(ChannelHandlerContext ctx, SocketAddress remoteAddress, SocketAddress localAddress, ChannelPromise promise) throws Exception Description copied from interface:ChannelOutboundHandlerCalled once a connect operation is made.- Specified by:
connectin interfaceChannelOutboundHandler- Parameters:
ctx- theChannelHandlerContextfor which the connect operation is maderemoteAddress- theSocketAddressto which it should connectlocalAddress- theSocketAddresswhich is used as source on connectpromise- theChannelPromiseto notify once the operation completes- Throws:
Exception- thrown if an error occurs
-
disconnect
Description copied from interface:ChannelOutboundHandlerCalled once a disconnect operation is made.- Specified by:
disconnectin interfaceChannelOutboundHandler- Parameters:
ctx- theChannelHandlerContextfor which the disconnect operation is madepromise- theChannelPromiseto notify once the operation completes- Throws:
Exception- thrown if an error occurs
-
close
Description copied from interface:ChannelOutboundHandlerCalled once a close operation is made.- Specified by:
closein interfaceChannelOutboundHandler- Parameters:
ctx- theChannelHandlerContextfor which the close operation is madepromise- theChannelPromiseto notify once the operation completes- Throws:
Exception- thrown if an error occurs
-
deregister
Description copied from interface:ChannelOutboundHandlerCalled once a deregister operation is made from the current registeredEventLoop.- Specified by:
deregisterin interfaceChannelOutboundHandler- Parameters:
ctx- theChannelHandlerContextfor which the close operation is madepromise- theChannelPromiseto notify once the operation completes- Throws:
Exception- thrown if an error occurs
-
read
Description copied from interface:ChannelOutboundHandlerInterceptsChannelHandlerContext.read().- Specified by:
readin interfaceChannelOutboundHandler- Throws:
Exception
-
write
Description copied from interface:ChannelOutboundHandlerCalled once a write operation is made. The write operation will write the messages through theChannelPipeline. Those are then ready to be flushed to the actualChannelonceChannel.flush()is called- Specified by:
writein interfaceChannelOutboundHandler- Parameters:
ctx- theChannelHandlerContextfor which the write operation is mademsg- the message to writepromise- theChannelPromiseto notify once the operation completes- Throws:
Exception- thrown if an error occurs
-
flush
Description copied from interface:ChannelOutboundHandlerCalled once a flush operation is made. The flush operation will try to flush out all previous written messages that are pending.- Specified by:
flushin interfaceChannelOutboundHandler- Parameters:
ctx- theChannelHandlerContextfor which the flush operation is made- Throws:
Exception- thrown if an error occurs
-