View Javadoc
1   /*
2    * Copyright 2017 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty5.handler.ssl;
17  
18  import io.netty5.buffer.api.Buffer;
19  import io.netty5.buffer.api.BufferAllocator;
20  import io.netty5.channel.ChannelHandler;
21  import io.netty5.channel.ChannelHandlerContext;
22  import io.netty5.handler.codec.ByteToMessageDecoder;
23  import io.netty5.util.internal.SilentDispose;
24  import io.netty5.util.internal.logging.InternalLogger;
25  import io.netty5.util.internal.logging.InternalLoggerFactory;
26  
27  import javax.net.ssl.SSLContext;
28  import javax.net.ssl.SSLParameters;
29  
30  import static java.util.Objects.requireNonNull;
31  
32  /**
33   * {@link OptionalSslHandler} is a utility decoder to support both SSL and non-SSL handlers
34   * based on the first message received.
35   */
36  public class OptionalSslHandler extends ByteToMessageDecoder {
37      private static final InternalLogger logger = InternalLoggerFactory.getInstance(OptionalSslHandler.class);
38  
39      private final SslContext sslContext;
40  
41      public OptionalSslHandler(SslContext sslContext) {
42          this.sslContext = requireNonNull(sslContext, "sslContext");
43      }
44  
45      @Override
46      protected void decode(ChannelHandlerContext context, Buffer in) throws Exception {
47          if (in.readableBytes() < SslUtils.SSL_RECORD_HEADER_LENGTH) {
48              return;
49          }
50          if (SslHandler.isEncrypted(in)) {
51              handleSsl(context);
52          } else {
53              handleNonSsl(context);
54          }
55      }
56  
57      private void handleSsl(ChannelHandlerContext context) {
58          SslHandler sslHandler = null;
59          try {
60              sslHandler = newSslHandler(context, sslContext);
61              context.pipeline().replace(this, newSslHandlerName(), sslHandler);
62              sslHandler = null;
63          } finally {
64              // Since the SslHandler was not inserted into the pipeline the ownership of the SSLEngine was not
65              // transferred to the SslHandler.
66              if (sslHandler != null) {
67                  SilentDispose.dispose(sslHandler.engine(), logger);
68              }
69          }
70      }
71  
72      private void handleNonSsl(ChannelHandlerContext context) {
73          ChannelHandler handler = newNonSslHandler(context);
74          if (handler != null) {
75              context.pipeline().replace(this, newNonSslHandlerName(), handler);
76          } else {
77              context.pipeline().remove(this);
78          }
79      }
80  
81      /**
82       * Optionally specify the SSL handler name, this method may return {@code null}.
83       * @return the name of the SSL handler.
84       */
85      protected String newSslHandlerName() {
86          return null;
87      }
88  
89      /**
90       * Override to configure the SslHandler eg. {@link SSLParameters#setEndpointIdentificationAlgorithm(String)}.
91       * The hostname and port is not known by this method so servers may want to override this method and use the
92       * {@link SslContext#newHandler(BufferAllocator, String, int)} variant.
93       *
94       * @param context the {@link ChannelHandlerContext} to use.
95       * @param sslContext the {@link SSLContext} to use.
96       * @return the {@link SslHandler} which will replace the {@link OptionalSslHandler} in the pipeline if the
97       * traffic is SSL.
98       */
99      protected SslHandler newSslHandler(ChannelHandlerContext context, SslContext sslContext) {
100         return sslContext.newHandler(context.bufferAllocator());
101     }
102 
103     /**
104      * Optionally specify the non-SSL handler name, this method may return {@code null}.
105      * @return the name of the non-SSL handler.
106      */
107     protected String newNonSslHandlerName() {
108         return null;
109     }
110 
111     /**
112      * Override to configure the ChannelHandler.
113      * @param context the {@link ChannelHandlerContext} to use.
114      * @return the {@link ChannelHandler} which will replace the {@link OptionalSslHandler} in the pipeline
115      * or {@code null} to simply remove the {@link OptionalSslHandler} if the traffic is non-SSL.
116      */
117     protected ChannelHandler newNonSslHandler(ChannelHandlerContext context) {
118         return null;
119     }
120 }