/* * Copyright 2015 Netflix, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ package io.reactivex.netty.ssl; import io.netty.channel.ChannelDuplexHandler; import io.netty.channel.ChannelHandler; import io.netty.channel.ChannelHandlerContext; import io.netty.channel.ChannelPipeline; import io.netty.handler.ssl.SslHandler; import io.netty.handler.ssl.SslHandshakeCompletionEvent; import io.reactivex.netty.channel.ConnectionCreationFailedEvent; import io.reactivex.netty.channel.EmitConnectionEvent; import rx.functions.Action1; import static io.reactivex.netty.HandlerNames.*; /** * A codec to use when enabling SSL/TLS on <a href="http://en.wikipedia.org/wiki/Transport_Layer_Security">SSL * · TLS</a> and StartTLS support for a TCP client/server. * * This codec requires an {@link SslHandler} instance and adds the necessary infrastructure required for the * TCP client/server to work. */ public abstract class SslCodec implements Action1<ChannelPipeline> { protected SslCodec() { } @Override public final void call(final ChannelPipeline pipeline) { final SslHandler sslHandler = newSslHandler(pipeline); ChannelHandler wireLogging = pipeline.get(WireLogging.getName()); if (null != wireLogging) { /*So that, all activity on the channel is printed including SSL.*/ pipeline.addAfter(WireLogging.getName(), SslHandler.getName(), sslHandler); } else { pipeline.addFirst(SslHandler.getName(), sslHandler); } pipeline.addAfter(SslHandler.getName(), SslConnectionEmissionHandler.getName(), new SslConnEmissionHandler()); } protected abstract SslHandler newSslHandler(ChannelPipeline pipeline); private static final class SslConnEmissionHandler extends ChannelDuplexHandler { private boolean handshakeDone; @Override public void channelActive(ChannelHandlerContext ctx) throws Exception { ctx.read(); // Read till handshake is over, else handshake will never be done, without reading from channel. super.channelActive(ctx); } @Override public void channelReadComplete(ChannelHandlerContext ctx) throws Exception { if (!handshakeDone) { ctx.read(); /*Read till handshake over.*/ } super.channelReadComplete(ctx); } @Override public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception { if (evt instanceof SslHandshakeCompletionEvent) { handshakeDone = true; SslHandshakeCompletionEvent handshakeCompletionEvent = (SslHandshakeCompletionEvent) evt; if (handshakeCompletionEvent.isSuccess()) { ctx.fireUserEventTriggered(EmitConnectionEvent.INSTANCE); } else { ctx.fireUserEventTriggered(new ConnectionCreationFailedEvent(handshakeCompletionEvent.cause())); } } super.userEventTriggered(ctx, evt); } } }