Package google.registry.networking.handler

Class SslServerInitializer<C extends io.netty.channel.Channel>

java.lang.Object
io.netty.channel.ChannelHandlerAdapter
io.netty.channel.ChannelInboundHandlerAdapter
io.netty.channel.ChannelInitializer<C>
google.registry.networking.handler.SslServerInitializer<C>
All Implemented Interfaces:
io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler
@Sharable public class SslServerInitializer<C extends io.netty.channel.Channel> extends io.netty.channel.ChannelInitializer<C>
Adds a server side SSL handler to the channel pipeline.

This should be the first handler provided for any handler provider list, if it is provided. Unless you wish to first process the PROXY header with another handler, which should come before this handler. The type parameter C is needed so that unit tests can construct this handler that works with EmbeddedChannel;

The ssl handler added can require client authentication, but it uses an InsecureTrustManagerFactory, which accepts any ssl certificate presented by the client, as long as the client uses the corresponding private key to establish SSL handshake. The client certificate hash will be passed along to GAE as an HTTP header for verification (not handled by this handler).

  • Nested Class Summary

    Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler

    io.netty.channel.ChannelHandler.Sharable

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final io.netty.util.AttributeKey<io.netty.util.concurrent.Promise<X509Certificate>>
    CLIENT_CERTIFICATE_PROMISE_KEY
    Attribute key to the client certificate promise whose value is set when SSL handshake completes successfully.

  • Constructor Summary

    Constructors
    Constructor
    Description
    SslServerInitializer(boolean requireClientCert, boolean validateClientCert, io.netty.handler.ssl.SslProvider sslProvider, Supplier<PrivateKey> privateKeySupplier, Supplier<com.google.common.collect.ImmutableList<X509Certificate>> certificatesSupplier)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    initChannel(C channel)
     

    Methods inherited from class io.netty.channel.ChannelInitializer

    channelRegistered, exceptionCaught, handlerAdded, handlerRemoved

    Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter

    channelActive, channelInactive, channelRead, channelReadComplete, channelUnregistered, channelWritabilityChanged, userEventTriggered

    Methods inherited from class io.netty.channel.ChannelHandlerAdapter

    ensureNotSharable, isSharable

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • CLIENT_CERTIFICATE_PROMISE_KEY

      public static final io.netty.util.AttributeKey<io.netty.util.concurrent.Promise<X509Certificate>> CLIENT_CERTIFICATE_PROMISE_KEY
      Attribute key to the client certificate promise whose value is set when SSL handshake completes successfully.

  • Constructor Details

    • SslServerInitializer

      public SslServerInitializer(boolean requireClientCert, boolean validateClientCert, io.netty.handler.ssl.SslProvider sslProvider, Supplier<PrivateKey> privateKeySupplier, Supplier<com.google.common.collect.ImmutableList<X509Certificate>> certificatesSupplier)

  • Method Details

    • initChannel

      protected void initChannel(C channel) throws Exception
      Specified by:
      initChannel in class io.netty.channel.ChannelInitializer<C extends io.netty.channel.Channel>
      Throws:
      Exception