All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.netty.handler.ssl.AbstractSniHandler Maven / Gradle / Ivy

Go to download

Easy Redis Java client and Real-Time Data Platform. Valkey compatible. Sync/Async/RxJava3/Reactive API. Client side caching. Over 50 Redis based Java objects and services: JCache API, Apache Tomcat, Hibernate, Spring, Set, Multimap, SortedSet, Map, List, Queue, Deque, Semaphore, Lock, AtomicLong, Map Reduce, Bloom filter, Scheduler, RPC

There is a newer version: 3.40.2
Show newest version
/*
 * Copyright 2017 The Netty Project
 *
 * The Netty Project licenses this file to you under the Apache License,
 * version 2.0 (the "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at:
 *
 *   https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations
 * under the License.
 */
package io.netty.handler.ssl;

import io.netty.buffer.ByteBuf;
import io.netty.channel.ChannelHandlerContext;
import io.netty.util.CharsetUtil;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.ScheduledFuture;

import java.util.Locale;
import java.util.concurrent.TimeUnit;

import static io.netty.util.internal.ObjectUtil.checkPositiveOrZero;

/**
 * 

Enables SNI * (Server Name Indication) extension for server side SSL. For clients * support SNI, the server could have multiple host name bound on a single IP. * The client will send host name in the handshake data so server could decide * which certificate to choose for the host name.

*/ public abstract class AbstractSniHandler extends SslClientHelloHandler { private static String extractSniHostname(ByteBuf in) { // See https://tools.ietf.org/html/rfc5246#section-7.4.1.2 // // Decode the ssl client hello packet. // // struct { // ProtocolVersion client_version; // Random random; // SessionID session_id; // CipherSuite cipher_suites<2..2^16-2>; // CompressionMethod compression_methods<1..2^8-1>; // select (extensions_present) { // case false: // struct {}; // case true: // Extension extensions<0..2^16-1>; // }; // } ClientHello; // // We have to skip bytes until SessionID (which sum to 34 bytes in this case). int offset = in.readerIndex(); int endOffset = in.writerIndex(); offset += 34; if (endOffset - offset >= 6) { final int sessionIdLength = in.getUnsignedByte(offset); offset += sessionIdLength + 1; final int cipherSuitesLength = in.getUnsignedShort(offset); offset += cipherSuitesLength + 2; final int compressionMethodLength = in.getUnsignedByte(offset); offset += compressionMethodLength + 1; final int extensionsLength = in.getUnsignedShort(offset); offset += 2; final int extensionsLimit = offset + extensionsLength; // Extensions should never exceed the record boundary. if (extensionsLimit <= endOffset) { while (extensionsLimit - offset >= 4) { final int extensionType = in.getUnsignedShort(offset); offset += 2; final int extensionLength = in.getUnsignedShort(offset); offset += 2; if (extensionsLimit - offset < extensionLength) { break; } // SNI // See https://tools.ietf.org/html/rfc6066#page-6 if (extensionType == 0) { offset += 2; if (extensionsLimit - offset < 3) { break; } final int serverNameType = in.getUnsignedByte(offset); offset++; if (serverNameType == 0) { final int serverNameLength = in.getUnsignedShort(offset); offset += 2; if (extensionsLimit - offset < serverNameLength) { break; } final String hostname = in.toString(offset, serverNameLength, CharsetUtil.US_ASCII); return hostname.toLowerCase(Locale.US); } else { // invalid enum value break; } } offset += extensionLength; } } } return null; } protected final long handshakeTimeoutMillis; private ScheduledFuture timeoutFuture; private String hostname; /** * @param handshakeTimeoutMillis the handshake timeout in milliseconds */ protected AbstractSniHandler(long handshakeTimeoutMillis) { this(0, handshakeTimeoutMillis); } /** * @paramm maxClientHelloLength the maximum length of the client hello message. * @param handshakeTimeoutMillis the handshake timeout in milliseconds */ protected AbstractSniHandler(int maxClientHelloLength, long handshakeTimeoutMillis) { super(maxClientHelloLength); this.handshakeTimeoutMillis = checkPositiveOrZero(handshakeTimeoutMillis, "handshakeTimeoutMillis"); } public AbstractSniHandler() { this(0, 0L); } @Override public void handlerAdded(ChannelHandlerContext ctx) throws Exception { if (ctx.channel().isActive()) { checkStartTimeout(ctx); } } @Override public void channelActive(ChannelHandlerContext ctx) throws Exception { ctx.fireChannelActive(); checkStartTimeout(ctx); } private void checkStartTimeout(final ChannelHandlerContext ctx) { if (handshakeTimeoutMillis <= 0 || timeoutFuture != null) { return; } timeoutFuture = ctx.executor().schedule(new Runnable() { @Override public void run() { if (ctx.channel().isActive()) { SslHandshakeTimeoutException exception = new SslHandshakeTimeoutException( "handshake timed out after " + handshakeTimeoutMillis + "ms"); ctx.fireUserEventTriggered(new SniCompletionEvent(exception)); ctx.close(); } } }, handshakeTimeoutMillis, TimeUnit.MILLISECONDS); } @Override protected Future lookup(ChannelHandlerContext ctx, ByteBuf clientHello) throws Exception { hostname = clientHello == null ? null : extractSniHostname(clientHello); return lookup(ctx, hostname); } @Override protected void onLookupComplete(ChannelHandlerContext ctx, Future future) throws Exception { if (timeoutFuture != null) { timeoutFuture.cancel(false); } try { onLookupComplete(ctx, hostname, future); } finally { fireSniCompletionEvent(ctx, hostname, future); } } /** * Kicks off a lookup for the given SNI value and returns a {@link Future} which in turn will * notify the {@link #onLookupComplete(ChannelHandlerContext, String, Future)} on completion. * * @see #onLookupComplete(ChannelHandlerContext, String, Future) */ protected abstract Future lookup(ChannelHandlerContext ctx, String hostname) throws Exception; /** * Called upon completion of the {@link #lookup(ChannelHandlerContext, String)} {@link Future}. * * @see #lookup(ChannelHandlerContext, String) */ protected abstract void onLookupComplete(ChannelHandlerContext ctx, String hostname, Future future) throws Exception; private static void fireSniCompletionEvent(ChannelHandlerContext ctx, String hostname, Future future) { Throwable cause = future.cause(); if (cause == null) { ctx.fireUserEventTriggered(new SniCompletionEvent(hostname)); } else { ctx.fireUserEventTriggered(new SniCompletionEvent(hostname, cause)); } } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy