public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundHandler
Channel. Please refer
to the "SecureChat" example in the distribution or the web
site for the detailed usage.
Beside using the handshake ChannelFuture to get notified about the completion of the handshake it's
also possible to detect it by implement the
ChannelInboundHandler.userEventTriggered(ChannelHandlerContext, Object)
method and check for a SslHandshakeCompletionEvent.
The handshake will be automatically issued for you once the Channel is active and
SSLEngine.getUseClientMode() returns true.
So no need to bother with it by your self.
To close the SSL session, the close() method should be
called to send the close_notify message to the remote peer. One
exception is when you close the Channel - SslHandler
intercepts the close request and send the close_notify message
before the channel closure automatically. Once the SSL session is closed,
it is not reusable, and consequently you should create a new
SslHandler with a new SSLEngine as explained in the
following section.
To restart the SSL session, you must remove the existing closed
SslHandler from the ChannelPipeline, insert a new
SslHandler with a new SSLEngine into the pipeline,
and start the handshake process as described in the first section.
StartTLS is the communication pattern that secures the wire in the middle of the plaintext connection. Please note that it is different from SSL · TLS, that secures the wire from the beginning of the connection. Typically, StartTLS is composed of three steps:
SslHandler instance with startTls flag set
to true,SslHandler to the ChannelPipeline, andSslHandler before sending
the StartTLS response. Otherwise the client can send begin SSL handshake
before SslHandler is inserted to the ChannelPipeline, causing
data corruption.
The client-side implementation is much simpler.
SslHandler instance with startTls flag set
to false,SslHandler to the ChannelPipeline, andBecause of a known issue with the current implementation of the SslEngine that comes with Java it may be possible that you see blocked IO-Threads while a full GC is done.
So if you are affected you can workaround this problem by adjust the cache settings like shown below:
SslContext context = ...;
context.getServerSessionContext().setSessionCacheSize(someSaneSize);
context.getServerSessionContext().setSessionTime(someSameTimeout);
What values to use here depends on the nature of your application and should be set based on monitoring and debugging of it. For more details see #832 in our issue tracker.
| Modifier and Type | Class and Description |
|---|---|
private class |
SslHandler.LazyChannelPromise |
private static class |
SslHandler.SslEngineType |
ByteToMessageDecoder.CumulatorChannelHandler.Sharable| Modifier and Type | Field and Description |
|---|---|
private static java.nio.channels.ClosedChannelException |
CHANNEL_CLOSED |
private long |
closeNotifyFlushTimeoutMillis |
private long |
closeNotifyReadTimeoutMillis |
private ChannelHandlerContext |
ctx |
private java.util.concurrent.Executor |
delegatedTaskExecutor |
private javax.net.ssl.SSLEngine |
engine |
private SslHandler.SslEngineType |
engineType |
private boolean |
firedChannelRead
This flag is used to determine if we need to call
ChannelHandlerContext.read() to consume more data
when ChannelConfig.isAutoRead() is false. |
private boolean |
flushedBeforeHandshake |
private static javax.net.ssl.SSLException |
HANDSHAKE_TIMED_OUT |
private Promise<Channel> |
handshakePromise |
private long |
handshakeTimeoutMillis |
private static java.util.regex.Pattern |
IGNORABLE_CLASS_IN_STACK |
private static java.util.regex.Pattern |
IGNORABLE_ERROR_MESSAGE |
private static InternalLogger |
logger |
private static int |
MAX_CIPHERTEXT_LENGTH |
private static int |
MAX_COMPRESSED_LENGTH |
(package private) static int |
MAX_ENCRYPTED_PACKET_LENGTH |
(package private) static int |
MAX_ENCRYPTION_OVERHEAD_LENGTH |
private static int |
MAX_PLAINTEXT_LENGTH |
private int |
maxPacketBufferSize |
private boolean |
needsFlush
Set by wrap*() methods when something is produced.
|
private boolean |
outboundClosed |
private int |
packetLength |
private PendingWriteQueue |
pendingUnencryptedWrites |
private boolean |
readDuringHandshake |
private boolean |
sentFirstMessage |
private java.nio.ByteBuffer[] |
singleBuffer
Used if
SSLEngine.wrap(ByteBuffer[], ByteBuffer) and SSLEngine.unwrap(ByteBuffer, ByteBuffer[])
should be called with a ByteBuf that is only backed by one ByteBuffer to reduce the object
creation. |
private SslHandler.LazyChannelPromise |
sslClosePromise |
private static javax.net.ssl.SSLException |
SSLENGINE_CLOSED
Used in
unwrapNonAppData(ChannelHandlerContext) as input for
unwrap(ChannelHandlerContext, ByteBuf, int, int). |
private boolean |
startTls |
COMPOSITE_CUMULATOR, MERGE_CUMULATOR| Constructor and Description |
|---|
SslHandler(javax.net.ssl.SSLEngine engine)
Creates a new instance.
|
SslHandler(javax.net.ssl.SSLEngine engine,
boolean startTls)
Creates a new instance.
|
SslHandler(javax.net.ssl.SSLEngine engine,
boolean startTls,
java.util.concurrent.Executor delegatedTaskExecutor)
Deprecated.
Use
SslHandler(SSLEngine, boolean) instead. |
SslHandler(javax.net.ssl.SSLEngine engine,
java.util.concurrent.Executor delegatedTaskExecutor)
Deprecated.
Use
SslHandler(SSLEngine) instead. |
| Modifier and Type | Method and Description |
|---|---|
private static void |
addCloseListener(ChannelFuture future,
ChannelPromise promise) |
private ByteBuf |
allocate(ChannelHandlerContext ctx,
int capacity)
Always prefer a direct buffer when it's pooled, so that we reduce the number of memory copies
in
OpenSslEngine. |
private ByteBuf |
allocateOutNetBuf(ChannelHandlerContext ctx,
int pendingBytes,
int numComponents)
Allocates an outbound network buffer for
SSLEngine.wrap(ByteBuffer, ByteBuffer) which can encrypt
the specified amount of pending bytes. |
java.lang.String |
applicationProtocol()
Returns the name of the current application-level protocol.
|
void |
bind(ChannelHandlerContext ctx,
java.net.SocketAddress localAddress,
ChannelPromise promise)
Called once a bind operation is made.
|
void |
channelActive(ChannelHandlerContext ctx)
Issues an initial TLS handshake once connected when used in client-mode
|
void |
channelInactive(ChannelHandlerContext ctx)
Calls
ChannelHandlerContext.fireChannelInactive() to forward
to the next ChannelInboundHandler in the ChannelPipeline. |
void |
channelReadComplete(ChannelHandlerContext ctx)
Calls
ChannelHandlerContext.fireChannelReadComplete() to forward
to the next ChannelInboundHandler in the ChannelPipeline. |
ChannelFuture |
close()
Deprecated.
|
void |
close(ChannelHandlerContext ctx,
ChannelPromise promise)
Called once a close operation is made.
|
ChannelFuture |
close(ChannelPromise promise)
Deprecated.
|
private void |
closeOutboundAndChannel(ChannelHandlerContext ctx,
ChannelPromise promise,
boolean disconnect) |
void |
connect(ChannelHandlerContext ctx,
java.net.SocketAddress remoteAddress,
java.net.SocketAddress localAddress,
ChannelPromise promise)
Called once a connect operation is made.
|
protected void |
decode(ChannelHandlerContext ctx,
ByteBuf in,
java.util.List<java.lang.Object> out)
Decode the from one
ByteBuf to an other. |
void |
deregister(ChannelHandlerContext ctx,
ChannelPromise promise)
Called once a deregister operation is made from the current registered
EventLoop. |
void |
disconnect(ChannelHandlerContext ctx,
ChannelPromise promise)
Called once a disconnect operation is made.
|
javax.net.ssl.SSLEngine |
engine()
Returns the
SSLEngine which is used by this handler. |
void |
exceptionCaught(ChannelHandlerContext ctx,
java.lang.Throwable cause)
Calls
ChannelHandlerContext.fireExceptionCaught(Throwable) to forward
to the next ChannelHandler in the ChannelPipeline. |
private void |
finishWrap(ChannelHandlerContext ctx,
ByteBuf out,
ChannelPromise promise,
boolean inUnwrap,
boolean needUnwrap) |
void |
flush(ChannelHandlerContext ctx)
Called once a flush operation is made.
|
private void |
flush(ChannelHandlerContext ctx,
ChannelPromise promise) |
private void |
flushIfNeeded(ChannelHandlerContext ctx) |
private void |
forceFlush(ChannelHandlerContext ctx) |
long |
getCloseNotifyFlushTimeoutMillis()
Gets the timeout for flushing the close_notify that was triggered by closing the
Channel. |
long |
getCloseNotifyReadTimeoutMillis()
Gets the timeout (in ms) for receiving the response for the close_notify that was triggered by closing the
Channel. |
long |
getCloseNotifyTimeoutMillis()
Deprecated.
|
long |
getHandshakeTimeoutMillis() |
void |
handlerAdded(ChannelHandlerContext ctx)
Do nothing by default, sub-classes may override this method.
|
void |
handlerRemoved0(ChannelHandlerContext ctx)
Gets called after the
ByteToMessageDecoder was removed from the actual context and it doesn't handle
events anymore. |
private void |
handshake(Promise<Channel> newHandshakePromise)
Performs TLS (re)negotiation.
|
Future<Channel> |
handshakeFuture()
Returns a
Future that will get notified once the current TLS handshake completes. |
private boolean |
ignoreException(java.lang.Throwable t)
Checks if the given
Throwable can be ignore and just "swallowed"
When an ssl connection is closed a close_notify message is sent. |
static boolean |
isEncrypted(ByteBuf buffer)
Returns
true if the given ByteBuf is encrypted. |
private void |
notifyClosePromise(java.lang.Throwable cause) |
private void |
notifyHandshakeFailure(java.lang.Throwable cause) |
void |
read(ChannelHandlerContext ctx)
Intercepts
ChannelHandlerContext.read(). |
private void |
readIfNeeded(ChannelHandlerContext ctx) |
Future<Channel> |
renegotiate()
Performs TLS renegotiation.
|
Future<Channel> |
renegotiate(Promise<Channel> promise)
Performs TLS renegotiation.
|
private void |
runDelegatedTasks()
Fetches all delegated tasks from the
SSLEngine and runs them via the delegatedTaskExecutor. |
private void |
safeClose(ChannelHandlerContext ctx,
ChannelFuture flushFuture,
ChannelPromise promise) |
void |
setCloseNotifyFlushTimeout(long closeNotifyFlushTimeout,
java.util.concurrent.TimeUnit unit)
Sets the timeout for flushing the close_notify that was triggered by closing the
Channel. |
void |
setCloseNotifyFlushTimeoutMillis(long closeNotifyFlushTimeoutMillis)
|
void |
setCloseNotifyReadTimeout(long closeNotifyReadTimeout,
java.util.concurrent.TimeUnit unit)
Sets the timeout for receiving the response for the close_notify that was triggered by closing the
Channel. |
void |
setCloseNotifyReadTimeoutMillis(long closeNotifyReadTimeoutMillis)
|
void |
setCloseNotifyTimeout(long closeNotifyTimeout,
java.util.concurrent.TimeUnit unit)
Deprecated.
|
void |
setCloseNotifyTimeoutMillis(long closeNotifyFlushTimeoutMillis)
Deprecated.
|
private void |
setHandshakeFailure(ChannelHandlerContext ctx,
java.lang.Throwable cause)
Notify all the handshake futures about the failure during the handshake.
|
private void |
setHandshakeFailure(ChannelHandlerContext ctx,
java.lang.Throwable cause,
boolean closeInbound)
Notify all the handshake futures about the failure during the handshake.
|
private void |
setHandshakeSuccess()
Notify all the handshake futures about the successfully handshake
|
private boolean |
setHandshakeSuccessIfStillHandshaking()
Works around some Android
SSLEngine implementations that skip SSLEngineResult.HandshakeStatus.FINISHED and
go straight into SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING when handshake is finished. |
void |
setHandshakeTimeout(long handshakeTimeout,
java.util.concurrent.TimeUnit unit) |
void |
setHandshakeTimeoutMillis(long handshakeTimeoutMillis) |
Future<Channel> |
sslCloseFuture()
Return the
Future that will get notified if the inbound of the SSLEngine is closed. |
private static java.nio.ByteBuffer |
toByteBuffer(ByteBuf out,
int index,
int len) |
private boolean |
unwrap(ChannelHandlerContext ctx,
ByteBuf packet,
int offset,
int length)
Unwraps inbound SSL records.
|
private void |
unwrapNonAppData(ChannelHandlerContext ctx)
Calls
SSLEngine.unwrap(ByteBuffer, ByteBuffer) with an empty buffer to handle handshakes, etc. |
private javax.net.ssl.SSLEngineResult |
wrap(ByteBufAllocator alloc,
javax.net.ssl.SSLEngine engine,
ByteBuf in,
ByteBuf out) |
private void |
wrap(ChannelHandlerContext ctx,
boolean inUnwrap) |
private void |
wrapAndFlush(ChannelHandlerContext ctx) |
private void |
wrapNonAppData(ChannelHandlerContext ctx,
boolean inUnwrap)
This method will not call
setHandshakeFailure(ChannelHandlerContext, Throwable, boolean) or
setHandshakeFailure(ChannelHandlerContext, Throwable). |
void |
write(ChannelHandlerContext ctx,
java.lang.Object msg,
ChannelPromise promise)
Called once a write operation is made.
|
actualReadableBytes, callDecode, channelRead, decodeLast, discardSomeReadBytes, handlerRemoved, internalBuffer, isSingleDecode, setCumulator, setDiscardAfterReads, setSingleDecode, userEventTriggeredchannelRegistered, channelUnregistered, channelWritabilityChangedensureNotSharable, isSharableclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waithandlerRemovedprivate static final int MAX_PLAINTEXT_LENGTH
private static final int MAX_COMPRESSED_LENGTH
private static final int MAX_CIPHERTEXT_LENGTH
static final int MAX_ENCRYPTED_PACKET_LENGTH
static final int MAX_ENCRYPTION_OVERHEAD_LENGTH
private static final InternalLogger logger
private static final java.util.regex.Pattern IGNORABLE_CLASS_IN_STACK
private static final java.util.regex.Pattern IGNORABLE_ERROR_MESSAGE
private static final javax.net.ssl.SSLException SSLENGINE_CLOSED
unwrapNonAppData(ChannelHandlerContext) as input for
unwrap(ChannelHandlerContext, ByteBuf, int, int). Using this static instance reduce object
creation as Unpooled#EMPTY_BUFFER#nioBuffer() creates a new ByteBuffer everytime.private static final javax.net.ssl.SSLException HANDSHAKE_TIMED_OUT
private static final java.nio.channels.ClosedChannelException CHANNEL_CLOSED
private volatile ChannelHandlerContext ctx
private final javax.net.ssl.SSLEngine engine
private final SslHandler.SslEngineType engineType
private final int maxPacketBufferSize
private final java.util.concurrent.Executor delegatedTaskExecutor
private final java.nio.ByteBuffer[] singleBuffer
SSLEngine.wrap(ByteBuffer[], ByteBuffer) and SSLEngine.unwrap(ByteBuffer, ByteBuffer[])
should be called with a ByteBuf that is only backed by one ByteBuffer to reduce the object
creation.private final boolean startTls
private boolean sentFirstMessage
private boolean flushedBeforeHandshake
private boolean readDuringHandshake
private PendingWriteQueue pendingUnencryptedWrites
private final SslHandler.LazyChannelPromise sslClosePromise
private boolean needsFlush
channelReadComplete(ChannelHandlerContext) will check this flag, clear it, and call ctx.flush().private boolean outboundClosed
private int packetLength
private boolean firedChannelRead
ChannelHandlerContext.read() to consume more data
when ChannelConfig.isAutoRead() is false.private volatile long handshakeTimeoutMillis
private volatile long closeNotifyFlushTimeoutMillis
private volatile long closeNotifyReadTimeoutMillis
public SslHandler(javax.net.ssl.SSLEngine engine)
engine - the SSLEngine this handler will usepublic SslHandler(javax.net.ssl.SSLEngine engine,
boolean startTls)
engine - the SSLEngine this handler will usestartTls - true if the first write request shouldn't be
encrypted by the SSLEngine@Deprecated
public SslHandler(javax.net.ssl.SSLEngine engine,
java.util.concurrent.Executor delegatedTaskExecutor)
SslHandler(SSLEngine) instead.@Deprecated
public SslHandler(javax.net.ssl.SSLEngine engine,
boolean startTls,
java.util.concurrent.Executor delegatedTaskExecutor)
SslHandler(SSLEngine, boolean) instead.public long getHandshakeTimeoutMillis()
public void setHandshakeTimeout(long handshakeTimeout,
java.util.concurrent.TimeUnit unit)
public void setHandshakeTimeoutMillis(long handshakeTimeoutMillis)
@Deprecated public long getCloseNotifyTimeoutMillis()
getCloseNotifyFlushTimeoutMillis()@Deprecated
public void setCloseNotifyTimeout(long closeNotifyTimeout,
java.util.concurrent.TimeUnit unit)
setCloseNotifyFlushTimeout(long, TimeUnit)@Deprecated public void setCloseNotifyTimeoutMillis(long closeNotifyFlushTimeoutMillis)
setCloseNotifyFlushTimeoutMillis(long)public final long getCloseNotifyFlushTimeoutMillis()
public final void setCloseNotifyFlushTimeout(long closeNotifyFlushTimeout,
java.util.concurrent.TimeUnit unit)
public final void setCloseNotifyFlushTimeoutMillis(long closeNotifyFlushTimeoutMillis)
public final long getCloseNotifyReadTimeoutMillis()
public final void setCloseNotifyReadTimeout(long closeNotifyReadTimeout,
java.util.concurrent.TimeUnit unit)
public final void setCloseNotifyReadTimeoutMillis(long closeNotifyReadTimeoutMillis)
public javax.net.ssl.SSLEngine engine()
SSLEngine which is used by this handler.public java.lang.String applicationProtocol()
null if application-level protocol has not been negotiatedpublic Future<Channel> handshakeFuture()
Future that will get notified once the current TLS handshake completes.Future for the initial TLS handshake if renegotiate() was not invoked.
The Future for the most recent TLS renegotiation otherwise.@Deprecated public ChannelFuture close()
ChannelOutboundInvoker.close() or ChannelOutboundInvoker.close()close_notify message to the specified channel and
destroys the underlying SSLEngine.@Deprecated public ChannelFuture close(ChannelPromise promise)
ChannelOutboundInvoker.close() or ChannelOutboundInvoker.close()close()public Future<Channel> sslCloseFuture()
Future that will get notified if the inbound of the SSLEngine is closed.
This method will return the same Future all the time.SSLEnginepublic void handlerRemoved0(ChannelHandlerContext ctx) throws java.lang.Exception
ByteToMessageDecoderByteToMessageDecoder was removed from the actual context and it doesn't handle
events anymore.handlerRemoved0 in class ByteToMessageDecoderjava.lang.Exceptionpublic void bind(ChannelHandlerContext ctx, java.net.SocketAddress localAddress, ChannelPromise promise) throws java.lang.Exception
ChannelOutboundHandlerbind in interface ChannelOutboundHandlerctx - the ChannelHandlerContext for which the bind operation is madelocalAddress - the SocketAddress to which it should boundpromise - the ChannelPromise to notify once the operation completesjava.lang.Exception - thrown if an error occurspublic void connect(ChannelHandlerContext ctx, java.net.SocketAddress remoteAddress, java.net.SocketAddress localAddress, ChannelPromise promise) throws java.lang.Exception
ChannelOutboundHandlerconnect in interface ChannelOutboundHandlerctx - the ChannelHandlerContext for which the connect operation is maderemoteAddress - the SocketAddress to which it should connectlocalAddress - the SocketAddress which is used as source on connectpromise - the ChannelPromise to notify once the operation completesjava.lang.Exception - thrown if an error occurspublic void deregister(ChannelHandlerContext ctx, ChannelPromise promise) throws java.lang.Exception
ChannelOutboundHandlerEventLoop.deregister in interface ChannelOutboundHandlerctx - the ChannelHandlerContext for which the close operation is madepromise - the ChannelPromise to notify once the operation completesjava.lang.Exception - thrown if an error occurspublic void disconnect(ChannelHandlerContext ctx, ChannelPromise promise) throws java.lang.Exception
ChannelOutboundHandlerdisconnect in interface ChannelOutboundHandlerctx - the ChannelHandlerContext for which the disconnect operation is madepromise - the ChannelPromise to notify once the operation completesjava.lang.Exception - thrown if an error occurspublic void close(ChannelHandlerContext ctx, ChannelPromise promise) throws java.lang.Exception
ChannelOutboundHandlerclose in interface ChannelOutboundHandlerctx - the ChannelHandlerContext for which the close operation is madepromise - the ChannelPromise to notify once the operation completesjava.lang.Exception - thrown if an error occurspublic void read(ChannelHandlerContext ctx) throws java.lang.Exception
ChannelOutboundHandlerChannelHandlerContext.read().read in interface ChannelOutboundHandlerjava.lang.Exceptionpublic void write(ChannelHandlerContext ctx, java.lang.Object msg, ChannelPromise promise) throws java.lang.Exception
ChannelOutboundHandlerChannelPipeline. Those are then ready to be flushed to the actual Channel once
Channel.flush() is calledwrite in interface ChannelOutboundHandlerctx - the ChannelHandlerContext for which the write operation is mademsg - the message to writepromise - the ChannelPromise to notify once the operation completesjava.lang.Exception - thrown if an error occurspublic void flush(ChannelHandlerContext ctx) throws java.lang.Exception
ChannelOutboundHandlerflush in interface ChannelOutboundHandlerctx - the ChannelHandlerContext for which the flush operation is madejava.lang.Exception - thrown if an error occursprivate void wrapAndFlush(ChannelHandlerContext ctx) throws javax.net.ssl.SSLException
javax.net.ssl.SSLExceptionprivate void wrap(ChannelHandlerContext ctx, boolean inUnwrap) throws javax.net.ssl.SSLException
javax.net.ssl.SSLExceptionprivate void finishWrap(ChannelHandlerContext ctx, ByteBuf out, ChannelPromise promise, boolean inUnwrap, boolean needUnwrap)
private void wrapNonAppData(ChannelHandlerContext ctx, boolean inUnwrap) throws javax.net.ssl.SSLException
setHandshakeFailure(ChannelHandlerContext, Throwable, boolean) or
setHandshakeFailure(ChannelHandlerContext, Throwable).javax.net.ssl.SSLExceptionprivate javax.net.ssl.SSLEngineResult wrap(ByteBufAllocator alloc, javax.net.ssl.SSLEngine engine, ByteBuf in, ByteBuf out) throws javax.net.ssl.SSLException
javax.net.ssl.SSLExceptionpublic void channelInactive(ChannelHandlerContext ctx) throws java.lang.Exception
ChannelInboundHandlerAdapterChannelHandlerContext.fireChannelInactive() to forward
to the next ChannelInboundHandler in the ChannelPipeline.
Sub-classes may override this method to change behavior.channelInactive in interface ChannelInboundHandlerchannelInactive in class ByteToMessageDecoderjava.lang.Exceptionpublic void exceptionCaught(ChannelHandlerContext ctx, java.lang.Throwable cause) throws java.lang.Exception
ChannelInboundHandlerAdapterChannelHandlerContext.fireExceptionCaught(Throwable) to forward
to the next ChannelHandler in the ChannelPipeline.
Sub-classes may override this method to change behavior.exceptionCaught in interface ChannelHandlerexceptionCaught in interface ChannelInboundHandlerexceptionCaught in class ChannelInboundHandlerAdapterjava.lang.Exceptionprivate boolean ignoreException(java.lang.Throwable t)
Throwable can be ignore and just "swallowed"
When an ssl connection is closed a close_notify message is sent.
After that the peer also sends close_notify however, it's not mandatory to receive
the close_notify. The party who sent the initial close_notify can close the connection immediately
then the peer will get connection reset error.public static boolean isEncrypted(ByteBuf buffer)
true if the given ByteBuf is encrypted. Be aware that this method
will not increase the readerIndex of the given ByteBuf.buffer - The ByteBuf to read from. Be aware that it must have at least 5 bytes to read,
otherwise it will throw an IllegalArgumentException.true if the ByteBuf is encrypted, false otherwise.java.lang.IllegalArgumentException - Is thrown if the given ByteBuf has not at least 5 bytes to read.protected void decode(ChannelHandlerContext ctx, ByteBuf in, java.util.List<java.lang.Object> out) throws javax.net.ssl.SSLException
ByteToMessageDecoderByteBuf to an other. This method will be called till either the input
ByteBuf has nothing to read when return from this method or till nothing was read from the input
ByteBuf.decode in class ByteToMessageDecoderctx - the ChannelHandlerContext which this ByteToMessageDecoder belongs toin - the ByteBuf from which to read dataout - the List to which decoded messages should be addedjavax.net.ssl.SSLExceptionpublic void channelReadComplete(ChannelHandlerContext ctx) throws java.lang.Exception
ChannelInboundHandlerAdapterChannelHandlerContext.fireChannelReadComplete() to forward
to the next ChannelInboundHandler in the ChannelPipeline.
Sub-classes may override this method to change behavior.channelReadComplete in interface ChannelInboundHandlerchannelReadComplete in class ByteToMessageDecoderjava.lang.Exceptionprivate void readIfNeeded(ChannelHandlerContext ctx)
private void flushIfNeeded(ChannelHandlerContext ctx)
private void unwrapNonAppData(ChannelHandlerContext ctx) throws javax.net.ssl.SSLException
SSLEngine.unwrap(ByteBuffer, ByteBuffer) with an empty buffer to handle handshakes, etc.javax.net.ssl.SSLExceptionprivate boolean unwrap(ChannelHandlerContext ctx, ByteBuf packet, int offset, int length) throws javax.net.ssl.SSLException
javax.net.ssl.SSLExceptionprivate static java.nio.ByteBuffer toByteBuffer(ByteBuf out, int index, int len)
private void runDelegatedTasks()
SSLEngine and runs them via the delegatedTaskExecutor.
If the delegatedTaskExecutor is ImmediateExecutor, just call Runnable.run() directly
instead of using Executor.execute(Runnable). Otherwise, run the tasks via
the delegatedTaskExecutor and wait until the tasks are finished.private boolean setHandshakeSuccessIfStillHandshaking()
SSLEngine implementations that skip SSLEngineResult.HandshakeStatus.FINISHED and
go straight into SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING when handshake is finished.true if and only if the workaround has been applied and thus handshakeFuture() has been
marked as success by this methodprivate void setHandshakeSuccess()
private void setHandshakeFailure(ChannelHandlerContext ctx, java.lang.Throwable cause)
private void setHandshakeFailure(ChannelHandlerContext ctx, java.lang.Throwable cause, boolean closeInbound)
private void notifyHandshakeFailure(java.lang.Throwable cause)
private void notifyClosePromise(java.lang.Throwable cause)
private void closeOutboundAndChannel(ChannelHandlerContext ctx, ChannelPromise promise, boolean disconnect) throws java.lang.Exception
java.lang.Exceptionprivate void flush(ChannelHandlerContext ctx, ChannelPromise promise) throws java.lang.Exception
java.lang.Exceptionpublic void handlerAdded(ChannelHandlerContext ctx) throws java.lang.Exception
ChannelHandlerAdapterhandlerAdded in interface ChannelHandlerhandlerAdded in class ChannelHandlerAdapterjava.lang.Exceptionpublic Future<Channel> renegotiate(Promise<Channel> promise)
private void handshake(Promise<Channel> newHandshakePromise)
newHandshakePromise - if null, use the existing handshakePromise,
assuming that the current negotiation has not been finished.
Currently, null is expected only for the initial handshake.private void forceFlush(ChannelHandlerContext ctx)
public void channelActive(ChannelHandlerContext ctx) throws java.lang.Exception
channelActive in interface ChannelInboundHandlerchannelActive in class ChannelInboundHandlerAdapterjava.lang.Exceptionprivate void safeClose(ChannelHandlerContext ctx, ChannelFuture flushFuture, ChannelPromise promise)
private static void addCloseListener(ChannelFuture future, ChannelPromise promise)
private ByteBuf allocate(ChannelHandlerContext ctx, int capacity)
OpenSslEngine.private ByteBuf allocateOutNetBuf(ChannelHandlerContext ctx, int pendingBytes, int numComponents)
SSLEngine.wrap(ByteBuffer, ByteBuffer) which can encrypt
the specified amount of pending bytes.