Package com.linkedin.alpini.netty4.ssl

Class SslInitializer

  • All Implemented Interfaces:
    io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler
    @Sharable
public class SslInitializer
extends ChannelInitializer<io.netty.channel.Channel>
    Created by acurtis on 9/7/17.

    • Nested Class Summary

      • Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler

        io.netty.channel.ChannelHandler.Sharable

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static io.netty.handler.ssl.SslHandshakeCompletionEvent NO_SSL_HANDSHAKE  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected javax.net.ssl.SSLEngine createSslEngine​(io.netty.buffer.ByteBufAllocator allocator, java.net.SocketAddress remote)  
      SslInitializer enableResolveBeforeSSL​(io.netty.util.concurrent.EventExecutorGroup resolveExecutor, int resolveAttempts, long resolveBackOffMillis)
      Configure for performing DNS resolution of the client address on an alternate thread pool to avoid and limit DNS execution during SSL handshake from blocking the IO Workers.
      SslInitializer enableResolveBeforeSSL​(io.netty.util.concurrent.EventExecutorGroup resolveExecutor, int resolveAttempts, long resolveBackOffMillis, int permits)
      Configure for performing DNS resolution of the client address on an alternate thread pool to avoid and limit DNS execution during SSL handshake from blocking the IO Workers.
      SslInitializer enableSslTaskExecutor​(java.util.concurrent.Executor executor)
      Configure for enabling the SslHandler to offload handshake compute tasks to an alternate executor.
      protected void executorFailure​(io.netty.channel.ChannelPromise promise, java.util.concurrent.RejectedExecutionException ex)  
      int getAvailablePermits()
      Returns the number of available permits for handshakes.
      long getHandshakesFailed()
      Returns the number of handshakes which had resulted in failure.
      long getHandshakesStarted()
      Returns the number of handshakes which have been started.
      long getHandshakesSuccessful()
      Returns the number of handshakes which had resulted in success.
      int getPendingHandshakes()
      Returns the number of handshakes which are currently blocked awaiting a permit.
      protected void initChannel​(io.netty.channel.Channel ch)
      This method will be called once the Channel was registered.
      static boolean isNoSslHandshake​(java.lang.Throwable cause)  
      SslInitializer setIdentityParser​(java.util.function.Function<java.security.cert.X509Certificate,​java.lang.String> identityParser)  

      • Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter

        channelActive, channelInactive, channelRead, channelReadComplete, channelUnregistered, channelWritabilityChanged, userEventTriggered

      • Methods inherited from class io.netty.channel.ChannelHandlerAdapter

        ensureNotSharable, isSharable

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • NO_SSL_HANDSHAKE

        public static final io.netty.handler.ssl.SslHandshakeCompletionEvent NO_SSL_HANDSHAKE

    • Constructor Detail

      • SslInitializer

        public SslInitializer​(SslFactory sslFactory,
                      boolean requireSSL)

      • SslInitializer

        public SslInitializer​(SslFactory sslFactory,
                      io.netty.channel.ChannelHandler postHandshakeHandler)

      • SslInitializer

        public SslInitializer​(SslFactory sslFactory,
                      boolean requireSSL,
                      io.netty.channel.ChannelHandler postHandshakeHandler)

      • SslInitializer

        public SslInitializer​(SSLEngineFactory sslFactory,
                      io.netty.channel.ChannelHandler postHandshakeHandler)

      • SslInitializer

        public SslInitializer​(SSLEngineFactory sslFactory,
                      boolean requireSSL,
                      io.netty.channel.ChannelHandler postHandshakeHandler)

    • Method Detail

      • isNoSslHandshake

        public static boolean isNoSslHandshake​(java.lang.Throwable cause)

      • getAvailablePermits

        public int getAvailablePermits()
        Returns the number of available permits for handshakes. This many handshakes will not be immediately blocked. This would return 0 for when offloading is disabled.
        Returns:
        available permits.

      • getPendingHandshakes

        public int getPendingHandshakes()
        Returns the number of handshakes which are currently blocked awaiting a permit. This would return 0 for when offloading is disabled.
        Returns:
        blocked handshake count

      • getHandshakesStarted

        public long getHandshakesStarted()
        Returns the number of handshakes which have been started.
        Returns:
        number of HELLOs.

      • getHandshakesSuccessful

        public long getHandshakesSuccessful()
        Returns the number of handshakes which had resulted in success.
        Returns:
        count

      • getHandshakesFailed

        public long getHandshakesFailed()
        Returns the number of handshakes which had resulted in failure.
        Returns:
        count

      • enableResolveBeforeSSL

        public SslInitializer enableResolveBeforeSSL​(@Nonnull
                                             io.netty.util.concurrent.EventExecutorGroup resolveExecutor,
                                             @Nonnegative
                                             int resolveAttempts,
                                             @Nonnegative
                                             long resolveBackOffMillis)
        Configure for performing DNS resolution of the client address on an alternate thread pool to avoid and limit DNS execution during SSL handshake from blocking the IO Workers. This method limits the number of concurrent handshakes to be the same number of EventExecutors within the resolveExecutor group.
        Parameters:
        resolveExecutor - The executor for performing DNS resolution.
        resolveAttempts - The number of attempts for each client DNS resolution.
        resolveBackOffMillis - The delay between client DNS resolution attempts.
        Returns:
        this

      • enableResolveBeforeSSL

        public SslInitializer enableResolveBeforeSSL​(@Nonnull
                                             io.netty.util.concurrent.EventExecutorGroup resolveExecutor,
                                             @Nonnegative
                                             int resolveAttempts,
                                             @Nonnegative
                                             long resolveBackOffMillis,
                                             @Nonnegative
                                             int permits)
        Configure for performing DNS resolution of the client address on an alternate thread pool to avoid and limit DNS execution during SSL handshake from blocking the IO Workers. The number of permit may be set to a very high value to effectively disable limitations for concurrent handshakes.
        Parameters:
        resolveExecutor - The executor for performing DNS resolution.
        resolveAttempts - The number of attempts for each client DNS resolution.
        resolveBackOffMillis - The delay between client DNS resolution attempts.
        permits - Number of concurrent handshakes permitted
        Returns:
        this

      • enableSslTaskExecutor

        public SslInitializer enableSslTaskExecutor​(java.util.concurrent.Executor executor)
        Configure for enabling the SslHandler to offload handshake compute tasks to an alternate executor.
        Parameters:
        executor - Executor to perform SslHandler tasks
        Returns:
        this

      • setIdentityParser

        public SslInitializer setIdentityParser​(java.util.function.Function<java.security.cert.X509Certificate,​java.lang.String> identityParser)

      • createSslEngine

        protected javax.net.ssl.SSLEngine createSslEngine​(io.netty.buffer.ByteBufAllocator allocator,
                                                  java.net.SocketAddress remote)

      • executorFailure

        protected void executorFailure​(io.netty.channel.ChannelPromise promise,
                               java.util.concurrent.RejectedExecutionException ex)

      • initChannel

        protected void initChannel​(io.netty.channel.Channel ch)
                    throws java.lang.Exception
        Description copied from class: ChannelInitializer
        This method will be called once the Channel was registered. After the method returns this instance will be removed from the ChannelPipeline of the Channel.
        Specified by:
        initChannel in class ChannelInitializer<io.netty.channel.Channel>
        Parameters:
        ch - the Channel which was registered.
        Throws:
        java.lang.Exception - is thrown if an error occurs. In that case it will be handled by ChannelInitializer.exceptionCaught(ChannelHandlerContext, Throwable) which will by default close the Channel.