Package com.linkedin.alpini.netty4.ssl
Class SslInitializer
java.lang.Object
io.netty.channel.ChannelHandlerAdapter
io.netty.channel.ChannelInboundHandlerAdapter
com.linkedin.alpini.netty4.handlers.ChannelInitializer<io.netty.channel.Channel>
com.linkedin.alpini.netty4.ssl.SslInitializer
- All Implemented Interfaces:
io.netty.channel.ChannelHandler
,io.netty.channel.ChannelInboundHandler
Created by acurtis on 9/7/17.
-
Nested Class Summary
Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler
io.netty.channel.ChannelHandler.Sharable
-
Field Summary
Modifier and TypeFieldDescriptionstatic final io.netty.handler.ssl.SslHandshakeCompletionEvent
-
Constructor Summary
ConstructorDescriptionSslInitializer
(SslFactory sslFactory, boolean requireSSL) SslInitializer
(SslFactory sslFactory, boolean requireSSL, io.netty.channel.ChannelHandler postHandshakeHandler) SslInitializer
(SslFactory sslFactory, io.netty.channel.ChannelHandler postHandshakeHandler) SslInitializer
(SSLEngineFactory sslFactory, boolean requireSSL, io.netty.channel.ChannelHandler postHandshakeHandler) SslInitializer
(SSLEngineFactory sslFactory, io.netty.channel.ChannelHandler postHandshakeHandler) -
Method Summary
Modifier and TypeMethodDescriptionprotected SSLEngine
createSslEngine
(io.netty.buffer.ByteBufAllocator allocator, SocketAddress remote) enableResolveBeforeSSL
(io.netty.util.concurrent.EventExecutorGroup resolveExecutor, int resolveAttempts, long resolveBackOffMillis) Configure for performing DNS resolution of the client address on an alternate thread pool to avoid and limit DNS execution during SSL handshake from blocking the IO Workers.enableResolveBeforeSSL
(io.netty.util.concurrent.EventExecutorGroup resolveExecutor, int resolveAttempts, long resolveBackOffMillis, int permits) Configure for performing DNS resolution of the client address on an alternate thread pool to avoid and limit DNS execution during SSL handshake from blocking the IO Workers.enableSslTaskExecutor
(Executor executor) Configure for enabling the SslHandler to offload handshake compute tasks to an alternate executor.protected void
executorFailure
(io.netty.channel.ChannelPromise promise, RejectedExecutionException ex) int
Returns the number of available permits for handshakes.long
Returns the number of handshakes which had resulted in failure.long
Returns the number of handshakes which have been started.long
Returns the number of handshakes which had resulted in success.int
Returns the number of handshakes which are currently blocked awaiting a permit.protected void
initChannel
(io.netty.channel.Channel ch) This method will be called once theChannel
was registered.static boolean
isNoSslHandshake
(Throwable cause) setIdentityParser
(Function<X509Certificate, String> identityParser) Methods inherited from class com.linkedin.alpini.netty4.handlers.ChannelInitializer
channelRegistered, currentContext, exceptionCaught, handlerAdded, handlerRemoved
Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter
channelActive, channelInactive, channelRead, channelReadComplete, channelUnregistered, channelWritabilityChanged, userEventTriggered
Methods inherited from class io.netty.channel.ChannelHandlerAdapter
ensureNotSharable, isSharable
-
Field Details
-
NO_SSL_HANDSHAKE
public static final io.netty.handler.ssl.SslHandshakeCompletionEvent NO_SSL_HANDSHAKE
-
-
Constructor Details
-
SslInitializer
-
SslInitializer
-
SslInitializer
public SslInitializer(SslFactory sslFactory, boolean requireSSL, io.netty.channel.ChannelHandler postHandshakeHandler) -
SslInitializer
public SslInitializer(SSLEngineFactory sslFactory, io.netty.channel.ChannelHandler postHandshakeHandler) -
SslInitializer
public SslInitializer(SSLEngineFactory sslFactory, boolean requireSSL, io.netty.channel.ChannelHandler postHandshakeHandler)
-
-
Method Details
-
isNoSslHandshake
-
getAvailablePermits
public int getAvailablePermits()Returns the number of available permits for handshakes. This many handshakes will not be immediately blocked. This would return 0 for when offloading is disabled.- Returns:
- available permits.
-
getPendingHandshakes
public int getPendingHandshakes()Returns the number of handshakes which are currently blocked awaiting a permit. This would return 0 for when offloading is disabled.- Returns:
- blocked handshake count
-
getHandshakesStarted
public long getHandshakesStarted()Returns the number of handshakes which have been started.- Returns:
- number of HELLOs.
-
getHandshakesSuccessful
public long getHandshakesSuccessful()Returns the number of handshakes which had resulted in success.- Returns:
- count
-
getHandshakesFailed
public long getHandshakesFailed()Returns the number of handshakes which had resulted in failure.- Returns:
- count
-
enableResolveBeforeSSL
public SslInitializer enableResolveBeforeSSL(@Nonnull io.netty.util.concurrent.EventExecutorGroup resolveExecutor, @Nonnegative int resolveAttempts, @Nonnegative long resolveBackOffMillis) Configure for performing DNS resolution of the client address on an alternate thread pool to avoid and limit DNS execution during SSL handshake from blocking the IO Workers. This method limits the number of concurrent handshakes to be the same number of EventExecutors within the resolveExecutor group.- Parameters:
resolveExecutor
- The executor for performing DNS resolution.resolveAttempts
- The number of attempts for each client DNS resolution.resolveBackOffMillis
- The delay between client DNS resolution attempts.- Returns:
- this
-
enableResolveBeforeSSL
public SslInitializer enableResolveBeforeSSL(@Nonnull io.netty.util.concurrent.EventExecutorGroup resolveExecutor, @Nonnegative int resolveAttempts, @Nonnegative long resolveBackOffMillis, @Nonnegative int permits) Configure for performing DNS resolution of the client address on an alternate thread pool to avoid and limit DNS execution during SSL handshake from blocking the IO Workers. The number of permit may be set to a very high value to effectively disable limitations for concurrent handshakes.- Parameters:
resolveExecutor
- The executor for performing DNS resolution.resolveAttempts
- The number of attempts for each client DNS resolution.resolveBackOffMillis
- The delay between client DNS resolution attempts.permits
- Number of concurrent handshakes permitted- Returns:
- this
-
enableSslTaskExecutor
Configure for enabling the SslHandler to offload handshake compute tasks to an alternate executor.- Parameters:
executor
- Executor to perform SslHandler tasks- Returns:
- this
-
setIdentityParser
-
createSslEngine
protected SSLEngine createSslEngine(io.netty.buffer.ByteBufAllocator allocator, SocketAddress remote) -
executorFailure
protected void executorFailure(io.netty.channel.ChannelPromise promise, RejectedExecutionException ex) -
initChannel
Description copied from class:ChannelInitializer
This method will be called once theChannel
was registered. After the method returns this instance will be removed from theChannelPipeline
of theChannel
.- Specified by:
initChannel
in classChannelInitializer<io.netty.channel.Channel>
- Parameters:
ch
- theChannel
which was registered.- Throws:
Exception
- is thrown if an error occurs. In that case it will be handled byChannelInitializer.exceptionCaught(ChannelHandlerContext, Throwable)
which will by default close theChannel
.
-