Class SslInitializer

java.lang.Object
io.netty.channel.ChannelHandlerAdapter
io.netty.channel.ChannelInboundHandlerAdapter
com.linkedin.alpini.netty4.handlers.ChannelInitializer<io.netty.channel.Channel>
com.linkedin.alpini.netty4.ssl.SslInitializer
All Implemented Interfaces:
io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler

@Sharable public class SslInitializer extends ChannelInitializer<io.netty.channel.Channel>
Created by acurtis on 9/7/17.
  • Field Details

    • NO_SSL_HANDSHAKE

      public static final io.netty.handler.ssl.SslHandshakeCompletionEvent NO_SSL_HANDSHAKE
  • Constructor Details

    • SslInitializer

      public SslInitializer(SslFactory sslFactory, boolean requireSSL)
    • SslInitializer

      public SslInitializer(SslFactory sslFactory, io.netty.channel.ChannelHandler postHandshakeHandler)
    • SslInitializer

      public SslInitializer(SslFactory sslFactory, boolean requireSSL, io.netty.channel.ChannelHandler postHandshakeHandler)
    • SslInitializer

      public SslInitializer(SSLEngineFactory sslFactory, io.netty.channel.ChannelHandler postHandshakeHandler)
    • SslInitializer

      public SslInitializer(SSLEngineFactory sslFactory, boolean requireSSL, io.netty.channel.ChannelHandler postHandshakeHandler)
  • Method Details

    • isNoSslHandshake

      public static boolean isNoSslHandshake(Throwable cause)
    • getAvailablePermits

      public int getAvailablePermits()
      Returns the number of available permits for handshakes. This many handshakes will not be immediately blocked. This would return 0 for when offloading is disabled.
      Returns:
      available permits.
    • getPendingHandshakes

      public int getPendingHandshakes()
      Returns the number of handshakes which are currently blocked awaiting a permit. This would return 0 for when offloading is disabled.
      Returns:
      blocked handshake count
    • getHandshakesStarted

      public long getHandshakesStarted()
      Returns the number of handshakes which have been started.
      Returns:
      number of HELLOs.
    • getHandshakesSuccessful

      public long getHandshakesSuccessful()
      Returns the number of handshakes which had resulted in success.
      Returns:
      count
    • getHandshakesFailed

      public long getHandshakesFailed()
      Returns the number of handshakes which had resulted in failure.
      Returns:
      count
    • enableResolveBeforeSSL

      public SslInitializer enableResolveBeforeSSL(@Nonnull io.netty.util.concurrent.EventExecutorGroup resolveExecutor, @Nonnegative int resolveAttempts, @Nonnegative long resolveBackOffMillis)
      Configure for performing DNS resolution of the client address on an alternate thread pool to avoid and limit DNS execution during SSL handshake from blocking the IO Workers. This method limits the number of concurrent handshakes to be the same number of EventExecutors within the resolveExecutor group.
      Parameters:
      resolveExecutor - The executor for performing DNS resolution.
      resolveAttempts - The number of attempts for each client DNS resolution.
      resolveBackOffMillis - The delay between client DNS resolution attempts.
      Returns:
      this
    • enableResolveBeforeSSL

      public SslInitializer enableResolveBeforeSSL(@Nonnull io.netty.util.concurrent.EventExecutorGroup resolveExecutor, @Nonnegative int resolveAttempts, @Nonnegative long resolveBackOffMillis, @Nonnegative int permits)
      Configure for performing DNS resolution of the client address on an alternate thread pool to avoid and limit DNS execution during SSL handshake from blocking the IO Workers. The number of permit may be set to a very high value to effectively disable limitations for concurrent handshakes.
      Parameters:
      resolveExecutor - The executor for performing DNS resolution.
      resolveAttempts - The number of attempts for each client DNS resolution.
      resolveBackOffMillis - The delay between client DNS resolution attempts.
      permits - Number of concurrent handshakes permitted
      Returns:
      this
    • enableSslTaskExecutor

      public SslInitializer enableSslTaskExecutor(Executor executor)
      Configure for enabling the SslHandler to offload handshake compute tasks to an alternate executor.
      Parameters:
      executor - Executor to perform SslHandler tasks
      Returns:
      this
    • setIdentityParser

      public SslInitializer setIdentityParser(Function<X509Certificate,String> identityParser)
    • createSslEngine

      protected SSLEngine createSslEngine(io.netty.buffer.ByteBufAllocator allocator, SocketAddress remote)
    • executorFailure

      protected void executorFailure(io.netty.channel.ChannelPromise promise, RejectedExecutionException ex)
    • initChannel

      protected void initChannel(io.netty.channel.Channel ch) throws Exception
      Description copied from class: ChannelInitializer
      This method will be called once the Channel was registered. After the method returns this instance will be removed from the ChannelPipeline of the Channel.
      Specified by:
      initChannel in class ChannelInitializer<io.netty.channel.Channel>
      Parameters:
      ch - the Channel which was registered.
      Throws:
      Exception - is thrown if an error occurs. In that case it will be handled by ChannelInitializer.exceptionCaught(ChannelHandlerContext, Throwable) which will by default close the Channel.