andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Expose the ChannelHandlerContext from SniHandler's select() step to the user.

Browse Source 
Motivation

I'm looking to harden our SSL impl. a little bit and add some guards agaist certain types of abuse. One can think of invalid hostname strings in the SNI extenstion or invalid SNI handshakes altogether. This will require measuring, velocity tracking and other things.

Modifications

Adding a protected `lookup(ctx, hostname)` method that is called from SniHandler's `select(...)` method which users can override and implement custom behaviour. The default implementation will simply call the AsyncMapper.

Result

It's possible to get a hold onto the ChannelHandlerContext. Users can override that method and do something with it right there or they can delegate it to something else. SniHandler is happy as long as a `Future<SslContext>` is being returned.
This commit is contained in:
Roger Kapsi 2016-09-01 08:30:31 -04:00 committed by Norman Maurer
parent e3aca1f3d6
commit b604a22395
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
handler/src/main/java/io/netty/handler/ssl/SniHandler.java
View File

@ -57,7 +57,7 @@ public class SniHandler extends ByteToMessageDecoder implements ChannelOutboundH
InternalLoggerFactory.getInstance(SniHandler.class);
private static final Selection EMPTY_SELECTION = new Selection(null, null);
private final AsyncMapping<String, SslContext> mapping;
protected final AsyncMapping<String, SslContext> mapping;
private boolean handshakeFailed;
private boolean suppressRead;
@ -273,8 +273,8 @@ public class SniHandler extends ByteToMessageDecoder implements ChannelOutboundH
}
}
private void select(final ChannelHandlerContext ctx, final String hostname) {
Future<SslContext> future = mapping.map(hostname, ctx.executor().<SslContext>newPromise());
private void select(final ChannelHandlerContext ctx, final String hostname) throws Exception {
Future<SslContext> future = lookup(ctx, hostname);
if (future.isDone()) {
if (future.isSuccess()) {
onSslContext(ctx, hostname, future.getNow());
@ -305,6 +305,16 @@ public class SniHandler extends ByteToMessageDecoder implements ChannelOutboundH
}
}
/**
* The default implementation will simply call {@link AsyncMapping#map(Object, Promise)} but
* users can override this method to implement custom behavior.
*
* @see AsyncMapping#map(Object, Promise)
*/
protected Future<SslContext> lookup(ChannelHandlerContext ctx, String hostname) throws Exception {
return mapping.map(hostname, ctx.executor().<SslContext>newPromise());
}
/**
* Called upon successful completion of the {@link AsyncMapping}'s {@link Future}.
*