public void testSslRenegotiationRejected(ServerBootstrap sb, Bootstrap cb) throws Throwable {
    reset();

    sb.childHandler(
        new ChannelInitializer<Channel>() {
          @Override
          @SuppressWarnings("deprecation")
          public void initChannel(Channel sch) throws Exception {
            serverChannel = sch;
            serverSslHandler = serverCtx.newHandler(sch.alloc());

            sch.pipeline().addLast("ssl", serverSslHandler);
            sch.pipeline().addLast("handler", serverHandler);
          }
        });

    cb.handler(
        new ChannelInitializer<Channel>() {
          @Override
          @SuppressWarnings("deprecation")
          public void initChannel(Channel sch) throws Exception {
            clientChannel = sch;
            clientSslHandler = clientCtx.newHandler(sch.alloc());

            sch.pipeline().addLast("ssl", clientSslHandler);
            sch.pipeline().addLast("handler", clientHandler);
          }
        });

    Channel sc = sb.bind().sync().channel();
    cb.connect().sync();

    Future<Channel> clientHandshakeFuture = clientSslHandler.handshakeFuture();
    clientHandshakeFuture.sync();

    String renegotiation = "SSL_RSA_WITH_RC4_128_SHA";
    clientSslHandler.engine().setEnabledCipherSuites(new String[] {renegotiation});
    clientSslHandler.renegotiate().await();
    serverChannel.close().awaitUninterruptibly();
    clientChannel.close().awaitUninterruptibly();
    sc.close().awaitUninterruptibly();
    try {
      if (serverException.get() != null) {
        throw serverException.get();
      }
      fail();
    } catch (DecoderException e) {
      assertTrue(e.getCause() instanceof SSLHandshakeException);
    }
    if (clientException.get() != null) {
      throw clientException.get();
    }
  }
    public NettyServerConnection createConnection(
        final ChannelHandlerContext ctx, String protocol, boolean httpEnabled) throws Exception {
      if (connectionsAllowed == -1 || connections.size() < connectionsAllowed) {
        super.channelActive(ctx);
        Listener connectionListener = new Listener();

        NettyServerConnection nc =
            new NettyServerConnection(
                configuration,
                ctx.channel(),
                connectionListener,
                !httpEnabled && batchDelay > 0,
                directDeliver);

        connectionListener.connectionCreated(NettyAcceptor.this, nc, protocol);

        SslHandler sslHandler = ctx.pipeline().get(SslHandler.class);
        if (sslHandler != null) {
          sslHandler
              .handshakeFuture()
              .addListener(
                  new GenericFutureListener<io.netty.util.concurrent.Future<Channel>>() {
                    public void operationComplete(
                        final io.netty.util.concurrent.Future<Channel> future) throws Exception {
                      if (future.isSuccess()) {
                        active = true;
                      } else {
                        future.getNow().close();
                      }
                    }
                  });
        } else {
          active = true;
        }
        return nc;
      } else {
        if (ActiveMQServerLogger.LOGGER.isDebugEnabled()) {
          ActiveMQServerLogger.LOGGER.debug(
              new StringBuilder()
                  .append("Connection limit of ")
                  .append(connectionsAllowed)
                  .append(" reached. Refusing connection from ")
                  .append(ctx.channel().remoteAddress()));
        }
        throw new Exception();
      }
    }
예제 #3
0
 @Override
 public synchronized NetSocket upgradeToSsl(final Handler<Void> handler) {
   SslHandler sslHandler = channel.pipeline().get(SslHandler.class);
   if (sslHandler == null) {
     sslHandler = helper.createSslHandler(vertx);
     channel.pipeline().addFirst("ssl", sslHandler);
   }
   sslHandler
       .handshakeFuture()
       .addListener(
           future ->
               context.executeFromIO(
                   () -> {
                     if (future.isSuccess()) {
                       handler.handle(null);
                     } else {
                       log.error(future.cause());
                     }
                   }));
   return this;
 }