public void testSslRenegotiationRejected(ServerBootstrap sb, Bootstrap cb) throws Throwable {
reset();
sb.childHandler(
new ChannelInitializer<Channel>() {
@Override
@SuppressWarnings("deprecation")
public void initChannel(Channel sch) throws Exception {
serverChannel = sch;
serverSslHandler = serverCtx.newHandler(sch.alloc());
sch.pipeline().addLast("ssl", serverSslHandler);
sch.pipeline().addLast("handler", serverHandler);
}
});
cb.handler(
new ChannelInitializer<Channel>() {
@Override
@SuppressWarnings("deprecation")
public void initChannel(Channel sch) throws Exception {
clientChannel = sch;
clientSslHandler = clientCtx.newHandler(sch.alloc());
sch.pipeline().addLast("ssl", clientSslHandler);
sch.pipeline().addLast("handler", clientHandler);
}
});
Channel sc = sb.bind().sync().channel();
cb.connect().sync();
Future<Channel> clientHandshakeFuture = clientSslHandler.handshakeFuture();
clientHandshakeFuture.sync();
String renegotiation = "SSL_RSA_WITH_RC4_128_SHA";
clientSslHandler.engine().setEnabledCipherSuites(new String[] {renegotiation});
clientSslHandler.renegotiate().await();
serverChannel.close().awaitUninterruptibly();
clientChannel.close().awaitUninterruptibly();
sc.close().awaitUninterruptibly();
try {
if (serverException.get() != null) {
throw serverException.get();
}
fail();
} catch (DecoderException e) {
assertTrue(e.getCause() instanceof SSLHandshakeException);
}
if (clientException.get() != null) {
throw clientException.get();
}
}
public NettyServerConnection createConnection(
final ChannelHandlerContext ctx, String protocol, boolean httpEnabled) throws Exception {
if (connectionsAllowed == -1 || connections.size() < connectionsAllowed) {
super.channelActive(ctx);
Listener connectionListener = new Listener();
NettyServerConnection nc =
new NettyServerConnection(
configuration,
ctx.channel(),
connectionListener,
!httpEnabled && batchDelay > 0,
directDeliver);
connectionListener.connectionCreated(NettyAcceptor.this, nc, protocol);
SslHandler sslHandler = ctx.pipeline().get(SslHandler.class);
if (sslHandler != null) {
sslHandler
.handshakeFuture()
.addListener(
new GenericFutureListener<io.netty.util.concurrent.Future<Channel>>() {
public void operationComplete(
final io.netty.util.concurrent.Future<Channel> future) throws Exception {
if (future.isSuccess()) {
active = true;
} else {
future.getNow().close();
}
}
});
} else {
active = true;
}
return nc;
} else {
if (ActiveMQServerLogger.LOGGER.isDebugEnabled()) {
ActiveMQServerLogger.LOGGER.debug(
new StringBuilder()
.append("Connection limit of ")
.append(connectionsAllowed)
.append(" reached. Refusing connection from ")
.append(ctx.channel().remoteAddress()));
}
throw new Exception();
}
}
@Override
public synchronized NetSocket upgradeToSsl(final Handler<Void> handler) {
SslHandler sslHandler = channel.pipeline().get(SslHandler.class);
if (sslHandler == null) {
sslHandler = helper.createSslHandler(vertx);
channel.pipeline().addFirst("ssl", sslHandler);
}
sslHandler
.handshakeFuture()
.addListener(
future ->
context.executeFromIO(
() -> {
if (future.isSuccess()) {
handler.handle(null);
} else {
log.error(future.cause());
}
}));
return this;
}