View Javadoc
1   /*
2    * This file is part of Waarp Project (named also Waarp or GG).
3    *
4    *  Copyright (c) 2019, Waarp SAS, and individual contributors by the @author
5    *  tags. See the COPYRIGHT.txt in the distribution for a full listing of
6    * individual contributors.
7    *
8    *  All Waarp Project is free software: you can redistribute it and/or
9    * modify it under the terms of the GNU General Public License as published by
10   * the Free Software Foundation, either version 3 of the License, or (at your
11   * option) any later version.
12   *
13   * Waarp is distributed in the hope that it will be useful, but WITHOUT ANY
14   * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
15   * A PARTICULAR PURPOSE. See the GNU General Public License for more details.
16   *
17   *  You should have received a copy of the GNU General Public License along with
18   * Waarp . If not, see <http://www.gnu.org/licenses/>.
19   */
20  package org.waarp.openr66.protocol.networkhandler.ssl;
21  
22  import io.netty.channel.ChannelInitializer;
23  import io.netty.channel.ChannelPipeline;
24  import io.netty.channel.socket.SocketChannel;
25  import io.netty.handler.ssl.SslHandler;
26  import io.netty.handler.timeout.IdleStateHandler;
27  import io.netty.handler.traffic.ChannelTrafficShapingHandler;
28  import io.netty.handler.traffic.GlobalTrafficShapingHandler;
29  import org.waarp.common.crypto.ssl.WaarpSecureKeyStore;
30  import org.waarp.common.crypto.ssl.WaarpSslContextFactory;
31  import org.waarp.common.logging.WaarpLogger;
32  import org.waarp.common.logging.WaarpLoggerFactory;
33  import org.waarp.openr66.protocol.configuration.Configuration;
34  import org.waarp.openr66.protocol.exception.OpenR66ProtocolNetworkException;
35  import org.waarp.openr66.protocol.networkhandler.NetworkServerInitializer;
36  import org.waarp.openr66.protocol.networkhandler.packet.NetworkPacketCodec;
37  
38  import java.util.concurrent.TimeUnit;
39  
40  /**
41   *
42   */
43  public class NetworkSslServerInitializer
44      extends ChannelInitializer<SocketChannel> {
45    /**
46     * Internal Logger
47     */
48    private static final WaarpLogger logger =
49        WaarpLoggerFactory.getLogger(NetworkSslServerInitializer.class);
50    public static final String SSL_HANDLER = "ssl";
51    protected final boolean isClient;
52    private static WaarpSslContextFactory waarpSslContextFactory;
53    private static WaarpSecureKeyStore waarpSecureKeyStore;
54  
55    /**
56     * @param isClient True if this Factory is to be used in Client mode
57     */
58    public NetworkSslServerInitializer(final boolean isClient) {
59      this.isClient = isClient;
60    }
61  
62    @Override
63    protected void initChannel(final SocketChannel ch) throws Exception {
64      final ChannelPipeline pipeline = ch.pipeline();
65      // Add SSL handler first to encrypt and decrypt everything.
66      final SslHandler sslHandler;
67      if (isClient) {
68        // Not server: no clientAuthent, no renegotiation
69        sslHandler = getWaarpSslContextFactory().createHandlerClient(ch);
70      } else {
71        // Server: no renegotiation still, but possible clientAuthent
72        sslHandler = getWaarpSslContextFactory().createHandlerServer(
73            getWaarpSslContextFactory().needClientAuthentication(), ch);
74      }
75      pipeline.addLast(SSL_HANDLER, sslHandler);
76      logger.debug("Create IdleStateHandler with {} ms",
77                   Configuration.configuration.getTimeoutCon());
78  
79      pipeline.addLast(NetworkServerInitializer.TIMEOUT,
80                       new IdleStateHandler(true, 0, 0,
81                                            Configuration.configuration.getTimeoutCon(),
82                                            TimeUnit.MILLISECONDS));
83  
84      // Global limitation
85      final GlobalTrafficShapingHandler handler =
86          Configuration.configuration.getGlobalTrafficShapingHandler();
87      if (handler == null) {
88        throw new OpenR66ProtocolNetworkException(
89            "Error at pipeline initialization," +
90            " GlobalTrafficShapingHandler configured.");
91      }
92      pipeline.addLast(NetworkServerInitializer.LIMITGLOBAL, handler);
93      // Per channel limitation
94      pipeline.addLast(NetworkServerInitializer.LIMITCHANNEL,
95                       new ChannelTrafficShapingHandler(
96                           Configuration.configuration.getServerChannelWriteLimit(),
97                           Configuration.configuration.getServerChannelReadLimit(),
98                           Configuration.configuration.getDelayLimit(),
99                           Configuration.configuration.getTimeoutCon()));
100 
101     pipeline.addLast(NetworkServerInitializer.NETWORK_CODEC,
102                      new NetworkPacketCodec());
103     pipeline.addLast(Configuration.configuration.getHandlerGroup(),
104                      NetworkServerInitializer.NETWORK_HANDLER,
105                      new NetworkSslServerHandler(!isClient));
106   }
107 
108   /**
109    * @return the waarpSslContextFactory
110    */
111   public static WaarpSslContextFactory getWaarpSslContextFactory() {
112     return waarpSslContextFactory;
113   }
114 
115   /**
116    * @param waarpSslContextFactory the waarpSslContextFactory to set
117    */
118   public static void setWaarpSslContextFactory(
119       final WaarpSslContextFactory waarpSslContextFactory) {
120     NetworkSslServerInitializer.waarpSslContextFactory = waarpSslContextFactory;
121   }
122 
123   /**
124    * @return the waarpSecureKeyStore
125    */
126   public static WaarpSecureKeyStore getWaarpSecureKeyStore() {
127     return waarpSecureKeyStore;
128   }
129 
130   /**
131    * @param waarpSecureKeyStore the waarpSecureKeyStore to set
132    */
133   public static void setWaarpSecureKeyStore(
134       final WaarpSecureKeyStore waarpSecureKeyStore) {
135     NetworkSslServerInitializer.waarpSecureKeyStore = waarpSecureKeyStore;
136   }
137 }