-
Notifications
You must be signed in to change notification settings - Fork 2.3k
/
SecureClient.java
194 lines (171 loc) · 6.6 KB
/
SecureClient.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
/*
* Copyright (c) 2002-2018 "Neo4j,"
* Neo4j Sweden AB [http://neo4j.com]
*
* This file is part of Neo4j Enterprise Edition. The included source
* code can be redistributed and/or modified under the terms of the
* GNU AFFERO GENERAL PUBLIC LICENSE Version 3
* (http://www.fsf.org/licensing/licenses/agpl-3.0.html) with the
* Commons Clause, as found in the associated LICENSE.txt file.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* Neo4j object code can be licensed independently from the source
* under separate terms from the AGPL. Inquiries can be directed to:
* licensing@neo4j.com
*
* More information is also available at:
* https://neo4j.com/licensing/
*/
package org.neo4j.ssl;
import io.netty.bootstrap.Bootstrap;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.channel.Channel;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.SimpleChannelInboundHandler;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.SocketChannel;
import io.netty.channel.socket.nio.NioSocketChannel;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandshakeCompletionEvent;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.Future;
import javax.net.ssl.SSLException;
import static java.util.concurrent.TimeUnit.SECONDS;
import static org.hamcrest.Matchers.equalTo;
import static org.neo4j.test.assertion.Assert.assertEventually;
public class SecureClient
{
private Bootstrap bootstrap;
private NioEventLoopGroup eventLoopGroup;
private Channel channel;
private Bucket bucket = new Bucket();
private String protocol;
private String ciphers;
private SslHandshakeCompletionEvent handshakeEvent;
private CompletableFuture<Channel> handshakeFuture = new CompletableFuture<>();
public SecureClient( SslPolicy sslPolicy ) throws SSLException
{
eventLoopGroup = new NioEventLoopGroup();
bootstrap = new Bootstrap().group( eventLoopGroup )
.channel( NioSocketChannel.class )
.handler( new ClientInitializer( sslPolicy, bucket ) );
}
public Future<Channel> sslHandshakeFuture()
{
return handshakeFuture;
}
public void connect( int port )
{
ChannelFuture channelFuture = bootstrap.connect( "localhost", port ).awaitUninterruptibly();
channel = channelFuture.channel();
if ( !channelFuture.isSuccess() )
{
throw new RuntimeException( "Failed to connect", channelFuture.cause() );
}
}
void disconnect()
{
if ( channel != null )
{
channel.close().awaitUninterruptibly();
eventLoopGroup.shutdownGracefully( 0, 0, SECONDS );
}
bucket.collectedData.release();
}
void assertResponse( ByteBuf expected ) throws InterruptedException
{
assertEventually( channel.toString(), () -> bucket.collectedData, equalTo( expected ), 5, SECONDS );
}
Channel channel()
{
return channel;
}
String ciphers()
{
if ( ciphers == null )
{
throw new IllegalStateException( "Handshake must have been completed" );
}
return ciphers;
}
String protocol()
{
if ( protocol == null )
{
throw new IllegalStateException( "Handshake must have been completed" );
}
return protocol;
}
static class Bucket extends SimpleChannelInboundHandler<ByteBuf>
{
private final ByteBuf collectedData;
Bucket()
{
collectedData = ByteBufAllocator.DEFAULT.buffer();
}
@Override
protected void channelRead0( ChannelHandlerContext ctx, ByteBuf msg )
{
collectedData.writeBytes( msg );
}
@Override
public void exceptionCaught( ChannelHandlerContext ctx, Throwable cause )
{
}
}
public class ClientInitializer extends ChannelInitializer<SocketChannel>
{
private SslContext sslContext;
private final Bucket bucket;
private final SslPolicy sslPolicy;
ClientInitializer( SslPolicy sslPolicy, Bucket bucket ) throws SSLException
{
this.sslContext = sslPolicy.nettyClientContext();
this.bucket = bucket;
this.sslPolicy = sslPolicy;
}
@Override
protected void initChannel( SocketChannel channel )
{
ChannelPipeline pipeline = channel.pipeline();
ChannelHandler clientOnConnectSslHandler = sslPolicy.nettyClientHandler( channel, sslContext );
pipeline.addLast( clientOnConnectSslHandler );
pipeline.addLast( new ChannelInboundHandlerAdapter()
{
@Override
public void userEventTriggered( ChannelHandlerContext ctx, Object evt ) throws Exception
{
if ( evt instanceof SslHandlerDetailsRegisteredEvent )
{
SslHandlerDetailsRegisteredEvent sslHandlerDetailsRegisteredEvent = (SslHandlerDetailsRegisteredEvent) evt;
protocol = sslHandlerDetailsRegisteredEvent.protocol;
ciphers = sslHandlerDetailsRegisteredEvent.cipherSuite;
handshakeFuture.complete( ctx.channel() ); // We complete the handshake here since it will also signify that the correct
// information has been carried
return;
}
if ( evt instanceof SslHandshakeCompletionEvent )
{
handshakeEvent = (SslHandshakeCompletionEvent) evt;
if ( handshakeEvent.cause() != null )
{
handshakeFuture.completeExceptionally( handshakeEvent.cause() );
}
// We do not complete if no error, that will be handled by the funky SslHandlerReplacedEvent
}
}
} );
pipeline.addLast( bucket );
}
}
}