Expose the ChannelHandlerContext from SniHandler's select() step to t…

…he user. Motivation I'm looking to harden our SSL impl. a little bit and add some guards agaist certain types of abuse. One can think of invalid hostname strings in the SNI extenstion or invalid SNI handshakes altogether. This will require measuring, velocity tracking and other things. Modifications Adding a protected `lookup(ctx, hostname)` method that is called from SniHandler's `select(...)` method which users can override and implement custom behaviour. The default implementation will simply call the AsyncMapper. Result It's possible to get a hold onto the ChannelHandlerContext. Users can override that method and do something with it right there or they can delegate it to something else. SniHandler is happy as long as a `Future<SslContext>` is being returned.
netty · Sep 6, 2016 · b604a22 · b604a22
1 parent e3aca1f
commit b604a22
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/handler/src/main/java/io/netty/handler/ssl/SniHandler.java b/handler/src/main/java/io/netty/handler/ssl/SniHandler.java
@@ -57,7 +57,7 @@ public class SniHandler extends ByteToMessageDecoder implements ChannelOutboundH
             InternalLoggerFactory.getInstance(SniHandler.class);
     private static final Selection EMPTY_SELECTION = new Selection(null, null);
 
-    private final AsyncMapping<String, SslContext> mapping;
+    protected final AsyncMapping<String, SslContext> mapping;
 
     private boolean handshakeFailed;
     private boolean suppressRead;
@@ -273,8 +273,8 @@ protected void decode(ChannelHandlerContext ctx, ByteBuf in, List<Object> out) t
         }
     }
 
-    private void select(final ChannelHandlerContext ctx, final String hostname) {
-        Future<SslContext> future = mapping.map(hostname, ctx.executor().<SslContext>newPromise());
+    private void select(final ChannelHandlerContext ctx, final String hostname) throws Exception {
+        Future<SslContext> future = lookup(ctx, hostname);
         if (future.isDone()) {
             if (future.isSuccess()) {
                 onSslContext(ctx, hostname, future.getNow());
@@ -305,6 +305,16 @@ public void operationComplete(Future<SslContext> future) throws Exception {
         }
     }
 
+    /**
+     * The default implementation will simply call {@link AsyncMapping#map(Object, Promise)} but
+     * users can override this method to implement custom behavior.
+     *
+     * @see AsyncMapping#map(Object, Promise)
+     */
+    protected Future<SslContext> lookup(ChannelHandlerContext ctx, String hostname) throws Exception {
+        return mapping.map(hostname, ctx.executor().<SslContext>newPromise());
+    }
+
     /**
      * Called upon successful completion of the {@link AsyncMapping}'s {@link Future}.
      *