2 * Copyright (c) 2018 ZTE Corporation. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netconf.client;
10 import io.netty.channel.Channel;
11 import io.netty.channel.ChannelHandlerContext;
12 import io.netty.channel.ChannelInboundHandlerAdapter;
13 import io.netty.util.concurrent.Promise;
14 import org.opendaylight.netconf.nettyutil.AbstractChannelInitializer;
16 final class TlsClientChannelInitializer extends AbstractChannelInitializer<NetconfClientSession> {
17 public static final String CHANNEL_ACTIVE_SENTRY = "channelActiveSentry";
19 private final SslHandlerFactory sslHandlerFactory;
20 private final NetconfClientSessionNegotiatorFactory negotiatorFactory;
21 private final NetconfClientSessionListener sessionListener;
23 TlsClientChannelInitializer(final SslHandlerFactory sslHandlerFactory,
24 final NetconfClientSessionNegotiatorFactory negotiatorFactory,
25 final NetconfClientSessionListener sessionListener) {
26 this.sslHandlerFactory = sslHandlerFactory;
27 this.negotiatorFactory = negotiatorFactory;
28 this.sessionListener = sessionListener;
32 public void initialize(Channel ch, Promise<NetconfClientSession> promise) {
33 // When ssl handshake fails due to the certificate mismatch, the connection will try again,
34 // then we have a chance to create a new SslHandler using the latest certificates with the
35 // help of the sentry. We will replace the sentry with the new SslHandler once the channel
37 ch.pipeline().addFirst(CHANNEL_ACTIVE_SENTRY, new ChannelActiveSentry(sslHandlerFactory));
38 super.initialize(ch, promise);
42 protected void initializeSessionNegotiator(Channel ch, Promise<NetconfClientSession> promise) {
43 ch.pipeline().addAfter(NETCONF_MESSAGE_DECODER, AbstractChannelInitializer.NETCONF_SESSION_NEGOTIATOR,
44 negotiatorFactory.getSessionNegotiator(() -> sessionListener, ch, promise));
47 private static final class ChannelActiveSentry extends ChannelInboundHandlerAdapter {
48 private final SslHandlerFactory sslHandlerFactory;
50 ChannelActiveSentry(final SslHandlerFactory sslHandlerFactory) {
51 this.sslHandlerFactory = sslHandlerFactory;
55 public void channelActive(ChannelHandlerContext ctx) throws Exception {
56 ctx.pipeline().replace(this, "sslHandler", sslHandlerFactory.createSslHandler())