+ private class ClientChannelInitializer extends ChannelInitializer<SocketChannel> {
+ @Override
+ public void initChannel(final SocketChannel channel) throws Exception {
+ channel.pipeline().addLast(
+ //new LoggingHandler(LogLevel.INFO),
+ new JsonRpcDecoder(jsonRpcDecoderMaxFrameLength),
+ UTF8_ENCODER,
+ new IdleStateHandler(IDLE_READER_TIMEOUT, 0, 0),
+ new ReadTimeoutHandler(READ_TIMEOUT),
+ new ExceptionHandler(OvsdbConnectionService.this));
+ }
+ }
+
+ private class SslClientChannelInitializer extends ClientChannelInitializer {
+ private final ICertificateManager certManagerSrv;
+ private final InetAddress address;
+ private final int port;
+
+ SslClientChannelInitializer(final ICertificateManager certManagerSrv, final InetAddress address,
+ final int port) {
+ this.certManagerSrv = requireNonNull(certManagerSrv);
+ this.address = requireNonNull(address);
+ this.port = port;
+ }
+
+ @Override
+ public void initChannel(final SocketChannel channel) throws Exception {
+ SSLContext sslContext = certManagerSrv.getServerContext();
+ if (sslContext != null) {
+ /* First add ssl handler if ssl context is given */
+ SSLEngine engine = sslContext.createSSLEngine(address.toString(), port);
+ engine.setUseClientMode(true);
+ channel.pipeline().addLast("ssl", new SslHandler(engine));
+ }
+
+ super.initChannel(channel);
+ }
+ }
+
+ private class ServerChannelInitializer extends ChannelInitializer<SocketChannel> {
+ @Override
+ public final void initChannel(final SocketChannel channel) {
+ LOG.debug("New Passive channel created : {}", channel);
+ initChannelImpl(channel);
+ }
+
+ void initChannelImpl(final SocketChannel channel) {
+ channel.pipeline().addLast(
+ new JsonRpcDecoder(jsonRpcDecoderMaxFrameLength),
+ UTF8_ENCODER,
+ new IdleStateHandler(IDLE_READER_TIMEOUT, 0, 0),
+ new ReadTimeoutHandler(READ_TIMEOUT),
+ new ExceptionHandler(OvsdbConnectionService.this));
+ handleNewPassiveConnection(channel);
+ }
+ }
+
+ private final class SslServerChannelInitializer extends ServerChannelInitializer {
+ private final ICertificateManager certManagerSrv;
+ private final String[] protocols;
+ private final String[] cipherSuites;
+
+ SslServerChannelInitializer(final ICertificateManager certManagerSrv, final String[] protocols,
+ final String[] cipherSuites) {
+ this.certManagerSrv = requireNonNull(certManagerSrv);
+ this.protocols = requireNonNull(protocols);
+ this.cipherSuites = requireNonNull(cipherSuites);
+
+ }
+
+ SslServerChannelInitializer(final ICertificateManager certManagerSrv) {
+ this(certManagerSrv, certManagerSrv.getTlsProtocols(), certManagerSrv.getCipherSuites());
+ }
+
+ @Override
+ void initChannelImpl(final SocketChannel channel) {
+ /* Add SSL handler first if SSL context is provided */
+ final SSLContext sslContext = certManagerSrv.getServerContext();
+ if (sslContext != null) {
+ SSLEngine engine = sslContext.createSSLEngine();
+ engine.setUseClientMode(false); // work in a server mode
+ engine.setNeedClientAuth(true); // need client authentication
+ if (protocols != null && protocols.length > 0) {
+ //Set supported protocols
+ engine.setEnabledProtocols(protocols);
+ LOG.debug("Supported ssl protocols {}",
+ Arrays.toString(engine.getSupportedProtocols()));
+ LOG.debug("Enabled ssl protocols {}",
+ Arrays.toString(engine.getEnabledProtocols()));
+ }
+ if (cipherSuites != null && cipherSuites.length > 0) {
+ //Set supported cipher suites
+ engine.setEnabledCipherSuites(cipherSuites);
+ LOG.debug("Enabled cipher suites {}",
+ Arrays.toString(engine.getEnabledCipherSuites()));
+ }
+ channel.pipeline().addLast("ssl", new SslHandler(engine));
+ }
+ super.initChannelImpl(channel);
+ }
+ }
+