Package org.glassfish.grizzly.ssl
Class SSLBaseFilter
- java.lang.Object
-
- org.glassfish.grizzly.filterchain.BaseFilter
-
- org.glassfish.grizzly.ssl.SSLBaseFilter
-
- All Implemented Interfaces:
Filter
- Direct Known Subclasses:
SSLFilter
public class SSLBaseFilter extends BaseFilter
SSLFilterto operate with SSL encrypted data.- Author:
- Alexey Stashok
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classSSLBaseFilter.CertificateEventstatic interfaceSSLBaseFilter.HandshakeListenerprotected static classSSLBaseFilter.SSLTransportFilterWrapper
-
Field Summary
Fields Modifier and Type Field Description protected static MessageCloner<Buffer>COPY_CLONERprotected Set<SSLBaseFilter.HandshakeListener>handshakeListeners
-
Constructor Summary
Constructors Constructor Description SSLBaseFilter()SSLBaseFilter(SSLEngineConfigurator serverSSLEngineConfigurator)Build SSLFilter with the givenSSLEngineConfigurator.SSLBaseFilter(SSLEngineConfigurator serverSSLEngineConfigurator, boolean renegotiateOnClientAuthWant)Build SSLFilter with the givenSSLEngineConfigurator.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaddHandshakeListener(SSLBaseFilter.HandshakeListener listener)protected SSLBaseFilter.SSLTransportFilterWrappercreateOptimizedTransportFilter(TransportFilter childFilter)protected SSLConnectionContextcreateSslConnectionContext(Connection connection)protected BufferdoHandshakeStep(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer)protected BufferdoHandshakeStep(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, Buffer tmpAppBuffer0)protected BufferdoHandshakeSync(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, long timeoutMillis)longgetHandshakeTimeout(TimeUnit timeUnit)protected SSLBaseFilter.SSLTransportFilterWrappergetOptimizedTransportFilter(TransportFilter childFilter)protected voidgetPeerCertificateChain(SSLConnectionContext sslCtx, FilterChainContext context, boolean needClientAuth, FutureImpl<Object[]> certFuture)Obtains the certificate chain for this SSL session.SSLEngineConfiguratorgetServerSSLEngineConfigurator()NextActionhandleEvent(FilterChainContext ctx, FilterChainEvent event)Handle custom event associated with theConnection.NextActionhandleRead(FilterChainContext ctx)Execute a unit of processing work to be performed, when channel will become available for reading.NextActionhandleWrite(FilterChainContext ctx)Execute a unit of processing work to be performed, when some data should be written on channel.booleanisRenegotiateOnClientAuthWant()protected voidnotifyHandshakeComplete(Connection<?> connection, SSLEngine sslEngine)protected voidnotifyHandshakeFailed(Connection connection, Throwable t)protected voidnotifyHandshakeInit(Connection<?> connection, SSLEngine sslEngine)protected voidnotifyHandshakeStart(Connection connection)protected SSLConnectionContextobtainSslConnectionContext(Connection connection)voidonAdded(FilterChain filterChain)Method is called, when the Filter has been added to the passedFilterChain.voidonRemoved(FilterChain filterChain)Method is called, when the Filter has been removed from the passedFilterChain.voidremoveHandshakeListener(SSLBaseFilter.HandshakeListener listener)protected voidrenegotiate(SSLConnectionContext sslCtx, FilterChainContext context)Performs an SSL renegotiation.voidsetHandshakeTimeout(long handshakeTimeout, TimeUnit timeUnit)Sets the handshake timeout.voidsetRenegotiationDisabled(boolean renegotiationDisabled)Completely disables renegotiation.protected NextActionunwrapAll(FilterChainContext ctx, SSLConnectionContext sslCtx)protected BufferwrapAll(FilterChainContext ctx, SSLConnectionContext sslCtx)-
Methods inherited from class org.glassfish.grizzly.filterchain.BaseFilter
createContext, exceptionOccurred, handleAccept, handleClose, handleConnect, onFilterChainChanged, toString
-
-
-
-
Field Detail
-
COPY_CLONER
protected static final MessageCloner<Buffer> COPY_CLONER
-
handshakeListeners
protected final Set<SSLBaseFilter.HandshakeListener> handshakeListeners
-
-
Constructor Detail
-
SSLBaseFilter
public SSLBaseFilter()
-
SSLBaseFilter
public SSLBaseFilter(SSLEngineConfigurator serverSSLEngineConfigurator)
Build SSLFilter with the givenSSLEngineConfigurator.- Parameters:
serverSSLEngineConfigurator- SSLEngine configurator for server side connections
-
SSLBaseFilter
public SSLBaseFilter(SSLEngineConfigurator serverSSLEngineConfigurator, boolean renegotiateOnClientAuthWant)
Build SSLFilter with the givenSSLEngineConfigurator.- Parameters:
serverSSLEngineConfigurator- SSLEngine configurator for server side connectionsrenegotiateOnClientAuthWant- true, if SSLBaseFilter has to force client authentication during re-handshake, in case the client didn't send its credentials during the initial handshake in response to "wantClientAuth" flag. In this case "needClientAuth" flag will be raised and re-handshake will be initiated
-
-
Method Detail
-
isRenegotiateOnClientAuthWant
public boolean isRenegotiateOnClientAuthWant()
- Returns:
- true, if SSLBaseFilter has to force client authentication during re-handshake, in case the client didn't send its credentials during the initial handshake in response to "wantClientAuth" flag. In this case "needClientAuth" flag will be raised and re-handshake will be initiated
-
getServerSSLEngineConfigurator
public SSLEngineConfigurator getServerSSLEngineConfigurator()
- Returns:
SSLEngineConfiguratorused by the filter to create newSSLEnginefor server-sideConnections
-
addHandshakeListener
public void addHandshakeListener(SSLBaseFilter.HandshakeListener listener)
-
removeHandshakeListener
public void removeHandshakeListener(SSLBaseFilter.HandshakeListener listener)
-
getHandshakeTimeout
public long getHandshakeTimeout(TimeUnit timeUnit)
- Parameters:
timeUnit-TimeUnit- Returns:
- the handshake timeout,
-1if blocking handshake mode is disabled (default).
-
setHandshakeTimeout
public void setHandshakeTimeout(long handshakeTimeout, TimeUnit timeUnit)Sets the handshake timeout.- Parameters:
handshakeTimeout- timeout value, or-1means for non-blocking handshake mode.timeUnit-TimeUnit
-
setRenegotiationDisabled
public void setRenegotiationDisabled(boolean renegotiationDisabled)
Completely disables renegotiation.- Parameters:
renegotiationDisabled-trueto disable renegotiation.
-
getOptimizedTransportFilter
protected SSLBaseFilter.SSLTransportFilterWrapper getOptimizedTransportFilter(TransportFilter childFilter)
-
createOptimizedTransportFilter
protected SSLBaseFilter.SSLTransportFilterWrapper createOptimizedTransportFilter(TransportFilter childFilter)
-
onRemoved
public void onRemoved(FilterChain filterChain)
Description copied from class:BaseFilterMethod is called, when the Filter has been removed from the passedFilterChain.- Specified by:
onRemovedin interfaceFilter- Overrides:
onRemovedin classBaseFilter- Parameters:
filterChain- theFilterChainthis Filter was removed from.
-
onAdded
public void onAdded(FilterChain filterChain)
Description copied from class:BaseFilterMethod is called, when the Filter has been added to the passedFilterChain.- Specified by:
onAddedin interfaceFilter- Overrides:
onAddedin classBaseFilter- Parameters:
filterChain- theFilterChainthis Filter was added to.
-
handleEvent
public NextAction handleEvent(FilterChainContext ctx, FilterChainEvent event) throws IOException
Description copied from class:BaseFilterHandle custom event associated with theConnection. ThisFiltermay either complete the required processing and returnStopAction, or delegate remaining processing to the nextFilterin aFilterChaincontaining thisFilterby returningInvokeAction.- Specified by:
handleEventin interfaceFilter- Overrides:
handleEventin classBaseFilter- Parameters:
ctx-FilterChainContext- Returns:
NextActioninstruction forFilterChain, how it should continue the execution- Throws:
IOException
-
handleRead
public NextAction handleRead(FilterChainContext ctx) throws IOException
Description copied from class:BaseFilterExecute a unit of processing work to be performed, when channel will become available for reading. ThisFiltermay either complete the required processing and return false, or delegate remaining processing to the nextFilterin aFilterChaincontaining thisFilterby returning true.- Specified by:
handleReadin interfaceFilter- Overrides:
handleReadin classBaseFilter- Parameters:
ctx-FilterChainContext- Returns:
NextActioninstruction forFilterChain, how it should continue the execution- Throws:
IOException
-
handleWrite
public NextAction handleWrite(FilterChainContext ctx) throws IOException
Description copied from class:BaseFilterExecute a unit of processing work to be performed, when some data should be written on channel. ThisFiltermay either complete the required processing and return false, or delegate remaining processing to the nextFilterin aFilterChaincontaining thisFilterby returning true.- Specified by:
handleWritein interfaceFilter- Overrides:
handleWritein classBaseFilter- Parameters:
ctx-FilterChainContext- Returns:
NextActioninstruction forFilterChain, how it should continue the execution- Throws:
IOException
-
unwrapAll
protected NextAction unwrapAll(FilterChainContext ctx, SSLConnectionContext sslCtx) throws SSLException
- Throws:
SSLException
-
wrapAll
protected Buffer wrapAll(FilterChainContext ctx, SSLConnectionContext sslCtx) throws SSLException
- Throws:
SSLException
-
doHandshakeSync
protected Buffer doHandshakeSync(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, long timeoutMillis) throws IOException
- Throws:
IOException
-
doHandshakeStep
protected Buffer doHandshakeStep(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer) throws IOException
- Throws:
IOException
-
doHandshakeStep
protected Buffer doHandshakeStep(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, Buffer tmpAppBuffer0) throws IOException
- Throws:
IOException
-
renegotiate
protected void renegotiate(SSLConnectionContext sslCtx, FilterChainContext context) throws IOException
Performs an SSL renegotiation.- Parameters:
sslCtx- theSSLConnectionContextassociated with this this renegotiation request.context- theFilterChainContextassociated with this this renegotiation request.- Throws:
IOException- if an error occurs during SSL renegotiation.
-
getPeerCertificateChain
protected void getPeerCertificateChain(SSLConnectionContext sslCtx, FilterChainContext context, boolean needClientAuth, FutureImpl<Object[]> certFuture)
Obtains the certificate chain for this SSL session. If no certificates are available, and
needClientAuthis true, an SSL renegotiation will be be triggered to request the certificates from the client.- Parameters:
sslCtx- theSSLConnectionContextassociated with this certificate request.context- theFilterChainContextassociated with this this certificate request.needClientAuth- determines whether or not SSL renegotiation will be attempted to obtain the certificate chain.certFuture- the future that will be provided the result of the peer certificate processing.
-
obtainSslConnectionContext
protected SSLConnectionContext obtainSslConnectionContext(Connection connection)
-
createSslConnectionContext
protected SSLConnectionContext createSslConnectionContext(Connection connection)
-
notifyHandshakeInit
protected void notifyHandshakeInit(Connection<?> connection, SSLEngine sslEngine)
-
notifyHandshakeStart
protected void notifyHandshakeStart(Connection connection)
-
notifyHandshakeComplete
protected void notifyHandshakeComplete(Connection<?> connection, SSLEngine sslEngine)
-
notifyHandshakeFailed
protected void notifyHandshakeFailed(Connection connection, Throwable t)
-
-