org.apache.mina.filter.ssl

Class SslFilter

java.lang.Object

org.apache.mina.core.filterchain.IoFilterAdapter

org.apache.mina.filter.ssl.SslFilter

All Implemented Interfaces:

IoFilter

public class SslFilter
extends IoFilterAdapter

A SSL processor which performs flow control of encrypted information on the filter-chain.

The initial handshake is automatically enabled for "client" sessions once the filter is added to the filter-chain and the session is connected.

Author:

Jonathan Valliere, Apache MINA Project

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.mina.core.filterchain.IoFilter

IoFilter.NextFilter

Field Summary

Fields

Modifier and Type	Field and Description
protected String[]	enabledCipherSuites The enabled Ciphers.
protected String[]	enabledProtocols The list of enabled SSL/TLS protocols.
protected static Executor	EXECUTOR Task executor for processing handshakes
protected static org.slf4j.Logger	LOGGER The logger
protected boolean	needClientAuth A flag set if client authentication is required
protected static AttributeKey	SSL_HANDLER Returns the SSL2Handler object
static AttributeKey	SSL_SECURED SSLSession object when the session is secured, otherwise null.
protected SSLContext	sslContext
protected boolean	wantClientAuth A flag set if client authentication is requested

Constructor Summary

Constructors

Constructor and Description
SslFilter(SSLContext sslContext) Creates a new SSL filter using the specified SSLContext.
SslFilter(SSLContext sslContext, boolean autoStart) Creates a new SSL filter using the specified SSLContext.

Method Summary

Modifier and Type	Method and Description
protected SSLEngine	createEngine(IoSession session, InetSocketAddress addr) Customization handler for creating the engine
void	filterWrite(IoFilter.NextFilter next, IoSession session, WriteRequest request) Filters IoSession.write(Object) method invocation.
String[]	getEnabledCipherSuites()
String[]	getEnabledProtocols()
String	getEndpointIdentificationAlgorithm()
boolean	isNeedClientAuth()
boolean	isWantClientAuth()
void	messageReceived(IoFilter.NextFilter next, IoSession session, Object message) Filters IoHandler.messageReceived(IoSession,Object) event.
void	messageSent(IoFilter.NextFilter next, IoSession session, WriteRequest request) Filters IoHandler.messageSent(IoSession,Object) event.
protected void	onClose(IoFilter.NextFilter next, IoSession session, boolean linger) Called when the session is going to be closed.
protected void	onConnected(IoFilter.NextFilter next, IoSession session) Internal method for performing post-connect operations; this can be triggered during normal connect event or after the filter is added to the chain.
void	onPostAdd(IoFilterChain parent, String name, IoFilter.NextFilter next) Invoked after this filter is added to the specified parent.
void	onPreAdd(IoFilterChain parent, String name, IoFilter.NextFilter next) Invoked before this filter is added to the specified parent.
void	onPreRemove(IoFilterChain parent, String name, IoFilter.NextFilter next) Invoked before this filter is removed from the specified parent.
void	sessionClosed(IoFilter.NextFilter next, IoSession session) Filters IoHandler.sessionClosed(IoSession) event.
void	sessionOpened(IoFilter.NextFilter next, IoSession session) Filters IoHandler.sessionOpened(IoSession) event.
void	setEnabledCipherSuites(String... enabledCipherSuites) Sets the list of cipher suites to be enabled when SSLEngine is initialized.
void	setEnabledProtocols(String... enabledProtocols) Sets the list of protocols to be enabled when SSLEngine is initialized.
void	setEndpointIdentificationAlgorithm(String identificationAlgorithm) Sets the endpoint identification algorithm to be used when SSLEngine is initialized.
void	setNeedClientAuth(boolean needClientAuth) Configures the engine to require client authentication.
void	setUseNonBlockingPipeline(boolean enable) Configures the use of the Non Blocking SSL processor.
void	setWantClientAuth(boolean wantClientAuth) Configures the engine to request client authentication.

Methods inherited from class org.apache.mina.core.filterchain.IoFilterAdapter

destroy, event, exceptionCaught, filterClose, init, inputClosed, onPostRemove, sessionCreated, sessionIdle, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

SSL_SECURED

public static final AttributeKey SSL_SECURED

SSLSession object when the session is secured, otherwise null.

SSL_HANDLER

protected static final AttributeKey SSL_HANDLER

Returns the SSL2Handler object

LOGGER

protected static final org.slf4j.Logger LOGGER

The logger

EXECUTOR

protected static final Executor EXECUTOR

Task executor for processing handshakes

sslContext

protected final SSLContext sslContext

needClientAuth

protected boolean needClientAuth

A flag set if client authentication is required

wantClientAuth

protected boolean wantClientAuth

A flag set if client authentication is requested

enabledCipherSuites

protected String[] enabledCipherSuites

The enabled Ciphers.

enabledProtocols

protected String[] enabledProtocols

The list of enabled SSL/TLS protocols. Must be an array of String, containing:

• SSLv2Hello
• SSLv3
• TLSv1.1 or TLSv1
• TLSv1.2
• TLSv1.3
• NONE

If null, we will use the default SSLEngine configurtation.

Constructor Detail

SslFilter

public SslFilter(SSLContext sslContext)

Creates a new SSL filter using the specified SSLContext.

Parameters:

sslContext - The SSLContext to use

SslFilter

public SslFilter(SSLContext sslContext,
                 boolean autoStart)

Creates a new SSL filter using the specified SSLContext. If the autostart flag is set to true, the handshake will start immediately after the filter has been added to the chain.

Parameters:

sslContext - The SSLContext to use

autoStart - The flag used to tell the filter to start the handshake immediately

Method Detail

setUseNonBlockingPipeline

public void setUseNonBlockingPipeline(boolean enable)

Configures the use of the Non Blocking SSL processor. This is experimental.

Parameters:

enable - true if the non blocking SSL processor is enabled

isNeedClientAuth

public boolean isNeedClientAuth()

Returns:

true if the engine will require client authentication. This option is only useful to engines in the server mode.

setNeedClientAuth

public void setNeedClientAuth(boolean needClientAuth)

Configures the engine to require client authentication. This option is only useful for engines in the server mode.

Parameters:

needClientAuth - A flag set when client authentication is required

isWantClientAuth

public boolean isWantClientAuth()

Returns:

true if the engine will request client authentication. This option is only useful to engines in the server mode.

setWantClientAuth

public void setWantClientAuth(boolean wantClientAuth)

Configures the engine to request client authentication. This option is only useful for engines in the server mode.

Parameters:

wantClientAuth - A flag set when client authentication is requested

getEnabledCipherSuites

public String[] getEnabledCipherSuites()

Returns:

the list of cipher suites to be enabled when SSLEngine is initialized. null means 'use SSLEngine's default.'

setEnabledCipherSuites

public void setEnabledCipherSuites(String... enabledCipherSuites)

Sets the list of cipher suites to be enabled when SSLEngine is initialized.

Parameters:

enabledCipherSuites - The list of enabled Cipher. null means 'use SSLEngine's default.'

getEndpointIdentificationAlgorithm

public String getEndpointIdentificationAlgorithm()

Returns:

the endpoint identification algorithm to be used when SSLEngine is initialized. null means 'use SSLEngine's default.'

setEndpointIdentificationAlgorithm

public void setEndpointIdentificationAlgorithm(String identificationAlgorithm)

Sets the endpoint identification algorithm to be used when SSLEngine is initialized.

Parameters:

identificationAlgorithm - null means 'use SSLEngine's default.'

getEnabledProtocols

public String[] getEnabledProtocols()

Returns:

the list of protocols to be enabled when SSLEngine is initialized. null means 'use SSLEngine's default.'

setEnabledProtocols

public void setEnabledProtocols(String... enabledProtocols)

Sets the list of protocols to be enabled when SSLEngine is initialized.

Parameters:

enabledProtocols - The list of enabled SSL/TLS protocols. null means 'use SSLEngine's default.'

onPreAdd

public void onPreAdd(IoFilterChain parent,
                     String name,
                     IoFilter.NextFilter next)
              throws Exception

Invoked before this filter is added to the specified parent. Please note that this method can be invoked more than once if this filter is added to more than one parents. This method is not invoked before IoFilter.init() is invoked.

Specified by:

onPreAdd in interface IoFilter

Overrides:

onPreAdd in class IoFilterAdapter

Parameters:

parent - the parent who called this method

name - the name assigned to this filter

next - the IoFilter.NextFilter for this filter. You can reuse this object until this filter is removed from the chain.

Throws:

Exception - If an error occurred while processing the event

onPostAdd

public void onPostAdd(IoFilterChain parent,
                      String name,
                      IoFilter.NextFilter next)
               throws Exception

Invoked after this filter is added to the specified parent. Please note that this method can be invoked more than once if this filter is added to more than one parents. This method is not invoked before IoFilter.init() is invoked.

Specified by:

onPostAdd in interface IoFilter

Overrides:

onPostAdd in class IoFilterAdapter

Parameters:

parent - the parent who called this method

name - the name assigned to this filter

next - the IoFilter.NextFilter for this filter. You can reuse this object until this filter is removed from the chain.

Throws:

Exception - If an error occurred while processing the event

onPreRemove

public void onPreRemove(IoFilterChain parent,
                        String name,
                        IoFilter.NextFilter next)
                 throws Exception

Invoked before this filter is removed from the specified parent. Please note that this method can be invoked more than once if this filter is removed from more than one parents. This method is always invoked before IoFilter.destroy() is invoked.

Specified by:

onPreRemove in interface IoFilter

Overrides:

onPreRemove in class IoFilterAdapter

Parameters:

parent - the parent who called this method

name - the name assigned to this filter

next - the IoFilter.NextFilter for this filter. You can reuse this object until this filter is removed from the chain.

Throws:

Exception - If an error occurred while processing the event

onConnected

protected void onConnected(IoFilter.NextFilter next,
                           IoSession session)
                    throws SSLException

Internal method for performing post-connect operations; this can be triggered during normal connect event or after the filter is added to the chain.

Parameters:

next - The nextFilter to call in the chain

session - The session instance

Throws:

SSLException - Any exception thrown by the SslHandler closing

onClose

protected void onClose(IoFilter.NextFilter next,
                       IoSession session,
                       boolean linger)
                throws SSLException

Called when the session is going to be closed. We must shutdown the SslHandler instance.

Parameters:

next - The nextFilter to call in the chain

session - The session instance

linger - if true, write any queued messages before closing

Throws:

SSLException - Any exception thrown by the SslHandler closing

createEngine

protected SSLEngine createEngine(IoSession session,
                                 InetSocketAddress addr)

Customization handler for creating the engine

Parameters:

session - source session

addr - socket address used for fast reconnect

Returns:

an SSLEngine

sessionOpened

public void sessionOpened(IoFilter.NextFilter next,
                          IoSession session)
                   throws Exception

Filters IoHandler.sessionOpened(IoSession) event.

Specified by:

sessionOpened in interface IoFilter

Overrides:

sessionOpened in class IoFilterAdapter

Parameters:

next - the IoFilter.NextFilter for this filter. You can reuse this object until this filter is removed from the chain.

session - The IoSession which has received this event

Throws:

Exception - If an error occurred while processing the event

sessionClosed

public void sessionClosed(IoFilter.NextFilter next,
                          IoSession session)
                   throws Exception

Filters IoHandler.sessionClosed(IoSession) event.

Specified by:

sessionClosed in interface IoFilter

Overrides:

sessionClosed in class IoFilterAdapter

Parameters:

next - the IoFilter.NextFilter for this filter. You can reuse this object until this filter is removed from the chain.

session - The IoSession which has received this event

Throws:

Exception - If an error occurred while processing the event

messageReceived

public void messageReceived(IoFilter.NextFilter next,
                            IoSession session,
                            Object message)
                     throws Exception

Filters IoHandler.messageReceived(IoSession,Object) event.

Specified by:

messageReceived in interface IoFilter

Overrides:

messageReceived in class IoFilterAdapter

Parameters:

next - the IoFilter.NextFilter for this filter. You can reuse this object until this filter is removed from the chain.

session - The IoSession which has received this event

message - The received message

Throws:

Exception - If an error occurred while processing the event

messageSent

public void messageSent(IoFilter.NextFilter next,
                        IoSession session,
                        WriteRequest request)
                 throws Exception

Filters IoHandler.messageSent(IoSession,Object) event.

Specified by:

messageSent in interface IoFilter

Overrides:

messageSent in class IoFilterAdapter

Parameters:

next - the IoFilter.NextFilter for this filter. You can reuse this object until this filter is removed from the chain.

session - The IoSession which has received this event

request - The WriteRequest that contains the sent message

Throws:

Exception - If an error occurred while processing the event

filterWrite

public void filterWrite(IoFilter.NextFilter next,
                        IoSession session,
                        WriteRequest request)
                 throws Exception

Filters IoSession.write(Object) method invocation.

Specified by:

filterWrite in interface IoFilter

Overrides:

filterWrite in class IoFilterAdapter

Parameters:

next - the IoFilter.NextFilter for this filter. You can reuse this object until this filter is removed from the chain.

session - The IoSession which has to process this invocation

request - The WriteRequest to process

Throws:

Exception - If an error occurred while processing the event