org.glassfish.grizzly.ssl

Class SSLBaseFilter

java.lang.Object

org.glassfish.grizzly.filterchain.BaseFilter

org.glassfish.grizzly.ssl.SSLBaseFilter

All Implemented Interfaces:

Filter

Direct Known Subclasses:

SSLFilter

public class SSLBaseFilter
extends BaseFilter

SSL Filter to operate with SSL encrypted data.

Author:

Alexey Stashok

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SSLBaseFilter.CertificateEvent
static interface	SSLBaseFilter.HandshakeListener
protected class	SSLBaseFilter.SSLTransportFilterWrapper

Field Summary

Fields

Modifier and Type	Field and Description
protected static MessageCloner<Buffer>	COPY_CLONER
protected Set<SSLBaseFilter.HandshakeListener>	handshakeListeners

Constructor Summary

Constructors

Constructor and Description
SSLBaseFilter()
SSLBaseFilter(SSLEngineConfigurator serverSSLEngineConfigurator) Build SSLFilter with the given SSLEngineConfigurator.
SSLBaseFilter(SSLEngineConfigurator serverSSLEngineConfigurator, boolean renegotiateOnClientAuthWant) Build SSLFilter with the given SSLEngineConfigurator.

Method Summary

Methods

Modifier and Type	Method and Description
void	addHandshakeListener(SSLBaseFilter.HandshakeListener listener)
protected TransportFilter	createOptimizedTransportFilter(TransportFilter childFilter)
protected SSLConnectionContext	createSslConnectionContext(Connection connection)
protected Buffer	doHandshakeStep(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer)
protected Buffer	doHandshakeStep(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, Buffer tmpAppBuffer0)
protected Buffer	doHandshakeSync(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, long timeoutMillis)
long	getHandshakeTimeout(TimeUnit timeUnit) Returns the handshake timeout, -1 if blocking handshake mode is disabled (default).
protected Object[]	getPeerCertificateChain(SSLConnectionContext sslCtx, FilterChainContext context, boolean needClientAuth) Obtains the certificate chain for this SSL session.
SSLEngineConfigurator	getServerSSLEngineConfigurator()
NextAction	handleEvent(FilterChainContext ctx, FilterChainEvent event) Handle custom event associated with the Connection.
NextAction	handleRead(FilterChainContext ctx) Execute a unit of processing work to be performed, when channel will become available for reading.
NextAction	handleWrite(FilterChainContext ctx) Execute a unit of processing work to be performed, when some data should be written on channel.
protected void	notifyHandshakeComplete(Connection<?> connection, SSLEngine sslEngine)
protected void	notifyHandshakeFailed(Connection connection, Throwable t)
protected void	notifyHandshakeStart(Connection connection)
protected SSLConnectionContext	obtainSslConnectionContext(Connection connection)
void	onFilterChainChanged(FilterChain filterChain) Method is called, when the FilterChain this Filter is part of, has been changed.
void	removeHandshakeListener(SSLBaseFilter.HandshakeListener listener)
protected void	renegotiate(SSLConnectionContext sslCtx, FilterChainContext context) Performs an SSL renegotiation.
void	setHandshakeTimeout(long handshakeTimeout, TimeUnit timeUnit) Sets the handshake timeout.
protected NextAction	unwrapAll(FilterChainContext ctx, SSLConnectionContext sslCtx)
protected Buffer	wrapAll(FilterChainContext ctx, SSLConnectionContext sslCtx)

Methods inherited from class org.glassfish.grizzly.filterchain.BaseFilter

createContext, exceptionOccurred, handleAccept, handleClose, handleConnect, onAdded, onRemoved

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

COPY_CLONER

protected static final MessageCloner<Buffer> COPY_CLONER

handshakeListeners

protected final Set<SSLBaseFilter.HandshakeListener> handshakeListeners

Constructor Detail

SSLBaseFilter

public SSLBaseFilter()

SSLBaseFilter

public SSLBaseFilter(SSLEngineConfigurator serverSSLEngineConfigurator)

Build SSLFilter with the given SSLEngineConfigurator.

Parameters:

serverSSLEngineConfigurator - SSLEngine configurator for server side connections

SSLBaseFilter

public SSLBaseFilter(SSLEngineConfigurator serverSSLEngineConfigurator,
             boolean renegotiateOnClientAuthWant)

Build SSLFilter with the given SSLEngineConfigurator.

Parameters:

serverSSLEngineConfigurator - SSLEngine configurator for server side connections

Method Detail

getServerSSLEngineConfigurator

public SSLEngineConfigurator getServerSSLEngineConfigurator()

Returns:

SSLEngineConfigurator used by the filter to create new SSLEngine for server-side Connections

addHandshakeListener

public void addHandshakeListener(SSLBaseFilter.HandshakeListener listener)

removeHandshakeListener

public void removeHandshakeListener(SSLBaseFilter.HandshakeListener listener)

getHandshakeTimeout

public long getHandshakeTimeout(TimeUnit timeUnit)

Returns the handshake timeout, -1 if blocking handshake mode is disabled (default).

setHandshakeTimeout

public void setHandshakeTimeout(long handshakeTimeout,
                       TimeUnit timeUnit)

Sets the handshake timeout.

Parameters:

handshakeTimeout - timeout value, or -1 means for non-blocking handshake mode.

createOptimizedTransportFilter

protected TransportFilter createOptimizedTransportFilter(TransportFilter childFilter)

onFilterChainChanged

public void onFilterChainChanged(FilterChain filterChain)

Description copied from class: BaseFilter

Method is called, when the FilterChain this Filter is part of, has been changed.

Specified by:

onFilterChainChanged in interface Filter

Overrides:

onFilterChainChanged in class BaseFilter

Parameters:

filterChain - the FilterChain.

handleEvent

public NextAction handleEvent(FilterChainContext ctx,
                     FilterChainEvent event)
                       throws IOException

Description copied from class: BaseFilter

Handle custom event associated with the Connection. This Filter may either complete the required processing and return StopAction, or delegate remaining processing to the next Filter in a FilterChain containing this Filter by returning InvokeAction.

Specified by:

handleEvent in interface Filter

Overrides:

handleEvent in class BaseFilter

Parameters:

ctx - FilterChainContext

Returns:

NextAction instruction for FilterChain, how it should continue the execution

Throws:

IOException

handleRead

public NextAction handleRead(FilterChainContext ctx)
                      throws IOException

Description copied from class: BaseFilter

Execute a unit of processing work to be performed, when channel will become available for reading. This Filter may either complete the required processing and return false, or delegate remaining processing to the next Filter in a FilterChain containing this Filter by returning true.

Specified by:

handleRead in interface Filter

Overrides:

handleRead in class BaseFilter

Parameters:

ctx - FilterChainContext

Returns:

NextAction instruction for FilterChain, how it should continue the execution

Throws:

IOException

handleWrite

public NextAction handleWrite(FilterChainContext ctx)
                       throws IOException

Description copied from class: BaseFilter

Execute a unit of processing work to be performed, when some data should be written on channel. This Filter may either complete the required processing and return false, or delegate remaining processing to the next Filter in a FilterChain containing this Filter by returning true.

Specified by:

handleWrite in interface Filter

Overrides:

handleWrite in class BaseFilter

Parameters:

ctx - FilterChainContext

Returns:

NextAction instruction for FilterChain, how it should continue the execution

Throws:

IOException

unwrapAll

protected NextAction unwrapAll(FilterChainContext ctx,
                   SSLConnectionContext sslCtx)
                        throws SSLException

Throws:

SSLException

wrapAll

protected Buffer wrapAll(FilterChainContext ctx,
             SSLConnectionContext sslCtx)
                  throws SSLException

Throws:

SSLException

doHandshakeSync

protected Buffer doHandshakeSync(SSLConnectionContext sslCtx,
                     FilterChainContext ctx,
                     Buffer inputBuffer,
                     long timeoutMillis)
                          throws IOException

Throws:

IOException

doHandshakeStep

protected Buffer doHandshakeStep(SSLConnectionContext sslCtx,
                     FilterChainContext ctx,
                     Buffer inputBuffer)
                          throws IOException

Throws:

IOException

doHandshakeStep

protected Buffer doHandshakeStep(SSLConnectionContext sslCtx,
                     FilterChainContext ctx,
                     Buffer inputBuffer,
                     Buffer tmpAppBuffer0)
                          throws IOException

Throws:

IOException

renegotiate

protected void renegotiate(SSLConnectionContext sslCtx,
               FilterChainContext context)
                    throws IOException

Performs an SSL renegotiation.

Parameters:

sslCtx - the SSLConnectionContext associated with this this renegotiation request.

context - the FilterChainContext associated with this this renegotiation request.

Throws:

IOException - if an error occurs during SSL renegotiation.

getPeerCertificateChain

protected Object[] getPeerCertificateChain(SSLConnectionContext sslCtx,
                               FilterChainContext context,
                               boolean needClientAuth)
                                    throws IOException

Obtains the certificate chain for this SSL session. If no certificates are available, and needClientAuth is true, an SSL renegotiation will be be triggered to request the certificates from the client.

Parameters:

sslCtx - the SSLConnectionContext associated with this certificate request.

context - the FilterChainContext associated with this this certificate request.

needClientAuth - determines whether or not SSL renegotiation will be attempted to obtain the certificate chain.

Returns:

the certificate chain as an Object[]. If no certificate chain can be determined, this method will return null.

Throws:

IOException - if an error occurs during renegotiation.

obtainSslConnectionContext

protected SSLConnectionContext obtainSslConnectionContext(Connection connection)

createSslConnectionContext

protected SSLConnectionContext createSslConnectionContext(Connection connection)

notifyHandshakeStart

protected void notifyHandshakeStart(Connection connection)

notifyHandshakeComplete

protected void notifyHandshakeComplete(Connection<?> connection,
                           SSLEngine sslEngine)

notifyHandshakeFailed

protected void notifyHandshakeFailed(Connection connection,
                         Throwable t)