org.glassfish.grizzly.ssl

Class SSLFilter

java.lang.Object

org.glassfish.grizzly.filterchain.BaseFilter

org.glassfish.grizzly.ssl.SSLBaseFilter

org.glassfish.grizzly.ssl.SSLFilter

All Implemented Interfaces:

Filter

public class SSLFilter
extends SSLBaseFilter

SSL Filter to operate with SSL encrypted data.

Author:

Alexey Stashok

Nested Class Summary

Nested classes/interfaces inherited from class org.glassfish.grizzly.ssl.SSLBaseFilter

SSLBaseFilter.CertificateEvent, SSLBaseFilter.HandshakeListener, SSLBaseFilter.SSLTransportFilterWrapper

Field Summary

Fields

Modifier and Type	Field and Description
protected int	maxPendingBytes

Fields inherited from class org.glassfish.grizzly.ssl.SSLBaseFilter

COPY_CLONER, handshakeListeners

Constructor Summary

Constructors

Constructor and Description
SSLFilter()
SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator, SSLEngineConfigurator clientSSLEngineConfigurator) Build SSLFilter with the given SSLEngineConfigurator.
SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator, SSLEngineConfigurator clientSSLEngineConfigurator, boolean renegotiateOnClientAuthWant) Build SSLFilter with the given SSLEngineConfigurator.

Method Summary

Modifier and Type	Method and Description
protected SSLEngine	createClientSSLEngine(SSLConnectionContext sslCtx, SSLEngineConfigurator sslEngineConfigurator)
protected Buffer	doHandshakeStep(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, Buffer tmpAppBuffer0)
SSLEngineConfigurator	getClientSSLEngineConfigurator()
int	getMaxPendingBytesPerConnection()
NextAction	handleWrite(FilterChainContext ctx) Execute a unit of processing work to be performed, when some data should be written on channel.
protected void	handshake(Connection<?> connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress, SSLEngineConfigurator sslEngineConfigurator, FilterChainContext context, boolean forceBeginHandshake)
void	handshake(Connection connection, CompletionHandler<SSLEngine> completionHandler)
void	handshake(Connection connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress)
void	handshake(Connection connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress, SSLEngineConfigurator sslEngineConfigurator)
protected void	notifyHandshakeComplete(Connection<?> connection, SSLEngine sslEngine)
protected void	notifyHandshakeFailed(Connection connection, Throwable t)
void	setMaxPendingBytesPerConnection(int maxPendingBytes) Configures the maximum number of bytes that may be queued to be written for a particular Connection.

Methods inherited from class org.glassfish.grizzly.ssl.SSLBaseFilter

addHandshakeListener, createOptimizedTransportFilter, createSslConnectionContext, doHandshakeStep, doHandshakeSync, getHandshakeTimeout, getOptimizedTransportFilter, getPeerCertificateChain, getServerSSLEngineConfigurator, handleEvent, handleRead, isRenegotiateOnClientAuthWant, notifyHandshakeInit, notifyHandshakeStart, obtainSslConnectionContext, onAdded, onRemoved, removeHandshakeListener, renegotiate, setHandshakeTimeout, setRenegotiationDisabled, unwrapAll, wrapAll

Methods inherited from class org.glassfish.grizzly.filterchain.BaseFilter

createContext, exceptionOccurred, handleAccept, handleClose, handleConnect, onFilterChainChanged, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

maxPendingBytes

protected volatile int maxPendingBytes

Constructor Detail

SSLFilter

public SSLFilter()

SSLFilter

public SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator,
                 SSLEngineConfigurator clientSSLEngineConfigurator)

Build SSLFilter with the given SSLEngineConfigurator.

Parameters:

serverSSLEngineConfigurator - SSLEngine configurator for server side connections

clientSSLEngineConfigurator - SSLEngine configurator for client side connections

SSLFilter

public SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator,
                 SSLEngineConfigurator clientSSLEngineConfigurator,
                 boolean renegotiateOnClientAuthWant)

Build SSLFilter with the given SSLEngineConfigurator.

Parameters:

serverSSLEngineConfigurator - SSLEngine configurator for server side connections

clientSSLEngineConfigurator - SSLEngine configurator for client side connections

renegotiateOnClientAuthWant - true, if SSLBaseFilter has to force client authentication during re-handshake, in case the client didn't send its credentials during the initial handshake in response to "wantClientAuth" flag. In this case "needClientAuth" flag will be raised and re-handshake will be initiated

Method Detail

getClientSSLEngineConfigurator

public SSLEngineConfigurator getClientSSLEngineConfigurator()

Returns:

SSLEngineConfigurator used by the filter to create new SSLEngine for client-side Connections

handleWrite

public NextAction handleWrite(FilterChainContext ctx)
                       throws IOException

Description copied from class: BaseFilter

Execute a unit of processing work to be performed, when some data should be written on channel. This Filter may either complete the required processing and return false, or delegate remaining processing to the next Filter in a FilterChain containing this Filter by returning true.

Specified by:

handleWrite in interface Filter

Overrides:

handleWrite in class SSLBaseFilter

Parameters:

ctx - FilterChainContext

Returns:

NextAction instruction for FilterChain, how it should continue the execution

Throws:

IOException

getMaxPendingBytesPerConnection

public int getMaxPendingBytesPerConnection()

Returns:

the maximum number of bytes that may be queued to be written to a particular Connection. This value is related to the situation when we try to send application data before SSL handshake completes, so the data should be stored and sent on wire once handshake will be completed.

setMaxPendingBytesPerConnection

public void setMaxPendingBytesPerConnection(int maxPendingBytes)

Configures the maximum number of bytes that may be queued to be written for a particular Connection. This value is related to the situation when we try to send application data before SSL handshake completes, so the data should be stored and sent on wire once handshake will be completed.

Parameters:

maxPendingBytes - maximum number of bytes that may be queued to be written for a particular Connection

handshake

public void handshake(Connection connection,
                      CompletionHandler<SSLEngine> completionHandler)
               throws IOException

Throws:

IOException

handshake

public void handshake(Connection connection,
                      CompletionHandler<SSLEngine> completionHandler,
                      Object dstAddress)
               throws IOException

Throws:

IOException

handshake

public void handshake(Connection connection,
                      CompletionHandler<SSLEngine> completionHandler,
                      Object dstAddress,
                      SSLEngineConfigurator sslEngineConfigurator)
               throws IOException

Throws:

IOException

handshake

protected void handshake(Connection<?> connection,
                         CompletionHandler<SSLEngine> completionHandler,
                         Object dstAddress,
                         SSLEngineConfigurator sslEngineConfigurator,
                         FilterChainContext context,
                         boolean forceBeginHandshake)
                  throws IOException

Throws:

IOException

notifyHandshakeComplete

protected void notifyHandshakeComplete(Connection<?> connection,
                                       SSLEngine sslEngine)

Overrides:

notifyHandshakeComplete in class SSLBaseFilter

notifyHandshakeFailed

protected void notifyHandshakeFailed(Connection connection,
                                     Throwable t)

Overrides:

notifyHandshakeFailed in class SSLBaseFilter

doHandshakeStep

protected Buffer doHandshakeStep(SSLConnectionContext sslCtx,
                                 FilterChainContext ctx,
                                 Buffer inputBuffer,
                                 Buffer tmpAppBuffer0)
                          throws IOException

Overrides:

doHandshakeStep in class SSLBaseFilter

Throws:

IOException

createClientSSLEngine

protected SSLEngine createClientSSLEngine(SSLConnectionContext sslCtx,
                                          SSLEngineConfigurator sslEngineConfigurator)