org.glassfish.grizzly.ssl

Class SSLBaseFilter

java.lang.Object

org.glassfish.grizzly.filterchain.BaseFilter

org.glassfish.grizzly.ssl.SSLBaseFilter

All Implemented Interfaces:

Filter

Direct Known Subclasses:

SSLFilter

public class SSLBaseFilter
extends BaseFilter

SSL Filter to operate with SSL encrypted data.

Author:

Alexey Stashok

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SSLBaseFilter.CertificateEvent
static interface	SSLBaseFilter.HandshakeListener
protected static class	SSLBaseFilter.SSLTransportFilterWrapper

Field Summary

Fields

Modifier and Type	Field and Description
protected static MessageCloner<Buffer>	COPY_CLONER
protected Set<SSLBaseFilter.HandshakeListener>	handshakeListeners

Constructor Summary

Constructors

Constructor and Description
SSLBaseFilter()
SSLBaseFilter(SSLEngineConfigurator serverSSLEngineConfigurator) Build SSLFilter with the given SSLEngineConfigurator.
SSLBaseFilter(SSLEngineConfigurator serverSSLEngineConfigurator, boolean renegotiateOnClientAuthWant) Build SSLFilter with the given SSLEngineConfigurator.

Method Summary

Modifier and Type	Method and Description
void	addHandshakeListener(SSLBaseFilter.HandshakeListener listener)
protected SSLBaseFilter.SSLTransportFilterWrapper	createOptimizedTransportFilter(TransportFilter childFilter)
protected SSLConnectionContext	createSslConnectionContext(Connection connection)
protected Buffer	doHandshakeStep(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer)
protected Buffer	doHandshakeStep(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, Buffer tmpAppBuffer0)
protected Buffer	doHandshakeSync(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, long timeoutMillis)
long	getHandshakeTimeout(TimeUnit timeUnit)
protected SSLBaseFilter.SSLTransportFilterWrapper	getOptimizedTransportFilter(TransportFilter childFilter)
protected void	getPeerCertificateChain(SSLConnectionContext sslCtx, FilterChainContext context, boolean needClientAuth, FutureImpl<Object[]> certFuture) Obtains the certificate chain for this SSL session.
SSLEngineConfigurator	getServerSSLEngineConfigurator()
NextAction	handleEvent(FilterChainContext ctx, FilterChainEvent event) Handle custom event associated with the Connection.
NextAction	handleRead(FilterChainContext ctx) Execute a unit of processing work to be performed, when channel will become available for reading.
NextAction	handleWrite(FilterChainContext ctx) Execute a unit of processing work to be performed, when some data should be written on channel.
boolean	isRenegotiateOnClientAuthWant()
protected void	notifyHandshakeComplete(Connection<?> connection, SSLEngine sslEngine)
protected void	notifyHandshakeFailed(Connection connection, Throwable t)
protected void	notifyHandshakeStart(Connection connection)
protected SSLConnectionContext	obtainSslConnectionContext(Connection connection)
void	onAdded(FilterChain filterChain) Method is called, when the Filter has been added to the passed FilterChain.
void	onRemoved(FilterChain filterChain) Method is called, when the Filter has been removed from the passed FilterChain.
void	removeHandshakeListener(SSLBaseFilter.HandshakeListener listener)
protected void	renegotiate(SSLConnectionContext sslCtx, FilterChainContext context) Performs an SSL renegotiation.
void	setHandshakeTimeout(long handshakeTimeout, TimeUnit timeUnit) Sets the handshake timeout.
void	setRenegotiationDisabled(boolean renegotiationDisabled) Completely disables renegotiation.
protected NextAction	unwrapAll(FilterChainContext ctx, SSLConnectionContext sslCtx)
protected Buffer	wrapAll(FilterChainContext ctx, SSLConnectionContext sslCtx)

Methods inherited from class org.glassfish.grizzly.filterchain.BaseFilter

createContext, exceptionOccurred, handleAccept, handleClose, handleConnect, onFilterChainChanged, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

COPY_CLONER

protected static final MessageCloner<Buffer> COPY_CLONER

handshakeListeners

protected final Set<SSLBaseFilter.HandshakeListener> handshakeListeners

Constructor Detail

SSLBaseFilter

public SSLBaseFilter()

SSLBaseFilter

public SSLBaseFilter(SSLEngineConfigurator serverSSLEngineConfigurator)

Build SSLFilter with the given SSLEngineConfigurator.

Parameters:

serverSSLEngineConfigurator - SSLEngine configurator for server side connections

SSLBaseFilter

public SSLBaseFilter(SSLEngineConfigurator serverSSLEngineConfigurator,
                     boolean renegotiateOnClientAuthWant)

Build SSLFilter with the given SSLEngineConfigurator.

Parameters:

serverSSLEngineConfigurator - SSLEngine configurator for server side connections

renegotiateOnClientAuthWant - true, if SSLBaseFilter has to force client authentication during re-handshake, in case the client didn't send its credentials during the initial handshake in response to "wantClientAuth" flag. In this case "needClientAuth" flag will be raised and re-handshake will be initiated

Method Detail

isRenegotiateOnClientAuthWant

public boolean isRenegotiateOnClientAuthWant()

Returns:

true, if SSLBaseFilter has to force client authentication during re-handshake, in case the client didn't send its credentials during the initial handshake in response to "wantClientAuth" flag. In this case "needClientAuth" flag will be raised and re-handshake will be initiated

getServerSSLEngineConfigurator

public SSLEngineConfigurator getServerSSLEngineConfigurator()

Returns:

SSLEngineConfigurator used by the filter to create new SSLEngine for server-side Connections

addHandshakeListener

public void addHandshakeListener(SSLBaseFilter.HandshakeListener listener)

removeHandshakeListener

public void removeHandshakeListener(SSLBaseFilter.HandshakeListener listener)

getHandshakeTimeout

public long getHandshakeTimeout(TimeUnit timeUnit)

Parameters:

timeUnit - TimeUnit

Returns:

the handshake timeout, -1 if blocking handshake mode is disabled (default).

setHandshakeTimeout

public void setHandshakeTimeout(long handshakeTimeout,
                                TimeUnit timeUnit)

Sets the handshake timeout.

Parameters:

handshakeTimeout - timeout value, or -1 means for non-blocking handshake mode.

timeUnit - TimeUnit

setRenegotiationDisabled

public void setRenegotiationDisabled(boolean renegotiationDisabled)

Completely disables renegotiation.

Parameters:

renegotiationDisabled - true to disable renegotiation.

getOptimizedTransportFilter

protected SSLBaseFilter.SSLTransportFilterWrapper getOptimizedTransportFilter(TransportFilter childFilter)

createOptimizedTransportFilter

protected SSLBaseFilter.SSLTransportFilterWrapper createOptimizedTransportFilter(TransportFilter childFilter)

onRemoved

public void onRemoved(FilterChain filterChain)

Description copied from class: BaseFilter

Method is called, when the Filter has been removed from the passed FilterChain.

Specified by:

onRemoved in interface Filter

Overrides:

onRemoved in class BaseFilter

Parameters:

filterChain - the FilterChain this Filter was removed from.

onAdded

public void onAdded(FilterChain filterChain)

Description copied from class: BaseFilter

Method is called, when the Filter has been added to the passed FilterChain.

Specified by:

onAdded in interface Filter

Overrides:

onAdded in class BaseFilter

Parameters:

filterChain - the FilterChain this Filter was added to.

handleEvent

public NextAction handleEvent(FilterChainContext ctx,
                              FilterChainEvent event)
                       throws IOException

Description copied from class: BaseFilter

Handle custom event associated with the Connection. This Filter may either complete the required processing and return StopAction, or delegate remaining processing to the next Filter in a FilterChain containing this Filter by returning InvokeAction.

Specified by:

handleEvent in interface Filter

Overrides:

handleEvent in class BaseFilter

Parameters:

ctx - FilterChainContext

Returns:

NextAction instruction for FilterChain, how it should continue the execution

Throws:

IOException

handleRead

public NextAction handleRead(FilterChainContext ctx)
                      throws IOException

Description copied from class: BaseFilter

Execute a unit of processing work to be performed, when channel will become available for reading. This Filter may either complete the required processing and return false, or delegate remaining processing to the next Filter in a FilterChain containing this Filter by returning true.

Specified by:

handleRead in interface Filter

Overrides:

handleRead in class BaseFilter

Parameters:

ctx - FilterChainContext

Returns:

NextAction instruction for FilterChain, how it should continue the execution

Throws:

IOException

handleWrite

public NextAction handleWrite(FilterChainContext ctx)
                       throws IOException

Description copied from class: BaseFilter

Execute a unit of processing work to be performed, when some data should be written on channel. This Filter may either complete the required processing and return false, or delegate remaining processing to the next Filter in a FilterChain containing this Filter by returning true.

Specified by:

handleWrite in interface Filter

Overrides:

handleWrite in class BaseFilter

Parameters:

ctx - FilterChainContext

Returns:

NextAction instruction for FilterChain, how it should continue the execution

Throws:

IOException

unwrapAll

protected NextAction unwrapAll(FilterChainContext ctx,
                               SSLConnectionContext sslCtx)
                        throws SSLException

Throws:

SSLException

wrapAll

protected Buffer wrapAll(FilterChainContext ctx,
                         SSLConnectionContext sslCtx)
                  throws SSLException

Throws:

SSLException

doHandshakeSync

protected Buffer doHandshakeSync(SSLConnectionContext sslCtx,
                                 FilterChainContext ctx,
                                 Buffer inputBuffer,
                                 long timeoutMillis)
                          throws IOException

Throws:

IOException

doHandshakeStep

protected Buffer doHandshakeStep(SSLConnectionContext sslCtx,
                                 FilterChainContext ctx,
                                 Buffer inputBuffer)
                          throws IOException

Throws:

IOException

doHandshakeStep

protected Buffer doHandshakeStep(SSLConnectionContext sslCtx,
                                 FilterChainContext ctx,
                                 Buffer inputBuffer,
                                 Buffer tmpAppBuffer0)
                          throws IOException

Throws:

IOException

renegotiate

protected void renegotiate(SSLConnectionContext sslCtx,
                           FilterChainContext context)
                    throws IOException

Performs an SSL renegotiation.

Parameters:

sslCtx - the SSLConnectionContext associated with this this renegotiation request.

context - the FilterChainContext associated with this this renegotiation request.

Throws:

IOException - if an error occurs during SSL renegotiation.

getPeerCertificateChain

protected void getPeerCertificateChain(SSLConnectionContext sslCtx,
                                       FilterChainContext context,
                                       boolean needClientAuth,
                                       FutureImpl<Object[]> certFuture)

Obtains the certificate chain for this SSL session. If no certificates are available, and needClientAuth is true, an SSL renegotiation will be be triggered to request the certificates from the client.

Parameters:

sslCtx - the SSLConnectionContext associated with this certificate request.

context - the FilterChainContext associated with this this certificate request.

needClientAuth - determines whether or not SSL renegotiation will be attempted to obtain the certificate chain.

certFuture - the future that will be provided the result of the peer certificate processing.

obtainSslConnectionContext

protected SSLConnectionContext obtainSslConnectionContext(Connection connection)

createSslConnectionContext

protected SSLConnectionContext createSslConnectionContext(Connection connection)

notifyHandshakeStart

protected void notifyHandshakeStart(Connection connection)

notifyHandshakeComplete

protected void notifyHandshakeComplete(Connection<?> connection,
                                       SSLEngine sslEngine)

notifyHandshakeFailed

protected void notifyHandshakeFailed(Connection connection,
                                     Throwable t)