Package com.yahoo.jrt
Class MaybeTlsCryptoSocket
- java.lang.Object
-
- com.yahoo.jrt.MaybeTlsCryptoSocket
-
- All Implemented Interfaces:
CryptoSocket
public class MaybeTlsCryptoSocket extends java.lang.Object implements CryptoSocket
A crypto socket for the server side of a connection that auto-detects whether the connection is tls encrypted or unencrypted using clever heuristics. The assumption is that the client side will send at least one RPC request before expecting anything from the server. The first 9 bytes are inspected to see if they look like part of a tls handshake or not (RPC packet headers are 12 bytes).
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface com.yahoo.jrt.CryptoSocket
CryptoSocket.FlushResult, CryptoSocket.HandshakeResult
-
-
Constructor Summary
Constructors Constructor Description MaybeTlsCryptoSocket(java.nio.channels.SocketChannel channel, TlsCryptoEngine factory)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description java.nio.channels.SocketChannel
channel()
Obtain the underlying socket channel used by this CryptoSocket.void
doHandshakeWork()
Called whenCryptoSocket.handshake()
returnsCryptoSocket.HandshakeResult.NEED_WORK
to perform compute-heavy tasks.int
drain(java.nio.ByteBuffer dst)
Similar to read, but this function is not allowed to read from the underlying socket.CryptoSocket.FlushResult
flush()
Try to flush data in the write pipeline that is not depenedent on data not yet written by the application into the underlying socket.int
getMinimumReadBufferSize()
This function should be called after handshaking has completed before calling the read function.java.util.Optional<SecurityContext>
getSecurityContext()
Returns the security context for the current connection (given handshake completed), or empty if the current connection is not secure.CryptoSocket.HandshakeResult
handshake()
Try to progress the initial connection handshake.static boolean
looksLikeTlsToMe(byte[] data)
int
read(java.nio.ByteBuffer dst)
Called when the underlying socket has available data.int
write(java.nio.ByteBuffer src)
Called when the application has data it wants to write.
-
-
-
Constructor Detail
-
MaybeTlsCryptoSocket
public MaybeTlsCryptoSocket(java.nio.channels.SocketChannel channel, TlsCryptoEngine factory)
-
-
Method Detail
-
looksLikeTlsToMe
public static boolean looksLikeTlsToMe(byte[] data)
-
channel
public java.nio.channels.SocketChannel channel()
Description copied from interface:CryptoSocket
Obtain the underlying socket channel used by this CryptoSocket.- Specified by:
channel
in interfaceCryptoSocket
-
handshake
public CryptoSocket.HandshakeResult handshake() throws java.io.IOException
Description copied from interface:CryptoSocket
Try to progress the initial connection handshake. Handshaking will be done once, before any normal reads or writes are performed. Re-negotiation at a later stage will not be permitted. This function will be called multiple times until the status is either DONE or an IOException is thrown. When NEED_READ or NEED_WRITE is returned, the handshake function will be called again when the appropriate io event has triggered. When NEED_WORK is returned, theCryptoSocket.doHandshakeWork()
will be called (possibly in another thread) before this function is called again.- Specified by:
handshake
in interfaceCryptoSocket
- Throws:
java.io.IOException
-
doHandshakeWork
public void doHandshakeWork()
Description copied from interface:CryptoSocket
Called whenCryptoSocket.handshake()
returnsCryptoSocket.HandshakeResult.NEED_WORK
to perform compute-heavy tasks. This method may be called from another thread to avoid blocking the transport thread.- Specified by:
doHandshakeWork
in interfaceCryptoSocket
-
getMinimumReadBufferSize
public int getMinimumReadBufferSize()
Description copied from interface:CryptoSocket
This function should be called after handshaking has completed before calling the read function. It dictates the minimum size of the application read buffer presented to the read function. This is needed to support frame-based stateless decryption of incoming data.- Specified by:
getMinimumReadBufferSize
in interfaceCryptoSocket
-
read
public int read(java.nio.ByteBuffer dst) throws java.io.IOException
Description copied from interface:CryptoSocket
Called when the underlying socket has available data. Read through the entire input pipeline. The semantics are the same as with a normal socket read except it can also fail for cryptographic reasons.- Specified by:
read
in interfaceCryptoSocket
- Throws:
java.io.IOException
-
drain
public int drain(java.nio.ByteBuffer dst) throws java.io.IOException
Description copied from interface:CryptoSocket
Similar to read, but this function is not allowed to read from the underlying socket. This is to enable the application to make sure that there is no more input data in the read pipeline that is independent of data not yet read from the actual socket. Draining data from the input pipeline is done to prevent masking read events.- Specified by:
drain
in interfaceCryptoSocket
- Throws:
java.io.IOException
-
write
public int write(java.nio.ByteBuffer src) throws java.io.IOException
Description copied from interface:CryptoSocket
Called when the application has data it wants to write. Write through the entire output pipeline. The semantics are the same as with a normal socket write.- Specified by:
write
in interfaceCryptoSocket
- Throws:
java.io.IOException
-
flush
public CryptoSocket.FlushResult flush() throws java.io.IOException
Description copied from interface:CryptoSocket
Try to flush data in the write pipeline that is not depenedent on data not yet written by the application into the underlying socket. This is to enable the application to identify pending work that may not be completed until the underlying socket is ready for writing more data. When NEED_WRITE is returned, either write or flush will be called again when the appropriate io event has triggered.- Specified by:
flush
in interfaceCryptoSocket
- Throws:
java.io.IOException
-
getSecurityContext
public java.util.Optional<SecurityContext> getSecurityContext()
Description copied from interface:CryptoSocket
Returns the security context for the current connection (given handshake completed), or empty if the current connection is not secure.- Specified by:
getSecurityContext
in interfaceCryptoSocket
-
-