Package org.elasticsearch.xpack.security.transport.nio

Class SSLDriver

java.lang.Object
org.elasticsearch.xpack.security.transport.nio.SSLDriver
All Implemented Interfaces:
AutoCloseable
public class SSLDriver extends Object implements AutoCloseable
SSLDriver is a class that wraps the SSLEngine and attempts to simplify the API. The basic usage is to create an SSLDriver class and call init(). This initiates the SSL/TLS handshaking process. When the SSLDriver is handshaking or closing, reads and writes will be consumed/produced internally to advance the handshake or close process. Alternatively, when the SSLDriver is in application mode, it will decrypt data off the wire to be consumed by the application and will encrypt data provided by the application to be written to the wire. Handling reads from a channel with this class is very simple. When data has been read, call read(InboundChannelBuffer, InboundChannelBuffer). If the data is application data, it will be decrypted and placed into the application buffer passed as an argument. Otherwise, it will be consumed internally and advance the SSL/TLS close or handshake process. When the handshake begins, handshake data is read from the wire, or the channel close initiated, internal bytes that need to be written will be produced. The bytes will be placed in the outbound buffer for flushing to a channel. The method readyForApplicationData() can be called to determine if the driver is ready to consume application data. If the driver indicates it is ready for application writes, write(FlushOperation) can be called. This method will encrypt flush operation application data and place it in the outbound buffer for flushing to a channel. If you are ready to close the channel initiateClose() should be called. After that is called, the driver will start producing non-application writes related to notifying the peer connection that this connection is closing. When isClosed() returns true, this SSL connection is closed and the channel should be closed.

  • Constructor Details

    • SSLDriver

      public SSLDriver(SSLEngine engine, IntFunction<org.elasticsearch.nio.Page> pageAllocator, boolean isClientMode)

  • Method Details

    • init

      public void init() throws SSLException
      Throws:
      SSLException

    • renegotiate

      public void renegotiate() throws SSLException
      Requests a TLS renegotiation. This means the we will request that the peer performs another handshake prior to the continued exchange of application data. This can only be requested if we are currently not closing.
      Throws:
      SSLException - if the handshake cannot be initiated

    • getSSLEngine

      public SSLEngine getSSLEngine()

    • getOutboundBuffer

      public SSLOutboundBuffer getOutboundBuffer()

    • read

      public void read(org.elasticsearch.nio.InboundChannelBuffer encryptedBuffer, org.elasticsearch.nio.InboundChannelBuffer applicationBuffer) throws SSLException
      Throws:
      SSLException

    • readyForApplicationData

      public boolean readyForApplicationData()

    • write

      public int write(org.elasticsearch.nio.FlushOperation applicationBytes) throws SSLException
      Throws:
      SSLException

    • initiateClose

      public void initiateClose() throws SSLException
      Throws:
      SSLException

    • isClosed

      public boolean isClosed()

    • close

      public void close() throws SSLException
      Specified by:
      close in interface AutoCloseable
      Throws:
      SSLException