Package org.glassfish.grizzly.ssl
Class SSLFilter
- java.lang.Object
-
- org.glassfish.grizzly.filterchain.BaseFilter
-
- org.glassfish.grizzly.ssl.SSLBaseFilter
-
- org.glassfish.grizzly.ssl.SSLFilter
-
- All Implemented Interfaces:
Filter
public class SSLFilter extends SSLBaseFilter
SSLFilter
to operate with SSL encrypted data.- Author:
- Alexey Stashok
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.glassfish.grizzly.ssl.SSLBaseFilter
SSLBaseFilter.CertificateEvent, SSLBaseFilter.HandshakeListener, SSLBaseFilter.SSLTransportFilterWrapper
-
-
Field Summary
Fields Modifier and Type Field Description protected int
maxPendingBytes
-
Fields inherited from class org.glassfish.grizzly.ssl.SSLBaseFilter
COPY_CLONER, handshakeListeners
-
-
Constructor Summary
Constructors Constructor Description SSLFilter()
SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator, SSLEngineConfigurator clientSSLEngineConfigurator)
Build SSLFilter with the givenSSLEngineConfigurator
.SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator, SSLEngineConfigurator clientSSLEngineConfigurator, boolean renegotiateOnClientAuthWant)
Build SSLFilter with the givenSSLEngineConfigurator
.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected SSLEngine
createClientSSLEngine(SSLConnectionContext sslCtx, SSLEngineConfigurator sslEngineConfigurator)
protected Buffer
doHandshakeStep(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, Buffer tmpAppBuffer0)
SSLEngineConfigurator
getClientSSLEngineConfigurator()
int
getMaxPendingBytesPerConnection()
NextAction
handleWrite(FilterChainContext ctx)
Execute a unit of processing work to be performed, when some data should be written on channel.protected void
handshake(Connection<?> connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress, SSLEngineConfigurator sslEngineConfigurator, FilterChainContext context, boolean forceBeginHandshake)
void
handshake(Connection connection, CompletionHandler<SSLEngine> completionHandler)
void
handshake(Connection connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress)
void
handshake(Connection connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress, SSLEngineConfigurator sslEngineConfigurator)
protected void
notifyHandshakeComplete(Connection<?> connection, SSLEngine sslEngine)
protected void
notifyHandshakeFailed(Connection connection, Throwable t)
void
setMaxPendingBytesPerConnection(int maxPendingBytes)
Configures the maximum number of bytes that may be queued to be written for a particularConnection
.-
Methods inherited from class org.glassfish.grizzly.ssl.SSLBaseFilter
addHandshakeListener, createOptimizedTransportFilter, createSslConnectionContext, doHandshakeStep, doHandshakeSync, getHandshakeTimeout, getOptimizedTransportFilter, getPeerCertificateChain, getServerSSLEngineConfigurator, handleEvent, handleRead, isRenegotiateOnClientAuthWant, notifyHandshakeInit, notifyHandshakeStart, obtainSslConnectionContext, onAdded, onRemoved, removeHandshakeListener, renegotiate, setHandshakeTimeout, setRenegotiationDisabled, unwrapAll, wrapAll
-
Methods inherited from class org.glassfish.grizzly.filterchain.BaseFilter
createContext, exceptionOccurred, handleAccept, handleClose, handleConnect, onFilterChainChanged, toString
-
-
-
-
Constructor Detail
-
SSLFilter
public SSLFilter()
-
SSLFilter
public SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator, SSLEngineConfigurator clientSSLEngineConfigurator)
Build SSLFilter with the givenSSLEngineConfigurator
.- Parameters:
serverSSLEngineConfigurator
- SSLEngine configurator for server side connectionsclientSSLEngineConfigurator
- SSLEngine configurator for client side connections
-
SSLFilter
public SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator, SSLEngineConfigurator clientSSLEngineConfigurator, boolean renegotiateOnClientAuthWant)
Build SSLFilter with the givenSSLEngineConfigurator
.- Parameters:
serverSSLEngineConfigurator
- SSLEngine configurator for server side connectionsclientSSLEngineConfigurator
- SSLEngine configurator for client side connectionsrenegotiateOnClientAuthWant
- true, if SSLBaseFilter has to force client authentication during re-handshake, in case the client didn't send its credentials during the initial handshake in response to "wantClientAuth" flag. In this case "needClientAuth" flag will be raised and re-handshake will be initiated
-
-
Method Detail
-
getClientSSLEngineConfigurator
public SSLEngineConfigurator getClientSSLEngineConfigurator()
- Returns:
SSLEngineConfigurator
used by the filter to create newSSLEngine
for client-sideConnection
s
-
handleWrite
public NextAction handleWrite(FilterChainContext ctx) throws IOException
Description copied from class:BaseFilter
Execute a unit of processing work to be performed, when some data should be written on channel. ThisFilter
may either complete the required processing and return false, or delegate remaining processing to the nextFilter
in aFilterChain
containing thisFilter
by returning true.- Specified by:
handleWrite
in interfaceFilter
- Overrides:
handleWrite
in classSSLBaseFilter
- Parameters:
ctx
-FilterChainContext
- Returns:
NextAction
instruction forFilterChain
, how it should continue the execution- Throws:
IOException
-
getMaxPendingBytesPerConnection
public int getMaxPendingBytesPerConnection()
- Returns:
- the maximum number of bytes that may be queued to be written to a particular
Connection
. This value is related to the situation when we try to send application data before SSL handshake completes, so the data should be stored and sent on wire once handshake will be completed.
-
setMaxPendingBytesPerConnection
public void setMaxPendingBytesPerConnection(int maxPendingBytes)
Configures the maximum number of bytes that may be queued to be written for a particularConnection
. This value is related to the situation when we try to send application data before SSL handshake completes, so the data should be stored and sent on wire once handshake will be completed.- Parameters:
maxPendingBytes
- maximum number of bytes that may be queued to be written for a particularConnection
-
handshake
public void handshake(Connection connection, CompletionHandler<SSLEngine> completionHandler) throws IOException
- Throws:
IOException
-
handshake
public void handshake(Connection connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress) throws IOException
- Throws:
IOException
-
handshake
public void handshake(Connection connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress, SSLEngineConfigurator sslEngineConfigurator) throws IOException
- Throws:
IOException
-
handshake
protected void handshake(Connection<?> connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress, SSLEngineConfigurator sslEngineConfigurator, FilterChainContext context, boolean forceBeginHandshake) throws IOException
- Throws:
IOException
-
notifyHandshakeComplete
protected void notifyHandshakeComplete(Connection<?> connection, SSLEngine sslEngine)
- Overrides:
notifyHandshakeComplete
in classSSLBaseFilter
-
notifyHandshakeFailed
protected void notifyHandshakeFailed(Connection connection, Throwable t)
- Overrides:
notifyHandshakeFailed
in classSSLBaseFilter
-
doHandshakeStep
protected Buffer doHandshakeStep(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, Buffer tmpAppBuffer0) throws IOException
- Overrides:
doHandshakeStep
in classSSLBaseFilter
- Throws:
IOException
-
createClientSSLEngine
protected SSLEngine createClientSSLEngine(SSLConnectionContext sslCtx, SSLEngineConfigurator sslEngineConfigurator)
-
-