Package org.glassfish.grizzly.ssl
Class SSLFilter
- java.lang.Object
-
- org.glassfish.grizzly.filterchain.BaseFilter
-
- org.glassfish.grizzly.ssl.SSLBaseFilter
-
- org.glassfish.grizzly.ssl.SSLFilter
-
- All Implemented Interfaces:
Filter
public class SSLFilter extends SSLBaseFilter
SSLFilterto operate with SSL encrypted data.- Author:
- Alexey Stashok
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.glassfish.grizzly.ssl.SSLBaseFilter
SSLBaseFilter.CertificateEvent, SSLBaseFilter.HandshakeListener, SSLBaseFilter.SSLTransportFilterWrapper
-
-
Field Summary
Fields Modifier and Type Field Description protected intmaxPendingBytes-
Fields inherited from class org.glassfish.grizzly.ssl.SSLBaseFilter
COPY_CLONER, handshakeListeners
-
-
Constructor Summary
Constructors Constructor Description SSLFilter()SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator, SSLEngineConfigurator clientSSLEngineConfigurator)Build SSLFilter with the givenSSLEngineConfigurator.SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator, SSLEngineConfigurator clientSSLEngineConfigurator, boolean renegotiateOnClientAuthWant)Build SSLFilter with the givenSSLEngineConfigurator.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected SSLEnginecreateClientSSLEngine(SSLConnectionContext sslCtx, SSLEngineConfigurator sslEngineConfigurator)protected BufferdoHandshakeStep(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, Buffer tmpAppBuffer0)SSLEngineConfiguratorgetClientSSLEngineConfigurator()intgetMaxPendingBytesPerConnection()NextActionhandleWrite(FilterChainContext ctx)Execute a unit of processing work to be performed, when some data should be written on channel.protected voidhandshake(Connection<?> connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress, SSLEngineConfigurator sslEngineConfigurator, FilterChainContext context, boolean forceBeginHandshake)voidhandshake(Connection connection, CompletionHandler<SSLEngine> completionHandler)voidhandshake(Connection connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress)voidhandshake(Connection connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress, SSLEngineConfigurator sslEngineConfigurator)protected voidnotifyHandshakeComplete(Connection<?> connection, SSLEngine sslEngine)protected voidnotifyHandshakeFailed(Connection connection, Throwable t)voidsetMaxPendingBytesPerConnection(int maxPendingBytes)Configures the maximum number of bytes that may be queued to be written for a particularConnection.-
Methods inherited from class org.glassfish.grizzly.ssl.SSLBaseFilter
addHandshakeListener, createOptimizedTransportFilter, createSslConnectionContext, doHandshakeStep, doHandshakeSync, getHandshakeTimeout, getOptimizedTransportFilter, getPeerCertificateChain, getServerSSLEngineConfigurator, handleEvent, handleRead, isRenegotiateOnClientAuthWant, notifyHandshakeInit, notifyHandshakeStart, obtainSslConnectionContext, onAdded, onRemoved, removeHandshakeListener, renegotiate, setHandshakeTimeout, setRenegotiationDisabled, unwrapAll, wrapAll
-
Methods inherited from class org.glassfish.grizzly.filterchain.BaseFilter
createContext, exceptionOccurred, handleAccept, handleClose, handleConnect, onFilterChainChanged, toString
-
-
-
-
Constructor Detail
-
SSLFilter
public SSLFilter()
-
SSLFilter
public SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator, SSLEngineConfigurator clientSSLEngineConfigurator)
Build SSLFilter with the givenSSLEngineConfigurator.- Parameters:
serverSSLEngineConfigurator- SSLEngine configurator for server side connectionsclientSSLEngineConfigurator- SSLEngine configurator for client side connections
-
SSLFilter
public SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator, SSLEngineConfigurator clientSSLEngineConfigurator, boolean renegotiateOnClientAuthWant)
Build SSLFilter with the givenSSLEngineConfigurator.- Parameters:
serverSSLEngineConfigurator- SSLEngine configurator for server side connectionsclientSSLEngineConfigurator- SSLEngine configurator for client side connectionsrenegotiateOnClientAuthWant- true, if SSLBaseFilter has to force client authentication during re-handshake, in case the client didn't send its credentials during the initial handshake in response to "wantClientAuth" flag. In this case "needClientAuth" flag will be raised and re-handshake will be initiated
-
-
Method Detail
-
getClientSSLEngineConfigurator
public SSLEngineConfigurator getClientSSLEngineConfigurator()
- Returns:
SSLEngineConfiguratorused by the filter to create newSSLEnginefor client-sideConnections
-
handleWrite
public NextAction handleWrite(FilterChainContext ctx) throws IOException
Description copied from class:BaseFilterExecute a unit of processing work to be performed, when some data should be written on channel. ThisFiltermay either complete the required processing and return false, or delegate remaining processing to the nextFilterin aFilterChaincontaining thisFilterby returning true.- Specified by:
handleWritein interfaceFilter- Overrides:
handleWritein classSSLBaseFilter- Parameters:
ctx-FilterChainContext- Returns:
NextActioninstruction forFilterChain, how it should continue the execution- Throws:
IOException
-
getMaxPendingBytesPerConnection
public int getMaxPendingBytesPerConnection()
- Returns:
- the maximum number of bytes that may be queued to be written to a particular
Connection. This value is related to the situation when we try to send application data before SSL handshake completes, so the data should be stored and sent on wire once handshake will be completed.
-
setMaxPendingBytesPerConnection
public void setMaxPendingBytesPerConnection(int maxPendingBytes)
Configures the maximum number of bytes that may be queued to be written for a particularConnection. This value is related to the situation when we try to send application data before SSL handshake completes, so the data should be stored and sent on wire once handshake will be completed.- Parameters:
maxPendingBytes- maximum number of bytes that may be queued to be written for a particularConnection
-
handshake
public void handshake(Connection connection, CompletionHandler<SSLEngine> completionHandler) throws IOException
- Throws:
IOException
-
handshake
public void handshake(Connection connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress) throws IOException
- Throws:
IOException
-
handshake
public void handshake(Connection connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress, SSLEngineConfigurator sslEngineConfigurator) throws IOException
- Throws:
IOException
-
handshake
protected void handshake(Connection<?> connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress, SSLEngineConfigurator sslEngineConfigurator, FilterChainContext context, boolean forceBeginHandshake) throws IOException
- Throws:
IOException
-
notifyHandshakeComplete
protected void notifyHandshakeComplete(Connection<?> connection, SSLEngine sslEngine)
- Overrides:
notifyHandshakeCompletein classSSLBaseFilter
-
notifyHandshakeFailed
protected void notifyHandshakeFailed(Connection connection, Throwable t)
- Overrides:
notifyHandshakeFailedin classSSLBaseFilter
-
doHandshakeStep
protected Buffer doHandshakeStep(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, Buffer tmpAppBuffer0) throws IOException
- Overrides:
doHandshakeStepin classSSLBaseFilter- Throws:
IOException
-
createClientSSLEngine
protected SSLEngine createClientSSLEngine(SSLConnectionContext sslCtx, SSLEngineConfigurator sslEngineConfigurator)
-
-