java.lang.Object
org.glassfish.grizzly.filterchain.BaseFilter
org.glassfish.grizzly.ssl.SSLBaseFilter
- All Implemented Interfaces:
Filter
- Direct Known Subclasses:
SSLFilter
SSL
Filter
to operate with SSL encrypted data.- Author:
- Alexey Stashok
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic class
static interface
protected static class
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected static final MessageCloner<Buffer>
protected final Set<SSLBaseFilter.HandshakeListener>
-
Constructor Summary
ConstructorsConstructorDescriptionSSLBaseFilter
(SSLEngineConfigurator serverSSLEngineConfigurator) Build SSLFilter with the givenSSLEngineConfigurator
.SSLBaseFilter
(SSLEngineConfigurator serverSSLEngineConfigurator, boolean renegotiateOnClientAuthWant) Build SSLFilter with the givenSSLEngineConfigurator
. -
Method Summary
Modifier and TypeMethodDescriptionvoid
protected SSLBaseFilter.SSLTransportFilterWrapper
createOptimizedTransportFilter
(TransportFilter childFilter) protected SSLConnectionContext
createSslConnectionContext
(Connection connection) protected Buffer
doHandshakeStep
(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer) protected Buffer
doHandshakeStep
(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, Buffer tmpAppBuffer0) protected Buffer
doHandshakeSync
(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, long timeoutMillis) long
getHandshakeTimeout
(TimeUnit timeUnit) protected SSLBaseFilter.SSLTransportFilterWrapper
getOptimizedTransportFilter
(TransportFilter childFilter) protected void
getPeerCertificateChain
(SSLConnectionContext sslCtx, FilterChainContext context, boolean needClientAuth, FutureImpl<Object[]> certFuture) Obtains the certificate chain for this SSL session.handleEvent
(FilterChainContext ctx, FilterChainEvent event) Handle custom event associated with theConnection
.Execute a unit of processing work to be performed, when channel will become available for reading.Execute a unit of processing work to be performed, when some data should be written on channel.boolean
protected void
notifyHandshakeComplete
(Connection<?> connection, SSLEngine sslEngine) protected void
notifyHandshakeFailed
(Connection connection, Throwable t) protected void
notifyHandshakeInit
(Connection<?> connection, SSLEngine sslEngine) protected void
notifyHandshakeStart
(Connection connection) protected SSLConnectionContext
obtainSslConnectionContext
(Connection connection) void
onAdded
(FilterChain filterChain) Method is called, when the Filter has been added to the passedFilterChain
.void
onRemoved
(FilterChain filterChain) Method is called, when the Filter has been removed from the passedFilterChain
.void
protected void
renegotiate
(SSLConnectionContext sslCtx, FilterChainContext context) Performs an SSL renegotiation.void
setHandshakeTimeout
(long handshakeTimeout, TimeUnit timeUnit) Sets the handshake timeout.void
setRenegotiationDisabled
(boolean renegotiationDisabled) Completely disables renegotiation.protected NextAction
unwrapAll
(FilterChainContext ctx, SSLConnectionContext sslCtx) protected Buffer
wrapAll
(FilterChainContext ctx, SSLConnectionContext sslCtx) Methods inherited from class org.glassfish.grizzly.filterchain.BaseFilter
createContext, exceptionOccurred, handleAccept, handleClose, handleConnect, onFilterChainChanged, toString
-
Field Details
-
COPY_CLONER
-
handshakeListeners
-
-
Constructor Details
-
SSLBaseFilter
public SSLBaseFilter() -
SSLBaseFilter
Build SSLFilter with the givenSSLEngineConfigurator
.- Parameters:
serverSSLEngineConfigurator
- SSLEngine configurator for server side connections
-
SSLBaseFilter
public SSLBaseFilter(SSLEngineConfigurator serverSSLEngineConfigurator, boolean renegotiateOnClientAuthWant) Build SSLFilter with the givenSSLEngineConfigurator
.- Parameters:
serverSSLEngineConfigurator
- SSLEngine configurator for server side connectionsrenegotiateOnClientAuthWant
- true, if SSLBaseFilter has to force client authentication during re-handshake, in case the client didn't send its credentials during the initial handshake in response to "wantClientAuth" flag. In this case "needClientAuth" flag will be raised and re-handshake will be initiated
-
-
Method Details
-
isRenegotiateOnClientAuthWant
public boolean isRenegotiateOnClientAuthWant()- Returns:
- true, if SSLBaseFilter has to force client authentication during re-handshake, in case the client didn't send its credentials during the initial handshake in response to "wantClientAuth" flag. In this case "needClientAuth" flag will be raised and re-handshake will be initiated
-
getServerSSLEngineConfigurator
- Returns:
SSLEngineConfigurator
used by the filter to create newSSLEngine
for server-sideConnection
s
-
addHandshakeListener
-
removeHandshakeListener
-
getHandshakeTimeout
- Parameters:
timeUnit
-TimeUnit
- Returns:
- the handshake timeout,
-1
if blocking handshake mode is disabled (default).
-
setHandshakeTimeout
Sets the handshake timeout.- Parameters:
handshakeTimeout
- timeout value, or-1
means for non-blocking handshake mode.timeUnit
-TimeUnit
-
setRenegotiationDisabled
public void setRenegotiationDisabled(boolean renegotiationDisabled) Completely disables renegotiation.- Parameters:
renegotiationDisabled
-true
to disable renegotiation.
-
getOptimizedTransportFilter
protected SSLBaseFilter.SSLTransportFilterWrapper getOptimizedTransportFilter(TransportFilter childFilter) -
createOptimizedTransportFilter
protected SSLBaseFilter.SSLTransportFilterWrapper createOptimizedTransportFilter(TransportFilter childFilter) -
onRemoved
Description copied from class:BaseFilter
Method is called, when the Filter has been removed from the passedFilterChain
.- Specified by:
onRemoved
in interfaceFilter
- Overrides:
onRemoved
in classBaseFilter
- Parameters:
filterChain
- theFilterChain
this Filter was removed from.
-
onAdded
Description copied from class:BaseFilter
Method is called, when the Filter has been added to the passedFilterChain
.- Specified by:
onAdded
in interfaceFilter
- Overrides:
onAdded
in classBaseFilter
- Parameters:
filterChain
- theFilterChain
this Filter was added to.
-
handleEvent
Description copied from class:BaseFilter
Handle custom event associated with theConnection
. ThisFilter
may either complete the required processing and returnStopAction
, or delegate remaining processing to the nextFilter
in aFilterChain
containing thisFilter
by returningInvokeAction
.- Specified by:
handleEvent
in interfaceFilter
- Overrides:
handleEvent
in classBaseFilter
- Parameters:
ctx
-FilterChainContext
- Returns:
NextAction
instruction forFilterChain
, how it should continue the execution- Throws:
IOException
-
handleRead
Description copied from class:BaseFilter
Execute a unit of processing work to be performed, when channel will become available for reading. ThisFilter
may either complete the required processing and return false, or delegate remaining processing to the nextFilter
in aFilterChain
containing thisFilter
by returning true.- Specified by:
handleRead
in interfaceFilter
- Overrides:
handleRead
in classBaseFilter
- Parameters:
ctx
-FilterChainContext
- Returns:
NextAction
instruction forFilterChain
, how it should continue the execution- Throws:
IOException
-
handleWrite
Description copied from class:BaseFilter
Execute a unit of processing work to be performed, when some data should be written on channel. ThisFilter
may either complete the required processing and return false, or delegate remaining processing to the nextFilter
in aFilterChain
containing thisFilter
by returning true.- Specified by:
handleWrite
in interfaceFilter
- Overrides:
handleWrite
in classBaseFilter
- Parameters:
ctx
-FilterChainContext
- Returns:
NextAction
instruction forFilterChain
, how it should continue the execution- Throws:
IOException
-
unwrapAll
protected NextAction unwrapAll(FilterChainContext ctx, SSLConnectionContext sslCtx) throws SSLException - Throws:
SSLException
-
wrapAll
- Throws:
SSLException
-
doHandshakeSync
protected Buffer doHandshakeSync(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, long timeoutMillis) throws IOException - Throws:
IOException
-
doHandshakeStep
protected Buffer doHandshakeStep(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer) throws IOException - Throws:
IOException
-
doHandshakeStep
protected Buffer doHandshakeStep(SSLConnectionContext sslCtx, FilterChainContext ctx, Buffer inputBuffer, Buffer tmpAppBuffer0) throws IOException - Throws:
IOException
-
renegotiate
protected void renegotiate(SSLConnectionContext sslCtx, FilterChainContext context) throws IOException Performs an SSL renegotiation.- Parameters:
sslCtx
- theSSLConnectionContext
associated with this this renegotiation request.context
- theFilterChainContext
associated with this this renegotiation request.- Throws:
IOException
- if an error occurs during SSL renegotiation.
-
getPeerCertificateChain
protected void getPeerCertificateChain(SSLConnectionContext sslCtx, FilterChainContext context, boolean needClientAuth, FutureImpl<Object[]> certFuture) Obtains the certificate chain for this SSL session. If no certificates are available, and
needClientAuth
is true, an SSL renegotiation will be be triggered to request the certificates from the client.- Parameters:
sslCtx
- theSSLConnectionContext
associated with this certificate request.context
- theFilterChainContext
associated with this this certificate request.needClientAuth
- determines whether or not SSL renegotiation will be attempted to obtain the certificate chain.certFuture
- the future that will be provided the result of the peer certificate processing.
-
obtainSslConnectionContext
-
createSslConnectionContext
-
notifyHandshakeInit
-
notifyHandshakeStart
-
notifyHandshakeComplete
-
notifyHandshakeFailed
-