org.glassfish.grizzly.ssl

Class SSLFilter

java.lang.Object

org.glassfish.grizzly.filterchain.BaseFilter

org.glassfish.grizzly.filterchain.AbstractCodecFilter<Buffer,Buffer>

org.glassfish.grizzly.ssl.SSLFilter

All Implemented Interfaces:

Codec<Buffer,Buffer>, CodecFilter<Buffer,Buffer>, Filter

public class SSLFilter
extends AbstractCodecFilter<Buffer,Buffer>

SSL Filter to operate with SSL encrypted data.

Author:

Alexey Stashok

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SSLFilter.CertificateEvent

Field Summary

Fields

Modifier and Type	Field and Description
protected int	maxPendingBytes

Constructor Summary

Constructors

Constructor and Description
SSLFilter()
SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator, SSLEngineConfigurator clientSSLEngineConfigurator) Build SSLFilter with the given SSLEngineConfigurator.
SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator, SSLEngineConfigurator clientSSLEngineConfigurator, boolean renegotiateOnClientAuthWant) Build SSLFilter with the given SSLEngineConfigurator.

Method Summary

Methods

Modifier and Type	Method and Description
protected Buffer	doHandshakeStep(SSLEngine sslEngine, FilterChainContext context)
int	getMaxPendingBytesPerConnection()
protected Object[]	getPeerCertificateChain(SSLEngine sslEngine, FilterChainContext context, boolean needClientAuth) Obtains the certificate chain for this SSL session.
NextAction	handleEvent(FilterChainContext ctx, FilterChainEvent event) Handle custom event associated with the Connection.
NextAction	handleRead(FilterChainContext ctx) Execute a unit of processing work to be performed, when channel will become available for reading.
NextAction	handleWrite(FilterChainContext ctx) Execute a unit of processing work to be performed, when some data should be written on channel.
void	handshake(Connection connection, CompletionHandler<SSLEngine> completionHandler)
void	handshake(Connection connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress)
void	handshake(Connection connection, CompletionHandler<SSLEngine> completionHandler, Object dstAddress, SSLEngineConfigurator sslEngineConfigurator)
protected void	renegotiate(SSLEngine sslEngine, FilterChainContext context) Performs an SSL renegotiation.
void	setMaxPendingBytesPerConnection(int maxPendingBytes) Configures the maximum number of bytes that may be queued to be written for a particular Connection.

Methods inherited from class org.glassfish.grizzly.filterchain.AbstractCodecFilter

getDecoder, getEncoder

Methods inherited from class org.glassfish.grizzly.filterchain.BaseFilter

createContext, exceptionOccurred, getFilterChain, getIndex, handleAccept, handleClose, handleConnect, onAdded, onFilterChainChanged, onRemoved

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.glassfish.grizzly.filterchain.Filter

exceptionOccurred, handleAccept, handleClose, handleConnect, onAdded, onFilterChainChanged, onRemoved

Field Detail

maxPendingBytes

protected volatile int maxPendingBytes

Constructor Detail

SSLFilter

public SSLFilter()

SSLFilter

public SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator,
         SSLEngineConfigurator clientSSLEngineConfigurator)

Build SSLFilter with the given SSLEngineConfigurator.

Parameters:

serverSSLEngineConfigurator - SSLEngine configurator for server side connections

clientSSLEngineConfigurator - SSLEngine configurator for client side connections

SSLFilter

public SSLFilter(SSLEngineConfigurator serverSSLEngineConfigurator,
         SSLEngineConfigurator clientSSLEngineConfigurator,
         boolean renegotiateOnClientAuthWant)

Build SSLFilter with the given SSLEngineConfigurator.

Parameters:

serverSSLEngineConfigurator - SSLEngine configurator for server side connections

clientSSLEngineConfigurator - SSLEngine configurator for client side connections

Method Detail

handleEvent

public NextAction handleEvent(FilterChainContext ctx,
                     FilterChainEvent event)
                       throws IOException

Description copied from class: BaseFilter

Handle custom event associated with the Connection. This Filter may either complete the required processing and return StopAction, or delegate remaining processing to the next Filter in a FilterChain containing this Filter by returning InvokeAction.

Specified by:

handleEvent in interface Filter

Overrides:

handleEvent in class BaseFilter

Parameters:

ctx - FilterChainContext

Returns:

NextAction instruction for FilterChain, how it should continue the execution

Throws:

IOException

handleRead

public NextAction handleRead(FilterChainContext ctx)
                      throws IOException

Description copied from class: BaseFilter

Execute a unit of processing work to be performed, when channel will become available for reading. This Filter may either complete the required processing and return false, or delegate remaining processing to the next Filter in a FilterChain containing this Filter by returning true.

Specified by:

handleRead in interface Filter

Overrides:

handleRead in class AbstractCodecFilter<Buffer,Buffer>

Parameters:

ctx - FilterChainContext

Returns:

NextAction instruction for FilterChain, how it should continue the execution

Throws:

IOException

handleWrite

public NextAction handleWrite(FilterChainContext ctx)
                       throws IOException

Description copied from class: BaseFilter

Execute a unit of processing work to be performed, when some data should be written on channel. This Filter may either complete the required processing and return false, or delegate remaining processing to the next Filter in a FilterChain containing this Filter by returning true.

Specified by:

handleWrite in interface Filter

Overrides:

handleWrite in class AbstractCodecFilter<Buffer,Buffer>

Parameters:

ctx - FilterChainContext

Returns:

NextAction instruction for FilterChain, how it should continue the execution

Throws:

IOException

getMaxPendingBytesPerConnection

public int getMaxPendingBytesPerConnection()

Returns:

the maximum number of bytes that may be queued to be written to a particular Connection. This value is related to the situation when we try to send application data before SSL handshake completes, so the data should be stored and sent on wire once handshake will be completed.

setMaxPendingBytesPerConnection

public void setMaxPendingBytesPerConnection(int maxPendingBytes)

Configures the maximum number of bytes that may be queued to be written for a particular Connection. This value is related to the situation when we try to send application data before SSL handshake completes, so the data should be stored and sent on wire once handshake will be completed.

Parameters:

maxPendingBytes - maximum number of bytes that may be queued to be written for a particular Connection

handshake

public void handshake(Connection connection,
             CompletionHandler<SSLEngine> completionHandler)
               throws IOException

Throws:

IOException

handshake

public void handshake(Connection connection,
             CompletionHandler<SSLEngine> completionHandler,
             Object dstAddress)
               throws IOException

Throws:

IOException

handshake

public void handshake(Connection connection,
             CompletionHandler<SSLEngine> completionHandler,
             Object dstAddress,
             SSLEngineConfigurator sslEngineConfigurator)
               throws IOException

Throws:

IOException

doHandshakeStep

protected Buffer doHandshakeStep(SSLEngine sslEngine,
                     FilterChainContext context)
                          throws IOException

Throws:

IOException

renegotiate

protected void renegotiate(SSLEngine sslEngine,
               FilterChainContext context)
                    throws IOException

Performs an SSL renegotiation.

Parameters:

sslEngine - the SSLEngine associated with this this renegotiation request.

context - the FilterChainContext associated with this this renegotiation request.

Throws:

IOException - if an error occurs during SSL renegotiation.

getPeerCertificateChain

protected Object[] getPeerCertificateChain(SSLEngine sslEngine,
                               FilterChainContext context,
                               boolean needClientAuth)
                                    throws IOException

Obtains the certificate chain for this SSL session. If no certificates are available, and needClientAuth is true, an SSL renegotiation will be be triggered to request the certificates from the client.

Parameters:

sslEngine - the SSLEngine associated with this certificate request.

context - the FilterChainContext associated with this this certificate request.

needClientAuth - determines whether or not SSL renegotiation will be attempted to obtain the certificate chain.

Returns:

the certificate chain as an Object[]. If no certificate chain can be determined, this method will return null.

Throws:

IOException - if an error occurs during renegotiation.