Examples of org.apache.mina.filter.support.SSLHandler

org.apache.mina.filter.support.SSLHandler
A helper class using the SSLEngine API to decrypt/encrypt data.
Each connection has a SSLEngine that is used through the lifetime of the connection. We allocate byte buffers for use as the outbound and inbound network buffers. These buffers handle all of the intermediary data for the SSL connection. To make things easy, we'll require outNetBuffer be completely flushed before trying to wrap any more data. @author The Apache Directory Project (mina-dev@directory.apache.org) @version $Rev: 561232 $, $Date: 2007-07-31 14:19:37 +0900 (Tue, 31 Jul 2007) $

    }


    public void filterWrite(NextFilter nextFilter, IoSession session,
            WriteRequest writeRequest) throws SSLException {
        boolean needsFlush = true;
        SSLHandler handler = getSSLSessionHandler(session);
        synchronized (handler) {
            if (!isSSLStarted(session)) {
                handler.scheduleFilterWrite(nextFilter,
                        writeRequest);
            }
            // Don't encrypt the data if encryption is disabled.
            else if (session.containsAttribute(DISABLE_ENCRYPTION_ONCE)) {
                // Remove the marker attribute because it is temporary.
                session.removeAttribute(DISABLE_ENCRYPTION_ONCE);
                handler.scheduleFilterWrite(nextFilter,
                        writeRequest);
            } else {
                // Otherwise, encrypt the buffer.
                ByteBuffer buf = (ByteBuffer) writeRequest.getMessage();


                if (SessionLog.isDebugEnabled(session)) {
                    SessionLog.debug(session, " Filtered Write: " + handler);
                }


                if (handler.isWritingEncryptedData()) {
                    // data already encrypted; simply return buffer
                    if (SessionLog.isDebugEnabled(session)) {
                        SessionLog.debug(session, "   already encrypted: "
                                + buf);
                    }
                    handler.scheduleFilterWrite(nextFilter,
                            writeRequest);
                } else if (handler.isInitialHandshakeComplete()) {
                    // SSL encrypt
                    if (SessionLog.isDebugEnabled(session)) {
                        SessionLog.debug(session, " encrypt: " + buf);
                    }


                    int pos = buf.position();
                    handler.encrypt(buf.buf());
                    buf.position(pos);
                    ByteBuffer encryptedBuffer = new EncryptedBuffer(SSLHandler
                            .copy(handler.getOutNetBuffer()), buf);


                    if (SessionLog.isDebugEnabled(session)) {
                        SessionLog.debug(session, " encrypted buf: "
                                + encryptedBuffer);
                    }
                    handler.scheduleFilterWrite(nextFilter,
                            new WriteRequest(encryptedBuffer, writeRequest
                                    .getFuture()));
                } else {
                    if (!session.isConnected()) {
                        if (SessionLog.isDebugEnabled(session)) {
                            SessionLog.debug(session,
                                    " Write request on closed session.");
                        }
                    } else {
                        if (SessionLog.isDebugEnabled(session)) {
                            SessionLog
                                    .debug(session,
                                            " Handshaking is not complete yet. Buffering write request.");
                        }
                        handler.schedulePreHandshakeWriteRequest(nextFilter,
                                writeRequest);
                    }
                    needsFlush = false;
                }
            }
        }


        if (needsFlush) {
            handler.flushScheduledEvents();
        }
    }

View Full Code Here

        }
    }


    public void filterClose(final NextFilter nextFilter, final IoSession session)
            throws SSLException {
        SSLHandler handler = getSSLSessionHandler0(session);
        if (handler == null) {
            // The connection might already have closed, or
            // SSL might have not started yet.
            nextFilter.filterClose(session);
            return;
        }


        WriteFuture future = null;
        try {
            synchronized (handler) {
                if (isSSLStarted(session)) {
                    future = initiateClosure(nextFilter, session);
                }
            }


            handler.flushScheduledEvents();
        } finally {
            if (future == null) {
                nextFilter.filterClose(session);
            } else {
                future.addListener(new IoFutureListener() {

View Full Code Here

        }
    }


    private WriteFuture initiateClosure(NextFilter nextFilter, IoSession session)
            throws SSLException {
        SSLHandler handler = getSSLSessionHandler(session);
        // if already shut down
        if (!handler.closeOutbound()) {
            return DefaultWriteFuture.newNotWrittenFuture(session);
        }


        // there might be data to write out here?
        WriteFuture future = handler.writeNetBuffer(nextFilter);


        if (handler.isInboundDone()) {
            handler.destroy();
        }


        if (session.containsAttribute(USE_NOTIFICATION)) {
            handler.scheduleMessageReceived(nextFilter, SESSION_UNSECURED);
        }


        return future;
    }

View Full Code Here


        handler.scheduleMessageReceived(nextFilter, readBuffer);
    }


    private SSLHandler getSSLSessionHandler(IoSession session) {
        SSLHandler handler = getSSLSessionHandler0(session);
        if (handler == null) {
            throw new IllegalStateException();
        }
        if (handler.getParent() != this) {
            throw new IllegalArgumentException("Not managed by this filter.");
        }
        return handler;
    }

View Full Code Here

     * @return <tt>true</tt> if the SSL session has been started, <tt>false</tt> if already started.
     * @throws SSLException if failed to start the SSL session
     */
    public boolean startSSL( IoSession session ) throws SSLException
    {
        SSLHandler handler = getSSLSessionHandler( session );
        boolean started;
        synchronized( handler )
        {
            if( handler.isOutboundDone() )
            {
                NextFilter nextFilter = ( NextFilter ) session.getAttribute( NEXT_FILTER );
                handler.destroy();
                handler.init();
                handler.handshake( nextFilter );
                started = true;
            }
            else
            {
                started = false;
            }
        }
        
        handler.flushPostHandshakeEvents();
        return started;
    }

View Full Code Here

     * to retun <tt>false</tt> after TLS <tt>close_notify</tt> message
     * is sent and any messages written after then is not goinf to get encrypted.
     */
    public boolean isSSLStarted( IoSession session )
    {
        SSLHandler handler = getSSLSessionHandler0( session );
        if( handler == null )
        {
            return false;
        }


        synchronized( handler )
        {
            return !handler.isOutboundDone();
        }
    }

View Full Code Here

     * @throws SSLException if failed to initiate TLS closure
     * @throws IllegalArgumentException if this filter is not managing the specified session
     */
    public WriteFuture stopSSL( IoSession session ) throws SSLException
    {
        SSLHandler handler = getSSLSessionHandler( session );
        NextFilter nextFilter = ( NextFilter ) session.getAttribute( NEXT_FILTER );
        WriteFuture future;
        synchronized( handler )
        {
            future = initiateClosure( nextFilter, session );
        }
        
        handler.flushPostHandshakeEvents();
        
        return future;
    }

View Full Code Here


        IoSession session = parent.getSession();
        session.setAttribute( NEXT_FILTER, nextFilter );
        
        // Create an SSL handler and start handshake.
        SSLHandler handler =
            new SSLHandler( this, sslContext, session );
        session.setAttribute( SSL_HANDLER, handler );
    }

View Full Code Here

        session.setAttribute( SSL_HANDLER, handler );
    }
    
    public void onPostAdd( IoFilterChain parent, String name, NextFilter nextFilter ) throws SSLException
    {
        SSLHandler handler = getSSLSessionHandler( parent.getSession() );
        handler.handshake( nextFilter );
        handler.flushPostHandshakeEvents();
    }

View Full Code Here

    }


    // IoFilter impl.
    public void sessionClosed( NextFilter nextFilter, IoSession session ) throws SSLException
    {
        SSLHandler handler = getSSLSessionHandler( session );
        try
        {
            synchronized( handler )
            {
                if( isSSLStarted( session ) )
                {
                    if( SessionLog.isDebugEnabled( session ) )
                    {
                        SessionLog.debug( session, " Closed: " + getSSLSessionHandler( session ) );
                    }
                }
                
                // release resources
                handler.destroy();
            }
            
            handler.flushPostHandshakeEvents();
        }
        finally
        {
           // notify closed session
           nextFilter.sessionClosed( session );

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.mina.filter.support.SSLHandler

org.apache.mina.common.IoFilter.WriteRequest

org.apache.mina.common.support.DefaultWriteFuture

org.apache.mina.common.WriteFuture

org.apache.mina.filter.SSLFilter

javax.net.ssl.SSLHandshakeException

javax.net.ssl.SSLSession

javax.net.ssl.SSLException

javax.net.ssl.SSLEngineResult

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.