Refine search
protected SSLTransportFilterWrapper getOptimizedTransportFilter( final TransportFilter childFilter) { if (optimizedTransportFilter == null || optimizedTransportFilter.wrappedFilter != childFilter) { optimizedTransportFilter = createOptimizedTransportFilter(childFilter); } return optimizedTransportFilter; }
private Buffer silentRehandshake(final FilterChainContext context, final SSLConnectionContext sslCtx) throws SSLException { try { sslCtx.getSslEngine().closeOutbound(); return doHandshakeSync( sslCtx, context, null, handshakeTimeoutMillis); } catch (Throwable t) { if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, "Error during graceful ssl connection close", t); } if (t instanceof SSLException) { throw (SSLException) t; } throw new SSLException("Error during re-handshaking", t); } }
@Override public NextAction handleEvent(final FilterChainContext ctx, final FilterChainEvent event) throws IOException { if (event.type() == CertificateEvent.TYPE) { final CertificateEvent ce = (CertificateEvent) event; try { return ctx.getSuspendAction(); } finally { getPeerCertificateChain(obtainSslConnectionContext(ctx.getConnection()), ctx, ce.needClientAuth, ce.certsFuture); } } return ctx.getInvokeAction(); }
@Override public NextAction handleRead(final FilterChainContext ctx) throws IOException { final Connection connection = ctx.getConnection(); final SSLConnectionContext sslCtx = obtainSslConnectionContext(connection); SSLEngine sslEngine = sslCtx.getSslEngine(); if (sslEngine != null && !isHandshaking(sslEngine)) { return unwrapAll(ctx, sslCtx); } else { if (sslEngine == null) { sslEngine = serverSSLEngineConfigurator.createSSLEngine(); sslEngine.beginHandshake(); sslCtx.configure(sslEngine); notifyHandshakeStart(connection); ? doHandshakeSync(sslCtx, ctx, (Buffer) ctx.getMessage(), handshakeTimeoutMillis) : makeInputRemainder(sslCtx, ctx, doHandshakeStep(sslCtx, ctx, (Buffer) ctx.getMessage()))); final boolean isHandshaking = isHandshaking(sslEngine); if (!isHandshaking) { notifyHandshakeComplete(connection, sslEngine); final FilterChain connectionFilterChain = sslCtx.getNewConnectionFilterChain();
final long timeoutMillis) throws IOException { final Connection connection = ctx.getConnection(); final SSLEngine sslEngine = sslCtx.getSslEngine(); final Buffer tmpAppBuffer = allocateOutputBuffer(sslCtx.getAppBufferSize()); connection.setReadTimeout(timeoutMillis, TimeUnit.MILLISECONDS); inputBuffer = makeInputRemainder(sslCtx, ctx, doHandshakeStep(sslCtx, ctx, inputBuffer, tmpAppBuffer)); while (isHandshaking(sslEngine)) { final ReadResult rr = ctx.read(); final Buffer newBuf = (Buffer) rr.getMessage(); inputBuffer = Buffers.appendBuffers(ctx.getMemoryManager(), inputBuffer, newBuf); inputBuffer = makeInputRemainder(sslCtx, ctx, doHandshakeStep(sslCtx, ctx, inputBuffer, tmpAppBuffer)); tmpAppBuffer.dispose(); connection.setReadTimeout(oldReadTimeout, TimeUnit.MILLISECONDS);
/** * Has to be called in synchronized(connection) {...} block. */ private NextAction accurateWrite(final FilterChainContext ctx, final boolean isHandshakeComplete) throws IOException { final Connection connection = ctx.getConnection(); SSLHandshakeContext handshakeContext = handshakeContextAttr.get(connection); if (isHandshakeComplete && handshakeContext == null) { return super.handleWrite(ctx); } else { if (handshakeContext == null) { handshakeContext = new SSLHandshakeContext(connection, null); handshakeContextAttr.set(connection, handshakeContext); } if (!handshakeContext.add(ctx)) { return super.handleWrite(ctx); } } return ctx.getSuspendAction(); }
@Override protected Buffer doHandshakeStep(final SSLConnectionContext sslCtx, final FilterChainContext ctx, final Buffer inputBuffer, final Buffer tmpAppBuffer0) throws IOException { try { return super.doHandshakeStep(sslCtx, ctx, inputBuffer, tmpAppBuffer0); } catch (IOException ioe) { SSLHandshakeContext context = handshakeContextAttr.get(ctx.getConnection()); if (context != null) { context.failed(ioe); } throw ioe; } }
final FutureImpl<Object[]> certFuture) { Certificate[] certs = getPeerCertificates(sslCtx); if (certs != null) { certFuture.result(certs); final Transport transport = context.getConnection().getTransport(); ExecutorService threadPool = transport.getWorkerThreadPool(); if (threadPool == null) {
@Override public NextAction handleWrite(final FilterChainContext ctx) throws IOException { final Connection connection = ctx.getConnection(); if (ctx.getMessage() instanceof FileTransfer) { throw new IllegalStateException("TLS operations not supported with SendFile messages"); } //noinspection SynchronizationOnLocalVariableOrMethodParameter synchronized (connection) { final SSLConnectionContext sslCtx = obtainSslConnectionContext(connection); final SSLEngine sslEngine = sslCtx.getSslEngine(); if (sslEngine != null && !isHandshaking(sslEngine)) { return sslCtx.isServerMode() ? super.handleWrite(ctx) : accurateWrite(ctx, true); } else { if (sslEngine == null || !handshakeContextAttr.isSet(connection)) { handshake(connection, null, null, clientSSLEngineConfigurator, ctx, false); } return accurateWrite(ctx, false); } } }
"Configuring SSL for point to point listener filter chain. ServerSslEngineConfigurator=" + serverSslEngineConfigurator); filterChainBuilder.add(new SSLBaseFilter(serverSslEngineConfigurator, RENEGOTIATE_ON_CLIENTAUTHWANT));
protected SSLConnectionContext obtainSslConnectionContext( final Connection connection) { SSLConnectionContext sslCtx = SSL_CTX_ATTR.get(connection); if (sslCtx == null) { sslCtx = createSslConnectionContext(connection); SSL_CTX_ATTR.set(connection, sslCtx); } return sslCtx; }
@Override public void onAdded(FilterChain filterChain) { final int sslTransportFilterIdx = filterChain.indexOfType(SSLTransportFilterWrapper.class); if (sslTransportFilterIdx == -1) { final int transportFilterIdx = filterChain.indexOfType(TransportFilter.class); if (transportFilterIdx >= 0) { filterChain.set(transportFilterIdx, getOptimizedTransportFilter( (TransportFilter) filterChain.get(transportFilterIdx))); } } }
@Override protected void notifyHandshakeComplete(final Connection<?> connection, final SSLEngine sslEngine) { final SSLHandshakeContext handshakeContext = handshakeContextAttr.get(connection); if (handshakeContext != null) { connection.removeCloseListener(closeListener); handshakeContext.completed(sslEngine); handshakeContextAttr.remove(connection); } super.notifyHandshakeComplete(connection, sslEngine); }
protected static Filter configureSsl(final ServiceLocator habitat, final Ssl ssl, final FilterChainBuilder filterChainBuilder) { final SSLEngineConfigurator serverConfig = new SSLConfigurator(habitat, ssl); // final SSLEngineConfigurator clientConfig = new SSLConfigurator(habitat, ssl); // clientConfig.setClientMode(true); final SSLBaseFilter sslFilter = new SSLBaseFilter(serverConfig, // clientConfig, isRenegotiateOnClientAuthWant(ssl)); sslFilter.setHandshakeTimeout( Long.parseLong(ssl.getHandshakeTimeoutMillis()), TimeUnit.MILLISECONDS); filterChainBuilder.add(sslFilter); return sslFilter; }
private Buffer silentRehandshake(final FilterChainContext context, final SSLConnectionContext sslCtx) throws SSLException { try { return doHandshakeSync( sslCtx, context, null, handshakeTimeoutMillis); } catch (Throwable t) { if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, "Error during graceful ssl connection close", t); } if (t instanceof SSLException) { throw (SSLException) t; } throw new SSLException("Error during re-handshaking", t); } }
final long timeoutMillis) throws IOException { final Connection connection = ctx.getConnection(); final SSLEngine sslEngine = sslCtx.getSslEngine(); final Buffer tmpAppBuffer = allocateOutputBuffer(sslCtx.getAppBufferSize()); connection.setReadTimeout(timeoutMillis, TimeUnit.MILLISECONDS); inputBuffer = makeInputRemainder(sslCtx, ctx, doHandshakeStep(sslCtx, ctx, inputBuffer, tmpAppBuffer)); while (isHandshaking(sslEngine)) { final ReadResult rr = ctx.read(); final Buffer newBuf = (Buffer) rr.getMessage(); inputBuffer = Buffers.appendBuffers(ctx.getMemoryManager(), inputBuffer, newBuf); inputBuffer = makeInputRemainder(sslCtx, ctx, doHandshakeStep(sslCtx, ctx, inputBuffer, tmpAppBuffer)); tmpAppBuffer.dispose(); connection.setReadTimeout(oldReadTimeout, TimeUnit.MILLISECONDS);
/** * Has to be called in synchronized(connection) {...} block. */ private NextAction accurateWrite(final FilterChainContext ctx, final boolean isHandshakeComplete) throws IOException { final Connection connection = ctx.getConnection(); SSLHandshakeContext handshakeContext = handshakeContextAttr.get(connection); if (isHandshakeComplete && handshakeContext == null) { return super.handleWrite(ctx); } else { if (handshakeContext == null) { handshakeContext = new SSLHandshakeContext(connection, null); handshakeContextAttr.set(connection, handshakeContext); } if (!handshakeContext.add(ctx)) { return super.handleWrite(ctx); } } return ctx.getSuspendAction(); }
@Override protected Buffer doHandshakeStep(final SSLConnectionContext sslCtx, final FilterChainContext ctx, final Buffer inputBuffer, final Buffer tmpAppBuffer0) throws IOException { try { return super.doHandshakeStep(sslCtx, ctx, inputBuffer, tmpAppBuffer0); } catch (IOException ioe) { SSLHandshakeContext context = handshakeContextAttr.get(ctx.getConnection()); if (context != null) { context.failed(ioe); } throw ioe; } }
final FutureImpl<Object[]> certFuture) { Certificate[] certs = getPeerCertificates(sslCtx); if (certs != null) { certFuture.result(certs); final Transport transport = context.getConnection().getTransport(); ExecutorService threadPool = transport.getWorkerThreadPool(); if (threadPool == null) {
"Configuring SSL for point to point listener filter chain. ServerSslEngineConfigurator=" + serverSslEngineConfigurator); filterChainBuilder.add(new SSLBaseFilter(serverSslEngineConfigurator, RENEGOTIATE_ON_CLIENTAUTHWANT));