public SSLSupportImpl(Connection connection) { engine = SSLUtils.getSSLEngine(connection); if (engine == null) { throw new IllegalStateException("SSLEngine is null"); } session = engine.getSession(); }
@Override public NextAction handleEvent(final FilterChainContext ctx, final FilterChainEvent event) throws IOException { if (event.type() == SSLSwitchingEvent.class) { final SSLSwitchingEvent se = (SSLSwitchingEvent) event; final boolean isSecure = se.isSecure(); CONNECTION_IS_SECURE.set(se.getConnection(), isSecure); // if enabling security - create SSLEngine here, because default // Grizzly SSLFilter will use host/port info from the Connection, rather // than request URL. Specifically this doesn't work with CONNECT tunnels. if (isSecure && SSLUtils.getSSLEngine(ctx.getConnection()) == null) { // if SSLEngine is not yet set for the connection - initialize it final SSLEngine sslEngine = getClientSSLEngineConfigurator() .createSSLEngine(se.getHost(), se.getPort() == -1 ? 443 : se.getPort() ); sslEngine.beginHandshake(); SSLUtils.setSSLEngine(ctx.getConnection(), sslEngine); } return ctx.getStopAction(); } return ctx.getInvokeAction(); }
@Override public NextAction handleRead(final FilterChainContext ctx) throws IOException { final Connection connection = ctx.getConnection(); final SSLConnectionContext sslCtx = getSslConnectionContext(connection); if (sslCtx != null && sslCtx.getSslEngine() != null) { ctx.setMessage(allowDispose(allocateInputBuffer(sslCtx))); } return wrappedFilter.handleRead(ctx); } }
final Connection connection = ctx.getConnection(); HandshakeStatus handshakeStatus = sslEngine.getHandshakeStatus(); new Object[]{sslEngine, sslEngine.getHandshakeStatus()}); final int expectedLength = getSSLPacketSize(inputBuffer); if (expectedLength == -1 || inputBuffer.remaining() < expectedLength) { break _exitWhile; tmpAppBuffer = allocateOutputBuffer(sslCtx.getAppBufferSize()); handshakeUnwrap(expectedLength, sslCtx, inputBuffer, tmpAppBuffer); final Status status = sslEngineResult.getStatus(); throw new SSLException("SSL unwrap error: " + status); tmpNetBuffer = handshakeWrap( connection, sslCtx, tmpNetBuffer); handshakeStatus = sslEngine.getHandshakeStatus(); executeDelegatedTask(sslEngine); handshakeStatus = sslEngine.getHandshakeStatus(); break; inputBuffer = makeInputRemainder(sslCtx, ctx, inputBuffer);
protected NextAction unwrapAll(final FilterChainContext ctx, final SSLConnectionContext sslCtx) throws SSLException { Buffer input = ctx.getMessage(); final int len = getSSLPacketSize(input); if (len == -1 || input.remaining() < len) { break; output.dispose(); throw result.getError(); if (isHandshaking(sslCtx.getSslEngine())) { switch (result.getSslEngineResult().getStatus()) { case OK: if (input.hasRemaining()) { break; result.getSslEngineResult().getStatus()); if (output.hasRemaining() || isClosed) { ctx.setMessage(output); return ctx.getInvokeAction(makeInputRemainder(sslCtx, ctx, input)); return ctx.getStopAction(makeInputRemainder(sslCtx, ctx, input));
@Override public NextAction handleRead(final FilterChainContext ctx) throws IOException { final Connection connection = ctx.getConnection(); final SSLConnectionContext sslCtx = sslBaseFilter.obtainSslConnectionContext(connection); if (sslCtx.getSslEngine() == null) { final SSLEngine sslEngine = sslBaseFilter.serverSSLEngineConfigurator.createSSLEngine(); sslEngine.beginHandshake(); sslCtx.configure(sslEngine); sslBaseFilter.notifyHandshakeStart(connection); } ctx.setMessage(allowDispose(allocateInputBuffer(sslCtx))); return wrappedFilter.handleRead(ctx); }
public Future<SSLEngine> handshake(final SSLStreamReader sslStreamReader, final SSLEngineConfigurator configurator, final CompletionHandler<SSLEngine> completionHandler) throws IOException { final Connection connection = getConnection(); SSLEngine sslEngine = SSLUtils.getSSLEngine(getConnection()); if (sslEngine == null) { sslEngine = configurator.createSSLEngine(); SSLUtils.setSSLEngine(connection, sslEngine); checkBuffers(connection, sslEngine); } final boolean isLoggingFinest = logger.isLoggable(Level.FINEST); if (isLoggingFinest) { logger.log(Level.FINEST, "connection={0} engine={1} handshakeStatus={2}", new Object[]{connection, sslEngine, sslEngine.getHandshakeStatus()}); } HandshakeStatus handshakeStatus = sslEngine.getHandshakeStatus(); if (handshakeStatus == HandshakeStatus.NOT_HANDSHAKING) { sslEngine.beginHandshake(); } final FutureImpl<SSLEngine> future = SafeFutureImpl.create(); final HandshakeCompletionHandler hsCompletionHandler = new HandshakeCompletionHandler(future, completionHandler, sslEngine); sslStreamReader.notifyCondition(new SSLHandshakeCondition(sslStreamReader, this, configurator, sslEngine, hsCompletionHandler), hsCompletionHandler); return future; }
final Connection c = ctx.getConnection(); if (getSslConnectionContext(c) == null) { final Buffer input = ctx.getMessage(); if (input.remaining() < 5) { return ctx.getStopAction(input); int pos = input.position(); final byte byte0 = input.get(pos++); final byte byte1 = input.get(pos++); final byte byte2 = input.get(pos++); obtainSslConnectionContext(c); final SSLEngine sslEngine = configurator.createSSLEngine(); sslCtx.configure(sslEngine); sslEngine.beginHandshake(); notifyHandshakeStart(c);
final long timeoutMillis) throws IOException { final Connection connection = ctx.getConnection(); final SSLEngine sslEngine = sslCtx.getSslEngine(); final Buffer tmpAppBuffer = allocateOutputBuffer(sslCtx.getAppBufferSize()); final long oldReadTimeout = connection.getReadTimeout(TimeUnit.MILLISECONDS); connection.setReadTimeout(timeoutMillis, TimeUnit.MILLISECONDS); inputBuffer = makeInputRemainder(sslCtx, ctx, doHandshakeStep(sslCtx, ctx, inputBuffer, tmpAppBuffer)); while (isHandshaking(sslEngine)) { final ReadResult rr = ctx.read(); final Buffer newBuf = (Buffer) rr.getMessage(); inputBuffer = Buffers.appendBuffers(ctx.getMemoryManager(), inputBuffer, newBuf); inputBuffer = makeInputRemainder(sslCtx, ctx, doHandshakeStep(sslCtx, ctx, inputBuffer, tmpAppBuffer)); tmpAppBuffer.dispose(); connection.setReadTimeout(oldReadTimeout, TimeUnit.MILLISECONDS);
private X509Certificate getServerCertificate(final Request request) { // return the active server certificate, which is used for this connection. final SSLEngine sslEngine = SSLUtils.getSSLEngine( request.getContext().getConnection()); return (X509Certificate) sslEngine.getSession().getLocalCertificates()[0]; } }
@Override public Result find(final PUContext puContext, final FilterChainContext ctx) { final Buffer buffer = ctx.getMessage(); try { final int expectedLength = getSSLPacketSize(buffer); if (expectedLength == -1 || buffer.remaining() < expectedLength) { return Result.NEED_MORE_DATA; } } catch (SSLException e) { LOGGER.log(Level.FINE, "Packet header is not SSL", e); return Result.NOT_FOUND; } return Result.FOUND; } }
public void verify() { final SSLSession session = SSLUtils.getSSLEngine(connection).getSession(); if (LOGGER.isDebugEnabled()) { LOGGER.debug("SSL Handshake onComplete: session = {}, id = {}, isValid = {}, host = {}", session.toString(), Base64.encode(session.getId()), session.isValid(), host); } if (!verifier.verify(host, session)) { connection.terminateSilently(); IOException e = new ConnectException("Host name verification failed for host " + host); delegate.failed(e); } } }
synchronized void initializeAsynchronousTransfer(final FilterChainContext context, final HttpRequestPacket requestPacket) throws IOException { if (asyncTransferInitiated) { throw new IllegalStateException("Async transfer has already been initiated."); } if (feeder == null) { throw new IllegalStateException("No feeder available to perform the transfer."); } assert (context != null); assert (requestPacket != null); this.requestPacket = requestPacket; this.contentBuilder = HttpContent.builder(requestPacket); final Connection c = context.getConnection(); origMaxPendingBytes = c.getMaxAsyncWriteQueueSize(); if (configuredMaxPendingBytes != DEFAULT) { c.setMaxAsyncWriteQueueSize(configuredMaxPendingBytes); } this.context = context; asyncTransferInitiated = true; if (requestPacket.isSecure() && (getSSLEngine(context.getConnection()) == null)) { flushOnSSLHandshakeComplete(); } else { feederFlush(context.getConnection()); } }
static Buffer move(final MemoryManager memoryManager, final Buffer buffer) { final Buffer tmpBuf = copy(memoryManager, buffer); buffer.tryDispose(); return tmpBuf; }
public static void setSSLEngine(final Connection connection, final SSLEngine sslEngine) { SSLConnectionContext ctx = getSslConnectionContext(connection); if (ctx == null) { // set first time outside of standard SSLFilter ctx = new SSLConnectionContext(connection); SSL_CTX_ATTR.set(connection, ctx); } ctx.configure(sslEngine); }
@Override public Buffer grow(final SSLConnectionContext sslCtx, final Buffer oldBuffer, final int newSize) { return allocateOutputBuffer(newSize); } };
final Connection connection = ctx.getConnection(); HandshakeStatus handshakeStatus = sslEngine.getHandshakeStatus(); new Object[]{sslEngine, sslEngine.getHandshakeStatus()}); final int expectedLength = getSSLPacketSize(inputBuffer); if (expectedLength == -1 || inputBuffer.remaining() < expectedLength) { break _exitWhile; tmpAppBuffer = allocateOutputBuffer(sslCtx.getAppBufferSize()); handshakeUnwrap(expectedLength, sslCtx, inputBuffer, tmpAppBuffer); final Status status = sslEngineResult.getStatus(); throw new SSLException("SSL unwrap error: " + status); tmpNetBuffer = handshakeWrap( connection, sslCtx, tmpNetBuffer); handshakeStatus = sslEngine.getHandshakeStatus(); executeDelegatedTask(sslEngine); handshakeStatus = sslEngine.getHandshakeStatus(); break; inputBuffer = makeInputRemainder(sslCtx, ctx, inputBuffer);
protected NextAction unwrapAll(final FilterChainContext ctx, final SSLConnectionContext sslCtx) throws SSLException { Buffer input = ctx.getMessage(); final int len = getSSLPacketSize(input); if (len == -1 || input.remaining() < len) { break; output.dispose(); throw result.getError(); if (isHandshaking(sslCtx.getSslEngine())) { switch (result.getSslEngineResult().getStatus()) { case OK: if (input.hasRemaining()) { break; result.getSslEngineResult().getStatus()); if (output.hasRemaining() || isClosed) { ctx.setMessage(output); return ctx.getInvokeAction(makeInputRemainder(sslCtx, ctx, input)); return ctx.getStopAction(makeInputRemainder(sslCtx, ctx, input));
@Override public NextAction handleRead(final FilterChainContext ctx) throws IOException { final Connection connection = ctx.getConnection(); final SSLConnectionContext sslCtx = sslBaseFilter.obtainSslConnectionContext(connection); if (sslCtx.getSslEngine() == null) { final SSLEngine sslEngine = sslBaseFilter.serverSSLEngineConfigurator.createSSLEngine(); sslEngine.beginHandshake(); sslCtx.configure(sslEngine); sslBaseFilter.notifyHandshakeStart(connection); } ctx.setMessage(allowDispose(allocateInputBuffer(sslCtx))); return wrappedFilter.handleRead(ctx); }
public Future<SSLEngine> handshake(final SSLStreamReader sslStreamReader, final SSLEngineConfigurator configurator, final CompletionHandler<SSLEngine> completionHandler) throws IOException { final Connection connection = getConnection(); SSLEngine sslEngine = SSLUtils.getSSLEngine(getConnection()); if (sslEngine == null) { sslEngine = configurator.createSSLEngine(); SSLUtils.setSSLEngine(connection, sslEngine); checkBuffers(connection, sslEngine); } final boolean isLoggingFinest = logger.isLoggable(Level.FINEST); if (isLoggingFinest) { logger.log(Level.FINEST, "connection={0} engine={1} handshakeStatus={2}", new Object[]{connection, sslEngine, sslEngine.getHandshakeStatus()}); } HandshakeStatus handshakeStatus = sslEngine.getHandshakeStatus(); if (handshakeStatus == HandshakeStatus.NOT_HANDSHAKING) { sslEngine.beginHandshake(); } final FutureImpl<SSLEngine> future = SafeFutureImpl.create(); final HandshakeCompletionHandler hsCompletionHandler = new HandshakeCompletionHandler(future, completionHandler, sslEngine); sslStreamReader.notifyCondition(new SSLHandshakeCondition(sslStreamReader, this, configurator, sslEngine, hsCompletionHandler), hsCompletionHandler); return future; }