Package org.apache.mina.filter.ssl

Class SslFilter

  • All Implemented Interfaces:
    IoFilter
    public class SslFilter
extends IoFilterAdapter
    A SSL processor which performs flow control of encrypted information on the filter-chain.

    The initial handshake is automatically enabled for "client" sessions once the filter is added to the filter-chain and the session is connected.

    • Field Detail

      • SSL_SECURED

        public static final AttributeKey SSL_SECURED
        SSLSession object when the session is secured, otherwise null.

      • SSL_HANDLER

        protected static final AttributeKey SSL_HANDLER
        Returns the SSL2Handler object

      • LOGGER

        protected static final org.slf4j.Logger LOGGER
        The logger

      • EXECUTOR

        protected static final java.util.concurrent.Executor EXECUTOR
        Task executor for processing handshakes

      • sslContext

        protected final javax.net.ssl.SSLContext sslContext

      • autoStart

        private final boolean autoStart
        A flag used to tell the filter to start the handshake immediately (in onPostAdd method) alternatively handshake will be started after session is connected (in sessionOpened method) default value is true

      • nonBlockingPipeline

        private boolean nonBlockingPipeline
        Enables the non-blocking pipelines

      • needClientAuth

        protected boolean needClientAuth
        A flag set if client authentication is required

      • wantClientAuth

        protected boolean wantClientAuth
        A flag set if client authentication is requested

      • enabledCipherSuites

        protected java.lang.String[] enabledCipherSuites
        The enabled Ciphers.

      • enabledProtocols

        protected java.lang.String[] enabledProtocols
        The list of enabled SSL/TLS protocols. Must be an array of String, containing:
        • SSLv2Hello
        • SSLv3
        • TLSv1.1 or TLSv1
        • TLSv1.2
        • TLSv1.3
        • NONE
        If null, we will use the default SSLEngine configurtation.

      • identificationAlgorithm

        private java.lang.String identificationAlgorithm
        EndPoint identification algorithms

    • Constructor Detail

      • SslFilter

        public SslFilter​(javax.net.ssl.SSLContext sslContext)
        Creates a new SSL filter using the specified SSLContext.
        Parameters:
        sslContext - The SSLContext to use

      • SslFilter

        public SslFilter​(javax.net.ssl.SSLContext sslContext,
                 boolean autoStart)
        Creates a new SSL filter using the specified SSLContext. If the autostart flag is set to true, the handshake will start immediately after the filter has been added to the chain.
        Parameters:
        sslContext - The SSLContext to use
        autoStart - The flag used to tell the filter to start the handshake immediately

    • Method Detail

      • setUseNonBlockingPipeline

        public void setUseNonBlockingPipeline​(boolean enable)
        Configures the use of the Non Blocking SSL processor. This is experimental.
        Parameters:
        enable - true if the non blocking SSL processor is enabled

      • isNeedClientAuth

        public boolean isNeedClientAuth()
        Returns:
        true if the engine will require client authentication. This option is only useful to engines in the server mode.

      • setNeedClientAuth

        public void setNeedClientAuth​(boolean needClientAuth)
        Configures the engine to require client authentication. This option is only useful for engines in the server mode.
        Parameters:
        needClientAuth - A flag set when client authentication is required

      • isWantClientAuth

        public boolean isWantClientAuth()
        Returns:
        true if the engine will request client authentication. This option is only useful to engines in the server mode.

      • setWantClientAuth

        public void setWantClientAuth​(boolean wantClientAuth)
        Configures the engine to request client authentication. This option is only useful for engines in the server mode.
        Parameters:
        wantClientAuth - A flag set when client authentication is requested

      • getEnabledCipherSuites

        public java.lang.String[] getEnabledCipherSuites()
        Returns:
        the list of cipher suites to be enabled when SSLEngine is initialized. null means 'use SSLEngine's default.'

      • setEnabledCipherSuites

        public void setEnabledCipherSuites​(java.lang.String... enabledCipherSuites)
        Sets the list of cipher suites to be enabled when SSLEngine is initialized.
        Parameters:
        enabledCipherSuites - The list of enabled Cipher. null means 'use SSLEngine's default.'

      • getEndpointIdentificationAlgorithm

        public java.lang.String getEndpointIdentificationAlgorithm()
        Returns:
        the endpoint identification algorithm to be used when SSLEngine is initialized. null means 'use SSLEngine's default.'

      • setEndpointIdentificationAlgorithm

        public void setEndpointIdentificationAlgorithm​(java.lang.String identificationAlgorithm)
        Sets the endpoint identification algorithm to be used when SSLEngine is initialized.
        Parameters:
        identificationAlgorithm - null means 'use SSLEngine's default.'

      • getEnabledProtocols

        public java.lang.String[] getEnabledProtocols()
        Returns:
        the list of protocols to be enabled when SSLEngine is initialized. null means 'use SSLEngine's default.'

      • getSslHandler

        private SslHandler getSslHandler​(IoSession session)
        Gets the given session's SslHandler.
        Parameters:
        session - An IoSession to query.
        Returns:
        the given session's SslHandler.

      • setEnabledProtocols

        public void setEnabledProtocols​(java.lang.String... enabledProtocols)
        Sets the list of protocols to be enabled when SSLEngine is initialized.
        Parameters:
        enabledProtocols - The list of enabled SSL/TLS protocols. null means 'use SSLEngine's default.'

      • onPreAdd

        public void onPreAdd​(IoFilterChain parent,
                     java.lang.String name,
                     IoFilter.NextFilter next)
              throws java.lang.Exception
        Invoked before this filter is added to the specified parent. Please note that this method can be invoked more than once if this filter is added to more than one parents. This method is not invoked before IoFilter.init() is invoked.
        Specified by:
        onPreAdd in interface IoFilter
        Overrides:
        onPreAdd in class IoFilterAdapter
        Parameters:
        parent - the parent who called this method
        name - the name assigned to this filter
        next - the IoFilter.NextFilter for this filter. You can reuse this object until this filter is removed from the chain.
        Throws:
        java.lang.Exception - If an error occurred while processing the event

      • onPostAdd

        public void onPostAdd​(IoFilterChain parent,
                      java.lang.String name,
                      IoFilter.NextFilter next)
               throws java.lang.Exception
        Invoked after this filter is added to the specified parent. Please note that this method can be invoked more than once if this filter is added to more than one parents. This method is not invoked before IoFilter.init() is invoked.
        Specified by:
        onPostAdd in interface IoFilter
        Overrides:
        onPostAdd in class IoFilterAdapter
        Parameters:
        parent - the parent who called this method
        name - the name assigned to this filter
        next - the IoFilter.NextFilter for this filter. You can reuse this object until this filter is removed from the chain.
        Throws:
        java.lang.Exception - If an error occurred while processing the event

      • onPreRemove

        public void onPreRemove​(IoFilterChain parent,
                        java.lang.String name,
                        IoFilter.NextFilter next)
                 throws java.lang.Exception
        Invoked before this filter is removed from the specified parent. Please note that this method can be invoked more than once if this filter is removed from more than one parents. This method is always invoked before IoFilter.destroy() is invoked.
        Specified by:
        onPreRemove in interface IoFilter
        Overrides:
        onPreRemove in class IoFilterAdapter
        Parameters:
        parent - the parent who called this method
        name - the name assigned to this filter
        next - the IoFilter.NextFilter for this filter. You can reuse this object until this filter is removed from the chain.
        Throws:
        java.lang.Exception - If an error occurred while processing the event

      • onConnected

        protected void onConnected​(IoFilter.NextFilter next,
                           IoSession session)
                    throws javax.net.ssl.SSLException
        Internal method for performing post-connect operations; this can be triggered during normal connect event or after the filter is added to the chain.
        Parameters:
        next - The nextFilter to call in the chain
        session - The session instance
        Throws:
        javax.net.ssl.SSLException - Any exception thrown by the SslHandler closing

      • onClose

        protected void onClose​(IoFilter.NextFilter next,
                       IoSession session,
                       boolean linger)
                throws javax.net.ssl.SSLException
        Called when the session is going to be closed. We must shutdown the SslHandler instance.
        Parameters:
        next - The nextFilter to call in the chain
        session - The session instance
        linger - if true, write any queued messages before closing
        Throws:
        javax.net.ssl.SSLException - Any exception thrown by the SslHandler closing

      • createEngine

        protected javax.net.ssl.SSLEngine createEngine​(IoSession session,
                                               java.net.InetSocketAddress addr)
        Customization handler for creating the engine
        Parameters:
        session - source session
        addr - socket address used for fast reconnect
        Returns:
        an SSLEngine