public class SNIFilter extends SSLFilter
Filter
implementation.
This filter supports SNI extension on both client and server sides, however
the client side logic works on JDK 7+ only.
On the server-side this filter allows developers to set custom
SSLEngineConfigurator
, based on the host name provided by the client
in the SSL CLIENT_HELLO message.
An SNIServerConfigResolver
registered via setServerSSLConfigResolver(org.glassfish.grizzly.sni.SNIServerConfigResolver)
would be responsible for customizing SSLEngineConfigurator
.
On the other hand for client-side it's not mandatory to register SNIClientConfigResolver
,
because the host name information could be obtained from the Connection.getPeerAddress()
.
However SNIClientConfigResolver
could be used to customize the host name.SSLBaseFilter.CertificateEvent, SSLBaseFilter.HandshakeListener, SSLBaseFilter.SSLTransportFilterWrapper
maxPendingBytes
COPY_CLONER, handshakeListeners
Constructor and Description |
---|
SNIFilter() |
SNIFilter(SSLEngineConfigurator serverSSLEngineConfigurator,
SSLEngineConfigurator clientSSLEngineConfigurator)
Construct an SNIFilter with the given default client and server
side
SSLEngineConfigurator . |
SNIFilter(SSLEngineConfigurator serverSSLEngineConfigurator,
SSLEngineConfigurator clientSSLEngineConfigurator,
boolean renegotiateOnClientAuthWant)
Construct an SNIFilter with the given default
SSLEngineConfigurator . |
Modifier and Type | Method and Description |
---|---|
protected SSLBaseFilter.SSLTransportFilterWrapper |
createOptimizedTransportFilter(TransportFilter childFilter) |
SNIClientConfigResolver |
getClientSSLConfigResolver() |
SNIServerConfigResolver |
getServerSSLConfigResolver() |
NextAction |
handleConnect(FilterChainContext ctx)
Execute a unit of processing work to be performed, when channel gets
connected.
|
NextAction |
handleRead(FilterChainContext ctx)
Execute a unit of processing work to be performed, when channel will
become available for reading.
|
void |
setClientSSLConfigResolver(SNIClientConfigResolver resolver)
Sets
SNIClientConfigResolver , which is responsible for customizing
SSLEngineConfigurator and SNI host name to be sent to a server. |
void |
setServerSSLConfigResolver(SNIServerConfigResolver resolver)
Sets
SNIServerConfigResolver , which is responsible for customizing
SSLEngineConfigurator for newly accepted Connection s,
based on SNI host name information sent by a client. |
doHandshakeStep, getClientSSLEngineConfigurator, getMaxPendingBytesPerConnection, handleWrite, handshake, handshake, handshake, handshake, notifyHandshakeComplete, notifyHandshakeFailed, setMaxPendingBytesPerConnection
addHandshakeListener, createSslConnectionContext, doHandshakeStep, doHandshakeSync, getHandshakeTimeout, getOptimizedTransportFilter, getPeerCertificateChain, getServerSSLEngineConfigurator, handleEvent, isRenegotiateOnClientAuthWant, notifyHandshakeStart, obtainSslConnectionContext, onAdded, onRemoved, removeHandshakeListener, renegotiate, setHandshakeTimeout, unwrapAll, wrapAll
createContext, exceptionOccurred, handleAccept, handleClose, onFilterChainChanged
public SNIFilter()
public SNIFilter(SSLEngineConfigurator serverSSLEngineConfigurator, SSLEngineConfigurator clientSSLEngineConfigurator)
SSLEngineConfigurator
.serverSSLEngineConfigurator
- clientSSLEngineConfigurator
- public SNIFilter(SSLEngineConfigurator serverSSLEngineConfigurator, SSLEngineConfigurator clientSSLEngineConfigurator, boolean renegotiateOnClientAuthWant)
SSLEngineConfigurator
.serverSSLEngineConfigurator
- SSLEngine configurator for server side connectionsclientSSLEngineConfigurator
- SSLEngine configurator for client side connectionsrenegotiateOnClientAuthWant
- public SNIServerConfigResolver getServerSSLConfigResolver()
SNIServerConfigResolver
, which is responsible for customizing
SSLEngineConfigurator
for newly accepted Connection
s,
based on SNI host name information sent by a clientpublic void setServerSSLConfigResolver(SNIServerConfigResolver resolver)
SNIServerConfigResolver
, which is responsible for customizing
SSLEngineConfigurator
for newly accepted Connection
s,
based on SNI host name information sent by a client.resolver
- SNIServerConfigResolver
public SNIClientConfigResolver getClientSSLConfigResolver()
SNIClientConfigResolver
, which is responsible for customizing
SSLEngineConfigurator
and SNI host name to be sent to a serverpublic void setClientSSLConfigResolver(SNIClientConfigResolver resolver)
SNIClientConfigResolver
, which is responsible for customizing
SSLEngineConfigurator
and SNI host name to be sent to a server.resolver
- protected SSLBaseFilter.SSLTransportFilterWrapper createOptimizedTransportFilter(TransportFilter childFilter)
createOptimizedTransportFilter
in class SSLBaseFilter
public NextAction handleConnect(FilterChainContext ctx) throws IOException
BaseFilter
Filter
may either complete the required processing and
return false, or delegate remaining processing to the next
Filter
in a FilterChain
containing this Filter
by returning true.handleConnect
in interface Filter
handleConnect
in class BaseFilter
ctx
- FilterChainContext
NextAction
instruction for FilterChain
, how it
should continue the executionIOException
public NextAction handleRead(FilterChainContext ctx) throws IOException
BaseFilter
Filter
may either complete the required processing and
return false, or delegate remaining processing to the next
Filter
in a FilterChain
containing this Filter
by returning true.handleRead
in interface Filter
handleRead
in class SSLBaseFilter
ctx
- FilterChainContext
NextAction
instruction for FilterChain
, how it
should continue the executionIOException
Copyright © 2015 Oracle Corporation. All rights reserved.