protected SslConnection newSslConnection(ByteBufferPool byteBufferPool, Executor executor, EndPoint endPoint, SSLEngine engine) { return new SslConnection(byteBufferPool, executor, endPoint, engine); } }
@Override public Object getTransport() { return getEndPoint(); }
@Override public Connection customize(Connection connection, Map<String, Object> context) { if (connection instanceof SslConnection) { SslConnection sslConnection = (SslConnection)connection; sslConnection.setRenegotiationAllowed(sslContextFactory.isRenegotiationAllowed()); sslConnection.setRenegotiationLimit(sslContextFactory.getRenegotiationLimit()); sslConnection.setAllowMissingCloseMessage(isAllowMissingCloseMessage()); ContainerLifeCycle connector = (ContainerLifeCycle)context.get(ClientConnectionFactory.CONNECTOR_CONTEXT_KEY); connector.getBeans(SslHandshakeListener.class).forEach(sslConnection::addHandshakeListener); } return ClientConnectionFactory.super.customize(connection, context); } }
private void ensureFillInterested() { if (!SslConnection.this.isFillInterested()) SslConnection.this.fillInterested(); }
@Override public void close() { getDecryptedEndPoint().getConnection().close(); }
@Override public org.eclipse.jetty.io.Connection newConnection(EndPoint endPoint, Map<String, Object> context) throws IOException { String host = (String)context.get(SSL_PEER_HOST_CONTEXT_KEY); int port = (Integer)context.get(SSL_PEER_PORT_CONTEXT_KEY); SSLEngine engine = sslContextFactory.newSSLEngine(host, port); engine.setUseClientMode(true); context.put(SSL_ENGINE_CONTEXT_KEY, engine); SslConnection sslConnection = newSslConnection(byteBufferPool, executor, endPoint, engine); sslConnection.setRenegotiationAllowed(sslContextFactory.isRenegotiationAllowed()); endPoint.setConnection(sslConnection); EndPoint appEndPoint = sslConnection.getDecryptedEndPoint(); appEndPoint.setConnection(connectionFactory.newConnection(appEndPoint, context)); return sslConnection; }
LOG.debug("onIncompleteFlush {}", getEndPoint()); getEndPoint().write(_writeCallback, _encryptedOutput); SslConnection.this.fillInterested();
SslConnection sslConnection = new SslConnection(bufferPool,getExecutor(),endPoint,engine); EndPoint sslEndPoint = sslConnection.getDecryptedEndPoint();
getEndPoint().flush(_encryptedOutput); getEndPoint().shutdownOutput(); getEndPoint().shutdownOutput(); if (_handshaken && handshakeStatus != HandshakeStatus.NOT_HANDSHAKING && !isRenegotiationAllowed()) getEndPoint().shutdownOutput(); return allConsumed; if (!getEndPoint().flush(_encryptedOutput)) getEndPoint().flush(_encryptedOutput); // one retry
@Override public Connection newConnection(Connector connector, EndPoint endPoint) { SSLEngine engine = _sslContextFactory.newSSLEngine(endPoint.getRemoteAddress()); engine.setUseClientMode(false); SslConnection sslConnection = newSslConnection(connector, endPoint, engine); sslConnection.setRenegotiationAllowed(_sslContextFactory.isRenegotiationAllowed()); sslConnection.setRenegotiationLimit(_sslContextFactory.getRenegotiationLimit()); configure(sslConnection, connector, endPoint); ConnectionFactory next = connector.getConnectionFactory(_nextProtocol); EndPoint decryptedEndPoint = sslConnection.getDecryptedEndPoint(); Connection connection = next.newConnection(connector, decryptedEndPoint); decryptedEndPoint.setConnection(connection); return sslConnection; }
@Override public void onOpen() { try { // Begin the handshake _sslEngine.beginHandshake(); super.onOpen(); getDecryptedEndPoint().getConnection().onOpen(); } catch (SSLException x) { getEndPoint().close(); throw new RuntimeIOException(x); } }
sslConnection.setInputBufferSize(getInputBufferSize()); sslConnection.setRenegotiationAllowed(_sslContextFactory.isRenegotiationAllowed()); _actualConnection = sslConnection; final EndPoint decryptedEndPoint = sslConnection.getDecryptedEndPoint(); Connection connection = next.newConnection(_connector, decryptedEndPoint); decryptedEndPoint.setConnection(connection);
@Override public void onFillable() { // onFillable means that there are encrypted bytes ready to be filled. // however we do not fill them here on this callback, but instead wakeup // the decrypted readInterest and/or writeFlusher so that they will attempt // to do the fill and/or flush again and these calls will do the actually // filling. if (DEBUG) LOG.debug("onFillable enter {}", getEndPoint()); // wake up whoever is doing the fill or the flush so they can // do all the filling, unwrapping, wrapping and flushing _decryptedEndPoint.getFillInterest().fillable(); // If we are handshaking, then wake up any waiting write as well as it may have been blocked on the read synchronized(_decryptedEndPoint) { if (_decryptedEndPoint._flushRequiresFillToProgress) { _decryptedEndPoint._flushRequiresFillToProgress = false; getExecutor().execute(_runCompletWrite); } } if (DEBUG) LOG.debug("onFillable exit {}", getEndPoint()); }
public SslConnection(ByteBufferPool byteBufferPool, Executor executor, EndPoint endPoint, SSLEngine sslEngine, boolean useDirectBuffersForEncryption, boolean useDirectBuffersForDecryption) { // This connection does not execute calls to onFillable(), so they will be called by the selector thread. // onFillable() does not block and will only wakeup another thread to do the actual reading and handling. super(endPoint, executor); this._bufferPool = byteBufferPool; this._sslEngine = sslEngine; this._decryptedEndPoint = newDecryptedEndPoint(); this._encryptedDirectBuffers = useDirectBuffersForEncryption; this._decryptedDirectBuffers = useDirectBuffersForDecryption; }
engine = ((SslConnection.DecryptedEndPoint)ep).getSslConnection().getSSLEngine(); else ep = null;
private boolean allowRenegotiate() { if (!isRenegotiationAllowed()) { if (LOG.isDebugEnabled()) LOG.debug("Renegotiation denied {}", SslConnection.this); terminateInput(); return false; } if (getRenegotiationLimit()==0) { if (LOG.isDebugEnabled()) LOG.debug("Renegotiation limit exceeded {}", SslConnection.this); terminateInput(); return false; } return true; }
@Override public void onFillable() { // onFillable means that there are encrypted bytes ready to be filled. // however we do not fill them here on this callback, but instead wakeup // the decrypted readInterest and/or writeFlusher so that they will attempt // to do the fill and/or flush again and these calls will do the actually // filling. if (DEBUG) LOG.debug("onFillable enter {}", _decryptedEndPoint); // We have received a close handshake, close the end point to send FIN. if (_decryptedEndPoint.isInputShutdown()) _decryptedEndPoint.close(); // wake up whoever is doing the fill or the flush so they can // do all the filling, unwrapping, wrapping and flushing _decryptedEndPoint.getFillInterest().fillable(); // If we are handshaking, then wake up any waiting write as well as it may have been blocked on the read synchronized(_decryptedEndPoint) { if (_decryptedEndPoint._flushRequiresFillToProgress) { _decryptedEndPoint._flushRequiresFillToProgress = false; getExecutor().execute(_runCompletWrite); } } if (DEBUG) LOG.debug("onFillable exit {}", _decryptedEndPoint); }
@Override public boolean onIdleExpired() { return getDecryptedEndPoint().getConnection().onIdleExpired(); }
@Override public org.eclipse.jetty.io.Connection newConnection(EndPoint endPoint, Map<String, Object> context) throws IOException { String host = (String)context.get(SSL_PEER_HOST_CONTEXT_KEY); int port = (Integer)context.get(SSL_PEER_PORT_CONTEXT_KEY); SSLEngine engine = sslContextFactory.newSSLEngine(host, port); engine.setUseClientMode(true); context.put(SSL_ENGINE_CONTEXT_KEY, engine); SslConnection sslConnection = newSslConnection(byteBufferPool, executor, endPoint, engine); sslConnection.setRenegotiationAllowed(sslContextFactory.isRenegotiationAllowed()); endPoint.setConnection(sslConnection); EndPoint appEndPoint = sslConnection.getDecryptedEndPoint(); appEndPoint.setConnection(connectionFactory.newConnection(appEndPoint, context)); return sslConnection; }
getEndPoint().write(_writeCallback, _encryptedOutput); SslConnection.this.fillInterested();