Package org.apache.mina.filter.ssl

Class SslFilter

  • All Implemented Interfaces:
    IoFilter
    public class SslFilter
extends IoFilterAdapter
    A SSL processor which performs flow control of encrypted information on the filter-chain.

    The initial handshake is automatically enabled for "client" sessions once the filter is added to the filter-chain and the session is connected.

    Author:
    Jonathan Valliere, Apache MINA Project

    • Field Detail

      • SSL_SECURED

        public static final AttributeKey SSL_SECURED
        SSLSession object when the session is secured, otherwise null.

      • SSL_HANDLER

        protected static final AttributeKey SSL_HANDLER
        Returns the SSL2Handler object

      • LOGGER

        protected static final Logger LOGGER
        The logger

      • EXECUTOR

        protected static final Executor EXECUTOR
        Task executor for processing handshakes

      • sslContext

        protected final SSLContext sslContext

      • needClientAuth

        protected boolean needClientAuth
        A flag set if client authentication is required

      • wantClientAuth

        protected boolean wantClientAuth
        A flag set if client authentication is requested

      • enabledCipherSuites

        protected String[] enabledCipherSuites
        The enabled Ciphers.

      • enabledProtocols

        protected String[] enabledProtocols
        The list of enabled SSL/TLS protocols. Must be an array of String, containing:
        • SSLv2Hello
        • SSLv3
        • TLSv1.1 or TLSv1
        • TLSv1.2
        • TLSv1.3
        • NONE
        If null, we will use the default SSLEngine configurtation.

    • Constructor Detail

      • SslFilter

        public SslFilter​(SSLContext sslContext)
        Creates a new SSL filter using the specified SSLContext.
        Parameters:
        sslContext - The SSLContext to use

    • Method Detail

      • isNeedClientAuth

        public boolean isNeedClientAuth()
        Returns:
        true if the engine will require client authentication. This option is only useful to engines in the server mode.

      • setNeedClientAuth

        public void setNeedClientAuth​(boolean needClientAuth)
        Configures the engine to require client authentication. This option is only useful for engines in the server mode.
        Parameters:
        needClientAuth - A flag set when client authentication is required

      • isWantClientAuth

        public boolean isWantClientAuth()
        Returns:
        true if the engine will request client authentication. This option is only useful to engines in the server mode.

      • setWantClientAuth

        public void setWantClientAuth​(boolean wantClientAuth)
        Configures the engine to request client authentication. This option is only useful for engines in the server mode.
        Parameters:
        wantClientAuth - A flag set when client authentication is requested

      • getEnabledCipherSuites

        public String[] getEnabledCipherSuites()
        Returns:
        the list of cipher suites to be enabled when SSLEngine is initialized. null means 'use SSLEngine's default.'

      • setEnabledCipherSuites

        public void setEnabledCipherSuites​(String... enabledCipherSuites)
        Sets the list of cipher suites to be enabled when SSLEngine is initialized.
        Parameters:
        enabledCipherSuites - The list of enabled Cipher. null means 'use SSLEngine's default.'

      • getEndpointIdentificationAlgorithm

        public String getEndpointIdentificationAlgorithm()
        Returns:
        the endpoint identification algorithm to be used when SSLEngine is initialized. null means 'use SSLEngine's default.'

      • setEndpointIdentificationAlgorithm

        public void setEndpointIdentificationAlgorithm​(String identificationAlgorithm)
        Sets the endpoint identification algorithm to be used when SSLEngine is initialized.
        Parameters:
        identificationAlgorithm - null means 'use SSLEngine's default.'

      • getEnabledProtocols

        public String[] getEnabledProtocols()
        Returns:
        the list of protocols to be enabled when SSLEngine is initialized. null means 'use SSLEngine's default.'

      • setEnabledProtocols

        public void setEnabledProtocols​(String... enabledProtocols)
        Sets the list of protocols to be enabled when SSLEngine is initialized.
        Parameters:
        enabledProtocols - The list of enabled SSL/TLS protocols. null means 'use SSLEngine's default.'

      • onPreAdd

        public void onPreAdd​(IoFilterChain parent,
                     String name,
                     IoFilter.NextFilter next)
              throws Exception
        Invoked before this filter is added to the specified parent. Please note that this method can be invoked more than once if this filter is added to more than one parents. This method is not invoked before IoFilter.init() is invoked.
        Specified by:
        onPreAdd in interface IoFilter
        Overrides:
        onPreAdd in class IoFilterAdapter
        Parameters:
        parent - the parent who called this method
        name - the name assigned to this filter
        next - the IoFilter.NextFilter for this filter. You can reuse this object until this filter is removed from the chain.
        Throws:
        Exception - If an error occurred while processing the event

      • onPostAdd

        public void onPostAdd​(IoFilterChain parent,
                      String name,
                      IoFilter.NextFilter next)
               throws Exception
        Invoked after this filter is added to the specified parent. Please note that this method can be invoked more than once if this filter is added to more than one parents. This method is not invoked before IoFilter.init() is invoked.
        Specified by:
        onPostAdd in interface IoFilter
        Overrides:
        onPostAdd in class IoFilterAdapter
        Parameters:
        parent - the parent who called this method
        name - the name assigned to this filter
        next - the IoFilter.NextFilter for this filter. You can reuse this object until this filter is removed from the chain.
        Throws:
        Exception - If an error occurred while processing the event

      • onPreRemove

        public void onPreRemove​(IoFilterChain parent,
                        String name,
                        IoFilter.NextFilter next)
                 throws Exception
        Invoked before this filter is removed from the specified parent. Please note that this method can be invoked more than once if this filter is removed from more than one parents. This method is always invoked before IoFilter.destroy() is invoked.
        Specified by:
        onPreRemove in interface IoFilter
        Overrides:
        onPreRemove in class IoFilterAdapter
        Parameters:
        parent - the parent who called this method
        name - the name assigned to this filter
        next - the IoFilter.NextFilter for this filter. You can reuse this object until this filter is removed from the chain.
        Throws:
        Exception - If an error occurred while processing the event

      • onConnected

        protected void onConnected​(IoFilter.NextFilter next,
                           IoSession session)
                    throws SSLException
        Internal method for performing post-connect operations; this can be triggered during normal connect event or after the filter is added to the chain.
        Parameters:
        next - The nextFilter to call in the chain
        session - The session instance
        Throws:
        SSLException - Any exception thrown by the SslHandler closing

      • onClose

        protected void onClose​(IoFilter.NextFilter next,
                       IoSession session,
                       boolean linger)
                throws SSLException
        Called when the session is going to be closed. We must shutdown the SslHandler instance.
        Parameters:
        next - The nextFilter to call in the chain
        session - The session instance
        linger - if true, write any queued messages before closing
        Throws:
        SSLException - Any exception thrown by the SslHandler closing

      • createEngine

        protected SSLEngine createEngine​(IoSession session,
                                 InetSocketAddress addr)
        Customization handler for creating the engine
        Parameters:
        session - source session
        addr - socket address used for fast reconnect
        Returns:
        an SSLEngine