sslfilter.java

apache 的一个socket框架

        }

        IoSession session = parent.getSession();
        session.setAttribute(NEXT_FILTER, nextFilter);

        // Create an SSL handler and start handshake.
        SSLHandler handler = new SSLHandler(this, sslContext, session);
        session.setAttribute(SSL_HANDLER, handler);
    }

    public void onPostAdd(IoFilterChain parent, String name,
            NextFilter nextFilter) throws SSLException {
        SSLHandler handler = getSSLSessionHandler(parent.getSession());
        synchronized (handler) {
            handler.handshake(nextFilter);
        }
        handler.flushScheduledEvents();
    }

    public void onPreRemove(IoFilterChain parent, String name,
            NextFilter nextFilter) throws SSLException {
        IoSession session = parent.getSession();
        stopSSL(session);
        session.removeAttribute(NEXT_FILTER);
        session.removeAttribute(SSL_HANDLER);
    }

    // IoFilter impl.
    public void sessionClosed(NextFilter nextFilter, IoSession session)
            throws SSLException {
        SSLHandler handler = getSSLSessionHandler(session);
        try {
            synchronized (handler) {
                if (isSSLStarted(session)) {
                    if (SessionLog.isDebugEnabled(session)) {
                        SessionLog.debug(session, " Closed: "
                                + getSSLSessionHandler(session));
                    }
                }

                // release resources
                handler.destroy();
            }

            handler.flushScheduledEvents();
        } finally {
            // notify closed session
            nextFilter.sessionClosed(session);
        }
    }

    public void messageReceived(NextFilter nextFilter, IoSession session,
            Object message) throws SSLException {
        SSLHandler handler = getSSLSessionHandler(session);
        synchronized (handler) {
            if (!isSSLStarted(session) && handler.isInboundDone()) {
                handler.scheduleMessageReceived(nextFilter, message);
            } else {
                ByteBuffer buf = (ByteBuffer) message;
                if (SessionLog.isDebugEnabled(session)) {
                    SessionLog.debug(session, " Data Read: " + handler + " ("
                            + buf + ')');
                }

                try {
                    // forward read encrypted data to SSL handler
                    handler.messageReceived(nextFilter, buf.buf());

                    // Handle data to be forwarded to application or written to net
                    handleSSLData(nextFilter, handler);

                    if (handler.isInboundDone()) {
                        if (handler.isOutboundDone()) {
                            if (SessionLog.isDebugEnabled(session)) {
                                SessionLog.debug(session,
                                        " SSL Session closed.");
                            }

                            handler.destroy();
                        } else {
                            initiateClosure(nextFilter, session);
                        }

                        if (buf.hasRemaining()) {
                            handler.scheduleMessageReceived(nextFilter,
                                    buf);
                        }
                    }
                } catch (SSLException ssle) {
                    if (!handler.isInitialHandshakeComplete()) {
                        SSLException newSSLE = new SSLHandshakeException(
                                "Initial SSL handshake failed.");
                        newSSLE.initCause(ssle);
                        ssle = newSSLE;
                    }

                    throw ssle;
                }
            }
        }

        handler.flushScheduledEvents();
    }

    public void messageSent(NextFilter nextFilter, IoSession session,
            Object message) {
        if (message instanceof EncryptedBuffer) {
            EncryptedBuffer buf = (EncryptedBuffer) message;
            buf.release();
            nextFilter.messageSent(session, buf.originalBuffer);
        } else {
            // ignore extra buffers used for handshaking
        }
    }

    public void filterWrite(NextFilter nextFilter, IoSession session,
            WriteRequest writeRequest) throws SSLException {
        boolean needsFlush = true;
        SSLHandler handler = getSSLSessionHandler(session);
        synchronized (handler) {
            if (!isSSLStarted(session)) {
                handler.scheduleFilterWrite(nextFilter,
                        writeRequest);
            }
            // Don't encrypt the data if encryption is disabled.
            else if (session.containsAttribute(DISABLE_ENCRYPTION_ONCE)) {
                // Remove the marker attribute because it is temporary.
                session.removeAttribute(DISABLE_ENCRYPTION_ONCE);
                handler.scheduleFilterWrite(nextFilter,
                        writeRequest);
            } else {
                // Otherwise, encrypt the buffer.
                ByteBuffer buf = (ByteBuffer) writeRequest.getMessage();

                if (SessionLog.isDebugEnabled(session)) {
                    SessionLog.debug(session, " Filtered Write: " + handler);
                }

                if (handler.isWritingEncryptedData()) {
                    // data already encrypted; simply return buffer
                    if (SessionLog.isDebugEnabled(session)) {
                        SessionLog.debug(session, "   already encrypted: "
                                + buf);
                    }
                    handler.scheduleFilterWrite(nextFilter,
                            writeRequest);
                } else if (handler.isInitialHandshakeComplete()) {
                    // SSL encrypt
                    if (SessionLog.isDebugEnabled(session)) {
                        SessionLog.debug(session, " encrypt: " + buf);
                    }

                    int pos = buf.position();
                    handler.encrypt(buf.buf());
                    buf.position(pos);
                    ByteBuffer encryptedBuffer = new EncryptedBuffer(SSLHandler
                            .copy(handler.getOutNetBuffer()), buf);

                    if (SessionLog.isDebugEnabled(session)) {
                        SessionLog.debug(session, " encrypted buf: "
                                + encryptedBuffer);
                    }
                    handler.scheduleFilterWrite(nextFilter,
                            new WriteRequest(encryptedBuffer, writeRequest
                                    .getFuture()));
                } else {
                    if (!session.isConnected()) {
                        if (SessionLog.isDebugEnabled(session)) {
                            SessionLog.debug(session,
                                    " Write request on closed session.");
                        }
                    } else {
                        if (SessionLog.isDebugEnabled(session)) {
                            SessionLog
                                    .debug(session,
                                            " Handshaking is not complete yet. Buffering write request.");
                        }
                        handler.schedulePreHandshakeWriteRequest(nextFilter,
                                writeRequest);
                    }
                    needsFlush = false;
                }
            }
        }

        if (needsFlush) {
            handler.flushScheduledEvents();
        }
    }

    public void filterClose(final NextFilter nextFilter, final IoSession session)
            throws SSLException {
        SSLHandler handler = getSSLSessionHandler0(session);
        if (handler == null) {
            // The connection might already have closed, or
            // SSL might have not started yet.
            nextFilter.filterClose(session);
            return;
        }

        WriteFuture future = null;
        try {
            synchronized (handler) {
                if (isSSLStarted(session)) {
                    future = initiateClosure(nextFilter, session);
                }
            }

            handler.flushScheduledEvents();
        } finally {
            if (future == null) {
                nextFilter.filterClose(session);
            } else {
                future.addListener(new IoFutureListener() {
                    public void operationComplete(IoFuture future) {
                        nextFilter.filterClose(session);
                    }
                });
            }
        }
    }

    private WriteFuture initiateClosure(NextFilter nextFilter, IoSession session)
            throws SSLException {
        SSLHandler handler = getSSLSessionHandler(session);
        // if already shut down
        if (!handler.closeOutbound()) {
            return DefaultWriteFuture.newNotWrittenFuture(session);
        }

        // there might be data to write out here?
        WriteFuture future = handler.writeNetBuffer(nextFilter);

        if (handler.isInboundDone()) {
            handler.destroy();
        }

        if (session.containsAttribute(USE_NOTIFICATION)) {
            handler.scheduleMessageReceived(nextFilter, SESSION_UNSECURED);
        }

        return future;
    }

    // Utiliities

    private void handleSSLData(NextFilter nextFilter, SSLHandler handler)
            throws SSLException {
        // Flush any buffered write requests occurred before handshaking.
        if (handler.isInitialHandshakeComplete()) {
            handler.flushPreHandshakeEvents();
        }

        // Write encrypted data to be written (if any)
        handler.writeNetBuffer(nextFilter);

        // handle app. data read (if any)
        handleAppDataRead(nextFilter, handler);
    }

    private void handleAppDataRead(NextFilter nextFilter, SSLHandler handler) {
        IoSession session = handler.getSession();
        if (!handler.getAppBuffer().hasRemaining()) {
            return;
        }

        if (SessionLog.isDebugEnabled(session)) {
            SessionLog.debug(session, " appBuffer: " + handler.getAppBuffer());
        }

        // forward read app data
        ByteBuffer readBuffer = SSLHandler.copy(handler.getAppBuffer());
        if (SessionLog.isDebugEnabled(session)) {
            SessionLog.debug(session, " app data read: " + readBuffer + " ("
                    + readBuffer.getHexDump() + ')');
        }

        handler.scheduleMessageReceived(nextFilter, readBuffer);
    }

    private SSLHandler getSSLSessionHandler(IoSession session) {
        SSLHandler handler = getSSLSessionHandler0(session);
        if (handler == null) {
            throw new IllegalStateException();
        }
        if (handler.getParent() != this) {
            throw new IllegalArgumentException("Not managed by this filter.");
        }
        return handler;
    }

    private SSLHandler getSSLSessionHandler0(IoSession session) {
        return (SSLHandler) session.getAttribute(SSL_HANDLER);
    }

    /**
     * A message that is sent from {@link SSLFilter} when the connection became
     * secure or is not secure anymore. 
     *
     * @author The Apache Directory Project (mina-dev@directory.apache.org)
     * @version $Rev: 557169 $, $Date: 2007-07-18 15:26:04 +0900 (수, 18  7월 2007) $
     */
    public static class SSLFilterMessage {
        private final String name;

        private SSLFilterMessage(String name) {
            this.name = name;
        }

        public String toString() {
            return name;
        }
    }

    private static class EncryptedBuffer extends ByteBufferProxy {
        private final ByteBuffer originalBuffer;

        private EncryptedBuffer(ByteBuffer buf, ByteBuffer originalBuffer) {
            super(buf);
            this.originalBuffer = originalBuffer;
        }
    }
}