Hi,
I would like to ask for the community feedback on current SSL
implementation in Grizzly 2.0
Unlike Grizzly 1.x, Grizzly 2.0 doesn't have special SSL transport,
but uses SSL Encoder and Decoder Transformers.
Transformer API is topic for separate email and blog ;). Just in
several words - Transformer knows how to transform data from one
representation to another.
In our case:
SSLEncoderTransformer encodes plaintext input Buffer into TLS/SSL
encoded output Buffer.
SSLDecoderTransformer decodes TLS/SSL encoded Buffer into plaintext
data Buffer.
SSLCodec - incapsulates encoder and decoder transformers and SSL
configuration objects.
It's possible to work with SSL in both standalone and Filter modes.
1) Standalone mode.
In standalone mode developer should implicitly initialize SSL
connection with SSL handshake. And then use Connection I/O methods
(read/write) to send and receive data.
Example:
Connection connection = null;
// Initiate the SSLCodec
SSLCodec sslCodec = new SSLCodec(createSSLContext());
TCPNIOTransport transport =
TransportManager.instance().createTCPTransport();
try {
transport.bind(PORT);
transport.start();
// Connect client
ConnectFuture future = transport.connect("localhost",
PORT);
connection = (TCPNIOConnection) future.get(10,
TimeUnit.SECONDS);
// Run handshake
Future handshakeFuture = sslCodec.handshake(connection);
// Wait until handshake will be completed
handshakeFuture.get(10, TimeUnit.SECONDS);
MemoryManager memoryManager = transport.getMemoryManager();
Buffer message = MemoryUtils.wrap(memoryManager, "Hello
world!");
// Write the message with SSLCodec.getEncoder() parameter.
Future writeFuture = connection.write(null, message, null,
sslCodec.getEncoder(), 10, TimeUnit.SECONDS);
writeFuture.get();
// Obtain the Buffer, which corresponds to the SSLEngine
requirements.
Buffer receiverBuffer = SSLResourcesAccessor.getInstance().
obtainAppBuffer(connection);
// Read the message with SSLCodec.getDecoder() parameter
Future readFuture =
connection.read(receiverBuffer, null,
sslCodec.getDecoder(), null, 10,
TimeUnit.SECONDS);
.....................................................
2) Filter mode.
In Filter mode developer should just add SSLFilter to the transport
filter chain. The SSLFilter itself has a SSLCodec, which in its turn
has SSL encode/decode transformers and SSL configuration.
Example (SSL Echo server)
Connection connection = null;
SSLCodec sslCodec = new SSLCodec(createSSLContext());
TCPNIOTransport transport =
TransportManager.instance().createTCPTransport();
transport.getFilterChain().add(new TransportFilter());
// Add SSLFilter
transport.getFilterChain().add(new SSLFilter(sslCodec));
transport.getFilterChain().add(new EchoFilter());
try {
transport.bind(PORT);
transport.start();
...................
Will appreciate the feedback.
Thanks.
WBR,
Alexey.