dev@grizzly.java.net

Re: problems of the SNI from Lee

From: Lee You <lee.y.y.you_at_gmail.com>
Date: Fri, 30 Jan 2015 21:38:09 +1300

Hi Alexey,

Many thanks for you kindest reply. And Yes, I am trying to setup my Grizzly
HttpServer provided the HTTPS services for the multi virtual host via the
SNI API?

currently, I have added a NetworkListener to the httpServer & replaced the
SSLBaseFilter in the filterChain of that listener by a new
SNIFilter&Resolver. But, I got the NullPointerException @
SNIFilter.handleRead(SNIFilter.java:241);

Here is some part of my code, and logs for your reference as below:

// addon a https listener
        SSLEngineConfigurator ssle = new
SSLEngineConfigurator(serverSslContext.createSSLContext(), false, false,
false);
        NetworkListener listener = new NetworkListener("ssl",
NetworkListener.DEFAULT_NETWORK_HOST, new PortRange(777));

        listener.setSSLEngineConfig(ssle);
        listener.setSecure(true);
        httpServer.addListener(listener);

// replace the SSLBaseFilter
FilterChain filterChain = listener.getFilterChain();
this.sniFilter = new SNIFilter(this.sslEngineConfig, null);
if(sniServerConfigResolver instanceof SNIServerConfigResolver){
                 log.info("setupSNI and sniServerConfigResolver is:" +
sniServerConfigResolver);

this.sniFilter.setServerSSLConfigResolver(sniServerConfigResolver);
        }
        this.outputFilters(filterChain);
       Filter sslFilter = null;
        for (int i = 0; i < filterChain.size(); i++) {
            sslFilter = filterChain.get(i);

            if (sslFilter instanceof TransportFilter) {
                log.info("setup SNI and TransportFilter is removed. ");
                filterChain.remove(i--);
                continue;
            }

            if (sslFilter instanceof SSLBaseFilter) {
                log.info("setup SNI and SSLBaseFilter is changed to be " +
this.sniFilter);
                filterChain.set(i, this.sniFilter);
            }
        }

        this.outputFilters(filterChain);

//LOGS
INFO co.iueo.server.IueoSNIService - setupSNI and sniServerConfigResolver
is:co.iueo.server.IueoSNIService$1_at_43bd05c9
INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
FilterChain is 0
org.glassfish.grizzly.ssl.SSLBaseFilter$SSLTransportFilterWrapper_at_1772594d
INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
FilterChain is 1 org.glassfish.grizzly.ssl.SSLBaseFilter_at_5d44bbf0
INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
FilterChain is 2 org.glassfish.grizzly.http.HttpServerFilter_at_14d11fff
INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
FilterChain is 3 org.glassfish.grizzly.utils.IdleTimeoutFilter_at_3f69d3e1
INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
FilterChain is 4 org.glassfish.grizzly.http.server.FileCacheFilter_at_3ad44d70
INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
FilterChain is 5 org.glassfish.grizzly.websockets.WebSocketFilter_at_4237fae1
INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
FilterChain is 6
org.glassfish.grizzly.http.server.HttpServerFilter_at_5e052bbf
INFO co.iueo.server.IueoSNIService - setup SNI and TransportFilter is
removed.
INFO co.iueo.server.IueoSNIService - setup SNI and SSLBaseFilter is
changed to be org.glassfish.grizzly.sni.SNIFilter_at_2f021d45
INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
FilterChain is 0 org.glassfish.grizzly.sni.SNIFilter_at_2f021d45
INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
FilterChain is 1 org.glassfish.grizzly.http.HttpServerFilter_at_14d11fff
INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
FilterChain is 2 org.glassfish.grizzly.utils.IdleTimeoutFilter_at_3f69d3e1
INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
FilterChain is 3 org.glassfish.grizzly.http.server.FileCacheFilter_at_3ad44d70
INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
FilterChain is 4 org.glassfish.grizzly.websockets.WebSocketFilter_at_4237fae1
INFO co.iueo.server.IueoSNIService - setup SNI and Filters in the
FilterChain is 5
org.glassfish.grizzly.http.server.HttpServerFilter_at_5e052bbf


….
java.lang.NullPointerException
    at org.glassfish.grizzly.sni.SNIFilter.handleRead(SNIFilter.java:241)
    at
org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
    at
org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
    at
org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
    at
org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
    at
org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
    at
org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
    at
org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:561)

////
This NullPointerException, might because I removed the TransportFilter of
the SSLBaseFilter when replacing it.
Should I create a new TCPNIOTransport & new FilterChain instead of the
NetworkListener?
If Yes, how could I get all the other Filters like HttpServerFilter,
IdleTimeoutFilter…..

thanks again, having a great day!
Lee


<quote author='oleksiys'>
Hi Lee,

am I understanding correctly, you're trying to use SNI support with
Grizzly HttpServer?
I am Lee. These days, I am just trying to study the SNI of Grizzly, even
after read your source code of the SNITest.java, I still do not know how
to let it works. Because, i do not understand:
>
> 1.How to bind to my Grizzly HTTP server supporting the HTTPS(SSL/TLS)
> to proved web services? Just using the TCPNIOTransport to bind a
> different port or need to bind to as same port as the Http server?
>
I can provide a sample by the end of the week.
The idea is to use HttpServer AddOn mechanism and update the HttpServer
FilterChain to use SNIFilter instead of SSLBaseFilter.


> 2.Could you explain the meaning of the code with blue color as //below
>
It just associates the hostname property with the connection.

> Do I need this line in my own code?
>
no. You may want to read this value, but definitely not set it.

> Can I switch to different SSL server configure for their host for
> supporting SNI in there?
>
Sure.

> If it return null, what will be happened for that host?
>
The SNIFilter's default server SSLEngineConfigurator will be used.

Thanks

WBR,
Alexey.


> //////////////////////////
>
> ilter.setServerSSLConfigResolver(new SNIServerConfigResolver() {
>
> @Override
>
> public SNIConfig resolve(Connection connection, String
> hostname) {
>
> */sniHostAttr.set(connection, hostname);/*
>
> return SNIConfig.newServerConfig(sslServerEngineConfig);
>
> }
>
> });
>
> Thanks! and looking forward for your reply!
>
> Best Regards,
>
> Lee
>


</quote>
Quoted from:
http://grizzly.1045725.n5.nabble.com/problems-of-the-SNI-from-Lee-tp5710686p5710694.html
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.