Hi guys,
as a follow up of a discussion we have had with Jonathan, I would like
to suggest we add the 'secured()' event in the IoHandler. Th idea is to
make it simpler for MINA users to be informed when teh TLS handshake has
been completed.
Currently, one need to add the USE_NOTIFICATION attribute in the session
before adding the SslFilter in the chain, in order to receive a
SESSION_SECURED message. This is kind of convoluted solution, which
requires to check for every received message if it's a SESSION_SECURED
message in the messageReceived() method.
Having a secured() event would eliminate this attribute, and this
message, making app implementers life easier.
Typically, in the Apache LDAP API, we implement the startTLS extended
operation, which allows the caller to setup a secured communication over
an existing connection. That forces us to write such code :
...
ldapSession.setAttribute( SslFilter.USE_NOTIFICATION, Boolean.TRUE );
ldapSession.setAttribute( "HANDSHAKE_FUTURE", handshakeFuture );
ldapSession.getFilterChain().addFirst( SSL_FILTER_KEY, sslFilter );
...
(the future is used to be informed when the TLS handshake has been
completed)
and in order to process the SESSION_SECURED message, we have to do :
public void messageReceived( IoSession session, Object message ) throws
Exception
{
// Feed the response and store it into the session
if ( message instanceof SslFilter.SslFilterMessage )
{
// This is a SSL message telling if the session has been
secured or not
HandshakeFuture handshakeFuture = ( HandshakeFuture )
ldapSession.getAttribute( "HANDSHAKE_FUTURE" );
if ( message == SslFilter.SESSION_SECURED )
{
// SECURED
handshakeFuture.secured();
}
else
{
// UNSECURED
handshakeFuture.cancel();
}
ldapSession.removeAttribute( "HANDSHAKE_FUTURE" );
return;
}
which is kind of complicated...
wdyt ?
--
Emmanuel Lecharny
Symas.com
directory.apache.org
