Re: [jetty-users] Encryption of the HTTP protocol (e.g. not its payload)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] Encryption of the HTTP protocol (e.g. not its payload)

From: Simone Bordet <sbordet@xxxxxxxxxxx>
Date: Sun, 22 Dec 2019 15:49:40 +0100
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Hi,

On Sat, Dec 21, 2019 at 11:37 AM Karel Goderis <karel.goderis@xxxxxx> wrote:
>
> Hi Simone
>
> >
> > All right so what you need is a HttpConnection that upgrades to
> > HAPConnection, and HAPConnection should be setup similarly to
> > SslConnection, which delegates (after decryption) to another
> > connection that happens to be again a (different) HttpConnection.
> > Have a look at SslConnectionFactory as an example for how an
> > encryption/decryption ConnectionFactory would work.
> >
>
> Just a question, why do you prefer this approach above building a customised HttpConnection that does the encryption/decryption itself? I already have a custmised HhttpConnection in place to deal with Apple modifying the HTTP Verb for Event handling. I would mean that I have to adapt OnFillable() to deal with decryption, and modify SendCallback to deal with encryption (e.g. the FLUSH case branch). And then in the application layer, whenever I derive the encryption keys, do an Endpoint.upgrade() to this customised class, and I would not have to deal with al the buffer dynamics of Endpoint itself
>

Factoring out encryption/decryption means that you will be able to
reuse it with other protocols. We do this with TLS for HTTP/1.1,
WebSocket, HTTP/2, etc.
If you don't need it, fine.
You will have to deal with some buffering anyway (imagine a client
that sends you one byte at a time - you won't be able to decrypt until
you have enough bytes and then you may decrypt only one char).

> Just following up my initial question, how does one upgrade an Endpoint from within a Servlet? In my setup the encryption keys that are required to upgrade to an encrypted connection are the result of an HttpServletRequest that got processed
> I fail to see how to access the underlying data structures down to the HttpConnection and Endpoint in order to do that

You don't access the internal data structures.
You set a request attribute with your new connection, and Jetty does
the upgrade for you.

-- 
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.

References:
- [jetty-users] Encryption of the HTTP protocol (e.g. not its payload)
  - From: Karel Goderis
- Re: [jetty-users] Encryption of the HTTP protocol (e.g. not its payload)
  - From: Simone Bordet
- Re: [jetty-users] Encryption of the HTTP protocol (e.g. not its payload)
  - From: Karel Goderis
- Re: [jetty-users] Encryption of the HTTP protocol (e.g. not its payload)
  - From: Simone Bordet
- Re: [jetty-users] Encryption of the HTTP protocol (e.g. not its payload)
  - From: Karel Goderis
- Re: [jetty-users] Encryption of the HTTP protocol (e.g. not its payload)
  - From: Simone Bordet
- Re: [jetty-users] Encryption of the HTTP protocol (e.g. not its payload)
  - From: Karel Goderis

Prev by Date: Re: [jetty-users] Encryption of the HTTP protocol (e.g. not its payload)
Next by Date: [jetty-users] Zlib Compression
Previous by thread: Re: [jetty-users] Encryption of the HTTP protocol (e.g. not its payload)
Next by thread: [jetty-users] Zlib Compression
Index(es):
- Date
- Thread

Breadcrumbs