Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  //
  //  ========================================================================
  //  Copyright (c) 1995-2012 Mort Bay Consulting Pty. Ltd.
  //  ------------------------------------------------------------------------
  //  All rights reserved. This program and the accompanying materials
  //  are made available under the terms of the Eclipse Public License v1.0
  //  and Apache License v2.0 which accompanies this distribution.
  //
  //      The Eclipse Public License is available at
 //      http://www.eclipse.org/legal/epl-v10.html
 //
 //      The Apache License v2.0 is available at
 //      http://www.opensource.org/licenses/apache2.0.php
 //
 //  You may elect to redistribute this code under either of these licenses.
 //  ========================================================================
 //
 
 package org.eclipse.jetty.server.ssl;
 
 
 
 
 /* ------------------------------------------------------------ */
SslSelectChannelConnector.

Org.apache.xbean.XBean:
element="sslConnector" description="Creates an NIO ssl connector"
 
 public class SslSelectChannelConnector extends SelectChannelConnector implements SslConnector
 {
     private final SslContextFactory _sslContextFactory;
     private Buffers _sslBuffers;
 
     /* ------------------------------------------------------------ */
     public SslSelectChannelConnector()
     {
         setSoLingerTime(30000);
     }
 
     /* ------------------------------------------------------------ */
    
Construct with explicit SslContextFactory. The SslContextFactory passed is added via org.eclipse.jetty.util.component.AggregateLifeCycle.addBean(java.lang.Object) so that it's lifecycle may be managed with org.eclipse.jetty.util.component.AggregateLifeCycle.

Parameters:
sslContextFactory
 
     public SslSelectChannelConnector(SslContextFactory sslContextFactory)
     {
          = sslContextFactory;
         addBean();
         setUseDirectBuffers(false);
         setSoLingerTime(30000);
     }
 
     /* ------------------------------------------------------------ */
    
Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:
  • an attribute named "javax.servlet.request.ssl_session_id" of type String (since Servlet Spec 3.0).
  • an attribute named "javax.servlet.request.cipher_suite" of type String.
  • an attribute named "javax.servlet.request.key_size" of type Integer.
  • an attribute named "javax.servlet.request.X509Certificate" of type java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate, the order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on.

Parameters:
endpoint The Socket the request arrived on. This should be a org.eclipse.jetty.io.bio.SocketEndPoint wrapping a javax.net.ssl.SSLSocket.
request HttpRequest to be customised.
    @Override
    public void customize(EndPoint endpointRequest requestthrows IOException
    {
        request.setScheme(.);
        super.customize(endpoint,request);
        SslConnection.SslEndPoint sslEndpoint=(SslConnection.SslEndPoint)endpoint;
        SSLEngine sslEngine=sslEndpoint.getSslEngine();
        SSLSession sslSession=sslEngine.getSession();
        SslCertificates.customize(sslSession,endpoint,request);
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
Returns:
True if SSL re-negotiation is allowed (default false)
    @Deprecated
    public boolean isAllowRenegotiate()
    {
        return .isAllowRenegotiate();
    }
    /* ------------------------------------------------------------ */
    
Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered a vulnerability in SSL/TLS with re-negotiation. If your JVM does not have CVE-2009-3555 fixed, then re-negotiation should not be allowed. CVE-2009-3555 was fixed in Sun java 1.6 with a ban of renegotiate in u19 and with RFC5746 in u22.

Deprecated:
Parameters:
allowRenegotiate true if re-negotiation is allowed (default false)
    @Deprecated
    public void setAllowRenegotiate(boolean allowRenegotiate)
    {
        .setAllowRenegotiate(allowRenegotiate);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public String[] getExcludeCipherSuites()
    {
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setExcludeCipherSuites(String[] cipherSuites)
    {
        .setExcludeCipherSuites(cipherSuites);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public String[] getIncludeCipherSuites()
    {
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setIncludeCipherSuites(String[] cipherSuites)
    {
        .setIncludeCipherSuites(cipherSuites);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setPassword(String password)
    {
        .setKeyStorePassword(password);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setTrustPassword(String password)
    {
        .setTrustStorePassword(password);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setKeyPassword(String password)
    {
        .setKeyManagerPassword(password);
    }
    /* ------------------------------------------------------------ */
    
Unsupported. TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)

Deprecated:
    @Deprecated
    public String getAlgorithm()
    {
        throw new UnsupportedOperationException();
    }
    /* ------------------------------------------------------------ */
    
Unsupported. TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)

Deprecated:
    @Deprecated
    public void setAlgorithm(String algorithm)
    {
        throw new UnsupportedOperationException();
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getProtocol()
    @Deprecated
    public String getProtocol()
    {
        return .getProtocol();
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setProtocol(String protocol)
    {
        .setProtocol(protocol);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setKeystore(String keystore)
    {
        .setKeyStorePath(keystore);
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getKeystore()
    @Deprecated
    public String getKeystore()
    {
        return .getKeyStorePath();
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getKeystoreType()
    @Deprecated
    public String getKeystoreType()
    {
        return .getKeyStoreType();
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getNeedClientAuth()
    @Deprecated
    public boolean getNeedClientAuth()
    {
        return .getNeedClientAuth();
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getWantClientAuth()
    @Deprecated
    public boolean getWantClientAuth()
    {
        return .getWantClientAuth();
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setNeedClientAuth(boolean needClientAuth)
    {
        .setNeedClientAuth(needClientAuth);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setWantClientAuth(boolean wantClientAuth)
    {
        .setWantClientAuth(wantClientAuth);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setKeystoreType(String keystoreType)
    {
        .setKeyStoreType(keystoreType);
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getProvider()
    @Deprecated
    public String getProvider()
    {
        return .getProvider();
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    {
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    {
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    {
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getTruststore()
    @Deprecated
    public String getTruststore()
    {
        return .getTrustStore();
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getTruststoreType()
    @Deprecated
    public String getTruststoreType()
    {
        return .getTrustStoreType();
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setProvider(String provider)
    {
        .setProvider(provider);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setSecureRandomAlgorithm(String algorithm)
    {
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setSslKeyManagerFactoryAlgorithm(String algorithm)
    {
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setSslTrustManagerFactoryAlgorithm(String algorithm)
    {
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setTruststore(String truststore)
    {
        .setTrustStore(truststore);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setTruststoreType(String truststoreType)
    {
        .setTrustStoreType(truststoreType);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setSslContext(SSLContext sslContext)
    {
        .setSslContext(sslContext);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public SSLContext getSslContext()
    {
        return .getSslContext();
    }
    /* ------------------------------------------------------------ */
    
    {
        return ;
    }
    /* ------------------------------------------------------------ */
    
By default, we're confidential, given we speak SSL. But, if we've been told about an confidential port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.
    @Override
    public boolean isConfidential(Request request)
    {
        final int confidentialPort=getConfidentialPort();
        return confidentialPort==0||confidentialPort==request.getServerPort();
    }
    /* ------------------------------------------------------------ */
    
By default, we're integral, given we speak SSL. But, if we've been told about an integral port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.
    @Override
    public boolean isIntegral(Request request)
    {
        final int integralPort=getIntegralPort();
        return integralPort==0||integralPort==request.getServerPort();
    }
    /* ------------------------------------------------------------------------------- */
    @Override
    protected AsyncConnection newConnection(SocketChannel channelAsyncEndPoint endpoint)
    {
        try
        {
            SSLEngine engine = createSSLEngine(channel);
            SslConnection connection = newSslConnection(endpointengine);
            AsyncConnection delegate = newPlainConnection(channelconnection.getSslEndPoint());
            connection.getSslEndPoint().setConnection(delegate);
            connection.setAllowRenegotiate(.isAllowRenegotiate());
            return connection;
        }
        catch (IOException e)
        {
            throw new RuntimeIOException(e);
        }
    }
    protected AsyncConnection newPlainConnection(SocketChannel channelAsyncEndPoint endPoint)
    {
        return super.newConnection(channelendPoint);
    }
    protected SslConnection newSslConnection(AsyncEndPoint endpointSSLEngine engine)
    {
        return new SslConnection(engineendpoint);
    }
    /* ------------------------------------------------------------ */
    

Parameters:
channel A channel which if passed is used as to extract remote host and port for the purposes of SSL session caching
Returns:
A SSLEngine for a new or cached SSL Session
Throws:
java.io.IOException if the SSLEngine cannot be created
    protected SSLEngine createSSLEngine(SocketChannel channelthrows IOException
    {
        SSLEngine engine;
        if (channel != null)
        {
            String peerHost = channel.socket().getInetAddress().getHostAddress();
            int peerPort = channel.socket().getPort();
            engine = .newSslEngine(peerHostpeerPort);
        }
        else
        {
            engine = .newSslEngine();
        }
        engine.setUseClientMode(false);
        return engine;
    }
    /* ------------------------------------------------------------ */
    
    @Override
    protected void doStart() throws Exception
    {
        .start();
        SSLEngine sslEngine = .newSslEngine();
        sslEngine.setUseClientMode(false);
        SSLSession sslSession = sslEngine.getSession();
         = BuffersFactory.newBuffers(
                getUseDirectBuffers()?.:.,sslSession.getApplicationBufferSize(),
                getUseDirectBuffers()?.:.,sslSession.getApplicationBufferSize(),
                getUseDirectBuffers()?.:.,getMaxBuffers()
        );
        if (getRequestHeaderSize()<sslSession.getApplicationBufferSize())
            setRequestHeaderSize(sslSession.getApplicationBufferSize());
        if (getRequestBufferSize()<sslSession.getApplicationBufferSize())
            setRequestBufferSize(sslSession.getApplicationBufferSize());
        super.doStart();
    }
    /* ------------------------------------------------------------ */
    
    @Override
    protected void doStop() throws Exception
    {
        =null;
        super.doStop();
    }
    /* ------------------------------------------------------------ */
    

Returns:
SSL buffers
    public Buffers getSslBuffers()
    {
        return ;
    }
New to GrepCode? Check out our FAQ X