Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  //
  //  ========================================================================
  //  Copyright (c) 1995-2012 Mort Bay Consulting Pty. Ltd.
  //  ------------------------------------------------------------------------
  //  All rights reserved. This program and the accompanying materials
  //  are made available under the terms of the Eclipse Public License v1.0
  //  and Apache License v2.0 which accompanies this distribution.
  //
  //      The Eclipse Public License is available at
 //      http://www.eclipse.org/legal/epl-v10.html
 //
 //      The Apache License v2.0 is available at
 //      http://www.opensource.org/licenses/apache2.0.php
 //
 //  You may elect to redistribute this code under either of these licenses.
 //  ========================================================================
 //
 
 package org.eclipse.jetty.server.ssl;
 
 
 
 
 /* ------------------------------------------------------------ */
SSL Socket Connector. This specialization of SocketConnector is an abstract listener that can be used as the basis for a specific JSSE listener. The original of this class was heavily based on the work from Court Demas, which in turn is based on the work from Forge Research. Since JSSE, this class has evolved significantly from that early work.

Org.apache.xbean.XBean:
element="sslSocketConnector" description="Creates an ssl socket connector"
 
 public class SslSocketConnector extends SocketConnector  implements SslConnector
 {
     private static final Logger LOG = Log.getLogger(SslSocketConnector.class);
 
     private final SslContextFactory _sslContextFactory;
     private int _handshakeTimeout = 0; //0 means use maxIdleTime
 
     /* ------------------------------------------------------------ */
    
Constructor.
 
     public SslSocketConnector()
     {
         setSoLingerTime(30000);
     }
 
     /* ------------------------------------------------------------ */
     public SslSocketConnector(SslContextFactory sslContextFactory)
     {
          = sslContextFactory;
     }
 
     /* ------------------------------------------------------------ */
    

Returns:
True if SSL re-negotiation is allowed (default false)
 
     public boolean isAllowRenegotiate()
     {
         return .isAllowRenegotiate();
     }
 
     /* ------------------------------------------------------------ */
    
Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered a vulnerability in SSL/TLS with re-negotiation. If your JVM does not have CVE-2009-3555 fixed, then re-negotiation should not be allowed.

Parameters:
allowRenegotiate true if re-negotiation is allowed (default false)
 
     public void setAllowRenegotiate(boolean allowRenegotiate)
     {
        .setAllowRenegotiate(allowRenegotiate);
    }
    /* ------------------------------------------------------------ */
    @Override
    public void accept(int acceptorID)
        throws IOExceptionInterruptedException
    {
        Socket socket = .accept();
        configure(socket);
        ConnectorEndPoint connection=new SslConnectorEndPoint(socket);
        connection.dispatch();
    }
    /* ------------------------------------------------------------ */
    @Override
    protected void configure(Socket socket)
        throws IOException
    {
        super.configure(socket);
    }
    /* ------------------------------------------------------------ */
    
Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:
  • an attribute named "javax.servlet.request.ssl_id" of type String (since Spec 3.0).
  • an attribute named "javax.servlet.request.cipher_suite" of type String.
  • an attribute named "javax.servlet.request.key_size" of type Integer.
  • an attribute named "javax.servlet.request.X509Certificate" of type java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate, the order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on.

Parameters:
endpoint The Socket the request arrived on. This should be a org.eclipse.jetty.io.bio.SocketEndPoint wrapping a javax.net.ssl.SSLSocket.
request HttpRequest to be customised.
    @Override
    public void customize(EndPoint endpointRequest request)
        throws IOException
    {
        super.customize(endpointrequest);
        request.setScheme(.);
        SocketEndPoint socket_end_point = (SocketEndPoint)endpoint;
        SSLSocket sslSocket = (SSLSocket)socket_end_point.getTransport();
        SSLSession sslSession = sslSocket.getSession();
        SslCertificates.customize(sslSession,endpoint,request);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public String[] getExcludeCipherSuites() {
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public String[] getIncludeCipherSuites()
    {
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getKeystore()
    @Deprecated
    public String getKeystore()
    {
        return .getKeyStorePath();
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getKeystoreType()
    @Deprecated
    public String getKeystoreType()
    {
        return .getKeyStoreType();
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getNeedClientAuth()
    @Deprecated
    public boolean getNeedClientAuth()
    {
        return .getNeedClientAuth();
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getProtocol()
    @Deprecated
    public String getProtocol()
    {
        return .getProtocol();
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getProvider()
    @Deprecated
    public String getProvider() {
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    {
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    {
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    {
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getTruststore()
    @Deprecated
    public String getTruststore()
    {
        return .getTrustStore();
    }
    /* ------------------------------------------------------------ */
    
//    @Override
    {
        return ;
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getTruststoreType()
    @Deprecated
    public String getTruststoreType()
    {
        return .getTrustStoreType();
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
See also:
SslConnector.getWantClientAuth()
    @Deprecated
    public boolean getWantClientAuth()
    {
        return .getWantClientAuth();
    }
    /* ------------------------------------------------------------ */
    
By default, we're confidential, given we speak SSL. But, if we've been told about an confidential port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.
    @Override
    public boolean isConfidential(Request request)
    {
        final int confidentialPort = getConfidentialPort();
        return confidentialPort == 0 || confidentialPort == request.getServerPort();
    }
    /* ------------------------------------------------------------ */
    
By default, we're integral, given we speak SSL. But, if we've been told about an integral port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.
    @Override
    public boolean isIntegral(Request request)
    {
        final int integralPort = getIntegralPort();
        return integralPort == 0 || integralPort == request.getServerPort();
    }
    /* ------------------------------------------------------------ */
    @Override
    public void open() throws IOException
    {
        try
        {
            .start();
        }
        catch(Exception e)
        {
            throw new RuntimeIOException(e);
        }
        super.open();
    }
    /* ------------------------------------------------------------ */
    
    @Override
    protected void doStart() throws Exception
    {
        .start();
        super.doStart();
    }
    /* ------------------------------------------------------------ */
    
    @Override
    protected void doStop() throws Exception
    {
        .stop();
        super.doStop();
    }
    /* ------------------------------------------------------------ */
    

Parameters:
host The host name that this server should listen on
port the port that this server should listen on
backlog See java.net.ServerSocket.bind(java.net.SocketAddress,int)
Returns:
A new socket object bound to the supplied address with all other settings as per the current configuration of this connector.
Throws:
java.io.IOException
See also:
setWantClientAuth(boolean)
setNeedClientAuth(boolean)
    @Override
    protected ServerSocket newServerSocket(String hostint port,int backlogthrows IOException
    {
       return .newSslServerSocket(host,port,backlog);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setExcludeCipherSuites(String[] cipherSuites)
    {
        .setExcludeCipherSuites(cipherSuites);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setIncludeCipherSuites(String[] cipherSuites)
    {
        .setIncludeCipherSuites(cipherSuites);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setKeyPassword(String password)
    {
        .setKeyManagerPassword(password);
    }
    /* ------------------------------------------------------------ */
    

Deprecated:
Parameters:
keystore The resource path to the keystore, or null for built in keystores.
    @Deprecated
    public void setKeystore(String keystore)
    {
        .setKeyStorePath(keystore);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setKeystoreType(String keystoreType)
    {
        .setKeyStoreType(keystoreType);
    }
    /* ------------------------------------------------------------ */
    
Set the value of the needClientAuth property

Deprecated:
Parameters:
needClientAuth true iff we require client certificate authentication.
    @Deprecated
    public void setNeedClientAuth(boolean needClientAuth)
    {
        .setNeedClientAuth(needClientAuth);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setPassword(String password)
    {
        .setKeyStorePassword(password);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setTrustPassword(String password)
    {
        .setTrustStorePassword(password);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setProtocol(String protocol)
    {
        .setProtocol(protocol);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setProvider(String provider) {
        .setProvider(provider);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setSecureRandomAlgorithm(String algorithm)
    {
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setSslKeyManagerFactoryAlgorithm(String algorithm)
    {
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setSslTrustManagerFactoryAlgorithm(String algorithm)
    {
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setTruststore(String truststore)
    {
        .setTrustStore(truststore);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setTruststoreType(String truststoreType)
    {
        .setTrustStoreType(truststoreType);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public void setSslContext(SSLContext sslContext)
    {
        .setSslContext(sslContext);
    }
    /* ------------------------------------------------------------ */
    
    @Deprecated
    public SSLContext getSslContext()
    {
        return .getSslContext();
    }
    /* ------------------------------------------------------------ */
    
Set the value of the _wantClientAuth property. This property is used internally when opening server sockets.

Deprecated:
Parameters:
wantClientAuth true if we want client certificate authentication.
See also:
javax.net.ssl.SSLServerSocket.setWantClientAuth(boolean)
    @Deprecated
    public void setWantClientAuth(boolean wantClientAuth)
    {
        .setWantClientAuth(wantClientAuth);
    }
    /* ------------------------------------------------------------ */
    
Set the time in milliseconds for so_timeout during ssl handshaking

Parameters:
msec a non-zero value will be used to set so_timeout during ssl handshakes. A zero value means the maxIdleTime is used instead.
    public void setHandshakeTimeout (int msec)
    {
         = msec;
    }
    /* ------------------------------------------------------------ */
    public int getHandshakeTimeout ()
    {
        return ;
    }
    /* ------------------------------------------------------------ */
    public class SslConnectorEndPoint extends ConnectorEndPoint
    {
        public SslConnectorEndPoint(Socket socketthrows IOException
        {
            super(socket);
        }
        @Override
        public void shutdownOutput() throws IOException
        {
            close();
        }
        @Override
        public void shutdownInput() throws IOException
        {
            close();
        }
        @Override
        public void run()
        {
            try
            {
                int handshakeTimeout = getHandshakeTimeout();
                int oldTimeout = .getSoTimeout();
                if (handshakeTimeout > 0)
                    .setSoTimeout(handshakeTimeout);
                final SSLSocket ssl=(SSLSocket);
                ssl.addHandshakeCompletedListener(new HandshakeCompletedListener()
                {
                    boolean handshook=false;
                    public void handshakeCompleted(HandshakeCompletedEvent event)
                    {
                        if ()
                        {
                            if (!.isAllowRenegotiate())
                            {
                                .warn("SSL renegotiate denied: "+ssl);
                                try{ssl.close();}catch(IOException e){.warn(e);}
                            }
                        }
                        else
                            =true;
                    }
                });
                ssl.startHandshake();
                if (handshakeTimeout>0)
                    .setSoTimeout(oldTimeout);
                super.run();
            }
            catch (SSLException e)
            {
                .debug(e);
                try{close();}
                catch(IOException e2){.ignore(e2);}
            }
            catch (IOException e)
            {
                .debug(e);
                try{close();}
                catch(IOException e2){.ignore(e2);}
            }
        }
    }
    /* ------------------------------------------------------------ */
    
Unsupported. TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)

Deprecated:
    @Deprecated
    public String getAlgorithm()
    {
        throw new UnsupportedOperationException();
    }
    /* ------------------------------------------------------------ */
    
Unsupported. TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)

Deprecated:
    @Deprecated
    public void setAlgorithm(String algorithm)
    {
        throw new UnsupportedOperationException();
    }
New to GrepCode? Check out our FAQ X