org.mortbay.jetty.security
Class SslSocketConnector

java.lang.Object
  extended byorg.mortbay.component.AbstractLifeCycle
      extended byorg.mortbay.jetty.AbstractConnector
          extended byorg.mortbay.jetty.bio.SocketConnector
              extended byorg.mortbay.jetty.security.SslSocketConnector
All Implemented Interfaces:
Buffers, Connector, LifeCycle

public class SslSocketConnector
extends SocketConnector

JSSE Socket Listener. This specialization of HttpListener is an abstract listener that can be used as the basis for a specific JSSE listener. This is heavily based on the work from Court Demas, which in turn is based on the work from Forge Research.

Author:
Greg Wilkins (gregw@mortbay.com), Court Demas (court@kiwiconsulting.com), Forge Research Pty Ltd ACN 003 491 576, Jan Hlavat�

Nested Class Summary
 
Nested classes inherited from class org.mortbay.jetty.bio.SocketConnector
SocketConnector.Connection
 
Field Summary
static String KEYPASSWORD_PROPERTY
          String name of key password property.
static String PASSWORD_PROPERTY
          String name of keystore password property.
 
Fields inherited from class org.mortbay.jetty.bio.SocketConnector
_connections, _serverSocket
 
Fields inherited from class org.mortbay.jetty.AbstractConnector
_lowResourceMaxIdleTime, _maxIdleTime, _soLingerTime
 
Constructor Summary
SslSocketConnector()
          Constructor.
 
Method Summary
protected  void configure(Socket socket)
           
protected  SSLServerSocketFactory createFactory()
           
 void customize(EndPoint endpoint, Request request)
          Allow the Listener a chance to customise the request.
 String[] getExcludeCipherSuites()
           
 String getKeystore()
           
 String getKeystoreType()
           
 boolean getNeedClientAuth()
           
 String getProtocol()
           
 String getProvider()
           
 String getSecureRandomAlgorithm()
           
 String getSslKeyManagerFactoryAlgorithm()
           
 String getSslTrustManagerFactoryAlgorithm()
           
 String getTruststore()
           
 String getTruststoreType()
           
 boolean getWantClientAuth()
           
 boolean isConfidential(Request request)
          By default, we're confidential, given we speak SSL.
 boolean isIntegral(Request request)
          By default, we're integral, given we speak SSL.
protected  ServerSocket newServerSocket(String host, int port, int backlog)
           
 void setExcludeCipherSuites(String[] cipherSuites)
           
 void setKeyPassword(String password)
           
 void setKeystore(String keystore)
           
 void setKeystoreType(String keystoreType)
           
 void setNeedClientAuth(boolean needClientAuth)
          Set the value of the needClientAuth property
 void setPassword(String password)
           
 void setProtocol(String protocol)
           
 void setProvider(String _provider)
           
 void setSecureRandomAlgorithm(String algorithm)
           
 void setSslKeyManagerFactoryAlgorithm(String algorithm)
           
 void setSslTrustManagerFactoryAlgorithm(String algorithm)
           
 void setTrustPassword(String password)
           
 void setTruststore(String truststore)
           
 void setTruststoreType(String truststoreType)
           
 void setWantClientAuth(boolean wantClientAuth)
          Set the value of the _wantClientAuth property.
 
Methods inherited from class org.mortbay.jetty.bio.SocketConnector
accept, close, doStart, doStop, getConnection, getLocalPort, newBuffer, open
 
Methods inherited from class org.mortbay.jetty.AbstractConnector
connectionClosed, connectionOpened, getAcceptors, getAcceptQueueSize, getBuffer, getConfidentialPort, getConfidentialScheme, getConnections, getConnectionsDurationAve, getConnectionsDurationMax, getConnectionsDurationMin, getConnectionsDurationTotal, getConnectionsOpen, getConnectionsOpenMax, getConnectionsOpenMin, getConnectionsRequestsAve, getConnectionsRequestsMax, getConnectionsRequestsMin, getHeaderBufferSize, getHost, getIntegralPort, getIntegralScheme, getLowResourceMaxIdleTime, getMaxIdleTime, getName, getPort, getRequestBufferSize, getRequests, getResolveNames, getResponseBufferSize, getServer, getSoLingerTime, getStatsOn, getStatsOnMs, getThreadPool, join, newContinuation, returnBuffer, setAcceptors, setAcceptQueueSize, setConfidentialPort, setConfidentialScheme, setHeaderBufferSize, setHost, setIntegralPort, setIntegralScheme, setLowResourceMaxIdleTime, setMaxIdleTime, setName, setPort, setRequestBufferSize, setResolveNames, setResponseBufferSize, setServer, setSoLingerTime, setStatsOn, setThreadPool, statsReset, toString
 
Methods inherited from class org.mortbay.component.AbstractLifeCycle
isFailed, isRunning, isStarted, isStarting, isStopping, start, stop
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 
Methods inherited from interface org.mortbay.component.LifeCycle
isFailed, isRunning, isStarted, isStarting, isStopping, start, stop
 

Field Detail

KEYPASSWORD_PROPERTY

public static final String KEYPASSWORD_PROPERTY
String name of key password property.

See Also:
Constant Field Values

PASSWORD_PROPERTY

public static final String PASSWORD_PROPERTY
String name of keystore password property.

See Also:
Constant Field Values
Constructor Detail

SslSocketConnector

public SslSocketConnector()
Constructor.

Method Detail

configure

protected void configure(Socket socket)
                  throws IOException
Overrides:
configure in class AbstractConnector
Throws:
IOException

createFactory

protected SSLServerSocketFactory createFactory()
                                        throws Exception
Throws:
Exception

customize

public void customize(EndPoint endpoint,
                      Request request)
               throws IOException
Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:

Specified by:
customize in interface Connector
Overrides:
customize in class SocketConnector
Parameters:
endpoint - The Socket the request arrived on. This should be a SocketEndPoint wrapping a SSLSocket.
request - HttpRequest to be customised.
Throws:
IOException

getExcludeCipherSuites

public String[] getExcludeCipherSuites()

getKeystore

public String getKeystore()

getKeystoreType

public String getKeystoreType()

getNeedClientAuth

public boolean getNeedClientAuth()

getProtocol

public String getProtocol()

getProvider

public String getProvider()

getSecureRandomAlgorithm

public String getSecureRandomAlgorithm()

getSslKeyManagerFactoryAlgorithm

public String getSslKeyManagerFactoryAlgorithm()

getSslTrustManagerFactoryAlgorithm

public String getSslTrustManagerFactoryAlgorithm()

getTruststore

public String getTruststore()

getTruststoreType

public String getTruststoreType()

getWantClientAuth

public boolean getWantClientAuth()

isConfidential

public boolean isConfidential(Request request)
By default, we're confidential, given we speak SSL. But, if we've been told about an confidential port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

Specified by:
isConfidential in interface Connector
Overrides:
isConfidential in class AbstractConnector

isIntegral

public boolean isIntegral(Request request)
By default, we're integral, given we speak SSL. But, if we've been told about an integral port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

Specified by:
isIntegral in interface Connector
Overrides:
isIntegral in class AbstractConnector

newServerSocket

protected ServerSocket newServerSocket(String host,
                                       int port,
                                       int backlog)
                                throws IOException
Overrides:
newServerSocket in class SocketConnector
Parameters:
backlog - See ServerSocket.bind(java.net.SocketAddress, int)
Returns:
A new socket object bound to the supplied address with all other settings as per the current configuration of this connector.
Throws:
IOException
See Also:
setWantClientAuth(boolean), setNeedClientAuth(boolean), #setCipherSuites

setExcludeCipherSuites

public void setExcludeCipherSuites(String[] cipherSuites)

setKeyPassword

public void setKeyPassword(String password)

setKeystore

public void setKeystore(String keystore)

setKeystoreType

public void setKeystoreType(String keystoreType)

setNeedClientAuth

public void setNeedClientAuth(boolean needClientAuth)
Set the value of the needClientAuth property

Parameters:
needClientAuth - true iff we require client certificate authentication.

setPassword

public void setPassword(String password)

setTrustPassword

public void setTrustPassword(String password)

setProtocol

public void setProtocol(String protocol)

setProvider

public void setProvider(String _provider)

setSecureRandomAlgorithm

public void setSecureRandomAlgorithm(String algorithm)

setSslKeyManagerFactoryAlgorithm

public void setSslKeyManagerFactoryAlgorithm(String algorithm)

setSslTrustManagerFactoryAlgorithm

public void setSslTrustManagerFactoryAlgorithm(String algorithm)

setTruststore

public void setTruststore(String truststore)

setTruststoreType

public void setTruststoreType(String truststoreType)

setWantClientAuth

public void setWantClientAuth(boolean wantClientAuth)
Set the value of the _wantClientAuth property. This property is used when opening server sockets.

Parameters:
wantClientAuth - true iff we want client certificate authentication.
See Also:
SSLServerSocket.setWantClientAuth(boolean)