org.mortbay.jetty.security
Class SslSocketConnector

java.lang.Object
  extended by org.mortbay.component.AbstractLifeCycle
      extended by org.mortbay.jetty.AbstractBuffers
          extended by org.mortbay.jetty.AbstractConnector
              extended by org.mortbay.jetty.bio.SocketConnector
                  extended by org.mortbay.jetty.security.SslSocketConnector
All Implemented Interfaces:
LifeCycle, Buffers, Connector

public class SslSocketConnector
extends SocketConnector

JSSE Socket Listener. This specialization of HttpListener is an abstract listener that can be used as the basis for a specific JSSE listener. This is heavily based on the work from Court Demas, which in turn is based on the work from Forge Research.

Author:
Greg Wilkins (gregw@mortbay.com), Court Demas (court@kiwiconsulting.com), Forge Research Pty Ltd ACN 003 491 576, Jan Hlavat´┐Ż

Nested Class Summary
 class SslSocketConnector.SslConnection
           
 
Nested classes/interfaces inherited from class org.mortbay.jetty.bio.SocketConnector
SocketConnector.Connection
 
Field Summary
static String DEFAULT_KEYSTORE
          Default value for the keystore location path.
static String KEYPASSWORD_PROPERTY
          String name of key password property.
static String PASSWORD_PROPERTY
          String name of keystore password property.
 
Fields inherited from class org.mortbay.jetty.bio.SocketConnector
_connections, _serverSocket
 
Fields inherited from class org.mortbay.jetty.AbstractConnector
_lowResourceMaxIdleTime, _maxIdleTime, _soLingerTime
 
Fields inherited from class org.mortbay.jetty.AbstractBuffers
_loss, BUFFER_LOSS_RATE
 
Constructor Summary
SslSocketConnector()
          Constructor.
 
Method Summary
 void accept(int acceptorID)
           
protected  void configure(Socket socket)
           
protected  SSLServerSocketFactory createFactory()
           
 void customize(EndPoint endpoint, Request request)
          Allow the Listener a chance to customise the request.
 String[] getExcludeCipherSuites()
           
 int getHandshakeTimeout()
           
 String getKeystore()
           
 String getKeystoreType()
           
 boolean getNeedClientAuth()
           
 String getProtocol()
           
 String getProvider()
           
 String getSecureRandomAlgorithm()
           
 String getSslKeyManagerFactoryAlgorithm()
           
 String getSslTrustManagerFactoryAlgorithm()
           
 String getTruststore()
           
 String getTruststoreType()
           
 boolean getWantClientAuth()
           
 boolean isConfidential(Request request)
          By default, we're confidential, given we speak SSL.
 boolean isIntegral(Request request)
          By default, we're integral, given we speak SSL.
protected  ServerSocket newServerSocket(String host, int port, int backlog)
           
 void setExcludeCipherSuites(String[] cipherSuites)
           
 void setHandshakeTimeout(int msec)
          Set the time in milliseconds for so_timeout during ssl handshaking
 void setKeyPassword(String password)
           
 void setKeystore(String keystore)
           
 void setKeystoreType(String keystoreType)
           
 void setNeedClientAuth(boolean needClientAuth)
          Set the value of the needClientAuth property
 void setPassword(String password)
           
 void setProtocol(String protocol)
           
 void setProvider(String _provider)
           
 void setSecureRandomAlgorithm(String algorithm)
           
 void setSslKeyManagerFactoryAlgorithm(String algorithm)
           
 void setSslTrustManagerFactoryAlgorithm(String algorithm)
           
 void setTrustPassword(String password)
           
 void setTruststore(String truststore)
           
 void setTruststoreType(String truststoreType)
           
 void setWantClientAuth(boolean wantClientAuth)
          Set the value of the _wantClientAuth property.
 
Methods inherited from class org.mortbay.jetty.bio.SocketConnector
close, doStart, doStop, getConnection, getLocalPort, newBuffer, newHttpConnection, open
 
Methods inherited from class org.mortbay.jetty.AbstractConnector
connectionClosed, connectionOpened, getAcceptorPriorityOffset, getAcceptors, getAcceptQueueSize, getConfidentialPort, getConfidentialScheme, getConnections, getConnectionsDurationAve, getConnectionsDurationMax, getConnectionsDurationMin, getConnectionsDurationTotal, getConnectionsOpen, getConnectionsOpenMax, getConnectionsOpenMin, getConnectionsRequestsAve, getConnectionsRequestsMax, getConnectionsRequestsMin, getHost, getIntegralPort, getIntegralScheme, getLowResourceMaxIdleTime, getMaxIdleTime, getName, getPort, getRequests, getResolveNames, getServer, getSoLingerTime, getStatsOn, getStatsOnMs, getThreadPool, join, newContinuation, persist, setAcceptorPriorityOffset, setAcceptors, setAcceptQueueSize, setConfidentialPort, setConfidentialScheme, setHost, setIntegralPort, setIntegralScheme, setLowResourceMaxIdleTime, setMaxIdleTime, setName, setPort, setResolveNames, setServer, setSoLingerTime, setStatsOn, setThreadPool, statsReset, stopAccept, toString
 
Methods inherited from class org.mortbay.jetty.AbstractBuffers
getBuffer, getHeaderBufferSize, getRequestBufferSize, getResponseBufferSize, returnBuffer, setHeaderBufferSize, setRequestBufferSize, setResponseBufferSize
 
Methods inherited from class org.mortbay.component.AbstractLifeCycle
isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, start, stop
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 
Methods inherited from interface org.mortbay.jetty.Connector
getHeaderBufferSize, getRequestBufferSize, getResponseBufferSize, setHeaderBufferSize, setRequestBufferSize, setResponseBufferSize
 
Methods inherited from interface org.mortbay.component.LifeCycle
isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, start, stop
 
Methods inherited from interface org.mortbay.io.Buffers
getBuffer, returnBuffer
 

Field Detail

DEFAULT_KEYSTORE

public static final String DEFAULT_KEYSTORE
Default value for the keystore location path.


KEYPASSWORD_PROPERTY

public static final String KEYPASSWORD_PROPERTY
String name of key password property.

See Also:
Constant Field Values

PASSWORD_PROPERTY

public static final String PASSWORD_PROPERTY
String name of keystore password property.

See Also:
Constant Field Values
Constructor Detail

SslSocketConnector

public SslSocketConnector()
Constructor.

Method Detail

accept

public void accept(int acceptorID)
            throws IOException,
                   InterruptedException
Overrides:
accept in class SocketConnector
Throws:
IOException
InterruptedException

configure

protected void configure(Socket socket)
                  throws IOException
Overrides:
configure in class AbstractConnector
Throws:
IOException

createFactory

protected SSLServerSocketFactory createFactory()
                                        throws Exception
Throws:
Exception

customize

public void customize(EndPoint endpoint,
                      Request request)
               throws IOException
Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:

Specified by:
customize in interface Connector
Overrides:
customize in class SocketConnector
Parameters:
endpoint - The Socket the request arrived on. This should be a SocketEndPoint wrapping a SSLSocket.
request - HttpRequest to be customised.
Throws:
IOException

getExcludeCipherSuites

public String[] getExcludeCipherSuites()

getKeystore

public String getKeystore()

getKeystoreType

public String getKeystoreType()

getNeedClientAuth

public boolean getNeedClientAuth()

getProtocol

public String getProtocol()

getProvider

public String getProvider()

getSecureRandomAlgorithm

public String getSecureRandomAlgorithm()

getSslKeyManagerFactoryAlgorithm

public String getSslKeyManagerFactoryAlgorithm()

getSslTrustManagerFactoryAlgorithm

public String getSslTrustManagerFactoryAlgorithm()

getTruststore

public String getTruststore()

getTruststoreType

public String getTruststoreType()

getWantClientAuth

public boolean getWantClientAuth()

isConfidential

public boolean isConfidential(Request request)
By default, we're confidential, given we speak SSL. But, if we've been told about an confidential port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

Specified by:
isConfidential in interface Connector
Overrides:
isConfidential in class AbstractConnector
Parameters:
request - A request
Returns:
true if the request is confidential. This normally means the https schema has been used.

isIntegral

public boolean isIntegral(Request request)
By default, we're integral, given we speak SSL. But, if we've been told about an integral port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

Specified by:
isIntegral in interface Connector
Overrides:
isIntegral in class AbstractConnector
Parameters:
request - A request
Returns:
true if the request is integral. This normally means the https schema has been used.

newServerSocket

protected ServerSocket newServerSocket(String host,
                                       int port,
                                       int backlog)
                                throws IOException
Overrides:
newServerSocket in class SocketConnector
Parameters:
addr - The address that this server should listen on
backlog - See ServerSocket.bind(java.net.SocketAddress, int)
Returns:
A new socket object bound to the supplied address with all other settings as per the current configuration of this connector.
Throws:
IOException
See Also:
setWantClientAuth(boolean), setNeedClientAuth(boolean), #setCipherSuites

setExcludeCipherSuites

public void setExcludeCipherSuites(String[] cipherSuites)

setKeyPassword

public void setKeyPassword(String password)

setKeystore

public void setKeystore(String keystore)

setKeystoreType

public void setKeystoreType(String keystoreType)

setNeedClientAuth

public void setNeedClientAuth(boolean needClientAuth)
Set the value of the needClientAuth property

Parameters:
needClientAuth - true iff we require client certificate authentication.

setPassword

public void setPassword(String password)

setTrustPassword

public void setTrustPassword(String password)

setProtocol

public void setProtocol(String protocol)

setProvider

public void setProvider(String _provider)

setSecureRandomAlgorithm

public void setSecureRandomAlgorithm(String algorithm)

setSslKeyManagerFactoryAlgorithm

public void setSslKeyManagerFactoryAlgorithm(String algorithm)

setSslTrustManagerFactoryAlgorithm

public void setSslTrustManagerFactoryAlgorithm(String algorithm)

setTruststore

public void setTruststore(String truststore)

setTruststoreType

public void setTruststoreType(String truststoreType)

setWantClientAuth

public void setWantClientAuth(boolean wantClientAuth)
Set the value of the _wantClientAuth property. This property is used when opening server sockets.

Parameters:
wantClientAuth - true iff we want client certificate authentication.
See Also:
SSLServerSocket.setWantClientAuth(boolean)

setHandshakeTimeout

public void setHandshakeTimeout(int msec)
Set the time in milliseconds for so_timeout during ssl handshaking

Parameters:
msec - a non-zero value will be used to set so_timeout during ssl handshakes. A zero value means the maxIdleTime is used instead.

getHandshakeTimeout

public int getHandshakeTimeout()