Mercurial Hosting > luan

comparison src/org/eclipse/jetty/server/ssl/SslCertificates.java @ 872:1c0b6841cd32

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
remove SocketEndPoint
author Franklin Schmidt <fschmidt@gmail.com>
date Mon, 03 Oct 2016 19:55:41 -0600
parents 8e9db0bbf4f9
children 4dc1e1a18661
comparison
equal deleted inserted replaced
871:260f538f8fa7 872:1c0b6841cd32
26 import javax.net.ssl.SSLSession; 26 import javax.net.ssl.SSLSession;
27 import javax.net.ssl.SSLSocket; 27 import javax.net.ssl.SSLSocket;
28 28
29 import org.eclipse.jetty.http.HttpSchemes; 29 import org.eclipse.jetty.http.HttpSchemes;
30 import org.eclipse.jetty.io.EndPoint; 30 import org.eclipse.jetty.io.EndPoint;
31 import org.eclipse.jetty.io.bio.SocketEndPoint;
32 import org.eclipse.jetty.server.Request; 31 import org.eclipse.jetty.server.Request;
33 import org.eclipse.jetty.util.TypeUtil; 32 import org.eclipse.jetty.util.TypeUtil;
34 import org.slf4j.Logger; 33 import org.slf4j.Logger;
35 import org.slf4j.LoggerFactory; 34 import org.slf4j.LoggerFactory;
36 35
37 public class SslCertificates 36 public class SslCertificates
38 { 37 {
39 private static final Logger LOG = LoggerFactory.getLogger(SslCertificates.class); 38 private static final Logger LOG = LoggerFactory.getLogger(SslCertificates.class);
40 39
41 /** 40 /**
42 * The name of the SSLSession attribute that will contain any cached information. 41 * The name of the SSLSession attribute that will contain any cached information.
43 */ 42 */
44 static final String CACHED_INFO_ATTR = CachedInfo.class.getName(); 43 static final String CACHED_INFO_ATTR = CachedInfo.class.getName();
45 44
46 public static X509Certificate[] getCertChain(SSLSession sslSession) 45 public static X509Certificate[] getCertChain(SSLSession sslSession)
47 { 46 {
48 try 47 try
49 { 48 {
50 javax.security.cert.X509Certificate javaxCerts[]=sslSession.getPeerCertificateChain(); 49 javax.security.cert.X509Certificate javaxCerts[]=sslSession.getPeerCertificateChain();
51 if (javaxCerts==null||javaxCerts.length==0) 50 if (javaxCerts==null||javaxCerts.length==0)
52 return null; 51 return null;
53 52
54 int length=javaxCerts.length; 53 int length=javaxCerts.length;
55 X509Certificate[] javaCerts=new X509Certificate[length]; 54 X509Certificate[] javaCerts=new X509Certificate[length];
56 55
57 java.security.cert.CertificateFactory cf=java.security.cert.CertificateFactory.getInstance("X.509"); 56 java.security.cert.CertificateFactory cf=java.security.cert.CertificateFactory.getInstance("X.509");
58 for (int i=0; i<length; i++) 57 for (int i=0; i<length; i++)
59 { 58 {
60 byte bytes[]=javaxCerts[i].getEncoded(); 59 byte bytes[]=javaxCerts[i].getEncoded();
61 ByteArrayInputStream stream=new ByteArrayInputStream(bytes); 60 ByteArrayInputStream stream=new ByteArrayInputStream(bytes);
62 javaCerts[i]=(X509Certificate)cf.generateCertificate(stream); 61 javaCerts[i]=(X509Certificate)cf.generateCertificate(stream);
63 } 62 }
64 63
65 return javaCerts; 64 return javaCerts;
66 } 65 }
67 catch (SSLPeerUnverifiedException pue) 66 catch (SSLPeerUnverifiedException pue)
68 { 67 {
69 return null; 68 return null;
70 } 69 }
71 catch (Exception e) 70 catch (Exception e)
72 { 71 {
73 LOG.warn("EXCEPTION",e); 72 LOG.warn("EXCEPTION",e);
74 return null; 73 return null;
75 } 74 }
76 } 75 }
77 76
78 77
79 /* ------------------------------------------------------------ */ 78 /* ------------------------------------------------------------ */
80 /** 79 /**
81 * Allow the Listener a chance to customise the request. before the server 80 * Allow the Listener a chance to customise the request. before the server
82 * does its stuff. <br> 81 * does its stuff. <br>
83 * This allows the required attributes to be set for SSL requests. <br> 82 * This allows the required attributes to be set for SSL requests. <br>
84 * The requirements of the Servlet specs are: 83 * The requirements of the Servlet specs are:
85 * <ul> 84 * <ul>
86 * <li> an attribute named "javax.servlet.request.ssl_session_id" of type 85 * <li> an attribute named "javax.servlet.request.ssl_session_id" of type
87 * String (since Servlet Spec 3.0).</li> 86 * String (since Servlet Spec 3.0).</li>
88 * <li> an attribute named "javax.servlet.request.cipher_suite" of type 87 * <li> an attribute named "javax.servlet.request.cipher_suite" of type
89 * String.</li> 88 * String.</li>
90 * <li> an attribute named "javax.servlet.request.key_size" of type Integer.</li> 89 * <li> an attribute named "javax.servlet.request.key_size" of type Integer.</li>
91 * <li> an attribute named "javax.servlet.request.X509Certificate" of type 90 * <li> an attribute named "javax.servlet.request.X509Certificate" of type
92 * java.security.cert.X509Certificate[]. This is an array of objects of type 91 * java.security.cert.X509Certificate[]. This is an array of objects of type
93 * X509Certificate, the order of this array is defined as being in ascending 92 * X509Certificate, the order of this array is defined as being in ascending
94 * order of trust. The first certificate in the chain is the one set by the 93 * order of trust. The first certificate in the chain is the one set by the
95 * client, the next is the one used to authenticate the first, and so on. 94 * client, the next is the one used to authenticate the first, and so on.
96 * </li> 95 * </li>
97 * </ul> 96 * </ul>
98 * 97 *
99 * @param endpoint 98 * @param endpoint
100 * The Socket the request arrived on. This should be a 99 * The Socket the request arrived on.
101 * {@link SocketEndPoint} wrapping a {@link SSLSocket}. 100 * @param request
102 * @param request 101 * HttpRequest to be customised.
103 * HttpRequest to be customised. 102 */
104 */ 103 public static void customize(SSLSession sslSession, EndPoint endpoint, Request request) throws IOException
105 public static void customize(SSLSession sslSession, EndPoint endpoint, Request request) throws IOException 104 {
106 { 105 request.setScheme(HttpSchemes.HTTPS);
107 request.setScheme(HttpSchemes.HTTPS);
108 106
109 try 107 try
110 { 108 {
111 String cipherSuite=sslSession.getCipherSuite(); 109 String cipherSuite=sslSession.getCipherSuite();
112 Integer keySize; 110 Integer keySize;
113 X509Certificate[] certs; 111 X509Certificate[] certs;
114 String idStr; 112 String idStr;
115 113
116 CachedInfo cachedInfo=(CachedInfo)sslSession.getValue(CACHED_INFO_ATTR); 114 CachedInfo cachedInfo=(CachedInfo)sslSession.getValue(CACHED_INFO_ATTR);
117 if (cachedInfo!=null) 115 if (cachedInfo!=null)
118 { 116 {
119 keySize=cachedInfo.getKeySize(); 117 keySize=cachedInfo.getKeySize();
120 certs=cachedInfo.getCerts(); 118 certs=cachedInfo.getCerts();
121 idStr=cachedInfo.getIdStr(); 119 idStr=cachedInfo.getIdStr();
122 } 120 }
123 else 121 else
124 { 122 {
125 keySize=new Integer(ServletSSL.deduceKeyLength(cipherSuite)); 123 keySize=new Integer(ServletSSL.deduceKeyLength(cipherSuite));
126 certs=SslCertificates.getCertChain(sslSession); 124 certs=SslCertificates.getCertChain(sslSession);
127 byte[] bytes = sslSession.getId(); 125 byte[] bytes = sslSession.getId();
128 idStr = TypeUtil.toHexString(bytes); 126 idStr = TypeUtil.toHexString(bytes);
129 cachedInfo=new CachedInfo(keySize,certs,idStr); 127 cachedInfo=new CachedInfo(keySize,certs,idStr);
130 sslSession.putValue(CACHED_INFO_ATTR,cachedInfo); 128 sslSession.putValue(CACHED_INFO_ATTR,cachedInfo);
131 } 129 }
132 130
133 if (certs!=null) 131 if (certs!=null)
134 request.setAttribute("javax.servlet.request.X509Certificate",certs); 132 request.setAttribute("javax.servlet.request.X509Certificate",certs);
135 133
136 request.setAttribute("javax.servlet.request.cipher_suite",cipherSuite); 134 request.setAttribute("javax.servlet.request.cipher_suite",cipherSuite);
137 request.setAttribute("javax.servlet.request.key_size",keySize); 135 request.setAttribute("javax.servlet.request.key_size",keySize);
138 request.setAttribute("javax.servlet.request.ssl_session_id", idStr); 136 request.setAttribute("javax.servlet.request.ssl_session_id", idStr);
139 } 137 }
140 catch (Exception e) 138 catch (Exception e)
141 { 139 {
142 LOG.warn("EXCEPTION",e); 140 LOG.warn("EXCEPTION",e);
143 } 141 }
144 } 142 }
145 143
146 /* ------------------------------------------------------------ */ 144 /* ------------------------------------------------------------ */
147 /* ------------------------------------------------------------ */ 145 /* ------------------------------------------------------------ */
148 /* ------------------------------------------------------------ */ 146 /* ------------------------------------------------------------ */
149 /** 147 /**
150 * Simple bundle of information that is cached in the SSLSession. Stores the 148 * Simple bundle of information that is cached in the SSLSession. Stores the
151 * effective keySize and the client certificate chain. 149 * effective keySize and the client certificate chain.
152 */ 150 */
153 private static class CachedInfo 151 private static class CachedInfo
154 { 152 {
155 private final X509Certificate[] _certs; 153 private final X509Certificate[] _certs;
156 private final Integer _keySize; 154 private final Integer _keySize;
157 private final String _idStr; 155 private final String _idStr;
158 156
159 CachedInfo(Integer keySize, X509Certificate[] certs,String idStr) 157 CachedInfo(Integer keySize, X509Certificate[] certs,String idStr)
160 { 158 {
161 this._keySize=keySize; 159 this._keySize=keySize;
162 this._certs=certs; 160 this._certs=certs;
163 this._idStr=idStr; 161 this._idStr=idStr;
164 } 162 }
165 163
166 X509Certificate[] getCerts() 164 X509Certificate[] getCerts()
167 { 165 {
168 return _certs; 166 return _certs;
169 } 167 }
170 168
171 Integer getKeySize() 169 Integer getKeySize()
172 { 170 {
173 return _keySize; 171 return _keySize;
174 } 172 }
175 173
176 String getIdStr() 174 String getIdStr()
177 { 175 {
178 return _idStr; 176 return _idStr;
179 } 177 }
180 } 178 }
181 179
182 } 180 }