Mercurial Hosting > luan
comparison src/org/eclipse/jetty/server/ssl/SslSelectChannelConnector.java @ 872:1c0b6841cd32
remove SocketEndPoint
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Mon, 03 Oct 2016 19:55:41 -0600 |
parents | 3428c60d7cfc |
children | 150092cebf3e |
comparison
equal
deleted
inserted
replaced
871:260f538f8fa7 | 872:1c0b6841cd32 |
---|---|
31 import org.eclipse.jetty.io.Buffers; | 31 import org.eclipse.jetty.io.Buffers; |
32 import org.eclipse.jetty.io.Buffers.Type; | 32 import org.eclipse.jetty.io.Buffers.Type; |
33 import org.eclipse.jetty.io.BuffersFactory; | 33 import org.eclipse.jetty.io.BuffersFactory; |
34 import org.eclipse.jetty.io.EndPoint; | 34 import org.eclipse.jetty.io.EndPoint; |
35 import org.eclipse.jetty.io.RuntimeIOException; | 35 import org.eclipse.jetty.io.RuntimeIOException; |
36 import org.eclipse.jetty.io.bio.SocketEndPoint; | |
37 import org.eclipse.jetty.io.nio.AsyncConnection; | 36 import org.eclipse.jetty.io.nio.AsyncConnection; |
38 import org.eclipse.jetty.io.nio.SslConnection; | 37 import org.eclipse.jetty.io.nio.SslConnection; |
39 import org.eclipse.jetty.server.Request; | 38 import org.eclipse.jetty.server.Request; |
40 import org.eclipse.jetty.server.nio.SelectChannelConnector; | 39 import org.eclipse.jetty.server.nio.SelectChannelConnector; |
41 import org.eclipse.jetty.util.component.AggregateLifeCycle; | 40 import org.eclipse.jetty.util.component.AggregateLifeCycle; |
47 * | 46 * |
48 * @org.apache.xbean.XBean element="sslConnector" description="Creates an NIO ssl connector" | 47 * @org.apache.xbean.XBean element="sslConnector" description="Creates an NIO ssl connector" |
49 */ | 48 */ |
50 public class SslSelectChannelConnector extends SelectChannelConnector implements SslConnector | 49 public class SslSelectChannelConnector extends SelectChannelConnector implements SslConnector |
51 { | 50 { |
52 private final SslContextFactory _sslContextFactory; | 51 private final SslContextFactory _sslContextFactory; |
53 private Buffers _sslBuffers; | 52 private Buffers _sslBuffers; |
54 | 53 |
55 /* ------------------------------------------------------------ */ | 54 /* ------------------------------------------------------------ */ |
56 public SslSelectChannelConnector() | 55 public SslSelectChannelConnector() |
57 { | 56 { |
58 this(new SslContextFactory(SslContextFactory.DEFAULT_KEYSTORE_PATH)); | 57 this(new SslContextFactory(SslContextFactory.DEFAULT_KEYSTORE_PATH)); |
59 setSoLingerTime(30000); | 58 setSoLingerTime(30000); |
60 } | 59 } |
61 | 60 |
62 /* ------------------------------------------------------------ */ | 61 /* ------------------------------------------------------------ */ |
63 /** Construct with explicit SslContextFactory. | 62 /** Construct with explicit SslContextFactory. |
64 * The SslContextFactory passed is added via {@link #addBean(Object)} so that | 63 * The SslContextFactory passed is added via {@link #addBean(Object)} so that |
65 * it's lifecycle may be managed with {@link AggregateLifeCycle}. | 64 * it's lifecycle may be managed with {@link AggregateLifeCycle}. |
66 * @param sslContextFactory | 65 * @param sslContextFactory |
67 */ | 66 */ |
68 public SslSelectChannelConnector(SslContextFactory sslContextFactory) | 67 public SslSelectChannelConnector(SslContextFactory sslContextFactory) |
69 { | 68 { |
70 _sslContextFactory = sslContextFactory; | 69 _sslContextFactory = sslContextFactory; |
71 addBean(_sslContextFactory); | 70 addBean(_sslContextFactory); |
72 setUseDirectBuffers(false); | 71 setUseDirectBuffers(false); |
73 setSoLingerTime(30000); | 72 setSoLingerTime(30000); |
74 } | 73 } |
75 | 74 |
76 /* ------------------------------------------------------------ */ | 75 /* ------------------------------------------------------------ */ |
77 /** | 76 /** |
78 * Allow the Listener a chance to customise the request. before the server | 77 * Allow the Listener a chance to customise the request. before the server |
79 * does its stuff. <br> | 78 * does its stuff. <br> |
80 * This allows the required attributes to be set for SSL requests. <br> | 79 * This allows the required attributes to be set for SSL requests. <br> |
81 * The requirements of the Servlet specs are: | 80 * The requirements of the Servlet specs are: |
82 * <ul> | 81 * <ul> |
83 * <li> an attribute named "javax.servlet.request.ssl_session_id" of type | 82 * <li> an attribute named "javax.servlet.request.ssl_session_id" of type |
84 * String (since Servlet Spec 3.0).</li> | 83 * String (since Servlet Spec 3.0).</li> |
85 * <li> an attribute named "javax.servlet.request.cipher_suite" of type | 84 * <li> an attribute named "javax.servlet.request.cipher_suite" of type |
86 * String.</li> | 85 * String.</li> |
87 * <li> an attribute named "javax.servlet.request.key_size" of type Integer.</li> | 86 * <li> an attribute named "javax.servlet.request.key_size" of type Integer.</li> |
88 * <li> an attribute named "javax.servlet.request.X509Certificate" of type | 87 * <li> an attribute named "javax.servlet.request.X509Certificate" of type |
89 * java.security.cert.X509Certificate[]. This is an array of objects of type | 88 * java.security.cert.X509Certificate[]. This is an array of objects of type |
90 * X509Certificate, the order of this array is defined as being in ascending | 89 * X509Certificate, the order of this array is defined as being in ascending |
91 * order of trust. The first certificate in the chain is the one set by the | 90 * order of trust. The first certificate in the chain is the one set by the |
92 * client, the next is the one used to authenticate the first, and so on. | 91 * client, the next is the one used to authenticate the first, and so on. |
93 * </li> | 92 * </li> |
94 * </ul> | 93 * </ul> |
95 * | 94 * |
96 * @param endpoint | 95 * @param endpoint |
97 * The Socket the request arrived on. This should be a | 96 * The Socket the request arrived on. |
98 * {@link SocketEndPoint} wrapping a {@link SSLSocket}. | 97 * @param request |
99 * @param request | 98 * HttpRequest to be customised. |
100 * HttpRequest to be customised. | 99 */ |
101 */ | 100 @Override |
102 @Override | 101 public void customize(EndPoint endpoint, Request request) throws IOException |
103 public void customize(EndPoint endpoint, Request request) throws IOException | 102 { |
104 { | 103 request.setScheme(HttpSchemes.HTTPS); |
105 request.setScheme(HttpSchemes.HTTPS); | 104 super.customize(endpoint,request); |
106 super.customize(endpoint,request); | 105 |
107 | 106 SslConnection.SslEndPoint sslEndpoint=(SslConnection.SslEndPoint)endpoint; |
108 SslConnection.SslEndPoint sslEndpoint=(SslConnection.SslEndPoint)endpoint; | 107 SSLEngine sslEngine=sslEndpoint.getSslEngine(); |
109 SSLEngine sslEngine=sslEndpoint.getSslEngine(); | 108 SSLSession sslSession=sslEngine.getSession(); |
110 SSLSession sslSession=sslEngine.getSession(); | 109 |
111 | 110 SslCertificates.customize(sslSession,endpoint,request); |
112 SslCertificates.customize(sslSession,endpoint,request); | 111 } |
113 } | 112 |
114 | 113 /* ------------------------------------------------------------ */ |
115 /* ------------------------------------------------------------ */ | 114 /** |
116 /** | 115 * @return True if SSL re-negotiation is allowed (default false) |
117 * @return True if SSL re-negotiation is allowed (default false) | 116 * @deprecated |
118 * @deprecated | 117 */ |
119 */ | 118 @Deprecated |
120 @Deprecated | 119 public boolean isAllowRenegotiate() |
121 public boolean isAllowRenegotiate() | 120 { |
122 { | 121 return _sslContextFactory.isAllowRenegotiate(); |
123 return _sslContextFactory.isAllowRenegotiate(); | 122 } |
124 } | 123 |
125 | 124 /* ------------------------------------------------------------ */ |
126 /* ------------------------------------------------------------ */ | 125 /** |
127 /** | 126 * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered |
128 * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered | 127 * a vulnerability in SSL/TLS with re-negotiation. If your JVM |
129 * a vulnerability in SSL/TLS with re-negotiation. If your JVM | 128 * does not have CVE-2009-3555 fixed, then re-negotiation should |
130 * does not have CVE-2009-3555 fixed, then re-negotiation should | 129 * not be allowed. CVE-2009-3555 was fixed in Sun java 1.6 with a ban |
131 * not be allowed. CVE-2009-3555 was fixed in Sun java 1.6 with a ban | 130 * of renegotiate in u19 and with RFC5746 in u22. |
132 * of renegotiate in u19 and with RFC5746 in u22. | 131 * @param allowRenegotiate true if re-negotiation is allowed (default false) |
133 * @param allowRenegotiate true if re-negotiation is allowed (default false) | 132 * @deprecated |
134 * @deprecated | 133 */ |
135 */ | 134 @Deprecated |
136 @Deprecated | 135 public void setAllowRenegotiate(boolean allowRenegotiate) |
137 public void setAllowRenegotiate(boolean allowRenegotiate) | 136 { |
138 { | 137 _sslContextFactory.setAllowRenegotiate(allowRenegotiate); |
139 _sslContextFactory.setAllowRenegotiate(allowRenegotiate); | 138 } |
140 } | 139 |
141 | 140 /* ------------------------------------------------------------ */ |
142 /* ------------------------------------------------------------ */ | 141 /** |
143 /** | 142 * @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites() |
144 * @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites() | 143 * @deprecated |
145 * @deprecated | 144 */ |
146 */ | 145 @Deprecated |
147 @Deprecated | 146 public String[] getExcludeCipherSuites() |
148 public String[] getExcludeCipherSuites() | 147 { |
149 { | 148 return _sslContextFactory.getExcludeCipherSuites(); |
150 return _sslContextFactory.getExcludeCipherSuites(); | 149 } |
151 } | 150 |
152 | 151 /* ------------------------------------------------------------ */ |
153 /* ------------------------------------------------------------ */ | 152 /** |
154 /** | 153 * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[]) |
155 * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[]) | 154 * @deprecated |
156 * @deprecated | 155 */ |
157 */ | 156 @Deprecated |
158 @Deprecated | 157 public void setExcludeCipherSuites(String[] cipherSuites) |
159 public void setExcludeCipherSuites(String[] cipherSuites) | 158 { |
160 { | 159 _sslContextFactory.setExcludeCipherSuites(cipherSuites); |
161 _sslContextFactory.setExcludeCipherSuites(cipherSuites); | 160 } |
162 } | 161 |
163 | 162 /* ------------------------------------------------------------ */ |
164 /* ------------------------------------------------------------ */ | 163 /** |
165 /** | 164 * @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites() |
166 * @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites() | 165 * @deprecated |
167 * @deprecated | 166 */ |
168 */ | 167 @Deprecated |
169 @Deprecated | 168 public String[] getIncludeCipherSuites() |
170 public String[] getIncludeCipherSuites() | 169 { |
171 { | 170 return _sslContextFactory.getIncludeCipherSuites(); |
172 return _sslContextFactory.getIncludeCipherSuites(); | 171 } |
173 } | 172 |
174 | 173 /* ------------------------------------------------------------ */ |
175 /* ------------------------------------------------------------ */ | 174 /** |
176 /** | 175 * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[]) |
177 * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[]) | 176 * @deprecated |
178 * @deprecated | 177 */ |
179 */ | 178 @Deprecated |
180 @Deprecated | 179 public void setIncludeCipherSuites(String[] cipherSuites) |
181 public void setIncludeCipherSuites(String[] cipherSuites) | 180 { |
182 { | 181 _sslContextFactory.setIncludeCipherSuites(cipherSuites); |
183 _sslContextFactory.setIncludeCipherSuites(cipherSuites); | 182 } |
184 } | 183 |
185 | 184 /* ------------------------------------------------------------ */ |
186 /* ------------------------------------------------------------ */ | 185 /** |
187 /** | 186 * @see org.eclipse.jetty.server.ssl.SslConnector#setPassword(java.lang.String) |
188 * @see org.eclipse.jetty.server.ssl.SslConnector#setPassword(java.lang.String) | 187 * @deprecated |
189 * @deprecated | 188 */ |
190 */ | 189 @Deprecated |
191 @Deprecated | 190 public void setPassword(String password) |
192 public void setPassword(String password) | 191 { |
193 { | 192 _sslContextFactory.setKeyStorePassword(password); |
194 _sslContextFactory.setKeyStorePassword(password); | 193 } |
195 } | 194 |
196 | 195 /* ------------------------------------------------------------ */ |
197 /* ------------------------------------------------------------ */ | 196 /** |
198 /** | 197 * @see org.eclipse.jetty.server.ssl.SslConnector#setTrustPassword(java.lang.String) |
199 * @see org.eclipse.jetty.server.ssl.SslConnector#setTrustPassword(java.lang.String) | 198 * @deprecated |
200 * @deprecated | 199 */ |
201 */ | 200 @Deprecated |
202 @Deprecated | 201 public void setTrustPassword(String password) |
203 public void setTrustPassword(String password) | 202 { |
204 { | 203 _sslContextFactory.setTrustStorePassword(password); |
205 _sslContextFactory.setTrustStorePassword(password); | 204 } |
206 } | 205 |
207 | 206 /* ------------------------------------------------------------ */ |
208 /* ------------------------------------------------------------ */ | 207 /** |
209 /** | 208 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeyPassword(java.lang.String) |
210 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeyPassword(java.lang.String) | 209 * @deprecated |
211 * @deprecated | 210 */ |
212 */ | 211 @Deprecated |
213 @Deprecated | 212 public void setKeyPassword(String password) |
214 public void setKeyPassword(String password) | 213 { |
215 { | 214 _sslContextFactory.setKeyManagerPassword(password); |
216 _sslContextFactory.setKeyManagerPassword(password); | 215 } |
217 } | 216 |
218 | 217 /* ------------------------------------------------------------ */ |
219 /* ------------------------------------------------------------ */ | 218 /** |
220 /** | 219 * Unsupported. |
221 * Unsupported. | 220 * |
222 * | 221 * TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past) |
223 * TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past) | 222 * @deprecated |
224 * @deprecated | 223 */ |
225 */ | 224 @Deprecated |
226 @Deprecated | 225 public String getAlgorithm() |
227 public String getAlgorithm() | 226 { |
228 { | 227 throw new UnsupportedOperationException(); |
229 throw new UnsupportedOperationException(); | 228 } |
230 } | 229 |
231 | 230 /* ------------------------------------------------------------ */ |
232 /* ------------------------------------------------------------ */ | 231 /** |
233 /** | 232 * Unsupported. |
234 * Unsupported. | 233 * |
235 * | 234 * TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past) |
236 * TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past) | 235 * @deprecated |
237 * @deprecated | 236 */ |
238 */ | 237 @Deprecated |
239 @Deprecated | 238 public void setAlgorithm(String algorithm) |
240 public void setAlgorithm(String algorithm) | 239 { |
241 { | 240 throw new UnsupportedOperationException(); |
242 throw new UnsupportedOperationException(); | 241 } |
243 } | 242 |
244 | 243 /* ------------------------------------------------------------ */ |
245 /* ------------------------------------------------------------ */ | 244 /** |
246 /** | 245 * @see org.eclipse.jetty.server.ssl.SslConnector#getProtocol() |
247 * @see org.eclipse.jetty.server.ssl.SslConnector#getProtocol() | 246 * @deprecated |
248 * @deprecated | 247 */ |
249 */ | 248 @Deprecated |
250 @Deprecated | 249 public String getProtocol() |
251 public String getProtocol() | 250 { |
252 { | 251 return _sslContextFactory.getProtocol(); |
253 return _sslContextFactory.getProtocol(); | 252 } |
254 } | 253 |
255 | 254 /* ------------------------------------------------------------ */ |
256 /* ------------------------------------------------------------ */ | 255 /** |
257 /** | 256 * @see org.eclipse.jetty.server.ssl.SslConnector#setProtocol(java.lang.String) |
258 * @see org.eclipse.jetty.server.ssl.SslConnector#setProtocol(java.lang.String) | 257 * @deprecated |
259 * @deprecated | 258 */ |
260 */ | 259 @Deprecated |
261 @Deprecated | 260 public void setProtocol(String protocol) |
262 public void setProtocol(String protocol) | 261 { |
263 { | 262 _sslContextFactory.setProtocol(protocol); |
264 _sslContextFactory.setProtocol(protocol); | 263 } |
265 } | 264 |
266 | 265 /* ------------------------------------------------------------ */ |
267 /* ------------------------------------------------------------ */ | 266 /** |
268 /** | 267 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeystore(java.lang.String) |
269 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeystore(java.lang.String) | 268 * @deprecated |
270 * @deprecated | 269 */ |
271 */ | 270 @Deprecated |
272 @Deprecated | 271 public void setKeystore(String keystore) |
273 public void setKeystore(String keystore) | 272 { |
274 { | 273 _sslContextFactory.setKeyStorePath(keystore); |
275 _sslContextFactory.setKeyStorePath(keystore); | 274 } |
276 } | 275 |
277 | 276 /* ------------------------------------------------------------ */ |
278 /* ------------------------------------------------------------ */ | 277 /** |
279 /** | 278 * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystore() |
280 * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystore() | 279 * @deprecated |
281 * @deprecated | 280 */ |
282 */ | 281 @Deprecated |
283 @Deprecated | 282 public String getKeystore() |
284 public String getKeystore() | 283 { |
285 { | 284 return _sslContextFactory.getKeyStorePath(); |
286 return _sslContextFactory.getKeyStorePath(); | 285 } |
287 } | 286 |
288 | 287 /* ------------------------------------------------------------ */ |
289 /* ------------------------------------------------------------ */ | 288 /** |
290 /** | 289 * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystoreType() |
291 * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystoreType() | 290 * @deprecated |
292 * @deprecated | 291 */ |
293 */ | 292 @Deprecated |
294 @Deprecated | 293 public String getKeystoreType() |
295 public String getKeystoreType() | 294 { |
296 { | 295 return _sslContextFactory.getKeyStoreType(); |
297 return _sslContextFactory.getKeyStoreType(); | 296 } |
298 } | 297 |
299 | 298 /* ------------------------------------------------------------ */ |
300 /* ------------------------------------------------------------ */ | 299 /** |
301 /** | 300 * @see org.eclipse.jetty.server.ssl.SslConnector#getNeedClientAuth() |
302 * @see org.eclipse.jetty.server.ssl.SslConnector#getNeedClientAuth() | 301 * @deprecated |
303 * @deprecated | 302 */ |
304 */ | 303 @Deprecated |
305 @Deprecated | 304 public boolean getNeedClientAuth() |
306 public boolean getNeedClientAuth() | 305 { |
307 { | 306 return _sslContextFactory.getNeedClientAuth(); |
308 return _sslContextFactory.getNeedClientAuth(); | 307 } |
309 } | 308 |
310 | 309 /* ------------------------------------------------------------ */ |
311 /* ------------------------------------------------------------ */ | 310 /** |
312 /** | 311 * @see org.eclipse.jetty.server.ssl.SslConnector#getWantClientAuth() |
313 * @see org.eclipse.jetty.server.ssl.SslConnector#getWantClientAuth() | 312 * @deprecated |
314 * @deprecated | 313 */ |
315 */ | 314 @Deprecated |
316 @Deprecated | 315 public boolean getWantClientAuth() |
317 public boolean getWantClientAuth() | 316 { |
318 { | 317 return _sslContextFactory.getWantClientAuth(); |
319 return _sslContextFactory.getWantClientAuth(); | 318 } |
320 } | 319 |
321 | 320 /* ------------------------------------------------------------ */ |
322 /* ------------------------------------------------------------ */ | 321 /** |
323 /** | 322 * @see org.eclipse.jetty.server.ssl.SslConnector#setNeedClientAuth(boolean) |
324 * @see org.eclipse.jetty.server.ssl.SslConnector#setNeedClientAuth(boolean) | 323 * @deprecated |
325 * @deprecated | 324 */ |
326 */ | 325 @Deprecated |
327 @Deprecated | 326 public void setNeedClientAuth(boolean needClientAuth) |
328 public void setNeedClientAuth(boolean needClientAuth) | 327 { |
329 { | 328 _sslContextFactory.setNeedClientAuth(needClientAuth); |
330 _sslContextFactory.setNeedClientAuth(needClientAuth); | 329 } |
331 } | 330 |
332 | 331 /* ------------------------------------------------------------ */ |
333 /* ------------------------------------------------------------ */ | 332 /** |
334 /** | 333 * @see org.eclipse.jetty.server.ssl.SslConnector#setWantClientAuth(boolean) |
335 * @see org.eclipse.jetty.server.ssl.SslConnector#setWantClientAuth(boolean) | 334 * @deprecated |
336 * @deprecated | 335 */ |
337 */ | 336 @Deprecated |
338 @Deprecated | 337 public void setWantClientAuth(boolean wantClientAuth) |
339 public void setWantClientAuth(boolean wantClientAuth) | 338 { |
340 { | 339 _sslContextFactory.setWantClientAuth(wantClientAuth); |
341 _sslContextFactory.setWantClientAuth(wantClientAuth); | 340 } |
342 } | 341 |
343 | 342 /* ------------------------------------------------------------ */ |
344 /* ------------------------------------------------------------ */ | 343 /** |
345 /** | 344 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeystoreType(java.lang.String) |
346 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeystoreType(java.lang.String) | 345 * @deprecated |
347 * @deprecated | 346 */ |
348 */ | 347 @Deprecated |
349 @Deprecated | 348 public void setKeystoreType(String keystoreType) |
350 public void setKeystoreType(String keystoreType) | 349 { |
351 { | 350 _sslContextFactory.setKeyStoreType(keystoreType); |
352 _sslContextFactory.setKeyStoreType(keystoreType); | 351 } |
353 } | 352 |
354 | 353 /* ------------------------------------------------------------ */ |
355 /* ------------------------------------------------------------ */ | 354 /** |
356 /** | 355 * @see org.eclipse.jetty.server.ssl.SslConnector#getProvider() |
357 * @see org.eclipse.jetty.server.ssl.SslConnector#getProvider() | 356 * @deprecated |
358 * @deprecated | 357 */ |
359 */ | 358 @Deprecated |
360 @Deprecated | 359 public String getProvider() |
361 public String getProvider() | 360 { |
362 { | 361 return _sslContextFactory.getProvider(); |
363 return _sslContextFactory.getProvider(); | 362 } |
364 } | 363 |
365 | 364 /* ------------------------------------------------------------ */ |
366 /* ------------------------------------------------------------ */ | 365 /** |
367 /** | 366 * @see org.eclipse.jetty.server.ssl.SslConnector#getSecureRandomAlgorithm() |
368 * @see org.eclipse.jetty.server.ssl.SslConnector#getSecureRandomAlgorithm() | 367 * @deprecated |
369 * @deprecated | 368 */ |
370 */ | 369 @Deprecated |
371 @Deprecated | 370 public String getSecureRandomAlgorithm() |
372 public String getSecureRandomAlgorithm() | 371 { |
373 { | 372 return _sslContextFactory.getSecureRandomAlgorithm(); |
374 return _sslContextFactory.getSecureRandomAlgorithm(); | 373 } |
375 } | 374 |
376 | 375 /* ------------------------------------------------------------ */ |
377 /* ------------------------------------------------------------ */ | 376 /** |
378 /** | 377 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslKeyManagerFactoryAlgorithm() |
379 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslKeyManagerFactoryAlgorithm() | 378 * @deprecated |
380 * @deprecated | 379 */ |
381 */ | 380 @Deprecated |
382 @Deprecated | 381 public String getSslKeyManagerFactoryAlgorithm() |
383 public String getSslKeyManagerFactoryAlgorithm() | 382 { |
384 { | 383 return _sslContextFactory.getSslKeyManagerFactoryAlgorithm(); |
385 return _sslContextFactory.getSslKeyManagerFactoryAlgorithm(); | 384 } |
386 } | 385 |
387 | 386 /* ------------------------------------------------------------ */ |
388 /* ------------------------------------------------------------ */ | 387 /** |
389 /** | 388 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslTrustManagerFactoryAlgorithm() |
390 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslTrustManagerFactoryAlgorithm() | 389 * @deprecated |
391 * @deprecated | 390 */ |
392 */ | 391 @Deprecated |
393 @Deprecated | 392 public String getSslTrustManagerFactoryAlgorithm() |
394 public String getSslTrustManagerFactoryAlgorithm() | 393 { |
395 { | 394 return _sslContextFactory.getTrustManagerFactoryAlgorithm(); |
396 return _sslContextFactory.getTrustManagerFactoryAlgorithm(); | 395 } |
397 } | 396 |
398 | 397 /* ------------------------------------------------------------ */ |
399 /* ------------------------------------------------------------ */ | 398 /** |
400 /** | 399 * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststore() |
401 * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststore() | 400 * @deprecated |
402 * @deprecated | 401 */ |
403 */ | 402 @Deprecated |
404 @Deprecated | 403 public String getTruststore() |
405 public String getTruststore() | 404 { |
406 { | 405 return _sslContextFactory.getTrustStore(); |
407 return _sslContextFactory.getTrustStore(); | 406 } |
408 } | 407 |
409 | 408 /* ------------------------------------------------------------ */ |
410 /* ------------------------------------------------------------ */ | 409 /** |
411 /** | 410 * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststoreType() |
412 * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststoreType() | 411 * @deprecated |
413 * @deprecated | 412 */ |
414 */ | 413 @Deprecated |
415 @Deprecated | 414 public String getTruststoreType() |
416 public String getTruststoreType() | 415 { |
417 { | 416 return _sslContextFactory.getTrustStoreType(); |
418 return _sslContextFactory.getTrustStoreType(); | 417 } |
419 } | 418 |
420 | 419 /* ------------------------------------------------------------ */ |
421 /* ------------------------------------------------------------ */ | 420 /** |
422 /** | 421 * @see org.eclipse.jetty.server.ssl.SslConnector#setProvider(java.lang.String) |
423 * @see org.eclipse.jetty.server.ssl.SslConnector#setProvider(java.lang.String) | 422 * @deprecated |
424 * @deprecated | 423 */ |
425 */ | 424 @Deprecated |
426 @Deprecated | 425 public void setProvider(String provider) |
427 public void setProvider(String provider) | 426 { |
428 { | 427 _sslContextFactory.setProvider(provider); |
429 _sslContextFactory.setProvider(provider); | 428 } |
430 } | 429 |
431 | 430 /* ------------------------------------------------------------ */ |
432 /* ------------------------------------------------------------ */ | 431 /** |
433 /** | 432 * @see org.eclipse.jetty.server.ssl.SslConnector#setSecureRandomAlgorithm(java.lang.String) |
434 * @see org.eclipse.jetty.server.ssl.SslConnector#setSecureRandomAlgorithm(java.lang.String) | 433 * @deprecated |
435 * @deprecated | 434 */ |
436 */ | 435 @Deprecated |
437 @Deprecated | 436 public void setSecureRandomAlgorithm(String algorithm) |
438 public void setSecureRandomAlgorithm(String algorithm) | 437 { |
439 { | 438 _sslContextFactory.setSecureRandomAlgorithm(algorithm); |
440 _sslContextFactory.setSecureRandomAlgorithm(algorithm); | 439 } |
441 } | 440 |
442 | 441 /* ------------------------------------------------------------ */ |
443 /* ------------------------------------------------------------ */ | 442 /** |
444 /** | 443 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslKeyManagerFactoryAlgorithm(java.lang.String) |
445 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslKeyManagerFactoryAlgorithm(java.lang.String) | 444 * @deprecated |
446 * @deprecated | 445 */ |
447 */ | 446 @Deprecated |
448 @Deprecated | 447 public void setSslKeyManagerFactoryAlgorithm(String algorithm) |
449 public void setSslKeyManagerFactoryAlgorithm(String algorithm) | 448 { |
450 { | 449 _sslContextFactory.setSslKeyManagerFactoryAlgorithm(algorithm); |
451 _sslContextFactory.setSslKeyManagerFactoryAlgorithm(algorithm); | 450 } |
452 } | 451 |
453 | 452 /* ------------------------------------------------------------ */ |
454 /* ------------------------------------------------------------ */ | 453 /** |
455 /** | 454 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslTrustManagerFactoryAlgorithm(java.lang.String) |
456 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslTrustManagerFactoryAlgorithm(java.lang.String) | 455 * @deprecated |
457 * @deprecated | 456 */ |
458 */ | 457 @Deprecated |
459 @Deprecated | 458 public void setSslTrustManagerFactoryAlgorithm(String algorithm) |
460 public void setSslTrustManagerFactoryAlgorithm(String algorithm) | 459 { |
461 { | 460 _sslContextFactory.setTrustManagerFactoryAlgorithm(algorithm); |
462 _sslContextFactory.setTrustManagerFactoryAlgorithm(algorithm); | 461 } |
463 } | 462 |
464 | 463 /* ------------------------------------------------------------ */ |
465 /* ------------------------------------------------------------ */ | 464 /** |
466 /** | 465 * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststore(java.lang.String) |
467 * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststore(java.lang.String) | 466 * @deprecated |
468 * @deprecated | 467 */ |
469 */ | 468 @Deprecated |
470 @Deprecated | 469 public void setTruststore(String truststore) |
471 public void setTruststore(String truststore) | 470 { |
472 { | 471 _sslContextFactory.setTrustStore(truststore); |
473 _sslContextFactory.setTrustStore(truststore); | 472 } |
474 } | 473 |
475 | 474 /* ------------------------------------------------------------ */ |
476 /* ------------------------------------------------------------ */ | 475 /** |
477 /** | 476 * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststoreType(java.lang.String) |
478 * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststoreType(java.lang.String) | 477 * @deprecated |
479 * @deprecated | 478 */ |
480 */ | 479 @Deprecated |
481 @Deprecated | 480 public void setTruststoreType(String truststoreType) |
482 public void setTruststoreType(String truststoreType) | 481 { |
483 { | 482 _sslContextFactory.setTrustStoreType(truststoreType); |
484 _sslContextFactory.setTrustStoreType(truststoreType); | 483 } |
485 } | 484 |
486 | 485 /* ------------------------------------------------------------ */ |
487 /* ------------------------------------------------------------ */ | 486 /** |
488 /** | 487 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext) |
489 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext) | 488 * @deprecated |
490 * @deprecated | 489 */ |
491 */ | 490 @Deprecated |
492 @Deprecated | 491 public void setSslContext(SSLContext sslContext) |
493 public void setSslContext(SSLContext sslContext) | 492 { |
494 { | 493 _sslContextFactory.setSslContext(sslContext); |
495 _sslContextFactory.setSslContext(sslContext); | 494 } |
496 } | 495 |
497 | 496 /* ------------------------------------------------------------ */ |
498 /* ------------------------------------------------------------ */ | 497 /** |
499 /** | 498 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext) |
500 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext) | 499 * @deprecated |
501 * @deprecated | 500 */ |
502 */ | 501 @Deprecated |
503 @Deprecated | 502 public SSLContext getSslContext() |
504 public SSLContext getSslContext() | 503 { |
505 { | 504 return _sslContextFactory.getSslContext(); |
506 return _sslContextFactory.getSslContext(); | 505 } |
507 } | 506 |
508 | 507 /* ------------------------------------------------------------ */ |
509 /* ------------------------------------------------------------ */ | 508 /** |
510 /** | 509 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslContextFactory() |
511 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslContextFactory() | 510 */ |
512 */ | 511 public SslContextFactory getSslContextFactory() |
513 public SslContextFactory getSslContextFactory() | 512 { |
514 { | 513 return _sslContextFactory; |
515 return _sslContextFactory; | 514 } |
516 } | 515 |
517 | 516 /* ------------------------------------------------------------ */ |
518 /* ------------------------------------------------------------ */ | 517 /** |
519 /** | 518 * By default, we're confidential, given we speak SSL. But, if we've been |
520 * By default, we're confidential, given we speak SSL. But, if we've been | 519 * told about an confidential port, and said port is not our port, then |
521 * told about an confidential port, and said port is not our port, then | 520 * we're not. This allows separation of listeners providing INTEGRAL versus |
522 * we're not. This allows separation of listeners providing INTEGRAL versus | 521 * CONFIDENTIAL constraints, such as one SSL listener configured to require |
523 * CONFIDENTIAL constraints, such as one SSL listener configured to require | 522 * client certs providing CONFIDENTIAL, whereas another SSL listener not |
524 * client certs providing CONFIDENTIAL, whereas another SSL listener not | 523 * requiring client certs providing mere INTEGRAL constraints. |
525 * requiring client certs providing mere INTEGRAL constraints. | 524 */ |
526 */ | 525 @Override |
527 @Override | 526 public boolean isConfidential(Request request) |
528 public boolean isConfidential(Request request) | 527 { |
529 { | 528 final int confidentialPort=getConfidentialPort(); |
530 final int confidentialPort=getConfidentialPort(); | 529 return confidentialPort==0||confidentialPort==request.getServerPort(); |
531 return confidentialPort==0||confidentialPort==request.getServerPort(); | 530 } |
532 } | 531 |
533 | 532 /* ------------------------------------------------------------ */ |
534 /* ------------------------------------------------------------ */ | 533 /** |
535 /** | 534 * By default, we're integral, given we speak SSL. But, if we've been told |
536 * By default, we're integral, given we speak SSL. But, if we've been told | 535 * about an integral port, and said port is not our port, then we're not. |
537 * about an integral port, and said port is not our port, then we're not. | 536 * This allows separation of listeners providing INTEGRAL versus |
538 * This allows separation of listeners providing INTEGRAL versus | 537 * CONFIDENTIAL constraints, such as one SSL listener configured to require |
539 * CONFIDENTIAL constraints, such as one SSL listener configured to require | 538 * client certs providing CONFIDENTIAL, whereas another SSL listener not |
540 * client certs providing CONFIDENTIAL, whereas another SSL listener not | 539 * requiring client certs providing mere INTEGRAL constraints. |
541 * requiring client certs providing mere INTEGRAL constraints. | 540 */ |
542 */ | 541 @Override |
543 @Override | 542 public boolean isIntegral(Request request) |
544 public boolean isIntegral(Request request) | 543 { |
545 { | 544 final int integralPort=getIntegralPort(); |
546 final int integralPort=getIntegralPort(); | 545 return integralPort==0||integralPort==request.getServerPort(); |
547 return integralPort==0||integralPort==request.getServerPort(); | 546 } |
548 } | 547 |
549 | 548 /* ------------------------------------------------------------------------------- */ |
550 /* ------------------------------------------------------------------------------- */ | 549 @Override |
551 @Override | 550 protected AsyncConnection newConnection(SocketChannel channel, AsyncEndPoint endpoint) |
552 protected AsyncConnection newConnection(SocketChannel channel, AsyncEndPoint endpoint) | 551 { |
553 { | 552 try |
554 try | 553 { |
555 { | 554 SSLEngine engine = createSSLEngine(channel); |
556 SSLEngine engine = createSSLEngine(channel); | 555 SslConnection connection = newSslConnection(endpoint, engine); |
557 SslConnection connection = newSslConnection(endpoint, engine); | 556 AsyncConnection delegate = newPlainConnection(channel, connection.getSslEndPoint()); |
558 AsyncConnection delegate = newPlainConnection(channel, connection.getSslEndPoint()); | 557 connection.getSslEndPoint().setConnection(delegate); |
559 connection.getSslEndPoint().setConnection(delegate); | 558 connection.setAllowRenegotiate(_sslContextFactory.isAllowRenegotiate()); |
560 connection.setAllowRenegotiate(_sslContextFactory.isAllowRenegotiate()); | 559 return connection; |
561 return connection; | 560 } |
562 } | 561 catch (IOException e) |
563 catch (IOException e) | 562 { |
564 { | 563 throw new RuntimeIOException(e); |
565 throw new RuntimeIOException(e); | 564 } |
566 } | 565 } |
567 } | 566 |
568 | 567 protected AsyncConnection newPlainConnection(SocketChannel channel, AsyncEndPoint endPoint) |
569 protected AsyncConnection newPlainConnection(SocketChannel channel, AsyncEndPoint endPoint) | 568 { |
570 { | 569 return super.newConnection(channel, endPoint); |
571 return super.newConnection(channel, endPoint); | 570 } |
572 } | 571 |
573 | 572 protected SslConnection newSslConnection(AsyncEndPoint endpoint, SSLEngine engine) |
574 protected SslConnection newSslConnection(AsyncEndPoint endpoint, SSLEngine engine) | 573 { |
575 { | 574 return new SslConnection(engine, endpoint); |
576 return new SslConnection(engine, endpoint); | 575 } |
577 } | 576 |
578 | 577 /* ------------------------------------------------------------ */ |
579 /* ------------------------------------------------------------ */ | 578 /** |
580 /** | 579 * @param channel A channel which if passed is used as to extract remote |
581 * @param channel A channel which if passed is used as to extract remote | 580 * host and port for the purposes of SSL session caching |
582 * host and port for the purposes of SSL session caching | 581 * @return A SSLEngine for a new or cached SSL Session |
583 * @return A SSLEngine for a new or cached SSL Session | 582 * @throws IOException if the SSLEngine cannot be created |
584 * @throws IOException if the SSLEngine cannot be created | 583 */ |
585 */ | 584 protected SSLEngine createSSLEngine(SocketChannel channel) throws IOException |
586 protected SSLEngine createSSLEngine(SocketChannel channel) throws IOException | 585 { |
587 { | 586 SSLEngine engine; |
588 SSLEngine engine; | 587 if (channel != null) |
589 if (channel != null) | 588 { |
590 { | 589 String peerHost = channel.socket().getInetAddress().getHostAddress(); |
591 String peerHost = channel.socket().getInetAddress().getHostAddress(); | 590 int peerPort = channel.socket().getPort(); |
592 int peerPort = channel.socket().getPort(); | 591 engine = _sslContextFactory.newSslEngine(peerHost, peerPort); |
593 engine = _sslContextFactory.newSslEngine(peerHost, peerPort); | 592 } |
594 } | 593 else |
595 else | 594 { |
596 { | 595 engine = _sslContextFactory.newSslEngine(); |
597 engine = _sslContextFactory.newSslEngine(); | 596 } |
598 } | 597 |
599 | 598 engine.setUseClientMode(false); |
600 engine.setUseClientMode(false); | 599 return engine; |
601 return engine; | 600 } |
602 } | 601 |
603 | 602 /* ------------------------------------------------------------ */ |
604 /* ------------------------------------------------------------ */ | 603 /** |
605 /** | 604 * @see org.eclipse.jetty.server.nio.SelectChannelConnector#doStart() |
606 * @see org.eclipse.jetty.server.nio.SelectChannelConnector#doStart() | 605 */ |
607 */ | 606 @Override |
608 @Override | 607 protected void doStart() throws Exception |
609 protected void doStart() throws Exception | 608 { |
610 { | 609 _sslContextFactory.checkKeyStore(); |
611 _sslContextFactory.checkKeyStore(); | 610 _sslContextFactory.start(); |
612 _sslContextFactory.start(); | 611 |
613 | 612 SSLEngine sslEngine = _sslContextFactory.newSslEngine(); |
614 SSLEngine sslEngine = _sslContextFactory.newSslEngine(); | 613 |
615 | 614 sslEngine.setUseClientMode(false); |
616 sslEngine.setUseClientMode(false); | 615 |
617 | 616 SSLSession sslSession = sslEngine.getSession(); |
618 SSLSession sslSession = sslEngine.getSession(); | 617 |
619 | 618 _sslBuffers = BuffersFactory.newBuffers( |
620 _sslBuffers = BuffersFactory.newBuffers( | 619 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,sslSession.getApplicationBufferSize(), |
621 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,sslSession.getApplicationBufferSize(), | 620 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,sslSession.getApplicationBufferSize(), |
622 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,sslSession.getApplicationBufferSize(), | 621 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,getMaxBuffers() |
623 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,getMaxBuffers() | 622 ); |
624 ); | 623 |
625 | 624 if (getRequestHeaderSize()<sslSession.getApplicationBufferSize()) |
626 if (getRequestHeaderSize()<sslSession.getApplicationBufferSize()) | 625 setRequestHeaderSize(sslSession.getApplicationBufferSize()); |
627 setRequestHeaderSize(sslSession.getApplicationBufferSize()); | 626 if (getRequestBufferSize()<sslSession.getApplicationBufferSize()) |
628 if (getRequestBufferSize()<sslSession.getApplicationBufferSize()) | 627 setRequestBufferSize(sslSession.getApplicationBufferSize()); |
629 setRequestBufferSize(sslSession.getApplicationBufferSize()); | 628 |
630 | 629 super.doStart(); |
631 super.doStart(); | 630 } |
632 } | 631 |
633 | 632 /* ------------------------------------------------------------ */ |
634 /* ------------------------------------------------------------ */ | 633 /** |
635 /** | 634 * @see org.eclipse.jetty.server.nio.SelectChannelConnector#doStop() |
636 * @see org.eclipse.jetty.server.nio.SelectChannelConnector#doStop() | 635 */ |
637 */ | 636 @Override |
638 @Override | 637 protected void doStop() throws Exception |
639 protected void doStop() throws Exception | 638 { |
640 { | 639 _sslBuffers=null; |
641 _sslBuffers=null; | 640 super.doStop(); |
642 super.doStop(); | 641 } |
643 } | 642 |
644 | 643 /* ------------------------------------------------------------ */ |
645 /* ------------------------------------------------------------ */ | 644 /** |
646 /** | 645 * @return SSL buffers |
647 * @return SSL buffers | 646 */ |
648 */ | 647 public Buffers getSslBuffers() |
649 public Buffers getSslBuffers() | 648 { |
650 { | 649 return _sslBuffers; |
651 return _sslBuffers; | 650 } |
652 } | |
653 } | 651 } |