Mercurial Hosting > luan

comparison src/org/eclipse/jetty/server/ssl/SslSelectChannelConnector.java @ 872:1c0b6841cd32

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
remove SocketEndPoint
author Franklin Schmidt <fschmidt@gmail.com>
date Mon, 03 Oct 2016 19:55:41 -0600
parents 3428c60d7cfc
children 150092cebf3e
comparison
equal deleted inserted replaced
871:260f538f8fa7 872:1c0b6841cd32
31 import org.eclipse.jetty.io.Buffers; 31 import org.eclipse.jetty.io.Buffers;
32 import org.eclipse.jetty.io.Buffers.Type; 32 import org.eclipse.jetty.io.Buffers.Type;
33 import org.eclipse.jetty.io.BuffersFactory; 33 import org.eclipse.jetty.io.BuffersFactory;
34 import org.eclipse.jetty.io.EndPoint; 34 import org.eclipse.jetty.io.EndPoint;
35 import org.eclipse.jetty.io.RuntimeIOException; 35 import org.eclipse.jetty.io.RuntimeIOException;
36 import org.eclipse.jetty.io.bio.SocketEndPoint;
37 import org.eclipse.jetty.io.nio.AsyncConnection; 36 import org.eclipse.jetty.io.nio.AsyncConnection;
38 import org.eclipse.jetty.io.nio.SslConnection; 37 import org.eclipse.jetty.io.nio.SslConnection;
39 import org.eclipse.jetty.server.Request; 38 import org.eclipse.jetty.server.Request;
40 import org.eclipse.jetty.server.nio.SelectChannelConnector; 39 import org.eclipse.jetty.server.nio.SelectChannelConnector;
41 import org.eclipse.jetty.util.component.AggregateLifeCycle; 40 import org.eclipse.jetty.util.component.AggregateLifeCycle;
47 * 46 *
48 * @org.apache.xbean.XBean element="sslConnector" description="Creates an NIO ssl connector" 47 * @org.apache.xbean.XBean element="sslConnector" description="Creates an NIO ssl connector"
49 */ 48 */
50 public class SslSelectChannelConnector extends SelectChannelConnector implements SslConnector 49 public class SslSelectChannelConnector extends SelectChannelConnector implements SslConnector
51 { 50 {
52 private final SslContextFactory _sslContextFactory; 51 private final SslContextFactory _sslContextFactory;
53 private Buffers _sslBuffers; 52 private Buffers _sslBuffers;
54 53
55 /* ------------------------------------------------------------ */ 54 /* ------------------------------------------------------------ */
56 public SslSelectChannelConnector() 55 public SslSelectChannelConnector()
57 { 56 {
58 this(new SslContextFactory(SslContextFactory.DEFAULT_KEYSTORE_PATH)); 57 this(new SslContextFactory(SslContextFactory.DEFAULT_KEYSTORE_PATH));
59 setSoLingerTime(30000); 58 setSoLingerTime(30000);
60 } 59 }
61 60
62 /* ------------------------------------------------------------ */ 61 /* ------------------------------------------------------------ */
63 /** Construct with explicit SslContextFactory. 62 /** Construct with explicit SslContextFactory.
64 * The SslContextFactory passed is added via {@link #addBean(Object)} so that 63 * The SslContextFactory passed is added via {@link #addBean(Object)} so that
65 * it's lifecycle may be managed with {@link AggregateLifeCycle}. 64 * it's lifecycle may be managed with {@link AggregateLifeCycle}.
66 * @param sslContextFactory 65 * @param sslContextFactory
67 */ 66 */
68 public SslSelectChannelConnector(SslContextFactory sslContextFactory) 67 public SslSelectChannelConnector(SslContextFactory sslContextFactory)
69 { 68 {
70 _sslContextFactory = sslContextFactory; 69 _sslContextFactory = sslContextFactory;
71 addBean(_sslContextFactory); 70 addBean(_sslContextFactory);
72 setUseDirectBuffers(false); 71 setUseDirectBuffers(false);
73 setSoLingerTime(30000); 72 setSoLingerTime(30000);
74 } 73 }
75 74
76 /* ------------------------------------------------------------ */ 75 /* ------------------------------------------------------------ */
77 /** 76 /**
78 * Allow the Listener a chance to customise the request. before the server 77 * Allow the Listener a chance to customise the request. before the server
79 * does its stuff. <br> 78 * does its stuff. <br>
80 * This allows the required attributes to be set for SSL requests. <br> 79 * This allows the required attributes to be set for SSL requests. <br>
81 * The requirements of the Servlet specs are: 80 * The requirements of the Servlet specs are:
82 * <ul> 81 * <ul>
83 * <li> an attribute named "javax.servlet.request.ssl_session_id" of type 82 * <li> an attribute named "javax.servlet.request.ssl_session_id" of type
84 * String (since Servlet Spec 3.0).</li> 83 * String (since Servlet Spec 3.0).</li>
85 * <li> an attribute named "javax.servlet.request.cipher_suite" of type 84 * <li> an attribute named "javax.servlet.request.cipher_suite" of type
86 * String.</li> 85 * String.</li>
87 * <li> an attribute named "javax.servlet.request.key_size" of type Integer.</li> 86 * <li> an attribute named "javax.servlet.request.key_size" of type Integer.</li>
88 * <li> an attribute named "javax.servlet.request.X509Certificate" of type 87 * <li> an attribute named "javax.servlet.request.X509Certificate" of type
89 * java.security.cert.X509Certificate[]. This is an array of objects of type 88 * java.security.cert.X509Certificate[]. This is an array of objects of type
90 * X509Certificate, the order of this array is defined as being in ascending 89 * X509Certificate, the order of this array is defined as being in ascending
91 * order of trust. The first certificate in the chain is the one set by the 90 * order of trust. The first certificate in the chain is the one set by the
92 * client, the next is the one used to authenticate the first, and so on. 91 * client, the next is the one used to authenticate the first, and so on.
93 * </li> 92 * </li>
94 * </ul> 93 * </ul>
95 * 94 *
96 * @param endpoint 95 * @param endpoint
97 * The Socket the request arrived on. This should be a 96 * The Socket the request arrived on.
98 * {@link SocketEndPoint} wrapping a {@link SSLSocket}. 97 * @param request
99 * @param request 98 * HttpRequest to be customised.
100 * HttpRequest to be customised. 99 */
101 */ 100 @Override
102 @Override 101 public void customize(EndPoint endpoint, Request request) throws IOException
103 public void customize(EndPoint endpoint, Request request) throws IOException 102 {
104 { 103 request.setScheme(HttpSchemes.HTTPS);
105 request.setScheme(HttpSchemes.HTTPS); 104 super.customize(endpoint,request);
106 super.customize(endpoint,request); 105
107 106 SslConnection.SslEndPoint sslEndpoint=(SslConnection.SslEndPoint)endpoint;
108 SslConnection.SslEndPoint sslEndpoint=(SslConnection.SslEndPoint)endpoint; 107 SSLEngine sslEngine=sslEndpoint.getSslEngine();
109 SSLEngine sslEngine=sslEndpoint.getSslEngine(); 108 SSLSession sslSession=sslEngine.getSession();
110 SSLSession sslSession=sslEngine.getSession(); 109
111 110 SslCertificates.customize(sslSession,endpoint,request);
112 SslCertificates.customize(sslSession,endpoint,request); 111 }
113 } 112
114 113 /* ------------------------------------------------------------ */
115 /* ------------------------------------------------------------ */ 114 /**
116 /** 115 * @return True if SSL re-negotiation is allowed (default false)
117 * @return True if SSL re-negotiation is allowed (default false) 116 * @deprecated
118 * @deprecated 117 */
119 */ 118 @Deprecated
120 @Deprecated 119 public boolean isAllowRenegotiate()
121 public boolean isAllowRenegotiate() 120 {
122 { 121 return _sslContextFactory.isAllowRenegotiate();
123 return _sslContextFactory.isAllowRenegotiate(); 122 }
124 } 123
125 124 /* ------------------------------------------------------------ */
126 /* ------------------------------------------------------------ */ 125 /**
127 /** 126 * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered
128 * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered 127 * a vulnerability in SSL/TLS with re-negotiation. If your JVM
129 * a vulnerability in SSL/TLS with re-negotiation. If your JVM 128 * does not have CVE-2009-3555 fixed, then re-negotiation should
130 * does not have CVE-2009-3555 fixed, then re-negotiation should 129 * not be allowed. CVE-2009-3555 was fixed in Sun java 1.6 with a ban
131 * not be allowed. CVE-2009-3555 was fixed in Sun java 1.6 with a ban 130 * of renegotiate in u19 and with RFC5746 in u22.
132 * of renegotiate in u19 and with RFC5746 in u22. 131 * @param allowRenegotiate true if re-negotiation is allowed (default false)
133 * @param allowRenegotiate true if re-negotiation is allowed (default false) 132 * @deprecated
134 * @deprecated 133 */
135 */ 134 @Deprecated
136 @Deprecated 135 public void setAllowRenegotiate(boolean allowRenegotiate)
137 public void setAllowRenegotiate(boolean allowRenegotiate) 136 {
138 { 137 _sslContextFactory.setAllowRenegotiate(allowRenegotiate);
139 _sslContextFactory.setAllowRenegotiate(allowRenegotiate); 138 }
140 } 139
141 140 /* ------------------------------------------------------------ */
142 /* ------------------------------------------------------------ */ 141 /**
143 /** 142 * @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites()
144 * @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites() 143 * @deprecated
145 * @deprecated 144 */
146 */ 145 @Deprecated
147 @Deprecated 146 public String[] getExcludeCipherSuites()
148 public String[] getExcludeCipherSuites() 147 {
149 { 148 return _sslContextFactory.getExcludeCipherSuites();
150 return _sslContextFactory.getExcludeCipherSuites(); 149 }
151 } 150
152 151 /* ------------------------------------------------------------ */
153 /* ------------------------------------------------------------ */ 152 /**
154 /** 153 * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[])
155 * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[]) 154 * @deprecated
156 * @deprecated 155 */
157 */ 156 @Deprecated
158 @Deprecated 157 public void setExcludeCipherSuites(String[] cipherSuites)
159 public void setExcludeCipherSuites(String[] cipherSuites) 158 {
160 { 159 _sslContextFactory.setExcludeCipherSuites(cipherSuites);
161 _sslContextFactory.setExcludeCipherSuites(cipherSuites); 160 }
162 } 161
163 162 /* ------------------------------------------------------------ */
164 /* ------------------------------------------------------------ */ 163 /**
165 /** 164 * @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites()
166 * @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites() 165 * @deprecated
167 * @deprecated 166 */
168 */ 167 @Deprecated
169 @Deprecated 168 public String[] getIncludeCipherSuites()
170 public String[] getIncludeCipherSuites() 169 {
171 { 170 return _sslContextFactory.getIncludeCipherSuites();
172 return _sslContextFactory.getIncludeCipherSuites(); 171 }
173 } 172
174 173 /* ------------------------------------------------------------ */
175 /* ------------------------------------------------------------ */ 174 /**
176 /** 175 * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[])
177 * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[]) 176 * @deprecated
178 * @deprecated 177 */
179 */ 178 @Deprecated
180 @Deprecated 179 public void setIncludeCipherSuites(String[] cipherSuites)
181 public void setIncludeCipherSuites(String[] cipherSuites) 180 {
182 { 181 _sslContextFactory.setIncludeCipherSuites(cipherSuites);
183 _sslContextFactory.setIncludeCipherSuites(cipherSuites); 182 }
184 } 183
185 184 /* ------------------------------------------------------------ */
186 /* ------------------------------------------------------------ */ 185 /**
187 /** 186 * @see org.eclipse.jetty.server.ssl.SslConnector#setPassword(java.lang.String)
188 * @see org.eclipse.jetty.server.ssl.SslConnector#setPassword(java.lang.String) 187 * @deprecated
189 * @deprecated 188 */
190 */ 189 @Deprecated
191 @Deprecated 190 public void setPassword(String password)
192 public void setPassword(String password) 191 {
193 { 192 _sslContextFactory.setKeyStorePassword(password);
194 _sslContextFactory.setKeyStorePassword(password); 193 }
195 } 194
196 195 /* ------------------------------------------------------------ */
197 /* ------------------------------------------------------------ */ 196 /**
198 /** 197 * @see org.eclipse.jetty.server.ssl.SslConnector#setTrustPassword(java.lang.String)
199 * @see org.eclipse.jetty.server.ssl.SslConnector#setTrustPassword(java.lang.String) 198 * @deprecated
200 * @deprecated 199 */
201 */ 200 @Deprecated
202 @Deprecated 201 public void setTrustPassword(String password)
203 public void setTrustPassword(String password) 202 {
204 { 203 _sslContextFactory.setTrustStorePassword(password);
205 _sslContextFactory.setTrustStorePassword(password); 204 }
206 } 205
207 206 /* ------------------------------------------------------------ */
208 /* ------------------------------------------------------------ */ 207 /**
209 /** 208 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeyPassword(java.lang.String)
210 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeyPassword(java.lang.String) 209 * @deprecated
211 * @deprecated 210 */
212 */ 211 @Deprecated
213 @Deprecated 212 public void setKeyPassword(String password)
214 public void setKeyPassword(String password) 213 {
215 { 214 _sslContextFactory.setKeyManagerPassword(password);
216 _sslContextFactory.setKeyManagerPassword(password); 215 }
217 } 216
218 217 /* ------------------------------------------------------------ */
219 /* ------------------------------------------------------------ */ 218 /**
220 /** 219 * Unsupported.
221 * Unsupported. 220 *
222 * 221 * TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)
223 * TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past) 222 * @deprecated
224 * @deprecated 223 */
225 */ 224 @Deprecated
226 @Deprecated 225 public String getAlgorithm()
227 public String getAlgorithm() 226 {
228 { 227 throw new UnsupportedOperationException();
229 throw new UnsupportedOperationException(); 228 }
230 } 229
231 230 /* ------------------------------------------------------------ */
232 /* ------------------------------------------------------------ */ 231 /**
233 /** 232 * Unsupported.
234 * Unsupported. 233 *
235 * 234 * TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)
236 * TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past) 235 * @deprecated
237 * @deprecated 236 */
238 */ 237 @Deprecated
239 @Deprecated 238 public void setAlgorithm(String algorithm)
240 public void setAlgorithm(String algorithm) 239 {
241 { 240 throw new UnsupportedOperationException();
242 throw new UnsupportedOperationException(); 241 }
243 } 242
244 243 /* ------------------------------------------------------------ */
245 /* ------------------------------------------------------------ */ 244 /**
246 /** 245 * @see org.eclipse.jetty.server.ssl.SslConnector#getProtocol()
247 * @see org.eclipse.jetty.server.ssl.SslConnector#getProtocol() 246 * @deprecated
248 * @deprecated 247 */
249 */ 248 @Deprecated
250 @Deprecated 249 public String getProtocol()
251 public String getProtocol() 250 {
252 { 251 return _sslContextFactory.getProtocol();
253 return _sslContextFactory.getProtocol(); 252 }
254 } 253
255 254 /* ------------------------------------------------------------ */
256 /* ------------------------------------------------------------ */ 255 /**
257 /** 256 * @see org.eclipse.jetty.server.ssl.SslConnector#setProtocol(java.lang.String)
258 * @see org.eclipse.jetty.server.ssl.SslConnector#setProtocol(java.lang.String) 257 * @deprecated
259 * @deprecated 258 */
260 */ 259 @Deprecated
261 @Deprecated 260 public void setProtocol(String protocol)
262 public void setProtocol(String protocol) 261 {
263 { 262 _sslContextFactory.setProtocol(protocol);
264 _sslContextFactory.setProtocol(protocol); 263 }
265 } 264
266 265 /* ------------------------------------------------------------ */
267 /* ------------------------------------------------------------ */ 266 /**
268 /** 267 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeystore(java.lang.String)
269 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeystore(java.lang.String) 268 * @deprecated
270 * @deprecated 269 */
271 */ 270 @Deprecated
272 @Deprecated 271 public void setKeystore(String keystore)
273 public void setKeystore(String keystore) 272 {
274 { 273 _sslContextFactory.setKeyStorePath(keystore);
275 _sslContextFactory.setKeyStorePath(keystore); 274 }
276 } 275
277 276 /* ------------------------------------------------------------ */
278 /* ------------------------------------------------------------ */ 277 /**
279 /** 278 * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystore()
280 * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystore() 279 * @deprecated
281 * @deprecated 280 */
282 */ 281 @Deprecated
283 @Deprecated 282 public String getKeystore()
284 public String getKeystore() 283 {
285 { 284 return _sslContextFactory.getKeyStorePath();
286 return _sslContextFactory.getKeyStorePath(); 285 }
287 } 286
288 287 /* ------------------------------------------------------------ */
289 /* ------------------------------------------------------------ */ 288 /**
290 /** 289 * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystoreType()
291 * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystoreType() 290 * @deprecated
292 * @deprecated 291 */
293 */ 292 @Deprecated
294 @Deprecated 293 public String getKeystoreType()
295 public String getKeystoreType() 294 {
296 { 295 return _sslContextFactory.getKeyStoreType();
297 return _sslContextFactory.getKeyStoreType(); 296 }
298 } 297
299 298 /* ------------------------------------------------------------ */
300 /* ------------------------------------------------------------ */ 299 /**
301 /** 300 * @see org.eclipse.jetty.server.ssl.SslConnector#getNeedClientAuth()
302 * @see org.eclipse.jetty.server.ssl.SslConnector#getNeedClientAuth() 301 * @deprecated
303 * @deprecated 302 */
304 */ 303 @Deprecated
305 @Deprecated 304 public boolean getNeedClientAuth()
306 public boolean getNeedClientAuth() 305 {
307 { 306 return _sslContextFactory.getNeedClientAuth();
308 return _sslContextFactory.getNeedClientAuth(); 307 }
309 } 308
310 309 /* ------------------------------------------------------------ */
311 /* ------------------------------------------------------------ */ 310 /**
312 /** 311 * @see org.eclipse.jetty.server.ssl.SslConnector#getWantClientAuth()
313 * @see org.eclipse.jetty.server.ssl.SslConnector#getWantClientAuth() 312 * @deprecated
314 * @deprecated 313 */
315 */ 314 @Deprecated
316 @Deprecated 315 public boolean getWantClientAuth()
317 public boolean getWantClientAuth() 316 {
318 { 317 return _sslContextFactory.getWantClientAuth();
319 return _sslContextFactory.getWantClientAuth(); 318 }
320 } 319
321 320 /* ------------------------------------------------------------ */
322 /* ------------------------------------------------------------ */ 321 /**
323 /** 322 * @see org.eclipse.jetty.server.ssl.SslConnector#setNeedClientAuth(boolean)
324 * @see org.eclipse.jetty.server.ssl.SslConnector#setNeedClientAuth(boolean) 323 * @deprecated
325 * @deprecated 324 */
326 */ 325 @Deprecated
327 @Deprecated 326 public void setNeedClientAuth(boolean needClientAuth)
328 public void setNeedClientAuth(boolean needClientAuth) 327 {
329 { 328 _sslContextFactory.setNeedClientAuth(needClientAuth);
330 _sslContextFactory.setNeedClientAuth(needClientAuth); 329 }
331 } 330
332 331 /* ------------------------------------------------------------ */
333 /* ------------------------------------------------------------ */ 332 /**
334 /** 333 * @see org.eclipse.jetty.server.ssl.SslConnector#setWantClientAuth(boolean)
335 * @see org.eclipse.jetty.server.ssl.SslConnector#setWantClientAuth(boolean) 334 * @deprecated
336 * @deprecated 335 */
337 */ 336 @Deprecated
338 @Deprecated 337 public void setWantClientAuth(boolean wantClientAuth)
339 public void setWantClientAuth(boolean wantClientAuth) 338 {
340 { 339 _sslContextFactory.setWantClientAuth(wantClientAuth);
341 _sslContextFactory.setWantClientAuth(wantClientAuth); 340 }
342 } 341
343 342 /* ------------------------------------------------------------ */
344 /* ------------------------------------------------------------ */ 343 /**
345 /** 344 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeystoreType(java.lang.String)
346 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeystoreType(java.lang.String) 345 * @deprecated
347 * @deprecated 346 */
348 */ 347 @Deprecated
349 @Deprecated 348 public void setKeystoreType(String keystoreType)
350 public void setKeystoreType(String keystoreType) 349 {
351 { 350 _sslContextFactory.setKeyStoreType(keystoreType);
352 _sslContextFactory.setKeyStoreType(keystoreType); 351 }
353 } 352
354 353 /* ------------------------------------------------------------ */
355 /* ------------------------------------------------------------ */ 354 /**
356 /** 355 * @see org.eclipse.jetty.server.ssl.SslConnector#getProvider()
357 * @see org.eclipse.jetty.server.ssl.SslConnector#getProvider() 356 * @deprecated
358 * @deprecated 357 */
359 */ 358 @Deprecated
360 @Deprecated 359 public String getProvider()
361 public String getProvider() 360 {
362 { 361 return _sslContextFactory.getProvider();
363 return _sslContextFactory.getProvider(); 362 }
364 } 363
365 364 /* ------------------------------------------------------------ */
366 /* ------------------------------------------------------------ */ 365 /**
367 /** 366 * @see org.eclipse.jetty.server.ssl.SslConnector#getSecureRandomAlgorithm()
368 * @see org.eclipse.jetty.server.ssl.SslConnector#getSecureRandomAlgorithm() 367 * @deprecated
369 * @deprecated 368 */
370 */ 369 @Deprecated
371 @Deprecated 370 public String getSecureRandomAlgorithm()
372 public String getSecureRandomAlgorithm() 371 {
373 { 372 return _sslContextFactory.getSecureRandomAlgorithm();
374 return _sslContextFactory.getSecureRandomAlgorithm(); 373 }
375 } 374
376 375 /* ------------------------------------------------------------ */
377 /* ------------------------------------------------------------ */ 376 /**
378 /** 377 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslKeyManagerFactoryAlgorithm()
379 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslKeyManagerFactoryAlgorithm() 378 * @deprecated
380 * @deprecated 379 */
381 */ 380 @Deprecated
382 @Deprecated 381 public String getSslKeyManagerFactoryAlgorithm()
383 public String getSslKeyManagerFactoryAlgorithm() 382 {
384 { 383 return _sslContextFactory.getSslKeyManagerFactoryAlgorithm();
385 return _sslContextFactory.getSslKeyManagerFactoryAlgorithm(); 384 }
386 } 385
387 386 /* ------------------------------------------------------------ */
388 /* ------------------------------------------------------------ */ 387 /**
389 /** 388 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslTrustManagerFactoryAlgorithm()
390 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslTrustManagerFactoryAlgorithm() 389 * @deprecated
391 * @deprecated 390 */
392 */ 391 @Deprecated
393 @Deprecated 392 public String getSslTrustManagerFactoryAlgorithm()
394 public String getSslTrustManagerFactoryAlgorithm() 393 {
395 { 394 return _sslContextFactory.getTrustManagerFactoryAlgorithm();
396 return _sslContextFactory.getTrustManagerFactoryAlgorithm(); 395 }
397 } 396
398 397 /* ------------------------------------------------------------ */
399 /* ------------------------------------------------------------ */ 398 /**
400 /** 399 * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststore()
401 * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststore() 400 * @deprecated
402 * @deprecated 401 */
403 */ 402 @Deprecated
404 @Deprecated 403 public String getTruststore()
405 public String getTruststore() 404 {
406 { 405 return _sslContextFactory.getTrustStore();
407 return _sslContextFactory.getTrustStore(); 406 }
408 } 407
409 408 /* ------------------------------------------------------------ */
410 /* ------------------------------------------------------------ */ 409 /**
411 /** 410 * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststoreType()
412 * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststoreType() 411 * @deprecated
413 * @deprecated 412 */
414 */ 413 @Deprecated
415 @Deprecated 414 public String getTruststoreType()
416 public String getTruststoreType() 415 {
417 { 416 return _sslContextFactory.getTrustStoreType();
418 return _sslContextFactory.getTrustStoreType(); 417 }
419 } 418
420 419 /* ------------------------------------------------------------ */
421 /* ------------------------------------------------------------ */ 420 /**
422 /** 421 * @see org.eclipse.jetty.server.ssl.SslConnector#setProvider(java.lang.String)
423 * @see org.eclipse.jetty.server.ssl.SslConnector#setProvider(java.lang.String) 422 * @deprecated
424 * @deprecated 423 */
425 */ 424 @Deprecated
426 @Deprecated 425 public void setProvider(String provider)
427 public void setProvider(String provider) 426 {
428 { 427 _sslContextFactory.setProvider(provider);
429 _sslContextFactory.setProvider(provider); 428 }
430 } 429
431 430 /* ------------------------------------------------------------ */
432 /* ------------------------------------------------------------ */ 431 /**
433 /** 432 * @see org.eclipse.jetty.server.ssl.SslConnector#setSecureRandomAlgorithm(java.lang.String)
434 * @see org.eclipse.jetty.server.ssl.SslConnector#setSecureRandomAlgorithm(java.lang.String) 433 * @deprecated
435 * @deprecated 434 */
436 */ 435 @Deprecated
437 @Deprecated 436 public void setSecureRandomAlgorithm(String algorithm)
438 public void setSecureRandomAlgorithm(String algorithm) 437 {
439 { 438 _sslContextFactory.setSecureRandomAlgorithm(algorithm);
440 _sslContextFactory.setSecureRandomAlgorithm(algorithm); 439 }
441 } 440
442 441 /* ------------------------------------------------------------ */
443 /* ------------------------------------------------------------ */ 442 /**
444 /** 443 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslKeyManagerFactoryAlgorithm(java.lang.String)
445 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslKeyManagerFactoryAlgorithm(java.lang.String) 444 * @deprecated
446 * @deprecated 445 */
447 */ 446 @Deprecated
448 @Deprecated 447 public void setSslKeyManagerFactoryAlgorithm(String algorithm)
449 public void setSslKeyManagerFactoryAlgorithm(String algorithm) 448 {
450 { 449 _sslContextFactory.setSslKeyManagerFactoryAlgorithm(algorithm);
451 _sslContextFactory.setSslKeyManagerFactoryAlgorithm(algorithm); 450 }
452 } 451
453 452 /* ------------------------------------------------------------ */
454 /* ------------------------------------------------------------ */ 453 /**
455 /** 454 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslTrustManagerFactoryAlgorithm(java.lang.String)
456 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslTrustManagerFactoryAlgorithm(java.lang.String) 455 * @deprecated
457 * @deprecated 456 */
458 */ 457 @Deprecated
459 @Deprecated 458 public void setSslTrustManagerFactoryAlgorithm(String algorithm)
460 public void setSslTrustManagerFactoryAlgorithm(String algorithm) 459 {
461 { 460 _sslContextFactory.setTrustManagerFactoryAlgorithm(algorithm);
462 _sslContextFactory.setTrustManagerFactoryAlgorithm(algorithm); 461 }
463 } 462
464 463 /* ------------------------------------------------------------ */
465 /* ------------------------------------------------------------ */ 464 /**
466 /** 465 * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststore(java.lang.String)
467 * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststore(java.lang.String) 466 * @deprecated
468 * @deprecated 467 */
469 */ 468 @Deprecated
470 @Deprecated 469 public void setTruststore(String truststore)
471 public void setTruststore(String truststore) 470 {
472 { 471 _sslContextFactory.setTrustStore(truststore);
473 _sslContextFactory.setTrustStore(truststore); 472 }
474 } 473
475 474 /* ------------------------------------------------------------ */
476 /* ------------------------------------------------------------ */ 475 /**
477 /** 476 * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststoreType(java.lang.String)
478 * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststoreType(java.lang.String) 477 * @deprecated
479 * @deprecated 478 */
480 */ 479 @Deprecated
481 @Deprecated 480 public void setTruststoreType(String truststoreType)
482 public void setTruststoreType(String truststoreType) 481 {
483 { 482 _sslContextFactory.setTrustStoreType(truststoreType);
484 _sslContextFactory.setTrustStoreType(truststoreType); 483 }
485 } 484
486 485 /* ------------------------------------------------------------ */
487 /* ------------------------------------------------------------ */ 486 /**
488 /** 487 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext)
489 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext) 488 * @deprecated
490 * @deprecated 489 */
491 */ 490 @Deprecated
492 @Deprecated 491 public void setSslContext(SSLContext sslContext)
493 public void setSslContext(SSLContext sslContext) 492 {
494 { 493 _sslContextFactory.setSslContext(sslContext);
495 _sslContextFactory.setSslContext(sslContext); 494 }
496 } 495
497 496 /* ------------------------------------------------------------ */
498 /* ------------------------------------------------------------ */ 497 /**
499 /** 498 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext)
500 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext) 499 * @deprecated
501 * @deprecated 500 */
502 */ 501 @Deprecated
503 @Deprecated 502 public SSLContext getSslContext()
504 public SSLContext getSslContext() 503 {
505 { 504 return _sslContextFactory.getSslContext();
506 return _sslContextFactory.getSslContext(); 505 }
507 } 506
508 507 /* ------------------------------------------------------------ */
509 /* ------------------------------------------------------------ */ 508 /**
510 /** 509 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslContextFactory()
511 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslContextFactory() 510 */
512 */ 511 public SslContextFactory getSslContextFactory()
513 public SslContextFactory getSslContextFactory() 512 {
514 { 513 return _sslContextFactory;
515 return _sslContextFactory; 514 }
516 } 515
517 516 /* ------------------------------------------------------------ */
518 /* ------------------------------------------------------------ */ 517 /**
519 /** 518 * By default, we're confidential, given we speak SSL. But, if we've been
520 * By default, we're confidential, given we speak SSL. But, if we've been 519 * told about an confidential port, and said port is not our port, then
521 * told about an confidential port, and said port is not our port, then 520 * we're not. This allows separation of listeners providing INTEGRAL versus
522 * we're not. This allows separation of listeners providing INTEGRAL versus 521 * CONFIDENTIAL constraints, such as one SSL listener configured to require
523 * CONFIDENTIAL constraints, such as one SSL listener configured to require 522 * client certs providing CONFIDENTIAL, whereas another SSL listener not
524 * client certs providing CONFIDENTIAL, whereas another SSL listener not 523 * requiring client certs providing mere INTEGRAL constraints.
525 * requiring client certs providing mere INTEGRAL constraints. 524 */
526 */ 525 @Override
527 @Override 526 public boolean isConfidential(Request request)
528 public boolean isConfidential(Request request) 527 {
529 { 528 final int confidentialPort=getConfidentialPort();
530 final int confidentialPort=getConfidentialPort(); 529 return confidentialPort==0||confidentialPort==request.getServerPort();
531 return confidentialPort==0||confidentialPort==request.getServerPort(); 530 }
532 } 531
533 532 /* ------------------------------------------------------------ */
534 /* ------------------------------------------------------------ */ 533 /**
535 /** 534 * By default, we're integral, given we speak SSL. But, if we've been told
536 * By default, we're integral, given we speak SSL. But, if we've been told 535 * about an integral port, and said port is not our port, then we're not.
537 * about an integral port, and said port is not our port, then we're not. 536 * This allows separation of listeners providing INTEGRAL versus
538 * This allows separation of listeners providing INTEGRAL versus 537 * CONFIDENTIAL constraints, such as one SSL listener configured to require
539 * CONFIDENTIAL constraints, such as one SSL listener configured to require 538 * client certs providing CONFIDENTIAL, whereas another SSL listener not
540 * client certs providing CONFIDENTIAL, whereas another SSL listener not 539 * requiring client certs providing mere INTEGRAL constraints.
541 * requiring client certs providing mere INTEGRAL constraints. 540 */
542 */ 541 @Override
543 @Override 542 public boolean isIntegral(Request request)
544 public boolean isIntegral(Request request) 543 {
545 { 544 final int integralPort=getIntegralPort();
546 final int integralPort=getIntegralPort(); 545 return integralPort==0||integralPort==request.getServerPort();
547 return integralPort==0||integralPort==request.getServerPort(); 546 }
548 } 547
549 548 /* ------------------------------------------------------------------------------- */
550 /* ------------------------------------------------------------------------------- */ 549 @Override
551 @Override 550 protected AsyncConnection newConnection(SocketChannel channel, AsyncEndPoint endpoint)
552 protected AsyncConnection newConnection(SocketChannel channel, AsyncEndPoint endpoint) 551 {
553 { 552 try
554 try 553 {
555 { 554 SSLEngine engine = createSSLEngine(channel);
556 SSLEngine engine = createSSLEngine(channel); 555 SslConnection connection = newSslConnection(endpoint, engine);
557 SslConnection connection = newSslConnection(endpoint, engine); 556 AsyncConnection delegate = newPlainConnection(channel, connection.getSslEndPoint());
558 AsyncConnection delegate = newPlainConnection(channel, connection.getSslEndPoint()); 557 connection.getSslEndPoint().setConnection(delegate);
559 connection.getSslEndPoint().setConnection(delegate); 558 connection.setAllowRenegotiate(_sslContextFactory.isAllowRenegotiate());
560 connection.setAllowRenegotiate(_sslContextFactory.isAllowRenegotiate()); 559 return connection;
561 return connection; 560 }
562 } 561 catch (IOException e)
563 catch (IOException e) 562 {
564 { 563 throw new RuntimeIOException(e);
565 throw new RuntimeIOException(e); 564 }
566 } 565 }
567 } 566
568 567 protected AsyncConnection newPlainConnection(SocketChannel channel, AsyncEndPoint endPoint)
569 protected AsyncConnection newPlainConnection(SocketChannel channel, AsyncEndPoint endPoint) 568 {
570 { 569 return super.newConnection(channel, endPoint);
571 return super.newConnection(channel, endPoint); 570 }
572 } 571
573 572 protected SslConnection newSslConnection(AsyncEndPoint endpoint, SSLEngine engine)
574 protected SslConnection newSslConnection(AsyncEndPoint endpoint, SSLEngine engine) 573 {
575 { 574 return new SslConnection(engine, endpoint);
576 return new SslConnection(engine, endpoint); 575 }
577 } 576
578 577 /* ------------------------------------------------------------ */
579 /* ------------------------------------------------------------ */ 578 /**
580 /** 579 * @param channel A channel which if passed is used as to extract remote
581 * @param channel A channel which if passed is used as to extract remote 580 * host and port for the purposes of SSL session caching
582 * host and port for the purposes of SSL session caching 581 * @return A SSLEngine for a new or cached SSL Session
583 * @return A SSLEngine for a new or cached SSL Session 582 * @throws IOException if the SSLEngine cannot be created
584 * @throws IOException if the SSLEngine cannot be created 583 */
585 */ 584 protected SSLEngine createSSLEngine(SocketChannel channel) throws IOException
586 protected SSLEngine createSSLEngine(SocketChannel channel) throws IOException 585 {
587 { 586 SSLEngine engine;
588 SSLEngine engine; 587 if (channel != null)
589 if (channel != null) 588 {
590 { 589 String peerHost = channel.socket().getInetAddress().getHostAddress();
591 String peerHost = channel.socket().getInetAddress().getHostAddress(); 590 int peerPort = channel.socket().getPort();
592 int peerPort = channel.socket().getPort(); 591 engine = _sslContextFactory.newSslEngine(peerHost, peerPort);
593 engine = _sslContextFactory.newSslEngine(peerHost, peerPort); 592 }
594 } 593 else
595 else 594 {
596 { 595 engine = _sslContextFactory.newSslEngine();
597 engine = _sslContextFactory.newSslEngine(); 596 }
598 } 597
599 598 engine.setUseClientMode(false);
600 engine.setUseClientMode(false); 599 return engine;
601 return engine; 600 }
602 } 601
603 602 /* ------------------------------------------------------------ */
604 /* ------------------------------------------------------------ */ 603 /**
605 /** 604 * @see org.eclipse.jetty.server.nio.SelectChannelConnector#doStart()
606 * @see org.eclipse.jetty.server.nio.SelectChannelConnector#doStart() 605 */
607 */ 606 @Override
608 @Override 607 protected void doStart() throws Exception
609 protected void doStart() throws Exception 608 {
610 { 609 _sslContextFactory.checkKeyStore();
611 _sslContextFactory.checkKeyStore(); 610 _sslContextFactory.start();
612 _sslContextFactory.start(); 611
613 612 SSLEngine sslEngine = _sslContextFactory.newSslEngine();
614 SSLEngine sslEngine = _sslContextFactory.newSslEngine(); 613
615 614 sslEngine.setUseClientMode(false);
616 sslEngine.setUseClientMode(false); 615
617 616 SSLSession sslSession = sslEngine.getSession();
618 SSLSession sslSession = sslEngine.getSession(); 617
619 618 _sslBuffers = BuffersFactory.newBuffers(
620 _sslBuffers = BuffersFactory.newBuffers( 619 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,sslSession.getApplicationBufferSize(),
621 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,sslSession.getApplicationBufferSize(), 620 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,sslSession.getApplicationBufferSize(),
622 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,sslSession.getApplicationBufferSize(), 621 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,getMaxBuffers()
623 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,getMaxBuffers() 622 );
624 ); 623
625 624 if (getRequestHeaderSize()<sslSession.getApplicationBufferSize())
626 if (getRequestHeaderSize()<sslSession.getApplicationBufferSize()) 625 setRequestHeaderSize(sslSession.getApplicationBufferSize());
627 setRequestHeaderSize(sslSession.getApplicationBufferSize()); 626 if (getRequestBufferSize()<sslSession.getApplicationBufferSize())
628 if (getRequestBufferSize()<sslSession.getApplicationBufferSize()) 627 setRequestBufferSize(sslSession.getApplicationBufferSize());
629 setRequestBufferSize(sslSession.getApplicationBufferSize()); 628
630 629 super.doStart();
631 super.doStart(); 630 }
632 } 631
633 632 /* ------------------------------------------------------------ */
634 /* ------------------------------------------------------------ */ 633 /**
635 /** 634 * @see org.eclipse.jetty.server.nio.SelectChannelConnector#doStop()
636 * @see org.eclipse.jetty.server.nio.SelectChannelConnector#doStop() 635 */
637 */ 636 @Override
638 @Override 637 protected void doStop() throws Exception
639 protected void doStop() throws Exception 638 {
640 { 639 _sslBuffers=null;
641 _sslBuffers=null; 640 super.doStop();
642 super.doStop(); 641 }
643 } 642
644 643 /* ------------------------------------------------------------ */
645 /* ------------------------------------------------------------ */ 644 /**
646 /** 645 * @return SSL buffers
647 * @return SSL buffers 646 */
648 */ 647 public Buffers getSslBuffers()
649 public Buffers getSslBuffers() 648 {
650 { 649 return _sslBuffers;
651 return _sslBuffers; 650 }
652 }
653 } 651 }