Mercurial Hosting > luan
comparison src/org/eclipse/jetty/server/ssl/SslSelectChannelConnector.java @ 1002:35d04ac3fd0b
simplify ssl
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Sat, 22 Oct 2016 21:56:44 -0600 |
parents | 39154cfa58e4 |
children | 21910079096e |
comparison
equal
deleted
inserted
replaced
1001:39154cfa58e4 | 1002:35d04ac3fd0b |
---|---|
47 /** | 47 /** |
48 * SslSelectChannelConnector. | 48 * SslSelectChannelConnector. |
49 * | 49 * |
50 * @org.apache.xbean.XBean element="sslConnector" description="Creates an NIO ssl connector" | 50 * @org.apache.xbean.XBean element="sslConnector" description="Creates an NIO ssl connector" |
51 */ | 51 */ |
52 public class SslSelectChannelConnector extends SelectChannelConnector | 52 public final class SslSelectChannelConnector extends SelectChannelConnector |
53 { | 53 { |
54 private final SslContextFactory _sslContextFactory; | 54 private final SslContextFactory _sslContextFactory; |
55 private Buffers _sslBuffers; | 55 private Buffers _sslBuffers; |
56 | 56 |
57 /* ------------------------------------------------------------ */ | 57 /* ------------------------------------------------------------ */ |
114 SslCertificates.customize(sslSession,con._endp,con._request); | 114 SslCertificates.customize(sslSession,con._endp,con._request); |
115 } | 115 } |
116 | 116 |
117 /* ------------------------------------------------------------ */ | 117 /* ------------------------------------------------------------ */ |
118 /** | 118 /** |
119 * @return True if SSL re-negotiation is allowed (default false) | |
120 * @deprecated | |
121 */ | |
122 @Deprecated | |
123 public boolean isAllowRenegotiate() | |
124 { | |
125 return _sslContextFactory.isAllowRenegotiate(); | |
126 } | |
127 | |
128 /* ------------------------------------------------------------ */ | |
129 /** | |
130 * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered | |
131 * a vulnerability in SSL/TLS with re-negotiation. If your JVM | |
132 * does not have CVE-2009-3555 fixed, then re-negotiation should | |
133 * not be allowed. CVE-2009-3555 was fixed in Sun java 1.6 with a ban | |
134 * of renegotiate in u19 and with RFC5746 in u22. | |
135 * @param allowRenegotiate true if re-negotiation is allowed (default false) | |
136 * @deprecated | |
137 */ | |
138 @Deprecated | |
139 public void setAllowRenegotiate(boolean allowRenegotiate) | |
140 { | |
141 _sslContextFactory.setAllowRenegotiate(allowRenegotiate); | |
142 } | |
143 | |
144 /* ------------------------------------------------------------ */ | |
145 /** | |
146 * @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites() | |
147 * @deprecated | |
148 */ | |
149 @Deprecated | |
150 public String[] getExcludeCipherSuites() | |
151 { | |
152 return _sslContextFactory.getExcludeCipherSuites(); | |
153 } | |
154 | |
155 /* ------------------------------------------------------------ */ | |
156 /** | |
157 * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[]) | |
158 * @deprecated | |
159 */ | |
160 @Deprecated | |
161 public void setExcludeCipherSuites(String[] cipherSuites) | |
162 { | |
163 _sslContextFactory.setExcludeCipherSuites(cipherSuites); | |
164 } | |
165 | |
166 /* ------------------------------------------------------------ */ | |
167 /** | |
168 * @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites() | |
169 * @deprecated | |
170 */ | |
171 @Deprecated | |
172 public String[] getIncludeCipherSuites() | |
173 { | |
174 return _sslContextFactory.getIncludeCipherSuites(); | |
175 } | |
176 | |
177 /* ------------------------------------------------------------ */ | |
178 /** | |
179 * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[]) | |
180 * @deprecated | |
181 */ | |
182 @Deprecated | |
183 public void setIncludeCipherSuites(String[] cipherSuites) | |
184 { | |
185 _sslContextFactory.setIncludeCipherSuites(cipherSuites); | |
186 } | |
187 | |
188 /* ------------------------------------------------------------ */ | |
189 /** | |
190 * @see org.eclipse.jetty.server.ssl.SslConnector#setPassword(java.lang.String) | |
191 * @deprecated | |
192 */ | |
193 @Deprecated | |
194 public void setPassword(String password) | |
195 { | |
196 _sslContextFactory.setKeyStorePassword(password); | |
197 } | |
198 | |
199 /* ------------------------------------------------------------ */ | |
200 /** | |
201 * @see org.eclipse.jetty.server.ssl.SslConnector#setTrustPassword(java.lang.String) | |
202 * @deprecated | |
203 */ | |
204 @Deprecated | |
205 public void setTrustPassword(String password) | |
206 { | |
207 _sslContextFactory.setTrustStorePassword(password); | |
208 } | |
209 | |
210 /* ------------------------------------------------------------ */ | |
211 /** | |
212 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeyPassword(java.lang.String) | |
213 * @deprecated | |
214 */ | |
215 @Deprecated | |
216 public void setKeyPassword(String password) | |
217 { | |
218 _sslContextFactory.setKeyManagerPassword(password); | |
219 } | |
220 | |
221 /* ------------------------------------------------------------ */ | |
222 /** | |
223 * Unsupported. | |
224 * | |
225 * TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past) | |
226 * @deprecated | |
227 */ | |
228 @Deprecated | |
229 public String getAlgorithm() | |
230 { | |
231 throw new UnsupportedOperationException(); | |
232 } | |
233 | |
234 /* ------------------------------------------------------------ */ | |
235 /** | |
236 * Unsupported. | |
237 * | |
238 * TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past) | |
239 * @deprecated | |
240 */ | |
241 @Deprecated | |
242 public void setAlgorithm(String algorithm) | |
243 { | |
244 throw new UnsupportedOperationException(); | |
245 } | |
246 | |
247 /* ------------------------------------------------------------ */ | |
248 /** | |
249 * @see org.eclipse.jetty.server.ssl.SslConnector#getProtocol() | |
250 * @deprecated | |
251 */ | |
252 @Deprecated | |
253 public String getProtocol() | |
254 { | |
255 return _sslContextFactory.getProtocol(); | |
256 } | |
257 | |
258 /* ------------------------------------------------------------ */ | |
259 /** | |
260 * @see org.eclipse.jetty.server.ssl.SslConnector#setProtocol(java.lang.String) | |
261 * @deprecated | |
262 */ | |
263 @Deprecated | |
264 public void setProtocol(String protocol) | |
265 { | |
266 _sslContextFactory.setProtocol(protocol); | |
267 } | |
268 | |
269 /* ------------------------------------------------------------ */ | |
270 /** | |
271 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeystore(java.lang.String) | |
272 * @deprecated | |
273 */ | |
274 @Deprecated | |
275 public void setKeystore(String keystore) | |
276 { | |
277 _sslContextFactory.setKeyStorePath(keystore); | |
278 } | |
279 | |
280 /* ------------------------------------------------------------ */ | |
281 /** | |
282 * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystore() | |
283 * @deprecated | |
284 */ | |
285 @Deprecated | |
286 public String getKeystore() | |
287 { | |
288 return _sslContextFactory.getKeyStorePath(); | |
289 } | |
290 | |
291 /* ------------------------------------------------------------ */ | |
292 /** | |
293 * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystoreType() | |
294 * @deprecated | |
295 */ | |
296 @Deprecated | |
297 public String getKeystoreType() | |
298 { | |
299 return _sslContextFactory.getKeyStoreType(); | |
300 } | |
301 | |
302 /* ------------------------------------------------------------ */ | |
303 /** | |
304 * @see org.eclipse.jetty.server.ssl.SslConnector#getNeedClientAuth() | |
305 * @deprecated | |
306 */ | |
307 @Deprecated | |
308 public boolean getNeedClientAuth() | |
309 { | |
310 return _sslContextFactory.getNeedClientAuth(); | |
311 } | |
312 | |
313 /* ------------------------------------------------------------ */ | |
314 /** | |
315 * @see org.eclipse.jetty.server.ssl.SslConnector#getWantClientAuth() | |
316 * @deprecated | |
317 */ | |
318 @Deprecated | |
319 public boolean getWantClientAuth() | |
320 { | |
321 return _sslContextFactory.getWantClientAuth(); | |
322 } | |
323 | |
324 /* ------------------------------------------------------------ */ | |
325 /** | |
326 * @see org.eclipse.jetty.server.ssl.SslConnector#setNeedClientAuth(boolean) | |
327 * @deprecated | |
328 */ | |
329 @Deprecated | |
330 public void setNeedClientAuth(boolean needClientAuth) | |
331 { | |
332 _sslContextFactory.setNeedClientAuth(needClientAuth); | |
333 } | |
334 | |
335 /* ------------------------------------------------------------ */ | |
336 /** | |
337 * @see org.eclipse.jetty.server.ssl.SslConnector#setWantClientAuth(boolean) | |
338 * @deprecated | |
339 */ | |
340 @Deprecated | |
341 public void setWantClientAuth(boolean wantClientAuth) | |
342 { | |
343 _sslContextFactory.setWantClientAuth(wantClientAuth); | |
344 } | |
345 | |
346 /* ------------------------------------------------------------ */ | |
347 /** | |
348 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeystoreType(java.lang.String) | |
349 * @deprecated | |
350 */ | |
351 @Deprecated | |
352 public void setKeystoreType(String keystoreType) | |
353 { | |
354 _sslContextFactory.setKeyStoreType(keystoreType); | |
355 } | |
356 | |
357 /* ------------------------------------------------------------ */ | |
358 /** | |
359 * @see org.eclipse.jetty.server.ssl.SslConnector#getProvider() | |
360 * @deprecated | |
361 */ | |
362 @Deprecated | |
363 public String getProvider() | |
364 { | |
365 return _sslContextFactory.getProvider(); | |
366 } | |
367 | |
368 /* ------------------------------------------------------------ */ | |
369 /** | |
370 * @see org.eclipse.jetty.server.ssl.SslConnector#getSecureRandomAlgorithm() | |
371 * @deprecated | |
372 */ | |
373 @Deprecated | |
374 public String getSecureRandomAlgorithm() | |
375 { | |
376 return _sslContextFactory.getSecureRandomAlgorithm(); | |
377 } | |
378 | |
379 /* ------------------------------------------------------------ */ | |
380 /** | |
381 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslKeyManagerFactoryAlgorithm() | |
382 * @deprecated | |
383 */ | |
384 @Deprecated | |
385 public String getSslKeyManagerFactoryAlgorithm() | |
386 { | |
387 return _sslContextFactory.getSslKeyManagerFactoryAlgorithm(); | |
388 } | |
389 | |
390 /* ------------------------------------------------------------ */ | |
391 /** | |
392 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslTrustManagerFactoryAlgorithm() | |
393 * @deprecated | |
394 */ | |
395 @Deprecated | |
396 public String getSslTrustManagerFactoryAlgorithm() | |
397 { | |
398 return _sslContextFactory.getTrustManagerFactoryAlgorithm(); | |
399 } | |
400 | |
401 /* ------------------------------------------------------------ */ | |
402 /** | |
403 * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststore() | |
404 * @deprecated | |
405 */ | |
406 @Deprecated | |
407 public String getTruststore() | |
408 { | |
409 return _sslContextFactory.getTrustStore(); | |
410 } | |
411 | |
412 /* ------------------------------------------------------------ */ | |
413 /** | |
414 * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststoreType() | |
415 * @deprecated | |
416 */ | |
417 @Deprecated | |
418 public String getTruststoreType() | |
419 { | |
420 return _sslContextFactory.getTrustStoreType(); | |
421 } | |
422 | |
423 /* ------------------------------------------------------------ */ | |
424 /** | |
425 * @see org.eclipse.jetty.server.ssl.SslConnector#setProvider(java.lang.String) | |
426 * @deprecated | |
427 */ | |
428 @Deprecated | |
429 public void setProvider(String provider) | |
430 { | |
431 _sslContextFactory.setProvider(provider); | |
432 } | |
433 | |
434 /* ------------------------------------------------------------ */ | |
435 /** | |
436 * @see org.eclipse.jetty.server.ssl.SslConnector#setSecureRandomAlgorithm(java.lang.String) | |
437 * @deprecated | |
438 */ | |
439 @Deprecated | |
440 public void setSecureRandomAlgorithm(String algorithm) | |
441 { | |
442 _sslContextFactory.setSecureRandomAlgorithm(algorithm); | |
443 } | |
444 | |
445 /* ------------------------------------------------------------ */ | |
446 /** | |
447 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslKeyManagerFactoryAlgorithm(java.lang.String) | |
448 * @deprecated | |
449 */ | |
450 @Deprecated | |
451 public void setSslKeyManagerFactoryAlgorithm(String algorithm) | |
452 { | |
453 _sslContextFactory.setSslKeyManagerFactoryAlgorithm(algorithm); | |
454 } | |
455 | |
456 /* ------------------------------------------------------------ */ | |
457 /** | |
458 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslTrustManagerFactoryAlgorithm(java.lang.String) | |
459 * @deprecated | |
460 */ | |
461 @Deprecated | |
462 public void setSslTrustManagerFactoryAlgorithm(String algorithm) | |
463 { | |
464 _sslContextFactory.setTrustManagerFactoryAlgorithm(algorithm); | |
465 } | |
466 | |
467 /* ------------------------------------------------------------ */ | |
468 /** | |
469 * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststore(java.lang.String) | |
470 * @deprecated | |
471 */ | |
472 @Deprecated | |
473 public void setTruststore(String truststore) | |
474 { | |
475 _sslContextFactory.setTrustStore(truststore); | |
476 } | |
477 | |
478 /* ------------------------------------------------------------ */ | |
479 /** | |
480 * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststoreType(java.lang.String) | |
481 * @deprecated | |
482 */ | |
483 @Deprecated | |
484 public void setTruststoreType(String truststoreType) | |
485 { | |
486 _sslContextFactory.setTrustStoreType(truststoreType); | |
487 } | |
488 | |
489 /* ------------------------------------------------------------ */ | |
490 /** | |
491 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext) | |
492 * @deprecated | |
493 */ | |
494 @Deprecated | |
495 public void setSslContext(SSLContext sslContext) | |
496 { | |
497 _sslContextFactory.setSslContext(sslContext); | |
498 } | |
499 | |
500 /* ------------------------------------------------------------ */ | |
501 /** | |
502 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext) | |
503 * @deprecated | |
504 */ | |
505 @Deprecated | |
506 public SSLContext getSslContext() | |
507 { | |
508 return _sslContextFactory.getSslContext(); | |
509 } | |
510 | |
511 /* ------------------------------------------------------------ */ | |
512 /** | |
513 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslContextFactory() | 119 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslContextFactory() |
514 */ | 120 */ |
515 public SslContextFactory getSslContextFactory() | 121 public SslContextFactory getSslContextFactory() |
516 { | 122 { |
517 return _sslContextFactory; | 123 return _sslContextFactory; |
555 * @param channel A channel which if passed is used as to extract remote | 161 * @param channel A channel which if passed is used as to extract remote |
556 * host and port for the purposes of SSL session caching | 162 * host and port for the purposes of SSL session caching |
557 * @return A SSLEngine for a new or cached SSL Session | 163 * @return A SSLEngine for a new or cached SSL Session |
558 * @throws IOException if the SSLEngine cannot be created | 164 * @throws IOException if the SSLEngine cannot be created |
559 */ | 165 */ |
560 protected SSLEngine createSSLEngine(SocketChannel channel) throws IOException | 166 private SSLEngine createSSLEngine(SocketChannel channel) throws IOException |
561 { | 167 { |
562 SSLEngine engine; | 168 String peerHost = channel.socket().getInetAddress().getHostAddress(); |
563 if (channel != null) | 169 int peerPort = channel.socket().getPort(); |
564 { | 170 SSLEngine engine = _sslContextFactory.newSslEngine(peerHost, peerPort); |
565 String peerHost = channel.socket().getInetAddress().getHostAddress(); | |
566 int peerPort = channel.socket().getPort(); | |
567 engine = _sslContextFactory.newSslEngine(peerHost, peerPort); | |
568 } | |
569 else | |
570 { | |
571 engine = _sslContextFactory.newSslEngine(); | |
572 } | |
573 | |
574 engine.setUseClientMode(false); | 171 engine.setUseClientMode(false); |
575 return engine; | 172 return engine; |
576 } | 173 } |
577 | 174 |
578 /* ------------------------------------------------------------ */ | 175 /* ------------------------------------------------------------ */ |
610 * @see org.eclipse.jetty.server.nio.SelectChannelConnector#doStop() | 207 * @see org.eclipse.jetty.server.nio.SelectChannelConnector#doStop() |
611 */ | 208 */ |
612 @Override | 209 @Override |
613 protected void doStop() throws Exception | 210 protected void doStop() throws Exception |
614 { | 211 { |
615 _sslBuffers=null; | 212 _sslBuffers = null; |
616 super.doStop(); | 213 super.doStop(); |
617 } | 214 } |
618 | 215 |
619 /* ------------------------------------------------------------ */ | |
620 /** | |
621 * @return SSL buffers | |
622 */ | |
623 public Buffers getSslBuffers() | |
624 { | |
625 return _sslBuffers; | |
626 } | |
627 } | 216 } |