Mercurial Hosting > luan

comparison src/org/eclipse/jetty/server/ssl/SslSelectChannelConnector.java @ 1002:35d04ac3fd0b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
simplify ssl
author Franklin Schmidt <fschmidt@gmail.com>
date Sat, 22 Oct 2016 21:56:44 -0600
parents 39154cfa58e4
children 21910079096e
comparison
equal deleted inserted replaced
1001:39154cfa58e4 1002:35d04ac3fd0b
47 /** 47 /**
48 * SslSelectChannelConnector. 48 * SslSelectChannelConnector.
49 * 49 *
50 * @org.apache.xbean.XBean element="sslConnector" description="Creates an NIO ssl connector" 50 * @org.apache.xbean.XBean element="sslConnector" description="Creates an NIO ssl connector"
51 */ 51 */
52 public class SslSelectChannelConnector extends SelectChannelConnector 52 public final class SslSelectChannelConnector extends SelectChannelConnector
53 { 53 {
54 private final SslContextFactory _sslContextFactory; 54 private final SslContextFactory _sslContextFactory;
55 private Buffers _sslBuffers; 55 private Buffers _sslBuffers;
56 56
57 /* ------------------------------------------------------------ */ 57 /* ------------------------------------------------------------ */
114 SslCertificates.customize(sslSession,con._endp,con._request); 114 SslCertificates.customize(sslSession,con._endp,con._request);
115 } 115 }
116 116
117 /* ------------------------------------------------------------ */ 117 /* ------------------------------------------------------------ */
118 /** 118 /**
119 * @return True if SSL re-negotiation is allowed (default false)
120 * @deprecated
121 */
122 @Deprecated
123 public boolean isAllowRenegotiate()
124 {
125 return _sslContextFactory.isAllowRenegotiate();
126 }
127
128 /* ------------------------------------------------------------ */
129 /**
130 * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered
131 * a vulnerability in SSL/TLS with re-negotiation. If your JVM
132 * does not have CVE-2009-3555 fixed, then re-negotiation should
133 * not be allowed. CVE-2009-3555 was fixed in Sun java 1.6 with a ban
134 * of renegotiate in u19 and with RFC5746 in u22.
135 * @param allowRenegotiate true if re-negotiation is allowed (default false)
136 * @deprecated
137 */
138 @Deprecated
139 public void setAllowRenegotiate(boolean allowRenegotiate)
140 {
141 _sslContextFactory.setAllowRenegotiate(allowRenegotiate);
142 }
143
144 /* ------------------------------------------------------------ */
145 /**
146 * @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites()
147 * @deprecated
148 */
149 @Deprecated
150 public String[] getExcludeCipherSuites()
151 {
152 return _sslContextFactory.getExcludeCipherSuites();
153 }
154
155 /* ------------------------------------------------------------ */
156 /**
157 * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[])
158 * @deprecated
159 */
160 @Deprecated
161 public void setExcludeCipherSuites(String[] cipherSuites)
162 {
163 _sslContextFactory.setExcludeCipherSuites(cipherSuites);
164 }
165
166 /* ------------------------------------------------------------ */
167 /**
168 * @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites()
169 * @deprecated
170 */
171 @Deprecated
172 public String[] getIncludeCipherSuites()
173 {
174 return _sslContextFactory.getIncludeCipherSuites();
175 }
176
177 /* ------------------------------------------------------------ */
178 /**
179 * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[])
180 * @deprecated
181 */
182 @Deprecated
183 public void setIncludeCipherSuites(String[] cipherSuites)
184 {
185 _sslContextFactory.setIncludeCipherSuites(cipherSuites);
186 }
187
188 /* ------------------------------------------------------------ */
189 /**
190 * @see org.eclipse.jetty.server.ssl.SslConnector#setPassword(java.lang.String)
191 * @deprecated
192 */
193 @Deprecated
194 public void setPassword(String password)
195 {
196 _sslContextFactory.setKeyStorePassword(password);
197 }
198
199 /* ------------------------------------------------------------ */
200 /**
201 * @see org.eclipse.jetty.server.ssl.SslConnector#setTrustPassword(java.lang.String)
202 * @deprecated
203 */
204 @Deprecated
205 public void setTrustPassword(String password)
206 {
207 _sslContextFactory.setTrustStorePassword(password);
208 }
209
210 /* ------------------------------------------------------------ */
211 /**
212 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeyPassword(java.lang.String)
213 * @deprecated
214 */
215 @Deprecated
216 public void setKeyPassword(String password)
217 {
218 _sslContextFactory.setKeyManagerPassword(password);
219 }
220
221 /* ------------------------------------------------------------ */
222 /**
223 * Unsupported.
224 *
225 * TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)
226 * @deprecated
227 */
228 @Deprecated
229 public String getAlgorithm()
230 {
231 throw new UnsupportedOperationException();
232 }
233
234 /* ------------------------------------------------------------ */
235 /**
236 * Unsupported.
237 *
238 * TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)
239 * @deprecated
240 */
241 @Deprecated
242 public void setAlgorithm(String algorithm)
243 {
244 throw new UnsupportedOperationException();
245 }
246
247 /* ------------------------------------------------------------ */
248 /**
249 * @see org.eclipse.jetty.server.ssl.SslConnector#getProtocol()
250 * @deprecated
251 */
252 @Deprecated
253 public String getProtocol()
254 {
255 return _sslContextFactory.getProtocol();
256 }
257
258 /* ------------------------------------------------------------ */
259 /**
260 * @see org.eclipse.jetty.server.ssl.SslConnector#setProtocol(java.lang.String)
261 * @deprecated
262 */
263 @Deprecated
264 public void setProtocol(String protocol)
265 {
266 _sslContextFactory.setProtocol(protocol);
267 }
268
269 /* ------------------------------------------------------------ */
270 /**
271 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeystore(java.lang.String)
272 * @deprecated
273 */
274 @Deprecated
275 public void setKeystore(String keystore)
276 {
277 _sslContextFactory.setKeyStorePath(keystore);
278 }
279
280 /* ------------------------------------------------------------ */
281 /**
282 * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystore()
283 * @deprecated
284 */
285 @Deprecated
286 public String getKeystore()
287 {
288 return _sslContextFactory.getKeyStorePath();
289 }
290
291 /* ------------------------------------------------------------ */
292 /**
293 * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystoreType()
294 * @deprecated
295 */
296 @Deprecated
297 public String getKeystoreType()
298 {
299 return _sslContextFactory.getKeyStoreType();
300 }
301
302 /* ------------------------------------------------------------ */
303 /**
304 * @see org.eclipse.jetty.server.ssl.SslConnector#getNeedClientAuth()
305 * @deprecated
306 */
307 @Deprecated
308 public boolean getNeedClientAuth()
309 {
310 return _sslContextFactory.getNeedClientAuth();
311 }
312
313 /* ------------------------------------------------------------ */
314 /**
315 * @see org.eclipse.jetty.server.ssl.SslConnector#getWantClientAuth()
316 * @deprecated
317 */
318 @Deprecated
319 public boolean getWantClientAuth()
320 {
321 return _sslContextFactory.getWantClientAuth();
322 }
323
324 /* ------------------------------------------------------------ */
325 /**
326 * @see org.eclipse.jetty.server.ssl.SslConnector#setNeedClientAuth(boolean)
327 * @deprecated
328 */
329 @Deprecated
330 public void setNeedClientAuth(boolean needClientAuth)
331 {
332 _sslContextFactory.setNeedClientAuth(needClientAuth);
333 }
334
335 /* ------------------------------------------------------------ */
336 /**
337 * @see org.eclipse.jetty.server.ssl.SslConnector#setWantClientAuth(boolean)
338 * @deprecated
339 */
340 @Deprecated
341 public void setWantClientAuth(boolean wantClientAuth)
342 {
343 _sslContextFactory.setWantClientAuth(wantClientAuth);
344 }
345
346 /* ------------------------------------------------------------ */
347 /**
348 * @see org.eclipse.jetty.server.ssl.SslConnector#setKeystoreType(java.lang.String)
349 * @deprecated
350 */
351 @Deprecated
352 public void setKeystoreType(String keystoreType)
353 {
354 _sslContextFactory.setKeyStoreType(keystoreType);
355 }
356
357 /* ------------------------------------------------------------ */
358 /**
359 * @see org.eclipse.jetty.server.ssl.SslConnector#getProvider()
360 * @deprecated
361 */
362 @Deprecated
363 public String getProvider()
364 {
365 return _sslContextFactory.getProvider();
366 }
367
368 /* ------------------------------------------------------------ */
369 /**
370 * @see org.eclipse.jetty.server.ssl.SslConnector#getSecureRandomAlgorithm()
371 * @deprecated
372 */
373 @Deprecated
374 public String getSecureRandomAlgorithm()
375 {
376 return _sslContextFactory.getSecureRandomAlgorithm();
377 }
378
379 /* ------------------------------------------------------------ */
380 /**
381 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslKeyManagerFactoryAlgorithm()
382 * @deprecated
383 */
384 @Deprecated
385 public String getSslKeyManagerFactoryAlgorithm()
386 {
387 return _sslContextFactory.getSslKeyManagerFactoryAlgorithm();
388 }
389
390 /* ------------------------------------------------------------ */
391 /**
392 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslTrustManagerFactoryAlgorithm()
393 * @deprecated
394 */
395 @Deprecated
396 public String getSslTrustManagerFactoryAlgorithm()
397 {
398 return _sslContextFactory.getTrustManagerFactoryAlgorithm();
399 }
400
401 /* ------------------------------------------------------------ */
402 /**
403 * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststore()
404 * @deprecated
405 */
406 @Deprecated
407 public String getTruststore()
408 {
409 return _sslContextFactory.getTrustStore();
410 }
411
412 /* ------------------------------------------------------------ */
413 /**
414 * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststoreType()
415 * @deprecated
416 */
417 @Deprecated
418 public String getTruststoreType()
419 {
420 return _sslContextFactory.getTrustStoreType();
421 }
422
423 /* ------------------------------------------------------------ */
424 /**
425 * @see org.eclipse.jetty.server.ssl.SslConnector#setProvider(java.lang.String)
426 * @deprecated
427 */
428 @Deprecated
429 public void setProvider(String provider)
430 {
431 _sslContextFactory.setProvider(provider);
432 }
433
434 /* ------------------------------------------------------------ */
435 /**
436 * @see org.eclipse.jetty.server.ssl.SslConnector#setSecureRandomAlgorithm(java.lang.String)
437 * @deprecated
438 */
439 @Deprecated
440 public void setSecureRandomAlgorithm(String algorithm)
441 {
442 _sslContextFactory.setSecureRandomAlgorithm(algorithm);
443 }
444
445 /* ------------------------------------------------------------ */
446 /**
447 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslKeyManagerFactoryAlgorithm(java.lang.String)
448 * @deprecated
449 */
450 @Deprecated
451 public void setSslKeyManagerFactoryAlgorithm(String algorithm)
452 {
453 _sslContextFactory.setSslKeyManagerFactoryAlgorithm(algorithm);
454 }
455
456 /* ------------------------------------------------------------ */
457 /**
458 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslTrustManagerFactoryAlgorithm(java.lang.String)
459 * @deprecated
460 */
461 @Deprecated
462 public void setSslTrustManagerFactoryAlgorithm(String algorithm)
463 {
464 _sslContextFactory.setTrustManagerFactoryAlgorithm(algorithm);
465 }
466
467 /* ------------------------------------------------------------ */
468 /**
469 * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststore(java.lang.String)
470 * @deprecated
471 */
472 @Deprecated
473 public void setTruststore(String truststore)
474 {
475 _sslContextFactory.setTrustStore(truststore);
476 }
477
478 /* ------------------------------------------------------------ */
479 /**
480 * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststoreType(java.lang.String)
481 * @deprecated
482 */
483 @Deprecated
484 public void setTruststoreType(String truststoreType)
485 {
486 _sslContextFactory.setTrustStoreType(truststoreType);
487 }
488
489 /* ------------------------------------------------------------ */
490 /**
491 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext)
492 * @deprecated
493 */
494 @Deprecated
495 public void setSslContext(SSLContext sslContext)
496 {
497 _sslContextFactory.setSslContext(sslContext);
498 }
499
500 /* ------------------------------------------------------------ */
501 /**
502 * @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext)
503 * @deprecated
504 */
505 @Deprecated
506 public SSLContext getSslContext()
507 {
508 return _sslContextFactory.getSslContext();
509 }
510
511 /* ------------------------------------------------------------ */
512 /**
513 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslContextFactory() 119 * @see org.eclipse.jetty.server.ssl.SslConnector#getSslContextFactory()
514 */ 120 */
515 public SslContextFactory getSslContextFactory() 121 public SslContextFactory getSslContextFactory()
516 { 122 {
517 return _sslContextFactory; 123 return _sslContextFactory;
555 * @param channel A channel which if passed is used as to extract remote 161 * @param channel A channel which if passed is used as to extract remote
556 * host and port for the purposes of SSL session caching 162 * host and port for the purposes of SSL session caching
557 * @return A SSLEngine for a new or cached SSL Session 163 * @return A SSLEngine for a new or cached SSL Session
558 * @throws IOException if the SSLEngine cannot be created 164 * @throws IOException if the SSLEngine cannot be created
559 */ 165 */
560 protected SSLEngine createSSLEngine(SocketChannel channel) throws IOException 166 private SSLEngine createSSLEngine(SocketChannel channel) throws IOException
561 { 167 {
562 SSLEngine engine; 168 String peerHost = channel.socket().getInetAddress().getHostAddress();
563 if (channel != null) 169 int peerPort = channel.socket().getPort();
564 { 170 SSLEngine engine = _sslContextFactory.newSslEngine(peerHost, peerPort);
565 String peerHost = channel.socket().getInetAddress().getHostAddress();
566 int peerPort = channel.socket().getPort();
567 engine = _sslContextFactory.newSslEngine(peerHost, peerPort);
568 }
569 else
570 {
571 engine = _sslContextFactory.newSslEngine();
572 }
573
574 engine.setUseClientMode(false); 171 engine.setUseClientMode(false);
575 return engine; 172 return engine;
576 } 173 }
577 174
578 /* ------------------------------------------------------------ */ 175 /* ------------------------------------------------------------ */
610 * @see org.eclipse.jetty.server.nio.SelectChannelConnector#doStop() 207 * @see org.eclipse.jetty.server.nio.SelectChannelConnector#doStop()
611 */ 208 */
612 @Override 209 @Override
613 protected void doStop() throws Exception 210 protected void doStop() throws Exception
614 { 211 {
615 _sslBuffers=null; 212 _sslBuffers = null;
616 super.doStop(); 213 super.doStop();
617 } 214 }
618 215
619 /* ------------------------------------------------------------ */
620 /**
621 * @return SSL buffers
622 */
623 public Buffers getSslBuffers()
624 {
625 return _sslBuffers;
626 }
627 } 216 }