Mercurial Hosting > luan
view src/org/eclipse/jetty/server/ssl/SslSelectChannelConnector.java @ 1043:ae1c92957739
remove Buffer.mark(int)
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Fri, 04 Nov 2016 01:10:12 -0600 |
parents | 4dc1e1a18661 |
children | a8c92b0a08ed |
line wrap: on
line source
// // ======================================================================== // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. // ------------------------------------------------------------------------ // All rights reserved. This program and the accompanying materials // are made available under the terms of the Eclipse Public License v1.0 // and Apache License v2.0 which accompanies this distribution. // // The Eclipse Public License is available at // http://www.eclipse.org/legal/epl-v10.html // // The Apache License v2.0 is available at // http://www.opensource.org/licenses/apache2.0.php // // You may elect to redistribute this code under either of these licenses. // ======================================================================== // package org.eclipse.jetty.server.ssl; import java.io.IOException; import java.nio.channels.SocketChannel; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import org.eclipse.jetty.io.AsyncEndPoint; import org.eclipse.jetty.io.Buffer; import org.eclipse.jetty.io.Buffers; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.RuntimeIOException; import org.eclipse.jetty.io.nio.AsyncConnection; import org.eclipse.jetty.io.nio.SslConnection; import org.eclipse.jetty.io.nio.SelectChannelEndPoint; import org.eclipse.jetty.io.nio.IndirectNIOBuffer; import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.AbstractHttpConnection; import org.eclipse.jetty.server.AsyncHttpConnection; import org.eclipse.jetty.server.nio.SelectChannelConnector; import org.eclipse.jetty.util.component.AggregateLifeCycle; import org.eclipse.jetty.util.ssl.SslContextFactory; /* ------------------------------------------------------------ */ /** * SslSelectChannelConnector. * * @org.apache.xbean.XBean element="sslConnector" description="Creates an NIO ssl connector" */ public final class SslSelectChannelConnector extends SelectChannelConnector { private final SslContextFactory _sslContextFactory; /* ------------------------------------------------------------ */ public SslSelectChannelConnector(Server server,int port) { this(new SslContextFactory(SslContextFactory.DEFAULT_KEYSTORE_PATH),server,port); setSoLingerTime(30000); } /* ------------------------------------------------------------ */ /** Construct with explicit SslContextFactory. * The SslContextFactory passed is added via {@link #addBean(Object)} so that * it's lifecycle may be managed with {@link AggregateLifeCycle}. * @param sslContextFactory */ public SslSelectChannelConnector(SslContextFactory sslContextFactory,Server server,int port) { super(server,port); _sslContextFactory = sslContextFactory; addBean(_sslContextFactory); setSoLingerTime(30000); } @Override protected Buffer newBuffer(int size) { return new IndirectNIOBuffer(size); } /* ------------------------------------------------------------ */ /** * Allow the Listener a chance to customise the request. before the server * does its stuff. <br> * This allows the required attributes to be set for SSL requests. <br> * The requirements of the Servlet specs are: * <ul> * <li> an attribute named "javax.servlet.request.ssl_session_id" of type * String (since Servlet Spec 3.0).</li> * <li> an attribute named "javax.servlet.request.cipher_suite" of type * String.</li> * <li> an attribute named "javax.servlet.request.key_size" of type Integer.</li> * <li> an attribute named "javax.servlet.request.X509Certificate" of type * java.security.cert.X509Certificate[]. This is an array of objects of type * X509Certificate, the order of this array is defined as being in ascending * order of trust. The first certificate in the chain is the one set by the * client, the next is the one used to authenticate the first, and so on. * </li> * </ul> * * @param endpoint * The Socket the request arrived on. * @param request * HttpRequest to be customised. */ @Override public void customize(AbstractHttpConnection con) throws IOException { con._request.setScheme("https"); super.customize(con); SslConnection.SslEndPoint sslEndpoint=(SslConnection.SslEndPoint)con._endp; SSLEngine sslEngine = sslEndpoint.getSslEngine(); SSLSession sslSession = sslEngine.getSession(); SslCertificates.customize(sslSession,con._endp,con._request); } /* ------------------------------------------------------------ */ /** * @see org.eclipse.jetty.server.ssl.SslConnector#getSslContextFactory() */ public SslContextFactory getSslContextFactory() { return _sslContextFactory; } /* ------------------------------------------------------------ */ /** * By default, we're confidential, given we speak SSL. But, if we've been * told about an confidential port, and said port is not our port, then * we're not. This allows separation of listeners providing INTEGRAL versus * CONFIDENTIAL constraints, such as one SSL listener configured to require * client certs providing CONFIDENTIAL, whereas another SSL listener not * requiring client certs providing mere INTEGRAL constraints. */ @Override public boolean isConfidential() { return true; } @Override public AsyncConnection newConnection(SocketChannel channel, AsyncEndPoint endpoint) { try { SSLEngine engine = createSSLEngine(channel); SslConnection connection = new SslConnection(engine, endpoint); AsyncHttpConnection delegate = (AsyncHttpConnection)super.newConnection(channel, connection.getSslEndPoint()); connection.getSslEndPoint().setConnection(delegate); connection.setAllowRenegotiate(_sslContextFactory.isAllowRenegotiate()); return connection; } catch (IOException e) { throw new RuntimeIOException(e); } } /* ------------------------------------------------------------ */ /** * @param channel A channel which if passed is used as to extract remote * host and port for the purposes of SSL session caching * @return A SSLEngine for a new or cached SSL Session * @throws IOException if the SSLEngine cannot be created */ private SSLEngine createSSLEngine(SocketChannel channel) throws IOException { String peerHost = channel.socket().getInetAddress().getHostAddress(); int peerPort = channel.socket().getPort(); SSLEngine engine = _sslContextFactory.newSslEngine(peerHost, peerPort); engine.setUseClientMode(false); return engine; } /* ------------------------------------------------------------ */ /** * @see org.eclipse.jetty.server.nio.SelectChannelConnector#doStart() */ @Override protected void doStart() throws Exception { _sslContextFactory.checkKeyStore(); _sslContextFactory.start(); SSLEngine sslEngine = _sslContextFactory.newSslEngine(); sslEngine.setUseClientMode(false); SSLSession sslSession = sslEngine.getSession(); if (_requestHeaderSize < sslSession.getApplicationBufferSize()) _requestHeaderSize = sslSession.getApplicationBufferSize(); if (_requestBufferSize < sslSession.getApplicationBufferSize()) _requestBufferSize = sslSession.getApplicationBufferSize(); super.doStart(); } }