Mercurial Hosting > luan
changeset 870:b745110a30f4
remove SslSocketConnector
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Mon, 03 Oct 2016 19:46:15 -0600 |
parents | 3f3675b1c83c |
children | 260f538f8fa7 |
files | src/org/eclipse/jetty/server/ssl/SslSocketConnector.java |
diffstat | 1 files changed, 0 insertions(+), 712 deletions(-) [+] |
line wrap: on
line diff
diff -r 3f3675b1c83c -r b745110a30f4 src/org/eclipse/jetty/server/ssl/SslSocketConnector.java --- a/src/org/eclipse/jetty/server/ssl/SslSocketConnector.java Mon Oct 03 19:36:11 2016 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,712 +0,0 @@ -// -// ======================================================================== -// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. -// ------------------------------------------------------------------------ -// All rights reserved. This program and the accompanying materials -// are made available under the terms of the Eclipse Public License v1.0 -// and Apache License v2.0 which accompanies this distribution. -// -// The Eclipse Public License is available at -// http://www.eclipse.org/legal/epl-v10.html -// -// The Apache License v2.0 is available at -// http://www.opensource.org/licenses/apache2.0.php -// -// You may elect to redistribute this code under either of these licenses. -// ======================================================================== -// - -package org.eclipse.jetty.server.ssl; - -import java.io.IOException; -import java.net.ServerSocket; -import java.net.Socket; - -import javax.net.ssl.HandshakeCompletedEvent; -import javax.net.ssl.HandshakeCompletedListener; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLException; -import javax.net.ssl.SSLServerSocket; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocket; - -import org.eclipse.jetty.http.HttpSchemes; -import org.eclipse.jetty.io.EndPoint; -import org.eclipse.jetty.io.RuntimeIOException; -import org.eclipse.jetty.io.bio.SocketEndPoint; -import org.eclipse.jetty.server.Request; -import org.eclipse.jetty.server.bio.SocketConnector; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.eclipse.jetty.util.ssl.SslContextFactory; - -/* ------------------------------------------------------------ */ -/** - * SSL Socket Connector. - * - * This specialization of SocketConnector is an abstract listener that can be used as the basis for a - * specific JSSE listener. - * - * The original of this class was heavily based on the work from Court Demas, which in turn is - * based on the work from Forge Research. Since JSSE, this class has evolved significantly from - * that early work. - * - * @org.apache.xbean.XBean element="sslSocketConnector" description="Creates an ssl socket connector" - * - * - */ -public class SslSocketConnector extends SocketConnector implements SslConnector -{ - private static final Logger LOG = LoggerFactory.getLogger(SslSocketConnector.class); - - private final SslContextFactory _sslContextFactory; - private int _handshakeTimeout = 0; //0 means use maxIdleTime - - /* ------------------------------------------------------------ */ - /** - * Constructor. - */ - public SslSocketConnector() - { - this(new SslContextFactory(SslContextFactory.DEFAULT_KEYSTORE_PATH)); - setSoLingerTime(30000); - } - - /* ------------------------------------------------------------ */ - public SslSocketConnector(SslContextFactory sslContextFactory) - { - _sslContextFactory = sslContextFactory; - } - - /* ------------------------------------------------------------ */ - /** - * @return True if SSL re-negotiation is allowed (default false) - */ - public boolean isAllowRenegotiate() - { - return _sslContextFactory.isAllowRenegotiate(); - } - - /* ------------------------------------------------------------ */ - /** - * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered - * a vulnerability in SSL/TLS with re-negotiation. If your JVM - * does not have CVE-2009-3555 fixed, then re-negotiation should - * not be allowed. - * @param allowRenegotiate true if re-negotiation is allowed (default false) - */ - public void setAllowRenegotiate(boolean allowRenegotiate) - { - _sslContextFactory.setAllowRenegotiate(allowRenegotiate); - } - - /* ------------------------------------------------------------ */ - @Override - public void accept(int acceptorID) - throws IOException, InterruptedException - { - Socket socket = _serverSocket.accept(); - configure(socket); - - ConnectorEndPoint connection=new SslConnectorEndPoint(socket); - connection.dispatch(); - } - - /* ------------------------------------------------------------ */ - @Override - protected void configure(Socket socket) - throws IOException - { - super.configure(socket); - } - - /* ------------------------------------------------------------ */ - /** - * Allow the Listener a chance to customise the request. before the server does its stuff. <br> - * This allows the required attributes to be set for SSL requests. <br> - * The requirements of the Servlet specs are: - * <ul> - * <li> an attribute named "javax.servlet.request.ssl_id" of type String (since Spec 3.0).</li> - * <li> an attribute named "javax.servlet.request.cipher_suite" of type String.</li> - * <li> an attribute named "javax.servlet.request.key_size" of type Integer.</li> - * <li> an attribute named "javax.servlet.request.X509Certificate" of type - * java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate, - * the order of this array is defined as being in ascending order of trust. The first - * certificate in the chain is the one set by the client, the next is the one used to - * authenticate the first, and so on. </li> - * </ul> - * - * @param endpoint The Socket the request arrived on. - * This should be a {@link SocketEndPoint} wrapping a {@link SSLSocket}. - * @param request HttpRequest to be customised. - */ - @Override - public void customize(EndPoint endpoint, Request request) - throws IOException - { - super.customize(endpoint, request); - request.setScheme(HttpSchemes.HTTPS); - - SocketEndPoint socket_end_point = (SocketEndPoint)endpoint; - SSLSocket sslSocket = (SSLSocket)socket_end_point.getTransport(); - SSLSession sslSession = sslSocket.getSession(); - - SslCertificates.customize(sslSession,endpoint,request); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites() - * @deprecated - */ - @Deprecated - public String[] getExcludeCipherSuites() { - return _sslContextFactory.getExcludeCipherSuites(); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#getIncludeCipherSuites() - * @deprecated - */ - @Deprecated - public String[] getIncludeCipherSuites() - { - return _sslContextFactory.getIncludeCipherSuites(); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystore() - * @deprecated - */ - @Deprecated - public String getKeystore() - { - return _sslContextFactory.getKeyStorePath(); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#getKeystoreType() - * @deprecated - */ - @Deprecated - public String getKeystoreType() - { - return _sslContextFactory.getKeyStoreType(); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#getNeedClientAuth() - * @deprecated - */ - @Deprecated - public boolean getNeedClientAuth() - { - return _sslContextFactory.getNeedClientAuth(); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#getProtocol() - * @deprecated - */ - @Deprecated - public String getProtocol() - { - return _sslContextFactory.getProtocol(); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#getProvider() - * @deprecated - */ - @Deprecated - public String getProvider() { - return _sslContextFactory.getProvider(); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#getSecureRandomAlgorithm() - * @deprecated - */ - @Deprecated - public String getSecureRandomAlgorithm() - { - return _sslContextFactory.getSecureRandomAlgorithm(); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#getSslKeyManagerFactoryAlgorithm() - * @deprecated - */ - @Deprecated - public String getSslKeyManagerFactoryAlgorithm() - { - return _sslContextFactory.getSslKeyManagerFactoryAlgorithm(); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#getSslTrustManagerFactoryAlgorithm() - * @deprecated - */ - @Deprecated - public String getSslTrustManagerFactoryAlgorithm() - { - return _sslContextFactory.getTrustManagerFactoryAlgorithm(); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststore() - * @deprecated - */ - @Deprecated - public String getTruststore() - { - return _sslContextFactory.getTrustStore(); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#getSslContextFactory() - */ -// @Override - public SslContextFactory getSslContextFactory() - { - return _sslContextFactory; - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#getTruststoreType() - * @deprecated - */ - @Deprecated - public String getTruststoreType() - { - return _sslContextFactory.getTrustStoreType(); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#getWantClientAuth() - * @deprecated - */ - @Deprecated - public boolean getWantClientAuth() - { - return _sslContextFactory.getWantClientAuth(); - } - - /* ------------------------------------------------------------ */ - /** - * By default, we're confidential, given we speak SSL. But, if we've been told about an - * confidential port, and said port is not our port, then we're not. This allows separation of - * listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener - * configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not - * requiring client certs providing mere INTEGRAL constraints. - */ - @Override - public boolean isConfidential(Request request) - { - final int confidentialPort = getConfidentialPort(); - return confidentialPort == 0 || confidentialPort == request.getServerPort(); - } - - /* ------------------------------------------------------------ */ - /** - * By default, we're integral, given we speak SSL. But, if we've been told about an integral - * port, and said port is not our port, then we're not. This allows separation of listeners - * providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to - * require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring - * client certs providing mere INTEGRAL constraints. - */ - @Override - public boolean isIntegral(Request request) - { - final int integralPort = getIntegralPort(); - return integralPort == 0 || integralPort == request.getServerPort(); - } - - /* ------------------------------------------------------------ */ - @Override - public void open() throws IOException - { - _sslContextFactory.checkKeyStore(); - try - { - _sslContextFactory.start(); - } - catch(Exception e) - { - throw new RuntimeIOException(e); - } - super.open(); - } - - /* ------------------------------------------------------------ */ - /** - * {@inheritDoc} - */ - @Override - protected void doStart() throws Exception - { - _sslContextFactory.checkKeyStore(); - _sslContextFactory.start(); - - super.doStart(); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.bio.SocketConnector#doStop() - */ - @Override - protected void doStop() throws Exception - { - _sslContextFactory.stop(); - - super.doStop(); - } - - /* ------------------------------------------------------------ */ - /** - * @param host The host name that this server should listen on - * @param port the port that this server should listen on - * @param backlog See {@link ServerSocket#bind(java.net.SocketAddress, int)} - * @return A new {@link ServerSocket socket object} bound to the supplied address with all other - * settings as per the current configuration of this connector. - * @see #setWantClientAuth(boolean) - * @see #setNeedClientAuth(boolean) - * @exception IOException - */ - @Override - protected ServerSocket newServerSocket(String host, int port,int backlog) throws IOException - { - return _sslContextFactory.newSslServerSocket(host,port,backlog); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[]) - * @deprecated - */ - @Deprecated - public void setExcludeCipherSuites(String[] cipherSuites) - { - _sslContextFactory.setExcludeCipherSuites(cipherSuites); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#setIncludeCipherSuites(java.lang.String[]) - * @deprecated - */ - @Deprecated - public void setIncludeCipherSuites(String[] cipherSuites) - { - _sslContextFactory.setIncludeCipherSuites(cipherSuites); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#setKeyPassword(java.lang.String) - * @deprecated - */ - @Deprecated - public void setKeyPassword(String password) - { - _sslContextFactory.setKeyManagerPassword(password); - } - - /* ------------------------------------------------------------ */ - /** - * @param keystore The resource path to the keystore, or null for built in keystores. - * @deprecated - */ - @Deprecated - public void setKeystore(String keystore) - { - _sslContextFactory.setKeyStorePath(keystore); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#setKeystoreType(java.lang.String) - * @deprecated - */ - @Deprecated - public void setKeystoreType(String keystoreType) - { - _sslContextFactory.setKeyStoreType(keystoreType); - } - - /* ------------------------------------------------------------ */ - /** - * Set the value of the needClientAuth property - * - * @param needClientAuth true iff we require client certificate authentication. - * @deprecated - */ - @Deprecated - public void setNeedClientAuth(boolean needClientAuth) - { - _sslContextFactory.setNeedClientAuth(needClientAuth); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#setPassword(java.lang.String) - * @deprecated - */ - @Deprecated - public void setPassword(String password) - { - _sslContextFactory.setKeyStorePassword(password); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#setTrustPassword(java.lang.String) - * @deprecated - */ - @Deprecated - public void setTrustPassword(String password) - { - _sslContextFactory.setTrustStorePassword(password); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#setProtocol(java.lang.String) - * @deprecated - */ - @Deprecated - public void setProtocol(String protocol) - { - _sslContextFactory.setProtocol(protocol); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#setProvider(java.lang.String) - * @deprecated - */ - @Deprecated - public void setProvider(String provider) { - _sslContextFactory.setProvider(provider); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#setSecureRandomAlgorithm(java.lang.String) - * @deprecated - */ - @Deprecated - public void setSecureRandomAlgorithm(String algorithm) - { - _sslContextFactory.setSecureRandomAlgorithm(algorithm); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#setSslKeyManagerFactoryAlgorithm(java.lang.String) - * @deprecated - */ - @Deprecated - public void setSslKeyManagerFactoryAlgorithm(String algorithm) - { - _sslContextFactory.setSslKeyManagerFactoryAlgorithm(algorithm); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#setSslTrustManagerFactoryAlgorithm(java.lang.String) - * @deprecated - */ - @Deprecated - public void setSslTrustManagerFactoryAlgorithm(String algorithm) - { - _sslContextFactory.setTrustManagerFactoryAlgorithm(algorithm); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststore(java.lang.String) - * @deprecated - */ - @Deprecated - public void setTruststore(String truststore) - { - _sslContextFactory.setTrustStore(truststore); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#setTruststoreType(java.lang.String) - * @deprecated - */ - @Deprecated - public void setTruststoreType(String truststoreType) - { - _sslContextFactory.setTrustStoreType(truststoreType); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext) - * @deprecated - */ - @Deprecated - public void setSslContext(SSLContext sslContext) - { - _sslContextFactory.setSslContext(sslContext); - } - - /* ------------------------------------------------------------ */ - /** - * @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext) - * @deprecated - */ - @Deprecated - public SSLContext getSslContext() - { - return _sslContextFactory.getSslContext(); - } - - /* ------------------------------------------------------------ */ - /** - * Set the value of the _wantClientAuth property. This property is used - * internally when opening server sockets. - * - * @param wantClientAuth true if we want client certificate authentication. - * @see SSLServerSocket#setWantClientAuth - * @deprecated - */ - @Deprecated - public void setWantClientAuth(boolean wantClientAuth) - { - _sslContextFactory.setWantClientAuth(wantClientAuth); - } - - /* ------------------------------------------------------------ */ - /** - * Set the time in milliseconds for so_timeout during ssl handshaking - * @param msec a non-zero value will be used to set so_timeout during - * ssl handshakes. A zero value means the maxIdleTime is used instead. - */ - public void setHandshakeTimeout (int msec) - { - _handshakeTimeout = msec; - } - - - /* ------------------------------------------------------------ */ - public int getHandshakeTimeout () - { - return _handshakeTimeout; - } - - /* ------------------------------------------------------------ */ - public class SslConnectorEndPoint extends ConnectorEndPoint - { - public SslConnectorEndPoint(Socket socket) throws IOException - { - super(socket); - } - - @Override - public void shutdownOutput() throws IOException - { - close(); - } - - @Override - public void shutdownInput() throws IOException - { - close(); - } - - @Override - public void run() - { - try - { - int handshakeTimeout = getHandshakeTimeout(); - int oldTimeout = _socket.getSoTimeout(); - if (handshakeTimeout > 0) - _socket.setSoTimeout(handshakeTimeout); - - final SSLSocket ssl=(SSLSocket)_socket; - ssl.addHandshakeCompletedListener(new HandshakeCompletedListener() - { - boolean handshook=false; - public void handshakeCompleted(HandshakeCompletedEvent event) - { - if (handshook) - { - if (!_sslContextFactory.isAllowRenegotiate()) - { - LOG.warn("SSL renegotiate denied: "+ssl); - try{ssl.close();}catch(IOException e){LOG.warn("",e);} - } - } - else - handshook=true; - } - }); - ssl.startHandshake(); - - if (handshakeTimeout>0) - _socket.setSoTimeout(oldTimeout); - - super.run(); - } - catch (SSLException e) - { - LOG.debug("",e); - try{close();} - catch(IOException e2){LOG.trace("",e2);} - } - catch (IOException e) - { - LOG.debug("",e); - try{close();} - catch(IOException e2){LOG.trace("",e2);} - } - } - } - - /* ------------------------------------------------------------ */ - /** - * Unsupported. - * - * TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past) - * @deprecated - */ - @Deprecated - public String getAlgorithm() - { - throw new UnsupportedOperationException(); - } - - /* ------------------------------------------------------------ */ - /** - * Unsupported. - * - * TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past) - * @deprecated - */ - @Deprecated - public void setAlgorithm(String algorithm) - { - throw new UnsupportedOperationException(); - } -}