org.openqa.jetty.http

Class SslListener

java.lang.Object

org.openqa.jetty.util.ThreadPool

org.openqa.jetty.util.ThreadedServer

org.openqa.jetty.http.SocketListener

org.openqa.jetty.http.SslListener

All Implemented Interfaces:

Serializable, HttpListener, LifeCycle

Direct Known Subclasses:

ProxyHandler.SslRelay

public class SslListener
extends SocketListener

JSSE Socket Listener. This is heavily based on the work from Court Demas, which in turn is based on the work from Forge Research.

Version:

$Id: SslListener.java,v 1.8 2006/11/22 20:21:30 gregwilkins Exp $

Author:

Greg Wilkins ([email protected]), Court Demas ([email protected]), Forge Research Pty Ltd ACN 003 491 576, Jan Hlavaty

See Also:

Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class org.openqa.jetty.util.ThreadPool

ThreadPool.PoolThread

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEFAULT_KEYSTORE Default value for the keystore location path.
static String	KEYPASSWORD_PROPERTY String name of key password property.
static String	PASSWORD_PROPERTY String name of keystore password property.

Fields inherited from class org.openqa.jetty.util.ThreadPool

__DAEMON, __PRIORITY

Fields inherited from interface org.openqa.jetty.http.HttpListener

ATTRIBUTE

Constructor Summary

Constructors

Constructor and Description
SslListener() Constructor.
SslListener(InetAddrPort p_address) Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
protected Socket	accept(ServerSocket p_serverSocket)
protected SSLServerSocketFactory	createFactory()
protected void	customizeRequest(Socket socket, HttpRequest request) Allow the Listener a chance to customise the request.
String	getAlgorithm()
String[]	getCipherSuites()
String	getKeystore()
String	getKeystoreType()
boolean	getNeedClientAuth()
String	getProtocol()
String	getProvider()
boolean	getWantClientAuth()
boolean	isConfidential(HttpConnection connection) By default, we're confidential, given we speak SSL.
boolean	isIntegral(HttpConnection connection) By default, we're integral, given we speak SSL.
protected ServerSocket	newServerSocket(InetAddrPort p_address, int p_acceptQueueSize) New server socket.
void	setAlgorithm(String algorithm)
void	setCipherSuites(String[] cipherSuites)
void	setKeyPassword(String password)
void	setKeystore(String keystore)
void	setKeystoreType(String keystoreType)
void	setNeedClientAuth(boolean needClientAuth) Set the value of the needClientAuth property
void	setPassword(String password)
void	setProtocol(String protocol)
void	setProvider(String _provider)
void	setWantClientAuth(boolean wantClientAuth) Set the value of the needClientAuth property

Methods inherited from class org.openqa.jetty.http.SocketListener

createConnection, customizeRequest, getBufferReserve, getBufferSize, getConfidentialPort, getConfidentialScheme, getDefaultScheme, getHttpHandler, getHttpServer, getIdentifyListener, getIntegralPort, getIntegralScheme, getLowResourcePersistTimeMs, getLowResources, handleConnection, isLowOnResources, isOutOfResources, persistConnection, setBufferReserve, setBufferSize, setConfidentialPort, setConfidentialScheme, setDefaultScheme, setHttpHandler, setHttpServer, setIdentifyListener, setIntegralPort, setIntegralScheme, setLowResourcePersistTimeMs, setLowResources, start, stop

Methods inherited from class org.openqa.jetty.util.ThreadedServer

acceptSocket, acceptSocket, getAcceptorThreads, getAcceptQueueSize, getHost, getInetAddress, getInetAddrPort, getLingerTimeSecs, getMaxReadTimeMs, getPort, getServerSocket, getTcpNoDelay, handle, handleConnection, open, setAcceptorThreads, setAcceptQueueSize, setHost, setInetAddress, setInetAddrPort, setLingerTimeSecs, setMaxReadTimeMs, setPort, setTcpNoDelay, stopJob, toString

Methods inherited from class org.openqa.jetty.util.ThreadPool

getIdleThreads, getMaxIdleTimeMs, getMaxThreads, getMinThreads, getName, getPoolName, getThreads, getThreadsPriority, isDaemon, isStarted, join, run, setDaemon, setMaxIdleTimeMs, setMaxStopTimeMs, setMaxThreads, setMinThreads, setName, setPoolName, setThreadsPriority, shrink

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.openqa.jetty.http.HttpListener

getHost, getPort, setHost, setPort

Methods inherited from interface org.openqa.jetty.util.LifeCycle

isStarted

Field Detail

DEFAULT_KEYSTORE

public static final String DEFAULT_KEYSTORE

Default value for the keystore location path.

PASSWORD_PROPERTY

public static final String PASSWORD_PROPERTY

String name of keystore password property.

See Also:

Constant Field Values

KEYPASSWORD_PROPERTY

public static final String KEYPASSWORD_PROPERTY

String name of key password property.

See Also:

Constant Field Values

Constructor Detail

SslListener

public SslListener()

Constructor.

SslListener

public SslListener(InetAddrPort p_address)

Constructor.

Parameters:

p_address -

Method Detail

getCipherSuites

public String[] getCipherSuites()

setCipherSuites

public void setCipherSuites(String[] cipherSuites)

Parameters:

cipherSuites - author Tony Jiang

setPassword

public void setPassword(String password)

setKeyPassword

public void setKeyPassword(String password)

getAlgorithm

public String getAlgorithm()

setAlgorithm

public void setAlgorithm(String algorithm)

getProtocol

public String getProtocol()

setProtocol

public void setProtocol(String protocol)

setKeystore

public void setKeystore(String keystore)

getKeystore

public String getKeystore()

getKeystoreType

public String getKeystoreType()

setKeystoreType

public void setKeystoreType(String keystoreType)

setNeedClientAuth

public void setNeedClientAuth(boolean needClientAuth)

Set the value of the needClientAuth property

Parameters:

needClientAuth - true iff we require client certificate authentication.

getNeedClientAuth

public boolean getNeedClientAuth()

setWantClientAuth

public void setWantClientAuth(boolean wantClientAuth)

Set the value of the needClientAuth property

Parameters:

wantClientAuth - true iff we would like client certificate authentication.

getWantClientAuth

public boolean getWantClientAuth()

isIntegral

public boolean isIntegral(HttpConnection connection)

By default, we're integral, given we speak SSL. But, if we've been told about an integral port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

Specified by:

isIntegral in interface HttpListener

Overrides:

isIntegral in class SocketListener

Parameters:

connection - The connection to test.

Returns:

True of the connection checks the integrity of the data. For most implementations this is true for https connections.

isConfidential

public boolean isConfidential(HttpConnection connection)

By default, we're confidential, given we speak SSL. But, if we've been told about an confidential port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

Specified by:

isConfidential in interface HttpListener

Overrides:

isConfidential in class SocketListener

Parameters:

connection - The connection to test.

Returns:

True of the connection checks the integrity of the data. For most implementations this is true for https connections.

createFactory

protected SSLServerSocketFactory createFactory()
                                        throws Exception

Throws:

Exception

newServerSocket

protected ServerSocket newServerSocket(InetAddrPort p_address,
                           int p_acceptQueueSize)
                                throws IOException

Description copied from class: ThreadedServer

New server socket. Creates a new servers socket. May be overriden by derived class to create specialist serversockets (eg SSL).

Overrides:

newServerSocket in class ThreadedServer

Parameters:

p_address -

p_acceptQueueSize -

Returns:

@exception IOException

Throws:

IOException

accept

protected Socket accept(ServerSocket p_serverSocket)
                 throws IOException

Parameters:

p_serverSocket -

Returns:

@exception IOException

Throws:

IOException

customizeRequest

protected void customizeRequest(Socket socket,
                    HttpRequest request)

Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:

• an attribute named "javax.servlet.request.cipher_suite" of type String.
• an attribute named "javax.servlet.request.key_size" of type Integer.
• an attribute named "javax.servlet.request.X509Certificate" of type java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate, the order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on.

Overrides:

customizeRequest in class SocketListener

Parameters:

socket - The Socket the request arrived on. This should be a javax.net.ssl.SSLSocket.

request - HttpRequest to be customised.

getProvider

public String getProvider()

setProvider

public void setProvider(String _provider)