org.mortbay.http

Class SslListener

Implemented Interfaces:
HttpListener, LifeCycle, Serializable

public class SslListener
extends SocketListener

JSSE Socket Listener. This is heavily based on the work from Court Demas, which in turn is based on the work from Forge Research.
Version:
$Id: SslListener.java,v 1.5 2005/12/07 23:13:03 gregwilkins Exp $
Authors:
Greg Wilkins (gregw@mortbay.com)
Court Demas (court@kiwiconsulting.com)
Forge Research Pty Ltd ACN 003 491 576
Jan Hlavatý

Nested Class Summary

Nested classes/interfaces inherited from class org.mortbay.util.ThreadPool

ThreadPool.PoolThread

Field Summary

static String
DEFAULT_KEYSTORE
Default value for the keystore location path.
static String
KEYPASSWORD_PROPERTY
String name of key password property.
static String
PASSWORD_PROPERTY
String name of keystore password property.

Fields inherited from class org.mortbay.util.ThreadPool

__DAEMON, __PRIORITY

Fields inherited from interface org.mortbay.http.HttpListener

ATTRIBUTE

Constructor Summary

SslListener()
Constructor.
SslListener(InetAddrPort p_address)
Constructor.

Method Summary

protected Socket
accept(ServerSocket p_serverSocket)
protected SSLServerSocketFactory
createFactory()
protected void
customizeRequest(Socket socket, HttpRequest request)
Allow the Listener a chance to customise the request.
String
getAlgorithm()
String[]
getCipherSuites()
String
getKeystore()
String
getKeystoreType()
boolean
getNeedClientAuth()
String
getProtocol()
boolean
getWantClientAuth()
boolean
isConfidential(HttpConnection connection)
By default, we're confidential, given we speak SSL.
boolean
isIntegral(HttpConnection connection)
By default, we're integral, given we speak SSL.
protected ServerSocket
newServerSocket(InetAddrPort p_address, int p_acceptQueueSize)
void
setAlgorithm(String algorithm)
void
setCipherSuites(String[] cipherSuites)
void
setKeyPassword(String password)
void
setKeystore(String keystore)
void
setKeystoreType(String keystoreType)
void
setNeedClientAuth(boolean needClientAuth)
Set the value of the needClientAuth property
void
setPassword(String password)
void
setProtocol(String protocol)
void
setWantClientAuth(boolean wantClientAuth)
Set the value of the needClientAuth property

Methods inherited from class org.mortbay.http.SocketListener

createConnection, customizeRequest, customizeRequest, getBufferReserve, getBufferSize, getConfidentialPort, getConfidentialScheme, getDefaultScheme, getHttpHandler, getHttpServer, getIdentifyListener, getIntegralPort, getIntegralScheme, getLowResourcePersistTimeMs, getLowResources, handleConnection, isConfidential, isIntegral, isLowOnResources, isOutOfResources, persistConnection, setBufferReserve, setBufferSize, setConfidentialPort, setConfidentialScheme, setDefaultScheme, setHttpHandler, setHttpServer, setIdentifyListener, setIntegralPort, setIntegralScheme, setLowResourcePersistTimeMs, setLowResources, start, stop

Methods inherited from class org.mortbay.util.ThreadedServer

acceptSocket, acceptSocket, getAcceptQueueSize, getAcceptorThreads, getHost, getInetAddrPort, getInetAddress, getLingerTimeSecs, getMaxReadTimeMs, getPort, getServerSocket, getTcpNoDelay, handle, handleConnection, handleConnection, newServerSocket, open, setAcceptQueueSize, setAcceptorThreads, setHost, setInetAddrPort, setInetAddress, setLingerTimeSecs, setMaxReadTimeMs, setPort, setTcpNoDelay, start, stop, stopJob, toString

Methods inherited from class org.mortbay.util.ThreadPool

getIdleThreads, getMaxIdleTimeMs, getMaxThreads, getMinThreads, getName, getPoolName, getThreads, getThreadsPriority, handle, isDaemon, isStarted, join, run, setDaemon, setMaxIdleTimeMs, setMaxStopTimeMs, setMaxThreads, setMinThreads, setName, setPoolName, setThreadsPriority, shrink, start, stop, stopJob

Field Details

DEFAULT_KEYSTORE

public static final String DEFAULT_KEYSTORE
Default value for the keystore location path.

KEYPASSWORD_PROPERTY

public static final String KEYPASSWORD_PROPERTY
String name of key password property.

PASSWORD_PROPERTY

public static final String PASSWORD_PROPERTY
String name of keystore password property.

Constructor Details

SslListener

public SslListener()
Constructor.

SslListener

public SslListener(InetAddrPort p_address)
Constructor.
Parameters:
p_address -

Method Details

accept

protected Socket accept(ServerSocket p_serverSocket)
            throws IOException
Parameters:
p_serverSocket -
Returns:

createFactory

protected SSLServerSocketFactory createFactory()
            throws Exception

customizeRequest

protected void customizeRequest(Socket socket,
                                HttpRequest request)
Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:
  • an attribute named "javax.servlet.request.cipher_suite" of type String.
  • an attribute named "javax.servlet.request.key_size" of type Integer.
  • an attribute named "javax.servlet.request.X509Certificate" of type java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate, the order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on.
Overrides:
customizeRequest in interface SocketListener
Parameters:
socket - The Socket the request arrived on. This should be a javax.net.ssl.SSLSocket.
request - HttpRequest to be customised.

getAlgorithm

public String getAlgorithm()

getCipherSuites

public String[] getCipherSuites()

getKeystore

public String getKeystore()

getKeystoreType

public String getKeystoreType()

getNeedClientAuth

public boolean getNeedClientAuth()

getProtocol

public String getProtocol()

getWantClientAuth

public boolean getWantClientAuth()

isConfidential

public boolean isConfidential(HttpConnection connection)
By default, we're confidential, given we speak SSL. But, if we've been told about an confidential port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.
Specified by:
isConfidential in interface HttpListener
Overrides:
isConfidential in interface SocketListener

isIntegral

public boolean isIntegral(HttpConnection connection)
By default, we're integral, given we speak SSL. But, if we've been told about an integral port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.
Specified by:
isIntegral in interface HttpListener
Overrides:
isIntegral in interface SocketListener

newServerSocket

protected ServerSocket newServerSocket(InetAddrPort p_address,
                                       int p_acceptQueueSize)
            throws IOException
Overrides:
newServerSocket in interface ThreadedServer
Parameters:
p_address -
p_acceptQueueSize -
Returns:

setAlgorithm

public void setAlgorithm(String algorithm)

setCipherSuites

public void setCipherSuites(String[] cipherSuites)
Author:
Tony Jiang

setKeyPassword

public void setKeyPassword(String password)

setKeystore

public void setKeystore(String keystore)

setKeystoreType

public void setKeystoreType(String keystoreType)

setNeedClientAuth

public void setNeedClientAuth(boolean needClientAuth)
Set the value of the needClientAuth property
Parameters:
needClientAuth - true iff we require client certificate authentication.

setPassword

public void setPassword(String password)

setProtocol

public void setProtocol(String protocol)

setWantClientAuth

public void setWantClientAuth(boolean wantClientAuth)
Set the value of the needClientAuth property
Parameters:
wantClientAuth - true iff we would like client certificate authentication.

Copyright © 2004 Mortbay Consulting Pty. Ltd. All Rights Reserved.