JSSE Socket Listener.
This is heavily based on the work from Court Demas, which in turn is based on the work from Forge
Research.
accept
protected Socket accept(ServerSocket p_serverSocket)
throws IOException
createFactory
protected SSLServerSocketFactory createFactory()
throws Exception
customizeRequest
protected void customizeRequest(Socket socket,
HttpRequest request)
Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:
- an attribute named "javax.servlet.request.cipher_suite" of type String.
- an attribute named "javax.servlet.request.key_size" of type Integer.
- an attribute named "javax.servlet.request.X509Certificate" of type
java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate,
the order of this array is defined as being in ascending order of trust. The first
certificate in the chain is the one set by the client, the next is the one used to
authenticate the first, and so on.
- customizeRequest in interface SocketListener
socket
- The Socket the request arrived on. This should be a javax.net.ssl.SSLSocket.request
- HttpRequest to be customised.
getAlgorithm
public String getAlgorithm()
getCipherSuites
public String[] getCipherSuites()
getKeystore
public String getKeystore()
getKeystoreType
public String getKeystoreType()
getNeedClientAuth
public boolean getNeedClientAuth()
getProtocol
public String getProtocol()
getWantClientAuth
public boolean getWantClientAuth()
isConfidential
public boolean isConfidential(HttpConnection connection)
By default, we're confidential, given we speak SSL. But, if we've been told about an
confidential port, and said port is not our port, then we're not. This allows separation of
listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener
configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not
requiring client certs providing mere INTEGRAL constraints.
- isConfidential in interface HttpListener
- isConfidential in interface SocketListener
isIntegral
public boolean isIntegral(HttpConnection connection)
By default, we're integral, given we speak SSL. But, if we've been told about an integral
port, and said port is not our port, then we're not. This allows separation of listeners
providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to
require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring
client certs providing mere INTEGRAL constraints.
- isIntegral in interface HttpListener
- isIntegral in interface SocketListener
setAlgorithm
public void setAlgorithm(String algorithm)
setCipherSuites
public void setCipherSuites(String[] cipherSuites)
setKeyPassword
public void setKeyPassword(String password)
setKeystore
public void setKeystore(String keystore)
setKeystoreType
public void setKeystoreType(String keystoreType)
setNeedClientAuth
public void setNeedClientAuth(boolean needClientAuth)
Set the value of the needClientAuth property
needClientAuth
- true iff we require client certificate authentication.
setPassword
public void setPassword(String password)
setProtocol
public void setProtocol(String protocol)
setWantClientAuth
public void setWantClientAuth(boolean wantClientAuth)
Set the value of the needClientAuth property
wantClientAuth
- true iff we would like client certificate authentication.