org.mortbay.http
Class SslListener

java.lang.Object
  extended by org.mortbay.util.ThreadPool
      extended by org.mortbay.util.ThreadedServer
          extended by org.mortbay.http.SocketListener
              extended by org.mortbay.http.SslListener
All Implemented Interfaces:
java.io.Serializable, HttpListener, LifeCycle

public class SslListener
extends SocketListener

JSSE Socket Listener. This is heavily based on the work from Court Demas, which in turn is based on the work from Forge Research.

Version:
$Id: SslListener.java,v 1.8 2006/11/22 20:21:30 gregwilkins Exp $
Author:
Greg Wilkins (gregw@mortbay.com), Court Demas (court@kiwiconsulting.com), Forge Research Pty Ltd ACN 003 491 576, Jan Hlavaty
See Also:
Serialized Form

Nested Class Summary
 
Nested classes/interfaces inherited from class org.mortbay.util.ThreadPool
ThreadPool.PoolThread
 
Field Summary
static java.lang.String DEFAULT_KEYSTORE
          Default value for the keystore location path.
static java.lang.String KEYPASSWORD_PROPERTY
          String name of key password property.
static java.lang.String PASSWORD_PROPERTY
          String name of keystore password property.
 
Fields inherited from class org.mortbay.util.ThreadPool
__DAEMON, __PRIORITY
 
Fields inherited from interface org.mortbay.http.HttpListener
ATTRIBUTE
 
Constructor Summary
SslListener()
          Constructor.
SslListener(InetAddrPort p_address)
          Constructor.
 
Method Summary
protected  java.net.Socket accept(java.net.ServerSocket p_serverSocket)
           
protected  javax.net.ssl.SSLServerSocketFactory createFactory()
           
protected  void customizeRequest(java.net.Socket socket, HttpRequest request)
          Allow the Listener a chance to customise the request.
 java.lang.String getAlgorithm()
           
 java.lang.String[] getCipherSuites()
           
 java.lang.String getKeystore()
           
 java.lang.String getKeystoreType()
           
 boolean getNeedClientAuth()
           
 java.lang.String getProtocol()
           
 java.lang.String getProvider()
           
 boolean getWantClientAuth()
           
 boolean isConfidential(HttpConnection connection)
          By default, we're confidential, given we speak SSL.
 boolean isIntegral(HttpConnection connection)
          By default, we're integral, given we speak SSL.
protected  java.net.ServerSocket newServerSocket(InetAddrPort p_address, int p_acceptQueueSize)
          New server socket.
 void setAlgorithm(java.lang.String algorithm)
           
 void setCipherSuites(java.lang.String[] cipherSuites)
           
 void setKeyPassword(java.lang.String password)
           
 void setKeystore(java.lang.String keystore)
           
 void setKeystoreType(java.lang.String keystoreType)
           
 void setNeedClientAuth(boolean needClientAuth)
          Set the value of the needClientAuth property
 void setPassword(java.lang.String password)
           
 void setProtocol(java.lang.String protocol)
           
 void setProvider(java.lang.String _provider)
           
 void setWantClientAuth(boolean wantClientAuth)
          Set the value of the needClientAuth property
 
Methods inherited from class org.mortbay.http.SocketListener
createConnection, customizeRequest, getBufferReserve, getBufferSize, getConfidentialPort, getConfidentialScheme, getDefaultScheme, getHttpHandler, getHttpServer, getIdentifyListener, getIntegralPort, getIntegralScheme, getLowResourcePersistTimeMs, getLowResources, handleConnection, isLowOnResources, isOutOfResources, persistConnection, setBufferReserve, setBufferSize, setConfidentialPort, setConfidentialScheme, setDefaultScheme, setHttpHandler, setHttpServer, setIdentifyListener, setIntegralPort, setIntegralScheme, setLowResourcePersistTimeMs, setLowResources, start, stop
 
Methods inherited from class org.mortbay.util.ThreadedServer
acceptSocket, acceptSocket, getAcceptorThreads, getAcceptQueueSize, getHost, getInetAddress, getInetAddrPort, getLingerTimeSecs, getMaxReadTimeMs, getPort, getServerSocket, getTcpNoDelay, handle, handleConnection, open, setAcceptorThreads, setAcceptQueueSize, setHost, setInetAddress, setInetAddrPort, setLingerTimeSecs, setMaxReadTimeMs, setPort, setTcpNoDelay, stopJob, toString
 
Methods inherited from class org.mortbay.util.ThreadPool
getIdleThreads, getMaxIdleTimeMs, getMaxThreads, getMinThreads, getName, getPoolName, getThreads, getThreadsPriority, isDaemon, isStarted, join, run, setDaemon, setMaxIdleTimeMs, setMaxStopTimeMs, setMaxThreads, setMinThreads, setName, setPoolName, setThreadsPriority, shrink
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 
Methods inherited from interface org.mortbay.http.HttpListener
getHost, getPort, setHost, setPort
 
Methods inherited from interface org.mortbay.util.LifeCycle
isStarted
 

Field Detail

DEFAULT_KEYSTORE

public static final java.lang.String DEFAULT_KEYSTORE
Default value for the keystore location path.


PASSWORD_PROPERTY

public static final java.lang.String PASSWORD_PROPERTY
String name of keystore password property.

See Also:
Constant Field Values

KEYPASSWORD_PROPERTY

public static final java.lang.String KEYPASSWORD_PROPERTY
String name of key password property.

See Also:
Constant Field Values
Constructor Detail

SslListener

public SslListener()
Constructor.


SslListener

public SslListener(InetAddrPort p_address)
Constructor.

Parameters:
p_address -
Method Detail

getCipherSuites

public java.lang.String[] getCipherSuites()

setCipherSuites

public void setCipherSuites(java.lang.String[] cipherSuites)

setPassword

public void setPassword(java.lang.String password)

setKeyPassword

public void setKeyPassword(java.lang.String password)

getAlgorithm

public java.lang.String getAlgorithm()

setAlgorithm

public void setAlgorithm(java.lang.String algorithm)

getProtocol

public java.lang.String getProtocol()

setProtocol

public void setProtocol(java.lang.String protocol)

setKeystore

public void setKeystore(java.lang.String keystore)

getKeystore

public java.lang.String getKeystore()

getKeystoreType

public java.lang.String getKeystoreType()

setKeystoreType

public void setKeystoreType(java.lang.String keystoreType)

setNeedClientAuth

public void setNeedClientAuth(boolean needClientAuth)
Set the value of the needClientAuth property

Parameters:
needClientAuth - true iff we require client certificate authentication.

getNeedClientAuth

public boolean getNeedClientAuth()

setWantClientAuth

public void setWantClientAuth(boolean wantClientAuth)
Set the value of the needClientAuth property

Parameters:
wantClientAuth - true iff we would like client certificate authentication.

getWantClientAuth

public boolean getWantClientAuth()

isIntegral

public boolean isIntegral(HttpConnection connection)
By default, we're integral, given we speak SSL. But, if we've been told about an integral port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

Specified by:
isIntegral in interface HttpListener
Overrides:
isIntegral in class SocketListener
Parameters:
connection - The connection to test.
Returns:
True of the connection checks the integrity of the data. For most implementations this is true for https connections.

isConfidential

public boolean isConfidential(HttpConnection connection)
By default, we're confidential, given we speak SSL. But, if we've been told about an confidential port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

Specified by:
isConfidential in interface HttpListener
Overrides:
isConfidential in class SocketListener
Parameters:
connection - The connection to test.
Returns:
True of the connection checks the integrity of the data. For most implementations this is true for https connections.

createFactory

protected javax.net.ssl.SSLServerSocketFactory createFactory()
                                                      throws java.lang.Exception
Throws:
java.lang.Exception

newServerSocket

protected java.net.ServerSocket newServerSocket(InetAddrPort p_address,
                                                int p_acceptQueueSize)
                                         throws java.io.IOException
Description copied from class: ThreadedServer
New server socket. Creates a new servers socket. May be overriden by derived class to create specialist serversockets (eg SSL).

Overrides:
newServerSocket in class ThreadedServer
Parameters:
p_address -
p_acceptQueueSize -
Returns:
@exception IOException
Throws:
java.io.IOException

accept

protected java.net.Socket accept(java.net.ServerSocket p_serverSocket)
                          throws java.io.IOException
Parameters:
p_serverSocket -
Returns:
@exception IOException
Throws:
java.io.IOException

customizeRequest

protected void customizeRequest(java.net.Socket socket,
                                HttpRequest request)
Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:

Overrides:
customizeRequest in class SocketListener
Parameters:
socket - The Socket the request arrived on. This should be a javax.net.ssl.SSLSocket.
request - HttpRequest to be customised.

getProvider

public java.lang.String getProvider()

setProvider

public void setProvider(java.lang.String _provider)


Copyright © 2004 Mortbay Consulting Pty. Ltd. All Rights Reserved.