1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.server.ssl;
15
16 import java.io.IOException;
17 import java.nio.channels.SelectionKey;
18 import java.nio.channels.SocketChannel;
19
20 import javax.net.ssl.SSLContext;
21 import javax.net.ssl.SSLEngine;
22 import javax.net.ssl.SSLSession;
23 import javax.net.ssl.SSLSocket;
24
25 import org.eclipse.jetty.http.HttpParser;
26 import org.eclipse.jetty.http.HttpSchemes;
27 import org.eclipse.jetty.http.ssl.SslContextFactory;
28 import org.eclipse.jetty.io.Buffers;
29 import org.eclipse.jetty.io.Buffers.Type;
30 import org.eclipse.jetty.io.BuffersFactory;
31 import org.eclipse.jetty.io.Connection;
32 import org.eclipse.jetty.io.EndPoint;
33 import org.eclipse.jetty.io.bio.SocketEndPoint;
34 import org.eclipse.jetty.io.nio.SelectChannelEndPoint;
35 import org.eclipse.jetty.io.nio.SelectorManager.SelectSet;
36 import org.eclipse.jetty.io.nio.SslSelectChannelEndPoint;
37 import org.eclipse.jetty.server.HttpConnection;
38 import org.eclipse.jetty.server.Request;
39 import org.eclipse.jetty.server.nio.SelectChannelConnector;
40 import org.eclipse.jetty.util.log.Log;
41
42
43
44
45
46
47
48 public class SslSelectChannelConnector extends SelectChannelConnector implements SslConnector
49 {
50 private final SslContextFactory _sslContextFactory;
51 private Buffers _sslBuffers;
52
53
54 public SslSelectChannelConnector()
55 {
56 this(new SslContextFactory(SslContextFactory.DEFAULT_KEYSTORE_PATH));
57 }
58
59
60 public SslSelectChannelConnector(SslContextFactory sslContextFactory)
61 {
62 _sslContextFactory = sslContextFactory;
63 setUseDirectBuffers(false);
64 }
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92 @Override
93 public void customize(EndPoint endpoint, Request request) throws IOException
94 {
95 request.setScheme(HttpSchemes.HTTPS);
96 super.customize(endpoint,request);
97
98 SslSelectChannelEndPoint sslHttpChannelEndpoint=(SslSelectChannelEndPoint)endpoint;
99 SSLEngine sslEngine=sslHttpChannelEndpoint.getSSLEngine();
100 SSLSession sslSession=sslEngine.getSession();
101
102 SslCertificates.customize(sslSession,endpoint,request);
103 }
104
105
106
107
108
109
110 @Deprecated
111 public boolean isAllowRenegotiate()
112 {
113 return _sslContextFactory.isAllowRenegotiate();
114 }
115
116
117
118
119
120
121
122
123
124
125
126 @Deprecated
127 public void setAllowRenegotiate(boolean allowRenegotiate)
128 {
129 _sslContextFactory.setAllowRenegotiate(allowRenegotiate);
130 }
131
132
133
134
135
136
137 @Deprecated
138 public String[] getExcludeCipherSuites()
139 {
140 return _sslContextFactory.getExcludeCipherSuites();
141 }
142
143
144
145
146
147
148 @Deprecated
149 public void setExcludeCipherSuites(String[] cipherSuites)
150 {
151 _sslContextFactory.setExcludeCipherSuites(cipherSuites);
152 }
153
154
155
156
157
158
159 @Deprecated
160 public String[] getIncludeCipherSuites()
161 {
162 return _sslContextFactory.getIncludeCipherSuites();
163 }
164
165
166
167
168
169
170 @Deprecated
171 public void setIncludeCipherSuites(String[] cipherSuites)
172 {
173 _sslContextFactory.setIncludeCipherSuites(cipherSuites);
174 }
175
176
177
178
179
180
181 @Deprecated
182 public void setPassword(String password)
183 {
184 _sslContextFactory.setKeyStorePassword(password);
185 }
186
187
188
189
190
191
192 @Deprecated
193 public void setTrustPassword(String password)
194 {
195 _sslContextFactory.setTrustStorePassword(password);
196 }
197
198
199
200
201
202
203 @Deprecated
204 public void setKeyPassword(String password)
205 {
206 _sslContextFactory.setKeyManagerPassword(password);
207 }
208
209
210
211
212
213
214
215
216 @Deprecated
217 public String getAlgorithm()
218 {
219 throw new UnsupportedOperationException();
220 }
221
222
223
224
225
226
227
228
229 @Deprecated
230 public void setAlgorithm(String algorithm)
231 {
232 throw new UnsupportedOperationException();
233 }
234
235
236
237
238
239
240 @Deprecated
241 public String getProtocol()
242 {
243 return _sslContextFactory.getProtocol();
244 }
245
246
247
248
249
250
251 @Deprecated
252 public void setProtocol(String protocol)
253 {
254 _sslContextFactory.setProtocol(protocol);
255 }
256
257
258
259
260
261
262 @Deprecated
263 public void setKeystore(String keystore)
264 {
265 _sslContextFactory.setKeyStore(keystore);
266 }
267
268
269
270
271
272
273 @Deprecated
274 public String getKeystore()
275 {
276 return _sslContextFactory.getKeyStore();
277 }
278
279
280
281
282
283
284 @Deprecated
285 public String getKeystoreType()
286 {
287 return _sslContextFactory.getKeyStoreType();
288 }
289
290
291
292
293
294
295 @Deprecated
296 public boolean getNeedClientAuth()
297 {
298 return _sslContextFactory.getNeedClientAuth();
299 }
300
301
302
303
304
305
306 @Deprecated
307 public boolean getWantClientAuth()
308 {
309 return _sslContextFactory.getWantClientAuth();
310 }
311
312
313
314
315
316
317 @Deprecated
318 public void setNeedClientAuth(boolean needClientAuth)
319 {
320 _sslContextFactory.setNeedClientAuth(needClientAuth);
321 }
322
323
324
325
326
327
328 @Deprecated
329 public void setWantClientAuth(boolean wantClientAuth)
330 {
331 _sslContextFactory.setWantClientAuth(wantClientAuth);
332 }
333
334
335
336
337
338
339 @Deprecated
340 public void setKeystoreType(String keystoreType)
341 {
342 _sslContextFactory.setKeyStoreType(keystoreType);
343 }
344
345
346
347
348
349
350 @Deprecated
351 public String getProvider()
352 {
353 return _sslContextFactory.getProvider();
354 }
355
356
357
358
359
360
361 @Deprecated
362 public String getSecureRandomAlgorithm()
363 {
364 return _sslContextFactory.getSecureRandomAlgorithm();
365 }
366
367
368
369
370
371
372 @Deprecated
373 public String getSslKeyManagerFactoryAlgorithm()
374 {
375 return _sslContextFactory.getSslKeyManagerFactoryAlgorithm();
376 }
377
378
379
380
381
382
383 @Deprecated
384 public String getSslTrustManagerFactoryAlgorithm()
385 {
386 return _sslContextFactory.getTrustManagerFactoryAlgorithm();
387 }
388
389
390
391
392
393
394 @Deprecated
395 public String getTruststore()
396 {
397 return _sslContextFactory.getTrustStore();
398 }
399
400
401
402
403
404
405 @Deprecated
406 public String getTruststoreType()
407 {
408 return _sslContextFactory.getTrustStoreType();
409 }
410
411
412
413
414
415
416 @Deprecated
417 public void setProvider(String provider)
418 {
419 _sslContextFactory.setProvider(provider);
420 }
421
422
423
424
425
426
427 @Deprecated
428 public void setSecureRandomAlgorithm(String algorithm)
429 {
430 _sslContextFactory.setSecureRandomAlgorithm(algorithm);
431 }
432
433
434
435
436
437
438 @Deprecated
439 public void setSslKeyManagerFactoryAlgorithm(String algorithm)
440 {
441 _sslContextFactory.setSslKeyManagerFactoryAlgorithm(algorithm);
442 }
443
444
445
446
447
448
449 @Deprecated
450 public void setSslTrustManagerFactoryAlgorithm(String algorithm)
451 {
452 _sslContextFactory.setTrustManagerFactoryAlgorithm(algorithm);
453 }
454
455
456
457
458
459
460 @Deprecated
461 public void setTruststore(String truststore)
462 {
463 _sslContextFactory.setTrustStore(truststore);
464 }
465
466
467
468
469
470
471 @Deprecated
472 public void setTruststoreType(String truststoreType)
473 {
474 _sslContextFactory.setTrustStoreType(truststoreType);
475 }
476
477
478
479
480
481
482 @Deprecated
483 public void setSslContext(SSLContext sslContext)
484 {
485 _sslContextFactory.setSslContext(sslContext);
486 }
487
488
489
490
491
492
493 @Deprecated
494 public SSLContext getSslContext()
495 {
496 return _sslContextFactory.getSslContext();
497 }
498
499
500
501
502
503
504 public SslContextFactory getSslContextFactory()
505 {
506 return _sslContextFactory;
507 }
508
509
510
511
512
513
514
515
516
517
518 @Override
519 public boolean isConfidential(Request request)
520 {
521 final int confidentialPort=getConfidentialPort();
522 return confidentialPort==0||confidentialPort==request.getServerPort();
523 }
524
525
526
527
528
529
530
531
532
533
534 @Override
535 public boolean isIntegral(Request request)
536 {
537 final int integralPort=getIntegralPort();
538 return integralPort==0||integralPort==request.getServerPort();
539 }
540
541
542 @Override
543 protected SelectChannelEndPoint newEndPoint(SocketChannel channel, SelectSet selectSet, SelectionKey key) throws IOException
544 {
545 SslSelectChannelEndPoint endp = new SslSelectChannelEndPoint(_sslBuffers,channel,selectSet,key,createSSLEngine(), SslSelectChannelConnector.this._maxIdleTime);
546 endp.setAllowRenegotiate(_sslContextFactory.isAllowRenegotiate());
547 return endp;
548 }
549
550
551 @Override
552 protected Connection newConnection(SocketChannel channel, SelectChannelEndPoint endpoint)
553 {
554 HttpConnection connection=(HttpConnection)super.newConnection(channel,endpoint);
555 ((HttpParser)connection.getParser()).setForceContentBuffer(true);
556 return connection;
557 }
558
559
560 protected SSLEngine createSSLEngine() throws IOException
561 {
562 SSLEngine engine = null;
563 try
564 {
565 engine = _sslContextFactory.getSslContext().createSSLEngine();
566 engine.setUseClientMode(false);
567
568 if (_sslContextFactory.getWantClientAuth())
569 engine.setWantClientAuth(_sslContextFactory.getWantClientAuth());
570 if (_sslContextFactory.getNeedClientAuth())
571 engine.setNeedClientAuth(_sslContextFactory.getNeedClientAuth());
572
573 engine.setEnabledCipherSuites(
574 _sslContextFactory.selectCipherSuites(engine.getEnabledCipherSuites(),
575 engine.getSupportedCipherSuites()));
576 }
577 catch (Exception e)
578 {
579 Log.warn("Error creating sslEngine -- closing this connector",e);
580 close();
581 throw new IllegalStateException(e);
582 }
583 return engine;
584 }
585
586
587
588
589
590 @Override
591 protected void doStart() throws Exception
592 {
593 if (!_sslContextFactory.checkConfig())
594 {
595 throw new IllegalStateException("SSL context is not configured correctly.");
596 }
597
598 _sslContextFactory.start();
599
600 SSLEngine sslEngine = _sslContextFactory.getSslContext().createSSLEngine();
601
602 sslEngine.setUseClientMode(false);
603 sslEngine.setWantClientAuth(_sslContextFactory.getWantClientAuth());
604 sslEngine.setNeedClientAuth(_sslContextFactory.getNeedClientAuth());
605
606 sslEngine.setEnabledCipherSuites(_sslContextFactory.selectCipherSuites(
607 sslEngine.getEnabledCipherSuites(),
608 sslEngine.getSupportedCipherSuites()));
609
610 SSLSession sslSession = sslEngine.getSession();
611
612 _sslBuffers = BuffersFactory.newBuffers(
613 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,sslSession.getApplicationBufferSize(),
614 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,sslSession.getApplicationBufferSize(),
615 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,getMaxBuffers()
616 );
617
618 if (getRequestHeaderSize()<sslSession.getApplicationBufferSize())
619 setRequestHeaderSize(sslSession.getApplicationBufferSize());
620 if (getRequestBufferSize()<sslSession.getApplicationBufferSize())
621 setRequestBufferSize(sslSession.getApplicationBufferSize());
622
623 super.doStart();
624 }
625
626
627
628
629
630 @Override
631 protected void doStop() throws Exception
632 {
633 _sslContextFactory.stop();
634 _sslBuffers=null;
635 super.doStop();
636 }
637
638
639
640
641
642 public Buffers getSslBuffers()
643 {
644 return _sslBuffers;
645 }
646 }