1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.server.ssl;
15
16 import java.io.IOException;
17 import java.nio.channels.SocketChannel;
18
19 import javax.net.ssl.SSLContext;
20 import javax.net.ssl.SSLEngine;
21 import javax.net.ssl.SSLSession;
22 import javax.net.ssl.SSLSocket;
23
24 import org.eclipse.jetty.http.HttpSchemes;
25 import org.eclipse.jetty.io.AsyncEndPoint;
26 import org.eclipse.jetty.io.Buffers;
27 import org.eclipse.jetty.io.Buffers.Type;
28 import org.eclipse.jetty.io.BuffersFactory;
29 import org.eclipse.jetty.io.EndPoint;
30 import org.eclipse.jetty.io.RuntimeIOException;
31 import org.eclipse.jetty.io.bio.SocketEndPoint;
32 import org.eclipse.jetty.io.nio.AsyncConnection;
33 import org.eclipse.jetty.io.nio.SslConnection;
34 import org.eclipse.jetty.server.Request;
35 import org.eclipse.jetty.server.nio.SelectChannelConnector;
36 import org.eclipse.jetty.util.ssl.SslContextFactory;
37
38
39
40
41
42
43
44 public class SslSelectChannelConnector extends SelectChannelConnector implements SslConnector
45 {
46 private final SslContextFactory _sslContextFactory;
47 private Buffers _sslBuffers;
48
49
50 public SslSelectChannelConnector()
51 {
52 this(new SslContextFactory(SslContextFactory.DEFAULT_KEYSTORE_PATH));
53 setSoLingerTime(30000);
54 }
55
56
57 public SslSelectChannelConnector(SslContextFactory sslContextFactory)
58 {
59 _sslContextFactory = sslContextFactory;
60 setUseDirectBuffers(false);
61 setSoLingerTime(30000);
62 }
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90 @Override
91 public void customize(EndPoint endpoint, Request request) throws IOException
92 {
93 request.setScheme(HttpSchemes.HTTPS);
94 super.customize(endpoint,request);
95
96 SslConnection.SslEndPoint sslEndpoint=(SslConnection.SslEndPoint)endpoint;
97 SSLEngine sslEngine=sslEndpoint.getSslEngine();
98 SSLSession sslSession=sslEngine.getSession();
99
100 SslCertificates.customize(sslSession,endpoint,request);
101 }
102
103
104
105
106
107
108 @Deprecated
109 public boolean isAllowRenegotiate()
110 {
111 return _sslContextFactory.isAllowRenegotiate();
112 }
113
114
115
116
117
118
119
120
121
122
123
124 @Deprecated
125 public void setAllowRenegotiate(boolean allowRenegotiate)
126 {
127 _sslContextFactory.setAllowRenegotiate(allowRenegotiate);
128 }
129
130
131
132
133
134
135 @Deprecated
136 public String[] getExcludeCipherSuites()
137 {
138 return _sslContextFactory.getExcludeCipherSuites();
139 }
140
141
142
143
144
145
146 @Deprecated
147 public void setExcludeCipherSuites(String[] cipherSuites)
148 {
149 _sslContextFactory.setExcludeCipherSuites(cipherSuites);
150 }
151
152
153
154
155
156
157 @Deprecated
158 public String[] getIncludeCipherSuites()
159 {
160 return _sslContextFactory.getIncludeCipherSuites();
161 }
162
163
164
165
166
167
168 @Deprecated
169 public void setIncludeCipherSuites(String[] cipherSuites)
170 {
171 _sslContextFactory.setIncludeCipherSuites(cipherSuites);
172 }
173
174
175
176
177
178
179 @Deprecated
180 public void setPassword(String password)
181 {
182 _sslContextFactory.setKeyStorePassword(password);
183 }
184
185
186
187
188
189
190 @Deprecated
191 public void setTrustPassword(String password)
192 {
193 _sslContextFactory.setTrustStorePassword(password);
194 }
195
196
197
198
199
200
201 @Deprecated
202 public void setKeyPassword(String password)
203 {
204 _sslContextFactory.setKeyManagerPassword(password);
205 }
206
207
208
209
210
211
212
213
214 @Deprecated
215 public String getAlgorithm()
216 {
217 throw new UnsupportedOperationException();
218 }
219
220
221
222
223
224
225
226
227 @Deprecated
228 public void setAlgorithm(String algorithm)
229 {
230 throw new UnsupportedOperationException();
231 }
232
233
234
235
236
237
238 @Deprecated
239 public String getProtocol()
240 {
241 return _sslContextFactory.getProtocol();
242 }
243
244
245
246
247
248
249 @Deprecated
250 public void setProtocol(String protocol)
251 {
252 _sslContextFactory.setProtocol(protocol);
253 }
254
255
256
257
258
259
260 @Deprecated
261 public void setKeystore(String keystore)
262 {
263 _sslContextFactory.setKeyStorePath(keystore);
264 }
265
266
267
268
269
270
271 @Deprecated
272 public String getKeystore()
273 {
274 return _sslContextFactory.getKeyStorePath();
275 }
276
277
278
279
280
281
282 @Deprecated
283 public String getKeystoreType()
284 {
285 return _sslContextFactory.getKeyStoreType();
286 }
287
288
289
290
291
292
293 @Deprecated
294 public boolean getNeedClientAuth()
295 {
296 return _sslContextFactory.getNeedClientAuth();
297 }
298
299
300
301
302
303
304 @Deprecated
305 public boolean getWantClientAuth()
306 {
307 return _sslContextFactory.getWantClientAuth();
308 }
309
310
311
312
313
314
315 @Deprecated
316 public void setNeedClientAuth(boolean needClientAuth)
317 {
318 _sslContextFactory.setNeedClientAuth(needClientAuth);
319 }
320
321
322
323
324
325
326 @Deprecated
327 public void setWantClientAuth(boolean wantClientAuth)
328 {
329 _sslContextFactory.setWantClientAuth(wantClientAuth);
330 }
331
332
333
334
335
336
337 @Deprecated
338 public void setKeystoreType(String keystoreType)
339 {
340 _sslContextFactory.setKeyStoreType(keystoreType);
341 }
342
343
344
345
346
347
348 @Deprecated
349 public String getProvider()
350 {
351 return _sslContextFactory.getProvider();
352 }
353
354
355
356
357
358
359 @Deprecated
360 public String getSecureRandomAlgorithm()
361 {
362 return _sslContextFactory.getSecureRandomAlgorithm();
363 }
364
365
366
367
368
369
370 @Deprecated
371 public String getSslKeyManagerFactoryAlgorithm()
372 {
373 return _sslContextFactory.getSslKeyManagerFactoryAlgorithm();
374 }
375
376
377
378
379
380
381 @Deprecated
382 public String getSslTrustManagerFactoryAlgorithm()
383 {
384 return _sslContextFactory.getTrustManagerFactoryAlgorithm();
385 }
386
387
388
389
390
391
392 @Deprecated
393 public String getTruststore()
394 {
395 return _sslContextFactory.getTrustStore();
396 }
397
398
399
400
401
402
403 @Deprecated
404 public String getTruststoreType()
405 {
406 return _sslContextFactory.getTrustStoreType();
407 }
408
409
410
411
412
413
414 @Deprecated
415 public void setProvider(String provider)
416 {
417 _sslContextFactory.setProvider(provider);
418 }
419
420
421
422
423
424
425 @Deprecated
426 public void setSecureRandomAlgorithm(String algorithm)
427 {
428 _sslContextFactory.setSecureRandomAlgorithm(algorithm);
429 }
430
431
432
433
434
435
436 @Deprecated
437 public void setSslKeyManagerFactoryAlgorithm(String algorithm)
438 {
439 _sslContextFactory.setSslKeyManagerFactoryAlgorithm(algorithm);
440 }
441
442
443
444
445
446
447 @Deprecated
448 public void setSslTrustManagerFactoryAlgorithm(String algorithm)
449 {
450 _sslContextFactory.setTrustManagerFactoryAlgorithm(algorithm);
451 }
452
453
454
455
456
457
458 @Deprecated
459 public void setTruststore(String truststore)
460 {
461 _sslContextFactory.setTrustStore(truststore);
462 }
463
464
465
466
467
468
469 @Deprecated
470 public void setTruststoreType(String truststoreType)
471 {
472 _sslContextFactory.setTrustStoreType(truststoreType);
473 }
474
475
476
477
478
479
480 @Deprecated
481 public void setSslContext(SSLContext sslContext)
482 {
483 _sslContextFactory.setSslContext(sslContext);
484 }
485
486
487
488
489
490
491 @Deprecated
492 public SSLContext getSslContext()
493 {
494 return _sslContextFactory.getSslContext();
495 }
496
497
498
499
500
501 public SslContextFactory getSslContextFactory()
502 {
503 return _sslContextFactory;
504 }
505
506
507
508
509
510
511
512
513
514
515 @Override
516 public boolean isConfidential(Request request)
517 {
518 final int confidentialPort=getConfidentialPort();
519 return confidentialPort==0||confidentialPort==request.getServerPort();
520 }
521
522
523
524
525
526
527
528
529
530
531 @Override
532 public boolean isIntegral(Request request)
533 {
534 final int integralPort=getIntegralPort();
535 return integralPort==0||integralPort==request.getServerPort();
536 }
537
538
539 @Override
540 protected AsyncConnection newConnection(SocketChannel channel, AsyncEndPoint endpoint)
541 {
542 try
543 {
544 SSLEngine engine = createSSLEngine(channel);
545 SslConnection connection = newSslConnection(endpoint, engine);
546 AsyncConnection delegate = newPlainConnection(channel, connection.getSslEndPoint());
547 connection.getSslEndPoint().setConnection(delegate);
548 connection.setAllowRenegotiate(_sslContextFactory.isAllowRenegotiate());
549 return connection;
550 }
551 catch (IOException e)
552 {
553 throw new RuntimeIOException(e);
554 }
555 }
556
557 protected AsyncConnection newPlainConnection(SocketChannel channel, AsyncEndPoint endPoint)
558 {
559 return super.newConnection(channel, endPoint);
560 }
561
562 protected SslConnection newSslConnection(AsyncEndPoint endpoint, SSLEngine engine)
563 {
564 return new SslConnection(engine, endpoint);
565 }
566
567
568
569
570
571
572
573
574 protected SSLEngine createSSLEngine(SocketChannel channel) throws IOException
575 {
576 SSLEngine engine;
577 if (channel != null)
578 {
579 String peerHost = channel.socket().getInetAddress().getHostAddress();
580 int peerPort = channel.socket().getPort();
581 engine = _sslContextFactory.newSslEngine(peerHost, peerPort);
582 }
583 else
584 {
585 engine = _sslContextFactory.newSslEngine();
586 }
587
588 engine.setUseClientMode(false);
589 return engine;
590 }
591
592
593
594
595
596 @Override
597 protected void doStart() throws Exception
598 {
599 _sslContextFactory.checkKeyStore();
600
601 _sslContextFactory.start();
602
603 SSLEngine sslEngine = _sslContextFactory.newSslEngine();
604
605 sslEngine.setUseClientMode(false);
606
607 SSLSession sslSession = sslEngine.getSession();
608
609 _sslBuffers = BuffersFactory.newBuffers(
610 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,sslSession.getApplicationBufferSize(),
611 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,sslSession.getApplicationBufferSize(),
612 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,getMaxBuffers()
613 );
614
615 if (getRequestHeaderSize()<sslSession.getApplicationBufferSize())
616 setRequestHeaderSize(sslSession.getApplicationBufferSize());
617 if (getRequestBufferSize()<sslSession.getApplicationBufferSize())
618 setRequestBufferSize(sslSession.getApplicationBufferSize());
619
620 super.doStart();
621 }
622
623
624
625
626
627 @Override
628 protected void doStop() throws Exception
629 {
630 _sslContextFactory.stop();
631 _sslBuffers=null;
632 super.doStop();
633 }
634
635
636
637
638
639 public Buffers getSslBuffers()
640 {
641 return _sslBuffers;
642 }
643 }