1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.server.ssl;
20
21 import java.io.IOException;
22 import java.nio.channels.SocketChannel;
23
24 import javax.net.ssl.SSLContext;
25 import javax.net.ssl.SSLEngine;
26 import javax.net.ssl.SSLSession;
27 import javax.net.ssl.SSLSocket;
28
29 import org.eclipse.jetty.http.HttpSchemes;
30 import org.eclipse.jetty.io.AsyncEndPoint;
31 import org.eclipse.jetty.io.Buffers;
32 import org.eclipse.jetty.io.Buffers.Type;
33 import org.eclipse.jetty.io.BuffersFactory;
34 import org.eclipse.jetty.io.EndPoint;
35 import org.eclipse.jetty.io.RuntimeIOException;
36 import org.eclipse.jetty.io.bio.SocketEndPoint;
37 import org.eclipse.jetty.io.nio.AsyncConnection;
38 import org.eclipse.jetty.io.nio.SslConnection;
39 import org.eclipse.jetty.server.Request;
40 import org.eclipse.jetty.server.nio.SelectChannelConnector;
41 import org.eclipse.jetty.util.component.AggregateLifeCycle;
42 import org.eclipse.jetty.util.ssl.SslContextFactory;
43
44
45
46
47
48
49
50 public class SslSelectChannelConnector extends SelectChannelConnector implements SslConnector
51 {
52 private final SslContextFactory _sslContextFactory;
53 private Buffers _sslBuffers;
54
55
56 public SslSelectChannelConnector()
57 {
58 this(new SslContextFactory(SslContextFactory.DEFAULT_KEYSTORE_PATH));
59 setSoLingerTime(30000);
60 }
61
62
63
64
65
66
67
68 public SslSelectChannelConnector(SslContextFactory sslContextFactory)
69 {
70 _sslContextFactory = sslContextFactory;
71 addBean(_sslContextFactory);
72 setUseDirectBuffers(false);
73 setSoLingerTime(30000);
74 }
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102 @Override
103 public void customize(EndPoint endpoint, Request request) throws IOException
104 {
105 request.setScheme(HttpSchemes.HTTPS);
106 super.customize(endpoint,request);
107
108 SslConnection.SslEndPoint sslEndpoint=(SslConnection.SslEndPoint)endpoint;
109 SSLEngine sslEngine=sslEndpoint.getSslEngine();
110 SSLSession sslSession=sslEngine.getSession();
111
112 SslCertificates.customize(sslSession,endpoint,request);
113 }
114
115
116
117
118
119
120 @Deprecated
121 public boolean isAllowRenegotiate()
122 {
123 return _sslContextFactory.isAllowRenegotiate();
124 }
125
126
127
128
129
130
131
132
133
134
135
136 @Deprecated
137 public void setAllowRenegotiate(boolean allowRenegotiate)
138 {
139 _sslContextFactory.setAllowRenegotiate(allowRenegotiate);
140 }
141
142
143
144
145
146
147 @Deprecated
148 public String[] getExcludeCipherSuites()
149 {
150 return _sslContextFactory.getExcludeCipherSuites();
151 }
152
153
154
155
156
157
158 @Deprecated
159 public void setExcludeCipherSuites(String[] cipherSuites)
160 {
161 _sslContextFactory.setExcludeCipherSuites(cipherSuites);
162 }
163
164
165
166
167
168
169 @Deprecated
170 public String[] getIncludeCipherSuites()
171 {
172 return _sslContextFactory.getIncludeCipherSuites();
173 }
174
175
176
177
178
179
180 @Deprecated
181 public void setIncludeCipherSuites(String[] cipherSuites)
182 {
183 _sslContextFactory.setIncludeCipherSuites(cipherSuites);
184 }
185
186
187
188
189
190
191 @Deprecated
192 public void setPassword(String password)
193 {
194 _sslContextFactory.setKeyStorePassword(password);
195 }
196
197
198
199
200
201
202 @Deprecated
203 public void setTrustPassword(String password)
204 {
205 _sslContextFactory.setTrustStorePassword(password);
206 }
207
208
209
210
211
212
213 @Deprecated
214 public void setKeyPassword(String password)
215 {
216 _sslContextFactory.setKeyManagerPassword(password);
217 }
218
219
220
221
222
223
224
225
226 @Deprecated
227 public String getAlgorithm()
228 {
229 throw new UnsupportedOperationException();
230 }
231
232
233
234
235
236
237
238
239 @Deprecated
240 public void setAlgorithm(String algorithm)
241 {
242 throw new UnsupportedOperationException();
243 }
244
245
246
247
248
249
250 @Deprecated
251 public String getProtocol()
252 {
253 return _sslContextFactory.getProtocol();
254 }
255
256
257
258
259
260
261 @Deprecated
262 public void setProtocol(String protocol)
263 {
264 _sslContextFactory.setProtocol(protocol);
265 }
266
267
268
269
270
271
272 @Deprecated
273 public void setKeystore(String keystore)
274 {
275 _sslContextFactory.setKeyStorePath(keystore);
276 }
277
278
279
280
281
282
283 @Deprecated
284 public String getKeystore()
285 {
286 return _sslContextFactory.getKeyStorePath();
287 }
288
289
290
291
292
293
294 @Deprecated
295 public String getKeystoreType()
296 {
297 return _sslContextFactory.getKeyStoreType();
298 }
299
300
301
302
303
304
305 @Deprecated
306 public boolean getNeedClientAuth()
307 {
308 return _sslContextFactory.getNeedClientAuth();
309 }
310
311
312
313
314
315
316 @Deprecated
317 public boolean getWantClientAuth()
318 {
319 return _sslContextFactory.getWantClientAuth();
320 }
321
322
323
324
325
326
327 @Deprecated
328 public void setNeedClientAuth(boolean needClientAuth)
329 {
330 _sslContextFactory.setNeedClientAuth(needClientAuth);
331 }
332
333
334
335
336
337
338 @Deprecated
339 public void setWantClientAuth(boolean wantClientAuth)
340 {
341 _sslContextFactory.setWantClientAuth(wantClientAuth);
342 }
343
344
345
346
347
348
349 @Deprecated
350 public void setKeystoreType(String keystoreType)
351 {
352 _sslContextFactory.setKeyStoreType(keystoreType);
353 }
354
355
356
357
358
359
360 @Deprecated
361 public String getProvider()
362 {
363 return _sslContextFactory.getProvider();
364 }
365
366
367
368
369
370
371 @Deprecated
372 public String getSecureRandomAlgorithm()
373 {
374 return _sslContextFactory.getSecureRandomAlgorithm();
375 }
376
377
378
379
380
381
382 @Deprecated
383 public String getSslKeyManagerFactoryAlgorithm()
384 {
385 return _sslContextFactory.getSslKeyManagerFactoryAlgorithm();
386 }
387
388
389
390
391
392
393 @Deprecated
394 public String getSslTrustManagerFactoryAlgorithm()
395 {
396 return _sslContextFactory.getTrustManagerFactoryAlgorithm();
397 }
398
399
400
401
402
403
404 @Deprecated
405 public String getTruststore()
406 {
407 return _sslContextFactory.getTrustStore();
408 }
409
410
411
412
413
414
415 @Deprecated
416 public String getTruststoreType()
417 {
418 return _sslContextFactory.getTrustStoreType();
419 }
420
421
422
423
424
425
426 @Deprecated
427 public void setProvider(String provider)
428 {
429 _sslContextFactory.setProvider(provider);
430 }
431
432
433
434
435
436
437 @Deprecated
438 public void setSecureRandomAlgorithm(String algorithm)
439 {
440 _sslContextFactory.setSecureRandomAlgorithm(algorithm);
441 }
442
443
444
445
446
447
448 @Deprecated
449 public void setSslKeyManagerFactoryAlgorithm(String algorithm)
450 {
451 _sslContextFactory.setSslKeyManagerFactoryAlgorithm(algorithm);
452 }
453
454
455
456
457
458
459 @Deprecated
460 public void setSslTrustManagerFactoryAlgorithm(String algorithm)
461 {
462 _sslContextFactory.setTrustManagerFactoryAlgorithm(algorithm);
463 }
464
465
466
467
468
469
470 @Deprecated
471 public void setTruststore(String truststore)
472 {
473 _sslContextFactory.setTrustStore(truststore);
474 }
475
476
477
478
479
480
481 @Deprecated
482 public void setTruststoreType(String truststoreType)
483 {
484 _sslContextFactory.setTrustStoreType(truststoreType);
485 }
486
487
488
489
490
491
492 @Deprecated
493 public void setSslContext(SSLContext sslContext)
494 {
495 _sslContextFactory.setSslContext(sslContext);
496 }
497
498
499
500
501
502
503 @Deprecated
504 public SSLContext getSslContext()
505 {
506 return _sslContextFactory.getSslContext();
507 }
508
509
510
511
512
513 public SslContextFactory getSslContextFactory()
514 {
515 return _sslContextFactory;
516 }
517
518
519
520
521
522
523
524
525
526
527 @Override
528 public boolean isConfidential(Request request)
529 {
530 final int confidentialPort=getConfidentialPort();
531 return confidentialPort==0||confidentialPort==request.getServerPort();
532 }
533
534
535
536
537
538
539
540
541
542
543 @Override
544 public boolean isIntegral(Request request)
545 {
546 final int integralPort=getIntegralPort();
547 return integralPort==0||integralPort==request.getServerPort();
548 }
549
550
551 @Override
552 protected AsyncConnection newConnection(SocketChannel channel, AsyncEndPoint endpoint)
553 {
554 try
555 {
556 SSLEngine engine = createSSLEngine(channel);
557 SslConnection connection = newSslConnection(endpoint, engine);
558 AsyncConnection delegate = newPlainConnection(channel, connection.getSslEndPoint());
559 connection.getSslEndPoint().setConnection(delegate);
560 connection.setAllowRenegotiate(_sslContextFactory.isAllowRenegotiate());
561 return connection;
562 }
563 catch (IOException e)
564 {
565 throw new RuntimeIOException(e);
566 }
567 }
568
569 protected AsyncConnection newPlainConnection(SocketChannel channel, AsyncEndPoint endPoint)
570 {
571 return super.newConnection(channel, endPoint);
572 }
573
574 protected SslConnection newSslConnection(AsyncEndPoint endpoint, SSLEngine engine)
575 {
576 return new SslConnection(engine, endpoint);
577 }
578
579
580
581
582
583
584
585
586 protected SSLEngine createSSLEngine(SocketChannel channel) throws IOException
587 {
588 SSLEngine engine;
589 if (channel != null)
590 {
591 String peerHost = channel.socket().getInetAddress().getHostAddress();
592 int peerPort = channel.socket().getPort();
593 engine = _sslContextFactory.newSslEngine(peerHost, peerPort);
594 }
595 else
596 {
597 engine = _sslContextFactory.newSslEngine();
598 }
599
600 engine.setUseClientMode(false);
601 return engine;
602 }
603
604
605
606
607
608 @Override
609 protected void doStart() throws Exception
610 {
611 _sslContextFactory.checkKeyStore();
612 _sslContextFactory.start();
613
614 SSLEngine sslEngine = _sslContextFactory.newSslEngine();
615
616 sslEngine.setUseClientMode(false);
617
618 SSLSession sslSession = sslEngine.getSession();
619
620 _sslBuffers = BuffersFactory.newBuffers(
621 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,sslSession.getApplicationBufferSize(),
622 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,sslSession.getApplicationBufferSize(),
623 getUseDirectBuffers()?Type.DIRECT:Type.INDIRECT,getMaxBuffers()
624 );
625
626 if (getRequestHeaderSize()<sslSession.getApplicationBufferSize())
627 setRequestHeaderSize(sslSession.getApplicationBufferSize());
628 if (getRequestBufferSize()<sslSession.getApplicationBufferSize())
629 setRequestBufferSize(sslSession.getApplicationBufferSize());
630
631 super.doStart();
632 }
633
634
635
636
637
638 @Override
639 protected void doStop() throws Exception
640 {
641 _sslBuffers=null;
642 super.doStop();
643 }
644
645
646
647
648
649 public Buffers getSslBuffers()
650 {
651 return _sslBuffers;
652 }
653 }