org.eclipse.jetty.server.ssl

Class SslSelectChannelConnector

java.lang.Object

org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.AggregateLifeCycle

org.eclipse.jetty.server.AbstractConnector

org.eclipse.jetty.server.nio.AbstractNIOConnector

org.eclipse.jetty.server.nio.SelectChannelConnector

org.eclipse.jetty.server.ssl.SslSelectChannelConnector

All Implemented Interfaces:

HttpBuffers, Connector, NIOConnector, SslConnector, Destroyable, Dumpable, LifeCycle

public class SslSelectChannelConnector
extends SelectChannelConnector
implements SslConnector

SslSelectChannelConnector.

Apache XBean:

element="sslConnector" description="Creates an NIO ssl connector"

Nested Class Summary

Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

AbstractLifeCycle.AbstractLifeCycleListener

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

LifeCycle.Listener

Field Summary

Fields inherited from class org.eclipse.jetty.server.nio.SelectChannelConnector

_acceptChannel

Fields inherited from class org.eclipse.jetty.server.AbstractConnector

_buffers, _lowResourceMaxIdleTime, _maxIdleTime, _soLingerTime

Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

_listeners, FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING

Fields inherited from interface org.eclipse.jetty.server.ssl.SslConnector

DEFAULT_KEYSTORE, DEFAULT_KEYSTORE_ALGORITHM, DEFAULT_TRUSTSTORE_ALGORITHM, KEYPASSWORD_PROPERTY, PASSWORD_PROPERTY

Constructor Summary

Constructors

Constructor and Description
SslSelectChannelConnector()
SslSelectChannelConnector(SslContextFactory sslContextFactory) Construct with explicit SslContextFactory.

Method Summary

Methods

Modifier and Type	Method and Description
protected SSLEngine	createSSLEngine(SocketChannel channel)
void	customize(EndPoint endpoint, Request request) Allow the Listener a chance to customise the request.
protected void	doStart()
protected void	doStop()
String	getAlgorithm() Deprecated.
String[]	getExcludeCipherSuites() Deprecated.
String[]	getIncludeCipherSuites() Deprecated.
String	getKeystore() Deprecated.
String	getKeystoreType() Deprecated.
boolean	getNeedClientAuth() Deprecated.
String	getProtocol() Deprecated.
String	getProvider() Deprecated.
String	getSecureRandomAlgorithm() Deprecated.
Buffers	getSslBuffers()
SSLContext	getSslContext() Deprecated.
SslContextFactory	getSslContextFactory()
String	getSslKeyManagerFactoryAlgorithm() Deprecated.
String	getSslTrustManagerFactoryAlgorithm() Deprecated.
String	getTruststore() Deprecated.
String	getTruststoreType() Deprecated.
boolean	getWantClientAuth() Deprecated.
boolean	isAllowRenegotiate() Deprecated.
boolean	isConfidential(Request request) By default, we're confidential, given we speak SSL.
boolean	isIntegral(Request request) By default, we're integral, given we speak SSL.
protected AsyncConnection	newConnection(SocketChannel channel, AsyncEndPoint endpoint)
protected AsyncConnection	newPlainConnection(SocketChannel channel, AsyncEndPoint endPoint)
protected SslConnection	newSslConnection(AsyncEndPoint endpoint, SSLEngine engine)
void	setAlgorithm(String algorithm) Deprecated.
void	setAllowRenegotiate(boolean allowRenegotiate) Deprecated.
void	setExcludeCipherSuites(String[] cipherSuites) Deprecated.
void	setIncludeCipherSuites(String[] cipherSuites) Deprecated.
void	setKeyPassword(String password) Deprecated.
void	setKeystore(String keystore) Deprecated.
void	setKeystoreType(String keystoreType) Deprecated.
void	setNeedClientAuth(boolean needClientAuth) Deprecated.
void	setPassword(String password) Deprecated.
void	setProtocol(String protocol) Deprecated.
void	setProvider(String provider) Deprecated.
void	setSecureRandomAlgorithm(String algorithm) Deprecated.
void	setSslContext(SSLContext sslContext) Deprecated.
void	setSslKeyManagerFactoryAlgorithm(String algorithm) Deprecated.
void	setSslTrustManagerFactoryAlgorithm(String algorithm) Deprecated.
void	setTrustPassword(String password) Deprecated.
void	setTruststore(String truststore) Deprecated.
void	setTruststoreType(String truststoreType) Deprecated.
void	setWantClientAuth(boolean wantClientAuth) Deprecated.

Methods inherited from class org.eclipse.jetty.server.nio.SelectChannelConnector

accept, close, endPointClosed, getConnection, getLocalPort, getLowResourcesConnections, getLowResourcesMaxIdleTime, getSelectorManager, newEndPoint, open, persist, setLowResourcesConnections, setLowResourcesMaxIdleTime, setMaxIdleTime, setThreadPool

Methods inherited from class org.eclipse.jetty.server.nio.AbstractNIOConnector

getUseDirectBuffers, setUseDirectBuffers

Methods inherited from class org.eclipse.jetty.server.AbstractConnector

checkForwardedHeaders, configure, connectionClosed, connectionOpened, connectionUpgraded, getAcceptorPriorityOffset, getAcceptors, getAcceptQueueSize, getConfidentialPort, getConfidentialScheme, getConnections, getConnectionsDurationMax, getConnectionsDurationMean, getConnectionsDurationStdDev, getConnectionsDurationTotal, getConnectionsOpen, getConnectionsOpenMax, getConnectionsRequestsMax, getConnectionsRequestsMean, getConnectionsRequestsStdDev, getForwardedCipherSuiteHeader, getForwardedForHeader, getForwardedHostHeader, getForwardedProtoHeader, getForwardedServerHeader, getForwardedSslSessionIdHeader, getHost, getHostHeader, getIntegralPort, getIntegralScheme, getLeftMostFieldValue, getLowResourceMaxIdleTime, getMaxBuffers, getMaxIdleTime, getName, getPort, getRequestBuffers, getRequestBufferSize, getRequestBufferType, getRequestHeaderSize, getRequestHeaderType, getRequests, getResolveNames, getResponseBuffers, getResponseBufferSize, getResponseBufferType, getResponseHeaderSize, getResponseHeaderType, getReuseAddress, getServer, getSoLingerTime, getStatsOn, getStatsOnMs, getThreadPool, isForwarded, isLowResources, join, setAcceptorPriorityOffset, setAcceptors, setAcceptQueueSize, setConfidentialPort, setConfidentialScheme, setForwarded, setForwardedCipherSuiteHeader, setForwardedForHeader, setForwardedHostHeader, setForwardedProtoHeader, setForwardedServerHeader, setForwardedSslSessionIdHeader, setHost, setHostHeader, setIntegralPort, setIntegralScheme, setLowResourceMaxIdleTime, setMaxBuffers, setName, setPort, setRequestBuffers, setRequestBufferSize, setRequestHeaderSize, setResolveNames, setResponseBuffers, setResponseBufferSize, setResponseHeaderSize, setReuseAddress, setServer, setSoLingerTime, setStatsOn, statsReset, stopAccept, toString

Methods inherited from class org.eclipse.jetty.util.component.AggregateLifeCycle

addBean, addBean, contains, destroy, dump, dump, dump, dump, dump, dumpObject, dumpStdErr, dumpThis, getBean, getBeans, getBeans, isManaged, manage, removeBean, removeBeans, unmanage

Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

addLifeCycleListener, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.eclipse.jetty.server.Connector

close, getConfidentialPort, getConfidentialScheme, getConnection, getConnections, getConnectionsDurationMax, getConnectionsDurationMean, getConnectionsDurationStdDev, getConnectionsDurationTotal, getConnectionsOpen, getConnectionsOpenMax, getConnectionsRequestsMax, getConnectionsRequestsMean, getConnectionsRequestsStdDev, getHost, getIntegralPort, getIntegralScheme, getLocalPort, getLowResourceMaxIdleTime, getMaxIdleTime, getName, getPort, getRequestBuffers, getRequestBufferSize, getRequestHeaderSize, getRequests, getResolveNames, getResponseBuffers, getResponseBufferSize, getResponseHeaderSize, getServer, getStatsOn, getStatsOnMs, isLowResources, open, persist, setHost, setLowResourceMaxIdleTime, setMaxIdleTime, setPort, setRequestBufferSize, setRequestHeaderSize, setResponseBufferSize, setResponseHeaderSize, setServer, setStatsOn, statsReset

Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle

addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable

dump, dump

Constructor Detail

SslSelectChannelConnector

public SslSelectChannelConnector()

SslSelectChannelConnector

public SslSelectChannelConnector(SslContextFactory sslContextFactory)

Construct with explicit SslContextFactory. The SslContextFactory passed is added via AggregateLifeCycle.addBean(Object) so that it's lifecycle may be managed with AggregateLifeCycle.

Parameters:

sslContextFactory -

Method Detail

customize

public void customize(EndPoint endpoint,
             Request request)
               throws IOException

Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:

• an attribute named "javax.servlet.request.ssl_session_id" of type String (since Servlet Spec 3.0).
• an attribute named "javax.servlet.request.cipher_suite" of type String.
• an attribute named "javax.servlet.request.key_size" of type Integer.
• an attribute named "javax.servlet.request.X509Certificate" of type java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate, the order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on.

Specified by:

customize in interface Connector

Overrides:

customize in class SelectChannelConnector

Parameters:

endpoint - The Socket the request arrived on. This should be a SocketEndPoint wrapping a SSLSocket.

request - HttpRequest to be customised.

Throws:

IOException

isAllowRenegotiate

@Deprecated
public boolean isAllowRenegotiate()

Deprecated.

Specified by:

isAllowRenegotiate in interface SslConnector

Returns:

True if SSL re-negotiation is allowed (default false)

setAllowRenegotiate

@Deprecated
public void setAllowRenegotiate(boolean allowRenegotiate)

Deprecated.

Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered a vulnerability in SSL/TLS with re-negotiation. If your JVM does not have CVE-2009-3555 fixed, then re-negotiation should not be allowed. CVE-2009-3555 was fixed in Sun java 1.6 with a ban of renegotiate in u19 and with RFC5746 in u22.

Specified by:

setAllowRenegotiate in interface SslConnector

Parameters:

allowRenegotiate - true if re-negotiation is allowed (default false)

getExcludeCipherSuites

@Deprecated
public String[] getExcludeCipherSuites()

Deprecated.

Specified by:

getExcludeCipherSuites in interface SslConnector

Returns:

The array of Ciphersuite names to exclude from SSLEngine.setEnabledCipherSuites(String[])

See Also:

SslConnector.getExcludeCipherSuites()

setExcludeCipherSuites

@Deprecated
public void setExcludeCipherSuites(String[] cipherSuites)

Deprecated.

Specified by:

setExcludeCipherSuites in interface SslConnector

Parameters:

cipherSuites - The array of Ciphersuite names to exclude from SSLEngine.setEnabledCipherSuites(String[])

See Also:

SslConnector.setExcludeCipherSuites(java.lang.String[])

getIncludeCipherSuites

@Deprecated
public String[] getIncludeCipherSuites()

Deprecated.

Specified by:

getIncludeCipherSuites in interface SslConnector

Returns:

The array of Ciphersuite names to include in SSLEngine.setEnabledCipherSuites(String[])

See Also:

SslConnector.getExcludeCipherSuites()

setIncludeCipherSuites

@Deprecated
public void setIncludeCipherSuites(String[] cipherSuites)

Deprecated.

Specified by:

setIncludeCipherSuites in interface SslConnector

Parameters:

cipherSuites - The array of Ciphersuite names to include in SSLEngine.setEnabledCipherSuites(String[])

See Also:

SslConnector.setExcludeCipherSuites(java.lang.String[])

setPassword

@Deprecated
public void setPassword(String password)

Deprecated.

Specified by:

setPassword in interface SslConnector

Parameters:

password - The password for the key store

See Also:

SslConnector.setPassword(java.lang.String)

setTrustPassword

@Deprecated
public void setTrustPassword(String password)

Deprecated.

Specified by:

setTrustPassword in interface SslConnector

Parameters:

password - The password for the trust store

See Also:

SslConnector.setTrustPassword(java.lang.String)

setKeyPassword

@Deprecated
public void setKeyPassword(String password)

Deprecated.

Specified by:

setKeyPassword in interface SslConnector

Parameters:

password - The password (if any) for the specific key within the key store

See Also:

SslConnector.setKeyPassword(java.lang.String)

getAlgorithm

@Deprecated
public String getAlgorithm()

Deprecated.

Unsupported. TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)

setAlgorithm

@Deprecated
public void setAlgorithm(String algorithm)

Deprecated.

Unsupported. TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)

getProtocol

@Deprecated
public String getProtocol()

Deprecated.

Specified by:

getProtocol in interface SslConnector

Returns:

The SSL protocol (default "TLS") passed to SSLContext.getInstance(String, String)

See Also:

SslConnector.getProtocol()

setProtocol

@Deprecated
public void setProtocol(String protocol)

Deprecated.

Specified by:

setProtocol in interface SslConnector

Parameters:

protocol - The SSL protocol (default "TLS") passed to SSLContext.getInstance(String, String)

See Also:

SslConnector.setProtocol(java.lang.String)

setKeystore

@Deprecated
public void setKeystore(String keystore)

Deprecated.

Specified by:

setKeystore in interface SslConnector

Parameters:

keystore - The file or URL of the SSL Key store.

See Also:

SslConnector.setKeystore(java.lang.String)

getKeystore

@Deprecated
public String getKeystore()

Deprecated.

Specified by:

getKeystore in interface SslConnector

Returns:

The file or URL of the SSL Key store.

See Also:

SslConnector.getKeystore()

getKeystoreType

@Deprecated
public String getKeystoreType()

Deprecated.

Specified by:

getKeystoreType in interface SslConnector

Returns:

The type of the key store (default "JKS")

See Also:

SslConnector.getKeystoreType()

getNeedClientAuth

@Deprecated
public boolean getNeedClientAuth()

Deprecated.

Specified by:

getNeedClientAuth in interface SslConnector

Returns:

True if SSL needs client authentication.

See Also:

SslConnector.getNeedClientAuth()

getWantClientAuth

@Deprecated
public boolean getWantClientAuth()

Deprecated.

Specified by:

getWantClientAuth in interface SslConnector

Returns:

True if SSL wants client authentication.

See Also:

SslConnector.getWantClientAuth()

setNeedClientAuth

@Deprecated
public void setNeedClientAuth(boolean needClientAuth)

Deprecated.

Specified by:

setNeedClientAuth in interface SslConnector

Parameters:

needClientAuth - True if SSL needs client authentication.

See Also:

SslConnector.setNeedClientAuth(boolean)

setWantClientAuth

@Deprecated
public void setWantClientAuth(boolean wantClientAuth)

Deprecated.

Specified by:

setWantClientAuth in interface SslConnector

Parameters:

wantClientAuth - True if SSL wants client authentication.

See Also:

SslConnector.setWantClientAuth(boolean)

setKeystoreType

@Deprecated
public void setKeystoreType(String keystoreType)

Deprecated.

Specified by:

setKeystoreType in interface SslConnector

Parameters:

keystoreType - The type of the key store (default "JKS")

See Also:

SslConnector.setKeystoreType(java.lang.String)

getProvider

@Deprecated
public String getProvider()

Deprecated.

Specified by:

getProvider in interface SslConnector

Returns:

The SSL provider name, which if set is passed to SSLContext.getInstance(String, String)

See Also:

SslConnector.getProvider()

getSecureRandomAlgorithm

@Deprecated
public String getSecureRandomAlgorithm()

Deprecated.

Specified by:

getSecureRandomAlgorithm in interface SslConnector

Returns:

The algorithm name, which if set is passed to SecureRandom.getInstance(String) to obtain the SecureRandom instance passed to SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)

See Also:

SslConnector.getSecureRandomAlgorithm()

getSslKeyManagerFactoryAlgorithm

@Deprecated
public String getSslKeyManagerFactoryAlgorithm()

Deprecated.

Specified by:

getSslKeyManagerFactoryAlgorithm in interface SslConnector

Returns:

The algorithm name (default "SunX509") used by the KeyManagerFactory

See Also:

SslConnector.getSslKeyManagerFactoryAlgorithm()

getSslTrustManagerFactoryAlgorithm

@Deprecated
public String getSslTrustManagerFactoryAlgorithm()

Deprecated.

Specified by:

getSslTrustManagerFactoryAlgorithm in interface SslConnector

Returns:

The algorithm name (default "SunX509") used by the TrustManagerFactory

See Also:

SslConnector.getSslTrustManagerFactoryAlgorithm()

getTruststore

@Deprecated
public String getTruststore()

Deprecated.

Specified by:

getTruststore in interface SslConnector

Returns:

The file name or URL of the trust store location

See Also:

SslConnector.getTruststore()

getTruststoreType

@Deprecated
public String getTruststoreType()

Deprecated.

Specified by:

getTruststoreType in interface SslConnector

Returns:

The type of the trust store (default "JKS")

See Also:

SslConnector.getTruststoreType()

setProvider

@Deprecated
public void setProvider(String provider)

Deprecated.

Specified by:

setProvider in interface SslConnector

Parameters:

provider - The SSL provider name, which if set is passed to SSLContext.getInstance(String, String)

See Also:

SslConnector.setProvider(java.lang.String)

setSecureRandomAlgorithm

@Deprecated
public void setSecureRandomAlgorithm(String algorithm)

Deprecated.

Specified by:

setSecureRandomAlgorithm in interface SslConnector

Parameters:

algorithm - The algorithm name, which if set is passed to SecureRandom.getInstance(String) to obtain the SecureRandom instance passed to SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)

See Also:

SslConnector.setSecureRandomAlgorithm(java.lang.String)

setSslKeyManagerFactoryAlgorithm

@Deprecated
public void setSslKeyManagerFactoryAlgorithm(String algorithm)

Deprecated.

Specified by:

setSslKeyManagerFactoryAlgorithm in interface SslConnector

Parameters:

algorithm - The algorithm name (default "SunX509") used by the KeyManagerFactory

See Also:

SslConnector.setSslKeyManagerFactoryAlgorithm(java.lang.String)

setSslTrustManagerFactoryAlgorithm

@Deprecated
public void setSslTrustManagerFactoryAlgorithm(String algorithm)

Deprecated.

Specified by:

setSslTrustManagerFactoryAlgorithm in interface SslConnector

Parameters:

algorithm - The algorithm name (default "SunX509") used by the TrustManagerFactory

See Also:

SslConnector.setSslTrustManagerFactoryAlgorithm(java.lang.String)

setTruststore

@Deprecated
public void setTruststore(String truststore)

Deprecated.

Specified by:

setTruststore in interface SslConnector

Parameters:

truststore - The file name or URL of the trust store location

See Also:

SslConnector.setTruststore(java.lang.String)

setTruststoreType

@Deprecated
public void setTruststoreType(String truststoreType)

Deprecated.

Specified by:

setTruststoreType in interface SslConnector

Parameters:

truststoreType - The type of the trust store (default "JKS")

See Also:

SslConnector.setTruststoreType(java.lang.String)

setSslContext

@Deprecated
public void setSslContext(SSLContext sslContext)

Deprecated.

Specified by:

setSslContext in interface SslConnector

Parameters:

sslContext - Set a preconfigured SSLContext

See Also:

SslConnector.setSslContext(javax.net.ssl.SSLContext)

getSslContext

@Deprecated
public SSLContext getSslContext()

Deprecated.

Specified by:

getSslContext in interface SslConnector

Returns:

The SSLContext

See Also:

SslConnector.setSslContext(javax.net.ssl.SSLContext)

getSslContextFactory

public SslContextFactory getSslContextFactory()

Specified by:

getSslContextFactory in interface SslConnector

Returns:

the instance of SslContextFactory associated with the connector

See Also:

SslConnector.getSslContextFactory()

isConfidential

public boolean isConfidential(Request request)

By default, we're confidential, given we speak SSL. But, if we've been told about an confidential port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

Specified by:

isConfidential in interface Connector

Overrides:

isConfidential in class AbstractConnector

Parameters:

request - A request

Returns:

true if the request is confidential. This normally means the https schema has been used.

isIntegral

public boolean isIntegral(Request request)

By default, we're integral, given we speak SSL. But, if we've been told about an integral port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

Specified by:

isIntegral in interface Connector

Overrides:

isIntegral in class AbstractConnector

Parameters:

request - A request

Returns:

true if the request is integral. This normally means the https schema has been used.

newConnection

protected AsyncConnection newConnection(SocketChannel channel,
                            AsyncEndPoint endpoint)

Overrides:

newConnection in class SelectChannelConnector

newPlainConnection

protected AsyncConnection newPlainConnection(SocketChannel channel,
                                 AsyncEndPoint endPoint)

newSslConnection

protected SslConnection newSslConnection(AsyncEndPoint endpoint,
                             SSLEngine engine)

createSSLEngine

protected SSLEngine createSSLEngine(SocketChannel channel)
                             throws IOException

Parameters:

channel - A channel which if passed is used as to extract remote host and port for the purposes of SSL session caching

Returns:

A SSLEngine for a new or cached SSL Session

Throws:

IOException - if the SSLEngine cannot be created

doStart

protected void doStart()
                throws Exception

Overrides:

doStart in class SelectChannelConnector

Throws:

Exception

See Also:

SelectChannelConnector.doStart()

doStop

protected void doStop()
               throws Exception

Overrides:

doStop in class AbstractConnector

Throws:

Exception

See Also:

AbstractConnector.doStop()

getSslBuffers

public Buffers getSslBuffers()

Returns:

SSL buffers