org.mortbay.http

Class JsseListener

public abstract class JsseListener extends SocketListener

Deprecated: use SslListener

JSSE Socket Listener. This specialization of HttpListener is an abstract listener that can be used as the basis for a specific JSSE listener. This is heavily based on the work from Court Demas, which in turn is based on the work from Forge Research.

Version: $Id: JsseListener.java,v 1.19 2005/11/03 18:21:59 gregwilkins Exp $

Author: Greg Wilkins (gregw@mortbay.com) Court Demas (court@kiwiconsulting.com) Forge Research Pty Ltd ACN 003 491 576 Jan Hlavat}

Field Summary
static String	DEFAULT_KEYSTORE Default value for the keystore location path.
static String	DEFAULT_KEYSTORE_PROVIDER_CLASS Default value for keystore provider class. null = use default
static String	DEFAULT_KEYSTORE_PROVIDER_NAME Default value for keystore provider name. null = use default
static String	DEFAULT_KEYSTORE_TYPE Default keystore type
static String	KEYPASSWORD_PROPERTY String name of key password property.
static String	KEYSTORE_PROPERTY String name of keystore location path property.
static String	KEYSTORE_PROVIDER_CLASS_PROPERTY String name of keystore provider class property
static String	KEYSTORE_PROVIDER_NAME_PROPERTY String name of keystore provider name property
static String	KEYSTORE_TYPE_PROPERTY String name of keystore type property
static String	PASSWORD_PROPERTY String name of keystore password property.

Constructor Summary
	JsseListener() Constructor.
	JsseListener(InetAddrPort p_address) Constructor.

Method Summary
protected Socket	accept(ServerSocket p_serverSocket)
protected abstract SSLServerSocketFactory	createFactory()
protected void	customizeRequest(Socket socket, HttpRequest request) Allow the Listener a chance to customise the request. before the server does its stuff.
boolean	getNeedClientAuth()
boolean	isConfidential(HttpConnection connection) By default, we're confidential, given we speak SSL.
boolean	isIntegral(HttpConnection connection) By default, we're integral, given we speak SSL.
protected ServerSocket	newServerSocket(InetAddrPort p_address, int p_acceptQueueSize)
void	setNeedClientAuth(boolean needClientAuth) Set the value of the needClientAuth property

Field Detail

DEFAULT_KEYSTORE

public static final String DEFAULT_KEYSTORE

Default value for the keystore location path.

DEFAULT_KEYSTORE_PROVIDER_CLASS

public static final String DEFAULT_KEYSTORE_PROVIDER_CLASS

Default value for keystore provider class. null = use default

DEFAULT_KEYSTORE_PROVIDER_NAME

public static final String DEFAULT_KEYSTORE_PROVIDER_NAME

Default value for keystore provider name. null = use default

DEFAULT_KEYSTORE_TYPE

public static final String DEFAULT_KEYSTORE_TYPE

Default keystore type

KEYPASSWORD_PROPERTY

public static final String KEYPASSWORD_PROPERTY

String name of key password property.

KEYSTORE_PROPERTY

public static final String KEYSTORE_PROPERTY

String name of keystore location path property.

KEYSTORE_PROVIDER_CLASS_PROPERTY

public static final String KEYSTORE_PROVIDER_CLASS_PROPERTY

String name of keystore provider class property

KEYSTORE_PROVIDER_NAME_PROPERTY

public static final String KEYSTORE_PROVIDER_NAME_PROPERTY

String name of keystore provider name property

KEYSTORE_TYPE_PROPERTY

public static final String KEYSTORE_TYPE_PROPERTY

String name of keystore type property

PASSWORD_PROPERTY

public static final String PASSWORD_PROPERTY

String name of keystore password property.

Constructor Detail

JsseListener

public JsseListener()

Constructor.

JsseListener

public JsseListener(InetAddrPort p_address)

Constructor.

Parameters: p_address

Method Detail

accept

protected Socket accept(ServerSocket p_serverSocket)

Parameters: p_serverSocket

Returns:

Throws: IOException

createFactory

protected abstract SSLServerSocketFactory createFactory()

customizeRequest

protected void customizeRequest(Socket socket, HttpRequest request)

Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:

an attribute named "javax.servlet.request.cipher_suite" of type String.
an attribute named "javax.servlet.request.key_size" of type Integer.
an attribute named "javax.servlet.request.X509Certificate" of type java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate, the order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on.

Parameters: socket The Socket the request arrived on. This should be a javax.net.ssl.SSLSocket. request HttpRequest to be customised.

getNeedClientAuth

public boolean getNeedClientAuth()

isConfidential

public boolean isConfidential(HttpConnection connection)

By default, we're confidential, given we speak SSL. But, if we've been told about an confidential port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

isIntegral

public boolean isIntegral(HttpConnection connection)

By default, we're integral, given we speak SSL. But, if we've been told about an integral port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

newServerSocket

protected ServerSocket newServerSocket(InetAddrPort p_address, int p_acceptQueueSize)

Parameters: p_address p_acceptQueueSize

Returns:

Throws: IOException

setNeedClientAuth

public void setNeedClientAuth(boolean needClientAuth)

Set the value of the needClientAuth property

Parameters: needClientAuth true iff we require client certificate authentication.