org.mortbay.http

Class SslListener

public class SslListener extends SocketListener

JSSE Socket Listener. This is heavily based on the work from Court Demas, which in turn is based on the work from Forge Research.

Version: $Id: SslListener.java,v 1.8 2006/11/22 20:21:30 gregwilkins Exp $

Author: Greg Wilkins (gregw@mortbay.com) Court Demas (court@kiwiconsulting.com) Forge Research Pty Ltd ACN 003 491 576 Jan Hlavaty

Field Summary
static String	DEFAULT_KEYSTORE Default value for the keystore location path.
static String	KEYPASSWORD_PROPERTY String name of key password property.
static String	PASSWORD_PROPERTY String name of keystore password property.

Constructor Summary
	SslListener() Constructor.
	SslListener(InetAddrPort p_address) Constructor.

Method Summary
protected Socket	accept(ServerSocket p_serverSocket)
protected SSLServerSocketFactory	createFactory()
protected void	customizeRequest(Socket socket, HttpRequest request) Allow the Listener a chance to customise the request. before the server does its stuff.
String	getAlgorithm()
String[]	getCipherSuites()
String	getKeystore()
String	getKeystoreType()
boolean	getNeedClientAuth()
String	getProtocol()
String	getProvider()
boolean	getWantClientAuth()
boolean	isConfidential(HttpConnection connection) By default, we're confidential, given we speak SSL.
boolean	isIntegral(HttpConnection connection) By default, we're integral, given we speak SSL.
protected ServerSocket	newServerSocket(InetAddrPort p_address, int p_acceptQueueSize)
void	setAlgorithm(String algorithm)
void	setCipherSuites(String[] cipherSuites)
void	setKeyPassword(String password)
void	setKeystore(String keystore)
void	setKeystoreType(String keystoreType)
void	setNeedClientAuth(boolean needClientAuth) Set the value of the needClientAuth property
void	setPassword(String password)
void	setProtocol(String protocol)
void	setProvider(String _provider)
void	setWantClientAuth(boolean wantClientAuth) Set the value of the needClientAuth property

Field Detail

DEFAULT_KEYSTORE

public static final String DEFAULT_KEYSTORE

Default value for the keystore location path.

KEYPASSWORD_PROPERTY

public static final String KEYPASSWORD_PROPERTY

String name of key password property.

PASSWORD_PROPERTY

public static final String PASSWORD_PROPERTY

String name of keystore password property.

Constructor Detail

SslListener

public SslListener(InetAddrPort p_address)

Constructor.

Parameters: p_address

Method Detail

accept

protected Socket accept(ServerSocket p_serverSocket)

Parameters: p_serverSocket

Returns: @exception IOException

createFactory

protected SSLServerSocketFactory createFactory()

customizeRequest

protected void customizeRequest(Socket socket, HttpRequest request)

Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:

an attribute named "javax.servlet.request.cipher_suite" of type String.
an attribute named "javax.servlet.request.key_size" of type Integer.
an attribute named "javax.servlet.request.X509Certificate" of type java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate, the order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on.

Parameters: socket The Socket the request arrived on. This should be a javax.net.ssl.SSLSocket. request HttpRequest to be customised.

isConfidential

public boolean isConfidential(HttpConnection connection)

By default, we're confidential, given we speak SSL. But, if we've been told about an confidential port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

isIntegral

public boolean isIntegral(HttpConnection connection)

By default, we're integral, given we speak SSL. But, if we've been told about an integral port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

newServerSocket

protected ServerSocket newServerSocket(InetAddrPort p_address, int p_acceptQueueSize)

Parameters: p_address p_acceptQueueSize

Returns: @exception IOException

Parameters: needClientAuth true iff we require client certificate authentication.

Parameters: wantClientAuth true iff we would like client certificate authentication.