org.mortbay.http

Class SslListener

public class SslListener extends SocketListener

JSSE Socket Listener. This is heavily based on the work from Court Demas, which in turn is based on the work from Forge Research.

Version: $Id: SslListener.java,v 1.8 2006/11/22 20:21:30 gregwilkins Exp $

Author: Greg Wilkins (gregw@mortbay.com) Court Demas (court@kiwiconsulting.com) Forge Research Pty Ltd ACN 003 491 576 Jan Hlavaty

Field Summary
static StringDEFAULT_KEYSTORE
Default value for the keystore location path.
static StringKEYPASSWORD_PROPERTY
String name of key password property.
static StringPASSWORD_PROPERTY
String name of keystore password property.
Constructor Summary
SslListener()
Constructor.
SslListener(InetAddrPort p_address)
Constructor.
Method Summary
protected Socketaccept(ServerSocket p_serverSocket)
protected SSLServerSocketFactorycreateFactory()
protected voidcustomizeRequest(Socket socket, HttpRequest request)
Allow the Listener a chance to customise the request. before the server does its stuff.
StringgetAlgorithm()
String[]getCipherSuites()
StringgetKeystore()
StringgetKeystoreType()
booleangetNeedClientAuth()
StringgetProtocol()
StringgetProvider()
booleangetWantClientAuth()
booleanisConfidential(HttpConnection connection)
By default, we're confidential, given we speak SSL.
booleanisIntegral(HttpConnection connection)
By default, we're integral, given we speak SSL.
protected ServerSocketnewServerSocket(InetAddrPort p_address, int p_acceptQueueSize)
voidsetAlgorithm(String algorithm)
voidsetCipherSuites(String[] cipherSuites)
voidsetKeyPassword(String password)
voidsetKeystore(String keystore)
voidsetKeystoreType(String keystoreType)
voidsetNeedClientAuth(boolean needClientAuth)
Set the value of the needClientAuth property
voidsetPassword(String password)
voidsetProtocol(String protocol)
voidsetProvider(String _provider)
voidsetWantClientAuth(boolean wantClientAuth)
Set the value of the needClientAuth property

Field Detail

DEFAULT_KEYSTORE

public static final String DEFAULT_KEYSTORE
Default value for the keystore location path.

KEYPASSWORD_PROPERTY

public static final String KEYPASSWORD_PROPERTY
String name of key password property.

PASSWORD_PROPERTY

public static final String PASSWORD_PROPERTY
String name of keystore password property.

Constructor Detail

SslListener

public SslListener()
Constructor.

SslListener

public SslListener(InetAddrPort p_address)
Constructor.

Parameters: p_address

Method Detail

accept

protected Socket accept(ServerSocket p_serverSocket)

Parameters: p_serverSocket

Returns: @exception IOException

createFactory

protected SSLServerSocketFactory createFactory()

customizeRequest

protected void customizeRequest(Socket socket, HttpRequest request)
Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:

Parameters: socket The Socket the request arrived on. This should be a javax.net.ssl.SSLSocket. request HttpRequest to be customised.

getAlgorithm

public String getAlgorithm()

getCipherSuites

public String[] getCipherSuites()

getKeystore

public String getKeystore()

getKeystoreType

public String getKeystoreType()

getNeedClientAuth

public boolean getNeedClientAuth()

getProtocol

public String getProtocol()

getProvider

public String getProvider()

getWantClientAuth

public boolean getWantClientAuth()

isConfidential

public boolean isConfidential(HttpConnection connection)
By default, we're confidential, given we speak SSL. But, if we've been told about an confidential port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

isIntegral

public boolean isIntegral(HttpConnection connection)
By default, we're integral, given we speak SSL. But, if we've been told about an integral port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

newServerSocket

protected ServerSocket newServerSocket(InetAddrPort p_address, int p_acceptQueueSize)

Parameters: p_address p_acceptQueueSize

Returns: @exception IOException

setAlgorithm

public void setAlgorithm(String algorithm)

setCipherSuites

public void setCipherSuites(String[] cipherSuites)

Author: Tony Jiang

setKeyPassword

public void setKeyPassword(String password)

setKeystore

public void setKeystore(String keystore)

setKeystoreType

public void setKeystoreType(String keystoreType)

setNeedClientAuth

public void setNeedClientAuth(boolean needClientAuth)
Set the value of the needClientAuth property

Parameters: needClientAuth true iff we require client certificate authentication.

setPassword

public void setPassword(String password)

setProtocol

public void setProtocol(String protocol)

setProvider

public void setProvider(String _provider)

setWantClientAuth

public void setWantClientAuth(boolean wantClientAuth)
Set the value of the needClientAuth property

Parameters: wantClientAuth true iff we would like client certificate authentication.

Copyright © 2004 Mortbay Consulting Pty. Ltd. All Rights Reserved.