org.apache.tomcat.util.net.jsse

Class NioJSSESocketChannelFactory

java.lang.Object

org.apache.tomcat.util.net.NioServerSocketChannelFactory

org.apache.tomcat.util.net.DefaultNioServerSocketChannelFactory

org.apache.tomcat.util.net.jsse.NioJSSESocketChannelFactory

All Implemented Interfaces:

Cloneable

public class NioJSSESocketChannelFactory
extends DefaultNioServerSocketChannelFactory

NioJSSESocketChannelFactory

SSL server socket factory. It _requires_ a valid RSA key and JSSE.

1. Make the JSSE's jars available, either as an installed extension (copy them into jre/lib/ext) or by adding them to the Tomcat classpath. 2. keytool -genkey -alias tomcat -keyalg RSA Use "changeit" as password ( this is the default we use )

Created on Jan 3, 2012 at 2:07:00 PM

Author:

Nabil Benothman

Field Summary

Fields

Modifier and Type	Field and Description
protected boolean	allowUnsafeLegacyRenegotiation
protected String	clientAuth
protected String[]	enabledCiphers
protected boolean	initialized
protected boolean	requireClientAuth Flag to state that we require client authentication.
protected boolean	wantClientAuth Flag to state that we would like client authentication.

Fields inherited from class org.apache.tomcat.util.net.NioServerSocketChannelFactory

attributes, threadGroup

Constructor Summary

Constructors

Constructor and Description
NioJSSESocketChannelFactory() Create a new instance of NioJSSESocketChannelFactory
NioJSSESocketChannelFactory(AsynchronousChannelGroup threadGroup) Create a new instance of NioJSSESocketChannelFactory

Method Summary

Modifier and Type	Method and Description
NioChannel	acceptChannel(AsynchronousServerSocketChannel listener) Wrapper function for accept().
void	destroy() Destroy the factory
protected Collection<? extends CRL>	getCRLs(String crlf) Load the collection of CRLs.
protected String[]	getEnabledCiphers(String requestedCiphers, String[] supportedCiphers) Determines the SSL cipher suites to be enabled.
protected String[]	getEnabledProtocols(SSLEngine engine, String requestedProtocols) Determines the SSL protocol variants to be enabled.
protected KeyManager[]	getKeyManagers(String keystoreType, String keystoreProvider, String algorithm, String keyAlias) Gets the initialized key managers.
protected KeyStore	getKeystore(String type, String provider, String pass) Gets the SSL server's keystore.
protected String	getKeystorePassword() Gets the SSL server's keystore password.
protected CertPathParameters	getParameters(String algorithm, String crlf, KeyStore trustStore) Return the initialization parameters for the TrustManager.
SSLContext	getSslContext()
protected TrustManager[]	getTrustManagers(String keystoreType, String keystoreProvider, String algorithm) Gets the initialized trust managers.
protected KeyStore	getTrustStore(String keystoreType, String keystoreProvider) Gets the SSL server's truststore.
void	handshake(NioChannel channel) Extra function to initiate the handshake.
void	init() Reads the keystore and initializes the SSL socket factory.
void	initChannel(NioChannel channel) Initialize the specified NioChannel
protected void	setEnabledProtocols(SSLEngine engine, String[] protocols) Set the SSL protocol variants to be enabled.
void	setSslContext(SSLContext ctx)

Methods inherited from class org.apache.tomcat.util.net.DefaultNioServerSocketChannelFactory

createServerChannel

Methods inherited from class org.apache.tomcat.util.net.NioServerSocketChannelFactory

createSecureFactory, createServerChannel, createServerChannel, createServerSocketChannelFactory, getDefault, getDefault, open, setAttribute

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

initialized

protected boolean initialized

clientAuth

protected String clientAuth

enabledCiphers

protected String[] enabledCiphers

allowUnsafeLegacyRenegotiation

protected boolean allowUnsafeLegacyRenegotiation

requireClientAuth

protected boolean requireClientAuth

Flag to state that we require client authentication.

wantClientAuth

protected boolean wantClientAuth

Flag to state that we would like client authentication.

Constructor Detail

NioJSSESocketChannelFactory

public NioJSSESocketChannelFactory()

Create a new instance of NioJSSESocketChannelFactory

NioJSSESocketChannelFactory

public NioJSSESocketChannelFactory(AsynchronousChannelGroup threadGroup)

Create a new instance of NioJSSESocketChannelFactory

Parameters:

threadGroup -

Method Detail

acceptChannel

public NioChannel acceptChannel(AsynchronousServerSocketChannel listener)
                         throws IOException

Description copied from class: NioServerSocketChannelFactory

Wrapper function for accept(). This allows us to trap and translate exceptions if necessary

Overrides:

acceptChannel in class DefaultNioServerSocketChannelFactory

Parameters:

listener - The Asynchronous Server Socket channel that will accept a new connection

Returns:

an instance of NioChannel representing the new connection

Throws:

IOException

initChannel

public void initChannel(NioChannel channel)
                 throws Exception

Description copied from class: NioServerSocketChannelFactory

Initialize the specified NioChannel

Overrides:

initChannel in class DefaultNioServerSocketChannelFactory

Parameters:

channel - The channel to be initialized

Throws:

Exception

handshake

public void handshake(NioChannel channel)
               throws IOException

Description copied from class: NioServerSocketChannelFactory

Extra function to initiate the handshake. Sometimes necessary for SSL

Overrides:

handshake in class DefaultNioServerSocketChannelFactory

Throws:

IOException

setSslContext

public void setSslContext(SSLContext ctx)

Parameters:

ctx -

getSslContext

public SSLContext getSslContext()

Returns:

the SSLContext

init

public void init()
          throws IOException

Reads the keystore and initializes the SSL socket factory.

Overrides:

init in class DefaultNioServerSocketChannelFactory

Throws:

IOException

destroy

public void destroy()
             throws IOException

Description copied from class: NioServerSocketChannelFactory

Destroy the factory

Overrides:

destroy in class DefaultNioServerSocketChannelFactory

Throws:

IOException

getEnabledCiphers

protected String[] getEnabledCiphers(String requestedCiphers,
                                     String[] supportedCiphers)

Determines the SSL cipher suites to be enabled.

Parameters:

requestedCiphers - Comma-separated list of requested ciphers

supportedCiphers - Array of supported ciphers

Returns:

Array of SSL cipher suites to be enabled, or null if none of the requested ciphers are supported

getKeystore

protected KeyStore getKeystore(String type,
                               String provider,
                               String pass)
                        throws IOException

Gets the SSL server's keystore.

Parameters:

type - the type of the keystore

provider - the keystore provider

pass - the keystore password

Returns:

the SSL server's keystore

Throws:

IOException

getKeystorePassword

protected String getKeystorePassword()

Gets the SSL server's keystore password.

Returns:

the keystore password

getKeyManagers

protected KeyManager[] getKeyManagers(String keystoreType,
                                      String keystoreProvider,
                                      String algorithm,
                                      String keyAlias)
                               throws Exception

Gets the initialized key managers.

Parameters:

keystoreType -

keystoreProvider -

algorithm -

keyAlias -

Returns:

Throws:

Exception

getTrustManagers

protected TrustManager[] getTrustManagers(String keystoreType,
                                          String keystoreProvider,
                                          String algorithm)
                                   throws Exception

Gets the initialized trust managers.

Parameters:

keystoreType -

keystoreProvider -

algorithm -

Returns:

Throws:

Exception

getTrustStore

protected KeyStore getTrustStore(String keystoreType,
                                 String keystoreProvider)
                          throws IOException

Gets the SSL server's truststore.

Parameters:

keystoreType -

keystoreProvider -

Returns:

the SSL server's truststore.

Throws:

IOException

getParameters

protected CertPathParameters getParameters(String algorithm,
                                           String crlf,
                                           KeyStore trustStore)
                                    throws Exception

Return the initialization parameters for the TrustManager. Currently, only the default PKIX is supported.

Parameters:

algorithm - The algorithm to get parameters for.

crlf - The path to the CRL file.

trustStore - The configured TrustStore.

Returns:

The parameters including the CRLs and TrustStore.

Throws:

Exception

getCRLs

protected Collection<? extends CRL> getCRLs(String crlf)
                                     throws IOException,
                                            CRLException,
                                            CertificateException

Load the collection of CRLs.

Parameters:

crlf -

Returns:

a collection of java.security.cert.CRL

Throws:

IOException

CRLException

CertificateException

setEnabledProtocols

protected void setEnabledProtocols(SSLEngine engine,
                                   String[] protocols)

Set the SSL protocol variants to be enabled.

Parameters:

engine - the SSLEngine.

protocols - the protocols to use.

getEnabledProtocols

protected String[] getEnabledProtocols(SSLEngine engine,
                                       String requestedProtocols)

Determines the SSL protocol variants to be enabled.

Parameters:

engine - The SSLEngine to get supported list from.

requestedProtocols - Comma-separated list of requested SSL protocol variants

Returns:

Array of SSL protocol variants to be enabled, or null if none of the requested protocol variants are supported