Overview  Package   Class  Tree  Deprecated  Index  Help 
Apache Tomcat 7.0.37
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.tomcat.util.net.jsse
Class JSSESocketFactory

java.lang.Object
  extended by org.apache.tomcat.util.net.jsse.JSSESocketFactory
All Implemented Interfaces:
ServerSocketFactory, SSLUtil
public class JSSESocketFactory
extends Object
implements ServerSocketFactory, SSLUtil

SSL server socket factory. It requires a valid RSA key and JSSE.
keytool -genkey -alias tomcat -keyalg RSA
Use "changeit" as password (this is the default we use).

Author:
Harish Prabandham, Costin Manolache, Stefan Freyr Stefansson, EKR -- renamed to JSSESocketFactory, Jan Luehe, Bill Barker

Field Summary
protected  boolean allowUnsafeLegacyRenegotiation
           
static String DEFAULT_KEY_PASS
           
protected  String[] enabledCiphers
           
protected  String[] enabledProtocols
           
protected  boolean requireClientAuth
          Flag to state that we require client authentication.
protected  SSLServerSocketFactory sslProxy
           
protected  boolean wantClientAuth
          Flag to state that we would like client authentication.
 
Constructor Summary
JSSESocketFactory(AbstractEndpoint endpoint)
           
 
Method Summary
 Socket acceptSocket(ServerSocket socket)
          Wrapper function for accept().
protected  void configureClientAuth(SSLServerSocket socket)
          Configure Client authentication for this version of JSSE.
 void configureSessionContext(SSLSessionContext sslSessionContext)
           
 ServerSocket createSocket(int port)
          Returns a server socket which uses all network interfaces on the host, and is bound to a the specified port.
 ServerSocket createSocket(int port, int backlog)
          Returns a server socket which uses all network interfaces on the host, is bound to a the specified port, and uses the specified connection backlog.
 ServerSocket createSocket(int port, int backlog, InetAddress ifAddress)
          Returns a server socket which uses only the specified network interface on the local host, is bound to a the specified port, and uses the specified connection backlog.
 SSLContext createSSLContext()
           
protected  Collection<? extends CRL> getCRLs(String crlf)
          Load the collection of CRLs.
 String[] getEnableableCiphers(SSLContext context)
          Determines the SSL cipher suites that can be enabled, based on the configuration of the endpoint and the ciphers supported by the SSL implementation.
 String[] getEnableableProtocols(SSLContext context)
          Determines the SSL protocol variants that can be enabled, based on the configuration of the endpoint and the ciphers supported by the SSL implementation.
 KeyManager[] getKeyManagers()
           
protected  KeyManager[] getKeyManagers(String keystoreType, String keystoreProvider, String algorithm, String keyAlias)
          Gets the initialized key managers.
protected  KeyStore getKeystore(String type, String provider, String pass)
           
protected  String getKeystorePassword()
           
protected  CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore)
          Return the initialization parameters for the TrustManager.
 TrustManager[] getTrustManagers()
           
protected  TrustManager[] getTrustManagers(String keystoreType, String keystoreProvider, String algorithm)
          Gets the initialized trust managers.
protected  KeyStore getTrustStore(String keystoreType, String keystoreProvider)
           
 void handshake(Socket sock)
          Triggers the SSL handshake.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEFAULT_KEY_PASS

public static final String DEFAULT_KEY_PASS
See Also:
Constant Field Values

sslProxy

protected SSLServerSocketFactory sslProxy

enabledCiphers

protected String[] enabledCiphers

enabledProtocols

protected String[] enabledProtocols

allowUnsafeLegacyRenegotiation

protected boolean allowUnsafeLegacyRenegotiation

requireClientAuth

protected boolean requireClientAuth
Flag to state that we require client authentication.

wantClientAuth

protected boolean wantClientAuth
Flag to state that we would like client authentication.

Constructor Detail

JSSESocketFactory

public JSSESocketFactory(AbstractEndpoint endpoint)
Method Detail

createSocket

public ServerSocket createSocket(int port)
                          throws IOException
Description copied from interface: ServerSocketFactory
Returns a server socket which uses all network interfaces on the host, and is bound to a the specified port. The socket is configured with the socket options (such as accept timeout) given to this factory.

Specified by:
createSocket in interface ServerSocketFactory
Parameters:
port - the port to listen to
Throws:
IOException - for networking errors

createSocket

public ServerSocket createSocket(int port,
                                 int backlog)
                          throws IOException
Description copied from interface: ServerSocketFactory
Returns a server socket which uses all network interfaces on the host, is bound to a the specified port, and uses the specified connection backlog. The socket is configured with the socket options (such as accept timeout) given to this factory.

Specified by:
createSocket in interface ServerSocketFactory
Parameters:
port - the port to listen to
backlog - how many connections are queued
Throws:
IOException - for networking errors

createSocket

public ServerSocket createSocket(int port,
                                 int backlog,
                                 InetAddress ifAddress)
                          throws IOException
Description copied from interface: ServerSocketFactory
Returns a server socket which uses only the specified network interface on the local host, is bound to a the specified port, and uses the specified connection backlog. The socket is configured with the socket options (such as accept timeout) given to this factory.

Specified by:
createSocket in interface ServerSocketFactory
Parameters:
port - the port to listen to
backlog - how many connections are queued
ifAddress - the network interface address to use
Throws:
IOException - for networking errors

acceptSocket

public Socket acceptSocket(ServerSocket socket)
                    throws IOException
Description copied from interface: ServerSocketFactory
Wrapper function for accept(). This allows us to trap and translate exceptions if necessary.

Specified by:
acceptSocket in interface ServerSocketFactory
Throws:
IOException

handshake

public void handshake(Socket sock)
               throws IOException
Description copied from interface: ServerSocketFactory
Triggers the SSL handshake. This will be a no-op for non-SSL sockets.

Specified by:
handshake in interface ServerSocketFactory
Throws:
IOException

getEnableableCiphers

public String[] getEnableableCiphers(SSLContext context)
Description copied from interface: SSLUtil
Determines the SSL cipher suites that can be enabled, based on the configuration of the endpoint and the ciphers supported by the SSL implementation.

Specified by:
getEnableableCiphers in interface SSLUtil
Parameters:
context - An initialized context to obtain the supported ciphers from.
Returns:
Array of SSL cipher suites that may be enabled (which may be empty if none of the specified ciphers are supported), or the defaults for the underlying SSL implementation if the endpoint configuration does not specify any ciphers.

getKeystorePassword

protected String getKeystorePassword()

getKeystore

protected KeyStore getKeystore(String type,
                               String provider,
                               String pass)
                        throws IOException
Throws:
IOException

getTrustStore

protected KeyStore getTrustStore(String keystoreType,
                                 String keystoreProvider)
                          throws IOException
Throws:
IOException

createSSLContext

public SSLContext createSSLContext()
                            throws Exception
Specified by:
createSSLContext in interface SSLUtil
Throws:
Exception

getKeyManagers

public KeyManager[] getKeyManagers()
                            throws Exception
Specified by:
getKeyManagers in interface SSLUtil
Throws:
Exception

getTrustManagers

public TrustManager[] getTrustManagers()
                                throws Exception
Specified by:
getTrustManagers in interface SSLUtil
Throws:
Exception

configureSessionContext

public void configureSessionContext(SSLSessionContext sslSessionContext)
Specified by:
configureSessionContext in interface SSLUtil

getKeyManagers

protected KeyManager[] getKeyManagers(String keystoreType,
                                      String keystoreProvider,
                                      String algorithm,
                                      String keyAlias)
                               throws Exception
Gets the initialized key managers.

Throws:
Exception

getTrustManagers

protected TrustManager[] getTrustManagers(String keystoreType,
                                          String keystoreProvider,
                                          String algorithm)
                                   throws Exception
Gets the initialized trust managers.

Throws:
Exception

getParameters

protected CertPathParameters getParameters(String algorithm,
                                           String crlf,
                                           KeyStore trustStore)
                                    throws Exception
Return the initialization parameters for the TrustManager. Currently, only the default PKIX is supported.

Parameters:
algorithm - The algorithm to get parameters for.
crlf - The path to the CRL file.
trustStore - The configured TrustStore.
Returns:
The parameters including the CRLs and TrustStore.
Throws:
Exception

getCRLs

protected Collection<? extends CRL> getCRLs(String crlf)
                                     throws IOException,
                                            CRLException,
                                            CertificateException
Load the collection of CRLs.

Throws:
IOException
CRLException
CertificateException

getEnableableProtocols

public String[] getEnableableProtocols(SSLContext context)
Description copied from interface: SSLUtil
Determines the SSL protocol variants that can be enabled, based on the configuration of the endpoint and the ciphers supported by the SSL implementation.

Specified by:
getEnableableProtocols in interface SSLUtil
Parameters:
context - An initialized context to obtain the supported protocols from.
Returns:
Array of SSL protocol variants that may be enabled (which may be empty if none of the specified protocols are supported), or the defaults for the underlying SSL implementation if the endpoint configuration does not specify any protocols.

configureClientAuth

protected void configureClientAuth(SSLServerSocket socket)
Configure Client authentication for this version of JSSE. The JSSE included in Java 1.4 supports the 'want' value. Prior versions of JSSE will treat 'want' as 'false'.

Parameters:
socket - the SSLServerSocket
Overview  Package   Class  Tree  Deprecated  Index  Help 
Apache Tomcat 7.0.37
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2000-2013 Apache Software Foundation. All Rights Reserved.