Apache Tomcat 6.0.53

org.apache.tomcat.util.net.jsse
Class JSSESocketFactory

java.lang.Object
  extended by org.apache.tomcat.util.net.ServerSocketFactory
      extended by org.apache.tomcat.util.net.jsse.JSSESocketFactory
All Implemented Interfaces:
java.lang.Cloneable

public class JSSESocketFactory
extends ServerSocketFactory

SSL server socket factory. It requires a valid RSA key and JSSE.
keytool -genkey -alias tomcat -keyalg RSA
Use "changeit" as password (this is the default we use).

Author:
Harish Prabandham, Costin Manolache, Stefan Freyr Stefansson, EKR -- renamed to JSSESocketFactory, Jan Luehe, Bill Barker

Field Summary
protected  boolean allowUnsafeLegacyRenegotiation
           
protected  java.lang.String[] enabledCiphers
           
protected  boolean initialized
           
protected  boolean requireClientAuth
          Flag to state that we require client authentication.
protected  javax.net.ssl.SSLServerSocketFactory sslProxy
           
protected  boolean wantClientAuth
          Flag to state that we would like client authentication.
 
Fields inherited from class org.apache.tomcat.util.net.ServerSocketFactory
attributes
 
Constructor Summary
JSSESocketFactory()
           
JSSESocketFactory(java.lang.String sslProtocol)
           
 
Method Summary
 java.net.Socket acceptSocket(java.net.ServerSocket socket)
          Wrapper function for accept().
protected  void configureClientAuth(javax.net.ssl.SSLServerSocket socket)
          Configure Client authentication for this version of JSSE.
protected  void configureClientAuth(javax.net.ssl.SSLSocket socket)
          Configure Client authentication for this version of JSSE.
 java.net.ServerSocket createSocket(int port)
          Returns a server socket which uses all network interfaces on the host, and is bound to a the specified port.
 java.net.ServerSocket createSocket(int port, int backlog)
          Returns a server socket which uses all network interfaces on the host, is bound to a the specified port, and uses the specified connection backlog.
 java.net.ServerSocket createSocket(int port, int backlog, java.net.InetAddress ifAddress)
          Returns a server socket which uses only the specified network interface on the local host, is bound to a the specified port, and uses the specified connection backlog.
static java.lang.String[] filterInsecureProtocols(java.lang.String[] protocols)
           
protected  java.util.Collection<? extends java.security.cert.CRL> getCRLs(java.lang.String crlf)
          Load the collection of CRLs.
protected  java.lang.String[] getEnabledCiphers(java.lang.String requestedCiphersStr, java.lang.String[] supportedCiphers)
           
protected  java.lang.String[] getEnabledProtocols(javax.net.ssl.SSLServerSocket socket, java.lang.String requestedProtocols)
          Determines the SSL protocol variants to be enabled.
protected  javax.net.ssl.KeyManager[] getKeyManagers(java.lang.String keystoreType, java.lang.String keystoreProvider, java.lang.String algorithm, java.lang.String keyAlias)
          Gets the initialized key managers.
protected  java.security.KeyStore getKeystore(java.lang.String type, java.lang.String provider, java.lang.String pass)
           
protected  java.lang.String getKeystorePassword()
           
protected  java.security.cert.CertPathParameters getParameters(java.lang.String algorithm, java.lang.String crlf, java.security.KeyStore trustStore)
          Return the initialization parameters for the TrustManager.
protected  javax.net.ssl.TrustManager[] getTrustManagers(java.lang.String keystoreType, java.lang.String keystoreProvider, java.lang.String algorithm)
          Gets the intialized trust managers.
protected  javax.net.ssl.TrustManager[] getTrustManagers(javax.net.ssl.TrustManagerFactory tmf)
          Gets the TrustManagers either from Connector's trustManagerClassName attribute (if set) else from the TrustManagerFactory.
protected  java.security.KeyStore getTrustStore(java.lang.String keystoreType, java.lang.String keystoreProvider)
           
 void handshake(java.net.Socket sock)
          Extra function to initiate the handshake.
protected  void setEnabledProtocols(javax.net.ssl.SSLServerSocket socket, java.lang.String[] protocols)
          Set the SSL protocol variants to be enabled.
 
Methods inherited from class org.apache.tomcat.util.net.ServerSocketFactory
getDefault, initSocket, setAttribute
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

initialized

protected boolean initialized

sslProxy

protected javax.net.ssl.SSLServerSocketFactory sslProxy

enabledCiphers

protected java.lang.String[] enabledCiphers

allowUnsafeLegacyRenegotiation

protected boolean allowUnsafeLegacyRenegotiation

requireClientAuth

protected boolean requireClientAuth
Flag to state that we require client authentication.


wantClientAuth

protected boolean wantClientAuth
Flag to state that we would like client authentication.

Constructor Detail

JSSESocketFactory

public JSSESocketFactory()

JSSESocketFactory

public JSSESocketFactory(java.lang.String sslProtocol)
Method Detail

createSocket

public java.net.ServerSocket createSocket(int port)
                                   throws java.io.IOException
Description copied from class: ServerSocketFactory
Returns a server socket which uses all network interfaces on the host, and is bound to a the specified port. The socket is configured with the socket options (such as accept timeout) given to this factory.

Specified by:
createSocket in class ServerSocketFactory
Parameters:
port - the port to listen to
Throws:
java.io.IOException - for networking errors

createSocket

public java.net.ServerSocket createSocket(int port,
                                          int backlog)
                                   throws java.io.IOException
Description copied from class: ServerSocketFactory
Returns a server socket which uses all network interfaces on the host, is bound to a the specified port, and uses the specified connection backlog. The socket is configured with the socket options (such as accept timeout) given to this factory.

Specified by:
createSocket in class ServerSocketFactory
Parameters:
port - the port to listen to
backlog - how many connections are queued
Throws:
java.io.IOException - for networking errors

createSocket

public java.net.ServerSocket createSocket(int port,
                                          int backlog,
                                          java.net.InetAddress ifAddress)
                                   throws java.io.IOException
Description copied from class: ServerSocketFactory
Returns a server socket which uses only the specified network interface on the local host, is bound to a the specified port, and uses the specified connection backlog. The socket is configured with the socket options (such as accept timeout) given to this factory.

Specified by:
createSocket in class ServerSocketFactory
Parameters:
port - the port to listen to
backlog - how many connections are queued
ifAddress - the network interface address to use
Throws:
java.io.IOException - for networking errors

acceptSocket

public java.net.Socket acceptSocket(java.net.ServerSocket socket)
                             throws java.io.IOException
Description copied from class: ServerSocketFactory
Wrapper function for accept(). This allows us to trap and translate exceptions if necessary

Specified by:
acceptSocket in class ServerSocketFactory
Throws:
java.io.IOException

handshake

public void handshake(java.net.Socket sock)
               throws java.io.IOException
Description copied from class: ServerSocketFactory
Extra function to initiate the handshake. Sometimes necessary for SSL

Specified by:
handshake in class ServerSocketFactory
Throws:
java.io.IOException

getEnabledCiphers

protected java.lang.String[] getEnabledCiphers(java.lang.String requestedCiphersStr,
                                               java.lang.String[] supportedCiphers)

getKeystorePassword

protected java.lang.String getKeystorePassword()

getKeystore

protected java.security.KeyStore getKeystore(java.lang.String type,
                                             java.lang.String provider,
                                             java.lang.String pass)
                                      throws java.io.IOException
Throws:
java.io.IOException

getTrustStore

protected java.security.KeyStore getTrustStore(java.lang.String keystoreType,
                                               java.lang.String keystoreProvider)
                                        throws java.io.IOException
Throws:
java.io.IOException

getKeyManagers

protected javax.net.ssl.KeyManager[] getKeyManagers(java.lang.String keystoreType,
                                                    java.lang.String keystoreProvider,
                                                    java.lang.String algorithm,
                                                    java.lang.String keyAlias)
                                             throws java.lang.Exception
Gets the initialized key managers.

Throws:
java.lang.Exception

getTrustManagers

protected javax.net.ssl.TrustManager[] getTrustManagers(java.lang.String keystoreType,
                                                        java.lang.String keystoreProvider,
                                                        java.lang.String algorithm)
                                                 throws java.lang.Exception
Gets the intialized trust managers.

Throws:
java.lang.Exception

getTrustManagers

protected javax.net.ssl.TrustManager[] getTrustManagers(javax.net.ssl.TrustManagerFactory tmf)
                                                 throws java.security.NoSuchAlgorithmException,
                                                        java.lang.ClassNotFoundException,
                                                        java.lang.InstantiationException,
                                                        java.lang.IllegalAccessException
Gets the TrustManagers either from Connector's trustManagerClassName attribute (if set) else from the TrustManagerFactory.

Returns:
The TrustManagers to use for this connector.
Throws:
java.security.NoSuchAlgorithmException
java.lang.ClassNotFoundException
java.lang.IllegalAccessException
java.lang.InstantiationException

getParameters

protected java.security.cert.CertPathParameters getParameters(java.lang.String algorithm,
                                                              java.lang.String crlf,
                                                              java.security.KeyStore trustStore)
                                                       throws java.lang.Exception
Return the initialization parameters for the TrustManager. Currently, only the default PKIX is supported.

Parameters:
algorithm - The algorithm to get parameters for.
crlf - The path to the CRL file.
trustStore - The configured TrustStore.
Returns:
The parameters including the CRLs and TrustStore.
Throws:
java.lang.Exception

getCRLs

protected java.util.Collection<? extends java.security.cert.CRL> getCRLs(java.lang.String crlf)
                                                                  throws java.io.IOException,
                                                                         java.security.cert.CRLException,
                                                                         java.security.cert.CertificateException
Load the collection of CRLs.

Throws:
java.io.IOException
java.security.cert.CRLException
java.security.cert.CertificateException

setEnabledProtocols

protected void setEnabledProtocols(javax.net.ssl.SSLServerSocket socket,
                                   java.lang.String[] protocols)
Set the SSL protocol variants to be enabled.

Parameters:
socket - the SSLServerSocket.
protocols - the protocols to use.

getEnabledProtocols

protected java.lang.String[] getEnabledProtocols(javax.net.ssl.SSLServerSocket socket,
                                                 java.lang.String requestedProtocols)
Determines the SSL protocol variants to be enabled.

Parameters:
socket - The socket to get supported list from.
requestedProtocols - Comma-separated list of requested SSL protocol variants
Returns:
Array of SSL protocol variants to be enabled, or null if none of the requested protocol variants are supported

configureClientAuth

protected void configureClientAuth(javax.net.ssl.SSLServerSocket socket)
Configure Client authentication for this version of JSSE. The JSSE included in Java 1.4 supports the 'want' value. Prior versions of JSSE will treat 'want' as 'false'.

Parameters:
socket - the SSLServerSocket

configureClientAuth

protected void configureClientAuth(javax.net.ssl.SSLSocket socket)
Configure Client authentication for this version of JSSE. The JSSE included in Java 1.4 supports the 'want' value. Prior versions of JSSE will treat 'want' as 'false'.

Parameters:
socket - the SSLSocket

filterInsecureProtocols

public static java.lang.String[] filterInsecureProtocols(java.lang.String[] protocols)

Apache Tomcat 6.0.53

Copyright © 2000-2017 Apache Software Foundation. All Rights Reserved.