📄 sslselectchannelconnector.java
字号:
/* ------------------------------------------------------------ */ public String getAlgorithm() { return (this._algorithm); } /* ------------------------------------------------------------ */ public void setAlgorithm(String algorithm) { this._algorithm=algorithm; } /* ------------------------------------------------------------ */ public String getProtocol() { return _protocol; } /* ------------------------------------------------------------ */ public void setProtocol(String protocol) { _protocol=protocol; } /* ------------------------------------------------------------ */ public void setKeystore(String keystore) { _keystore=keystore; } /* ------------------------------------------------------------ */ public String getKeystore() { return _keystore; } /* ------------------------------------------------------------ */ public String getKeystoreType() { return (_keystoreType); } /* ------------------------------------------------------------ */ public boolean getNeedClientAuth() { return _needClientAuth; } /* ------------------------------------------------------------ */ public boolean getWantClientAuth() { return _wantClientAuth; } /* ------------------------------------------------------------ */ /** * Set the value of the needClientAuth property * * @param needClientAuth * true iff we require client certificate authentication. */ public void setNeedClientAuth(boolean needClientAuth) { _needClientAuth=needClientAuth; } public void setWantClientAuth(boolean wantClientAuth) { _wantClientAuth=wantClientAuth; } /* ------------------------------------------------------------ */ public void setKeystoreType(String keystoreType) { _keystoreType=keystoreType; } /* ------------------------------------------------------------ */ public String getProvider() { return _provider; } public String getSecureRandomAlgorithm() { return (this._secureRandomAlgorithm); } /* ------------------------------------------------------------ */ public String getSslKeyManagerFactoryAlgorithm() { return (this._sslKeyManagerFactoryAlgorithm); } /* ------------------------------------------------------------ */ public String getSslTrustManagerFactoryAlgorithm() { return (this._sslTrustManagerFactoryAlgorithm); } /* ------------------------------------------------------------ */ public String getTruststore() { return _truststore; } /* ------------------------------------------------------------ */ public String getTruststoreType() { return _truststoreType; } /* ------------------------------------------------------------ */ public void setProvider(String _provider) { this._provider=_provider; } /* ------------------------------------------------------------ */ public void setSecureRandomAlgorithm(String algorithm) { this._secureRandomAlgorithm=algorithm; } /* ------------------------------------------------------------ */ public void setSslKeyManagerFactoryAlgorithm(String algorithm) { this._sslKeyManagerFactoryAlgorithm=algorithm; } /* ------------------------------------------------------------ */ public void setSslTrustManagerFactoryAlgorithm(String algorithm) { this._sslTrustManagerFactoryAlgorithm=algorithm; } public void setTruststore(String truststore) { _truststore=truststore; } public void setTruststoreType(String truststoreType) { _truststoreType=truststoreType; } /* ------------------------------------------------------------ */ /** * By default, we're confidential, given we speak SSL. But, if we've been * told about an confidential port, and said port is not our port, then * we're not. This allows separation of listeners providing INTEGRAL versus * CONFIDENTIAL constraints, such as one SSL listener configured to require * client certs providing CONFIDENTIAL, whereas another SSL listener not * requiring client certs providing mere INTEGRAL constraints. */ public boolean isConfidential(Request request) { final int confidentialPort=getConfidentialPort(); return confidentialPort==0||confidentialPort==request.getServerPort(); } /* ------------------------------------------------------------ */ /** * By default, we're integral, given we speak SSL. But, if we've been told * about an integral port, and said port is not our port, then we're not. * This allows separation of listeners providing INTEGRAL versus * CONFIDENTIAL constraints, such as one SSL listener configured to require * client certs providing CONFIDENTIAL, whereas another SSL listener not * requiring client certs providing mere INTEGRAL constraints. */ public boolean isIntegral(Request request) { final int integralPort=getIntegralPort(); return integralPort==0||integralPort==request.getServerPort(); } /* ------------------------------------------------------------------------------- */ protected SelectChannelEndPoint newEndPoint(SocketChannel channel, SelectSet selectSet, SelectionKey key) throws IOException { return new SslHttpChannelEndPoint(this,channel,selectSet,key,createSSLEngine()); } /* ------------------------------------------------------------------------------- */ protected Connection newConnection(SocketChannel channel, SelectChannelEndPoint endpoint) { HttpConnection connection=(HttpConnection)super.newConnection(channel,endpoint); ((HttpParser)connection.getParser()).setForceContentBuffer(true); return connection; } /* ------------------------------------------------------------ */ protected SSLEngine createSSLEngine() throws IOException { SSLEngine engine=null; try { engine=_context.createSSLEngine(); engine.setUseClientMode(false); if (_wantClientAuth) engine.setWantClientAuth(_wantClientAuth); if (_needClientAuth) engine.setNeedClientAuth(_needClientAuth); if (_excludeCipherSuites!=null&&_excludeCipherSuites.length>0) { List<String> excludedCSList=Arrays.asList(_excludeCipherSuites); String[] enabledCipherSuites=engine.getEnabledCipherSuites(); List<String> enabledCSList=new ArrayList<String>(Arrays.asList(enabledCipherSuites)); for (String cipherName : excludedCSList) { if (enabledCSList.contains(cipherName)) { enabledCSList.remove(cipherName); } } enabledCipherSuites=enabledCSList.toArray(new String[enabledCSList.size()]); engine.setEnabledCipherSuites(enabledCipherSuites); } } catch (Exception e) { Log.warn("Error creating sslEngine -- closing this connector",e); close(); throw new IllegalStateException(e); } return engine; } protected void doStart() throws Exception { _context=createSSLContext(); SSLEngine engine=createSSLEngine(); SSLSession ssl_session=engine.getSession(); setHeaderBufferSize(ssl_session.getApplicationBufferSize()); setRequestBufferSize(ssl_session.getApplicationBufferSize()); setResponseBufferSize(ssl_session.getApplicationBufferSize()); super.doStart(); } protected SSLContext createSSLContext() throws Exception { if (_truststore==null) { _truststore=_keystore; _truststoreType=_keystoreType; } InputStream keystoreInputStream = null; KeyManager[] keyManagers=null; KeyStore keyStore = null; try { if (_keystore!=null) { keystoreInputStream=Resource.newResource(_keystore).getInputStream(); keyStore = KeyStore.getInstance(_keystoreType); keyStore.load(keystoreInputStream,_password==null?null:_password.toString().toCharArray()); } } finally { if (keystoreInputStream != null) keystoreInputStream.close(); } KeyManagerFactory keyManagerFactory=KeyManagerFactory.getInstance(_sslKeyManagerFactoryAlgorithm); keyManagerFactory.init(keyStore,_keyPassword==null?(_password==null?null:_password.toString().toCharArray()):_keyPassword.toString().toCharArray()); keyManagers=keyManagerFactory.getKeyManagers(); TrustManager[] trustManagers=null; InputStream truststoreInputStream = null; KeyStore trustStore = null; try { if (_truststore!=null) { truststoreInputStream = Resource.newResource(_truststore).getInputStream(); trustStore=KeyStore.getInstance(_truststoreType); trustStore.load(truststoreInputStream,_trustPassword==null?null:_trustPassword.toString().toCharArray()); } } finally { if (truststoreInputStream != null) truststoreInputStream.close(); } TrustManagerFactory trustManagerFactory=TrustManagerFactory.getInstance(_sslTrustManagerFactoryAlgorithm); trustManagerFactory.init(trustStore); trustManagers=trustManagerFactory.getTrustManagers(); SecureRandom secureRandom=_secureRandomAlgorithm==null?null:SecureRandom.getInstance(_secureRandomAlgorithm); SSLContext context=_provider==null?SSLContext.getInstance(_protocol):SSLContext.getInstance(_protocol,_provider); context.init(keyManagers,trustManagers,secureRandom); return context; } /** * Simple bundle of information that is cached in the SSLSession. Stores the * effective keySize and the client certificate chain. */ private class CachedInfo { private X509Certificate[] _certs; private Integer _keySize; CachedInfo(Integer keySize, X509Certificate[] certs) { this._keySize=keySize; this._certs=certs; } X509Certificate[] getCerts() { return _certs; } Integer getKeySize() { return _keySize; } }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -