public class NioJSSESocketChannelFactory extends DefaultNioServerSocketChannelFactory
NioJSSESocketChannelFactory
SSL server socket factory. It _requires_ a valid RSA key and JSSE.
1. Make the JSSE's jars available, either as an installed extension (copy them into jre/lib/ext) or by adding them to the Tomcat classpath. 2. keytool -genkey -alias tomcat -keyalg RSA Use "changeit" as password ( this is the default we use )
Created on Jan 3, 2012 at 2:07:00 PMModifier and Type | Field and Description |
---|---|
protected boolean |
allowUnsafeLegacyRenegotiation |
protected String |
clientAuth |
protected String[] |
enabledCiphers |
protected boolean |
initialized |
protected boolean |
requireClientAuth
Flag to state that we require client authentication.
|
protected boolean |
wantClientAuth
Flag to state that we would like client authentication.
|
attributes, threadGroup
Constructor and Description |
---|
NioJSSESocketChannelFactory()
Create a new instance of
NioJSSESocketChannelFactory |
NioJSSESocketChannelFactory(AsynchronousChannelGroup threadGroup)
Create a new instance of
NioJSSESocketChannelFactory |
Modifier and Type | Method and Description |
---|---|
NioChannel |
acceptChannel(AsynchronousServerSocketChannel listener)
Wrapper function for accept().
|
void |
destroy()
Destroy the factory
|
protected Collection<? extends CRL> |
getCRLs(String crlf)
Load the collection of CRLs.
|
protected String[] |
getEnabledCiphers(String requestedCiphers,
String[] supportedCiphers)
Determines the SSL cipher suites to be enabled.
|
protected String[] |
getEnabledProtocols(SSLEngine engine,
String requestedProtocols)
Determines the SSL protocol variants to be enabled.
|
protected KeyManager[] |
getKeyManagers(String keystoreType,
String keystoreProvider,
String algorithm,
String keyAlias)
Gets the initialized key managers.
|
protected KeyStore |
getKeystore(String type,
String provider,
String pass)
Gets the SSL server's keystore.
|
protected String |
getKeystorePassword()
Gets the SSL server's keystore password.
|
protected CertPathParameters |
getParameters(String algorithm,
String crlf,
KeyStore trustStore)
Return the initialization parameters for the TrustManager.
|
SSLContext |
getSslContext() |
protected TrustManager[] |
getTrustManagers(String keystoreType,
String keystoreProvider,
String algorithm)
Gets the initialized trust managers.
|
protected KeyStore |
getTrustStore(String keystoreType,
String keystoreProvider)
Gets the SSL server's truststore.
|
void |
handshake(NioChannel channel)
Extra function to initiate the handshake.
|
void |
init()
Reads the keystore and initializes the SSL socket factory.
|
void |
initChannel(NioChannel channel)
Initialize the specified
NioChannel |
protected void |
setEnabledProtocols(SSLEngine engine,
String[] protocols)
Set the SSL protocol variants to be enabled.
|
void |
setSslContext(SSLContext ctx) |
createServerChannel
createSecureFactory, createServerChannel, createServerChannel, createServerSocketChannelFactory, getDefault, getDefault, open, setAttribute
protected boolean initialized
protected String clientAuth
protected String[] enabledCiphers
protected boolean allowUnsafeLegacyRenegotiation
protected boolean requireClientAuth
protected boolean wantClientAuth
public NioJSSESocketChannelFactory()
NioJSSESocketChannelFactory
public NioJSSESocketChannelFactory(AsynchronousChannelGroup threadGroup)
NioJSSESocketChannelFactory
threadGroup
- public NioChannel acceptChannel(AsynchronousServerSocketChannel listener) throws IOException
NioServerSocketChannelFactory
acceptChannel
in class DefaultNioServerSocketChannelFactory
listener
- The Asynchronous Server Socket channel that will accept a new
connectionNioChannel
representing the new connectionIOException
public void initChannel(NioChannel channel) throws Exception
NioServerSocketChannelFactory
NioChannel
initChannel
in class DefaultNioServerSocketChannelFactory
channel
- The channel to be initializedException
public void handshake(NioChannel channel) throws IOException
NioServerSocketChannelFactory
handshake
in class DefaultNioServerSocketChannelFactory
IOException
public void setSslContext(SSLContext ctx)
ctx
- public SSLContext getSslContext()
public void init() throws IOException
init
in class DefaultNioServerSocketChannelFactory
IOException
public void destroy() throws IOException
NioServerSocketChannelFactory
destroy
in class DefaultNioServerSocketChannelFactory
IOException
protected String[] getEnabledCiphers(String requestedCiphers, String[] supportedCiphers)
requestedCiphers
- Comma-separated list of requested cipherssupportedCiphers
- Array of supported ciphersprotected KeyStore getKeystore(String type, String provider, String pass) throws IOException
type
- the type of the keystoreprovider
- the keystore providerpass
- the keystore passwordIOException
protected String getKeystorePassword()
protected KeyManager[] getKeyManagers(String keystoreType, String keystoreProvider, String algorithm, String keyAlias) throws Exception
keystoreType
- keystoreProvider
- algorithm
- keyAlias
- Exception
protected TrustManager[] getTrustManagers(String keystoreType, String keystoreProvider, String algorithm) throws Exception
keystoreType
- keystoreProvider
- algorithm
- Exception
protected KeyStore getTrustStore(String keystoreType, String keystoreProvider) throws IOException
keystoreType
- keystoreProvider
- IOException
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception
PKIX
is supported.algorithm
- The algorithm to get parameters for.crlf
- The path to the CRL file.trustStore
- The configured TrustStore.Exception
protected Collection<? extends CRL> getCRLs(String crlf) throws IOException, CRLException, CertificateException
crlf
- java.security.cert.CRL
IOException
CRLException
CertificateException
protected void setEnabledProtocols(SSLEngine engine, String[] protocols)
engine
- the SSLEngine.protocols
- the protocols to use.protected String[] getEnabledProtocols(SSLEngine engine, String requestedProtocols)
engine
- The SSLEngine to get supported list from.requestedProtocols
- Comma-separated list of requested SSL protocol variantsCopyright © 2013 JBoss by Red Hat. All rights reserved.