Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master'

This commit is contained in:
Simone Bordet 2011-09-26 10:15:11 +02:00
parent a699ffd869 df0371796e
commit 8b4eea85d7
18 changed files with 430 additions and 272 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
example-jetty-embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java
View File

@ -88,33 +88,13 @@ public class LikeJettyXml
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
}); });
cf.setProtocol("TLSv1.1");
cf.addExcludeProtocols(new String[]{"TLSv1","SSLv3"});
ssl_connector.setStatsOn(true); ssl_connector.setStatsOn(true);
server.addConnector(ssl_connector); server.addConnector(ssl_connector);
ssl_connector.open(); ssl_connector.open();
SslSocketConnector ssls_connector = new SslSocketConnector();
ssls_connector.setPort(8444);
cf = ssls_connector.getSslContextFactory();
cf.setKeyStore(jetty_home + "/etc/keystore");
cf.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
cf.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
cf.setTrustStore(jetty_home + "/etc/keystore");
cf.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
cf.setExcludeCipherSuites(
new String[] {
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
});
ssls_connector.setStatsOn(true);
server.addConnector(ssls_connector);
ssls_connector.open();
Ajp13SocketConnector ajp = new Ajp13SocketConnector(); Ajp13SocketConnector ajp = new Ajp13SocketConnector();

2
jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java
View File

@ -178,7 +178,7 @@ public class HttpClient extends HttpBuffers implements Attributes, Dumpable
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* @return the threadPool * @return the threadpool
*/ */
public ThreadPool getThreadPool() public ThreadPool getThreadPool()
{ {

10
jetty-client/src/main/java/org/eclipse/jetty/client/SelectConnector.java
View File

@ -51,7 +51,6 @@ class SelectConnector extends AbstractLifeCycle implements HttpClient.Connector
private final HttpClient _httpClient; private final HttpClient _httpClient;
private final Manager _selectorManager=new Manager(); private final Manager _selectorManager=new Manager();
private final Map<SocketChannel, Timeout.Task> _connectingChannels = new ConcurrentHashMap<SocketChannel, Timeout.Task>(); private final Map<SocketChannel, Timeout.Task> _connectingChannels = new ConcurrentHashMap<SocketChannel, Timeout.Task>();
private SSLContext _sslContext;
private Buffers _sslBuffers; private Buffers _sslBuffers;
/** /**
@ -211,19 +210,16 @@ class SelectConnector extends AbstractLifeCycle implements HttpClient.Connector
private synchronized SSLEngine newSslEngine(SocketChannel channel) throws IOException private synchronized SSLEngine newSslEngine(SocketChannel channel) throws IOException
{ {
SslContextFactory sslContextFactory = _httpClient.getSslContextFactory(); SslContextFactory sslContextFactory = _httpClient.getSslContextFactory();
if (_sslContext == null)
_sslContext = sslContextFactory.getSslContext();
SSLEngine sslEngine; SSLEngine sslEngine;
if (channel != null && sslContextFactory.isSessionCachingEnabled()) if (channel != null)
{ {
String peerHost = channel.socket().getInetAddress().getHostAddress(); String peerHost = channel.socket().getInetAddress().getHostAddress();
int peerPort = channel.socket().getPort(); int peerPort = channel.socket().getPort();
sslEngine = _sslContext.createSSLEngine(peerHost, peerPort); sslEngine = sslContextFactory.newSslEngine(peerHost, peerPort);
} }
else else
{ {
sslEngine = _sslContext.createSSLEngine(); sslEngine = sslContextFactory.newSslEngine();
} }
sslEngine.setUseClientMode(true); sslEngine.setUseClientMode(true);
sslEngine.beginHandshake(); sslEngine.beginHandshake();

15
jetty-client/src/main/java/org/eclipse/jetty/client/SocketConnector.java
View File

@ -45,18 +45,9 @@ class SocketConnector extends AbstractLifeCycle implements HttpClient.Connector
public void startConnection(final HttpDestination destination) throws IOException public void startConnection(final HttpDestination destination) throws IOException
{ {
Socket socket=null; Socket socket= destination.isSecure()
?_httpClient.getSslContextFactory().newSslSocket()
if ( destination.isSecure() ) :SocketFactory.getDefault().createSocket();
{
SSLContext sslContext = _httpClient.getSSLContext();
socket = sslContext.getSocketFactory().createSocket();
}
else
{
LOG.debug("Using Regular Socket");
socket = SocketFactory.getDefault().createSocket();
}
socket.setSoTimeout(0); socket.setSoTimeout(0);
socket.setTcpNoDelay(true); socket.setTcpNoDelay(true);

2
jetty-client/src/test/java/org/eclipse/jetty/client/helperClasses/GenericServerHandler.java
View File

@ -68,7 +68,7 @@ public class GenericServerHandler extends AbstractHandler
} }
catch (InterruptedException e) catch (InterruptedException e)
{ {
LOG.warn(e); LOG.debug(e);
} }
catch (IOException e) catch (IOException e)
{ {

2
jetty-deploy/src/main/config/etc/jetty-deploy.xml
View File

@ -22,7 +22,7 @@
</Set> </Set>
<Call name="setContextAttribute"> <Call name="setContextAttribute">
<Arg>org.eclipse.jetty.server.webapp.ContainerIncludeJarPattern</Arg> <Arg>org.eclipse.jetty.server.webapp.ContainerIncludeJarPattern</Arg>
<Arg>.*/jsp-api-[^/]*\.jar$|.*/jsp-[^/]*\.jar$</Arg> <Arg>.*/.*jsp-api-[^/]*\.jar$|.*/.*jsp-[^/]*\.jar$|.*/.*taglibs[^/]*\.jar$</Arg>
</Call> </Call>

470
jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java
View File

@ -21,6 +21,7 @@ import java.io.ByteArrayOutputStream;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.net.InetAddress;
import java.security.InvalidParameterException; import java.security.InvalidParameterException;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.SecureRandom; import java.security.SecureRandom;
@ -42,7 +43,10 @@ import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext; import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager; import javax.net.ssl.X509KeyManager;
@ -51,6 +55,8 @@ import javax.net.ssl.X509TrustManager;
import org.eclipse.jetty.http.security.Password; import org.eclipse.jetty.http.security.Password;
import org.eclipse.jetty.util.IO; import org.eclipse.jetty.util.IO;
import org.eclipse.jetty.util.component.AbstractLifeCycle; import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.resource.Resource; import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.security.CertificateUtils; import org.eclipse.jetty.util.security.CertificateUtils;
import org.eclipse.jetty.util.security.CertificateValidator; import org.eclipse.jetty.util.security.CertificateValidator;
@ -65,6 +71,8 @@ import org.eclipse.jetty.util.security.CertificateValidator;
*/ */
public class SslContextFactory extends AbstractLifeCycle public class SslContextFactory extends AbstractLifeCycle
{ {
private static final Logger LOG = Log.getLogger(SslContextFactory.class);
public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM = public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM =
(Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ? (Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ?
"SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm")); "SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm"));
@ -82,8 +90,14 @@ public class SslContextFactory extends AbstractLifeCycle
/** String name of keystore password property. */ /** String name of keystore password property. */
public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password"; public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
/** Excluded protocols. */
private final Set<String> _excludeProtocols = new HashSet<String>();
// private final Set<String> _excludeProtocols = new HashSet<String>(Collections.singleton("SSLv2Hello"));
/** Included protocols. */
private Set<String> _includeProtocols = null;
/** Excluded cipher suites. */ /** Excluded cipher suites. */
private Set<String> _excludeCipherSuites = null; private final Set<String> _excludeCipherSuites = new HashSet<String>();
/** Included cipher suites. */ /** Included cipher suites. */
private Set<String> _includeCipherSuites = null; private Set<String> _includeCipherSuites = null;
@ -196,6 +210,7 @@ public class SslContextFactory extends AbstractLifeCycle
if (_keyStoreInputStream == null && _keyStorePath == null && if (_keyStoreInputStream == null && _keyStorePath == null &&
_trustStoreInputStream == null && _trustStorePath == null ) _trustStoreInputStream == null && _trustStorePath == null )
{ {
LOG.debug("No keystore or trust store configured. ACCEPTING UNTRUSTED CERTIFICATES!!!!!");
// Create a trust manager that does not validate certificate chains // Create a trust manager that does not validate certificate chains
TrustManager trustAllCerts = new X509TrustManager() TrustManager trustAllCerts = new X509TrustManager()
{ {
@ -218,11 +233,115 @@ public class SslContextFactory extends AbstractLifeCycle
} }
else else
{ {
createSSLContext(); // verify that keystore and truststore
// parameters are set up correctly
try
{
checkKeyStore();
}
catch(IllegalStateException e)
{
LOG.ignore(e);
}
KeyStore keyStore = loadKeyStore();
KeyStore trustStore = loadTrustStore();
Collection<? extends CRL> crls = loadCRL(_crlPath);
if (_validateCerts && keyStore != null)
{
if (_certAlias == null)
{
List<String> aliases = Collections.list(keyStore.aliases());
_certAlias = aliases.size() == 1 ? aliases.get(0) : null;
}
Certificate cert = _certAlias == null?null:keyStore.getCertificate(_certAlias);
if (cert == null)
{
throw new Exception("No certificate found in the keystore" + (_certAlias==null ? "":" for alias " + _certAlias));
}
CertificateValidator validator = new CertificateValidator(trustStore, crls);
validator.setMaxCertPathLength(_maxCertPathLength);
validator.setEnableCRLDP(_enableCRLDP);
validator.setEnableOCSP(_enableOCSP);
validator.setOcspResponderURL(_ocspResponderURL);
validator.validate(keyStore, cert);
}
KeyManager[] keyManagers = getKeyManagers(keyStore);
TrustManager[] trustManagers = getTrustManagers(trustStore,crls);
SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm);
_context = (_sslProvider == null)?SSLContext.getInstance(_sslProtocol):SSLContext.getInstance(_sslProtocol,_sslProvider);
_context.init(keyManagers,trustManagers,secureRandom);
SSLEngine engine=newSslEngine();
LOG.info("Enabled Protocols {} of {}",Arrays.asList(engine.getEnabledProtocols()),Arrays.asList(engine.getSupportedProtocols()));
LOG.debug("Enabled Ciphers {} of {}",Arrays.asList(engine.getEnabledCipherSuites()),Arrays.asList(engine.getSupportedCipherSuites()));
} }
} }
} }
/* ------------------------------------------------------------ */
/**
* @return The array of protocol names to exclude from
* {@link SSLEngine#setEnabledProtocols(String[])}
*/
public String[] getExcludeProtocols()
{
return _excludeProtocols.toArray(new String[_excludeProtocols.size()]);
}
/* ------------------------------------------------------------ */
/**
* @param Protocols
* The array of protocol names to exclude from
* {@link SSLEngine#setEnabledProtocols(String[])}
*/
public void setExcludeProtocols(String... protocols)
{
checkNotStarted();
_excludeProtocols.clear();
_excludeProtocols.addAll(Arrays.asList(protocols));
}
/* ------------------------------------------------------------ */
/**
* @param protocol Protocol names to add to {@link SSLEngine#setEnabledProtocols(String[])}
*/
public void addExcludeProtocols(String... protocol)
{
checkNotStarted();
_excludeProtocols.addAll(Arrays.asList(protocol));
}
/* ------------------------------------------------------------ */
/**
* @return The array of protocol names to include in
* {@link SSLEngine#setEnabledProtocols(String[])}
*/
public String[] getIncludeProtocols()
{
return _includeProtocols.toArray(new String[_includeProtocols.size()]);
}
/* ------------------------------------------------------------ */
/**
* @param Protocols
* The array of protocol names to include in
* {@link SSLEngine#setEnabledProtocols(String[])}
*/
public void setIncludeProtocols(String... protocols)
{
checkNotStarted();
_includeProtocols = new HashSet<String>(Arrays.asList(protocols));
}
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* @return The array of cipher suite names to exclude from * @return The array of cipher suite names to exclude from
@ -239,11 +358,21 @@ public class SslContextFactory extends AbstractLifeCycle
* The array of cipher suite names to exclude from * The array of cipher suite names to exclude from
* {@link SSLEngine#setEnabledCipherSuites(String[])} * {@link SSLEngine#setEnabledCipherSuites(String[])}
*/ */
public void setExcludeCipherSuites(String[] cipherSuites) public void setExcludeCipherSuites(String... cipherSuites)
{ {
checkStarted(); checkNotStarted();
_excludeCipherSuites.clear();
_excludeCipherSuites = new HashSet<String>(Arrays.asList(cipherSuites)); _excludeCipherSuites.addAll(Arrays.asList(cipherSuites));
}
/* ------------------------------------------------------------ */
/**
* @param cipher Cipher names to add to {@link SSLEngine#setEnabledCipherSuites(String[])}
*/
public void addExcludeCipherSuites(String... cipher)
{
checkNotStarted();
_excludeCipherSuites.addAll(Arrays.asList(cipher));
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
@ -262,9 +391,9 @@ public class SslContextFactory extends AbstractLifeCycle
* The array of cipher suite names to include in * The array of cipher suite names to include in
* {@link SSLEngine#setEnabledCipherSuites(String[])} * {@link SSLEngine#setEnabledCipherSuites(String[])}
*/ */
public void setIncludeCipherSuites(String[] cipherSuites) public void setIncludeCipherSuites(String... cipherSuites)
{ {
checkStarted(); checkNotStarted();
_includeCipherSuites = new HashSet<String>(Arrays.asList(cipherSuites)); _includeCipherSuites = new HashSet<String>(Arrays.asList(cipherSuites));
} }
@ -285,7 +414,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setKeyStore(String keyStorePath) public void setKeyStore(String keyStorePath)
{ {
checkStarted(); checkNotStarted();
_keyStorePath = keyStorePath; _keyStorePath = keyStorePath;
} }
@ -306,7 +435,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setKeyStoreProvider(String keyStoreProvider) public void setKeyStoreProvider(String keyStoreProvider)
{ {
checkStarted(); checkNotStarted();
_keyStoreProvider = keyStoreProvider; _keyStoreProvider = keyStoreProvider;
} }
@ -327,7 +456,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setKeyStoreType(String keyStoreType) public void setKeyStoreType(String keyStoreType)
{ {
checkStarted(); checkNotStarted();
_keyStoreType = keyStoreType; _keyStoreType = keyStoreType;
} }
@ -341,7 +470,7 @@ public class SslContextFactory extends AbstractLifeCycle
@Deprecated @Deprecated
public InputStream getKeyStoreInputStream() public InputStream getKeyStoreInputStream()
{ {
checkConfig(); checkKeyStore();
return _keyStoreInputStream; return _keyStoreInputStream;
} }
@ -355,7 +484,7 @@ public class SslContextFactory extends AbstractLifeCycle
@Deprecated @Deprecated
public void setKeyStoreInputStream(InputStream keyStoreInputStream) public void setKeyStoreInputStream(InputStream keyStoreInputStream)
{ {
checkStarted(); checkNotStarted();
_keyStoreInputStream = keyStoreInputStream; _keyStoreInputStream = keyStoreInputStream;
} }
@ -376,7 +505,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setCertAlias(String certAlias) public void setCertAlias(String certAlias)
{ {
checkStarted(); checkNotStarted();
_certAlias = certAlias; _certAlias = certAlias;
} }
@ -397,7 +526,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setTrustStore(String trustStorePath) public void setTrustStore(String trustStorePath)
{ {
checkStarted(); checkNotStarted();
_trustStorePath = trustStorePath; _trustStorePath = trustStorePath;
} }
@ -418,7 +547,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setTrustStoreProvider(String trustStoreProvider) public void setTrustStoreProvider(String trustStoreProvider)
{ {
checkStarted(); checkNotStarted();
_trustStoreProvider = trustStoreProvider; _trustStoreProvider = trustStoreProvider;
} }
@ -439,7 +568,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setTrustStoreType(String trustStoreType) public void setTrustStoreType(String trustStoreType)
{ {
checkStarted(); checkNotStarted();
_trustStoreType = trustStoreType; _trustStoreType = trustStoreType;
} }
@ -453,7 +582,7 @@ public class SslContextFactory extends AbstractLifeCycle
@Deprecated @Deprecated
public InputStream getTrustStoreInputStream() public InputStream getTrustStoreInputStream()
{ {
checkConfig(); checkKeyStore();
return _trustStoreInputStream; return _trustStoreInputStream;
} }
@ -467,7 +596,7 @@ public class SslContextFactory extends AbstractLifeCycle
@Deprecated @Deprecated
public void setTrustStoreInputStream(InputStream trustStoreInputStream) public void setTrustStoreInputStream(InputStream trustStoreInputStream)
{ {
checkStarted(); checkNotStarted();
_trustStoreInputStream = trustStoreInputStream; _trustStoreInputStream = trustStoreInputStream;
} }
@ -490,7 +619,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setNeedClientAuth(boolean needClientAuth) public void setNeedClientAuth(boolean needClientAuth)
{ {
checkStarted(); checkNotStarted();
_needClientAuth = needClientAuth; _needClientAuth = needClientAuth;
} }
@ -513,7 +642,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setWantClientAuth(boolean wantClientAuth) public void setWantClientAuth(boolean wantClientAuth)
{ {
checkStarted(); checkNotStarted();
_wantClientAuth = wantClientAuth; _wantClientAuth = wantClientAuth;
} }
@ -545,7 +674,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setValidateCerts(boolean validateCerts) public void setValidateCerts(boolean validateCerts)
{ {
checkStarted(); checkNotStarted();
_validateCerts = validateCerts; _validateCerts = validateCerts;
} }
@ -566,7 +695,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setValidatePeerCerts(boolean validatePeerCerts) public void setValidatePeerCerts(boolean validatePeerCerts)
{ {
checkStarted(); checkNotStarted();
_validatePeerCerts = validatePeerCerts; _validatePeerCerts = validatePeerCerts;
} }
@ -593,7 +722,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setAllowRenegotiate(boolean allowRenegotiate) public void setAllowRenegotiate(boolean allowRenegotiate)
{ {
checkStarted(); checkNotStarted();
_allowRenegotiate = allowRenegotiate; _allowRenegotiate = allowRenegotiate;
} }
@ -605,7 +734,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setKeyStorePassword(String password) public void setKeyStorePassword(String password)
{ {
checkStarted(); checkNotStarted();
_keyStorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null); _keyStorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null);
} }
@ -617,7 +746,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setKeyManagerPassword(String password) public void setKeyManagerPassword(String password)
{ {
checkStarted(); checkNotStarted();
_keyManagerPassword = Password.getPassword(KEYPASSWORD_PROPERTY,password,null); _keyManagerPassword = Password.getPassword(KEYPASSWORD_PROPERTY,password,null);
} }
@ -629,7 +758,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setTrustStorePassword(String password) public void setTrustStorePassword(String password)
{ {
checkStarted(); checkNotStarted();
_trustStorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null); _trustStorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null);
} }
@ -652,7 +781,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setProvider(String provider) public void setProvider(String provider)
{ {
checkStarted(); checkNotStarted();
_sslProvider = provider; _sslProvider = provider;
} }
@ -675,7 +804,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setProtocol(String protocol) public void setProtocol(String protocol)
{ {
checkStarted(); checkNotStarted();
_sslProtocol = protocol; _sslProtocol = protocol;
} }
@ -700,7 +829,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setSecureRandomAlgorithm(String algorithm) public void setSecureRandomAlgorithm(String algorithm)
{ {
checkStarted(); checkNotStarted();
_secureRandomAlgorithm = algorithm; _secureRandomAlgorithm = algorithm;
} }
@ -721,7 +850,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setSslKeyManagerFactoryAlgorithm(String algorithm) public void setSslKeyManagerFactoryAlgorithm(String algorithm)
{ {
checkStarted(); checkNotStarted();
_keyManagerFactoryAlgorithm = algorithm; _keyManagerFactoryAlgorithm = algorithm;
} }
@ -742,7 +871,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setTrustManagerFactoryAlgorithm(String algorithm) public void setTrustManagerFactoryAlgorithm(String algorithm)
{ {
checkStarted(); checkNotStarted();
_trustManagerFactoryAlgorithm = algorithm; _trustManagerFactoryAlgorithm = algorithm;
} }
@ -763,7 +892,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setCrlPath(String crlPath) public void setCrlPath(String crlPath)
{ {
checkStarted(); checkNotStarted();
_crlPath = crlPath; _crlPath = crlPath;
} }
@ -786,7 +915,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setMaxCertPathLength(int maxCertPathLength) public void setMaxCertPathLength(int maxCertPathLength)
{ {
checkStarted(); checkNotStarted();
_maxCertPathLength = maxCertPathLength; _maxCertPathLength = maxCertPathLength;
} }
@ -797,6 +926,8 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public SSLContext getSslContext() public SSLContext getSslContext()
{ {
if (!isStarted())
throw new IllegalStateException(getState());
return _context; return _context;
} }
@ -807,60 +938,11 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setSslContext(SSLContext sslContext) public void setSslContext(SSLContext sslContext)
{ {
checkStarted(); checkNotStarted();
_context = sslContext; _context = sslContext;
} }
/* ------------------------------------------------------------ */
/**
* @throws Exception
*/
protected void createSSLContext() throws Exception
{
// verify that keystore and truststore
// parameters are set up correctly
checkConfig();
KeyStore keyStore = loadKeyStore();
KeyStore trustStore = loadTrustStore();
Collection<? extends CRL> crls = loadCRL(_crlPath);
if (_validateCerts && keyStore != null)
{
if (_certAlias == null)
{
List<String> aliases = Collections.list(keyStore.aliases());
_certAlias = aliases.size() == 1 ? aliases.get(0) : null;
}
Certificate cert = _certAlias == null?null:keyStore.getCertificate(_certAlias);
if (cert == null)
{
throw new Exception("No certificate found in the keystore" + (_certAlias==null ? "":" for alias " + _certAlias));
}
CertificateValidator validator = new CertificateValidator(trustStore, crls);
validator.setMaxCertPathLength(_maxCertPathLength);
validator.setEnableCRLDP(_enableCRLDP);
validator.setEnableOCSP(_enableOCSP);
validator.setOcspResponderURL(_ocspResponderURL);
validator.validate(keyStore, cert);
}
KeyManager[] keyManagers = getKeyManagers(keyStore);
TrustManager[] trustManagers = getTrustManagers(trustStore,crls);
SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm);
_context = (_sslProvider == null)?SSLContext.getInstance(_sslProtocol):SSLContext.getInstance(_sslProtocol,_sslProvider);
_context.init(keyManagers,trustManagers,secureRandom);
SSLSessionContext sslSessionContext = _context.getServerSessionContext();
sslSessionContext.setSessionCacheSize(_sslSessionCacheSize);
sslSessionContext.setSessionTimeout(_sslSessionTimeout);
}
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* Override this method to provide alternate way to load a keystore. * Override this method to provide alternate way to load a keystore.
@ -1014,33 +1096,27 @@ public class SslContextFactory extends AbstractLifeCycle
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* Check configuration. Ensures that if keystore has been * Check KetyStore Configuration. Ensures that if keystore has been
* configured but there's no truststore, that keystore is * configured but there's no truststore, that keystore is
* used as truststore. * used as truststore.
* @return true SslContextFactory configuration can be used in server connector. * @throws IllegalStateException if SslContextFactory configuration can't be used.
*/ */
public boolean checkConfig() public void checkKeyStore()
{ {
boolean check = true;
if (_keyStore == null && _keyStoreInputStream == null && _keyStorePath == null) if (_keyStore == null && _keyStoreInputStream == null && _keyStorePath == null)
throw new IllegalStateException("SSL doesn't have a valid keystore");
// if the keystore has been configured but there is no
// truststore configured, use the keystore as the truststore
if (_trustStore == null && _trustStoreInputStream == null && _trustStorePath == null)
{ {
// configuration doesn't have a valid keystore _trustStore = _keyStore;
check = false; _trustStorePath = _keyStorePath;
} _trustStoreInputStream = _keyStoreInputStream;
else _trustStoreType = _keyStoreType;
{ _trustStoreProvider = _keyStoreProvider;
// if the keystore has been configured but there is no _trustStorePassword = _keyStorePassword;
// truststore configured, use the keystore as the truststore _trustManagerFactoryAlgorithm = _keyManagerFactoryAlgorithm;
if (_trustStore == null && _trustStoreInputStream == null && _trustStorePath == null)
{
_trustStore = _keyStore;
_trustStorePath = _keyStorePath;
_trustStoreInputStream = _keyStoreInputStream;
_trustStoreType = _keyStoreType;
_trustStoreProvider = _keyStoreProvider;
_trustStorePassword = _keyStorePassword;
_trustManagerFactoryAlgorithm = _keyManagerFactoryAlgorithm;
}
} }
// It's the same stream we cannot read it twice, so read it once in memory // It's the same stream we cannot read it twice, so read it once in memory
@ -1057,11 +1133,9 @@ public class SslContextFactory extends AbstractLifeCycle
} }
catch (Exception ex) catch (Exception ex)
{ {
throw new RuntimeException(ex); throw new IllegalStateException(ex);
} }
} }
return check;
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
@ -1073,57 +1147,68 @@ public class SslContextFactory extends AbstractLifeCycle
* @param supportedCipherSuites Array of supported cipher suites * @param supportedCipherSuites Array of supported cipher suites
* @return Array of cipher suites to enable * @return Array of cipher suites to enable
*/ */
public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites) public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
{ {
Set<String> selectedCipherSuites = null; Set<String> selected_protocols = new HashSet<String>();
if (enabledCipherSuites != null)
// Set the starting protocols - either from the included or enabled list
if (_includeProtocols!=null)
{ {
selectedCipherSuites = new HashSet<String>(Arrays.asList(enabledCipherSuites)); // Use only the supported included protocols
for (String protocol : supportedProtocols)
if (_includeProtocols.contains(protocol))
selected_protocols.add(protocol);
} }
else else
selected_protocols.addAll(Arrays.asList(enabledProtocols));
// Remove any excluded protocols
if (_excludeProtocols != null)
selected_protocols.removeAll(_excludeProtocols);
return selected_protocols.toArray(new String[selected_protocols.size()]);
}
/* ------------------------------------------------------------ */
/**
* Select cipher suites to be used by the connector
* based on configured inclusion and exclusion lists
* as well as enabled and supported cipher suite lists.
* @param enabledCipherSuites Array of enabled cipher suites
* @param supportedCipherSuites Array of supported cipher suites
* @return Array of cipher suites to enable
*/
public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
{
Set<String> selected_ciphers = new HashSet<String>();
// Set the starting ciphers - either from the included or enabled list
if (_includeCipherSuites!=null)
{ {
selectedCipherSuites = new HashSet<String>(); // Use only the supported included ciphers
for (String cipherSuite : supportedCipherSuites)
if (_includeCipherSuites.contains(cipherSuite))
selected_ciphers.add(cipherSuite);
} }
else
if ((supportedCipherSuites != null && supportedCipherSuites.length > 0) && selected_ciphers.addAll(Arrays.asList(enabledCipherSuites));
(_includeCipherSuites != null && _includeCipherSuites.size() > 0))
{
Set<String> supportedCSList = new HashSet<String>(Arrays.asList(supportedCipherSuites)); // Remove any excluded ciphers
if (_excludeCipherSuites != null)
for (String cipherName : _includeCipherSuites) selected_ciphers.removeAll(_excludeCipherSuites);
{ return selected_ciphers.toArray(new String[selected_ciphers.size()]);
if ((!selectedCipherSuites.contains(cipherName)) &&
supportedCSList.contains(cipherName))
{
selectedCipherSuites.add(cipherName);
}
}
}
if (_excludeCipherSuites != null && _excludeCipherSuites.size() > 0)
{
for (String cipherName : _excludeCipherSuites)
{
if (selectedCipherSuites.contains(cipherName))
{
selectedCipherSuites.remove(cipherName);
}
}
}
return selectedCipherSuites.toArray(new String[selectedCipherSuites.size()]);
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* Check if the lifecycle has been started and throw runtime exception * Check if the lifecycle has been started and throw runtime exception
*/ */
protected void checkStarted() protected void checkNotStarted()
{ {
if (isStarted()) if (isStarted())
{ throw new IllegalStateException("Cannot modify configuration when "+getState());
throw new IllegalStateException("Cannot modify configuration after SslContextFactory was started");
}
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
@ -1141,7 +1226,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setEnableCRLDP(boolean enableCRLDP) public void setEnableCRLDP(boolean enableCRLDP)
{ {
checkStarted(); checkNotStarted();
_enableCRLDP = enableCRLDP; _enableCRLDP = enableCRLDP;
} }
@ -1161,7 +1246,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setEnableOCSP(boolean enableOCSP) public void setEnableOCSP(boolean enableOCSP)
{ {
checkStarted(); checkNotStarted();
_enableOCSP = enableOCSP; _enableOCSP = enableOCSP;
} }
@ -1181,7 +1266,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setOcspResponderURL(String ocspResponderURL) public void setOcspResponderURL(String ocspResponderURL)
{ {
checkStarted(); checkNotStarted();
_ocspResponderURL = ocspResponderURL; _ocspResponderURL = ocspResponderURL;
} }
@ -1192,7 +1277,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setKeyStore(KeyStore keyStore) public void setKeyStore(KeyStore keyStore)
{ {
checkStarted(); checkNotStarted();
_keyStore = keyStore; _keyStore = keyStore;
} }
@ -1203,7 +1288,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setTrustStore(KeyStore trustStore) public void setTrustStore(KeyStore trustStore)
{ {
checkStarted(); checkNotStarted();
_trustStore = trustStore; _trustStore = trustStore;
} }
@ -1214,7 +1299,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setKeyStoreResource(Resource resource) public void setKeyStoreResource(Resource resource)
{ {
checkStarted(); checkNotStarted();
try try
{ {
@ -1233,7 +1318,7 @@ public class SslContextFactory extends AbstractLifeCycle
*/ */
public void setTrustStore(Resource resource) public void setTrustStore(Resource resource)
{ {
checkStarted(); checkNotStarted();
try try
{ {
@ -1299,4 +1384,83 @@ public class SslContextFactory extends AbstractLifeCycle
{ {
_sslSessionTimeout = sslSessionTimeout; _sslSessionTimeout = sslSessionTimeout;
} }
/* ------------------------------------------------------------ */
public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException
{
SSLServerSocketFactory factory = _context.getServerSocketFactory();
SSLServerSocket socket =
(SSLServerSocket) (host==null ?
factory.createServerSocket(port,backlog):
factory.createServerSocket(port,backlog,InetAddress.getByName(host)));
if (getWantClientAuth())
socket.setWantClientAuth(getWantClientAuth());
if (getNeedClientAuth())
socket.setNeedClientAuth(getNeedClientAuth());
socket.setEnabledCipherSuites(selectCipherSuites(
socket.getEnabledCipherSuites(),
socket.getSupportedCipherSuites()));
socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));
return socket;
}
/* ------------------------------------------------------------ */
public SSLSocket newSslSocket() throws IOException
{
SSLSocketFactory factory = _context.getSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket();
if (getWantClientAuth())
socket.setWantClientAuth(getWantClientAuth());
if (getNeedClientAuth())
socket.setNeedClientAuth(getNeedClientAuth());
socket.setEnabledCipherSuites(selectCipherSuites(
socket.getEnabledCipherSuites(),
socket.getSupportedCipherSuites()));
socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));
return socket;
}
/* ------------------------------------------------------------ */
public SSLEngine newSslEngine(String host,int port)
{
SSLEngine sslEngine=isSessionCachingEnabled()
?_context.createSSLEngine(host, port)
:_context.createSSLEngine();
customize(sslEngine);
return sslEngine;
}
/* ------------------------------------------------------------ */
public SSLEngine newSslEngine()
{
SSLEngine sslEngine=_context.createSSLEngine();
customize(sslEngine);
return sslEngine;
}
/* ------------------------------------------------------------ */
public void customize(SSLEngine sslEngine)
{
if (getWantClientAuth())
sslEngine.setWantClientAuth(getWantClientAuth());
if (getNeedClientAuth())
sslEngine.setNeedClientAuth(getNeedClientAuth());
sslEngine.setEnabledCipherSuites(selectCipherSuites(
sslEngine.getEnabledCipherSuites(),
sslEngine.getSupportedCipherSuites()));
sslEngine.setEnabledProtocols(selectProtocols(sslEngine.getEnabledProtocols(),sslEngine.getSupportedProtocols()));
}
} }

2
jetty-io/src/main/java/org/eclipse/jetty/io/nio/SelectChannelEndPoint.java
View File

@ -251,7 +251,7 @@ public class SelectChannelEndPoint extends ChannelEndPoint implements AsyncEndPo
public void checkIdleTimestamp(long now) public void checkIdleTimestamp(long now)
{ {
long idleTimestamp=_idleTimestamp; long idleTimestamp=_idleTimestamp;
if (!getChannel().isOpen() || idleTimestamp!=0 && _maxIdleTime!=0 && now>(idleTimestamp+_maxIdleTime)) if (!getChannel().isOpen() || idleTimestamp!=0 && _maxIdleTime>0 && now>(idleTimestamp+_maxIdleTime))
idleExpired(); idleExpired();
} }

4
jetty-server/src/main/java/org/eclipse/jetty/server/HttpConnection.java
View File

@ -674,10 +674,10 @@ public abstract class HttpConnection extends AbstractConnection
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
public int getMaxIdleTime() public int getMaxIdleTime()
{ {
if (_connector.isLowResources() && _endp.getMaxIdleTime()==_connector.getMaxIdleTime())
return _connector.getLowResourceMaxIdleTime();
if (_endp.getMaxIdleTime()>0) if (_endp.getMaxIdleTime()>0)
return _endp.getMaxIdleTime(); return _endp.getMaxIdleTime();
if (_connector.isLowResources())
return _connector.getLowResourceMaxIdleTime();
return _connector.getMaxIdleTime(); return _connector.getMaxIdleTime();
} }

44
jetty-server/src/main/java/org/eclipse/jetty/server/ssl/SslSelectChannelConnector.java
View File

@ -16,6 +16,8 @@ package org.eclipse.jetty.server.ssl;
import java.io.IOException; import java.io.IOException;
import java.nio.channels.SelectionKey; import java.nio.channels.SelectionKey;
import java.nio.channels.SocketChannel; import java.nio.channels.SocketChannel;
import java.util.Arrays;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSession;
@ -36,7 +38,6 @@ import org.eclipse.jetty.io.nio.SslSelectChannelEndPoint;
import org.eclipse.jetty.server.HttpConnection; import org.eclipse.jetty.server.HttpConnection;
import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.nio.SelectChannelConnector; import org.eclipse.jetty.server.nio.SelectChannelConnector;
import org.eclipse.jetty.util.log.Log;
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
@ -97,7 +98,9 @@ public class SslSelectChannelConnector extends SelectChannelConnector implements
SslSelectChannelEndPoint sslHttpChannelEndpoint=(SslSelectChannelEndPoint)endpoint; SslSelectChannelEndPoint sslHttpChannelEndpoint=(SslSelectChannelEndPoint)endpoint;
SSLEngine sslEngine=sslHttpChannelEndpoint.getSSLEngine(); SSLEngine sslEngine=sslHttpChannelEndpoint.getSSLEngine();
SSLSession sslSession=sslEngine.getSession(); SSLSession sslSession=sslEngine.getSession();
System.err.println(sslSession.getProtocol());
SslCertificates.customize(sslSession,endpoint,request); SslCertificates.customize(sslSession,endpoint,request);
} }
@ -565,33 +568,19 @@ public class SslSelectChannelConnector extends SelectChannelConnector implements
protected SSLEngine createSSLEngine(SocketChannel channel) throws IOException protected SSLEngine createSSLEngine(SocketChannel channel) throws IOException
{ {
SSLEngine engine; SSLEngine engine;
if (channel != null && _sslContextFactory.isSessionCachingEnabled()) if (channel != null)
{ {
String peerHost = channel.socket().getInetAddress().getHostAddress(); String peerHost = channel.socket().getInetAddress().getHostAddress();
int peerPort = channel.socket().getPort(); int peerPort = channel.socket().getPort();
engine = _sslContextFactory.getSslContext().createSSLEngine(peerHost, peerPort); engine = _sslContextFactory.newSslEngine(peerHost, peerPort);
} }
else else
{ {
engine = _sslContextFactory.getSslContext().createSSLEngine(); engine = _sslContextFactory.newSslEngine();
} }
customizeEngine(engine);
return engine;
}
/* ------------------------------------------------------------ */
private void customizeEngine(SSLEngine engine)
{
engine.setUseClientMode(false); engine.setUseClientMode(false);
return engine;
if (_sslContextFactory.getWantClientAuth())
engine.setWantClientAuth(_sslContextFactory.getWantClientAuth());
if (_sslContextFactory.getNeedClientAuth())
engine.setNeedClientAuth(_sslContextFactory.getNeedClientAuth());
engine.setEnabledCipherSuites(
_sslContextFactory.selectCipherSuites(engine.getEnabledCipherSuites(),
engine.getSupportedCipherSuites()));
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
@ -601,22 +590,13 @@ public class SslSelectChannelConnector extends SelectChannelConnector implements
@Override @Override
protected void doStart() throws Exception protected void doStart() throws Exception
{ {
if (!_sslContextFactory.checkConfig()) _sslContextFactory.checkKeyStore();
{
throw new IllegalStateException("SSL context is not configured correctly.");
}
_sslContextFactory.start(); _sslContextFactory.start();
SSLEngine sslEngine = _sslContextFactory.getSslContext().createSSLEngine(); SSLEngine sslEngine = _sslContextFactory.newSslEngine();
sslEngine.setUseClientMode(false); sslEngine.setUseClientMode(false);
sslEngine.setWantClientAuth(_sslContextFactory.getWantClientAuth());
sslEngine.setNeedClientAuth(_sslContextFactory.getNeedClientAuth());
sslEngine.setEnabledCipherSuites(_sslContextFactory.selectCipherSuites(
sslEngine.getEnabledCipherSuites(),
sslEngine.getSupportedCipherSuites()));
SSLSession sslSession = sslEngine.getSession(); SSLSession sslSession = sslEngine.getSession();

29
jetty-server/src/main/java/org/eclipse/jetty/server/ssl/SslSocketConnector.java
View File

@ -335,11 +335,7 @@ public class SslSocketConnector extends SocketConnector implements SslConnector
@Override @Override
public void open() throws IOException public void open() throws IOException
{ {
if (!_sslContextFactory.checkConfig()) _sslContextFactory.checkKeyStore();
{
throw new IllegalStateException("SSL context is not configured correctly.");
}
try try
{ {
_sslContextFactory.start(); _sslContextFactory.start();
@ -358,11 +354,7 @@ public class SslSocketConnector extends SocketConnector implements SslConnector
@Override @Override
protected void doStart() throws Exception protected void doStart() throws Exception
{ {
if (!_sslContextFactory.checkConfig()) _sslContextFactory.checkKeyStore();
{
throw new IllegalStateException("SSL context is not configured correctly.");
}
_sslContextFactory.start(); _sslContextFactory.start();
super.doStart(); super.doStart();
@ -394,22 +386,7 @@ public class SslSocketConnector extends SocketConnector implements SslConnector
@Override @Override
protected ServerSocket newServerSocket(String host, int port,int backlog) throws IOException protected ServerSocket newServerSocket(String host, int port,int backlog) throws IOException
{ {
SSLServerSocketFactory factory = _sslContextFactory.getSslContext().getServerSocketFactory(); return _sslContextFactory.newSslServerSocket(host,port,backlog);
SSLServerSocket socket =
(SSLServerSocket) (host==null ?
factory.createServerSocket(port,backlog):
factory.createServerSocket(port,backlog,InetAddress.getByName(host)));
if (_sslContextFactory.getWantClientAuth())
socket.setWantClientAuth(_sslContextFactory.getWantClientAuth());
if (_sslContextFactory.getNeedClientAuth())
socket.setNeedClientAuth(_sslContextFactory.getNeedClientAuth());
socket.setEnabledCipherSuites(_sslContextFactory.selectCipherSuites(
socket.getEnabledCipherSuites(),
socket.getSupportedCipherSuites()));
return socket;
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */

2
jetty-server/src/test/java/org/eclipse/jetty/server/HttpServerTestBase.java
View File

@ -425,7 +425,7 @@ public abstract class HttpServerTestBase extends HttpServerTestFixture
while(len>=0) while(len>=0)
{ {
Thread.sleep(500); Thread.sleep(100);
len=is.read(buf); len=is.read(buf);
if (len>0) if (len>0)
total+=len; total+=len;

3
jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SSLEngineTest.java
View File

@ -133,7 +133,7 @@ public class SSLEngineTest
@Test @Test
public void testBigResponse() throws Exception public void testBigResponse() throws Exception
{ {
SSLContext ctx=SSLContext.getInstance("SSLv3"); SSLContext ctx=SSLContext.getInstance("TLS");
ctx.init(null,s_dummyTrustManagers,new java.security.SecureRandom()); ctx.init(null,s_dummyTrustManagers,new java.security.SecureRandom());
int port=connector.getLocalPort(); int port=connector.getLocalPort();
@ -367,4 +367,5 @@ public class SSLEngineTest
response.flushBuffer(); response.flushBuffer();
} }
} }
} }

4
jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslSelectChannelServerTest.java
View File

@ -60,14 +60,14 @@ public class SslSelectChannelServerTest extends HttpServerTestBase
keystore.load(new FileInputStream(connector.getKeystore()), "storepwd".toCharArray()); keystore.load(new FileInputStream(connector.getKeystore()), "storepwd".toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystore); trustManagerFactory.init(keystore);
__sslContext = SSLContext.getInstance("SSL"); __sslContext = SSLContext.getInstance("TLS");
__sslContext.init(null, trustManagerFactory.getTrustManagers(), null); __sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
try try
{ {
HttpsURLConnection.setDefaultHostnameVerifier(__hostnameverifier); HttpsURLConnection.setDefaultHostnameVerifier(__hostnameverifier);
SSLContext sc = SSLContext.getInstance("SSL"); SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, __trustAllCerts, new java.security.SecureRandom()); sc.init(null, __trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} }

8
jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslSocketServerTest.java
View File

@ -15,8 +15,10 @@ package org.eclipse.jetty.server.ssl;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.net.Socket; import java.net.Socket;
import java.security.KeyStore; import java.security.KeyStore;
import java.util.Arrays;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.TrustManagerFactory;
import org.eclipse.jetty.http.ssl.SslContextFactory; import org.eclipse.jetty.http.ssl.SslContextFactory;
@ -37,7 +39,9 @@ public class SslSocketServerTest extends HttpServerTestBase
@Override @Override
protected Socket newSocket(String host, int port) throws Exception protected Socket newSocket(String host, int port) throws Exception
{ {
return __sslContext.getSocketFactory().createSocket(host,port); SSLSocket socket = (SSLSocket)__sslContext.getSocketFactory().createSocket(host,port);
socket.setEnabledProtocols(new String[] {"TLSv1"});
return socket;
} }
@ -59,7 +63,7 @@ public class SslSocketServerTest extends HttpServerTestBase
keystore.load(new FileInputStream(connector.getKeystore()), "storepwd".toCharArray()); keystore.load(new FileInputStream(connector.getKeystore()), "storepwd".toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystore); trustManagerFactory.init(keystore);
__sslContext = SSLContext.getInstance("SSL"); __sslContext = SSLContext.getInstance("TLSv1");
__sslContext.init(null, trustManagerFactory.getTrustManagers(), null); __sslContext.init(null, trustManagerFactory.getTrustManagers(), null);

11
jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslSocketTimeoutTest.java
View File

@ -18,6 +18,7 @@ import java.net.Socket;
import java.security.KeyStore; import java.security.KeyStore;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.TrustManagerFactory;
import org.eclipse.jetty.http.ssl.SslContextFactory; import org.eclipse.jetty.http.ssl.SslContextFactory;
@ -26,12 +27,14 @@ import org.junit.BeforeClass;
public class SslSocketTimeoutTest extends ConnectorTimeoutTest public class SslSocketTimeoutTest extends ConnectorTimeoutTest
{ {
static SSLContext _sslContext; static SSLContext __sslContext;
@Override @Override
protected Socket newSocket(String host, int port) throws Exception protected Socket newSocket(String host, int port) throws Exception
{ {
return _sslContext.getSocketFactory().createSocket(host,port); SSLSocket socket = (SSLSocket)__sslContext.getSocketFactory().createSocket(host,port);
socket.setEnabledProtocols(new String[] {"TLSv1"});
return socket;
} }
@BeforeClass @BeforeClass
@ -53,8 +56,8 @@ public class SslSocketTimeoutTest extends ConnectorTimeoutTest
keystore.load(new FileInputStream(connector.getKeystore()), "storepwd".toCharArray()); keystore.load(new FileInputStream(connector.getKeystore()), "storepwd".toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystore); trustManagerFactory.init(keystore);
_sslContext = SSLContext.getInstance("SSL"); __sslContext = SSLContext.getInstance("TLSv1");
_sslContext.init(null, trustManagerFactory.getTrustManagers(), null); __sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
} }

63
jetty-webapp/src/main/java/org/eclipse/jetty/webapp/TagLibConfiguration.java
View File

@ -14,13 +14,16 @@
package org.eclipse.jetty.webapp; package org.eclipse.jetty.webapp;
import java.io.IOException; import java.io.IOException;
import java.net.URI;
import java.net.URL; import java.net.URL;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.EventListener; import java.util.EventListener;
import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.Map;
import java.util.Set; import java.util.Set;
import javax.servlet.Servlet; import javax.servlet.Servlet;
@ -58,6 +61,7 @@ public class TagLibConfiguration extends AbstractConfiguration
public static final String TLD_RESOURCES = "org.eclipse.jetty.tlds"; public static final String TLD_RESOURCES = "org.eclipse.jetty.tlds";
/** /**
* TagLibListener * TagLibListener
* *
@ -96,7 +100,37 @@ public class TagLibConfiguration extends AbstractConfiguration
public void contextInitialized(ServletContextEvent sce) public void contextInitialized(ServletContextEvent sce)
{ {
try { try
{
//For jasper 2.1:
//Get the system classpath tlds and tell jasper about them, if jasper is on the classpath
try
{
Class clazz = getClass().getClassLoader().loadClass("org.apache.jasper.compiler.TldLocationsCache");
Collection<Resource> tld_resources = (Collection<Resource>)_context.getAttribute(TLD_RESOURCES);
Map<URI, List<String>> tldMap = new HashMap<URI, List<String>>();
if (tld_resources != null)
{
//get the jar file names of the files
for (Resource r:tld_resources)
{
Resource jarResource = extractJarResource(r);
//jasper is happy with an empty list of tlds
if (!tldMap.containsKey(jarResource.getURI()))
tldMap.put(jarResource.getURI(), null);
}
//set the magic context attribute that tells jasper about the system tlds
sce.getServletContext().setAttribute("com.sun.appserv.tld.map", tldMap);
}
}
catch (ClassNotFoundException e)
{
LOG.ignore(e);
}
//find the tld files and parse them to get out their //find the tld files and parse them to get out their
//listeners //listeners
Set<Resource> tlds = findTldResources(); Set<Resource> tlds = findTldResources();
@ -117,12 +151,37 @@ public class TagLibConfiguration extends AbstractConfiguration
} }
} }
} catch (Exception e) { }
catch (Exception e) {
LOG.warn(e); LOG.warn(e);
} }
} }
private Resource extractJarResource (Resource r)
{
if (r == null)
return null;
try
{
String url = r.getURI().toURL().toString();
int idx = url.lastIndexOf("!/");
if (idx >= 0)
url = url.substring(0, idx);
if (url.startsWith("jar:"))
url = url.substring(4);
return Resource.newResource(url);
}
catch (IOException e)
{
LOG.warn(e);
return null;
}
}
/** /**
* Find all the locations that can harbour tld files that may contain * Find all the locations that can harbour tld files that may contain
* a listener which the web container is supposed to instantiate and * a listener which the web container is supposed to instantiate and

7
tests/test-integration/src/test/java/org/eclipse/jetty/test/support/rawhttp/HttpsSocketImpl.java
View File

@ -25,6 +25,7 @@ import java.net.SocketAddress;
import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager; import javax.net.ssl.X509TrustManager;
@ -78,7 +79,7 @@ public class HttpsSocketImpl implements HttpSocket
try try
{ {
// TODO real trust manager // TODO real trust manager
this.sslContext = SSLContext.getInstance("SSL"); this.sslContext = SSLContext.getInstance("TLS");
sslContext.init(null,trustAllCerts,new java.security.SecureRandom()); sslContext.init(null,trustAllCerts,new java.security.SecureRandom());
} }
catch (Exception e) catch (Exception e)
@ -87,11 +88,13 @@ public class HttpsSocketImpl implements HttpSocket
} }
sslfactory = sslContext.getSocketFactory(); sslfactory = sslContext.getSocketFactory();
} }
public Socket connect(InetAddress host, int port) throws IOException public Socket connect(InetAddress host, int port) throws IOException
{ {
Socket sslsock = sslfactory.createSocket(); SSLSocket sslsock = (SSLSocket)sslfactory.createSocket();
sslsock.setEnabledProtocols(new String[] {"TLSv1"});
SocketAddress address = new InetSocketAddress(host,port); SocketAddress address = new InetSocketAddress(host,port);
sslsock.connect(address); sslsock.connect(address);
return sslsock; return sslsock;