JettySslSelectChannelConnector.java example

Explorer

argus-pdp-pep-common-master
- src
  - main
    - java
      - org
        glite
        authz
        common
        AuthorizationServiceException.java
        AuthzServiceConstants.java
        ServiceMetrics.java
        config
        AbstractConfiguration.java
        AbstractConfigurationBuilder.java
        AbstractIniConfigurationParser.java
        AbstractIniServiceConfigurationParser.java
        AbstractServiceConfiguration.java
        AbstractServiceConfigurationBuilder.java
        ConfigurationException.java
        ConfigurationParser.java
        IniConfigUtil.java
        IniSectionConfigurationParser.java
        package-info.java
        context
        DecisionRequestContext.java
        DecisionRequestContextHelper.java
        fqan
        FQAN.java
        http
        AbstractAdminCommand.java
        BaseHttpServlet.java
        JettyAdminService.java
        JettyAdminServiceCLI.java
        JettyRunThread.java
        JettyShutdownTask.java
        JettySslSelectChannelConnector.java
        NoTrustTrustManager.java
        PasswordProtectFilter.java
        ServiceMetricsServlet.java
        ShutdownCommand.java
        StatusCommand.java
        SystemExitTask.java
        TimerShutdownTask.java
        package-info.java
        logging
        AccessLogEntry.java
        AccessLoggingFilter.java
        LoggingConstants.java
        LoggingReloadTask.java
        package-info.java
        profile
        CommonXACMLAuthorizationProfileConstants.java
        GLiteAuthorizationProfileConstants.java
        util
        Base64.java
        Files.java
        LazyList.java
        LazyMap.java
        LazySet.java
        Strings.java
        package-info.java
  - test
    - java
      - org
        glite
        authz
        common
        fqan
        FQANTest.java

/*
 * Copyright (c) Members of the EGEE Collaboration. 2006-2010.
 * See http://www.eu-egee.org/partners/ for details on the copyright holders.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.glite.authz.common.http;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

import org.mortbay.jetty.security.SslSelectChannelConnector;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Any extension to the basic Jetty SSL connection handler that allows a
 * pre-instantiated key and trust manager to be used when create new SSL
 * connections.
 */
public class JettySslSelectChannelConnector extends SslSelectChannelConnector {

    private Logger log= LoggerFactory.getLogger(JettySslSelectChannelConnector.class);

    /** {@link KeyManager} used by this TLS connector. */
    private X509KeyManager keyManager;

    /** {@link TrustManager} used by this TLS connector. */
    private X509TrustManager trustManager;

    /**
     * Constructor.
     * 
     * @param key
     *            the key manager used for the TLS connections
     * @param trust
     *            the trust manager used for the TLS connections
     */
    public JettySslSelectChannelConnector(X509KeyManager key,
            X509TrustManager trust) {
        super();

        if (key == null) {
            throw new IllegalArgumentException("X.509 key manager may not be null");
        }
        keyManager= key;

        if (trust == null) {
            throw new IllegalArgumentException("X.509 trust manager may not be null");
        }
        trustManager= trust;        
    }

    /**
     * Disable the all ECDH cipher suites because of the OpenSSL 1.0 problem
     * with SSL handshake.
     * <p>
     * {@inheritDoc}
     */
    protected SSLEngine createSSLEngine() throws IOException {
        SSLEngine sslEngine= super.createSSLEngine();
        String enabledCipherSuites[]= sslEngine.getEnabledCipherSuites();
        List<String> cipherSuites= new ArrayList<String>(Arrays.asList(enabledCipherSuites));
        for (String cipher : enabledCipherSuites) {
            if (cipher.contains("ECDH")) {
                log.debug("disabling cipher: {}", cipher);
                cipherSuites.remove(cipher);
            }
        }
        log.debug("enabling ciphers: {}", cipherSuites);
        enabledCipherSuites= (String[]) cipherSuites.toArray(new String[cipherSuites.size()]);
        sslEngine.setEnabledCipherSuites(enabledCipherSuites);
        return sslEngine;
    }

    /** {@inheritDoc} */
    protected SSLContext createSSLContext() throws Exception {
        SSLContext sslConext= SSLContext.getInstance("TLS");
        sslConext.init(new KeyManager[] { keyManager },
                       new TrustManager[] { trustManager },
                       null);
        return sslConext;
    }

}