コード例 #1
0
  /**
   * Allow the Listener a chance to customise the request. before the server does its stuff. <br>
   * This allows the required attributes to be set for SSL requests. <br>
   * The requirements of the Servlet specs are:
   *
   * <ul>
   *   <li>an attribute named "javax.servlet.request.cipher_suite" of type String.
   *   <li>an attribute named "javax.servlet.request.key_size" of type Integer.
   *   <li>an attribute named "javax.servlet.request.X509Certificate" of type
   *       java.security.cert.X509Certificate[]. This is an array of objects of type
   *       X509Certificate, the order of this array is defined as being in ascending order of trust.
   *       The first certificate in the chain is the one set by the client, the next is the one used
   *       to authenticate the first, and so on.
   * </ul>
   *
   * @param socket The Socket the request arrived on. This should be a javax.net.ssl.SSLSocket.
   * @param request HttpRequest to be customised.
   */
  protected void customizeRequest(Socket socket, HttpRequest request) {
    super.customizeRequest(socket, request);

    if (!(socket instanceof javax.net.ssl.SSLSocket))
      return; // I'm tempted to let it throw an exception...

    try {
      SSLSocket sslSocket = (SSLSocket) socket;
      SSLSession sslSession = sslSocket.getSession();
      String cipherSuite = sslSession.getCipherSuite();
      Integer keySize;
      X509Certificate[] certs;

      CachedInfo cachedInfo = (CachedInfo) sslSession.getValue(CACHED_INFO_ATTR);
      if (cachedInfo != null) {
        keySize = cachedInfo.getKeySize();
        certs = cachedInfo.getCerts();
      } else {
        keySize = new Integer(ServletSSL.deduceKeyLength(cipherSuite));
        certs = getCertChain(sslSession);
        cachedInfo = new CachedInfo(keySize, certs);
        sslSession.putValue(CACHED_INFO_ATTR, cachedInfo);
      }

      if (certs != null) request.setAttribute("javax.servlet.request.X509Certificate", certs);
      else if (_needClientAuth) // Sanity check
      throw new HttpException(HttpResponse.__403_Forbidden);

      request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
      request.setAttribute("javax.servlet.request.key_size", keySize);
    } catch (Exception e) {
      log.warn(LogSupport.EXCEPTION, e);
    }
  }
コード例 #2
0
  /**
   * javax.net.ssl.SSLSession#putValue(String name, Object value)
   * javax.net.ssl.SSLSession#removeValue(String name) javax.net.ssl.SSLSession#getValueNames()
   */
  public void test_putValue() {
    SSLSession s = clientSession;
    mySSLSessionBindingListener sbl = new mySSLSessionBindingListener();
    assertNotNull(s.getValueNames());
    assertEquals(0, s.getValueNames().length);
    s.putValue("Name_01", sbl);
    s.putValue("Name_02", sbl);
    s.putValue("Name_03", sbl);
    assertEquals(3, s.getValueNames().length);
    s.removeValue("Name_01");
    assertEquals(2, s.getValueNames().length);

    try {
      s.putValue(null, null);
      fail("IllegalArgumentException wasn't thrown");
    } catch (IllegalArgumentException expected) {
      // expected
    }
    try {
      s.putValue("ABC", null);
      fail("IllegalArgumentException wasn't thrown");
    } catch (IllegalArgumentException expected) {
      // expected
    }
    try {
      s.putValue(null, sbl);
      fail("IllegalArgumentException wasn't thrown");
    } catch (IllegalArgumentException expected) {
      // expected
    }

    try {
      s.removeValue(null);
      fail("IllegalArgumentException wasn't thrown");
    } catch (IllegalArgumentException expected) {
      // expected
    }
  }
コード例 #3
0
  /** javax.net.ssl.SSLSession#getValue(String name) */
  public void test_getValue() {
    SSLSession s = clientSession;
    mySSLSessionBindingListener sbl = new mySSLSessionBindingListener();

    try {
      s.getValue(null);
      fail("IllegalArgumentException wasn't thrown");
    } catch (IllegalArgumentException expected) {
      // expected
    }

    s.putValue("Name", sbl);
    Object obj = s.getValue("Name");
    assertTrue(obj instanceof SSLSessionBindingListener);
  }
コード例 #4
0
  /**
   * Customizes the request attributes to be set for SSL requests.
   *
   * <p>The requirements of the Servlet specs are:
   *
   * <ul>
   *   <li>an attribute named "javax.servlet.request.ssl_session_id" of type String (since Servlet
   *       Spec 3.0).
   *   <li>an attribute named "javax.servlet.request.cipher_suite" of type String.
   *   <li>an attribute named "javax.servlet.request.key_size" of type Integer.
   *   <li>an attribute named "javax.servlet.request.X509Certificate" of type
   *       java.security.cert.X509Certificate[]. This is an array of objects of type
   *       X509Certificate, the order of this array is defined as being in ascending order of trust.
   *       The first certificate in the chain is the one set by the client, the next is the one used
   *       to authenticate the first, and so on.
   * </ul>
   *
   * @param sslEngine the sslEngine to be customized.
   * @param request HttpRequest to be customized.
   */
  protected void customize(SSLEngine sslEngine, Request request) {
    SSLSession sslSession = sslEngine.getSession();

    if (_sniHostCheck) {
      String name = request.getServerName();
      X509 x509 = (X509) sslSession.getValue(SniX509ExtendedKeyManager.SNI_X509);

      if (x509 != null && !x509.matches(name)) {
        LOG.warn("Host {} does not match SNI {}", name, x509);
        throw new BadMessageException(400, "Host does not match SNI");
      }

      if (LOG.isDebugEnabled()) LOG.debug("Host {} matched SNI {}", name, x509);
    }

    try {
      String cipherSuite = sslSession.getCipherSuite();
      Integer keySize;
      X509Certificate[] certs;
      String idStr;

      CachedInfo cachedInfo = (CachedInfo) sslSession.getValue(CACHED_INFO_ATTR);
      if (cachedInfo != null) {
        keySize = cachedInfo.getKeySize();
        certs = cachedInfo.getCerts();
        idStr = cachedInfo.getIdStr();
      } else {
        keySize = SslContextFactory.deduceKeyLength(cipherSuite);
        certs = SslContextFactory.getCertChain(sslSession);
        byte[] bytes = sslSession.getId();
        idStr = TypeUtil.toHexString(bytes);
        cachedInfo = new CachedInfo(keySize, certs, idStr);
        sslSession.putValue(CACHED_INFO_ATTR, cachedInfo);
      }

      if (certs != null) request.setAttribute("javax.servlet.request.X509Certificate", certs);

      request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
      request.setAttribute("javax.servlet.request.key_size", keySize);
      request.setAttribute("javax.servlet.request.ssl_session_id", idStr);
    } catch (Exception e) {
      LOG.warn(Log.EXCEPTION, e);
    }
  }