org.glite.security.trustmanager.tomcat
Class SSLServerSocketFactory

java.lang.Object
  extended byorg.glite.security.trustmanager.tomcat.SSLServerSocketFactory
All Implemented Interfaces:
org.apache.catalina.net.ServerSocketFactory

public class SSLServerSocketFactory
extends java.lang.Object
implements org.apache.catalina.net.ServerSocketFactory

Socket factory for SSL sockets, using the Java Server Sockets Extension (JSSE) reference implementation support classes. Besides the usual configuration mechanism based on setting JavaBeans properties, this component may also be configured by passing a series of attributes set with calls to setAttribute(). The following attribute names are recognized, with default values in square brackets:

Author:
Harish Prabandham, Costin Manolache, Craig McClanahan Added the following attributes for CA and CRL setup If hostCert and hostKey are set, then they are used, otherwise if keyStore is set, it is used. If caFiles is set, it defines the files that contain the CA certificates. If caFiles is not set, trustStore setting is uset with trustStoreType and trustStorePass. If crlFiles is used in connection with caFiles, it defines the files that are read as CRLs. If one or more CRLs are found, there should be a CRL for every CA. The certificates from CAs that don't have a CRL file are rejected.

Constructor Summary
SSLServerSocketFactory()
          The constructor.
 
Method Summary
 java.net.ServerSocket createSocket(int port)
          Return a server socket that uses all network interfaces on the host, and is bound to a specified port.
 java.net.ServerSocket createSocket(int port, int backlog)
          Return a server socket that uses all network interfaces on the host, and is bound to a specified port, and uses the specified connection backlog.
 java.net.ServerSocket createSocket(int port, int backlog, java.net.InetAddress ifAddress)
          Return a server socket that uses the specified interface on the host, and is bound to a specified port, and uses the specified connection backlog.
 java.lang.String getAlgorithm()
          Returns the keymanager algorithm.
 java.lang.String getCaFiles()
          Returns the file definition for the certificate authority (CA) files.
 boolean getClientAuth()
          Returns true if the client authentication is required.
 java.lang.String getCredentialsUpdateInterval()
          Returns the update interval.
 java.lang.String getCrlFiles()
          Used to get the certificate revocation list (CRL) file definition.
 java.lang.String getGridProxyFile()
          Returns the filename for the gridproxy file.
 java.lang.String getHostCert()
          Returns the host (server) certificate file name.
 java.lang.String getHostKey()
          Returns the filename for the host private key.
 java.lang.String getHostKeyPass()
          Returns the filename for the host private key.
 java.lang.String getKeystoreFile()
          Used to get name of the file containing the server KeyStore.
 java.lang.String getKeystorePass()
          Used to get the password for the server KeyStore.
 java.lang.String getKeystoreType()
          Returns the server KeyStore type.
 java.lang.String getLog4jConfFile()
          Returns the filename for the configuration file for the log4j logging.
 java.lang.String getLogConf()
          Returns the filename for the configuration file for the log4j logging.
 java.lang.String getLogConfFile()
          Returns the filename for the configuration file for the log4j logging.
 java.lang.String getLogFile()
          Returns the filename for the SSL authentication log messages.
 java.lang.String getProtocol()
          Returns the protocol to use.
 java.lang.String getSslConfigFile()
          Returns the filename for the configuration file for the log4j logging.
 java.lang.String getTrustStore()
          Returns the filename for the KeyStore that holds the certificate authority (CA) certificates.
 java.lang.String getTrustStorePass()
          Returns the password needed to access the KeyStore which has all the CA certs.
 java.lang.String getTrustStoreType()
          Returns the type of the KeyStore that holds all the CA certs.
 void setAlgorithm(java.lang.String algorithm)
          Sets the KeyManager algorithm.
 void setCaFiles(java.lang.String CAFiles)
          Used to set the file definition for the CA files.
 void setClientAuth(boolean clientAuth)
          Used to choose if the client authentication is on or off.
 void setCredentialsUpdateInterval(java.lang.String credentialsUpdateInterval)
          Used to set the update interval.
 void setCrlFiles(java.lang.String CRLFiles)
          Used to set the file definitions for the CRL files.
 void setGridProxyFile(java.lang.String gridProxyFile)
          Used to set the filename for the gridproxy file.
 void setHostCert(java.lang.String hostCert)
          Used to set the filename for the host certificate.
 void setHostKey(java.lang.String hostKey)
          Used to set the filename fot the host private key.
 void setHostKeyPass(java.lang.String hostKeyPass)
          Used to set the filename fot the host private key.
 void setKeystoreFile(java.lang.String keystoreFile)
          Used to set the filename for the server KeyStore.
 void setKeystorePass(java.lang.String keystorePass)
          Used to set the password to use when reading the server KeyStore.
 void setKeystoreType(java.lang.String keystoreType)
          Used to set the type for the server KeyStore.
 void setLog4jConfFile(java.lang.String logConf)
          Used to set the filename for the logging configuration for the authentication logs.
 void setLogConf(java.lang.String logConf)
          Used to set the filename for the logging configuration for the authentication logs.
 void setLogConfFile(java.lang.String logConf)
          Used to set the filename for the logging configuration for the authentication logs.
 void setLogFile(java.lang.String inLogFile)
          Used to set the log filename for the authentication log.
 void setProtocol(java.lang.String protocol)
          Sets the SSL protocol to use.
 void setSslConfigFile(java.lang.String confFile)
          Used to set the filename for the configuration for the authentication system.
 void setTrustStore(java.lang.String trustStore)
          Used to set the filename for the KeyStore that holds all the CA certs.
 void setTrustStorePass(java.lang.String trustStorePass)
          Used to set the password required to access the KeyStore which has all the CA certs.
 void setTrustStoreType(java.lang.String trustStoreType)
          Used to set the type of the KeyStore holding all the CA certs.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SSLServerSocketFactory

public SSLServerSocketFactory()
The constructor. Sets the logging.

Method Detail

getAlgorithm

public java.lang.String getAlgorithm()
Returns the keymanager algorithm.

Returns:
Returns the keymanager algorithm.

setAlgorithm

public void setAlgorithm(java.lang.String algorithm)
Sets the KeyManager algorithm. Default is "SunX509".

Parameters:
algorithm - The KeyManager algorithm.

getClientAuth

public boolean getClientAuth()
Returns true if the client authentication is required.

Returns:
Returns true if the client authentication is required.

setClientAuth

public void setClientAuth(boolean clientAuth)
Used to choose if the client authentication is on or off. Default is off.

Parameters:
clientAuth - True if the client authentication is required.

getKeystoreFile

public java.lang.String getKeystoreFile()
Used to get name of the file containing the server KeyStore.

Returns:
The name of the file containing server KeyStore

setKeystoreFile

public void setKeystoreFile(java.lang.String keystoreFile)
Used to set the filename for the server KeyStore.

Parameters:
keystoreFile - The filename of the server KeyStore.

getKeystorePass

public java.lang.String getKeystorePass()
Used to get the password for the server KeyStore.

Returns:
The password for the server KeyStore.

setKeystorePass

public void setKeystorePass(java.lang.String keystorePass)
Used to set the password to use when reading the server KeyStore.

Parameters:
keystorePass - The password to use when reading the server KeyStore.

getKeystoreType

public java.lang.String getKeystoreType()
Returns the server KeyStore type.

Returns:
Returns the server KeyStore type.

setKeystoreType

public void setKeystoreType(java.lang.String keystoreType)
Used to set the type for the server KeyStore. The default is "JKS".

Parameters:
keystoreType - The server KeyStore type.

getProtocol

public java.lang.String getProtocol()
Returns the protocol to use.

Returns:
The protocol to use.

setProtocol

public void setProtocol(java.lang.String protocol)
Sets the SSL protocol to use. The default is "TLS".

Parameters:
protocol - The SSL protocol to use.

getHostCert

public java.lang.String getHostCert()
Returns the host (server) certificate file name.

Returns:
The filename that contains the host certificate.

setHostCert

public void setHostCert(java.lang.String hostCert)
Used to set the filename for the host certificate.

Parameters:
hostCert - The filename for the host certificate.

getHostKey

public java.lang.String getHostKey()
Returns the filename for the host private key.

Returns:
Returns the filename for the host private key.

setHostKey

public void setHostKey(java.lang.String hostKey)
Used to set the filename fot the host private key.

Parameters:
hostKey - The filename for the host private key.

getHostKeyPass

public java.lang.String getHostKeyPass()
Returns the filename for the host private key.

Returns:
Returns the filename for the host private key.

setHostKeyPass

public void setHostKeyPass(java.lang.String hostKeyPass)
Used to set the filename fot the host private key.

Parameters:
hostKeyPass - password for the host key.

getGridProxyFile

public java.lang.String getGridProxyFile()
Returns the filename for the gridproxy file.

Returns:
Returns the filename for the gridproxy file.

setGridProxyFile

public void setGridProxyFile(java.lang.String gridProxyFile)
Used to set the filename for the gridproxy file.

Parameters:
gridProxyFile - The filename for the gridproxy file.

getCredentialsUpdateInterval

public java.lang.String getCredentialsUpdateInterval()
Returns the update interval.

Returns:
Returns the interval.

setCredentialsUpdateInterval

public void setCredentialsUpdateInterval(java.lang.String credentialsUpdateInterval)
Used to set the update interval.

Parameters:
credentialsUpdateInterval - The interval.

getCaFiles

public java.lang.String getCaFiles()
Returns the file definition for the certificate authority (CA) files.

Returns:
The file definition for the CA files.

setCaFiles

public void setCaFiles(java.lang.String CAFiles)
Used to set the file definition for the CA files.

Parameters:
CAFiles - The CA file definition.

getCrlFiles

public java.lang.String getCrlFiles()
Used to get the certificate revocation list (CRL) file definition.

Returns:
Returns the CRL file definition

setCrlFiles

public void setCrlFiles(java.lang.String CRLFiles)
Used to set the file definitions for the CRL files.

Parameters:
CRLFiles - The file definition for the CRL files.

getTrustStore

public java.lang.String getTrustStore()
Returns the filename for the KeyStore that holds the certificate authority (CA) certificates.

Returns:
The filename for the KeyStore holding the CA certs.

setTrustStore

public void setTrustStore(java.lang.String trustStore)
Used to set the filename for the KeyStore that holds all the CA certs.

Parameters:
trustStore - The KeyStore filename.

getTrustStoreType

public java.lang.String getTrustStoreType()
Returns the type of the KeyStore that holds all the CA certs.

Returns:
The KeyStore type.

setTrustStoreType

public void setTrustStoreType(java.lang.String trustStoreType)
Used to set the type of the KeyStore holding all the CA certs.

Parameters:
trustStoreType - The KeyStore type.

getTrustStorePass

public java.lang.String getTrustStorePass()
Returns the password needed to access the KeyStore which has all the CA certs.

Returns:
Returns the password.

setTrustStorePass

public void setTrustStorePass(java.lang.String trustStorePass)
Used to set the password required to access the KeyStore which has all the CA certs.

Parameters:
trustStorePass - Returns the password.

getLogFile

public java.lang.String getLogFile()
Returns the filename for the SSL authentication log messages.

Returns:
The filename for the log.

setLogFile

public void setLogFile(java.lang.String inLogFile)
Used to set the log filename for the authentication log. The default is authentication.log in the log directory under the tomcat installation directory.

Parameters:
inLogFile - The filename for the log.

getLogConf

public java.lang.String getLogConf()
Returns the filename for the configuration file for the log4j logging.

Returns:
Returns the configuration filename.

setLogConf

public void setLogConf(java.lang.String logConf)
Used to set the filename for the logging configuration for the authentication logs.

Parameters:
logConf - The filename for configuration file.

getLogConfFile

public java.lang.String getLogConfFile()
Returns the filename for the configuration file for the log4j logging.

Returns:
Returns the configuration filename.

setLogConfFile

public void setLogConfFile(java.lang.String logConf)
Used to set the filename for the logging configuration for the authentication logs.

Parameters:
logConf - The filename for configuration file.

getLog4jConfFile

public java.lang.String getLog4jConfFile()
Returns the filename for the configuration file for the log4j logging.

Returns:
Returns the configuration filename.

setLog4jConfFile

public void setLog4jConfFile(java.lang.String logConf)
Used to set the filename for the logging configuration for the authentication logs.

Parameters:
logConf - The filename for configuration file.

getSslConfigFile

public java.lang.String getSslConfigFile()
Returns the filename for the configuration file for the log4j logging.

Returns:
Returns the configuration filename.

setSslConfigFile

public void setSslConfigFile(java.lang.String confFile)
Used to set the filename for the configuration for the authentication system.

Parameters:
confFile - The filename for configuration file.

createSocket

public java.net.ServerSocket createSocket(int port)
                                   throws java.io.IOException
Return a server socket that uses all network interfaces on the host, and is bound to a specified port. The socket is configured with the socket options (such as accept timeout) given to this factory.

Specified by:
createSocket in interface org.apache.catalina.net.ServerSocketFactory
Parameters:
port - Port to listen to
Returns:
Returns the socket created.
Throws:
java.io.IOException - if an input/output or network error occurs

createSocket

public java.net.ServerSocket createSocket(int port,
                                          int backlog)
                                   throws java.io.IOException
Return a server socket that uses all network interfaces on the host, and is bound to a specified port, and uses the specified connection backlog. The socket is configured with the socket options (such as accept timeout) given to this factory.

Specified by:
createSocket in interface org.apache.catalina.net.ServerSocketFactory
Parameters:
port - Port to listen to
backlog - Maximum number of connections to be queued
Returns:
Returns the socket created.
Throws:
java.io.IOException - if an input/output or network error occurs

createSocket

public java.net.ServerSocket createSocket(int port,
                                          int backlog,
                                          java.net.InetAddress ifAddress)
                                   throws java.io.IOException
Return a server socket that uses the specified interface on the host, and is bound to a specified port, and uses the specified connection backlog. The socket is configured with the socket options (such as accept timeout) given to this factory.

Specified by:
createSocket in interface org.apache.catalina.net.ServerSocketFactory
Parameters:
port - Port to listen to
backlog - Maximum number of connections to be queued
ifAddress - Address of the interface to be used
Returns:
Returns the socket created.
Throws:
java.io.IOException - if an input/output or network error occurs