public class NetPhantomJSSEServerSocket extends SocketHelper implements ServerSocketInterface3, X509TrustManager
As SSL requires additional parameters that are generally implementation dependent, the "server.ini" file object is passed along. This makes it possible to access information in - typically - the SSL section of the file.
Modifier and Type | Field and Description |
---|---|
static boolean |
DEBUG
Debug flag.
|
id, isLoadBalanced
SSLINFO_CLIENTCERT_ISSUER, SSLINFO_CLIENTCERT_PUBLICKEYFORMAT, SSLINFO_CLIENTCERT_SERIALNUMBER, SSLINFO_CLIENTCERT_SIGNATUREALGORITHM, SSLINFO_CLIENTCERT_SUBJECT, SSLINFO_CLIENTCERT_VALIDFROM, SSLINFO_CLIENTCERT_VALIDTO, SSLINFO_CLIENTCERT_VERSION, SSLINFO_GETCIPHER, SSLINFO_GETEFFECTIVEBITS, SSLINFO_ISENCRYPTED, SSLINFO_ISSTRONGENCRYPTED
Constructor and Description |
---|
NetPhantomJSSEServerSocket()
Constructor for the SSL server socket from the NetPhantom Server.
|
Modifier and Type | Method and Description |
---|---|
ISocket |
acceptNoHandshake()
Listens for a connection to be made to this socket and accepts it.
|
void |
checkClientTrusted(X509Certificate[] chain,
String authType)
Checks if connected client can be trusted.
|
void |
checkServerTrusted(X509Certificate[] chain,
String authType)
Can the application trust a server? Throws the exception immediately since this is not an alternative
for the server (which in this case would act as a client).
|
void |
close()
Closes this socket.
|
ServerSocketInterface3 |
createServerSocket(String id,
int port,
int mapToPort,
int count,
InetAddress address)
Creates the ServerSocket listener.
|
static String |
format(BigInteger serial)
Formats a certificate serial number into (minimum 5) groups of 4 digits
|
static String |
format(X500Principal p,
char d)
Formats an X.500 Principal with "d" as delimiters instead of ", ".
|
X509Certificate[] |
getAcceptedIssuers()
What would be the type of certificates that would be acceptable (based on issuer)?
Return the list of CA certificates specified.
|
static List<String> |
getCurrentAllowedCertificates()
Gets the per-access control revoked certificates.
|
static Map<X500Principal,Map<BigInteger,X509CRLEntry>> |
getCurrentCRLs()
Gets the list of currently used CRLs in the CRL directory.
|
static List<String> |
getCurrentRevokedCertificates()
Gets the per-access control revoked certificates.
|
InetAddress |
getInetAddress()
Returns the local address of this server socket.
|
String |
getInformation(ISocket socket,
int index)
Returns SSL information about this socket.
|
IniFile |
getIniFile()
Gets the previous INI file used to load the SSL section.
|
LetsEncryptDomain[] |
getLetsEncryptDomains()
Gets the Let's Encrypt domains for this SSL configuration.
|
int |
getLocalPort()
Returns the port on which this socket is listening.
|
int |
getMapToPort()
Gets the port number being mapped to externally.
|
String |
getSSLConfigInfo()
Gets information about the SSL configuration for logging when
initializing has completed.
|
void |
initialize(IniFile ini,
String name)
Initializes the server socket with information in the INI file for the SSL
protocol.
|
boolean |
isEncrypted(ISocket socket)
Checks if encryption (with SSL with any encryption - not only signing) is used.
|
boolean |
isStrongEncrypted(ISocket socket)
Checks if strong encryption (using SSL) is used.
|
boolean |
isUsingSSL()
Returns if SSL is used or not.
|
void |
performAcceptHandshake(ISocket s2)
Performs the accept handshake for SSL in another thread.
|
static boolean |
reloadAllowedAccessControl()
Loads or reloads allowed certificates per access control in
the "clientcerts/"+accessControlName directory.
|
static boolean |
reloadCRLs()
Causes a load or reload of the CRL directory.
|
static boolean |
reloadRevokedAccessControl()
Loads or reloads revoked certificates per access control in
the "revokedcerts/"+accessControlName directory.
|
boolean |
renegotiateSession(ISocket socket,
boolean isStrongEncryptionRequired,
boolean isClientAuthenticationRequired,
String accessControlID,
Thread readerThread)
If an SSL connection is not using strong encryption or if a client certificate
is required, call this method.
|
void |
setExternalSSL(boolean isExternal)
Sets the external SSL flag.
|
void |
setLetsEncryptDomains(LetsEncryptDomain[] domains)
Assigns the Let's Encrypt domains for this SSL configuration.
|
String |
toString()
Returns the implementation address and implementation port of this socket
as a String.
|
getLocalAddress, getLocalName, getPortID, isLoadBalanced, setLoadBalancing
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
getLocalAddress, getLocalName, getPortID, isLoadBalanced, setLoadBalancing
public static final boolean DEBUG
public NetPhantomJSSEServerSocket()
public IniFile getIniFile()
public void setLetsEncryptDomains(LetsEncryptDomain[] domains)
setLetsEncryptDomains
in interface ServerSocketInterface3
domains
- The domains.public LetsEncryptDomain[] getLetsEncryptDomains()
Note: this method is intended to be used by the framework and should not be called directly.
getLetsEncryptDomains
in interface ServerSocketInterface3
null
for none.RuntimeException
- If called outside the NetPhantom framework.public void initialize(IniFile ini, String name) throws IOException
name
parameter set to null.initialize
in interface ServerSocketInterface2
ini
- the "server.ini" file from where the potential SSL
package reads information to create the server socket.name
- the section name in the INI file where all settings are
stored (null when no SSL).IOException
- When there is an I/O failure.public String getSSLConfigInfo()
getSSLConfigInfo
in interface ServerSocketInterface3
public ServerSocketInterface3 createServerSocket(String id, int port, int mapToPort, int count, InetAddress address) throws IOException
createServerSocket
in interface ServerSocketInterface2
id
- the ID of the port.port
- the port.mapToPort
- the port externally mapped.count
- the number of queued connection requests.address
- the address to listen to (null means all local addresses).ServerSocketInterface3
.IOException
- When there is an I/O failure.public ISocket acceptNoHandshake() throws IOException
acceptNoHandshake
in interface ServerSocketInterface2
IOException
- if an I/O error occurs when waiting for a connection.public void performAcceptHandshake(ISocket s2) throws IOException
performAcceptHandshake
in interface ServerSocketInterface2
IOException
- if an I/O error occurs when waiting for a connection.public InetAddress getInetAddress()
getInetAddress
in interface ServerSocketInterface
public int getLocalPort()
getLocalPort
in interface ServerSocketInterface
public int getMapToPort()
getLocalPort
is returned.getMapToPort
in interface ServerSocketInterface
public String getInformation(ISocket socket, int index)
getInformation
in interface ServerSocketInterface
socket
- index
- index of the information requested.public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
checkClientTrusted
in interface X509TrustManager
CertificateException
- To indicate that the certificate (chain) supplied does
not qualify as credentials for communication.public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
checkServerTrusted
in interface X509TrustManager
CertificateException
- To indicate that this is not a viable alternative.public X509Certificate[] getAcceptedIssuers()
getAcceptedIssuers
in interface X509TrustManager
public void setExternalSSL(boolean isExternal)
setExternalSSL
in interface ServerSocketInterface
public boolean isUsingSSL()
isUsingSSL
in interface ServerSocketInterface
public boolean isEncrypted(ISocket socket)
isEncrypted
in interface ServerSocketInterface
socket
- public boolean isStrongEncrypted(ISocket socket)
isStrongEncrypted
in interface ServerSocketInterface
socket
- public boolean renegotiateSession(ISocket socket, boolean isStrongEncryptionRequired, boolean isClientAuthenticationRequired, String accessControlID, Thread readerThread) throws IOException
It requests a new SSL handshake. Use this if you want to renegotiate modified security parameters; for example, to upgrade security strength or to add client authentication to a server-authenticated session.
It is dangerous to attempt a security renegotiation on a connection where the peer is not reading data (e.g., a client attempting to renegotiate security parameters in the middle of a download) as the peer will not read the renegotiation request and will therefore not respond in a timely manner.
renegotiateSession
in interface ServerSocketInterface
IOException
- for negotiation or other I/O failures.public void close() throws IOException
close
in interface ServerSocketInterface
IOException
- if an I/O error occurs when closing the socket.public String toString()
toString
in interface ServerSocketInterface
toString
in class Object
public static boolean reloadCRLs()
public static Map<X500Principal,Map<BigInteger,X509CRLEntry>> getCurrentCRLs()
public static boolean reloadAllowedAccessControl()
public static List<String> getCurrentAllowedCertificates()
public static boolean reloadRevokedAccessControl()
public static List<String> getCurrentRevokedCertificates()
public static String format(BigInteger serial)
serial
- The certificate serial number.public static String format(X500Principal p, char d)
p
- The principal.d
- The delimiter character.Phantom® and NetPhantom® are registered trademarks of Mindus SARL.
© © Mindus SARL, 2024. All rights reserved.