KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jivesoftware > messenger > net > SSLSocketAcceptThread


1 /**
2  * $RCSfile: SSLSocketAcceptThread.java,v $
3  * $Revision: 1.9 $
4  * $Date: 2005/07/03 20:55:39 $
5  *
6  * Copyright (C) 2004 Jive Software. All rights reserved.
7  *
8  * This software is published under the terms of the GNU Public License (GPL),
9  * a copy of which is included in this distribution.
10  */
11
12 package org.jivesoftware.messenger.net;
13
14 import org.jivesoftware.messenger.ConnectionManager;
15 import org.jivesoftware.messenger.ServerPort;
16 import org.jivesoftware.util.LocaleUtils;
17 import org.jivesoftware.util.Log;
18
19 import javax.net.ssl.SSLException;
20 import java.io.IOException JavaDoc;
21 import java.net.InetAddress JavaDoc;
22 import java.net.ServerSocket JavaDoc;
23 import java.net.Socket JavaDoc;
24 import java.net.UnknownHostException JavaDoc;
25
26 /**
27  * Implements a network front end with a dedicated thread reading
28  * each incoming socket.
29  */
30 public class SSLSocketAcceptThread extends Thread JavaDoc {
31
32     /**
33      * The default Jabber socket
34      */
35     public static final int DEFAULT_PORT = 5223;
36
37     /**
38      * Interface to bind to
39      */
40     private InetAddress JavaDoc bindInterface;
41
42     /**
43      * Holds information about the port on which the server will listen for connections.
44      */
45     private ServerPort serverPort;
46
47     /**
48      * True while this thread should continue running.
49      */
50     private boolean notTerminated = true;
51
52     /**
53      * The accept socket we're running
54      */
55     private ServerSocket JavaDoc serverSocket;
56
57     /**
58      * Connection manager handling connections created by this thread. *
59      */
60     private ConnectionManager connManager;
61     /**
62      * The number of SSL related exceptions occuring rapidly that should signal a need
63      * to shutdown the SSL port.
64      */
65     private static final int MAX_SSL_EXCEPTIONS = 10;
66
67     /**
68      * Creates an instance using the default port, TLS transport security, and
69      * JVM defaults for all security settings.
70      *
71      * @param connManager the connection manager that will manage connections
72      * generated by this thread
73      * @throws IOException if there was trouble initializing the SSL configuration.
74      */
75     public SSLSocketAcceptThread(ConnectionManager connManager, ServerPort serverPort)
76             throws IOException JavaDoc {
77         super("Secure Socket Listener");
78         this.connManager = connManager;
79         this.serverPort = serverPort;
80         int port = serverPort.getPort();
81         String JavaDoc interfaceName = serverPort.getInterfaceName();
82         bindInterface = null;
83         if (interfaceName != null) {
84             try {
85                 if (interfaceName.trim().length() > 0) {
86                     bindInterface = InetAddress.getByName(interfaceName);
87                 }
88             }
89             catch (UnknownHostException JavaDoc e) {
90                 Log.error(LocaleUtils.getLocalizedString("admin.error"), e);
91             }
92         }
93         serverSocket = SSLConfig.createServerSocket(port, bindInterface);
94     }
95
96     /**
97      * Retrieve the port this server socket is bound to.
98      *
99      * @return the port the socket is bound to.
100      */
101     public int getPort() {
102         return serverSocket.getLocalPort();
103     }
104
105     /**
106      * Returns information about the port on which the server is listening for connections.
107      *
108      * @return information about the port on which the server is listening for connections.
109      */
110     public ServerPort getServerPort() {
111         return serverPort;
112     }
113
114     /**
115      * Unblock the thread and force it to terminate.
116      */
117     public void shutdown() {
118         notTerminated = false;
119         try {
120             ServerSocket JavaDoc sSock = serverSocket;
121             serverSocket = null;
122             if (sSock != null) {
123                 sSock.close();
124             }
125         }
126         catch (IOException JavaDoc e) {
127             // we don't care, no matter what, the socket should be dead
128 }
129     }
130
131     /**
132      * About as simple as it gets. The thread spins around an accept
133      * call getting sockets and handing them to the SocketManager.
134      * We need to detect run away failures since an SSL configuration
135      * problem can cause the loop to spin, constantly rethrowing SSLExceptions
136      * (e.g. if a certificate is in the keystore that can't be verified).
137      */
138     public void run() {
139         long lastExceptionTime = 0;
140         int exceptionCounter = 0;
141         while (notTerminated) {
142             try {
143                 Socket JavaDoc sock = serverSocket.accept();
144                 Log.debug("SSL Connect " + sock.toString());
145                 connManager.addSocket(sock, true, serverPort);
146             }
147             catch (SSLException se) {
148                 long exceptionTime = System.currentTimeMillis();
149                 if (exceptionTime - lastExceptionTime > 1000) {
150                     // if the time between SSL exceptions is too long
151 // reset the counter
152 exceptionCounter = 1;
153                 }
154                 else {
155                     // If this exception occured within a second of the last one
156 // we need to count it
157 exceptionCounter++;
158                 }
159                 lastExceptionTime = exceptionTime;
160                 Log.error(LocaleUtils.getLocalizedString("admin.error.ssl"), se);
161                 // and if the number of consecutive exceptions exceeds the limit
162 // we should assume there's an SSL problem or DOS attack and shutdown
163 if (exceptionCounter > MAX_SSL_EXCEPTIONS) {
164                     String JavaDoc msg = "Shutting down SSL port - " +
165                             "suspected configuration problem";
166                     Log.error(msg);
167                     Log.info(msg);
168                     shutdown();
169                 }
170             }
171             catch (Exception JavaDoc e) {
172                 if (notTerminated) {
173                     Log.error(LocaleUtils.getLocalizedString("admin.error.ssl"), e);
174                 }
175             }
176         }
177         try {
178             ServerSocket JavaDoc sSock = serverSocket;
179             serverSocket = null;
180             if (sSock != null) {
181                 sSock.close();
182             }
183         }
184         catch (IOException JavaDoc e) {
185             // we don't care, no matter what, the socket should be dead
186 }
187     }
188 }
189
Popular Tags