directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r1475699 - in /directory/apacheds/trunk: protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/ protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/ server-config/src/test/resources/
Date Thu, 25 Apr 2013 10:38:35 GMT
Author: kayyagari
Date: Thu Apr 25 10:38:35 2013
New Revision: 1475699

URL: http://svn.apache.org/r1475699
Log:
allow cipher suites to be configurable (DIRSERVER-1584)

Modified:
    directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
    directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
    directory/apacheds/trunk/server-config/src/test/resources/ldapServer.ldif

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java?rev=1475699&r1=1475698&r2=1475699&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
(original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.java
Thu Apr 25 10:38:35 2013
@@ -25,6 +25,7 @@ import java.security.SecureRandom;
 import java.security.Security;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 
 import javax.net.ssl.SSLContext;
@@ -63,6 +64,8 @@ public class StartTlsHandler implements 
     private static final Logger LOG = LoggerFactory.getLogger( StartTlsHandler.class );
 
     private SSLContext sslContext;
+    
+    private List<String> cipherSuites;
 
     static
     {
@@ -81,6 +84,12 @@ public class StartTlsHandler implements 
         if ( sslFilter == null )
         {
             sslFilter = new SslFilter( sslContext );
+
+            if( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
+            {
+                sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()]
) );
+            }
+
             chain.addFirst( "sslFilter", sslFilter );
         }
         else
@@ -137,5 +146,7 @@ public class StartTlsHandler implements 
         {
             throw new RuntimeException( I18n.err( I18n.ERR_682 ), e );
         }
+        
+        this.cipherSuites = ldapServer.getEnabledCipherSuites();
     }
 }

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java?rev=1475699&r1=1475698&r2=1475699&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
(original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/ssl/LdapsInitializer.java
Thu Apr 25 10:38:35 2013
@@ -21,14 +21,15 @@ package org.apache.directory.server.ldap
 
 
 import java.security.SecureRandom;
+import java.util.List;
 
-import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 
 import org.apache.directory.api.ldap.model.exception.LdapException;
 import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
 import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.server.ldap.LdapServer;
 import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder;
 import org.apache.mina.core.filterchain.IoFilterChainBuilder;
 import org.apache.mina.filter.ssl.SslFilter;
@@ -43,14 +44,14 @@ import org.apache.mina.filter.ssl.SslFil
  */
 public class LdapsInitializer
 {
-    public static IoFilterChainBuilder init( KeyManagerFactory kmf ) throws LdapException
+    public static IoFilterChainBuilder init( LdapServer server ) throws LdapException
     {
         SSLContext sslCtx;
         try
         {
             // Initialize the SSLContext to work with our key managers.
             sslCtx = SSLContext.getInstance( "TLS" );
-            sslCtx.init( kmf.getKeyManagers(), new TrustManager[]
+            sslCtx.init( server.getKeyManagerFactory().getKeyManagers(), new TrustManager[]
                 { new NoVerificationTrustManager() }, new SecureRandom() );
         }
         catch ( Exception e )
@@ -60,6 +61,13 @@ public class LdapsInitializer
 
         DefaultIoFilterChainBuilder chain = new DefaultIoFilterChainBuilder();
         SslFilter sslFilter = new SslFilter( sslCtx );
+
+        List<String> cipherSuites = server.getEnabledCipherSuites();
+        if( ( cipherSuites != null ) && !cipherSuites.isEmpty() )
+        {
+            sslFilter.setEnabledCipherSuites( cipherSuites.toArray( new String[cipherSuites.size()]
) );
+        }
+        
         sslFilter.setWantClientAuth( true );
         chain.addLast( "sslFilter", sslFilter );
         return chain;

Modified: directory/apacheds/trunk/server-config/src/test/resources/ldapServer.ldif
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-config/src/test/resources/ldapServer.ldif?rev=1475699&r1=1475698&r2=1475699&view=diff
==============================================================================
--- directory/apacheds/trunk/server-config/src/test/resources/ldapServer.ldif (original)
+++ directory/apacheds/trunk/server-config/src/test/resources/ldapServer.ldif Thu Apr 25 10:38:35
2013
@@ -40,6 +40,7 @@ ads-certificatePassword: secret
 ads-searchBaseDN: ou=users,ou=system
 ads-enabled: true
 ads-replEnabled: true
+ads-replPingerSleep: 5
 
 dn: ou=transports,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
 ou: transports



Mime
View raw message