incubator-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ran...@apache.org
Subject cvs commit: incubator-ftpserver/src/java/org/apache/ftpserver/ssl Ssl.java
Date Tue, 04 Oct 2005 07:28:02 GMT
rana_b      2005/10/04 00:28:02

  Modified:    src/java/org/apache/ftpserver/command AUTH.java
               src/java/org/apache/ftpserver ConnectionManagerImpl.java
                        DataConnectionConfig.java FtpDataConnection.java
                        FtpRequestImpl.java RequestHandler.java
               src/java/org/apache/ftpserver/socketfactory
                        FtpSocketFactory.java SSLFtpSocketFactory.java
               src/java/org/apache/ftpserver/ssl Ssl.java
  Log:
  SSL code refactored
  
  Revision  Changes    Path
  1.2       +30 -16    incubator-ftpserver/src/java/org/apache/ftpserver/command/AUTH.java
  
  Index: AUTH.java
  ===================================================================
  RCS file: /home/cvs/incubator-ftpserver/src/java/org/apache/ftpserver/command/AUTH.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- AUTH.java	7 Sep 2005 05:06:22 -0000	1.1
  +++ AUTH.java	4 Oct 2005 07:28:02 -0000	1.2
  @@ -49,24 +49,38 @@
               return;  
           }
           
  -        String authType = request.getArgument().toUpperCase();
  +        // check SSL configuration
           IFtpConfig fconfig = handler.getConfig();
  +        if(fconfig.getSocketFactory().getSSL() == null) {
  +            out.send(431, "AUTH", null);
  +        }
  +        
  +        // check parameter
  +        String authType = request.getArgument().toUpperCase();
           if(authType.equals("SSL")) {
  -            if(fconfig.getSocketFactory().getSSL() == null) {
  -                out.send(431, "AUTH", null);
  +            out.send(234, "AUTH.SSL", null);
  +            try {
  +                handler.createSecureSocket("SSL");
  +            }
  +            catch(FtpException ex) {
  +                throw ex;
  +            }
  +            catch(Exception ex) {
  +                fconfig.getLogger().warn("AUTH.execute()", ex);
  +                throw new FtpException("AUTH.execute()", ex);
  +            }
  +        }
  +        else if(authType.equals("TLS")) {
  +            out.send(234, "AUTH.TLS", null);
  +            try {
  +                handler.createSecureSocket("TLS");
  +            }
  +            catch(FtpException ex) {
  +                throw ex;
               }
  -            else {
  -                out.send(234, "AUTH.SSL", null);
  -                try {
  -                    handler.createSecureSocket();
  -                }
  -                catch(FtpException ex) {
  -                    throw ex;
  -                }
  -                catch(Exception ex) {
  -                    fconfig.getLogger().warn("AUTH.execute()", ex);
  -                    throw new FtpException("AUTH.execute()", ex);
  -                }
  +            catch(Exception ex) {
  +                fconfig.getLogger().warn("AUTH.execute()", ex);
  +                throw new FtpException("AUTH.execute()", ex);
               }
           }
           else {
  
  
  
  1.3       +23 -10    incubator-ftpserver/src/java/org/apache/ftpserver/ConnectionManagerImpl.java
  
  Index: ConnectionManagerImpl.java
  ===================================================================
  RCS file: /home/cvs/incubator-ftpserver/src/java/org/apache/ftpserver/ConnectionManagerImpl.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- ConnectionManagerImpl.java	9 Sep 2005 11:28:11 -0000	1.2
  +++ ConnectionManagerImpl.java	4 Oct 2005 07:28:02 -0000	1.3
  @@ -16,21 +16,22 @@
    */
   package org.apache.ftpserver;
   
  +import java.util.ArrayList;
  +import java.util.Iterator;
  +import java.util.List;
  +import java.util.Timer;
  +import java.util.TimerTask;
  +import java.util.Vector;
  +
   import org.apache.ftpserver.ftplet.Configuration;
   import org.apache.ftpserver.ftplet.FtpException;
  +import org.apache.ftpserver.ftplet.FtpRequest;
   import org.apache.ftpserver.ftplet.Logger;
   import org.apache.ftpserver.interfaces.ConnectionManagerObserver;
   import org.apache.ftpserver.interfaces.IConnection;
   import org.apache.ftpserver.interfaces.IConnectionManager;
   import org.apache.ftpserver.usermanager.BaseUser;
   
  -import java.util.ArrayList;
  -import java.util.Iterator;
  -import java.util.List;
  -import java.util.Timer;
  -import java.util.TimerTask;
  -import java.util.Vector;
  -
   /**
    * Connection service to manage all the connections (request handlers).
    * 
  @@ -239,6 +240,9 @@
                       
                   // idle client connection
                   FtpRequestImpl request = (FtpRequestImpl)con.getRequest();
  +                if(request == null) {
  +                    continue;
  +                }
                   if(request.isTimeout(currTime)) {
                       inactiveCons.add(con);
                   }
  @@ -263,7 +267,7 @@
                       
                       // idle data connectin timeout - close it 
                       if( (currTime - requestTime) > idleTimeMillis ) {
  -                        m_logger.info("Removing idle data connection for " + con.getRequest().getUser());
  +                        m_logger.info("Removing idle data connection for " + request.getUser());
                           dataCon.closeDataSocket();
                       }
                   }
  @@ -273,7 +277,16 @@
           // close idle client connections
           for( Iterator conIt=inactiveCons.iterator(); conIt.hasNext(); ) {
               IConnection connection = (IConnection)conIt.next();
  -            m_logger.info("Removing idle user " + connection.getRequest().getUser());
  +            if(connection == null) {
  +                continue;
  +            }
  +            
  +            FtpRequest request = connection.getRequest();
  +            if(request == null) {
  +                continue;
  +            }
  +            
  +            m_logger.info("Removing idle user " + request.getUser());
               closeConnection(connection);
           }
       }
  
  
  
  1.2       +6 -6      incubator-ftpserver/src/java/org/apache/ftpserver/DataConnectionConfig.java
  
  Index: DataConnectionConfig.java
  ===================================================================
  RCS file: /home/cvs/incubator-ftpserver/src/java/org/apache/ftpserver/DataConnectionConfig.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- DataConnectionConfig.java	7 Sep 2005 05:00:32 -0000	1.1
  +++ DataConnectionConfig.java	4 Oct 2005 07:28:02 -0000	1.2
  @@ -50,7 +50,7 @@
       }
       
       /**
  -     * Configure the data connection factory.
  +     * Configure the data connection config object.
        */
       public void configure(Configuration conf) throws FtpException {
           
  @@ -67,7 +67,7 @@
               
               // get PASV ports
               String pasvPorts = conf.getString("pasv-port", "0");
  -            StringTokenizer st = new StringTokenizer(pasvPorts, ",;\t\n\r\f");
  +            StringTokenizer st = new StringTokenizer(pasvPorts, " ,;\t\n\r\f");
               m_pasvPort = new int[st.countTokens()][2];
               for(int i=0; i<m_pasvPort.length; i++) {
                   m_pasvPort[i][0] = Integer.parseInt(st.nextToken());
  @@ -82,6 +82,7 @@
               Configuration sslConf = conf.getConfiguration("ssl", null);
               if(sslConf != null) {
                   m_ssl = (ISsl)Class.forName("org.apache.ftpserver.ssl.Ssl").newInstance();
  +                m_ssl.setLogger(m_logger);
                   m_ssl.configure(sslConf);
               }
           }
  @@ -89,10 +90,9 @@
               throw ex;
           }
           catch(Exception ex) {
  -            m_logger.error("DataConnectionFactory.configure()", ex);
  -            throw new FtpException("DataConnectionFactory.configure()", ex);
  +            m_logger.error("DataConnectionConfig.configure()", ex);
  +            throw new FtpException("DataConnectionConfig.configure()", ex);
           }
  -        
       }
       
       /**
  
  
  
  1.7       +35 -45    incubator-ftpserver/src/java/org/apache/ftpserver/FtpDataConnection.java
  
  Index: FtpDataConnection.java
  ===================================================================
  RCS file: /home/cvs/incubator-ftpserver/src/java/org/apache/ftpserver/FtpDataConnection.java,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- FtpDataConnection.java	7 Sep 2005 05:00:32 -0000	1.6
  +++ FtpDataConnection.java	4 Oct 2005 07:28:02 -0000	1.7
  @@ -16,15 +16,14 @@
    */
   package org.apache.ftpserver;
   
  -import org.apache.ftpserver.ftplet.FtpException;
  -import org.apache.ftpserver.interfaces.IFtpConfig;
  -import org.apache.ftpserver.interfaces.ISsl;
  -
  -import java.io.IOException;
   import java.net.InetAddress;
   import java.net.ServerSocket;
   import java.net.Socket;
   
  +import org.apache.ftpserver.ftplet.FtpException;
  +import org.apache.ftpserver.interfaces.IFtpConfig;
  +import org.apache.ftpserver.interfaces.ISsl;
  +
   
   /**
    * We can get the ftp data connection using this class.
  @@ -47,17 +46,11 @@
       private boolean m_isPort   = false;
       private boolean m_isPasv   = false;
       
  -    private boolean m_isSecure = false;
  +    private boolean m_secure   = false;
       private boolean m_isZip    = false;
       
       
       /**
  -     * Default constructor.
  -     */
  -    public FtpDataConnection() {
  -    }
  -
  -    /**
        * Set the ftp config.
        */
       public void setFtpConfig(IFtpConfig cfg) {
  @@ -112,7 +105,6 @@
           m_requestTime = System.currentTimeMillis();
       } 
       
  -    
       /**
        * Passive command. It returns the success flag.
        */
  @@ -122,7 +114,7 @@
           closeDataSocket(); 
           
           // get the passive port
  -        int port = getPassivePort();
  +        int port = m_fconfig.getDataConnectionConfig().getPassivePort();
           if(port == -1) {
               m_fconfig.getLogger().warn("Cannot find an available passive port.");
               m_servSoc = null;
  @@ -133,12 +125,12 @@
           boolean bRet = false;
           try {
               m_address = m_fconfig.getDataConnectionConfig().getPassiveAddress();
  -            if(m_isSecure) {
  +            if(m_secure) {
                   ISsl ssl = m_fconfig.getDataConnectionConfig().getSSL();
                   if(ssl == null) {
  -                    throw new FtpException("Data connection SSL not configured");
  +                    throw new FtpException("Data connection SSL not configured.");
                   }
  -                m_servSoc = ssl.createServerSocket(m_address, m_port);
  +                m_servSoc = ssl.createServerSocket(null, m_address, m_port);
               }
               else {
                   m_servSoc = new ServerSocket(port, 1, m_address);   
  @@ -171,52 +163,50 @@
       public int getPort() {
           return m_port;
       }
  -     
  +
       /**
        * Get the data socket. In case of error returns null.
        */
  -    public synchronized Socket getDataSocket() throws IOException {
  -       
  +    public synchronized Socket getDataSocket() {
  +
           // get socket depending on the selection
  -        if(m_isPort) {
  -            if(m_isSecure) {
  -                //ISsl ssl = mConfig.getDataConnectionConfig().getSSL();
  -                //if(ssl == null) {
  -                //  throw new IOException("Data connection SSL not configured");
  -                //}
  -                //mDataSoc = new Socket(mAddress, miPort);
  -                //mDataSoc = ssl.createSocket(mDataSoc, true);
  +        m_dataSoc = null;
  +        try {
  +            if(m_isPort) {
  +                if(m_secure) {
  +                    ISsl ssl = m_fconfig.getDataConnectionConfig().getSSL();
  +                    if(ssl == null) {
  +                        throw new FtpException("Data connection SSL not configured");
  +                    }
  +                    m_dataSoc = ssl.createSocket(null, m_address, m_port, false);
  +                }
  +                else {
  +                    m_dataSoc = new Socket(m_address, m_port);  
  +                }
               }
  -            else {
  -                m_dataSoc = new Socket(m_address, m_port);  
  +            else if(m_isPasv) {
  +                m_dataSoc = m_servSoc.accept();
               }
           }
  -        else if(m_isPasv) {
  -            m_dataSoc = m_servSoc.accept();
  +        catch(Exception ex) {
  +            m_fconfig.getLogger().warn("FtpDataConnection.getDataSocket()", ex);
           }
  -
  +        
           return m_dataSoc;
       }
       
       /**
  -     * Get the passive port. Get it from the port pool.
  -     */
  -    private int getPassivePort() {
  -        return m_fconfig.getDataConnectionConfig().getPassivePort();
  -    }
  -    
  -    /**
        * Is secure?
        */
       public boolean isSecure() {
  -        return m_isSecure;
  +        return m_secure;
       }
       
       /**
  -     * Set secure.
  +     * Set the security protocol.
        */
       public void setSecure(boolean secure) {
  -        m_isSecure = secure;
  +        m_secure = secure;
       }
       
       /**
  @@ -248,7 +238,7 @@
       }
       
       /**
  -     * Dispose data connection
  +     * Dispose data connection - close all the sockets.
        */ 
       public void dispose() {
           closeDataSocket();
  
  
  
  1.3       +17 -3     incubator-ftpserver/src/java/org/apache/ftpserver/FtpRequestImpl.java
  
  Index: FtpRequestImpl.java
  ===================================================================
  RCS file: /home/cvs/incubator-ftpserver/src/java/org/apache/ftpserver/FtpRequestImpl.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- FtpRequestImpl.java	9 Sep 2005 11:26:21 -0000	1.2
  +++ FtpRequestImpl.java	4 Oct 2005 07:28:02 -0000	1.3
  @@ -295,11 +295,18 @@
       }
       
       /**
  -     * Get data input stream.
  +     * Get data input stream. The return value will never be null.
        */
       public InputStream getDataInputStream() throws IOException {
           try {
  +            
  +            // get data socket
               Socket dataSoc = m_dataConnection.getDataSocket();
  +            if(dataSoc == null) {
  +                throw new IOException("Cannot open data connection.");
  +            }
  +            
  +            // create input stream
               InputStream is = dataSoc.getInputStream();
               if(m_dataConnection.isZipMode()) {
                   is = new InflaterInputStream(is);
  @@ -313,11 +320,18 @@
       }
       
       /**
  -     * Get data output stream.
  +     * Get data output stream. The return value will never be null.
        */
       public OutputStream getDataOutputStream() throws IOException {
           try {
  +            
  +            // get data socket
               Socket dataSoc = m_dataConnection.getDataSocket();
  +            if(dataSoc == null) {
  +                throw new IOException("Cannot open data connection.");
  +            }
  +            
  +            // create output stream
               OutputStream os = dataSoc.getOutputStream();
               if(m_dataConnection.isZipMode()) {
                   os = new DeflaterOutputStream(os);
  
  
  
  1.5       +3 -3      incubator-ftpserver/src/java/org/apache/ftpserver/RequestHandler.java
  
  Index: RequestHandler.java
  ===================================================================
  RCS file: /home/cvs/incubator-ftpserver/src/java/org/apache/ftpserver/RequestHandler.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- RequestHandler.java	22 Sep 2005 05:34:47 -0000	1.4
  +++ RequestHandler.java	4 Oct 2005 07:28:02 -0000	1.5
  @@ -447,14 +447,14 @@
       /**
        * Create secure socket.
        */
  -    public void createSecureSocket() throws Exception {
  +    public void createSecureSocket(String protocol) throws Exception {
           
           // change socket to SSL socket
           ISsl ssl = m_fconfig.getDataConnectionConfig().getSSL();
           if(ssl == null) {
               throw new FtpException("Socket factory SSL not configured");
           }
  -        Socket ssoc = ssl.createSocket(m_controlSocket, false);
  +        Socket ssoc = ssl.createSocket(protocol, m_controlSocket, false);
           
           // change streams
           m_reader = new BufferedReader(new InputStreamReader(ssoc.getInputStream(), "UTF-8"));
  
  
  
  1.2       +2 -1      incubator-ftpserver/src/java/org/apache/ftpserver/socketfactory/FtpSocketFactory.java
  
  Index: FtpSocketFactory.java
  ===================================================================
  RCS file: /home/cvs/incubator-ftpserver/src/java/org/apache/ftpserver/socketfactory/FtpSocketFactory.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- FtpSocketFactory.java	7 Sep 2005 05:02:21 -0000	1.1
  +++ FtpSocketFactory.java	4 Oct 2005 07:28:02 -0000	1.2
  @@ -66,6 +66,7 @@
               Configuration sslConf = conf.getConfiguration("ssl", null);
               if(sslConf != null) {
                   m_ssl = (ISsl)Class.forName("org.apache.ftpserver.ssl.Ssl").newInstance();
  +                m_ssl.setLogger(m_logger);
                   m_ssl.configure(sslConf);
               }
           }
  
  
  
  1.2       +2 -2      incubator-ftpserver/src/java/org/apache/ftpserver/socketfactory/SSLFtpSocketFactory.java
  
  Index: SSLFtpSocketFactory.java
  ===================================================================
  RCS file: /home/cvs/incubator-ftpserver/src/java/org/apache/ftpserver/socketfactory/SSLFtpSocketFactory.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- SSLFtpSocketFactory.java	7 Sep 2005 05:02:21 -0000	1.1
  +++ SSLFtpSocketFactory.java	4 Oct 2005 07:28:02 -0000	1.2
  @@ -47,6 +47,6 @@
       public ServerSocket createServerSocket() throws Exception {
           InetAddress addr = getServerAddress();
           int port = getPort();
  -        return getSSL().createServerSocket(addr, port);
  +        return getSSL().createServerSocket(null, addr, port);
       }
   }
  
  
  
  1.2       +111 -75   incubator-ftpserver/src/java/org/apache/ftpserver/ssl/Ssl.java
  
  Index: Ssl.java
  ===================================================================
  RCS file: /home/cvs/incubator-ftpserver/src/java/org/apache/ftpserver/ssl/Ssl.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- Ssl.java	7 Sep 2005 05:02:00 -0000	1.1
  +++ Ssl.java	4 Oct 2005 07:28:02 -0000	1.2
  @@ -16,19 +16,13 @@
    */
   package org.apache.ftpserver.ssl;
   
  -import org.apache.ftpserver.ftplet.Configuration;
  -import org.apache.ftpserver.ftplet.FtpException;
  -import org.apache.ftpserver.ftplet.Logger;
  -import org.apache.ftpserver.interfaces.ISsl;
  -import org.apache.ftpserver.util.IoUtils;
  -
   import java.io.FileInputStream;
   import java.net.InetAddress;
   import java.net.ServerSocket;
   import java.net.Socket;
   import java.security.KeyStore;
   import java.security.SecureRandom;
  -import java.security.Security;
  +import java.util.HashMap;
   
   import javax.net.ssl.KeyManagerFactory;
   import javax.net.ssl.SSLContext;
  @@ -38,13 +32,16 @@
   import javax.net.ssl.SSLSocketFactory;
   import javax.net.ssl.TrustManagerFactory;
   
  -import sun.security.provider.Sun;
  -
  -import com.sun.net.ssl.internal.ssl.Provider;
  +import org.apache.ftpserver.ftplet.Configuration;
  +import org.apache.ftpserver.ftplet.FtpException;
  +import org.apache.ftpserver.ftplet.Logger;
  +import org.apache.ftpserver.interfaces.ISsl;
  +import org.apache.ftpserver.util.IoUtils;
   
   
   /**
  - * ISsl implementation.
  + * ISsl implementation. This class encapsulates all 
  + * the SSL functionalities.
    * 
    * @author <a href="mailto:rana_b@yahoo.com">Rana Bhattacharyya</a>
    */
  @@ -56,14 +53,18 @@
       private String m_keystoreFile;
       private String m_keystorePass;
       private String m_keystoreType;
  -    private String m_keystoreProtocol;
       private String m_keystoreAlgorithm;
  +    
  +    private String m_sslProtocol;
       private boolean m_clientAuthReqd;
       private String m_keyPass;
   
  -    private SSLContext m_sslContext;
  -    private SSLSocketFactory m_socketFactory;
  -    private SSLServerSocketFactory m_serverSocketFactory;
  +    private KeyStore m_keyStore;
  +    private KeyManagerFactory m_keyManagerFactory;
  +    private TrustManagerFactory m_trustManagerFactory;
  +    
  +    private HashMap m_sslContextMap;
  +    
       
       /**
        * Set logger.
  @@ -79,86 +80,93 @@
           
           try {
               
  -            // check JSSE installation
  -            Class.forName("com.sun.net.ssl.internal.ssl.Provider");
  -        }
  -        catch(Exception ex) {
  -            throw new FtpException("JSSE not found.");
  -        }
  -        
  -        try {
  -            
               // get configuration parameters
               m_keystoreFile      = conf.getString("keystore-file", "./res/.keystore");
               m_keystorePass      = conf.getString("keystore-password", "password");
               m_keystoreType      = conf.getString("keystore-type", "JKS");
  -            m_keystoreProtocol  = conf.getString("keystore-protocol", "TLS");
               m_keystoreAlgorithm = conf.getString("keystore-algorithm", "SunX509");
  +            m_sslProtocol       = conf.getString("ssl-protocol", "TLS");
               m_clientAuthReqd    = conf.getBoolean("client-authentication", false);
               m_keyPass           = conf.getString("key-password", "password");
               
  -            // get SSL context
  -            m_sslContext = getSSLContext();
  +            // initialize keystore
  +            FileInputStream fin = null;
  +            try {
  +                fin = new FileInputStream(m_keystoreFile);
  +                m_keyStore = KeyStore.getInstance(m_keystoreType);
  +                m_keyStore.load(fin, m_keystorePass.toCharArray());
  +            }
  +            finally {
  +                IoUtils.close(fin);
  +            }
  +            
  +            // initialize key manager factory
  +            m_keyManagerFactory = KeyManagerFactory.getInstance(m_keystoreAlgorithm);
  +            m_keyManagerFactory.init(m_keyStore, m_keyPass.toCharArray());
  +            
  +            // initialize trust manager factory
  +            m_trustManagerFactory = TrustManagerFactory.getInstance(m_keystoreAlgorithm);
  +            m_trustManagerFactory.init(m_keyStore);
  +            
  +            // create ssl context map - the key is the 
  +            // SSL protocol and the value is SSLContext.
  +            m_sslContextMap = new HashMap();
           }
           catch(Exception ex) {
               m_logger.warn("Ssl.configure()", ex);
  -            throw new FtpException("SecureSocketUtil.configure()", ex);
  +            throw new FtpException("Ssl.configure()", ex);
           }
       }
       
       /**
  -     * Get SSL context.
  +     * Get SSL Context.
        */
  -    private SSLContext getSSLContext() throws Exception {
  +    private synchronized SSLContext getSSLContext(String protocol) throws Exception {
           
  -        // initialize keystore
  -        KeyStore keystore = null;
  -        FileInputStream fin = null;
  -        try {
  -            fin = new FileInputStream(m_keystoreFile);
  -            keystore = KeyStore.getInstance(m_keystoreType);
  -            keystore.load(fin, m_keystorePass.toCharArray());
  -        }
  -        finally {
  -            IoUtils.close(fin);
  -        }
  -        
  -        // create SSL context
  -        Security.addProvider(new Sun());
  -        Security.addProvider(new Provider());
  -        SSLContext sslContext = SSLContext.getInstance(m_keystoreProtocol);
  -        
  -        // initialize key manager factory
  -        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(m_keystoreAlgorithm);
  -        keyManagerFactory.init(keystore, m_keyPass.toCharArray());
  -        
  -        // initialize trust manager factory
  -        TrustManagerFactory tmf = TrustManagerFactory.getInstance(m_keystoreAlgorithm);
  -        tmf.init(keystore);
  -        
  -        // initialize SSL context
  -        sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new
SecureRandom());
  -        return sslContext;
  +        // null value check
  +        if(protocol == null) {
  +            protocol = m_sslProtocol;
  +        }
  +        
  +        // if already stored - return it
  +        SSLContext ctx = (SSLContext)m_sslContextMap.get(protocol);
  +        if(ctx != null) {
  +            return ctx;
  +        }
  +        
  +        // create new secure random object
  +        SecureRandom random = new SecureRandom();
  +        random.nextInt();
  +        
  +        // create SSLContext
  +        ctx = SSLContext.getInstance(protocol);
  +        ctx.init(m_keyManagerFactory.getKeyManagers(), 
  +                 m_trustManagerFactory.getTrustManagers(), 
  +                 random);
  +
  +        // store it in map
  +        m_sslContextMap.put(protocol, ctx);
  +        return ctx;
       }
  -    
  +
       /**
        * Create secure server socket.
        */
  -    public ServerSocket createServerSocket(InetAddress addr, 
  -                                              int port) throws Exception {
  -        
  +    public ServerSocket createServerSocket(String protocol,
  +                                           InetAddress addr, 
  +                                           int port) throws Exception {
  +
           // get server socket factory
  -        if(m_serverSocketFactory == null) {
  -            m_serverSocketFactory = m_sslContext.getServerSocketFactory();
  -        }
  +        SSLContext ctx = getSSLContext(protocol);
  +        SSLServerSocketFactory ssocketFactory = ctx.getServerSocketFactory();
           
           // create server socket
           SSLServerSocket serverSocket = null;
           if(addr == null) {
  -            serverSocket = (SSLServerSocket) m_serverSocketFactory.createServerSocket(port,
100);
  +            serverSocket = (SSLServerSocket) ssocketFactory.createServerSocket(port, 100);
           }
           else {
  -            serverSocket = (SSLServerSocket) m_serverSocketFactory.createServerSocket(port,
100, addr);
  +            serverSocket = (SSLServerSocket) ssocketFactory.createServerSocket(port, 100,
addr);
           }
           
           // initialize server socket
  @@ -169,19 +177,25 @@
       }
    
       /**
  -     * Create socket.
  +     * Returns a socket layered over an existing socket.
        */
  -    public Socket createSocket(Socket soc, boolean clientMode) throws Exception {
  +    public Socket createSocket(String protocol,
  +                               Socket soc, 
  +                               boolean clientMode) throws Exception {
  +        
  +        // already wrapped - no need to do anything
  +        if(soc instanceof SSLSocket) {
  +            return soc;
  +        }
           
           // get socket factory
  -        if(m_socketFactory == null) {
  -            m_socketFactory = m_sslContext.getSocketFactory();
  -        }
  +        SSLContext ctx = getSSLContext(protocol);
  +        SSLSocketFactory socFactory = ctx.getSocketFactory();
           
           // create socket
           String host = soc.getInetAddress().getHostAddress();
           int port = soc.getLocalPort();
  -        SSLSocket ssoc = (SSLSocket)m_socketFactory.createSocket(soc, host, port, true);
  +        SSLSocket ssoc = (SSLSocket)socFactory.createSocket(soc, host, port, true);
           ssoc.setUseClientMode(clientMode);
           
           // initialize socket
  @@ -193,7 +207,29 @@
       }
   
       /**
  -     * Dispose.
  +     * Create a secure socket.
  +     */
  +    public Socket createSocket(String protocol,
  +                               InetAddress addr, 
  +                               int port,
  +                               boolean clientMode) throws Exception {
  +
  +        // get socket factory
  +        SSLContext ctx = getSSLContext(protocol);
  +        SSLSocketFactory socFactory = ctx.getSocketFactory();
  +        
  +        // create socket
  +        SSLSocket ssoc = (SSLSocket)socFactory.createSocket(addr, port);
  +        ssoc.setUseClientMode(clientMode);
  +        
  +        // initialize socket
  +        String cipherSuites[] = ssoc.getSupportedCipherSuites();
  +        ssoc.setEnabledCipherSuites(cipherSuites);
  +        return ssoc;
  +    } 
  +    
  +    /**
  +     * Dispose - does nothing.
        */
       public void dispose() {
       }
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: cvs-unsubscribe@incubator.apache.org
For additional commands, e-mail: cvs-help@incubator.apache.org


Mime
View raw message