incubator-ftpserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n..@apache.org
Subject svn commit: r560793 - in /incubator/ftpserver/trunk: core/src/java/org/apache/ftpserver/ core/src/java/org/apache/ftpserver/interfaces/ core/src/java/org/apache/ftpserver/listener/io/ core/src/java/org/apache/ftpserver/listener/mina/ core/src/java/org/...
Date Sun, 29 Jul 2007 19:46:45 GMT
Author: ngn
Date: Sun Jul 29 12:46:43 2007
New Revision: 560793

URL: http://svn.apache.org/viewvc?view=rev&rev=560793
Log:
Using the enabled cipher suites, rather than all for SSL/TLS (FTPSERVER-97)
Adding support for setting what cipher suites should be enabled (FTPSERVER-97)
Refactoring Ssl into a simpler class (not creating sockets as that is only used for the IO
listener)

Added:
    incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/IOCipherSuitesTest.java
  (with props)
    incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/MinaCipherSuitesTest.java
  (with props)
Modified:
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/IODataConnectionFactory.java
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/interfaces/Ssl.java
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/io/IOConnection.java
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/io/IOListener.java
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/mina/MinaConnection.java
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/mina/MinaListener.java
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java
    incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/SSLTestTemplate.java

Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/IODataConnectionFactory.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/IODataConnectionFactory.java?view=diff&rev=560793&r1=560792&r2=560793
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/IODataConnectionFactory.java
(original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/IODataConnectionFactory.java
Sun Jul 29 12:46:43 2007
@@ -19,12 +19,18 @@
 
 package org.apache.ftpserver;
 
+import java.io.IOException;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.ServerSocket;
 import java.net.Socket;
+import java.security.GeneralSecurityException;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
 import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
 
 import org.apache.ftpserver.ftplet.DataConnection;
 import org.apache.ftpserver.ftplet.FtpException;
@@ -152,7 +158,7 @@
                 if(ssl == null) {
                     throw new DataConnectionException("Data connection SSL required but not
configured.");
                 }
-                servSoc = ssl.createServerSocket(null, address, passivePort);
+                servSoc = createServerSocket(ssl, address, passivePort);
                 port = servSoc.getLocalPort();
                 LOG.debug("SSL data connection created on " + address + ":" + port);
             }
@@ -176,6 +182,29 @@
         }
     }
      
+    private ServerSocket createServerSocket(Ssl ssl, InetAddress address2, int passivePort)
throws IOException, GeneralSecurityException {
+        // get server socket factory
+        SSLContext ctx = ssl.getSSLContext();
+        SSLServerSocketFactory ssocketFactory = ctx.getServerSocketFactory();
+        
+        // create server socket
+        SSLServerSocket sslServerSocket = null;
+        if(address2 == null) {
+            sslServerSocket = (SSLServerSocket) ssocketFactory.createServerSocket(passivePort,
100);
+        } else {
+            sslServerSocket = (SSLServerSocket) ssocketFactory.createServerSocket(passivePort,
100, address2);
+        }
+        
+        // initialize server socket
+        sslServerSocket.setNeedClientAuth(ssl.getClientAuthenticationRequired());
+        
+        if(ssl.getEnabledCipherSuites() != null) {
+            sslServerSocket.setEnabledCipherSuites(ssl.getEnabledCipherSuites());
+        }
+        return sslServerSocket;
+    }
+
+
     /* (non-Javadoc)
      * @see org.apache.ftpserver.FtpDataConnectionFactory2#getInetAddress()
      */
@@ -214,11 +243,11 @@
                         throw new FtpException("Data connection SSL not configured");
                     }
                     if(localPort == 0) {
-                        dataSoc = ssl.createSocket(null, address, port, false);
+                        dataSoc = createSocket(ssl, address, port, null, localPort, false);
                     }
                     else {
                         InetAddress localAddr = dataConfig.getActiveLocalAddress();
-                        dataSoc = ssl.createSocket(null, address, port, localAddr, localPort,
false);
+                        dataSoc = createSocket(ssl, address, port, localAddr, localPort,
false);
                     }
                 }
                 else {
@@ -252,6 +281,31 @@
         return dataSoc;
     }
     
+    private Socket createSocket(Ssl ssl, InetAddress address2,
+            int port2, InetAddress localAddress, int localPort, boolean clientMode) throws
IOException, GeneralSecurityException {
+        
+        // get socket factory
+        SSLContext ctx = ssl.getSSLContext();
+        SSLSocketFactory socFactory = ctx.getSocketFactory();
+        
+        // create socket
+        SSLSocket ssoc;
+        if(localPort != 0) {
+            ssoc = (SSLSocket)socFactory.createSocket(address2, port2);
+        } else {
+            ssoc = (SSLSocket)socFactory.createSocket(address2, port2, localAddress, localPort);
+        }
+        ssoc.setUseClientMode(clientMode);
+        
+        
+        // initialize socket
+        if(ssl.getEnabledCipherSuites() != null) {
+            ssoc.setEnabledCipherSuites(ssl.getEnabledCipherSuites());
+        }
+        return ssoc;
+    }
+
+
     /* (non-Javadoc)
      * @see org.apache.ftpserver.FtpDataConnectionFactory2#isSecure()
      */

Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/interfaces/Ssl.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/interfaces/Ssl.java?view=diff&rev=560793&r1=560792&r2=560793
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/interfaces/Ssl.java (original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/interfaces/Ssl.java Sun Jul
29 12:46:43 2007
@@ -19,9 +19,6 @@
 
 package org.apache.ftpserver.interfaces;
 
-import java.net.InetAddress;
-import java.net.ServerSocket;
-import java.net.Socket;
 import java.security.GeneralSecurityException;
 
 import javax.net.ssl.SSLContext;
@@ -35,38 +32,12 @@
     SSLContext getSSLContext() throws GeneralSecurityException;
     SSLContext getSSLContext(String protocol) throws GeneralSecurityException;
     
-    boolean getClientAuthenticationRequired();
-    
-    
     /**
-     * Create secure server socket.
+     * Returns the cipher suites that should be enabled for this connection.
+     * Must return null if the default (as decided by the JVM) cipher suites
+     * should be used.
+     * @return An array of cipher suites, or null.
      */
-    ServerSocket createServerSocket(String protocol, 
-                                    InetAddress addr, 
-                                    int port) throws Exception;
-    
-    /**
-     * Returns a socket layered over an existing socket.
-     */
-    Socket createSocket(String protocol,
-                        Socket soc, 
-                        boolean clientMode) throws Exception;
-    
-    /**
-     * Create a secure socket.
-     */
-    Socket createSocket(String protocol,
-                        InetAddress host, 
-                        int port,
-                        boolean clientMode) throws Exception;
-    
-    /**
-     * Create a secure socket.
-     */
-    Socket createSocket(String protocol,
-                        InetAddress host,
-                        int port,
-                        InetAddress localhost,
-                        int localport,
-                        boolean clientMode) throws Exception;
+    String[] getEnabledCipherSuites();
+    boolean getClientAuthenticationRequired();
 }

Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/io/IOConnection.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/io/IOConnection.java?view=diff&rev=560793&r1=560792&r2=560793
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/io/IOConnection.java
(original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/io/IOConnection.java
Sun Jul 29 12:46:43 2007
@@ -25,9 +25,11 @@
 import java.net.Socket;
 import java.net.SocketException;
 
+import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
 
 import org.apache.ftpserver.IODataConnectionFactory;
 import org.apache.ftpserver.FtpRequestImpl;
@@ -201,6 +203,39 @@
     }   
     
     /**
+     * Returns a socket layered over an existing socket.
+     */
+    private Socket createSocket(Ssl ssl, String protocol,
+                               Socket soc, 
+                               boolean clientMode) throws Exception {
+        // already wrapped - no need to do anything
+        if(soc instanceof SSLSocket) {
+            return soc;
+        }
+        
+        // get socket factory
+        SSLContext ctx = ssl.getSSLContext(protocol);
+        SSLSocketFactory socFactory = ctx.getSocketFactory();
+        
+        // create socket
+        String host = soc.getInetAddress().getHostAddress();
+        int port = soc.getLocalPort();
+        SSLSocket ssoc = (SSLSocket)socFactory.createSocket(soc, host, port, true);
+        ssoc.setUseClientMode(clientMode);
+        
+        // initialize socket
+        ssoc.setNeedClientAuth(ssl.getClientAuthenticationRequired());
+
+        if(ssl.getEnabledCipherSuites() != null) {
+            ssoc.setEnabledCipherSuites(ssl.getEnabledCipherSuites());
+        }
+
+        
+        return ssoc;
+    }
+
+    
+    /**
      * Create secure socket.
      */
     public void afterSecureControlChannel(FtpServerSession ftpSession, String protocol) throws
Exception {
@@ -210,7 +245,7 @@
         if(ssl == null) {
             throw new FtpException("Socket factory SSL not configured");
         }
-        Socket ssoc = ssl.createSocket(protocol, controlSocket, false);
+        Socket ssoc = createSocket(ssl, protocol, controlSocket, false);
         
         // change streams
         reader = new BufferedReader(new InputStreamReader(ssoc.getInputStream(), "UTF-8"));

Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/io/IOListener.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/io/IOListener.java?view=diff&rev=560793&r1=560792&r2=560793
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/io/IOListener.java
(original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/io/IOListener.java
Sun Jul 29 12:46:43 2007
@@ -24,7 +24,12 @@
 import java.net.Socket;
 import java.net.SocketException;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+
 import org.apache.ftpserver.interfaces.FtpServerContext;
+import org.apache.ftpserver.interfaces.Ssl;
 import org.apache.ftpserver.listener.AbstractListener;
 import org.apache.ftpserver.listener.Connection;
 import org.apache.ftpserver.listener.ConnectionManager;
@@ -65,19 +70,39 @@
      * Create server socket.
      */
     private ServerSocket createServerSocket() throws Exception { 
-        ServerSocket ssocket = null;
+        ServerSocket serverSocket = null;
         
         if(isImplicitSsl()) {
-            ssocket = getSsl().createServerSocket(null, getServerAddress(), getPort());
+            Ssl ssl = getSsl();
+            
+            // get server socket factory
+            SSLContext ctx = ssl.getSSLContext();
+            SSLServerSocketFactory ssocketFactory = ctx.getServerSocketFactory();
+            
+            // create server socket
+            SSLServerSocket sslServerSocket = null;
+            if(getServerAddress() == null) {
+                sslServerSocket = (SSLServerSocket) ssocketFactory.createServerSocket(getPort(),
100);
+            } else {
+                sslServerSocket = (SSLServerSocket) ssocketFactory.createServerSocket(getPort(),
100, getServerAddress());
+            }
+            
+            // initialize server socket
+            sslServerSocket.setNeedClientAuth(ssl.getClientAuthenticationRequired());
+            
+            if(ssl.getEnabledCipherSuites() != null) {
+                sslServerSocket.setEnabledCipherSuites(ssl.getEnabledCipherSuites());
+            }
+            serverSocket = sslServerSocket;
         } else  {
             if(getServerAddress() == null) {
-                ssocket = new ServerSocket(getPort(), 100);
+                serverSocket = new ServerSocket(getPort(), 100);
             } else {
-                ssocket = new ServerSocket(getPort(), 100, getServerAddress());
+                serverSocket = new ServerSocket(getPort(), 100, getServerAddress());
             }
         }
         
-        return ssocket;
+        return serverSocket;
     }
 
     /**

Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/mina/MinaConnection.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/mina/MinaConnection.java?view=diff&rev=560793&r1=560792&r2=560793
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/mina/MinaConnection.java
(original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/mina/MinaConnection.java
Sun Jul 29 12:46:43 2007
@@ -97,6 +97,10 @@
             
             SSLFilter sslFilter = new SSLFilter( ssl.getSSLContext() );
             sslFilter.setNeedClientAuth(ssl.getClientAuthenticationRequired());
+            
+            if(ssl.getEnabledCipherSuites() != null) {
+                sslFilter.setEnabledCipherSuites(ssl.getEnabledCipherSuites());
+            }
             session.getFilterChain().addFirst("sslSessionFilter", sslFilter);
 
         } else {

Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/mina/MinaListener.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/mina/MinaListener.java?view=diff&rev=560793&r1=560792&r2=560793
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/mina/MinaListener.java
(original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/listener/mina/MinaListener.java
Sun Jul 29 12:46:43 2007
@@ -24,6 +24,7 @@
 import java.security.GeneralSecurityException;
 
 import org.apache.ftpserver.interfaces.FtpServerContext;
+import org.apache.ftpserver.interfaces.Ssl;
 import org.apache.ftpserver.listener.AbstractListener;
 import org.apache.ftpserver.listener.FtpProtocolHandler;
 import org.apache.ftpserver.listener.Listener;
@@ -96,14 +97,15 @@
         ((SocketSessionConfig) cfg.getSessionConfig()).setReceiveBufferSize(512); 
         
         if(isImplicitSsl()) {
-            try {
-                SSLFilter sslFilter = new SSLFilter( getSsl().getSSLContext() );
-                cfg.getFilterChain().addFirst("sslFilter", sslFilter);
-
-            } catch (GeneralSecurityException e) {
-                throw e;
+            Ssl ssl = getSsl();
+            SSLFilter sslFilter = new SSLFilter( ssl.getSSLContext() );
+            
+            sslFilter.setNeedClientAuth(ssl.getClientAuthenticationRequired());
+            if(ssl.getEnabledCipherSuites() != null) {
+                sslFilter.setEnabledCipherSuites(ssl.getEnabledCipherSuites());
             }
             
+            cfg.getFilterChain().addFirst("sslFilter", sslFilter);
         }
         
         protocolHandler = new MinaFtpProtocolHandler(serverContext, new FtpProtocolHandler(serverContext),
this);

Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java?view=diff&rev=560793&r1=560792&r2=560793
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java (original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java Sun Jul
29 12:46:43 2007
@@ -21,19 +21,12 @@
 
 import java.io.File;
 import java.io.FileInputStream;
-import java.net.InetAddress;
-import java.net.ServerSocket;
-import java.net.Socket;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.util.HashMap;
 
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLServerSocket;
-import javax.net.ssl.SSLServerSocketFactory;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManagerFactory;
 
 import org.apache.ftpserver.FtpServerConfigurationException;
@@ -65,6 +58,8 @@
     private TrustManagerFactory trustManagerFactory;
     
     private HashMap sslContextMap;
+
+    private String[] enabledCipherSuites;
     
     public void setKeystoreFile(File keyStoreFile) {
         this.keystoreFile = keyStoreFile;
@@ -161,114 +156,8 @@
 
         // store it in map
         sslContextMap.put(protocol, ctx);
-        return ctx;
-    }
-
-    /**
-     * Create secure server socket.
-     */
-    public ServerSocket createServerSocket(String protocol,
-                                           InetAddress addr, 
-                                           int port) throws Exception {
-        lazyInit();
-        
-        // get server socket factory
-        SSLContext ctx = getSSLContext(protocol);
-        SSLServerSocketFactory ssocketFactory = ctx.getServerSocketFactory();
-        
-        // create server socket
-        SSLServerSocket serverSocket = null;
-        if(addr == null) {
-            serverSocket = (SSLServerSocket) ssocketFactory.createServerSocket(port, 100);
-        }
-        else {
-            serverSocket = (SSLServerSocket) ssocketFactory.createServerSocket(port, 100,
addr);
-        }
-        
-        // initialize server socket
-        String cipherSuites[] = serverSocket.getSupportedCipherSuites();
-        serverSocket.setEnabledCipherSuites(cipherSuites);
-        serverSocket.setNeedClientAuth(clientAuthReqd);
-        return serverSocket;
-    }
- 
-    /**
-     * Returns a socket layered over an existing socket.
-     */
-    public Socket createSocket(String protocol,
-                               Socket soc, 
-                               boolean clientMode) throws Exception {
-        lazyInit();
-        
-        // already wrapped - no need to do anything
-        if(soc instanceof SSLSocket) {
-            return soc;
-        }
-        
-        // get socket factory
-        SSLContext ctx = getSSLContext(protocol);
-        SSLSocketFactory socFactory = ctx.getSocketFactory();
-        
-        // create socket
-        String host = soc.getInetAddress().getHostAddress();
-        int port = soc.getLocalPort();
-        SSLSocket ssoc = (SSLSocket)socFactory.createSocket(soc, host, port, true);
-        ssoc.setUseClientMode(clientMode);
-        
-        // initialize socket
-        String cipherSuites[] = ssoc.getSupportedCipherSuites();
-        ssoc.setEnabledCipherSuites(cipherSuites);
-        ssoc.setNeedClientAuth(clientAuthReqd);
         
-        return ssoc;
-    }
-
-    /**
-     * Create a secure socket.
-     */
-    public Socket createSocket(String protocol,
-                               InetAddress addr, 
-                               int port,
-                               boolean clientMode) throws Exception {
-        lazyInit();
-        
-        // get socket factory
-        SSLContext ctx = getSSLContext(protocol);
-        SSLSocketFactory socFactory = ctx.getSocketFactory();
-        
-        // create socket
-        SSLSocket ssoc = (SSLSocket)socFactory.createSocket(addr, port);
-        ssoc.setUseClientMode(clientMode);
-        
-        // initialize socket
-        String cipherSuites[] = ssoc.getSupportedCipherSuites();
-        ssoc.setEnabledCipherSuites(cipherSuites);
-        return ssoc;
-    } 
-    
-    /**
-     * Create a secure socket.
-     */
-    public Socket createSocket(String protocol,
-                               InetAddress host,
-                               int port,
-                               InetAddress localhost,
-                               int localport,
-                               boolean clientMode) throws Exception {
-        lazyInit();
-        
-        // get socket factory
-        SSLContext ctx = getSSLContext(protocol);
-        SSLSocketFactory socFactory = ctx.getSocketFactory();
-        
-        // create socket
-        SSLSocket ssoc = (SSLSocket)socFactory.createSocket(host, port, localhost, localport);
-        ssoc.setUseClientMode(clientMode);
-        
-        // initialize socket
-        String cipherSuites[] = ssoc.getSupportedCipherSuites();
-        ssoc.setEnabledCipherSuites(cipherSuites);
-        return ssoc;
+        return ctx;
     }
     
     /**
@@ -283,5 +172,13 @@
 
     public SSLContext getSSLContext() throws GeneralSecurityException {
         return getSSLContext(sslProtocol);
+    }
+
+    public String[] getEnabledCipherSuites() {
+        return enabledCipherSuites;
+    }
+    
+    public void setEnabledCipherSuites(String[] enabledCipherSuites) {
+        this.enabledCipherSuites = enabledCipherSuites;
     }
 }

Added: incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/IOCipherSuitesTest.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/IOCipherSuitesTest.java?view=auto&rev=560793
==============================================================================
--- incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/IOCipherSuitesTest.java
(added)
+++ incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/IOCipherSuitesTest.java
Sun Jul 29 12:46:43 2007
@@ -0,0 +1,82 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ftpserver.ssl;
+
+import java.util.Properties;
+
+import javax.net.ssl.SSLHandshakeException;
+
+import org.apache.commons.net.ftp.FTPSClient;
+import org.apache.ftpserver.listener.io.IOListener;
+
+public class IOCipherSuitesTest extends SSLTestTemplate {
+
+    protected String getAuthValue() {
+        return "TLS";
+    }
+    
+    protected Properties createConfig() {
+        Properties config = super.createConfig();
+        config.setProperty("config.listeners.default.class", IOListener.class.getName());
+        config.setProperty("config.listeners.default.implicitSsl",
+        "true");
+
+        config.setProperty("config.listeners.default.ssl.enabledCipherSuites", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA");
+
+        return config;
+    }
+
+    protected FTPSClient createFTPClient() throws Exception {
+        return new FTPSClient(true);
+    }
+
+    protected void doConnect() throws Exception {
+    }
+
+    
+    /*
+     * Only certain cipher suites will work with the keys and protocol 
+     * we're using for this test. 
+     * Two suites known to work is:
+     *  * SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
+     *  * SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
+     */
+    public void testEnabled() throws Exception {
+        
+        client.setEnabledCipherSuites(new String[]{ 
+                "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"});
+        
+        super.doConnect();
+    }
+    
+    public void testDisabled() throws Exception {
+        
+        client.setEnabledCipherSuites(new String[]{ 
+                "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"});
+        
+        try {
+            super.doConnect();
+            fail("Must throw SSLHandshakeException"); 
+        } catch(SSLHandshakeException e) {
+            // OK
+        }
+    }
+
+}

Propchange: incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/IOCipherSuitesTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/MinaCipherSuitesTest.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/MinaCipherSuitesTest.java?view=auto&rev=560793
==============================================================================
--- incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/MinaCipherSuitesTest.java
(added)
+++ incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/MinaCipherSuitesTest.java
Sun Jul 29 12:46:43 2007
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ftpserver.ssl;
+
+import java.util.Properties;
+
+import org.apache.ftpserver.listener.mina.MinaListener;
+
+public class MinaCipherSuitesTest extends IOCipherSuitesTest {
+
+    protected Properties createConfig() {
+        Properties config = super.createConfig();
+        config.setProperty("config.listeners.default.class", MinaListener.class.getName());
+
+        return config;
+    }
+}

Propchange: incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/MinaCipherSuitesTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/SSLTestTemplate.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/SSLTestTemplate.java?view=diff&rev=560793&r1=560792&r2=560793
==============================================================================
--- incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/SSLTestTemplate.java
(original)
+++ incubator/ftpserver/trunk/ssl-tests/src/test/org/apache/ftpserver/ssl/SSLTestTemplate.java
Sun Jul 29 12:46:43 2007
@@ -22,6 +22,7 @@
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
+import java.net.SocketException;
 import java.util.Properties;
 
 import javax.net.ssl.SSLException;
@@ -45,7 +46,7 @@
 
 public abstract class SSLTestTemplate extends TestCase {
 
-    private final Logger LOG = LoggerFactory.getLogger(ConfigurableFtpServerContext.class);
+    private final Logger LOG = LoggerFactory.getLogger(SSLTestTemplate.class);
     
     private static final File USERS_FILE = new File(getBaseDir(), "src/test/users.gen");
     protected static final File FTPCLIENT_KEYSTORE = new File(getBaseDir(), "src/test/client.jks");
@@ -85,7 +86,7 @@
         assertTrue(FTPSERVER_KEYSTORE.exists());
         
         Properties configProps = new Properties();
-        configProps.setProperty("config.listeners.default.class", MinaListener.class.getName());
+        configProps.setProperty("config.listeners.default.class", IOListener.class.getName());
         configProps.setProperty("config.listeners.default.port", Integer
                 .toString(port));
         configProps.setProperty("config.listeners.default.ssl.class",
@@ -215,16 +216,24 @@
             }
         });
 
+        doConnect();
+    }
+
+    protected void doConnect() throws Exception {
         int attempts = 0;
         
+        Exception lastException = null;
         while(attempts < 5) {
             try {
                 client.connect("localhost", port);
+                lastException = null;
                 break;
             } catch (SSLException e) {
                 // try again
+                lastException = e;
             } catch (FTPConnectionClosedException e) {
                 // try again
+                lastException = e;
             }
             
             System.out.println("Retrying!");
@@ -232,6 +241,9 @@
             attempts++;
         }
         
+        if(lastException != null) {
+            throw lastException;
+        }
     }
 
     protected void cleanTmpDirs() throws IOException {



Mime
View raw message