incubator-ftpserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n..@apache.org
Subject svn commit: r571196 - in /incubator/ftpserver/trunk/core/src: java/org/apache/ftpserver/ssl/ java/org/apache/ftpserver/util/ test/ test/org/apache/ftpserver/ssl/ test/org/apache/ftpserver/util/
Date Thu, 30 Aug 2007 14:56:31 GMT
Author: ngn
Date: Thu Aug 30 07:56:30 2007
New Revision: 571196

URL: http://svn.apache.org/viewvc?rev=571196&view=rev
Log:
Adding support for setting an key alias to be specifically choosen for SSL (FTPSERVER-93)

Added:
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java
  (with props)
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java
  (with props)
    incubator/ftpserver/trunk/core/src/test/keymanager-test.jks   (with props)
    incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/
    incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java
  (with props)
    incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java 
 (with props)
    incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java
  (with props)
Modified:
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java
    incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/util/ClassUtils.java
    incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/util/ClassUtilsTest.java

Added: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java?rev=571196&view=auto
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java
(added)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java
Thu Aug 30 07:56:30 2007
@@ -0,0 +1,178 @@
+/*
+ * Copyright 1999-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ftpserver.ssl;
+
+import java.net.Socket;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.X509KeyManager;
+
+
+/**
+ * X509KeyManager which allows selection of a specific keypair and certificate
+ * chain (identified by their keystore alias name) to be used by the server to
+ * authenticate itself to SSL clients.
+ * 
+ * This class is only used on Java 1.4 systems, on Java 1.5 and newer 
+ * the @see {@link ExtendedAliasKeyManager} is used instead
+ * 
+ * Based of org.apache.tomcat.util.net.jsse.JSSEKeyManager.
+ */
+public final class AliasKeyManager implements X509KeyManager {
+
+	private X509KeyManager delegate;
+	private String serverKeyAlias;
+
+	/**
+	 * Constructor.
+	 * 
+	 * @param mgr
+	 *            The X509KeyManager used as a delegate
+	 * @param keyStore
+	 * @param serverKeyAlias
+	 *            The alias name of the server's keypair and supporting
+	 *            certificate chain
+	 * @param keyAlias
+	 */
+	public AliasKeyManager(KeyManager mgr, String keyAlias) {
+		this.delegate = (X509KeyManager)mgr;
+		this.serverKeyAlias = keyAlias;
+	}
+
+	/**
+	 * Choose an alias to authenticate the client side of a secure socket, given
+	 * the public key type and the list of certificate issuer authorities
+	 * recognized by the peer (if any).
+	 * 
+	 * @param keyType
+	 *            The key algorithm type name(s), ordered with the
+	 *            most-preferred key type first
+	 * @param issuers
+	 *            The list of acceptable CA issuer subject names, or null if it
+	 *            does not matter which issuers are used
+	 * @param socket
+	 *            The socket to be used for this connection. This parameter can
+	 *            be null, in which case this method will return the most
+	 *            generic alias to use
+	 * 
+	 * @return The alias name for the desired key, or null if there are no
+	 *         matches
+	 */
+	public String chooseClientAlias(String[] keyType, Principal[] issuers,
+			Socket socket) {
+		return delegate.chooseClientAlias(keyType, issuers, socket);
+	}
+
+	/**
+	 * Returns this key manager's server key alias that was provided in the
+	 * constructor.
+	 * 
+	 * @param keyType
+	 *            The key algorithm type name
+	 * @param issuers
+	 *            The list of acceptable CA issuer subject names, or null if it
+	 *            does not matter which issuers are used (ignored)
+	 * @param socket
+	 *            The socket to be used for this connection. This parameter can
+	 *            be null, in which case this method will return the most
+	 *            generic alias to use (ignored)
+	 * 
+	 * @return Alias name for the desired key
+	 */
+	public String chooseServerAlias(String keyType, Principal[] issuers,
+			Socket socket) {
+		if (serverKeyAlias != null) {
+			PrivateKey key = delegate.getPrivateKey(serverKeyAlias);
+			if (key != null) {
+				if (key.getAlgorithm().equals(keyType)) {
+					return serverKeyAlias;
+				} else {
+					return null;
+				}
+			} else {
+				return null;
+			}
+		} else {
+			return delegate.chooseServerAlias(keyType, issuers, socket);
+		}
+	}
+
+	/**
+	 * Returns the certificate chain associated with the given alias.
+	 * 
+	 * @param alias
+	 *            The alias name
+	 * 
+	 * @return Certificate chain (ordered with the user's certificate first and
+	 *         the root certificate authority last), or null if the alias can't
+	 *         be found
+	 */
+	public X509Certificate[] getCertificateChain(String alias) {
+		return delegate.getCertificateChain(alias);
+	}
+
+	/**
+	 * Get the matching aliases for authenticating the client side of a secure
+	 * socket, given the public key type and the list of certificate issuer
+	 * authorities recognized by the peer (if any).
+	 * 
+	 * @param keyType
+	 *            The key algorithm type name
+	 * @param issuers
+	 *            The list of acceptable CA issuer subject names, or null if it
+	 *            does not matter which issuers are used
+	 * 
+	 * @return Array of the matching alias names, or null if there were no
+	 *         matches
+	 */
+	public String[] getClientAliases(String keyType, Principal[] issuers) {
+		return delegate.getClientAliases(keyType, issuers);
+	}
+
+	/**
+	 * Get the matching aliases for authenticating the server side of a secure
+	 * socket, given the public key type and the list of certificate issuer
+	 * authorities recognized by the peer (if any).
+	 * 
+	 * @param keyType
+	 *            The key algorithm type name
+	 * @param issuers
+	 *            The list of acceptable CA issuer subject names, or null if it
+	 *            does not matter which issuers are used
+	 * 
+	 * @return Array of the matching alias names, or null if there were no
+	 *         matches
+	 */
+	public String[] getServerAliases(String keyType, Principal[] issuers) {
+		return delegate.getServerAliases(keyType, issuers);
+	}
+
+	/**
+	 * Returns the key associated with the given alias.
+	 * 
+	 * @param alias
+	 *            The alias name
+	 * 
+	 * @return The requested key, or null if the alias can't be found
+	 */
+	public PrivateKey getPrivateKey(String alias) {
+		return delegate.getPrivateKey(alias);
+	}
+}

Propchange: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java?rev=571196&r1=571195&r2=571196&view=diff
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java (original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java Thu Aug
30 07:56:30 2007
@@ -30,6 +30,7 @@
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509KeyManager;
 
 import org.apache.ftpserver.FtpServerConfigurationException;
 import org.apache.ftpserver.util.IoUtils;
@@ -58,7 +59,7 @@
     private String sslProtocol = "TLS";
     private ClientAuth clientAuthReqd = ClientAuth.NONE;
     private String keyPass;
-
+    private String keyAlias;
 
     private KeyManagerFactory keyManagerFactory;
     private TrustManagerFactory trustManagerFactory;
@@ -236,14 +237,17 @@
         
         KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
         
-        // wrap key managers to allow us to control their behavior
-        // FTPSERVER-93, currently not working as described in the issue
-        //for (int i = 0; i < keyManagers.length; i++) {
-        //  if(keyManagers[i] instanceof X509KeyManager) {
-        //      X509KeyManager keyManager = (X509KeyManager) keyManagers[i];
-        //      keyManagers[i] = new JSSEKeyManager(keyManager, keyAlias);
-        //  }
-        //} 
+        // wrap key managers to allow us to control their behavior (FTPSERVER-93)
+        for (int i = 0; i < keyManagers.length; i++) {
+          if(implementsInterface(keyManagers[i].getClass(), "javax.net.ssl.X509ExtendedKeyManager"))
{
+        	  keyManagers[i] = new ExtendedAliasKeyManager(keyManagers[i], keyAlias);
+          } else if(keyManagers[i] instanceof X509KeyManager) {
+        	  keyManagers[i] = new AliasKeyManager(keyManagers[i], keyAlias);
+          }
+        } 
+        
+        // create SSLContext
+        ctx = SSLContext.getInstance(protocol);
         
         ctx.init(keyManagers, 
                  trustManagerFactory.getTrustManagers(), 
@@ -254,6 +258,18 @@
         
         return ctx;
     }
+    
+    private boolean implementsInterface(Class clazz, String interfaceName) {
+    	Class[] interfaces = clazz.getInterfaces();
+    	
+    	for (int i = 0; i < interfaces.length; i++) {
+			if(interfaces[i].getName().equals(interfaceName)) {
+				return true;
+			}
+		}
+    	
+    	return false;
+    }
 
     public ClientAuth getClientAuth() {
         return clientAuthReqd;
@@ -275,9 +291,9 @@
      * Get the server key alias to be used for SSL communication
      * @return The alias, or null if none is set
      */
-//    public String getKeyAlias() {
-//        return keyAlias;
-//    }
+    public String getKeyAlias() {
+        return keyAlias;
+    }
 
     /**
      * Set the alias for the key to be used for SSL communication.
@@ -286,7 +302,7 @@
      * @param keyAlias The alias to use, or null if JSSE should
      *          be allowed to choose the key.
      */
-//    public void setKeyAlias(String keyAlias) {
-//        this.keyAlias = keyAlias;
-//    }
+    public void setKeyAlias(String keyAlias) {
+        this.keyAlias = keyAlias;
+    }
 }

Added: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java?rev=571196&view=auto
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java
(added)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java
Thu Aug 30 07:56:30 2007
@@ -0,0 +1,232 @@
+/*
+ * Copyright 1999-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ftpserver.ssl;
+
+import java.net.Socket;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedKeyManager;
+
+
+/**
+ * X509KeyManager which allows selection of a specific keypair and certificate
+ * chain (identified by their keystore alias name) to be used by the server to
+ * authenticate itself to SSL clients.
+ * 
+ * Based of org.apache.tomcat.util.net.jsse.JSSEKeyManager.
+ */
+public final class ExtendedAliasKeyManager extends X509ExtendedKeyManager {
+
+	private X509ExtendedKeyManager delegate;
+	private String serverKeyAlias;
+
+	/**
+	 * Constructor.
+	 * 
+	 * @param mgr
+	 *            The X509KeyManager used as a delegate
+	 * @param keyStore
+	 * @param serverKeyAlias
+	 *            The alias name of the server's keypair and supporting
+	 *            certificate chain
+	 * @param keyAlias
+	 */
+	public ExtendedAliasKeyManager(KeyManager mgr, String keyAlias) {
+		this.delegate = (X509ExtendedKeyManager)mgr;
+		this.serverKeyAlias = keyAlias;
+	}
+
+	/**
+	 * Choose an alias to authenticate the client side of a secure socket, given
+	 * the public key type and the list of certificate issuer authorities
+	 * recognized by the peer (if any).
+	 * 
+	 * @param keyType
+	 *            The key algorithm type name(s), ordered with the
+	 *            most-preferred key type first
+	 * @param issuers
+	 *            The list of acceptable CA issuer subject names, or null if it
+	 *            does not matter which issuers are used
+	 * @param socket
+	 *            The socket to be used for this connection. This parameter can
+	 *            be null, in which case this method will return the most
+	 *            generic alias to use
+	 * 
+	 * @return The alias name for the desired key, or null if there are no
+	 *         matches
+	 */
+	public String chooseClientAlias(String[] keyType, Principal[] issuers,
+			Socket socket) {
+		return delegate.chooseClientAlias(keyType, issuers, socket);
+	}
+
+	/**
+	 * Returns this key manager's server key alias that was provided in the
+	 * constructor if matching the key type.
+	 * 
+	 * @param keyType
+	 *            The key algorithm type name
+	 * @param issuers
+	 *            The list of acceptable CA issuer subject names, or null if it
+	 *            does not matter which issuers are used (ignored)
+	 * @param socket
+	 *            The socket to be used for this connection. This parameter can
+	 *            be null, in which case this method will return the most
+	 *            generic alias to use (ignored)
+	 * 
+	 * @return Alias name for the desired key
+	 */
+	public String chooseServerAlias(String keyType, Principal[] issuers,
+			Socket socket) {
+		if (serverKeyAlias != null) {
+			PrivateKey key = delegate.getPrivateKey(serverKeyAlias);
+			if (key != null) {
+				if (key.getAlgorithm().equals(keyType)) {
+					return serverKeyAlias;
+				} else {
+					return null;
+				}
+			} else {
+				return null;
+			}
+		} else {
+			return delegate.chooseServerAlias(keyType, issuers, socket);
+		}
+	}
+
+	/**
+	 * Returns the certificate chain associated with the given alias.
+	 * 
+	 * @param alias
+	 *            The alias name
+	 * 
+	 * @return Certificate chain (ordered with the user's certificate first and
+	 *         the root certificate authority last), or null if the alias can't
+	 *         be found
+	 */
+	public X509Certificate[] getCertificateChain(String alias) {
+		return delegate.getCertificateChain(alias);
+	}
+
+	/**
+	 * Get the matching aliases for authenticating the client side of a secure
+	 * socket, given the public key type and the list of certificate issuer
+	 * authorities recognized by the peer (if any).
+	 * 
+	 * @param keyType
+	 *            The key algorithm type name
+	 * @param issuers
+	 *            The list of acceptable CA issuer subject names, or null if it
+	 *            does not matter which issuers are used
+	 * 
+	 * @return Array of the matching alias names, or null if there were no
+	 *         matches
+	 */
+	public String[] getClientAliases(String keyType, Principal[] issuers) {
+		return delegate.getClientAliases(keyType, issuers);
+	}
+
+	/**
+	 * Get the matching aliases for authenticating the server side of a secure
+	 * socket, given the public key type and the list of certificate issuer
+	 * authorities recognized by the peer (if any).
+	 * 
+	 * @param keyType
+	 *            The key algorithm type name
+	 * @param issuers
+	 *            The list of acceptable CA issuer subject names, or null if it
+	 *            does not matter which issuers are used
+	 * 
+	 * @return Array of the matching alias names, or null if there were no
+	 *         matches
+	 */
+	public String[] getServerAliases(String keyType, Principal[] issuers) {
+		return delegate.getServerAliases(keyType, issuers);
+	}
+
+	/**
+	 * Returns the key associated with the given alias.
+	 * 
+	 * @param alias
+	 *            The alias name
+	 * 
+	 * @return The requested key, or null if the alias can't be found
+	 */
+	public PrivateKey getPrivateKey(String alias) {
+		return delegate.getPrivateKey(alias);
+	}
+
+	/**
+	 * Choose an alias to authenticate the client side of a secure socket, given
+	 * the public key type and the list of certificate issuer authorities
+	 * recognized by the peer (if any).
+	 * @param keyType
+	 *            The key algorithm type name
+	 * @param issuers
+	 *            The list of acceptable CA issuer subject names, or null if it
+	 *            does not matter which issuers are used (ignored)
+	 * @param socket
+	 *            The socket to be used for this connection. This parameter can
+	 *            be null, in which case this method will return the most
+	 *            generic alias to use (ignored)
+	 * @return The alias name for the desired key, or null if there are no
+	 *         matches          
+	 */
+	public String chooseEngineClientAlias(String[] keyType,
+			Principal[] issuers, SSLEngine engine) {
+		return delegate.chooseEngineClientAlias(keyType, issuers, engine);
+	}
+
+	/**
+	 * Returns this key manager's server key alias that was provided in the
+	 * constructor if matching the key type.
+	 * 
+	 * @param keyType
+	 *            The key algorithm type name
+	 * @param issuers
+	 *            The list of acceptable CA issuer subject names, or null if it
+	 *            does not matter which issuers are used (ignored)
+	 * @param socket
+	 *            The socket to be used for this connection. This parameter can
+	 *            be null, in which case this method will return the most
+	 *            generic alias to use (ignored)
+	 * 
+	 * @return Alias name for the desired key
+	 */
+	public String chooseEngineServerAlias(String keyType, Principal[] issuers,
+			SSLEngine engine) {
+
+		if (serverKeyAlias != null) {
+			PrivateKey key = delegate.getPrivateKey(serverKeyAlias);
+			if (key != null) {
+				if (key.getAlgorithm().equals(keyType)) {
+					return serverKeyAlias;
+				} else {
+					return null;
+				}
+			} else {
+				return null;
+			}
+		} else {
+			return delegate.chooseEngineServerAlias(keyType, issuers, engine);
+		}
+	}
+}

Propchange: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/util/ClassUtils.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/util/ClassUtils.java?rev=571196&r1=571195&r2=571196&view=diff
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/util/ClassUtils.java (original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/util/ClassUtils.java Thu
Aug 30 07:56:30 2007
@@ -375,4 +375,17 @@
 
         return castValue;
     }
+    
+    
+    public static boolean implementsInterface(Class clazz, String interfaceName) {
+    	Class[] interfaces = clazz.getInterfaces();
+    	
+    	for (int i = 0; i < interfaces.length; i++) {
+			if(interfaces[i].getName().equals(interfaceName)) {
+				return true;
+			}
+		}
+    	
+    	return false;
+    }
 }

Added: incubator/ftpserver/trunk/core/src/test/keymanager-test.jks
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/keymanager-test.jks?rev=571196&view=auto
==============================================================================
Binary file - no diff available.

Propchange: incubator/ftpserver/trunk/core/src/test/keymanager-test.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java?rev=571196&view=auto
==============================================================================
--- incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java
(added)
+++ incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java
Thu Aug 30 07:56:30 2007
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */  
+
+package org.apache.ftpserver.ssl;
+
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+
+import junit.framework.TestCase;
+
+public class AliasKeymanagerTest extends TestCase {
+
+	
+	
+	private KeyManager km;
+
+	protected void setUp() throws Exception {
+		KeyStore ks = KeyStore.getInstance("JKS");
+		
+		FileInputStream fis = new FileInputStream("src/test/keymanager-test.jks");
+		ks.load(fis, "".toCharArray());
+		
+		KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+		kmf.init(ks, "".toCharArray());
+		
+		km = kmf.getKeyManagers()[0];
+	}
+
+	public void testServerAliasWithAliasDSAKey() throws Exception {
+		AliasKeyManager akm = new AliasKeyManager(km, "dsakey");
+		
+		assertEquals("dsakey", akm.chooseServerAlias("DSA", null, null));
+		assertEquals(null, akm.chooseServerAlias("RSA", null, null));
+	}
+
+	public void testServerAliasWithAliasRSAKey() throws Exception {
+		AliasKeyManager akm = new AliasKeyManager(km, "rsakey");
+		
+		assertEquals(null, akm.chooseServerAlias("DSA", null, null));
+		assertEquals("rsakey", akm.chooseServerAlias("RSA", null, null));
+	}
+
+	public void testServerAliasWithoutAlias() throws Exception {
+		AliasKeyManager akm = new AliasKeyManager(km, null);
+		
+		assertEquals("dsakey", akm.chooseServerAlias("DSA", null, null));
+		assertEquals("rsakey", akm.chooseServerAlias("RSA", null, null));
+	}
+	
+	public void testServerAliasNonExistingKey() throws Exception {
+		AliasKeyManager akm = new AliasKeyManager(km, "nonexisting");
+		
+		assertEquals(null, akm.chooseServerAlias("DSA", null, null));
+		assertEquals(null, akm.chooseServerAlias("RSA", null, null));
+	}
+
+}
\ No newline at end of file

Propchange: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java?rev=571196&view=auto
==============================================================================
--- incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java (added)
+++ incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java Thu
Aug 30 07:56:30 2007
@@ -0,0 +1,10 @@
+package org.apache.ftpserver.ssl;
+
+import junit.framework.TestCase;
+
+public class DefaultSslTest extends TestCase {
+
+	public void test() {
+		DefaultSsl ssl = new DefaultSsl();
+	}
+}

Propchange: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java?rev=571196&view=auto
==============================================================================
--- incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java
(added)
+++ incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java
Thu Aug 30 07:56:30 2007
@@ -0,0 +1,103 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */  
+
+package org.apache.ftpserver.ssl;
+
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+
+import junit.framework.TestCase;
+
+public class ExtendedAliasKeymanagerTest extends TestCase {
+
+	
+	
+	private KeyManager km;
+
+	protected void setUp() throws Exception {
+		KeyStore ks = KeyStore.getInstance("JKS");
+		
+		FileInputStream fis = new FileInputStream("src/test/keymanager-test.jks");
+		ks.load(fis, "".toCharArray());
+		
+		KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+		kmf.init(ks, "".toCharArray());
+		
+		km = kmf.getKeyManagers()[0];
+	}
+
+	public void testServerAliasWithAliasDSAKey() throws Exception {
+		ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "dsakey");
+		
+		assertEquals("dsakey", akm.chooseServerAlias("DSA", null, null));
+		assertEquals(null, akm.chooseServerAlias("RSA", null, null));
+	}
+
+	public void testServerAliasWithAliasRSAKey() throws Exception {
+		ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "rsakey");
+		
+		assertEquals(null, akm.chooseServerAlias("DSA", null, null));
+		assertEquals("rsakey", akm.chooseServerAlias("RSA", null, null));
+	}
+
+	public void testServerAliasWithoutAlias() throws Exception {
+		ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, null);
+		
+		assertEquals("dsakey", akm.chooseServerAlias("DSA", null, null));
+		assertEquals("rsakey", akm.chooseServerAlias("RSA", null, null));
+	}
+	
+	public void testServerAliasNonExistingKey() throws Exception {
+		ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "nonexisting");
+		
+		assertEquals(null, akm.chooseServerAlias("DSA", null, null));
+		assertEquals(null, akm.chooseServerAlias("RSA", null, null));
+	}
+
+	public void testEngineServerAliasWithAliasDSAKey() throws Exception {
+		ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "dsakey");
+		
+		assertEquals("dsakey", akm.chooseEngineServerAlias("DSA", null, null));
+		assertEquals(null, akm.chooseEngineServerAlias("RSA", null, null));
+	}
+
+	public void testEngineServerAliasWithAliasRSAKey() throws Exception {
+		ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "rsakey");
+		
+		assertEquals(null, akm.chooseEngineServerAlias("DSA", null, null));
+		assertEquals("rsakey", akm.chooseEngineServerAlias("RSA", null, null));
+	}
+
+	public void testEngineServerAliasWithoutAlias() throws Exception {
+		ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, null);
+		
+		assertEquals("dsakey", akm.chooseEngineServerAlias("DSA", null, null));
+		assertEquals("rsakey", akm.chooseEngineServerAlias("RSA", null, null));
+	}
+	
+	public void testEngineServerAliasNonExistingKey() throws Exception {
+		ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "nonexisting");
+		
+		assertEquals(null, akm.chooseEngineServerAlias("DSA", null, null));
+		assertEquals(null, akm.chooseEngineServerAlias("RSA", null, null));
+	}
+}
\ No newline at end of file

Propchange: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/util/ClassUtilsTest.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/util/ClassUtilsTest.java?rev=571196&r1=571195&r2=571196&view=diff
==============================================================================
--- incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/util/ClassUtilsTest.java
(original)
+++ incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/util/ClassUtilsTest.java
Thu Aug 30 07:56:30 2007
@@ -25,13 +25,23 @@
 import java.util.Map;
 import java.util.Properties;
 
+import javax.net.ssl.X509KeyManager;
+
 import junit.framework.TestCase;
 
 import org.apache.ftpserver.config.PropertiesConfiguration;
 import org.apache.ftpserver.ftplet.Configuration;
+import org.apache.ftpserver.ssl.AliasKeyManager;
 
 public class ClassUtilsTest extends TestCase {
 
+	public void testImplementsInterface() {
+		X509KeyManager km = new AliasKeyManager(null, null);
+		
+		assertTrue(ClassUtils.implementsInterface(km.getClass(), "javax.net.ssl.X509KeyManager"));
+		assertFalse(ClassUtils.implementsInterface(km.getClass(), "foo"));
+	}
+	
     public void testNormalizePropertyName() {
         assertEquals("foo", ClassUtils.normalizePropertyName("foo"));
         assertEquals("fooBar", ClassUtils.normalizePropertyName("fooBar"));



Mime
View raw message