From ftpserver-commits-return-216-apmail-incubator-ftpserver-commits-archive=incubator.apache.org@incubator.apache.org Thu Aug 30 14:56:55 2007 Return-Path: Delivered-To: apmail-incubator-ftpserver-commits-archive@www.apache.org Received: (qmail 97619 invoked from network); 30 Aug 2007 14:56:55 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 30 Aug 2007 14:56:55 -0000 Received: (qmail 21142 invoked by uid 500); 30 Aug 2007 14:56:51 -0000 Delivered-To: apmail-incubator-ftpserver-commits-archive@incubator.apache.org Received: (qmail 21131 invoked by uid 500); 30 Aug 2007 14:56:50 -0000 Mailing-List: contact ftpserver-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ftpserver-dev@incubator.apache.org Delivered-To: mailing list ftpserver-commits@incubator.apache.org Received: (qmail 21113 invoked by uid 99); 30 Aug 2007 14:56:50 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Aug 2007 07:56:50 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Aug 2007 14:56:52 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id E687B1A9832; Thu, 30 Aug 2007 07:56:31 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r571196 - in /incubator/ftpserver/trunk/core/src: java/org/apache/ftpserver/ssl/ java/org/apache/ftpserver/util/ test/ test/org/apache/ftpserver/ssl/ test/org/apache/ftpserver/util/ Date: Thu, 30 Aug 2007 14:56:31 -0000 To: ftpserver-commits@incubator.apache.org From: ngn@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20070830145631.E687B1A9832@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: ngn Date: Thu Aug 30 07:56:30 2007 New Revision: 571196 URL: http://svn.apache.org/viewvc?rev=571196&view=rev Log: Adding support for setting an key alias to be specifically choosen for SSL (FTPSERVER-93) Added: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java (with props) incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java (with props) incubator/ftpserver/trunk/core/src/test/keymanager-test.jks (with props) incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java (with props) incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java (with props) incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java (with props) Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/util/ClassUtils.java incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/util/ClassUtilsTest.java Added: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java?rev=571196&view=auto ============================================================================== --- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java (added) +++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java Thu Aug 30 07:56:30 2007 @@ -0,0 +1,178 @@ +/* + * Copyright 1999-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ftpserver.ssl; + +import java.net.Socket; +import java.security.Principal; +import java.security.PrivateKey; +import java.security.cert.X509Certificate; + +import javax.net.ssl.KeyManager; +import javax.net.ssl.X509KeyManager; + + +/** + * X509KeyManager which allows selection of a specific keypair and certificate + * chain (identified by their keystore alias name) to be used by the server to + * authenticate itself to SSL clients. + * + * This class is only used on Java 1.4 systems, on Java 1.5 and newer + * the @see {@link ExtendedAliasKeyManager} is used instead + * + * Based of org.apache.tomcat.util.net.jsse.JSSEKeyManager. + */ +public final class AliasKeyManager implements X509KeyManager { + + private X509KeyManager delegate; + private String serverKeyAlias; + + /** + * Constructor. + * + * @param mgr + * The X509KeyManager used as a delegate + * @param keyStore + * @param serverKeyAlias + * The alias name of the server's keypair and supporting + * certificate chain + * @param keyAlias + */ + public AliasKeyManager(KeyManager mgr, String keyAlias) { + this.delegate = (X509KeyManager)mgr; + this.serverKeyAlias = keyAlias; + } + + /** + * Choose an alias to authenticate the client side of a secure socket, given + * the public key type and the list of certificate issuer authorities + * recognized by the peer (if any). + * + * @param keyType + * The key algorithm type name(s), ordered with the + * most-preferred key type first + * @param issuers + * The list of acceptable CA issuer subject names, or null if it + * does not matter which issuers are used + * @param socket + * The socket to be used for this connection. This parameter can + * be null, in which case this method will return the most + * generic alias to use + * + * @return The alias name for the desired key, or null if there are no + * matches + */ + public String chooseClientAlias(String[] keyType, Principal[] issuers, + Socket socket) { + return delegate.chooseClientAlias(keyType, issuers, socket); + } + + /** + * Returns this key manager's server key alias that was provided in the + * constructor. + * + * @param keyType + * The key algorithm type name + * @param issuers + * The list of acceptable CA issuer subject names, or null if it + * does not matter which issuers are used (ignored) + * @param socket + * The socket to be used for this connection. This parameter can + * be null, in which case this method will return the most + * generic alias to use (ignored) + * + * @return Alias name for the desired key + */ + public String chooseServerAlias(String keyType, Principal[] issuers, + Socket socket) { + if (serverKeyAlias != null) { + PrivateKey key = delegate.getPrivateKey(serverKeyAlias); + if (key != null) { + if (key.getAlgorithm().equals(keyType)) { + return serverKeyAlias; + } else { + return null; + } + } else { + return null; + } + } else { + return delegate.chooseServerAlias(keyType, issuers, socket); + } + } + + /** + * Returns the certificate chain associated with the given alias. + * + * @param alias + * The alias name + * + * @return Certificate chain (ordered with the user's certificate first and + * the root certificate authority last), or null if the alias can't + * be found + */ + public X509Certificate[] getCertificateChain(String alias) { + return delegate.getCertificateChain(alias); + } + + /** + * Get the matching aliases for authenticating the client side of a secure + * socket, given the public key type and the list of certificate issuer + * authorities recognized by the peer (if any). + * + * @param keyType + * The key algorithm type name + * @param issuers + * The list of acceptable CA issuer subject names, or null if it + * does not matter which issuers are used + * + * @return Array of the matching alias names, or null if there were no + * matches + */ + public String[] getClientAliases(String keyType, Principal[] issuers) { + return delegate.getClientAliases(keyType, issuers); + } + + /** + * Get the matching aliases for authenticating the server side of a secure + * socket, given the public key type and the list of certificate issuer + * authorities recognized by the peer (if any). + * + * @param keyType + * The key algorithm type name + * @param issuers + * The list of acceptable CA issuer subject names, or null if it + * does not matter which issuers are used + * + * @return Array of the matching alias names, or null if there were no + * matches + */ + public String[] getServerAliases(String keyType, Principal[] issuers) { + return delegate.getServerAliases(keyType, issuers); + } + + /** + * Returns the key associated with the given alias. + * + * @param alias + * The alias name + * + * @return The requested key, or null if the alias can't be found + */ + public PrivateKey getPrivateKey(String alias) { + return delegate.getPrivateKey(alias); + } +} Propchange: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java ------------------------------------------------------------------------------ svn:eol-style = native Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java?rev=571196&r1=571195&r2=571196&view=diff ============================================================================== --- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java (original) +++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java Thu Aug 30 07:56:30 2007 @@ -30,6 +30,7 @@ import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509KeyManager; import org.apache.ftpserver.FtpServerConfigurationException; import org.apache.ftpserver.util.IoUtils; @@ -58,7 +59,7 @@ private String sslProtocol = "TLS"; private ClientAuth clientAuthReqd = ClientAuth.NONE; private String keyPass; - + private String keyAlias; private KeyManagerFactory keyManagerFactory; private TrustManagerFactory trustManagerFactory; @@ -236,14 +237,17 @@ KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); - // wrap key managers to allow us to control their behavior - // FTPSERVER-93, currently not working as described in the issue - //for (int i = 0; i < keyManagers.length; i++) { - // if(keyManagers[i] instanceof X509KeyManager) { - // X509KeyManager keyManager = (X509KeyManager) keyManagers[i]; - // keyManagers[i] = new JSSEKeyManager(keyManager, keyAlias); - // } - //} + // wrap key managers to allow us to control their behavior (FTPSERVER-93) + for (int i = 0; i < keyManagers.length; i++) { + if(implementsInterface(keyManagers[i].getClass(), "javax.net.ssl.X509ExtendedKeyManager")) { + keyManagers[i] = new ExtendedAliasKeyManager(keyManagers[i], keyAlias); + } else if(keyManagers[i] instanceof X509KeyManager) { + keyManagers[i] = new AliasKeyManager(keyManagers[i], keyAlias); + } + } + + // create SSLContext + ctx = SSLContext.getInstance(protocol); ctx.init(keyManagers, trustManagerFactory.getTrustManagers(), @@ -254,6 +258,18 @@ return ctx; } + + private boolean implementsInterface(Class clazz, String interfaceName) { + Class[] interfaces = clazz.getInterfaces(); + + for (int i = 0; i < interfaces.length; i++) { + if(interfaces[i].getName().equals(interfaceName)) { + return true; + } + } + + return false; + } public ClientAuth getClientAuth() { return clientAuthReqd; @@ -275,9 +291,9 @@ * Get the server key alias to be used for SSL communication * @return The alias, or null if none is set */ -// public String getKeyAlias() { -// return keyAlias; -// } + public String getKeyAlias() { + return keyAlias; + } /** * Set the alias for the key to be used for SSL communication. @@ -286,7 +302,7 @@ * @param keyAlias The alias to use, or null if JSSE should * be allowed to choose the key. */ -// public void setKeyAlias(String keyAlias) { -// this.keyAlias = keyAlias; -// } + public void setKeyAlias(String keyAlias) { + this.keyAlias = keyAlias; + } } Added: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java?rev=571196&view=auto ============================================================================== --- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java (added) +++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java Thu Aug 30 07:56:30 2007 @@ -0,0 +1,232 @@ +/* + * Copyright 1999-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ftpserver.ssl; + +import java.net.Socket; +import java.security.Principal; +import java.security.PrivateKey; +import java.security.cert.X509Certificate; + +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.X509ExtendedKeyManager; + + +/** + * X509KeyManager which allows selection of a specific keypair and certificate + * chain (identified by their keystore alias name) to be used by the server to + * authenticate itself to SSL clients. + * + * Based of org.apache.tomcat.util.net.jsse.JSSEKeyManager. + */ +public final class ExtendedAliasKeyManager extends X509ExtendedKeyManager { + + private X509ExtendedKeyManager delegate; + private String serverKeyAlias; + + /** + * Constructor. + * + * @param mgr + * The X509KeyManager used as a delegate + * @param keyStore + * @param serverKeyAlias + * The alias name of the server's keypair and supporting + * certificate chain + * @param keyAlias + */ + public ExtendedAliasKeyManager(KeyManager mgr, String keyAlias) { + this.delegate = (X509ExtendedKeyManager)mgr; + this.serverKeyAlias = keyAlias; + } + + /** + * Choose an alias to authenticate the client side of a secure socket, given + * the public key type and the list of certificate issuer authorities + * recognized by the peer (if any). + * + * @param keyType + * The key algorithm type name(s), ordered with the + * most-preferred key type first + * @param issuers + * The list of acceptable CA issuer subject names, or null if it + * does not matter which issuers are used + * @param socket + * The socket to be used for this connection. This parameter can + * be null, in which case this method will return the most + * generic alias to use + * + * @return The alias name for the desired key, or null if there are no + * matches + */ + public String chooseClientAlias(String[] keyType, Principal[] issuers, + Socket socket) { + return delegate.chooseClientAlias(keyType, issuers, socket); + } + + /** + * Returns this key manager's server key alias that was provided in the + * constructor if matching the key type. + * + * @param keyType + * The key algorithm type name + * @param issuers + * The list of acceptable CA issuer subject names, or null if it + * does not matter which issuers are used (ignored) + * @param socket + * The socket to be used for this connection. This parameter can + * be null, in which case this method will return the most + * generic alias to use (ignored) + * + * @return Alias name for the desired key + */ + public String chooseServerAlias(String keyType, Principal[] issuers, + Socket socket) { + if (serverKeyAlias != null) { + PrivateKey key = delegate.getPrivateKey(serverKeyAlias); + if (key != null) { + if (key.getAlgorithm().equals(keyType)) { + return serverKeyAlias; + } else { + return null; + } + } else { + return null; + } + } else { + return delegate.chooseServerAlias(keyType, issuers, socket); + } + } + + /** + * Returns the certificate chain associated with the given alias. + * + * @param alias + * The alias name + * + * @return Certificate chain (ordered with the user's certificate first and + * the root certificate authority last), or null if the alias can't + * be found + */ + public X509Certificate[] getCertificateChain(String alias) { + return delegate.getCertificateChain(alias); + } + + /** + * Get the matching aliases for authenticating the client side of a secure + * socket, given the public key type and the list of certificate issuer + * authorities recognized by the peer (if any). + * + * @param keyType + * The key algorithm type name + * @param issuers + * The list of acceptable CA issuer subject names, or null if it + * does not matter which issuers are used + * + * @return Array of the matching alias names, or null if there were no + * matches + */ + public String[] getClientAliases(String keyType, Principal[] issuers) { + return delegate.getClientAliases(keyType, issuers); + } + + /** + * Get the matching aliases for authenticating the server side of a secure + * socket, given the public key type and the list of certificate issuer + * authorities recognized by the peer (if any). + * + * @param keyType + * The key algorithm type name + * @param issuers + * The list of acceptable CA issuer subject names, or null if it + * does not matter which issuers are used + * + * @return Array of the matching alias names, or null if there were no + * matches + */ + public String[] getServerAliases(String keyType, Principal[] issuers) { + return delegate.getServerAliases(keyType, issuers); + } + + /** + * Returns the key associated with the given alias. + * + * @param alias + * The alias name + * + * @return The requested key, or null if the alias can't be found + */ + public PrivateKey getPrivateKey(String alias) { + return delegate.getPrivateKey(alias); + } + + /** + * Choose an alias to authenticate the client side of a secure socket, given + * the public key type and the list of certificate issuer authorities + * recognized by the peer (if any). + * @param keyType + * The key algorithm type name + * @param issuers + * The list of acceptable CA issuer subject names, or null if it + * does not matter which issuers are used (ignored) + * @param socket + * The socket to be used for this connection. This parameter can + * be null, in which case this method will return the most + * generic alias to use (ignored) + * @return The alias name for the desired key, or null if there are no + * matches + */ + public String chooseEngineClientAlias(String[] keyType, + Principal[] issuers, SSLEngine engine) { + return delegate.chooseEngineClientAlias(keyType, issuers, engine); + } + + /** + * Returns this key manager's server key alias that was provided in the + * constructor if matching the key type. + * + * @param keyType + * The key algorithm type name + * @param issuers + * The list of acceptable CA issuer subject names, or null if it + * does not matter which issuers are used (ignored) + * @param socket + * The socket to be used for this connection. This parameter can + * be null, in which case this method will return the most + * generic alias to use (ignored) + * + * @return Alias name for the desired key + */ + public String chooseEngineServerAlias(String keyType, Principal[] issuers, + SSLEngine engine) { + + if (serverKeyAlias != null) { + PrivateKey key = delegate.getPrivateKey(serverKeyAlias); + if (key != null) { + if (key.getAlgorithm().equals(keyType)) { + return serverKeyAlias; + } else { + return null; + } + } else { + return null; + } + } else { + return delegate.chooseEngineServerAlias(keyType, issuers, engine); + } + } +} Propchange: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java ------------------------------------------------------------------------------ svn:eol-style = native Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/util/ClassUtils.java URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/util/ClassUtils.java?rev=571196&r1=571195&r2=571196&view=diff ============================================================================== --- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/util/ClassUtils.java (original) +++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/util/ClassUtils.java Thu Aug 30 07:56:30 2007 @@ -375,4 +375,17 @@ return castValue; } + + + public static boolean implementsInterface(Class clazz, String interfaceName) { + Class[] interfaces = clazz.getInterfaces(); + + for (int i = 0; i < interfaces.length; i++) { + if(interfaces[i].getName().equals(interfaceName)) { + return true; + } + } + + return false; + } } Added: incubator/ftpserver/trunk/core/src/test/keymanager-test.jks URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/keymanager-test.jks?rev=571196&view=auto ============================================================================== Binary file - no diff available. Propchange: incubator/ftpserver/trunk/core/src/test/keymanager-test.jks ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java?rev=571196&view=auto ============================================================================== --- incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java (added) +++ incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java Thu Aug 30 07:56:30 2007 @@ -0,0 +1,76 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ftpserver.ssl; + +import java.io.FileInputStream; +import java.security.KeyStore; + +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; + +import junit.framework.TestCase; + +public class AliasKeymanagerTest extends TestCase { + + + + private KeyManager km; + + protected void setUp() throws Exception { + KeyStore ks = KeyStore.getInstance("JKS"); + + FileInputStream fis = new FileInputStream("src/test/keymanager-test.jks"); + ks.load(fis, "".toCharArray()); + + KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); + kmf.init(ks, "".toCharArray()); + + km = kmf.getKeyManagers()[0]; + } + + public void testServerAliasWithAliasDSAKey() throws Exception { + AliasKeyManager akm = new AliasKeyManager(km, "dsakey"); + + assertEquals("dsakey", akm.chooseServerAlias("DSA", null, null)); + assertEquals(null, akm.chooseServerAlias("RSA", null, null)); + } + + public void testServerAliasWithAliasRSAKey() throws Exception { + AliasKeyManager akm = new AliasKeyManager(km, "rsakey"); + + assertEquals(null, akm.chooseServerAlias("DSA", null, null)); + assertEquals("rsakey", akm.chooseServerAlias("RSA", null, null)); + } + + public void testServerAliasWithoutAlias() throws Exception { + AliasKeyManager akm = new AliasKeyManager(km, null); + + assertEquals("dsakey", akm.chooseServerAlias("DSA", null, null)); + assertEquals("rsakey", akm.chooseServerAlias("RSA", null, null)); + } + + public void testServerAliasNonExistingKey() throws Exception { + AliasKeyManager akm = new AliasKeyManager(km, "nonexisting"); + + assertEquals(null, akm.chooseServerAlias("DSA", null, null)); + assertEquals(null, akm.chooseServerAlias("RSA", null, null)); + } + +} \ No newline at end of file Propchange: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java ------------------------------------------------------------------------------ svn:eol-style = native Added: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java?rev=571196&view=auto ============================================================================== --- incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java (added) +++ incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java Thu Aug 30 07:56:30 2007 @@ -0,0 +1,10 @@ +package org.apache.ftpserver.ssl; + +import junit.framework.TestCase; + +public class DefaultSslTest extends TestCase { + + public void test() { + DefaultSsl ssl = new DefaultSsl(); + } +} Propchange: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java ------------------------------------------------------------------------------ svn:eol-style = native Added: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java?rev=571196&view=auto ============================================================================== --- incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java (added) +++ incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java Thu Aug 30 07:56:30 2007 @@ -0,0 +1,103 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ftpserver.ssl; + +import java.io.FileInputStream; +import java.security.KeyStore; + +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; + +import junit.framework.TestCase; + +public class ExtendedAliasKeymanagerTest extends TestCase { + + + + private KeyManager km; + + protected void setUp() throws Exception { + KeyStore ks = KeyStore.getInstance("JKS"); + + FileInputStream fis = new FileInputStream("src/test/keymanager-test.jks"); + ks.load(fis, "".toCharArray()); + + KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); + kmf.init(ks, "".toCharArray()); + + km = kmf.getKeyManagers()[0]; + } + + public void testServerAliasWithAliasDSAKey() throws Exception { + ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "dsakey"); + + assertEquals("dsakey", akm.chooseServerAlias("DSA", null, null)); + assertEquals(null, akm.chooseServerAlias("RSA", null, null)); + } + + public void testServerAliasWithAliasRSAKey() throws Exception { + ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "rsakey"); + + assertEquals(null, akm.chooseServerAlias("DSA", null, null)); + assertEquals("rsakey", akm.chooseServerAlias("RSA", null, null)); + } + + public void testServerAliasWithoutAlias() throws Exception { + ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, null); + + assertEquals("dsakey", akm.chooseServerAlias("DSA", null, null)); + assertEquals("rsakey", akm.chooseServerAlias("RSA", null, null)); + } + + public void testServerAliasNonExistingKey() throws Exception { + ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "nonexisting"); + + assertEquals(null, akm.chooseServerAlias("DSA", null, null)); + assertEquals(null, akm.chooseServerAlias("RSA", null, null)); + } + + public void testEngineServerAliasWithAliasDSAKey() throws Exception { + ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "dsakey"); + + assertEquals("dsakey", akm.chooseEngineServerAlias("DSA", null, null)); + assertEquals(null, akm.chooseEngineServerAlias("RSA", null, null)); + } + + public void testEngineServerAliasWithAliasRSAKey() throws Exception { + ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "rsakey"); + + assertEquals(null, akm.chooseEngineServerAlias("DSA", null, null)); + assertEquals("rsakey", akm.chooseEngineServerAlias("RSA", null, null)); + } + + public void testEngineServerAliasWithoutAlias() throws Exception { + ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, null); + + assertEquals("dsakey", akm.chooseEngineServerAlias("DSA", null, null)); + assertEquals("rsakey", akm.chooseEngineServerAlias("RSA", null, null)); + } + + public void testEngineServerAliasNonExistingKey() throws Exception { + ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "nonexisting"); + + assertEquals(null, akm.chooseEngineServerAlias("DSA", null, null)); + assertEquals(null, akm.chooseEngineServerAlias("RSA", null, null)); + } +} \ No newline at end of file Propchange: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java ------------------------------------------------------------------------------ svn:eol-style = native Modified: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/util/ClassUtilsTest.java URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/util/ClassUtilsTest.java?rev=571196&r1=571195&r2=571196&view=diff ============================================================================== --- incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/util/ClassUtilsTest.java (original) +++ incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/util/ClassUtilsTest.java Thu Aug 30 07:56:30 2007 @@ -25,13 +25,23 @@ import java.util.Map; import java.util.Properties; +import javax.net.ssl.X509KeyManager; + import junit.framework.TestCase; import org.apache.ftpserver.config.PropertiesConfiguration; import org.apache.ftpserver.ftplet.Configuration; +import org.apache.ftpserver.ssl.AliasKeyManager; public class ClassUtilsTest extends TestCase { + public void testImplementsInterface() { + X509KeyManager km = new AliasKeyManager(null, null); + + assertTrue(ClassUtils.implementsInterface(km.getClass(), "javax.net.ssl.X509KeyManager")); + assertFalse(ClassUtils.implementsInterface(km.getClass(), "foo")); + } + public void testNormalizePropertyName() { assertEquals("foo", ClassUtils.normalizePropertyName("foo")); assertEquals("fooBar", ClassUtils.normalizePropertyName("fooBar"));