karaf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ff...@apache.org
Subject [karaf] branch karaf-4.2.x updated: [KARAF-6241]introduce new property EnabledProtocals for org.apache.karaf.management.cfg
Date Tue, 16 Apr 2019 04:39:14 GMT
This is an automated email from the ASF dual-hosted git repository.

ffang pushed a commit to branch karaf-4.2.x
in repository https://gitbox.apache.org/repos/asf/karaf.git


The following commit(s) were added to refs/heads/karaf-4.2.x by this push:
     new 8292dd2  [KARAF-6241]introduce new property EnabledProtocals for org.apache.karaf.management.cfg
8292dd2 is described below

commit 8292dd278fbc8ab064ff5c3e07fbcc13de3c064b
Author: Freeman Fang <freeman.fang@gmail.com>
AuthorDate: Tue Apr 16 12:38:15 2019 +0800

    [KARAF-6241]introduce new property EnabledProtocals for org.apache.karaf.management.cfg
    
    (cherry picked from commit de0e531d7d3676756e83c80e2870d270d6bae880)
---
 .../karaf/management/ConnectorServerFactory.java    | 21 +++++++++++++++++++--
 .../apache/karaf/management/internal/Activator.java |  2 ++
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java
b/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java
index e26f3e2..73fcb6b 100644
--- a/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java
+++ b/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java
@@ -69,6 +69,7 @@ public class ConnectorServerFactory {
     private KeystoreManager keystoreManager;
     private String algorithm;
     private String secureProtocol;
+    private String[] enabledProtocols;
     private String keyStore;
     private String trustStore;
     private String keyAlias;
@@ -313,7 +314,7 @@ public class ConnectorServerFactory {
 
     private void setupSsl() throws GeneralSecurityException {
         SSLServerSocketFactory sssf = keystoreManager.createSSLServerFactory(null, secureProtocol,
algorithm, keyStore, keyAlias, trustStore,keyStoreAvailabilityTimeout);
-        RMIServerSocketFactory rssf = new KarafSslRMIServerSocketFactory(sssf, isClientAuth(),
getRmiServerHost());
+        RMIServerSocketFactory rssf = new KarafSslRMIServerSocketFactory(sssf, isClientAuth(),
getRmiServerHost(), getEnabledProtocols());
         RMIClientSocketFactory rcsf = new SslRMIClientSocketFactory();
         environment.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, rssf);
         environment.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, rcsf);
@@ -330,11 +331,13 @@ public class ConnectorServerFactory {
         private SSLServerSocketFactory sssf;
         private boolean clientAuth;
         private String rmiServerHost;
+        private String[] enabledProtocols;
 
-        public KarafSslRMIServerSocketFactory(SSLServerSocketFactory sssf, boolean clientAuth,
String rmiServerHost) {
+        public KarafSslRMIServerSocketFactory(SSLServerSocketFactory sssf, boolean clientAuth,
String rmiServerHost, String[] enabledProtocols) {
             this.sssf = sssf;
             this.clientAuth = clientAuth;
             this.rmiServerHost = rmiServerHost;
+            this.enabledProtocols = enabledProtocols;
         }
 
         public ServerSocket createServerSocket(int port) throws IOException {
@@ -342,10 +345,16 @@ public class ConnectorServerFactory {
             if (host.isLoopbackAddress()) {
                 final SSLServerSocket ss = (SSLServerSocket) sssf.createServerSocket(port,
50);
                 ss.setNeedClientAuth(clientAuth);
+                if (this.enabledProtocols != null && this.enabledProtocols.length
> 0) {
+                    ss.setEnabledProtocols(this.enabledProtocols);
+                }
                 return new LocalOnlySSLServerSocket(ss);
             } else {
                 final SSLServerSocket ss = (SSLServerSocket) sssf.createServerSocket(port,
50, InetAddress.getByName(rmiServerHost));
                 ss.setNeedClientAuth(clientAuth);
+                if (this.enabledProtocols != null && this.enabledProtocols.length
> 0) {
+                    ss.setEnabledProtocols(this.enabledProtocols);
+                }
                 return ss;
             }
         }
@@ -662,4 +671,12 @@ public class ConnectorServerFactory {
         throw new IOException("Only connections from clients running on the host where the
RMI remote objects have been exported are accepted.");
     }
 
+    public String[] getEnabledProtocols() {
+        return enabledProtocols;
+    }
+
+    public void setEnabledProtocols(String[] enabledProtocols) {
+        this.enabledProtocols = enabledProtocols;
+    }
+
 }
diff --git a/management/server/src/main/java/org/apache/karaf/management/internal/Activator.java
b/management/server/src/main/java/org/apache/karaf/management/internal/Activator.java
index 4233d51..187d8a6 100644
--- a/management/server/src/main/java/org/apache/karaf/management/internal/Activator.java
+++ b/management/server/src/main/java/org/apache/karaf/management/internal/Activator.java
@@ -107,6 +107,7 @@ public class Activator extends BaseActivator implements ManagedService
{
         final boolean secured = getBoolean("secured", false);
         String secureAlgorithm = getString("secureAlgorithm", "default");
         String secureProtocol = getString("secureProtocol", "TLS");
+        String[] enabledProtocols = getStringArray("enabledProtocols", null);
         String keyStore = getString("keyStore", "karaf.ks");
         String keyAlias = getString("keyAlias", "karaf");
         String trustStore = getString("trustStore", "karaf.ts");
@@ -153,6 +154,7 @@ public class Activator extends BaseActivator implements ManagedService
{
             connectorServerFactory.setSecured(secured);
             connectorServerFactory.setAlgorithm(secureAlgorithm);
             connectorServerFactory.setSecureProtocol(secureProtocol);
+            connectorServerFactory.setEnabledProtocols(enabledProtocols);
             connectorServerFactory.setKeyStore(keyStore);
             connectorServerFactory.setKeyAlias(keyAlias);
             connectorServerFactory.setTrustStore(trustStore);


Mime
View raw message