You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by rh...@apache.org on 2017/12/27 20:37:39 UTC
svn commit: r1819368 - in /db/derby/code/trunk/java:
client/org/apache/derby/client/net/ drda/org/apache/derby/impl/drda/
shared/org/apache/derby/shared/common/drda/
Author: rhillegas
Date: Wed Dec 27 20:37:39 2017
New Revision: 1819368
URL: http://svn.apache.org/viewvc?rev=1819368&view=rev
Log:
DERBY-6945: Move shared class NaiveTrustManager into derbyshared.jar and out of derbynet.jar and derbyclient.jar; commit derby-6945-07-aa-net_client_overlap.diff.
Added:
db/derby/code/trunk/java/shared/org/apache/derby/shared/common/drda/
db/derby/code/trunk/java/shared/org/apache/derby/shared/common/drda/NaiveTrustManager.java
- copied, changed from r1819343, db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java
Removed:
db/derby/code/trunk/java/client/org/apache/derby/client/net/NaiveTrustManager.java
db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java
Modified:
db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java
db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
Modified: db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java?rev=1819368&r1=1819367&r2=1819368&view=diff
==============================================================================
--- db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java (original)
+++ db/derby/code/trunk/java/client/org/apache/derby/client/net/OpenSocketAction.java Wed Dec 27 20:37:39 2017
@@ -32,10 +32,12 @@ import java.security.NoSuchProviderExcep
import java.security.PrivilegedExceptionAction;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
+import java.util.Properties;
import javax.net.SocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.derby.jdbc.BasicClientDataSource40;
+import org.apache.derby.shared.common.drda.NaiveTrustManager;
class OpenSocketAction implements PrivilegedExceptionAction<Socket> {
private String server_;
@@ -63,7 +65,8 @@ class OpenSocketAction implements Privil
SocketFactory sf;
switch (clientSSLMode_) {
case BasicClientDataSource40.SSL_BASIC:
- sf = NaiveTrustManager.getSocketFactory();
+ Properties sslProperties = getSSLProperties();
+ sf = NaiveTrustManager.getSocketFactory(sslProperties);
break;
case BasicClientDataSource40.
SSL_PEER_AUTHENTICATION:
@@ -118,4 +121,22 @@ class OpenSocketAction implements Privil
return sf.createSocket(server_, port_);
}
+ /**
+ * Retrieve the settings of the SSL properties
+ */
+ private Properties getSSLProperties()
+ {
+ Properties retval = new Properties();
+
+ String keyStoreProp = System.getProperty(NaiveTrustManager.SSL_KEYSTORE);
+ if (keyStoreProp != null)
+ { retval.setProperty(NaiveTrustManager.SSL_KEYSTORE, keyStoreProp); }
+
+ String keyStorePasswordProp = System.getProperty(NaiveTrustManager.SSL_KEYSTORE_PASSWORD);
+ if (keyStoreProp != null)
+ { retval.setProperty(NaiveTrustManager.SSL_KEYSTORE_PASSWORD, keyStorePasswordProp); }
+
+ return retval;
+ }
+
}
Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java?rev=1819368&r1=1819367&r2=1819368&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java Wed Dec 27 20:37:39 2017
@@ -84,6 +84,7 @@ import org.apache.derby.mbeans.VersionMB
import org.apache.derby.mbeans.drda.NetworkServerMBean;
import org.apache.derby.security.SystemPermission;
import org.apache.derby.shared.common.error.MessageUtils;
+import org.apache.derby.shared.common.drda.NaiveTrustManager;
/**
@@ -2666,7 +2667,9 @@ public final class NetworkServerControlI
switch(getSSLMode()) {
case SSL_BASIC:
- SSLSocket s1 = (SSLSocket)NaiveTrustManager.getSocketFactory().
+ Properties sslProperties = getSSLProperties();
+ SSLSocket s1 = (SSLSocket)
+ NaiveTrustManager.getSocketFactory(sslProperties).
createSocket(hostAddress, portNumber);
//DERBY-6764(analyze impact of poodle security alert on
// Derby client - server ssl support)
@@ -2728,6 +2731,24 @@ public final class NetworkServerControlI
}
}
+ /**
+ * Retrieve the settings of the SSL properties
+ */
+ private Properties getSSLProperties()
+ {
+ Properties retval = new Properties();
+
+ String keyStoreProp = PropertyUtil.getSystemProperty(NaiveTrustManager.SSL_KEYSTORE);
+ if (keyStoreProp != null)
+ { retval.setProperty(NaiveTrustManager.SSL_KEYSTORE, keyStoreProp); }
+
+ String keyStorePasswordProp = PropertyUtil.getSystemProperty(NaiveTrustManager.SSL_KEYSTORE_PASSWORD);
+ if (keyStoreProp != null)
+ { retval.setProperty(NaiveTrustManager.SSL_KEYSTORE_PASSWORD, keyStorePasswordProp); }
+
+ return retval;
+ }
+
//DERBY-6764(analyze impact of poodle security alert on
// Derby client - server ssl support)
//Remove SSLv3 and SSLv2Hello protocols from list of enabled protocols
Copied: db/derby/code/trunk/java/shared/org/apache/derby/shared/common/drda/NaiveTrustManager.java (from r1819343, db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java)
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/shared/org/apache/derby/shared/common/drda/NaiveTrustManager.java?p2=db/derby/code/trunk/java/shared/org/apache/derby/shared/common/drda/NaiveTrustManager.java&p1=db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java&r1=1819343&r2=1819368&rev=1819368&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NaiveTrustManager.java (original)
+++ db/derby/code/trunk/java/shared/org/apache/derby/shared/common/drda/NaiveTrustManager.java Wed Dec 27 20:37:39 2017
@@ -1,6 +1,6 @@
/*
- Derby - Class org.apache.derby.impl.drda.NaiveTrustManager
+ Derby - Class org.apache.derby.shared.common.drda.NaiveTrustManager
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
@@ -19,18 +19,18 @@
*/
-package org.apache.derby.impl.drda;
+package org.apache.derby.shared.common.drda;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
+import java.util.Properties;
import javax.net.SocketFactory;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
-import org.apache.derby.iapi.services.property.PropertyUtil;
/**
@@ -40,6 +40,8 @@ import org.apache.derby.iapi.services.pr
public class NaiveTrustManager
implements X509TrustManager
{
+ public static final String SSL_KEYSTORE = "javax.net.ssl.keyStore";
+ public static final String SSL_KEYSTORE_PASSWORD = "javax.net.ssl.keyStorePassword";
/**
* We don't want more than one instence of this TrustManager
@@ -55,7 +57,7 @@ public class NaiveTrustManager
* Utility routine which is not part of the X509TrustManager
* interface.
**/
- public static SocketFactory getSocketFactory()
+ public static SocketFactory getSocketFactory(Properties sslProperties)
throws java.security.NoSuchAlgorithmException,
java.security.KeyManagementException,
java.security.NoSuchProviderException,
@@ -71,8 +73,8 @@ public class NaiveTrustManager
SSLContext ctx = SSLContext.getInstance("TLS");
if (ctx.getProvider().getName().equals("SunJSSE") &&
- (PropertyUtil.getSystemProperty("javax.net.ssl.keyStore") != null) &&
- (PropertyUtil.getSystemProperty("javax.net.ssl.keyStorePassword") != null)) {
+ (sslProperties.getProperty(SSL_KEYSTORE) != null) &&
+ (sslProperties.getProperty(SSL_KEYSTORE_PASSWORD) != null)) {
// SunJSSE does not give you a working default keystore
// when using your own trust manager. Since a keystore is
@@ -80,10 +82,8 @@ public class NaiveTrustManager
// peerAuthentication, we have to provide one working the
// same way as the default one.
- String keyStore =
- PropertyUtil.getSystemProperty("javax.net.ssl.keyStore");
- String keyStorePassword =
- PropertyUtil.getSystemProperty("javax.net.ssl.keyStorePassword");
+ String keyStore = sslProperties.getProperty(SSL_KEYSTORE);
+ String keyStorePassword = sslProperties.getProperty(SSL_KEYSTORE_PASSWORD);
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keyStore),