You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by ng...@apache.org on 2008/07/30 21:45:00 UTC
svn commit: r681183 - in /mina/ftpserver/trunk: core/src/examples/resources/
core/src/main/java/org/apache/ftpserver/
core/src/main/java/org/apache/ftpserver/command/
core/src/main/java/org/apache/ftpserver/config/spring/
core/src/main/java/org/apache/...
Author: ngn
Date: Wed Jul 30 12:44:59 2008
New Revision: 681183
URL: http://svn.apache.org/viewvc?rev=681183&view=rev
Log:
Fixing broken configuration of data connection SSL and adding tests to prove it
Added:
mina/ftpserver/trunk/core/src/examples/resources/ftpserver.jks (with props)
mina/ftpserver/trunk/distribution/res/ftpserver.jks (props changed)
- copied unchanged from r680778, mina/ftpserver/trunk/distribution/res/.keystore
Removed:
mina/ftpserver/trunk/distribution/res/.keystore
Modified:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/DefaultDataConnectionConfiguration.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/IODataConnectionFactory.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/command/PROT.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/ListenerBeanDefinitionParser.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/SpringUtil.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/interfaces/DataConnectionConfiguration.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ssl/DefaultSslConfiguration.java
mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/SpringConfigTest.java
mina/ftpserver/trunk/core/src/test/resources/spring-config/config-spring-1.xml
mina/ftpserver/trunk/distribution/res/conf/ftpd-typical.xml
Added: mina/ftpserver/trunk/core/src/examples/resources/ftpserver.jks
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/examples/resources/ftpserver.jks?rev=681183&view=auto
==============================================================================
Binary file - no diff available.
Propchange: mina/ftpserver/trunk/core/src/examples/resources/ftpserver.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/DefaultDataConnectionConfiguration.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/DefaultDataConnectionConfiguration.java?rev=681183&r1=681182&r2=681183&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/DefaultDataConnectionConfiguration.java (original)
+++ mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/DefaultDataConnectionConfiguration.java Wed Jul 30 12:44:59 2008
@@ -243,7 +243,7 @@
/**
* Get SSL component.
*/
- public SslConfiguration getSSLConfiguration() {
+ public SslConfiguration getSslConfiguration() {
return ssl;
}
}
Modified: mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/IODataConnectionFactory.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/IODataConnectionFactory.java?rev=681183&r1=681182&r2=681183&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/IODataConnectionFactory.java (original)
+++ mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/IODataConnectionFactory.java Wed Jul 30 12:44:59 2008
@@ -159,7 +159,7 @@
if(secure) {
LOG.debug("Opening SSL passive data connection on address \"{}\" and port {}", address, passivePort);
- SslConfiguration ssl = dataCfg.getSSLConfiguration();
+ SslConfiguration ssl = dataCfg.getSslConfiguration();
if(ssl == null) {
throw new DataConnectionException("Data connection SSL required but not configured.");
}
@@ -249,7 +249,7 @@
if(!passive) {
int localPort = dataConfig.getActiveLocalPort();
if(secure) {
- SslConfiguration ssl = dataConfig.getSSLConfiguration();
+ SslConfiguration ssl = dataConfig.getSslConfiguration();
if(ssl == null) {
throw new FtpException("Data connection SSL not configured");
}
Modified: mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/command/PROT.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/command/PROT.java?rev=681183&r1=681182&r2=681183&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/command/PROT.java (original)
+++ mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/command/PROT.java Wed Jul 30 12:44:59 2008
@@ -60,7 +60,7 @@
session.write(FtpReplyUtil.translate(session, request, context, FtpReply.REPLY_200_COMMAND_OKAY, "PROT", null));
}
else if(arg.equals("P")) {
- if(session.getListener().getDataConnectionConfiguration().getSSLConfiguration() == null) {
+ if(session.getListener().getDataConnectionConfiguration().getSslConfiguration() == null) {
session.write(FtpReplyUtil.translate(session, request, context, 431, "PROT", null));
}
else {
Modified: mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/ListenerBeanDefinitionParser.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/ListenerBeanDefinitionParser.java?rev=681183&r1=681182&r2=681183&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/ListenerBeanDefinitionParser.java (original)
+++ mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/ListenerBeanDefinitionParser.java Wed Jul 30 12:44:59 2008
@@ -32,6 +32,8 @@
import org.apache.ftpserver.ssl.DefaultSslConfiguration;
import org.apache.ftpserver.ssl.SslConfiguration;
import org.apache.mina.filter.firewall.Subnet;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
@@ -44,6 +46,9 @@
*/
public class ListenerBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
+ private final Logger LOG = LoggerFactory.getLogger(ListenerBeanDefinitionParser.class);
+
+
/**
* {@inheritDoc}
*/
@@ -105,10 +110,8 @@
}
Element dataConElm = SpringUtil.getChildElement(element, FtpServerNamespaceHandler.FTPSERVER_NS, "data-connection");
- if(dataConElm != null) {
- DataConnectionConfiguration dc = parseDataConnection(dataConElm);
- builder.addPropertyValue("dataConnectionConfiguration", dc);
- }
+ DataConnectionConfiguration dc = parseDataConnection(dataConElm, ssl);
+ builder.addPropertyValue("dataConnectionConfiguration", dc);
Element blacklistElm = SpringUtil.getChildElement(element, FtpServerNamespaceHandler.FTPSERVER_NS, "blacklist");
if(blacklistElm != null && StringUtils.hasText(blacklistElm.getTextContent())) {
@@ -208,48 +211,66 @@
}
- private DataConnectionConfiguration parseDataConnection(Element element) {
+ private DataConnectionConfiguration parseDataConnection(Element element, SslConfiguration listenerSslConfiguration) {
DefaultDataConnectionConfiguration dc = new DefaultDataConnectionConfiguration();
- SslConfiguration ssl = parseSsl(element);
- if(ssl != null) {
- dc.setSslConfiguration(ssl);
- }
-
- Element activeElm = SpringUtil.getChildElement(element, FtpServerNamespaceHandler.FTPSERVER_NS, "active");
- if(activeElm != null) {
- Active active = new Active();
- active.setEnable(SpringUtil.parseBoolean(activeElm, "enabled", true));
- active.setIpCheck(SpringUtil.parseBoolean(activeElm, "ip-check", false));
- active.setLocalPort(SpringUtil.parseInt(activeElm, "local-port", 0));
-
- InetAddress localAddress = SpringUtil.parseInetAddress(activeElm, "local-address");
- if(localAddress != null) {
- active.setLocalAddress(localAddress);
+ if(element != null) {
+ // data con config element available
+ SslConfiguration ssl = parseSsl(element);
+ if(ssl != null) {
+ LOG.debug("SSL configuration found for the data connection");
+ dc.setSslConfiguration(ssl);
+ } else {
+ // go look for the parent element SSL config
+ // find the listener element
+ if(listenerSslConfiguration != null) {
+ LOG.debug("SSL configuration found for the listener, falling back for that for the data connection");
+ dc.setSslConfiguration(listenerSslConfiguration);
+ }
}
- dc.setActive(active);
- }
-
- Element passiveElm = SpringUtil.getChildElement(element, FtpServerNamespaceHandler.FTPSERVER_NS, "passive");
- if(passiveElm != null) {
- Passive passive = new Passive();
-
- InetAddress address = SpringUtil.parseInetAddress(passiveElm, "address");
- if(address != null) {
- passive.setAddress(address);
- }
-
- InetAddress externalAddress = SpringUtil.parseInetAddress(passiveElm, "external-address");
- if(externalAddress != null) {
- passive.setExternalAddress(externalAddress);
+ Element activeElm = SpringUtil.getChildElement(element, FtpServerNamespaceHandler.FTPSERVER_NS, "active");
+ if(activeElm != null) {
+ Active active = new Active();
+ active.setEnable(SpringUtil.parseBoolean(activeElm, "enabled", true));
+ active.setIpCheck(SpringUtil.parseBoolean(activeElm, "ip-check", false));
+ active.setLocalPort(SpringUtil.parseInt(activeElm, "local-port", 0));
+
+ InetAddress localAddress = SpringUtil.parseInetAddress(activeElm, "local-address");
+ if(localAddress != null) {
+ active.setLocalAddress(localAddress);
+ }
+
+ dc.setActive(active);
}
- String ports = SpringUtil.parseString(passiveElm, "ports");
- if(ports != null) {
- passive.setPorts(ports);
+ Element passiveElm = SpringUtil.getChildElement(element, FtpServerNamespaceHandler.FTPSERVER_NS, "passive");
+ if(passiveElm != null) {
+ Passive passive = new Passive();
+
+ InetAddress address = SpringUtil.parseInetAddress(passiveElm, "address");
+ if(address != null) {
+ passive.setAddress(address);
+ }
+
+ InetAddress externalAddress = SpringUtil.parseInetAddress(passiveElm, "external-address");
+ if(externalAddress != null) {
+ passive.setExternalAddress(externalAddress);
+ }
+
+ String ports = SpringUtil.parseString(passiveElm, "ports");
+ if(ports != null) {
+ passive.setPorts(ports);
+ }
+ dc.setPassive(passive);
}
- dc.setPassive(passive);
+ } else {
+ // no data conn config element, do we still have SSL config from the parent?
+ if(listenerSslConfiguration != null) {
+ LOG.debug("SSL configuration found for the listener, falling back for that for the data connection");
+ dc.setSslConfiguration(listenerSslConfiguration);
+ }
+
}
return dc;
Modified: mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/SpringUtil.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/SpringUtil.java?rev=681183&r1=681182&r2=681183&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/SpringUtil.java (original)
+++ mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/config/spring/SpringUtil.java Wed Jul 30 12:44:59 2008
@@ -169,7 +169,11 @@
* @return The attribute string value
*/
public static String parseString(Element parent, String attrName) {
- return parent.getAttribute(attrName);
+ if(parent.hasAttribute(attrName)) {
+ return parent.getAttribute(attrName);
+ } else {
+ return null;
+ }
}
/**
Modified: mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/interfaces/DataConnectionConfiguration.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/interfaces/DataConnectionConfiguration.java?rev=681183&r1=681182&r2=681183&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/interfaces/DataConnectionConfiguration.java (original)
+++ mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/interfaces/DataConnectionConfiguration.java Wed Jul 30 12:44:59 2008
@@ -105,5 +105,5 @@
/**
* Get SSL configuration for this data connection.
*/
- SslConfiguration getSSLConfiguration();
+ SslConfiguration getSslConfiguration();
}
Modified: mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ssl/DefaultSslConfiguration.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ssl/DefaultSslConfiguration.java?rev=681183&r1=681182&r2=681183&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ssl/DefaultSslConfiguration.java (original)
+++ mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ssl/DefaultSslConfiguration.java Wed Jul 30 12:44:59 2008
@@ -275,10 +275,12 @@
try {
// initialize keystore
+ LOG.debug("Loading key store from \"{}\", using the key store type \"{}\"", keystoreFile.getAbsolutePath(), keystoreType);
KeyStore keyStore = loadStore(keystoreFile, keystoreType, keystorePass);
KeyStore trustStore;
if(trustStoreFile != null) {
+ LOG.debug("Loading trust store from \"{}\", using the key store type \"{}\"", trustStoreFile.getAbsolutePath(), trustStoreType);
trustStore = loadStore(trustStoreFile, trustStoreType, trustStorePass);
} else {
trustStore = keyStore;
Modified: mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/SpringConfigTest.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/SpringConfigTest.java?rev=681183&r1=681182&r2=681183&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/SpringConfigTest.java (original)
+++ mina/ftpserver/trunk/core/src/test/java/org/apache/ftpserver/config/spring/SpringConfigTest.java Wed Jul 30 12:44:59 2008
@@ -19,6 +19,7 @@
package org.apache.ftpserver.config.spring;
+import java.io.File;
import java.net.InetAddress;
import java.util.List;
import java.util.Map;
@@ -30,6 +31,8 @@
import org.apache.ftpserver.command.HELP;
import org.apache.ftpserver.listener.Listener;
import org.apache.ftpserver.listener.nio.NioListener;
+import org.apache.ftpserver.ssl.DefaultSslConfiguration;
+import org.apache.ftpserver.ssl.SslConfiguration;
import org.apache.mina.filter.firewall.Subnet;
import org.springframework.beans.factory.xml.XmlBeanFactory;
import org.springframework.core.io.FileSystemResource;
@@ -65,6 +68,16 @@
assertEquals(new Subnet(InetAddress.getByName("1.2.4.0"), 16), subnets.get(1));
assertEquals(new Subnet(InetAddress.getByName("1.2.3.4"), 32), subnets.get(2));
+ DefaultSslConfiguration ssl = (DefaultSslConfiguration) listener.getSslConfiguration();
+ assertEquals(new File("/tmp/tmp.jks"), ssl.getKeystoreFile());
+ assertEquals("password", ssl.getKeystorePassword());
+
+ // make sure the data connection got the same config
+ ssl = (DefaultSslConfiguration) listener.getDataConnectionConfiguration().getSslConfiguration();
+ assertEquals(new File("/tmp/tmp.jks"), ssl.getKeystoreFile());
+ assertEquals("password", ssl.getKeystorePassword());
+
+
listener = listeners.get("listener1");
assertNotNull(listener);
assertTrue(listener instanceof NioListener);
Modified: mina/ftpserver/trunk/core/src/test/resources/spring-config/config-spring-1.xml
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/test/resources/spring-config/config-spring-1.xml?rev=681183&r1=681182&r2=681183&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/test/resources/spring-config/config-spring-1.xml (original)
+++ mina/ftpserver/trunk/core/src/test/resources/spring-config/config-spring-1.xml Wed Jul 30 12:44:59 2008
@@ -34,10 +34,11 @@
<listeners>
<nio-listener name="listener0" port="2222">
+ <ssl>
+ <keystore file="/tmp/tmp.jks" password="password"/>
+ </ssl>
+
<data-connection>
- <ssl>
- <keystore file="/tmp/tmp.jks" password="secret"/>
- </ssl>
<active enabled="true" local-address="1.2.3.4"/>
<passive ports="123-125"/>
</data-connection>
Modified: mina/ftpserver/trunk/distribution/res/conf/ftpd-typical.xml
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/distribution/res/conf/ftpd-typical.xml?rev=681183&r1=681182&r2=681183&view=diff
==============================================================================
--- mina/ftpserver/trunk/distribution/res/conf/ftpd-typical.xml (original)
+++ mina/ftpserver/trunk/distribution/res/conf/ftpd-typical.xml Wed Jul 30 12:44:59 2008
@@ -20,7 +20,11 @@
"
id="myServer">
<listeners>
- <nio-listener name="default" port="2121" />
+ <nio-listener name="default" port="2121">
+ <ssl>
+ <keystore file="./res/ftpserver.jks" password="password" />
+ </ssl>
+ </nio-listener>
</listeners>
<file-user-manager file="./res/conf/users.properties" />
</server>
\ No newline at end of file
Propchange: mina/ftpserver/trunk/distribution/res/ftpserver.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream