You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by sa...@apache.org on 2009/08/09 20:06:13 UTC
svn commit: r802568 - in
/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver:
impl/IODataConnectionFactory.java ssl/SslConfiguration.java
ssl/impl/DefaultSslConfiguration.java
Author: sai
Date: Sun Aug 9 18:06:13 2009
New Revision: 802568
URL: http://svn.apache.org/viewvc?rev=802568&view=rev
Log:
Implemented JIRA issue FTPSERVER-322.
Modified:
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/impl/IODataConnectionFactory.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ssl/SslConfiguration.java
mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ssl/impl/DefaultSslConfiguration.java
Modified: mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/impl/IODataConnectionFactory.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/impl/IODataConnectionFactory.java?rev=802568&r1=802567&r2=802568&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/impl/IODataConnectionFactory.java (original)
+++ mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/impl/IODataConnectionFactory.java Sun Aug 9 18:06:13 2009
@@ -279,8 +279,7 @@
}
// get socket factory
- SSLContext ctx = ssl.getSSLContext();
- SSLSocketFactory socFactory = ctx.getSocketFactory();
+ SSLSocketFactory socFactory = ssl.getSocketFactory();
// create socket
SSLSocket ssoc = (SSLSocket) socFactory.createSocket();
@@ -328,8 +327,7 @@
"Data connection SSL not configured");
}
- SSLContext ctx = ssl.getSSLContext();
- SSLSocketFactory ssocketFactory = ctx.getSocketFactory();
+ SSLSocketFactory ssocketFactory = ssl.getSocketFactory();
Socket serverSocket = servSoc.accept();
Modified: mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ssl/SslConfiguration.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ssl/SslConfiguration.java?rev=802568&r1=802567&r2=802568&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ssl/SslConfiguration.java (original)
+++ mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ssl/SslConfiguration.java Sun Aug 9 18:06:13 2009
@@ -22,6 +22,7 @@
import java.security.GeneralSecurityException;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
/**
* SSL configuration
@@ -29,6 +30,17 @@
* @author <a href="http://mina.apache.org">Apache MINA Project</a>
*/
public interface SslConfiguration {
+
+ /**
+ * Returns the socket factory that can be used to create sockets using
+ * this <code>SslConfiguration</code>.
+ * @return the socket factory that can be used to create sockets using this
+ * <code>SslConfiguration</code>.
+ * @throws GeneralSecurityException if any error occurs while creating the
+ * socket factory.
+ *
+ */
+ SSLSocketFactory getSocketFactory() throws GeneralSecurityException;
/**
* Return the SSL context for this configuration
Modified: mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ssl/impl/DefaultSslConfiguration.java
URL: http://svn.apache.org/viewvc/mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ssl/impl/DefaultSslConfiguration.java?rev=802568&r1=802567&r2=802568&view=diff
==============================================================================
--- mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ssl/impl/DefaultSslConfiguration.java (original)
+++ mina/ftpserver/trunk/core/src/main/java/org/apache/ftpserver/ssl/impl/DefaultSslConfiguration.java Sun Aug 9 18:06:13 2009
@@ -24,6 +24,7 @@
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
@@ -55,13 +56,19 @@
private String keyAlias;
private String[] enabledCipherSuites;
-
+
+ private SSLContext sslContext = null;
+
+ private SSLSocketFactory socketFactory = null;
+
/**
* Internal constructor, do not use directly. Instead, use {@link SslConfigurationFactory}
+ * @throws GeneralSecurityException
*/
public DefaultSslConfiguration(KeyManagerFactory keyManagerFactory,
TrustManagerFactory trustManagerFactory, ClientAuth clientAuthReqd,
- String sslProtocol, String[] enabledCipherSuites, String keyAlias) {
+ String sslProtocol, String[] enabledCipherSuites, String keyAlias)
+ throws GeneralSecurityException {
super();
this.clientAuth = clientAuthReqd;
this.enabledCipherSuites = enabledCipherSuites;
@@ -69,6 +76,11 @@
this.keyManagerFactory = keyManagerFactory;
this.sslProtocol = sslProtocol;
this.trustManagerFactory = trustManagerFactory;
+ initialize();
+ }
+
+ public SSLSocketFactory getSocketFactory() throws GeneralSecurityException {
+ return socketFactory;
}
/**
@@ -76,35 +88,9 @@
*/
public SSLContext getSSLContext(String protocol)
throws GeneralSecurityException {
-
- // null value check
- if (protocol == null) {
- protocol = sslProtocol;
- }
-
- KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
-
- // wrap key managers to allow us to control their behavior
- // (FTPSERVER-93)
- for (int i = 0; i < keyManagers.length; i++) {
- if (ClassUtils.extendsClass(keyManagers[i].getClass(),
- "javax.net.ssl.X509ExtendedKeyManager")) {
- keyManagers[i] = new ExtendedAliasKeyManager(keyManagers[i],
- keyAlias);
- } else if (keyManagers[i] instanceof X509KeyManager) {
- keyManagers[i] = new AliasKeyManager(keyManagers[i], keyAlias);
- }
- }
-
- // create SSLContext
- // TODO revisit if we need caching of contexts.
- SSLContext ctx = SSLContext.getInstance(protocol);
-
- ctx.init(keyManagers, trustManagerFactory.getTrustManagers(), null);
-
- return ctx;
+ return sslContext;
}
-
+
/**
* @see SslConfiguration#getClientAuth()
*/
@@ -129,4 +115,26 @@
return null;
}
}
+
+ private void initialize() throws GeneralSecurityException {
+ KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
+
+ // wrap key managers to allow us to control their behavior
+ // (FTPSERVER-93)
+ for (int i = 0; i < keyManagers.length; i++) {
+ if (ClassUtils.extendsClass(keyManagers[i].getClass(),
+ "javax.net.ssl.X509ExtendedKeyManager")) {
+ keyManagers[i] = new ExtendedAliasKeyManager(keyManagers[i],
+ keyAlias);
+ } else if (keyManagers[i] instanceof X509KeyManager) {
+ keyManagers[i] = new AliasKeyManager(keyManagers[i], keyAlias);
+ }
+ }
+
+ // create and initialize the SSLContext
+ sslContext = SSLContext.getInstance(sslProtocol);
+ sslContext.init(keyManagers, trustManagerFactory.getTrustManagers(), null);
+ //Create the socket factory
+ socketFactory = sslContext.getSocketFactory();
+ }
}