You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ftpserver-commits@incubator.apache.org by ng...@apache.org on 2007/08/30 14:56:31 UTC
svn commit: r571196 - in /incubator/ftpserver/trunk/core/src:
java/org/apache/ftpserver/ssl/ java/org/apache/ftpserver/util/ test/
test/org/apache/ftpserver/ssl/ test/org/apache/ftpserver/util/
Author: ngn
Date: Thu Aug 30 07:56:30 2007
New Revision: 571196
URL: http://svn.apache.org/viewvc?rev=571196&view=rev
Log:
Adding support for setting an key alias to be specifically choosen for SSL (FTPSERVER-93)
Added:
incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java (with props)
incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java (with props)
incubator/ftpserver/trunk/core/src/test/keymanager-test.jks (with props)
incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/
incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java (with props)
incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java (with props)
incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java (with props)
Modified:
incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java
incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/util/ClassUtils.java
incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/util/ClassUtilsTest.java
Added: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java?rev=571196&view=auto
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java (added)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java Thu Aug 30 07:56:30 2007
@@ -0,0 +1,178 @@
+/*
+ * Copyright 1999-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ftpserver.ssl;
+
+import java.net.Socket;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.X509KeyManager;
+
+
+/**
+ * X509KeyManager which allows selection of a specific keypair and certificate
+ * chain (identified by their keystore alias name) to be used by the server to
+ * authenticate itself to SSL clients.
+ *
+ * This class is only used on Java 1.4 systems, on Java 1.5 and newer
+ * the @see {@link ExtendedAliasKeyManager} is used instead
+ *
+ * Based of org.apache.tomcat.util.net.jsse.JSSEKeyManager.
+ */
+public final class AliasKeyManager implements X509KeyManager {
+
+ private X509KeyManager delegate;
+ private String serverKeyAlias;
+
+ /**
+ * Constructor.
+ *
+ * @param mgr
+ * The X509KeyManager used as a delegate
+ * @param keyStore
+ * @param serverKeyAlias
+ * The alias name of the server's keypair and supporting
+ * certificate chain
+ * @param keyAlias
+ */
+ public AliasKeyManager(KeyManager mgr, String keyAlias) {
+ this.delegate = (X509KeyManager)mgr;
+ this.serverKeyAlias = keyAlias;
+ }
+
+ /**
+ * Choose an alias to authenticate the client side of a secure socket, given
+ * the public key type and the list of certificate issuer authorities
+ * recognized by the peer (if any).
+ *
+ * @param keyType
+ * The key algorithm type name(s), ordered with the
+ * most-preferred key type first
+ * @param issuers
+ * The list of acceptable CA issuer subject names, or null if it
+ * does not matter which issuers are used
+ * @param socket
+ * The socket to be used for this connection. This parameter can
+ * be null, in which case this method will return the most
+ * generic alias to use
+ *
+ * @return The alias name for the desired key, or null if there are no
+ * matches
+ */
+ public String chooseClientAlias(String[] keyType, Principal[] issuers,
+ Socket socket) {
+ return delegate.chooseClientAlias(keyType, issuers, socket);
+ }
+
+ /**
+ * Returns this key manager's server key alias that was provided in the
+ * constructor.
+ *
+ * @param keyType
+ * The key algorithm type name
+ * @param issuers
+ * The list of acceptable CA issuer subject names, or null if it
+ * does not matter which issuers are used (ignored)
+ * @param socket
+ * The socket to be used for this connection. This parameter can
+ * be null, in which case this method will return the most
+ * generic alias to use (ignored)
+ *
+ * @return Alias name for the desired key
+ */
+ public String chooseServerAlias(String keyType, Principal[] issuers,
+ Socket socket) {
+ if (serverKeyAlias != null) {
+ PrivateKey key = delegate.getPrivateKey(serverKeyAlias);
+ if (key != null) {
+ if (key.getAlgorithm().equals(keyType)) {
+ return serverKeyAlias;
+ } else {
+ return null;
+ }
+ } else {
+ return null;
+ }
+ } else {
+ return delegate.chooseServerAlias(keyType, issuers, socket);
+ }
+ }
+
+ /**
+ * Returns the certificate chain associated with the given alias.
+ *
+ * @param alias
+ * The alias name
+ *
+ * @return Certificate chain (ordered with the user's certificate first and
+ * the root certificate authority last), or null if the alias can't
+ * be found
+ */
+ public X509Certificate[] getCertificateChain(String alias) {
+ return delegate.getCertificateChain(alias);
+ }
+
+ /**
+ * Get the matching aliases for authenticating the client side of a secure
+ * socket, given the public key type and the list of certificate issuer
+ * authorities recognized by the peer (if any).
+ *
+ * @param keyType
+ * The key algorithm type name
+ * @param issuers
+ * The list of acceptable CA issuer subject names, or null if it
+ * does not matter which issuers are used
+ *
+ * @return Array of the matching alias names, or null if there were no
+ * matches
+ */
+ public String[] getClientAliases(String keyType, Principal[] issuers) {
+ return delegate.getClientAliases(keyType, issuers);
+ }
+
+ /**
+ * Get the matching aliases for authenticating the server side of a secure
+ * socket, given the public key type and the list of certificate issuer
+ * authorities recognized by the peer (if any).
+ *
+ * @param keyType
+ * The key algorithm type name
+ * @param issuers
+ * The list of acceptable CA issuer subject names, or null if it
+ * does not matter which issuers are used
+ *
+ * @return Array of the matching alias names, or null if there were no
+ * matches
+ */
+ public String[] getServerAliases(String keyType, Principal[] issuers) {
+ return delegate.getServerAliases(keyType, issuers);
+ }
+
+ /**
+ * Returns the key associated with the given alias.
+ *
+ * @param alias
+ * The alias name
+ *
+ * @return The requested key, or null if the alias can't be found
+ */
+ public PrivateKey getPrivateKey(String alias) {
+ return delegate.getPrivateKey(alias);
+ }
+}
Propchange: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/AliasKeyManager.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java?rev=571196&r1=571195&r2=571196&view=diff
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java (original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/DefaultSsl.java Thu Aug 30 07:56:30 2007
@@ -30,6 +30,7 @@
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509KeyManager;
import org.apache.ftpserver.FtpServerConfigurationException;
import org.apache.ftpserver.util.IoUtils;
@@ -58,7 +59,7 @@
private String sslProtocol = "TLS";
private ClientAuth clientAuthReqd = ClientAuth.NONE;
private String keyPass;
-
+ private String keyAlias;
private KeyManagerFactory keyManagerFactory;
private TrustManagerFactory trustManagerFactory;
@@ -236,14 +237,17 @@
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
- // wrap key managers to allow us to control their behavior
- // FTPSERVER-93, currently not working as described in the issue
- //for (int i = 0; i < keyManagers.length; i++) {
- // if(keyManagers[i] instanceof X509KeyManager) {
- // X509KeyManager keyManager = (X509KeyManager) keyManagers[i];
- // keyManagers[i] = new JSSEKeyManager(keyManager, keyAlias);
- // }
- //}
+ // wrap key managers to allow us to control their behavior (FTPSERVER-93)
+ for (int i = 0; i < keyManagers.length; i++) {
+ if(implementsInterface(keyManagers[i].getClass(), "javax.net.ssl.X509ExtendedKeyManager")) {
+ keyManagers[i] = new ExtendedAliasKeyManager(keyManagers[i], keyAlias);
+ } else if(keyManagers[i] instanceof X509KeyManager) {
+ keyManagers[i] = new AliasKeyManager(keyManagers[i], keyAlias);
+ }
+ }
+
+ // create SSLContext
+ ctx = SSLContext.getInstance(protocol);
ctx.init(keyManagers,
trustManagerFactory.getTrustManagers(),
@@ -254,6 +258,18 @@
return ctx;
}
+
+ private boolean implementsInterface(Class clazz, String interfaceName) {
+ Class[] interfaces = clazz.getInterfaces();
+
+ for (int i = 0; i < interfaces.length; i++) {
+ if(interfaces[i].getName().equals(interfaceName)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
public ClientAuth getClientAuth() {
return clientAuthReqd;
@@ -275,9 +291,9 @@
* Get the server key alias to be used for SSL communication
* @return The alias, or null if none is set
*/
-// public String getKeyAlias() {
-// return keyAlias;
-// }
+ public String getKeyAlias() {
+ return keyAlias;
+ }
/**
* Set the alias for the key to be used for SSL communication.
@@ -286,7 +302,7 @@
* @param keyAlias The alias to use, or null if JSSE should
* be allowed to choose the key.
*/
-// public void setKeyAlias(String keyAlias) {
-// this.keyAlias = keyAlias;
-// }
+ public void setKeyAlias(String keyAlias) {
+ this.keyAlias = keyAlias;
+ }
}
Added: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java?rev=571196&view=auto
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java (added)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java Thu Aug 30 07:56:30 2007
@@ -0,0 +1,232 @@
+/*
+ * Copyright 1999-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ftpserver.ssl;
+
+import java.net.Socket;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedKeyManager;
+
+
+/**
+ * X509KeyManager which allows selection of a specific keypair and certificate
+ * chain (identified by their keystore alias name) to be used by the server to
+ * authenticate itself to SSL clients.
+ *
+ * Based of org.apache.tomcat.util.net.jsse.JSSEKeyManager.
+ */
+public final class ExtendedAliasKeyManager extends X509ExtendedKeyManager {
+
+ private X509ExtendedKeyManager delegate;
+ private String serverKeyAlias;
+
+ /**
+ * Constructor.
+ *
+ * @param mgr
+ * The X509KeyManager used as a delegate
+ * @param keyStore
+ * @param serverKeyAlias
+ * The alias name of the server's keypair and supporting
+ * certificate chain
+ * @param keyAlias
+ */
+ public ExtendedAliasKeyManager(KeyManager mgr, String keyAlias) {
+ this.delegate = (X509ExtendedKeyManager)mgr;
+ this.serverKeyAlias = keyAlias;
+ }
+
+ /**
+ * Choose an alias to authenticate the client side of a secure socket, given
+ * the public key type and the list of certificate issuer authorities
+ * recognized by the peer (if any).
+ *
+ * @param keyType
+ * The key algorithm type name(s), ordered with the
+ * most-preferred key type first
+ * @param issuers
+ * The list of acceptable CA issuer subject names, or null if it
+ * does not matter which issuers are used
+ * @param socket
+ * The socket to be used for this connection. This parameter can
+ * be null, in which case this method will return the most
+ * generic alias to use
+ *
+ * @return The alias name for the desired key, or null if there are no
+ * matches
+ */
+ public String chooseClientAlias(String[] keyType, Principal[] issuers,
+ Socket socket) {
+ return delegate.chooseClientAlias(keyType, issuers, socket);
+ }
+
+ /**
+ * Returns this key manager's server key alias that was provided in the
+ * constructor if matching the key type.
+ *
+ * @param keyType
+ * The key algorithm type name
+ * @param issuers
+ * The list of acceptable CA issuer subject names, or null if it
+ * does not matter which issuers are used (ignored)
+ * @param socket
+ * The socket to be used for this connection. This parameter can
+ * be null, in which case this method will return the most
+ * generic alias to use (ignored)
+ *
+ * @return Alias name for the desired key
+ */
+ public String chooseServerAlias(String keyType, Principal[] issuers,
+ Socket socket) {
+ if (serverKeyAlias != null) {
+ PrivateKey key = delegate.getPrivateKey(serverKeyAlias);
+ if (key != null) {
+ if (key.getAlgorithm().equals(keyType)) {
+ return serverKeyAlias;
+ } else {
+ return null;
+ }
+ } else {
+ return null;
+ }
+ } else {
+ return delegate.chooseServerAlias(keyType, issuers, socket);
+ }
+ }
+
+ /**
+ * Returns the certificate chain associated with the given alias.
+ *
+ * @param alias
+ * The alias name
+ *
+ * @return Certificate chain (ordered with the user's certificate first and
+ * the root certificate authority last), or null if the alias can't
+ * be found
+ */
+ public X509Certificate[] getCertificateChain(String alias) {
+ return delegate.getCertificateChain(alias);
+ }
+
+ /**
+ * Get the matching aliases for authenticating the client side of a secure
+ * socket, given the public key type and the list of certificate issuer
+ * authorities recognized by the peer (if any).
+ *
+ * @param keyType
+ * The key algorithm type name
+ * @param issuers
+ * The list of acceptable CA issuer subject names, or null if it
+ * does not matter which issuers are used
+ *
+ * @return Array of the matching alias names, or null if there were no
+ * matches
+ */
+ public String[] getClientAliases(String keyType, Principal[] issuers) {
+ return delegate.getClientAliases(keyType, issuers);
+ }
+
+ /**
+ * Get the matching aliases for authenticating the server side of a secure
+ * socket, given the public key type and the list of certificate issuer
+ * authorities recognized by the peer (if any).
+ *
+ * @param keyType
+ * The key algorithm type name
+ * @param issuers
+ * The list of acceptable CA issuer subject names, or null if it
+ * does not matter which issuers are used
+ *
+ * @return Array of the matching alias names, or null if there were no
+ * matches
+ */
+ public String[] getServerAliases(String keyType, Principal[] issuers) {
+ return delegate.getServerAliases(keyType, issuers);
+ }
+
+ /**
+ * Returns the key associated with the given alias.
+ *
+ * @param alias
+ * The alias name
+ *
+ * @return The requested key, or null if the alias can't be found
+ */
+ public PrivateKey getPrivateKey(String alias) {
+ return delegate.getPrivateKey(alias);
+ }
+
+ /**
+ * Choose an alias to authenticate the client side of a secure socket, given
+ * the public key type and the list of certificate issuer authorities
+ * recognized by the peer (if any).
+ * @param keyType
+ * The key algorithm type name
+ * @param issuers
+ * The list of acceptable CA issuer subject names, or null if it
+ * does not matter which issuers are used (ignored)
+ * @param socket
+ * The socket to be used for this connection. This parameter can
+ * be null, in which case this method will return the most
+ * generic alias to use (ignored)
+ * @return The alias name for the desired key, or null if there are no
+ * matches
+ */
+ public String chooseEngineClientAlias(String[] keyType,
+ Principal[] issuers, SSLEngine engine) {
+ return delegate.chooseEngineClientAlias(keyType, issuers, engine);
+ }
+
+ /**
+ * Returns this key manager's server key alias that was provided in the
+ * constructor if matching the key type.
+ *
+ * @param keyType
+ * The key algorithm type name
+ * @param issuers
+ * The list of acceptable CA issuer subject names, or null if it
+ * does not matter which issuers are used (ignored)
+ * @param socket
+ * The socket to be used for this connection. This parameter can
+ * be null, in which case this method will return the most
+ * generic alias to use (ignored)
+ *
+ * @return Alias name for the desired key
+ */
+ public String chooseEngineServerAlias(String keyType, Principal[] issuers,
+ SSLEngine engine) {
+
+ if (serverKeyAlias != null) {
+ PrivateKey key = delegate.getPrivateKey(serverKeyAlias);
+ if (key != null) {
+ if (key.getAlgorithm().equals(keyType)) {
+ return serverKeyAlias;
+ } else {
+ return null;
+ }
+ } else {
+ return null;
+ }
+ } else {
+ return delegate.chooseEngineServerAlias(keyType, issuers, engine);
+ }
+ }
+}
Propchange: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/ssl/ExtendedAliasKeyManager.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/util/ClassUtils.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/util/ClassUtils.java?rev=571196&r1=571195&r2=571196&view=diff
==============================================================================
--- incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/util/ClassUtils.java (original)
+++ incubator/ftpserver/trunk/core/src/java/org/apache/ftpserver/util/ClassUtils.java Thu Aug 30 07:56:30 2007
@@ -375,4 +375,17 @@
return castValue;
}
+
+
+ public static boolean implementsInterface(Class clazz, String interfaceName) {
+ Class[] interfaces = clazz.getInterfaces();
+
+ for (int i = 0; i < interfaces.length; i++) {
+ if(interfaces[i].getName().equals(interfaceName)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
}
Added: incubator/ftpserver/trunk/core/src/test/keymanager-test.jks
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/keymanager-test.jks?rev=571196&view=auto
==============================================================================
Binary file - no diff available.
Propchange: incubator/ftpserver/trunk/core/src/test/keymanager-test.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java?rev=571196&view=auto
==============================================================================
--- incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java (added)
+++ incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java Thu Aug 30 07:56:30 2007
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ftpserver.ssl;
+
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+
+import junit.framework.TestCase;
+
+public class AliasKeymanagerTest extends TestCase {
+
+
+
+ private KeyManager km;
+
+ protected void setUp() throws Exception {
+ KeyStore ks = KeyStore.getInstance("JKS");
+
+ FileInputStream fis = new FileInputStream("src/test/keymanager-test.jks");
+ ks.load(fis, "".toCharArray());
+
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+ kmf.init(ks, "".toCharArray());
+
+ km = kmf.getKeyManagers()[0];
+ }
+
+ public void testServerAliasWithAliasDSAKey() throws Exception {
+ AliasKeyManager akm = new AliasKeyManager(km, "dsakey");
+
+ assertEquals("dsakey", akm.chooseServerAlias("DSA", null, null));
+ assertEquals(null, akm.chooseServerAlias("RSA", null, null));
+ }
+
+ public void testServerAliasWithAliasRSAKey() throws Exception {
+ AliasKeyManager akm = new AliasKeyManager(km, "rsakey");
+
+ assertEquals(null, akm.chooseServerAlias("DSA", null, null));
+ assertEquals("rsakey", akm.chooseServerAlias("RSA", null, null));
+ }
+
+ public void testServerAliasWithoutAlias() throws Exception {
+ AliasKeyManager akm = new AliasKeyManager(km, null);
+
+ assertEquals("dsakey", akm.chooseServerAlias("DSA", null, null));
+ assertEquals("rsakey", akm.chooseServerAlias("RSA", null, null));
+ }
+
+ public void testServerAliasNonExistingKey() throws Exception {
+ AliasKeyManager akm = new AliasKeyManager(km, "nonexisting");
+
+ assertEquals(null, akm.chooseServerAlias("DSA", null, null));
+ assertEquals(null, akm.chooseServerAlias("RSA", null, null));
+ }
+
+}
\ No newline at end of file
Propchange: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/AliasKeymanagerTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java?rev=571196&view=auto
==============================================================================
--- incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java (added)
+++ incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java Thu Aug 30 07:56:30 2007
@@ -0,0 +1,10 @@
+package org.apache.ftpserver.ssl;
+
+import junit.framework.TestCase;
+
+public class DefaultSslTest extends TestCase {
+
+ public void test() {
+ DefaultSsl ssl = new DefaultSsl();
+ }
+}
Propchange: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/DefaultSslTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java?rev=571196&view=auto
==============================================================================
--- incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java (added)
+++ incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java Thu Aug 30 07:56:30 2007
@@ -0,0 +1,103 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ftpserver.ssl;
+
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+
+import junit.framework.TestCase;
+
+public class ExtendedAliasKeymanagerTest extends TestCase {
+
+
+
+ private KeyManager km;
+
+ protected void setUp() throws Exception {
+ KeyStore ks = KeyStore.getInstance("JKS");
+
+ FileInputStream fis = new FileInputStream("src/test/keymanager-test.jks");
+ ks.load(fis, "".toCharArray());
+
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+ kmf.init(ks, "".toCharArray());
+
+ km = kmf.getKeyManagers()[0];
+ }
+
+ public void testServerAliasWithAliasDSAKey() throws Exception {
+ ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "dsakey");
+
+ assertEquals("dsakey", akm.chooseServerAlias("DSA", null, null));
+ assertEquals(null, akm.chooseServerAlias("RSA", null, null));
+ }
+
+ public void testServerAliasWithAliasRSAKey() throws Exception {
+ ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "rsakey");
+
+ assertEquals(null, akm.chooseServerAlias("DSA", null, null));
+ assertEquals("rsakey", akm.chooseServerAlias("RSA", null, null));
+ }
+
+ public void testServerAliasWithoutAlias() throws Exception {
+ ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, null);
+
+ assertEquals("dsakey", akm.chooseServerAlias("DSA", null, null));
+ assertEquals("rsakey", akm.chooseServerAlias("RSA", null, null));
+ }
+
+ public void testServerAliasNonExistingKey() throws Exception {
+ ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "nonexisting");
+
+ assertEquals(null, akm.chooseServerAlias("DSA", null, null));
+ assertEquals(null, akm.chooseServerAlias("RSA", null, null));
+ }
+
+ public void testEngineServerAliasWithAliasDSAKey() throws Exception {
+ ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "dsakey");
+
+ assertEquals("dsakey", akm.chooseEngineServerAlias("DSA", null, null));
+ assertEquals(null, akm.chooseEngineServerAlias("RSA", null, null));
+ }
+
+ public void testEngineServerAliasWithAliasRSAKey() throws Exception {
+ ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "rsakey");
+
+ assertEquals(null, akm.chooseEngineServerAlias("DSA", null, null));
+ assertEquals("rsakey", akm.chooseEngineServerAlias("RSA", null, null));
+ }
+
+ public void testEngineServerAliasWithoutAlias() throws Exception {
+ ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, null);
+
+ assertEquals("dsakey", akm.chooseEngineServerAlias("DSA", null, null));
+ assertEquals("rsakey", akm.chooseEngineServerAlias("RSA", null, null));
+ }
+
+ public void testEngineServerAliasNonExistingKey() throws Exception {
+ ExtendedAliasKeyManager akm = new ExtendedAliasKeyManager(km, "nonexisting");
+
+ assertEquals(null, akm.chooseEngineServerAlias("DSA", null, null));
+ assertEquals(null, akm.chooseEngineServerAlias("RSA", null, null));
+ }
+}
\ No newline at end of file
Propchange: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/ssl/ExtendedAliasKeymanagerTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/util/ClassUtilsTest.java
URL: http://svn.apache.org/viewvc/incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/util/ClassUtilsTest.java?rev=571196&r1=571195&r2=571196&view=diff
==============================================================================
--- incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/util/ClassUtilsTest.java (original)
+++ incubator/ftpserver/trunk/core/src/test/org/apache/ftpserver/util/ClassUtilsTest.java Thu Aug 30 07:56:30 2007
@@ -25,13 +25,23 @@
import java.util.Map;
import java.util.Properties;
+import javax.net.ssl.X509KeyManager;
+
import junit.framework.TestCase;
import org.apache.ftpserver.config.PropertiesConfiguration;
import org.apache.ftpserver.ftplet.Configuration;
+import org.apache.ftpserver.ssl.AliasKeyManager;
public class ClassUtilsTest extends TestCase {
+ public void testImplementsInterface() {
+ X509KeyManager km = new AliasKeyManager(null, null);
+
+ assertTrue(ClassUtils.implementsInterface(km.getClass(), "javax.net.ssl.X509KeyManager"));
+ assertFalse(ClassUtils.implementsInterface(km.getClass(), "foo"));
+ }
+
public void testNormalizePropertyName() {
assertEquals("foo", ClassUtils.normalizePropertyName("foo"));
assertEquals("fooBar", ClassUtils.normalizePropertyName("fooBar"));