You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by ff...@apache.org on 2019/04/16 04:39:14 UTC
[karaf] branch karaf-4.2.x updated: [KARAF-6241]introduce new
property EnabledProtocals for org.apache.karaf.management.cfg
This is an automated email from the ASF dual-hosted git repository.
ffang pushed a commit to branch karaf-4.2.x
in repository https://gitbox.apache.org/repos/asf/karaf.git
The following commit(s) were added to refs/heads/karaf-4.2.x by this push:
new 8292dd2 [KARAF-6241]introduce new property EnabledProtocals for org.apache.karaf.management.cfg
8292dd2 is described below
commit 8292dd278fbc8ab064ff5c3e07fbcc13de3c064b
Author: Freeman Fang <fr...@gmail.com>
AuthorDate: Tue Apr 16 12:38:15 2019 +0800
[KARAF-6241]introduce new property EnabledProtocals for org.apache.karaf.management.cfg
(cherry picked from commit de0e531d7d3676756e83c80e2870d270d6bae880)
---
.../karaf/management/ConnectorServerFactory.java | 21 +++++++++++++++++++--
.../apache/karaf/management/internal/Activator.java | 2 ++
2 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java b/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java
index e26f3e2..73fcb6b 100644
--- a/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java
+++ b/management/server/src/main/java/org/apache/karaf/management/ConnectorServerFactory.java
@@ -69,6 +69,7 @@ public class ConnectorServerFactory {
private KeystoreManager keystoreManager;
private String algorithm;
private String secureProtocol;
+ private String[] enabledProtocols;
private String keyStore;
private String trustStore;
private String keyAlias;
@@ -313,7 +314,7 @@ public class ConnectorServerFactory {
private void setupSsl() throws GeneralSecurityException {
SSLServerSocketFactory sssf = keystoreManager.createSSLServerFactory(null, secureProtocol, algorithm, keyStore, keyAlias, trustStore,keyStoreAvailabilityTimeout);
- RMIServerSocketFactory rssf = new KarafSslRMIServerSocketFactory(sssf, isClientAuth(), getRmiServerHost());
+ RMIServerSocketFactory rssf = new KarafSslRMIServerSocketFactory(sssf, isClientAuth(), getRmiServerHost(), getEnabledProtocols());
RMIClientSocketFactory rcsf = new SslRMIClientSocketFactory();
environment.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, rssf);
environment.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, rcsf);
@@ -330,11 +331,13 @@ public class ConnectorServerFactory {
private SSLServerSocketFactory sssf;
private boolean clientAuth;
private String rmiServerHost;
+ private String[] enabledProtocols;
- public KarafSslRMIServerSocketFactory(SSLServerSocketFactory sssf, boolean clientAuth, String rmiServerHost) {
+ public KarafSslRMIServerSocketFactory(SSLServerSocketFactory sssf, boolean clientAuth, String rmiServerHost, String[] enabledProtocols) {
this.sssf = sssf;
this.clientAuth = clientAuth;
this.rmiServerHost = rmiServerHost;
+ this.enabledProtocols = enabledProtocols;
}
public ServerSocket createServerSocket(int port) throws IOException {
@@ -342,10 +345,16 @@ public class ConnectorServerFactory {
if (host.isLoopbackAddress()) {
final SSLServerSocket ss = (SSLServerSocket) sssf.createServerSocket(port, 50);
ss.setNeedClientAuth(clientAuth);
+ if (this.enabledProtocols != null && this.enabledProtocols.length > 0) {
+ ss.setEnabledProtocols(this.enabledProtocols);
+ }
return new LocalOnlySSLServerSocket(ss);
} else {
final SSLServerSocket ss = (SSLServerSocket) sssf.createServerSocket(port, 50, InetAddress.getByName(rmiServerHost));
ss.setNeedClientAuth(clientAuth);
+ if (this.enabledProtocols != null && this.enabledProtocols.length > 0) {
+ ss.setEnabledProtocols(this.enabledProtocols);
+ }
return ss;
}
}
@@ -662,4 +671,12 @@ public class ConnectorServerFactory {
throw new IOException("Only connections from clients running on the host where the RMI remote objects have been exported are accepted.");
}
+ public String[] getEnabledProtocols() {
+ return enabledProtocols;
+ }
+
+ public void setEnabledProtocols(String[] enabledProtocols) {
+ this.enabledProtocols = enabledProtocols;
+ }
+
}
diff --git a/management/server/src/main/java/org/apache/karaf/management/internal/Activator.java b/management/server/src/main/java/org/apache/karaf/management/internal/Activator.java
index 4233d51..187d8a6 100644
--- a/management/server/src/main/java/org/apache/karaf/management/internal/Activator.java
+++ b/management/server/src/main/java/org/apache/karaf/management/internal/Activator.java
@@ -107,6 +107,7 @@ public class Activator extends BaseActivator implements ManagedService {
final boolean secured = getBoolean("secured", false);
String secureAlgorithm = getString("secureAlgorithm", "default");
String secureProtocol = getString("secureProtocol", "TLS");
+ String[] enabledProtocols = getStringArray("enabledProtocols", null);
String keyStore = getString("keyStore", "karaf.ks");
String keyAlias = getString("keyAlias", "karaf");
String trustStore = getString("trustStore", "karaf.ts");
@@ -153,6 +154,7 @@ public class Activator extends BaseActivator implements ManagedService {
connectorServerFactory.setSecured(secured);
connectorServerFactory.setAlgorithm(secureAlgorithm);
connectorServerFactory.setSecureProtocol(secureProtocol);
+ connectorServerFactory.setEnabledProtocols(enabledProtocols);
connectorServerFactory.setKeyStore(keyStore);
connectorServerFactory.setKeyAlias(keyAlias);
connectorServerFactory.setTrustStore(trustStore);