You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by no...@apache.org on 2010/01/24 09:18:44 UTC
svn commit: r902532 - in /james/server/trunk:
mina-socket-library/src/main/java/org/apache/james/socket/mina/
pop3server-function/src/main/java/org/apache/james/pop3server/mina/
smtpserver-function/src/test/java/org/apache/james/smtpserver/ spring-depl...
Author: norman
Date: Sun Jan 24 08:18:43 2010
New Revision: 902532
URL: http://svn.apache.org/viewvc?rev=902532&view=rev
Log:
Allow to use "plain" ssl for socket with MINA (JAMES-959)
Modified:
james/server/trunk/mina-socket-library/src/main/java/org/apache/james/socket/mina/AbstractAsyncServer.java
james/server/trunk/mina-socket-library/src/main/java/org/apache/james/socket/mina/AbstractMINASession.java
james/server/trunk/pop3server-function/src/main/java/org/apache/james/pop3server/mina/AsyncPOP3Server.java
james/server/trunk/smtpserver-function/src/test/java/org/apache/james/smtpserver/SMTPTestConfiguration.java
james/server/trunk/spring-deployment/src/main/config/james/james-config.xml
Modified: james/server/trunk/mina-socket-library/src/main/java/org/apache/james/socket/mina/AbstractAsyncServer.java
URL: http://svn.apache.org/viewvc/james/server/trunk/mina-socket-library/src/main/java/org/apache/james/socket/mina/AbstractAsyncServer.java?rev=902532&r1=902531&r2=902532&view=diff
==============================================================================
--- james/server/trunk/mina-socket-library/src/main/java/org/apache/james/socket/mina/AbstractAsyncServer.java (original)
+++ james/server/trunk/mina-socket-library/src/main/java/org/apache/james/socket/mina/AbstractAsyncServer.java Sun Jan 24 08:18:43 2010
@@ -46,6 +46,7 @@
import org.apache.mina.filter.ssl.BogusTrustManagerFactory;
import org.apache.mina.filter.ssl.KeyStoreFactory;
import org.apache.mina.filter.ssl.SslContextFactory;
+import org.apache.mina.filter.ssl.SslFilter;
import org.apache.mina.transport.socket.SocketAcceptor;
import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
@@ -98,6 +99,8 @@
private int connPerIP;
private boolean useStartTLS;
+ private boolean useSSL;
+
private int connectionLimit;
@@ -265,14 +268,17 @@
}
- useStartTLS = config.getBoolean("startTLS.[@enable]", false);
+ useStartTLS = config.getBoolean("tls.[@startTLS]", false);
+ useSSL = config.getBoolean("tls.[@socketTLS]", false);
- if (useStartTLS) {
- keystore = config.getString("startTLS.keystore", null);
+ if (useSSL && useStartTLS) throw new ConfigurationException("startTLS is only supported when using plain sockets");
+
+ if (useStartTLS || useSSL) {
+ keystore = config.getString("tls.keystore", null);
if (keystore == null) {
throw new ConfigurationException("keystore needs to get configured");
}
- secret = config.getString("startTLS.secret","");
+ secret = config.getString("tls.secret","");
}
doConfigure(config);
@@ -289,7 +295,12 @@
// add connectionfilter in the first of the chain
DefaultIoFilterChainBuilder builder = createIoFilterChainBuilder();
builder.addFirst("connectionFilter", new ConnectionFilter(getLogger(), connectionLimit, connPerIP));
-
+
+ // add the sslfilter if needed
+ if (isSSLSocket()) {
+ builder.addFirst( "sslFilter", new SslFilter(contextFactory.newInstance()));
+ }
+
SocketAcceptor acceptor = new NioSocketAcceptor();
acceptor.setFilterChainBuilder(builder);
acceptor.setBacklog(backlog);
@@ -423,6 +434,15 @@
protected boolean isStartTLSSupported() {
return useStartTLS;
}
+
+ /**
+ * Return if the socket is using SSL
+ *
+ * @return useSSL
+ */
+ protected boolean isSSLSocket() {
+ return useSSL;
+ }
/**
* Build the SslContextFactory
Modified: james/server/trunk/mina-socket-library/src/main/java/org/apache/james/socket/mina/AbstractMINASession.java
URL: http://svn.apache.org/viewvc/james/server/trunk/mina-socket-library/src/main/java/org/apache/james/socket/mina/AbstractMINASession.java?rev=902532&r1=902531&r2=902532&view=diff
==============================================================================
--- james/server/trunk/mina-socket-library/src/main/java/org/apache/james/socket/mina/AbstractMINASession.java (original)
+++ james/server/trunk/mina-socket-library/src/main/java/org/apache/james/socket/mina/AbstractMINASession.java Sun Jan 24 08:18:43 2010
@@ -101,18 +101,23 @@
* @see org.apache.james.api.protocol.TLSSupportedSession#isTLSStarted()
*/
public boolean isTLSStarted() {
- return session.getFilterChain().contains("sslFilter");
+ if (isStartTLSSupported()) {
+ return session.getFilterChain().contains("sslFilter");
+ }
+ return false;
}
/**
* @see org.apache.james.api.protocol.TLSSupportedSession#startTLS()
*/
public void startTLS() throws IOException {
- session.suspendRead();
- SslFilter filter = new SslFilter(context);
- resetState();
- session.getFilterChain().addFirst("sslFilter", filter);
- session.resumeRead();
+ if (isStartTLSSupported()) {
+ session.suspendRead();
+ SslFilter filter = new SslFilter(context);
+ resetState();
+ session.getFilterChain().addFirst("sslFilter", filter);
+ session.resumeRead();
+ }
}
/**
Modified: james/server/trunk/pop3server-function/src/main/java/org/apache/james/pop3server/mina/AsyncPOP3Server.java
URL: http://svn.apache.org/viewvc/james/server/trunk/pop3server-function/src/main/java/org/apache/james/pop3server/mina/AsyncPOP3Server.java?rev=902532&r1=902531&r2=902532&view=diff
==============================================================================
--- james/server/trunk/pop3server-function/src/main/java/org/apache/james/pop3server/mina/AsyncPOP3Server.java (original)
+++ james/server/trunk/pop3server-function/src/main/java/org/apache/james/pop3server/mina/AsyncPOP3Server.java Sun Jan 24 08:18:43 2010
@@ -168,6 +168,9 @@
* @see org.apache.james.pop3server.POP3ServerMBean#getSocketType()
*/
public String getSocketType() {
+ if (isSSLSocket()) {
+ return "secure";
+ }
return "plain";
}
Modified: james/server/trunk/smtpserver-function/src/test/java/org/apache/james/smtpserver/SMTPTestConfiguration.java
URL: http://svn.apache.org/viewvc/james/server/trunk/smtpserver-function/src/test/java/org/apache/james/smtpserver/SMTPTestConfiguration.java?rev=902532&r1=902531&r2=902532&view=diff
==============================================================================
--- james/server/trunk/smtpserver-function/src/test/java/org/apache/james/smtpserver/SMTPTestConfiguration.java (original)
+++ james/server/trunk/smtpserver-function/src/test/java/org/apache/james/smtpserver/SMTPTestConfiguration.java Sun Jan 24 08:18:43 2010
@@ -157,9 +157,9 @@
addProperty("handler.heloEhloEnforcement", m_heloEhloEnforcement);
addProperty("handler.addressBracketsEnforcement", m_addressBracketsEnforcement);
- addProperty("startTLS.[@enable]", m_startTLS);
- addProperty("startTLS.keystore","file://conf/test_keystore");
- addProperty("startTLS.secret", "jamestest");
+ addProperty("tls.[@startTLS]", m_startTLS);
+ addProperty("tls.keystore","file://conf/test_keystore");
+ addProperty("tls.secret", "jamestest");
if (m_verifyIdentity) addProperty("handler.verifyIdentity", m_verifyIdentity);
// add the rbl handler
Modified: james/server/trunk/spring-deployment/src/main/config/james/james-config.xml
URL: http://svn.apache.org/viewvc/james/server/trunk/spring-deployment/src/main/config/james/james-config.xml?rev=902532&r1=902531&r2=902532&view=diff
==============================================================================
--- james/server/trunk/spring-deployment/src/main/config/james/james-config.xml (original)
+++ james/server/trunk/spring-deployment/src/main/config/james/james-config.xml Sun Jan 24 08:18:43 2010
@@ -874,10 +874,20 @@
<!--
<bind> </bind>
-->
- <!-- Uncomment this if you want to use TLS (SSL) on this port -->
- <!--
- <useTLS>true</useTLS>
+
+
+ <!-- Set to true to use TLS for the Socket.
+ To use this you need to copy sunjce_provider.jar to /path/james/lib directory.
-->
+ <tls socketTLS="false">
+ <!-- To create a new keystore execute:
+ keytool -genkey -alias james -keyalg RSA -keystore /path/to/james/conf/keystore
+ -->
+ <keystore>file://conf/keystore</keystore>
+ <secret>yoursecret</secret>
+ <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
+ </tls>
+
<handler>
<!-- This is the name used by the server to identify itself in the RemoteManager -->
<!-- protocol. If autodetect is TRUE, the server will discover its -->
@@ -917,30 +927,24 @@
<!--
<bind> </bind>
-->
- <!-- JAMES TLS uses JSSE. This means that for many Sun JVMs,
- the sunjce_provider.jar must be copied from $JAVA_HOME/lib/ext
- into $JAMES_HOME/lib. It may also be necessary to download and
- install unlimited strength policies. -->
- <!--
- <useTLS>true</useTLS>
- -->
+
<!-- Use provider elements to specify additional JCE providers.
The jars should be put into $JAMES_HOME/lib.
For example, Uncomment this if you want to use
BouncyCastle JCE (http://www.bouncycastle.org)
<provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider> -->
- <!-- Set enable to true to support STARTTLS.
+ <!-- Set to true to support STARTTLS or SSL for the Socket.
To use this you need to copy sunjce_provider.jar to /path/james/lib directory.
-->
- <startTLS enable="false">
+ <tls socketSSL="false" startTLS="false">
<!-- To create a new keystore execute:
keytool -genkey -alias james -keyalg RSA -keystore /path/to/james/conf/keystore
-->
<keystore>file://conf/keystore</keystore>
<secret>yoursecret</secret>
<provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
- </startTLS>
+ </tls>
<handler>
<!-- This is the name used by the server to identify itself in the POP3 -->
@@ -977,36 +981,24 @@
<!--
<bind> </bind>
-->
- <!--
- JAMES TLS uses JSSE. This means that for many Sun JVMs,
- the sunjce_provider.jar must be copied from $JAVA_HOME/lib/ext
- into $JAMES_HOME/lib. It may also be necessary to download and
- install unlimited strength policies.
-
- The standard port for SMTP over TLS is 465.
- -->
- <!--
- <useTLS>true</useTLS>
- -->
-
+
<!-- Use provider elements to specify additional JCE providers.
The jars should be put into $JAMES_HOME/lib.
For example, Uncomment this if you want to use
BouncyCastle JCE (http://www.bouncycastle.org)
<provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider> -->
- <!-- Set enable to true to support STARTTLS.
+ <!-- Set to true to support STARTTLS or TLS for the Socket.
To use this you need to copy sunjce_provider.jar to /path/james/lib directory.
- -->
- <startTLS enable="false">
-
+ -->
+ <tls socketTLS="false" startTLS="false">
<!-- To create a new keystore execute:
keytool -genkey -alias james -keyalg RSA -keystore /path/to/james/conf/keystore
-->
<keystore>file://conf/keystore</keystore>
<secret>yoursecret</secret>
<provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
- </startTLS>
+ </tls>
<handler>
<!-- This is the name used by the server to identify itself in the SMTP -->
@@ -1099,19 +1091,20 @@
<!--
<bind> </bind>
-->
- <!-- JAMES TLS uses JSSE. This means that for many Sun JVMs,
- the sunjce_provider.jar must be copied from $JAVA_HOME/lib/ext
- into $JAMES_HOME/lib. It may also be necessary to download and
- install unlimited strength policies. -->
- <!--
- <useTLS>true</useTLS>
+
+
+ <!-- Set to true to use TLS for the Socket.
+ To use this you need to copy sunjce_provider.jar to /path/james/lib directory.
-->
- <!-- Use provider elements to specify additional JCE providers.
- The jars should be put into $JAMES_HOME/lib.
- For example, Uncomment this if you want to use
- BouncyCastle JCE (http://www.bouncycastle.org)
- <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider> -->
-
+ <tls socketTLS="false">
+ <!-- To create a new keystore execute:
+ keytool -genkey -alias james -keyalg RSA -keystore /path/to/james/conf/keystore
+ -->
+ <keystore>file://conf/keystore</keystore>
+ <secret>yoursecret</secret>
+ <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
+ </tls>
+
<handler>
<!-- This is the name used by the server to identify itself in the SMTP -->
<!-- protocol. If autodetect is TRUE, the server will discover its -->
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org