You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by no...@apache.org on 2010/11/16 12:36:09 UTC
svn commit: r1035595 - in /james/server/trunk:
imapserver/src/main/java/org/apache/james/imapserver/netty/
lmtpserver/src/main/java/org/apache/james/lmtpserver/netty/
netty-socket/src/main/java/org/apache/james/socket/netty/
pop3server/src/main/java/or...
Author: norman
Date: Tue Nov 16 11:36:08 2010
New Revision: 1035595
URL: http://svn.apache.org/viewvc?rev=1035595&view=rev
Log:
Allow to specify which ciphers are allowed for TLS. See JAMES-385
Modified:
james/server/trunk/imapserver/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java
james/server/trunk/imapserver/src/main/java/org/apache/james/imapserver/netty/ImapStreamChannelUpstreamHandler.java
james/server/trunk/lmtpserver/src/main/java/org/apache/james/lmtpserver/netty/LMTPServer.java
james/server/trunk/netty-socket/src/main/java/org/apache/james/socket/netty/AbstractConfigurableAsyncServer.java
james/server/trunk/pop3server/src/main/java/org/apache/james/pop3server/netty/POP3ChannelUpstreamHandler.java
james/server/trunk/pop3server/src/main/java/org/apache/james/pop3server/netty/POP3Server.java
james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/netty/SMTPChannelUpstreamHandler.java
james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/netty/SMTPServer.java
Modified: james/server/trunk/imapserver/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java
URL: http://svn.apache.org/viewvc/james/server/trunk/imapserver/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java?rev=1035595&r1=1035594&r2=1035595&view=diff
==============================================================================
--- james/server/trunk/imapserver/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java (original)
+++ james/server/trunk/imapserver/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java Tue Nov 16 11:36:08 2010
@@ -126,7 +126,7 @@ public class IMAPServer extends Abstract
final ImapRequestStreamHandler handler = new ImapRequestStreamHandler(decoder, processor, encoder);
if (isStartTLSSupported()) {
- pipeline.addLast("coreHandler", new ImapStreamChannelUpstreamHandler(hello, handler, getLogger(), IMAPServer.this.getTimeout(), getSSLContext().createSSLEngine()));
+ pipeline.addLast("coreHandler", new ImapStreamChannelUpstreamHandler(hello, handler, getLogger(), IMAPServer.this.getTimeout(), getSSLContext(), getEnabledCipherSuites()));
} else {
pipeline.addLast("coreHandler", new ImapStreamChannelUpstreamHandler(hello, handler, getLogger(), IMAPServer.this.getTimeout()));
}
Modified: james/server/trunk/imapserver/src/main/java/org/apache/james/imapserver/netty/ImapStreamChannelUpstreamHandler.java
URL: http://svn.apache.org/viewvc/james/server/trunk/imapserver/src/main/java/org/apache/james/imapserver/netty/ImapStreamChannelUpstreamHandler.java?rev=1035595&r1=1035594&r2=1035595&view=diff
==============================================================================
--- james/server/trunk/imapserver/src/main/java/org/apache/james/imapserver/netty/ImapStreamChannelUpstreamHandler.java (original)
+++ james/server/trunk/imapserver/src/main/java/org/apache/james/imapserver/netty/ImapStreamChannelUpstreamHandler.java Tue Nov 16 11:36:08 2010
@@ -24,7 +24,7 @@ import java.io.InputStream;
import java.io.OutputStream;
import java.util.concurrent.TimeUnit;
-import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLContext;
import org.apache.commons.logging.Log;
import org.apache.james.imap.api.ImapConstants;
@@ -54,22 +54,25 @@ public class ImapStreamChannelUpstreamHa
private final ImapRequestStreamHandler handler;
- private SSLEngine engine;
+ private String[] enabledCipherSuites;
+
+ private SSLContext context;
private final static String IMAP_SESSION = "IMAP_SESSION";
private final static String BUFFERED_OUT = "BUFFERED_OUT";
public ImapStreamChannelUpstreamHandler(final String hello, final ImapRequestStreamHandler handler, final Log logger, final long readTimeout) {
- this(hello, handler, logger, readTimeout, null);
+ this(hello, handler, logger, readTimeout, null, null);
}
- public ImapStreamChannelUpstreamHandler(final String hello, final ImapRequestStreamHandler handler, final Log logger, final long readTimeout, SSLEngine engine) {
+ public ImapStreamChannelUpstreamHandler(final String hello, final ImapRequestStreamHandler handler, final Log logger, final long readTimeout, SSLContext context, String[] enabledCipherSuites) {
super(new HashedWheelTimer(), readTimeout, TimeUnit.SECONDS);
this.logger = logger;
this.hello = hello;
this.handler = handler;
- this.engine = engine;
+ this.context = context;
+ this.enabledCipherSuites = enabledCipherSuites;
}
@Override
@@ -105,8 +108,11 @@ public class ImapStreamChannelUpstreamHa
// enable buffering of the stream
((StartTLSOutputStream)getAttachment(ctx).get(BUFFERED_OUT)).bufferTillCRLF();
- SslHandler filter = new SslHandler(engine, true);
+ SslHandler filter = new SslHandler(context.createSSLEngine(), true);
filter.getEngine().setUseClientMode(false);
+ if (enabledCipherSuites != null && enabledCipherSuites.length > 0) {
+ filter.getEngine().setEnabledCipherSuites(enabledCipherSuites);
+ }
ctx.getPipeline().addFirst("sslHandler", filter);
return true;
@@ -114,7 +120,7 @@ public class ImapStreamChannelUpstreamHa
@Override
public boolean supportStartTLS() {
- return engine != null;
+ return context != null;
}
};
Modified: james/server/trunk/lmtpserver/src/main/java/org/apache/james/lmtpserver/netty/LMTPServer.java
URL: http://svn.apache.org/viewvc/james/server/trunk/lmtpserver/src/main/java/org/apache/james/lmtpserver/netty/LMTPServer.java?rev=1035595&r1=1035594&r2=1035595&view=diff
==============================================================================
--- james/server/trunk/lmtpserver/src/main/java/org/apache/james/lmtpserver/netty/LMTPServer.java (original)
+++ james/server/trunk/lmtpserver/src/main/java/org/apache/james/lmtpserver/netty/LMTPServer.java Tue Nov 16 11:36:08 2010
@@ -206,7 +206,7 @@ public class LMTPServer extends Abstract
@Override
protected ChannelUpstreamHandler createHandler() {
- return new SMTPChannelUpstreamHandler(handlerChain, lmtpConfig, getLogger(), getSSLContext());
+ return new SMTPChannelUpstreamHandler(handlerChain, lmtpConfig, getLogger());
}
}
Modified: james/server/trunk/netty-socket/src/main/java/org/apache/james/socket/netty/AbstractConfigurableAsyncServer.java
URL: http://svn.apache.org/viewvc/james/server/trunk/netty-socket/src/main/java/org/apache/james/socket/netty/AbstractConfigurableAsyncServer.java?rev=1035595&r1=1035594&r2=1035595&view=diff
==============================================================================
--- james/server/trunk/netty-socket/src/main/java/org/apache/james/socket/netty/AbstractConfigurableAsyncServer.java (original)
+++ james/server/trunk/netty-socket/src/main/java/org/apache/james/socket/netty/AbstractConfigurableAsyncServer.java Tue Nov 16 11:36:08 2010
@@ -98,6 +98,8 @@ public abstract class AbstractConfigurab
private String jmxName;
+ private String[] enabledCipherSuites;
+
@Resource(name="dnsservice")
public final void setDNSService(DNSService dns) {
this.dns = dns;
@@ -228,6 +230,7 @@ public abstract class AbstractConfigurab
if (useSSL && useStartTLS) throw new ConfigurationException("startTLS is only supported when using plain sockets");
if (useStartTLS || useSSL) {
+ enabledCipherSuites = config.getStringArray("tls.supportedCipherSuites.cipherSuite");
keystore = config.getString("tls.keystore", null);
if (keystore == null) {
throw new ConfigurationException("keystore needs to get configured");
@@ -462,5 +465,9 @@ public abstract class AbstractConfigurab
* @return defaultJmxName
*/
protected abstract String getDefaultJMXName();
+
+ protected String[] getEnabledCipherSuites() {
+ return enabledCipherSuites;
+ }
}
Modified: james/server/trunk/pop3server/src/main/java/org/apache/james/pop3server/netty/POP3ChannelUpstreamHandler.java
URL: http://svn.apache.org/viewvc/james/server/trunk/pop3server/src/main/java/org/apache/james/pop3server/netty/POP3ChannelUpstreamHandler.java?rev=1035595&r1=1035594&r2=1035595&view=diff
==============================================================================
--- james/server/trunk/pop3server/src/main/java/org/apache/james/pop3server/netty/POP3ChannelUpstreamHandler.java (original)
+++ james/server/trunk/pop3server/src/main/java/org/apache/james/pop3server/netty/POP3ChannelUpstreamHandler.java Tue Nov 16 11:36:08 2010
@@ -19,6 +19,7 @@
package org.apache.james.pop3server.netty;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
import org.apache.commons.logging.Log;
import org.apache.james.pop3server.POP3HandlerConfigurationData;
@@ -38,23 +39,29 @@ public class POP3ChannelUpstreamHandler
private final Log logger;
private final POP3HandlerConfigurationData conf;
private final SSLContext context;
+ private String[] enabledCipherSuites;
- public POP3ChannelUpstreamHandler(ProtocolHandlerChain chain, POP3HandlerConfigurationData conf, Log logger, SSLContext context) {
+ public POP3ChannelUpstreamHandler(ProtocolHandlerChain chain, POP3HandlerConfigurationData conf, Log logger, SSLContext context, String[] enabledCipherSuites) {
super(chain);
this.logger = logger;
this.conf = conf;
this.context = context;
+ this.enabledCipherSuites = enabledCipherSuites;
}
public POP3ChannelUpstreamHandler(ProtocolHandlerChain chain, POP3HandlerConfigurationData conf, Log logger) {
- this(chain, conf, logger, null);
+ this(chain, conf, logger, null, null);
}
@Override
protected ProtocolSession createSession(ChannelHandlerContext ctx) throws Exception {
if (context != null) {
- return new POP3NettySession(conf, logger, ctx, context.createSSLEngine());
+ SSLEngine engine = context.createSSLEngine();
+ if (enabledCipherSuites != null && enabledCipherSuites.length > 0) {
+ engine.setEnabledCipherSuites(enabledCipherSuites);
+ }
+ return new POP3NettySession(conf, logger, ctx, engine);
} else {
return new POP3NettySession(conf, logger, ctx);
}
Modified: james/server/trunk/pop3server/src/main/java/org/apache/james/pop3server/netty/POP3Server.java
URL: http://svn.apache.org/viewvc/james/server/trunk/pop3server/src/main/java/org/apache/james/pop3server/netty/POP3Server.java?rev=1035595&r1=1035594&r2=1035595&view=diff
==============================================================================
--- james/server/trunk/pop3server/src/main/java/org/apache/james/pop3server/netty/POP3Server.java (original)
+++ james/server/trunk/pop3server/src/main/java/org/apache/james/pop3server/netty/POP3Server.java Tue Nov 16 11:36:08 2010
@@ -161,7 +161,7 @@ public class POP3Server extends Abstract
@Override
protected ChannelUpstreamHandler createHandler() {
- return new POP3ChannelUpstreamHandler(handlerChain, theConfigData, getLogger(), getSSLContext());
+ return new POP3ChannelUpstreamHandler(handlerChain, theConfigData, getLogger(), getSSLContext(), getEnabledCipherSuites());
}
Modified: james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/netty/SMTPChannelUpstreamHandler.java
URL: http://svn.apache.org/viewvc/james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/netty/SMTPChannelUpstreamHandler.java?rev=1035595&r1=1035594&r2=1035595&view=diff
==============================================================================
--- james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/netty/SMTPChannelUpstreamHandler.java (original)
+++ james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/netty/SMTPChannelUpstreamHandler.java Tue Nov 16 11:36:08 2010
@@ -19,6 +19,7 @@
package org.apache.james.smtpserver.netty;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
import org.apache.commons.logging.Log;
import org.apache.james.lifecycle.LifecycleUtil;
@@ -45,24 +46,30 @@ public class SMTPChannelUpstreamHandler
private final Log logger;
private final SMTPConfiguration conf;
private final SSLContext context;
+ private String[] enabledCipherSuites;
public SMTPChannelUpstreamHandler(ProtocolHandlerChain chain,
SMTPConfiguration conf, Log logger) {
- this(chain, conf, logger, null);
+ this(chain, conf, logger, null, null);
}
public SMTPChannelUpstreamHandler(ProtocolHandlerChain chain,
- SMTPConfiguration conf, Log logger, SSLContext context) {
+ SMTPConfiguration conf, Log logger, SSLContext context, String[] enabledCipherSuites) {
super(chain);
this.conf = conf;
this.logger = logger;
this.context = context;
+ this.enabledCipherSuites = enabledCipherSuites;
}
@Override
protected ProtocolSession createSession(ChannelHandlerContext ctx) throws Exception {
if (context != null) {
- return new SMTPNettySession(conf, logger, ctx, context.createSSLEngine());
+ SSLEngine engine = context.createSSLEngine();
+ if (enabledCipherSuites != null && enabledCipherSuites.length > 0) {
+ engine.setEnabledCipherSuites(enabledCipherSuites);
+ }
+ return new SMTPNettySession(conf, logger, ctx, engine);
} else {
return new SMTPNettySession(conf, logger, ctx);
}
Modified: james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/netty/SMTPServer.java
URL: http://svn.apache.org/viewvc/james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/netty/SMTPServer.java?rev=1035595&r1=1035594&r2=1035595&view=diff
==============================================================================
--- james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/netty/SMTPServer.java (original)
+++ james/server/trunk/smtpserver/src/main/java/org/apache/james/smtpserver/netty/SMTPServer.java Tue Nov 16 11:36:08 2010
@@ -303,15 +303,15 @@ public class SMTPServer extends Abstract
@Override
protected ChannelPipelineFactory createPipelineFactory(ChannelGroup group) {
- return new SMTPChannelPipelineFactory(getTimeout(), connectionLimit, connPerIP, group);
+ return new SMTPChannelPipelineFactory(getTimeout(), connectionLimit, connPerIP, group, getEnabledCipherSuites());
}
private final class SMTPChannelPipelineFactory extends AbstractSSLAwareChannelPipelineFactory {
public SMTPChannelPipelineFactory(int timeout, int maxConnections,
- int maxConnectsPerIp, ChannelGroup group) {
- super(timeout, maxConnections, maxConnectsPerIp, group);
+ int maxConnectsPerIp, ChannelGroup group, String[] enabledCipherSuites) {
+ super(timeout, maxConnections, maxConnectsPerIp, group, enabledCipherSuites);
}
@@ -341,7 +341,7 @@ public class SMTPServer extends Abstract
@Override
protected ChannelUpstreamHandler createHandler() {
- return new SMTPChannelUpstreamHandler(handlerChain, theConfigData, getLogger(), getSSLContext());
+ return new SMTPChannelUpstreamHandler(handlerChain, theConfigData, getLogger(), getSSLContext(), getEnabledCipherSuites());
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org