Commit 68578568 authored by David Smith's avatar David Smith Committed by david

Switch uses of SslSocketConnector to SslSelectChannelConnector so that we can...

Switch uses of SslSocketConnector to SslSelectChannelConnector so that we can use continuations. Massively improves SparkWeb login times. This also modifies SSLConfig to allow accessing the SSLContext (necessary for the switch), and merges SSLJiveServerSocketFactory into SSLConfig, since it was redundant.

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9096 b35dd754-fafc-0310-a699-88a17e54d16e
parent ad8cd107
...@@ -19,11 +19,10 @@ import org.mortbay.jetty.Server; ...@@ -19,11 +19,10 @@ import org.mortbay.jetty.Server;
import org.mortbay.jetty.handler.ContextHandlerCollection; import org.mortbay.jetty.handler.ContextHandlerCollection;
import org.mortbay.jetty.handler.DefaultHandler; import org.mortbay.jetty.handler.DefaultHandler;
import org.mortbay.jetty.nio.SelectChannelConnector; import org.mortbay.jetty.nio.SelectChannelConnector;
import org.mortbay.jetty.security.SslSocketConnector; import org.mortbay.jetty.security.SslSelectChannelConnector;
import org.mortbay.jetty.servlet.Context; import org.mortbay.jetty.servlet.Context;
import org.mortbay.jetty.webapp.WebAppContext; import org.mortbay.jetty.webapp.WebAppContext;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import java.io.File; import java.io.File;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
...@@ -315,11 +314,11 @@ public class AdminConsolePlugin implements Plugin { ...@@ -315,11 +314,11 @@ public class AdminConsolePlugin implements Plugin {
} }
} }
private class JiveSslConnector extends SslSocketConnector { private class JiveSslConnector extends SslSelectChannelConnector {
@Override @Override
protected SSLServerSocketFactory createFactory() throws Exception { protected SSLContext createSSLContext() throws Exception {
return SSLConfig.getServerSocketFactory(); return SSLConfig.getSSLContext();
} }
} }
} }
\ No newline at end of file
...@@ -11,26 +11,25 @@ ...@@ -11,26 +11,25 @@
package org.jivesoftware.openfire.http; package org.jivesoftware.openfire.http;
import org.mortbay.jetty.Server; import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.net.SSLConfig;
import org.jivesoftware.util.*;
import org.mortbay.jetty.Connector; import org.mortbay.jetty.Connector;
import org.mortbay.jetty.Handler; import org.mortbay.jetty.Handler;
import org.mortbay.jetty.servlet.ServletHandler; import org.mortbay.jetty.Server;
import org.mortbay.jetty.handler.ContextHandler;
import org.mortbay.jetty.handler.ContextHandlerCollection; import org.mortbay.jetty.handler.ContextHandlerCollection;
import org.mortbay.jetty.handler.DefaultHandler; import org.mortbay.jetty.handler.DefaultHandler;
import org.mortbay.jetty.handler.ContextHandler;
import org.mortbay.jetty.webapp.WebAppContext;
import org.mortbay.jetty.security.SslSocketConnector;
import org.mortbay.jetty.nio.SelectChannelConnector; import org.mortbay.jetty.nio.SelectChannelConnector;
import org.jivesoftware.util.*; import org.mortbay.jetty.security.SslSelectChannelConnector;
import org.jivesoftware.openfire.net.SSLConfig; import org.mortbay.jetty.servlet.ServletHandler;
import org.jivesoftware.openfire.XMPPServer; import org.mortbay.jetty.webapp.WebAppContext;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory; import java.io.File;
import java.util.Map;
import java.util.List;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.io.File; import java.util.List;
import java.util.Map;
/** /**
* *
...@@ -138,7 +137,7 @@ public final class HttpBindManager { ...@@ -138,7 +137,7 @@ public final class HttpBindManager {
"the hosted domain"); "the hosted domain");
} }
SslSocketConnector sslConnector = new JiveSslConnector(); JiveSslConnector sslConnector = new JiveSslConnector();
sslConnector.setHost(getBindInterface()); sslConnector.setHost(getBindInterface());
sslConnector.setPort(securePort); sslConnector.setPort(securePort);
...@@ -430,11 +429,11 @@ public final class HttpBindManager { ...@@ -430,11 +429,11 @@ public final class HttpBindManager {
} }
} }
private class JiveSslConnector extends SslSocketConnector { private class JiveSslConnector extends SslSelectChannelConnector {
@Override @Override
protected SSLServerSocketFactory createFactory() throws Exception { protected SSLContext createSSLContext() throws Exception {
return SSLConfig.getServerSocketFactory(); return SSLConfig.getSSLContext();
} }
} }
......
...@@ -16,6 +16,8 @@ import org.jivesoftware.util.CertificateManager; ...@@ -16,6 +16,8 @@ import org.jivesoftware.util.CertificateManager;
import org.jivesoftware.util.JiveGlobals; import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.util.Log; import org.jivesoftware.util.Log;
import javax.net.ssl.*;
import javax.net.ServerSocketFactory;
import java.io.File; import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.FileOutputStream; import java.io.FileOutputStream;
...@@ -33,7 +35,7 @@ import java.util.List; ...@@ -33,7 +35,7 @@ import java.util.List;
*/ */
public class SSLConfig { public class SSLConfig {
private static SSLJiveServerSocketFactory sslFactory; private static SSLServerSocketFactory sslFactory;
private static KeyStore keyStore; private static KeyStore keyStore;
private static String keypass; private static String keypass;
private static KeyStore trustStore; private static KeyStore trustStore;
...@@ -41,6 +43,7 @@ public class SSLConfig { ...@@ -41,6 +43,7 @@ public class SSLConfig {
private static String keyStoreLocation; private static String keyStoreLocation;
private static String trustStoreLocation; private static String trustStoreLocation;
private static String storeType; private static String storeType;
private static SSLContext sslContext;
private SSLConfig() { private SSLConfig() {
} }
...@@ -73,9 +76,7 @@ public class SSLConfig { ...@@ -73,9 +76,7 @@ public class SSLConfig {
trustStore = KeyStore.getInstance(storeType); trustStore = KeyStore.getInstance(storeType);
trustStore.load(new FileInputStream(trustStoreLocation), trustpass.toCharArray()); trustStore.load(new FileInputStream(trustStoreLocation), trustpass.toCharArray());
resetFactory();
sslFactory = (SSLJiveServerSocketFactory)SSLJiveServerSocketFactory.getInstance(
algorithm, keyStore, trustStore);
} }
catch (Exception e) { catch (Exception e) {
Log.error("SSLConfig startup problem.\n" + Log.error("SSLConfig startup problem.\n" +
...@@ -88,38 +89,53 @@ public class SSLConfig { ...@@ -88,38 +89,53 @@ public class SSLConfig {
trustStore = null; trustStore = null;
sslFactory = null; sslFactory = null;
} }
// Reset ssl factoty when certificates are modified // Reset ssl factoty when certificates are modified
CertificateManager.addListener(new CertificateEventListener() { CertificateManager.addListener(new CertificateEventListener() {
// Reset ssl factory since keystores have changed
public void certificateCreated(KeyStore keyStore, String alias, X509Certificate cert) { public void certificateCreated(KeyStore keyStore, String alias, X509Certificate cert) {
// Reset ssl factory since keystores have changed resetFactory();
resetFactory(keyStore);
} }
public void certificateDeleted(KeyStore keyStore, String alias) { public void certificateDeleted(KeyStore keyStore, String alias) {
// Reset ssl factory since keystores have changed resetFactory();
resetFactory(keyStore);
} }
public void certificateSigned(KeyStore keyStore, String alias, List<X509Certificate> certificates) {
public void certificateSigned(KeyStore keyStore, String alias, resetFactory();
List<X509Certificate> certificates) {
// Reset ssl factory since keystores have changed
resetFactory(keyStore);
}
private void resetFactory(KeyStore keyStore) {
try {
String algorithm = JiveGlobals.getProperty("xmpp.socket.ssl.algorithm", "TLS");
sslFactory = (SSLJiveServerSocketFactory)SSLJiveServerSocketFactory.getInstance(
algorithm, keyStore, trustStore);
}
catch (IOException e) {
Log.error("Error while resetting ssl factory", e);
sslFactory = null;
}
} }
}); });
} }
private static void resetFactory() {
try {
String algorithm = JiveGlobals.getProperty("xmpp.socket.ssl.algorithm", "TLS");
sslContext = SSLContext.getInstance(algorithm);
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, SSLConfig.getKeyPassword().toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
sslContext.init(keyFactory.getKeyManagers(),
trustFactory.getTrustManagers(),
new java.security.SecureRandom());
sslFactory = sslContext.getServerSocketFactory();
}
catch (Exception e) {
Log.error("SSLConfig factory setup problem.\n" +
" storeType: [" + storeType + "]\n" +
" keyStoreLocation: [" + keyStoreLocation + "]\n" +
" keypass: [" + keypass + "]\n" +
" trustStoreLocation: [" + trustStoreLocation+ "]\n" +
" trustpass: [" + trustpass + "]", e);
keyStore = null;
trustStore = null;
sslFactory = null;
}
}
public static String getKeyPassword() { public static String getKeyPassword() {
return keypass; return keypass;
} }
...@@ -199,7 +215,11 @@ public class SSLConfig { ...@@ -199,7 +215,11 @@ public class SSLConfig {
return storeType; return storeType;
} }
public static SSLJiveServerSocketFactory getServerSocketFactory() { public static SSLContext getSSLContext() {
return sslContext;
}
public static SSLServerSocketFactory getServerSocketFactory() {
return sslFactory; return sslFactory;
} }
} }
\ No newline at end of file
/**
* $RCSfile$
* $Revision: 1217 $
* $Date: 2005-04-11 18:11:06 -0300 (Mon, 11 Apr 2005) $
*
* Copyright (C) 2004 Jive Software. All rights reserved.
*
* This software is published under the terms of the GNU Public License (GPL),
* a copy of which is included in this distribution.
*/
package org.jivesoftware.openfire.net;
import org.jivesoftware.util.Log;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.security.KeyStore;
/**
* Securue socket factory wrapper allowing simple setup of all security
* SSL related parameters.
*
* @author Iain Shigeoka
*/
public class SSLJiveServerSocketFactory extends SSLServerSocketFactory {
public static SSLServerSocketFactory getInstance(String algorithm,
KeyStore keystore,
KeyStore truststore) throws
IOException {
try {
SSLContext sslcontext = SSLContext.getInstance(algorithm);
SSLServerSocketFactory factory;
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keystore, SSLConfig.getKeyPassword().toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(truststore);
sslcontext.init(keyFactory.getKeyManagers(),
trustFactory.getTrustManagers(),
new java.security.SecureRandom());
factory = sslcontext.getServerSocketFactory();
return new SSLJiveServerSocketFactory(factory);
}
catch (Exception e) {
Log.error(e);
throw new IOException(e.getMessage());
}
}
private SSLServerSocketFactory factory;
private SSLJiveServerSocketFactory(SSLServerSocketFactory factory) {
this.factory = factory;
}
public ServerSocket createServerSocket(int i) throws IOException {
return factory.createServerSocket(i);
}
public ServerSocket createServerSocket(int i, int i1) throws IOException {
return factory.createServerSocket(i, i1);
}
public ServerSocket createServerSocket(int i, int i1, InetAddress inetAddress) throws IOException {
return factory.createServerSocket(i, i1, inetAddress);
}
public String[] getDefaultCipherSuites() {
return factory.getDefaultCipherSuites();
}
public String[] getSupportedCipherSuites() {
return factory.getSupportedCipherSuites();
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment