Commit c0fda20b authored by David Smith's avatar David Smith Committed by david

Merge HTTP SSL fixes from trunk

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/branches/3_3_1_branch@9215 b35dd754-fafc-0310-a699-88a17e54d16e
parent 6d6f53a8
...@@ -348,16 +348,16 @@ ...@@ -348,16 +348,16 @@
<orderEntry type="module-library"> <orderEntry type="module-library">
<library> <library>
<CLASSES> <CLASSES>
<root url="jar://$MODULE_DIR$/../lib/merge/mina-filter-ssl-1.2.0.jar!/" /> <root url="jar://$MODULE_DIR$/../lib/ant-jive-edition.jar!/" />
</CLASSES> </CLASSES>
<JAVADOC /> <JAVADOC />
<SOURCES /> <SOURCES />
</library> </library>
</orderEntry> </orderEntry>
<orderEntry type="module-library" exported=""> <orderEntry type="module-library">
<library> <library>
<CLASSES> <CLASSES>
<root url="jar://$MODULE_DIR$/../lib/merge/mina-core-1.2.0.jar!/" /> <root url="jar://$MODULE_DIR$/../lib/dist/activation.jar!/" />
</CLASSES> </CLASSES>
<JAVADOC /> <JAVADOC />
<SOURCES /> <SOURCES />
...@@ -366,7 +366,7 @@ ...@@ -366,7 +366,7 @@
<orderEntry type="module-library"> <orderEntry type="module-library">
<library> <library>
<CLASSES> <CLASSES>
<root url="jar://$MODULE_DIR$/../lib/merge/mina-filter-compression-1.2.0.jar!/" /> <root url="file://$MODULE_DIR$/../../src/resources/jar" />
</CLASSES> </CLASSES>
<JAVADOC /> <JAVADOC />
<SOURCES /> <SOURCES />
...@@ -375,7 +375,7 @@ ...@@ -375,7 +375,7 @@
<orderEntry type="module-library"> <orderEntry type="module-library">
<library> <library>
<CLASSES> <CLASSES>
<root url="jar://$MODULE_DIR$/../lib/ant-jive-edition.jar!/" /> <root url="jar://$MODULE_DIR$/../lib/merge/jetty-sslengine.jar!/" />
</CLASSES> </CLASSES>
<JAVADOC /> <JAVADOC />
<SOURCES /> <SOURCES />
...@@ -384,7 +384,7 @@ ...@@ -384,7 +384,7 @@
<orderEntry type="module-library"> <orderEntry type="module-library">
<library> <library>
<CLASSES> <CLASSES>
<root url="jar://$MODULE_DIR$/../lib/dist/activation.jar!/" /> <root url="jar://$MODULE_DIR$/../lib/merge/mina-filter-ssl.jar!/" />
</CLASSES> </CLASSES>
<JAVADOC /> <JAVADOC />
<SOURCES /> <SOURCES />
...@@ -393,7 +393,16 @@ ...@@ -393,7 +393,16 @@
<orderEntry type="module-library"> <orderEntry type="module-library">
<library> <library>
<CLASSES> <CLASSES>
<root url="file://$MODULE_DIR$/../../src/resources/jar" /> <root url="jar://$MODULE_DIR$/../lib/merge/mina-filter-compression.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES />
</library>
</orderEntry>
<orderEntry type="module-library">
<library>
<CLASSES>
<root url="jar://$MODULE_DIR$/../lib/merge/mina-core.jar!/" />
</CLASSES> </CLASSES>
<JAVADOC /> <JAVADOC />
<SOURCES /> <SOURCES />
......
...@@ -19,11 +19,10 @@ import org.mortbay.jetty.Server; ...@@ -19,11 +19,10 @@ import org.mortbay.jetty.Server;
import org.mortbay.jetty.handler.ContextHandlerCollection; import org.mortbay.jetty.handler.ContextHandlerCollection;
import org.mortbay.jetty.handler.DefaultHandler; import org.mortbay.jetty.handler.DefaultHandler;
import org.mortbay.jetty.nio.SelectChannelConnector; import org.mortbay.jetty.nio.SelectChannelConnector;
import org.mortbay.jetty.security.SslSocketConnector; import org.mortbay.jetty.security.SslSelectChannelConnector;
import org.mortbay.jetty.servlet.Context; import org.mortbay.jetty.servlet.Context;
import org.mortbay.jetty.webapp.WebAppContext; import org.mortbay.jetty.webapp.WebAppContext;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import java.io.File; import java.io.File;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
...@@ -315,11 +314,11 @@ public class AdminConsolePlugin implements Plugin { ...@@ -315,11 +314,11 @@ public class AdminConsolePlugin implements Plugin {
} }
} }
private class JiveSslConnector extends SslSocketConnector { private class JiveSslConnector extends SslSelectChannelConnector {
@Override @Override
protected SSLServerSocketFactory createFactory() throws Exception { protected SSLContext createSSLContext() throws Exception {
return SSLConfig.getServerSocketFactory(); return SSLConfig.getSSLContext();
} }
} }
} }
\ No newline at end of file
...@@ -11,26 +11,25 @@ ...@@ -11,26 +11,25 @@
package org.jivesoftware.openfire.http; package org.jivesoftware.openfire.http;
import org.mortbay.jetty.Server; import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.net.SSLConfig;
import org.jivesoftware.util.*;
import org.mortbay.jetty.Connector; import org.mortbay.jetty.Connector;
import org.mortbay.jetty.Handler; import org.mortbay.jetty.Handler;
import org.mortbay.jetty.servlet.ServletHandler; import org.mortbay.jetty.Server;
import org.mortbay.jetty.handler.ContextHandler;
import org.mortbay.jetty.handler.ContextHandlerCollection; import org.mortbay.jetty.handler.ContextHandlerCollection;
import org.mortbay.jetty.handler.DefaultHandler; import org.mortbay.jetty.handler.DefaultHandler;
import org.mortbay.jetty.handler.ContextHandler;
import org.mortbay.jetty.webapp.WebAppContext;
import org.mortbay.jetty.security.SslSocketConnector;
import org.mortbay.jetty.nio.SelectChannelConnector; import org.mortbay.jetty.nio.SelectChannelConnector;
import org.jivesoftware.util.*; import org.mortbay.jetty.security.SslSelectChannelConnector;
import org.jivesoftware.openfire.net.SSLConfig; import org.mortbay.jetty.servlet.ServletHandler;
import org.jivesoftware.openfire.XMPPServer; import org.mortbay.jetty.webapp.WebAppContext;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory; import java.io.File;
import java.util.Map;
import java.util.List;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.io.File; import java.util.List;
import java.util.Map;
/** /**
* *
...@@ -138,7 +137,7 @@ public final class HttpBindManager { ...@@ -138,7 +137,7 @@ public final class HttpBindManager {
"the hosted domain"); "the hosted domain");
} }
SslSocketConnector sslConnector = new JiveSslConnector(); JiveSslConnector sslConnector = new JiveSslConnector();
sslConnector.setHost(getBindInterface()); sslConnector.setHost(getBindInterface());
sslConnector.setPort(securePort); sslConnector.setPort(securePort);
...@@ -430,11 +429,11 @@ public final class HttpBindManager { ...@@ -430,11 +429,11 @@ public final class HttpBindManager {
} }
} }
private class JiveSslConnector extends SslSocketConnector { private class JiveSslConnector extends SslSelectChannelConnector {
@Override @Override
protected SSLServerSocketFactory createFactory() throws Exception { protected SSLContext createSSLContext() throws Exception {
return SSLConfig.getServerSocketFactory(); return SSLConfig.getSSLContext();
} }
} }
......
...@@ -234,8 +234,7 @@ public class HttpBindServlet extends HttpServlet { ...@@ -234,8 +234,7 @@ public class HttpBindServlet extends HttpServlet {
respond(response, createEmptyBody(), request.getMethod()); respond(response, createEmptyBody(), request.getMethod());
} }
else { else {
connection connection.setContinuation(ContinuationSupport.getContinuation(request, connection));
.setContinuation(ContinuationSupport.getContinuation(request, connection));
request.setAttribute("request-session", connection.getSession()); request.setAttribute("request-session", connection.getSession());
request.setAttribute("request", connection.getRequestId()); request.setAttribute("request", connection.getRequestId());
try { try {
......
...@@ -183,7 +183,7 @@ public class HttpConnection { ...@@ -183,7 +183,7 @@ public class HttpConnection {
return deliverable; return deliverable;
} }
this.isDelivered = true; this.isDelivered = true;
throw new HttpBindTimeoutException("Request " + requestId + " exceded response time from " + throw new HttpBindTimeoutException("Request " + requestId + " exceeded response time from " +
"server of " + session.getWait() + " seconds."); "server of " + session.getWait() + " seconds.");
} }
} }
...@@ -309,7 +309,7 @@ public class HttpSession extends ClientSession { ...@@ -309,7 +309,7 @@ public class HttpSession extends ClientSession {
* @return the time in milliseconds since the epoch that this session was last active. * @return the time in milliseconds since the epoch that this session was last active.
*/ */
public synchronized long getLastActivity() { public synchronized long getLastActivity() {
if (connectionQueue.size() <= 0) { if (connectionQueue.isEmpty()) {
return lastActivity; return lastActivity;
} }
else { else {
...@@ -416,7 +416,7 @@ public class HttpSession extends ClientSession { ...@@ -416,7 +416,7 @@ public class HttpSession extends ClientSession {
protected void sendPendingPackets() { protected void sendPendingPackets() {
// access blocked only on send to prevent deadlocks // access blocked only on send to prevent deadlocks
synchronized (packetsToSend) { synchronized (packetsToSend) {
if (packetsToSend.size() <= 0) { if (packetsToSend.isEmpty()) {
return; return;
} }
......
...@@ -16,6 +16,8 @@ import org.jivesoftware.util.CertificateManager; ...@@ -16,6 +16,8 @@ import org.jivesoftware.util.CertificateManager;
import org.jivesoftware.util.JiveGlobals; import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.util.Log; import org.jivesoftware.util.Log;
import javax.net.ssl.*;
import javax.net.ServerSocketFactory;
import java.io.File; import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.FileOutputStream; import java.io.FileOutputStream;
...@@ -33,7 +35,7 @@ import java.util.List; ...@@ -33,7 +35,7 @@ import java.util.List;
*/ */
public class SSLConfig { public class SSLConfig {
private static SSLJiveServerSocketFactory sslFactory; private static SSLServerSocketFactory sslFactory;
private static KeyStore keyStore; private static KeyStore keyStore;
private static String keypass; private static String keypass;
private static KeyStore trustStore; private static KeyStore trustStore;
...@@ -41,6 +43,7 @@ public class SSLConfig { ...@@ -41,6 +43,7 @@ public class SSLConfig {
private static String keyStoreLocation; private static String keyStoreLocation;
private static String trustStoreLocation; private static String trustStoreLocation;
private static String storeType; private static String storeType;
private static SSLContext sslContext;
private SSLConfig() { private SSLConfig() {
} }
...@@ -73,9 +76,7 @@ public class SSLConfig { ...@@ -73,9 +76,7 @@ public class SSLConfig {
trustStore = KeyStore.getInstance(storeType); trustStore = KeyStore.getInstance(storeType);
trustStore.load(new FileInputStream(trustStoreLocation), trustpass.toCharArray()); trustStore.load(new FileInputStream(trustStoreLocation), trustpass.toCharArray());
resetFactory();
sslFactory = (SSLJiveServerSocketFactory)SSLJiveServerSocketFactory.getInstance(
algorithm, keyStore, trustStore);
} }
catch (Exception e) { catch (Exception e) {
Log.error("SSLConfig startup problem.\n" + Log.error("SSLConfig startup problem.\n" +
...@@ -88,37 +89,52 @@ public class SSLConfig { ...@@ -88,37 +89,52 @@ public class SSLConfig {
trustStore = null; trustStore = null;
sslFactory = null; sslFactory = null;
} }
// Reset ssl factoty when certificates are modified // Reset ssl factoty when certificates are modified
CertificateManager.addListener(new CertificateEventListener() { CertificateManager.addListener(new CertificateEventListener() {
public void certificateCreated(KeyStore keyStore, String alias, X509Certificate cert) {
// Reset ssl factory since keystores have changed // Reset ssl factory since keystores have changed
resetFactory(keyStore); public void certificateCreated(KeyStore keyStore, String alias, X509Certificate cert) {
resetFactory();
} }
public void certificateDeleted(KeyStore keyStore, String alias) { public void certificateDeleted(KeyStore keyStore, String alias) {
// Reset ssl factory since keystores have changed resetFactory();
resetFactory(keyStore);
} }
public void certificateSigned(KeyStore keyStore, String alias, List<X509Certificate> certificates) {
public void certificateSigned(KeyStore keyStore, String alias, resetFactory();
List<X509Certificate> certificates) { }
// Reset ssl factory since keystores have changed });
resetFactory(keyStore);
} }
private void resetFactory(KeyStore keyStore) { private static void resetFactory() {
try { try {
String algorithm = JiveGlobals.getProperty("xmpp.socket.ssl.algorithm", "TLS"); String algorithm = JiveGlobals.getProperty("xmpp.socket.ssl.algorithm", "TLS");
sslFactory = (SSLJiveServerSocketFactory)SSLJiveServerSocketFactory.getInstance(
algorithm, keyStore, trustStore); sslContext = SSLContext.getInstance(algorithm);
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, SSLConfig.getKeyPassword().toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
sslContext.init(keyFactory.getKeyManagers(),
trustFactory.getTrustManagers(),
new java.security.SecureRandom());
sslFactory = sslContext.getServerSocketFactory();
} }
catch (IOException e) { catch (Exception e) {
Log.error("Error while resetting ssl factory", e); Log.error("SSLConfig factory setup problem.\n" +
" storeType: [" + storeType + "]\n" +
" keyStoreLocation: [" + keyStoreLocation + "]\n" +
" keypass: [" + keypass + "]\n" +
" trustStoreLocation: [" + trustStoreLocation+ "]\n" +
" trustpass: [" + trustpass + "]", e);
keyStore = null;
trustStore = null;
sslFactory = null; sslFactory = null;
} }
} }
});
}
public static String getKeyPassword() { public static String getKeyPassword() {
return keypass; return keypass;
...@@ -199,7 +215,11 @@ public class SSLConfig { ...@@ -199,7 +215,11 @@ public class SSLConfig {
return storeType; return storeType;
} }
public static SSLJiveServerSocketFactory getServerSocketFactory() { public static SSLContext getSSLContext() {
return sslContext;
}
public static SSLServerSocketFactory getServerSocketFactory() {
return sslFactory; return sslFactory;
} }
} }
\ No newline at end of file
/**
* $RCSfile$
* $Revision: 1217 $
* $Date: 2005-04-11 18:11:06 -0300 (Mon, 11 Apr 2005) $
*
* Copyright (C) 2004 Jive Software. All rights reserved.
*
* This software is published under the terms of the GNU Public License (GPL),
* a copy of which is included in this distribution.
*/
package org.jivesoftware.openfire.net;
import org.jivesoftware.util.Log;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.security.KeyStore;
/**
* Securue socket factory wrapper allowing simple setup of all security
* SSL related parameters.
*
* @author Iain Shigeoka
*/
public class SSLJiveServerSocketFactory extends SSLServerSocketFactory {
public static SSLServerSocketFactory getInstance(String algorithm,
KeyStore keystore,
KeyStore truststore) throws
IOException {
try {
SSLContext sslcontext = SSLContext.getInstance(algorithm);
SSLServerSocketFactory factory;
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keystore, SSLConfig.getKeyPassword().toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(truststore);
sslcontext.init(keyFactory.getKeyManagers(),
trustFactory.getTrustManagers(),
new java.security.SecureRandom());
factory = sslcontext.getServerSocketFactory();
return new SSLJiveServerSocketFactory(factory);
}
catch (Exception e) {
Log.error(e);
throw new IOException(e.getMessage());
}
}
private SSLServerSocketFactory factory;
private SSLJiveServerSocketFactory(SSLServerSocketFactory factory) {
this.factory = factory;
}
public ServerSocket createServerSocket(int i) throws IOException {
return factory.createServerSocket(i);
}
public ServerSocket createServerSocket(int i, int i1) throws IOException {
return factory.createServerSocket(i, i1);
}
public ServerSocket createServerSocket(int i, int i1, InetAddress inetAddress) throws IOException {
return factory.createServerSocket(i, i1, inetAddress);
}
public String[] getDefaultCipherSuites() {
return factory.getDefaultCipherSuites();
}
public String[] getSupportedCipherSuites() {
return factory.getSupportedCipherSuites();
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment