OF-946: Should have single point of SSLContext instantiation

The code to get an instance of SSLContext is duplicated all over the codebase. Code gets more
maintainable by replacing all duplicate code blocks with one utility method.
This already fixes an issue where Clearspace integration used a SSL instead of TLS algorithm.

src/java/org/jivesoftware/openfire/clearspace/SSLProtocolSocketFactory.java

@@ -63,7 +63,7 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
 
     private SSLContext createSSLContext(String host) {
         try {
-            SSLContext context = SSLContext.getInstance("SSL");
+            final SSLContext context = SSLConfig.getSSLContext();
             context.init(
                     null,
                     new TrustManager[] {

src/java/org/jivesoftware/openfire/net/SSLConfig.java

@@ -21,10 +21,12 @@
 package org.jivesoftware.openfire.net;
 
 import org.jivesoftware.openfire.keystore.*;
+import org.jivesoftware.openfire.session.ConnectionSettings;
 import org.jivesoftware.util.JiveGlobals;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.net.ssl.SSLContext;
 import java.io.*;
 import java.nio.file.Path;
 import java.nio.file.Paths;
@@ -368,4 +370,11 @@ public class SSLConfig
 
         return file.getCanonicalPath();
     }
+
+    public static SSLContext getSSLContext() throws NoSuchAlgorithmException
+    {
+        // TODO: allow different algorithms for differetn connection types (eg client/server/bosh etc)
+        final String algorithm = JiveGlobals.getProperty( ConnectionSettings.Client.TLS_ALGORITHM, "TLS" );
+        return SSLContext.getInstance( algorithm );
+    }
 }

src/java/org/jivesoftware/openfire/net/SSLConfigSocketFactory.java

@@ -105,8 +105,7 @@ public class SSLConfigSocketFactory
         final IdentityStoreConfig identityStoreConfig = (IdentityStoreConfig) SSLConfig.getInstance().getStoreConfig( Purpose.SOCKETBASED_IDENTITYSTORE );
         final TrustStoreConfig trustStoreConfig = (TrustStoreConfig) SSLConfig.getInstance().getStoreConfig( Purpose.SOCKETBASED_C2S_TRUSTSTORE );
 
-        final String algorithm = JiveGlobals.getProperty( ConnectionSettings.Client.TLS_ALGORITHM, "TLS" );
-        final SSLContext context = SSLContext.getInstance( algorithm );
+        final SSLContext context = SSLConfig.getSSLContext();
         context.init( identityStoreConfig.getKeyManagers(), trustStoreConfig.getTrustManagers(), new java.security.SecureRandom() );
 
         return context.getServerSocketFactory();
@@ -117,8 +116,7 @@ public class SSLConfigSocketFactory
         final IdentityStoreConfig identityStoreConfig = (IdentityStoreConfig) SSLConfig.getInstance().getStoreConfig( Purpose.SOCKETBASED_IDENTITYSTORE );
         final TrustStoreConfig trustStoreConfig = (TrustStoreConfig) SSLConfig.getInstance().getStoreConfig( Purpose.SOCKETBASED_S2S_TRUSTSTORE );
 
-        final String algorithm = JiveGlobals.getProperty( ConnectionSettings.Client.TLS_ALGORITHM, "TLS" );
-        final SSLContext context = SSLContext.getInstance( algorithm );
+        final SSLContext context = SSLConfig.getSSLContext();
         context.init( identityStoreConfig.getKeyManagers(), trustStoreConfig.getTrustManagers(), new java.security.SecureRandom() );
 
         return context.getServerSocketFactory();

src/java/org/jivesoftware/openfire/net/TLSWrapper.java

@@ -97,8 +97,7 @@ public class TLSWrapper {
             }
 
             final IdentityStoreConfig identityStoreConfig = (IdentityStoreConfig) sslConfig.getStoreConfig( Purpose.SOCKETBASED_IDENTITYSTORE );
-            final String algorithm = JiveGlobals.getProperty( ConnectionSettings.Client.TLS_ALGORITHM, "TLS" );
-            final SSLContext tlsContext = SSLContext.getInstance(algorithm);
+            final SSLContext tlsContext = SSLConfig.getSSLContext();
             tlsContext.init( identityStoreConfig.getKeyManagers(), tm, null);
 
             /*

src/java/org/jivesoftware/openfire/nio/NIOConnection.java

@@ -397,8 +397,7 @@ public class NIOConnection implements Connection {
             tm = storeConfig.getTrustManagers();
         }
 
-        String algorithm = JiveGlobals.getProperty(ConnectionSettings.Client.TLS_ALGORITHM, "TLS");
-        SSLContext tlsContext = SSLContext.getInstance( algorithm );
+        final SSLContext tlsContext = SSLConfig.getSSLContext();
 
         final IdentityStoreConfig identityStoreConfig = (IdentityStoreConfig) sslConfig.getStoreConfig( Purpose.SOCKETBASED_IDENTITYSTORE );
         tlsContext.init( identityStoreConfig.getKeyManagers(), tm, null);

src/java/org/jivesoftware/util/SimpleSSLSocketFactory.java

@@ -40,6 +40,7 @@ import java.security.cert.X509Certificate;
 
 import java.util.Comparator;
 
+import org.jivesoftware.openfire.net.SSLConfig;
 import org.jivesoftware.openfire.session.ConnectionSettings;
 
 /**
@@ -57,12 +58,11 @@ public class SimpleSSLSocketFactory extends SSLSocketFactory implements Comparat
     public SimpleSSLSocketFactory() {
 
         try {
-            String algorithm = JiveGlobals.getProperty( ConnectionSettings.Client.TLS_ALGORITHM, "TLS" );
-            SSLContext sslcontent = SSLContext.getInstance(algorithm);
-            sslcontent.init(null, // KeyManager not required
+            final SSLContext sslContext = SSLConfig.getSSLContext();
+            sslContext.init(null, // KeyManager not required
                             new TrustManager[] { new DummyTrustManager() },
                             new java.security.SecureRandom());
-            factory = sslcontent.getSocketFactory();
+            factory = sslContext.getSocketFactory();
         }
         catch (NoSuchAlgorithmException | KeyManagementException e) {
             Log.error(e.getMessage(), e);