Commit eef91eae authored by David Smith's avatar David Smith Committed by david

Merge HTTP SSL fixes from trunk

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/branches@9215 b35dd754-fafc-0310-a699-88a17e54d16e
parent 6a9c2e9c
......@@ -348,16 +348,16 @@
<orderEntry type="module-library">
<library>
<CLASSES>
<root url="jar://$MODULE_DIR$/../lib/merge/mina-filter-ssl-1.2.0.jar!/" />
<root url="jar://$MODULE_DIR$/../lib/ant-jive-edition.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES />
</library>
</orderEntry>
<orderEntry type="module-library" exported="">
<orderEntry type="module-library">
<library>
<CLASSES>
<root url="jar://$MODULE_DIR$/../lib/merge/mina-core-1.2.0.jar!/" />
<root url="jar://$MODULE_DIR$/../lib/dist/activation.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES />
......@@ -366,7 +366,7 @@
<orderEntry type="module-library">
<library>
<CLASSES>
<root url="jar://$MODULE_DIR$/../lib/merge/mina-filter-compression-1.2.0.jar!/" />
<root url="file://$MODULE_DIR$/../../src/resources/jar" />
</CLASSES>
<JAVADOC />
<SOURCES />
......@@ -375,7 +375,7 @@
<orderEntry type="module-library">
<library>
<CLASSES>
<root url="jar://$MODULE_DIR$/../lib/ant-jive-edition.jar!/" />
<root url="jar://$MODULE_DIR$/../lib/merge/jetty-sslengine.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES />
......@@ -384,7 +384,7 @@
<orderEntry type="module-library">
<library>
<CLASSES>
<root url="jar://$MODULE_DIR$/../lib/dist/activation.jar!/" />
<root url="jar://$MODULE_DIR$/../lib/merge/mina-filter-ssl.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES />
......@@ -393,7 +393,16 @@
<orderEntry type="module-library">
<library>
<CLASSES>
<root url="file://$MODULE_DIR$/../../src/resources/jar" />
<root url="jar://$MODULE_DIR$/../lib/merge/mina-filter-compression.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES />
</library>
</orderEntry>
<orderEntry type="module-library">
<library>
<CLASSES>
<root url="jar://$MODULE_DIR$/../lib/merge/mina-core.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES />
......
......@@ -19,11 +19,10 @@ import org.mortbay.jetty.Server;
import org.mortbay.jetty.handler.ContextHandlerCollection;
import org.mortbay.jetty.handler.DefaultHandler;
import org.mortbay.jetty.nio.SelectChannelConnector;
import org.mortbay.jetty.security.SslSocketConnector;
import org.mortbay.jetty.security.SslSelectChannelConnector;
import org.mortbay.jetty.servlet.Context;
import org.mortbay.jetty.webapp.WebAppContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLContext;
import java.io.File;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
......@@ -315,11 +314,11 @@ public class AdminConsolePlugin implements Plugin {
}
}
private class JiveSslConnector extends SslSocketConnector {
private class JiveSslConnector extends SslSelectChannelConnector {
@Override
protected SSLServerSocketFactory createFactory() throws Exception {
return SSLConfig.getServerSocketFactory();
protected SSLContext createSSLContext() throws Exception {
return SSLConfig.getSSLContext();
}
}
}
\ No newline at end of file
......@@ -11,26 +11,25 @@
package org.jivesoftware.openfire.http;
import org.mortbay.jetty.Server;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.net.SSLConfig;
import org.jivesoftware.util.*;
import org.mortbay.jetty.Connector;
import org.mortbay.jetty.Handler;
import org.mortbay.jetty.servlet.ServletHandler;
import org.mortbay.jetty.Server;
import org.mortbay.jetty.handler.ContextHandler;
import org.mortbay.jetty.handler.ContextHandlerCollection;
import org.mortbay.jetty.handler.DefaultHandler;
import org.mortbay.jetty.handler.ContextHandler;
import org.mortbay.jetty.webapp.WebAppContext;
import org.mortbay.jetty.security.SslSocketConnector;
import org.mortbay.jetty.nio.SelectChannelConnector;
import org.jivesoftware.util.*;
import org.jivesoftware.openfire.net.SSLConfig;
import org.jivesoftware.openfire.XMPPServer;
import javax.net.ssl.SSLServerSocketFactory;
import java.util.Map;
import java.util.List;
import org.mortbay.jetty.security.SslSelectChannelConnector;
import org.mortbay.jetty.servlet.ServletHandler;
import org.mortbay.jetty.webapp.WebAppContext;
import javax.net.ssl.SSLContext;
import java.io.File;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.io.File;
import java.util.List;
import java.util.Map;
/**
*
......@@ -138,7 +137,7 @@ public final class HttpBindManager {
"the hosted domain");
}
SslSocketConnector sslConnector = new JiveSslConnector();
JiveSslConnector sslConnector = new JiveSslConnector();
sslConnector.setHost(getBindInterface());
sslConnector.setPort(securePort);
......@@ -430,11 +429,11 @@ public final class HttpBindManager {
}
}
private class JiveSslConnector extends SslSocketConnector {
private class JiveSslConnector extends SslSelectChannelConnector {
@Override
protected SSLServerSocketFactory createFactory() throws Exception {
return SSLConfig.getServerSocketFactory();
protected SSLContext createSSLContext() throws Exception {
return SSLConfig.getSSLContext();
}
}
......
......@@ -234,8 +234,7 @@ public class HttpBindServlet extends HttpServlet {
respond(response, createEmptyBody(), request.getMethod());
}
else {
connection
.setContinuation(ContinuationSupport.getContinuation(request, connection));
connection.setContinuation(ContinuationSupport.getContinuation(request, connection));
request.setAttribute("request-session", connection.getSession());
request.setAttribute("request", connection.getRequestId());
try {
......
......@@ -183,7 +183,7 @@ public class HttpConnection {
return deliverable;
}
this.isDelivered = true;
throw new HttpBindTimeoutException("Request " + requestId + " exceded response time from " +
throw new HttpBindTimeoutException("Request " + requestId + " exceeded response time from " +
"server of " + session.getWait() + " seconds.");
}
}
......@@ -309,7 +309,7 @@ public class HttpSession extends ClientSession {
* @return the time in milliseconds since the epoch that this session was last active.
*/
public synchronized long getLastActivity() {
if (connectionQueue.size() <= 0) {
if (connectionQueue.isEmpty()) {
return lastActivity;
}
else {
......@@ -416,7 +416,7 @@ public class HttpSession extends ClientSession {
protected void sendPendingPackets() {
// access blocked only on send to prevent deadlocks
synchronized (packetsToSend) {
if (packetsToSend.size() <= 0) {
if (packetsToSend.isEmpty()) {
return;
}
......
......@@ -16,6 +16,8 @@ import org.jivesoftware.util.CertificateManager;
import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.util.Log;
import javax.net.ssl.*;
import javax.net.ServerSocketFactory;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
......@@ -33,7 +35,7 @@ import java.util.List;
*/
public class SSLConfig {
private static SSLJiveServerSocketFactory sslFactory;
private static SSLServerSocketFactory sslFactory;
private static KeyStore keyStore;
private static String keypass;
private static KeyStore trustStore;
......@@ -41,6 +43,7 @@ public class SSLConfig {
private static String keyStoreLocation;
private static String trustStoreLocation;
private static String storeType;
private static SSLContext sslContext;
private SSLConfig() {
}
......@@ -73,9 +76,7 @@ public class SSLConfig {
trustStore = KeyStore.getInstance(storeType);
trustStore.load(new FileInputStream(trustStoreLocation), trustpass.toCharArray());
sslFactory = (SSLJiveServerSocketFactory)SSLJiveServerSocketFactory.getInstance(
algorithm, keyStore, trustStore);
resetFactory();
}
catch (Exception e) {
Log.error("SSLConfig startup problem.\n" +
......@@ -88,38 +89,53 @@ public class SSLConfig {
trustStore = null;
sslFactory = null;
}
// Reset ssl factoty when certificates are modified
CertificateManager.addListener(new CertificateEventListener() {
// Reset ssl factory since keystores have changed
public void certificateCreated(KeyStore keyStore, String alias, X509Certificate cert) {
// Reset ssl factory since keystores have changed
resetFactory(keyStore);
resetFactory();
}
public void certificateDeleted(KeyStore keyStore, String alias) {
// Reset ssl factory since keystores have changed
resetFactory(keyStore);
resetFactory();
}
public void certificateSigned(KeyStore keyStore, String alias,
List<X509Certificate> certificates) {
// Reset ssl factory since keystores have changed
resetFactory(keyStore);
}
private void resetFactory(KeyStore keyStore) {
try {
String algorithm = JiveGlobals.getProperty("xmpp.socket.ssl.algorithm", "TLS");
sslFactory = (SSLJiveServerSocketFactory)SSLJiveServerSocketFactory.getInstance(
algorithm, keyStore, trustStore);
}
catch (IOException e) {
Log.error("Error while resetting ssl factory", e);
sslFactory = null;
}
public void certificateSigned(KeyStore keyStore, String alias, List<X509Certificate> certificates) {
resetFactory();
}
});
}
private static void resetFactory() {
try {
String algorithm = JiveGlobals.getProperty("xmpp.socket.ssl.algorithm", "TLS");
sslContext = SSLContext.getInstance(algorithm);
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, SSLConfig.getKeyPassword().toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
sslContext.init(keyFactory.getKeyManagers(),
trustFactory.getTrustManagers(),
new java.security.SecureRandom());
sslFactory = sslContext.getServerSocketFactory();
}
catch (Exception e) {
Log.error("SSLConfig factory setup problem.\n" +
" storeType: [" + storeType + "]\n" +
" keyStoreLocation: [" + keyStoreLocation + "]\n" +
" keypass: [" + keypass + "]\n" +
" trustStoreLocation: [" + trustStoreLocation+ "]\n" +
" trustpass: [" + trustpass + "]", e);
keyStore = null;
trustStore = null;
sslFactory = null;
}
}
public static String getKeyPassword() {
return keypass;
}
......@@ -199,7 +215,11 @@ public class SSLConfig {
return storeType;
}
public static SSLJiveServerSocketFactory getServerSocketFactory() {
public static SSLContext getSSLContext() {
return sslContext;
}
public static SSLServerSocketFactory getServerSocketFactory() {
return sslFactory;
}
}
\ No newline at end of file
/**
* $RCSfile$
* $Revision: 1217 $
* $Date: 2005-04-11 18:11:06 -0300 (Mon, 11 Apr 2005) $
*
* Copyright (C) 2004 Jive Software. All rights reserved.
*
* This software is published under the terms of the GNU Public License (GPL),
* a copy of which is included in this distribution.
*/
package org.jivesoftware.openfire.net;
import org.jivesoftware.util.Log;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.security.KeyStore;
/**
* Securue socket factory wrapper allowing simple setup of all security
* SSL related parameters.
*
* @author Iain Shigeoka
*/
public class SSLJiveServerSocketFactory extends SSLServerSocketFactory {
public static SSLServerSocketFactory getInstance(String algorithm,
KeyStore keystore,
KeyStore truststore) throws
IOException {
try {
SSLContext sslcontext = SSLContext.getInstance(algorithm);
SSLServerSocketFactory factory;
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keystore, SSLConfig.getKeyPassword().toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(truststore);
sslcontext.init(keyFactory.getKeyManagers(),
trustFactory.getTrustManagers(),
new java.security.SecureRandom());
factory = sslcontext.getServerSocketFactory();
return new SSLJiveServerSocketFactory(factory);
}
catch (Exception e) {
Log.error(e);
throw new IOException(e.getMessage());
}
}
private SSLServerSocketFactory factory;
private SSLJiveServerSocketFactory(SSLServerSocketFactory factory) {
this.factory = factory;
}
public ServerSocket createServerSocket(int i) throws IOException {
return factory.createServerSocket(i);
}
public ServerSocket createServerSocket(int i, int i1) throws IOException {
return factory.createServerSocket(i, i1);
}
public ServerSocket createServerSocket(int i, int i1, InetAddress inetAddress) throws IOException {
return factory.createServerSocket(i, i1, inetAddress);
}
public String[] getDefaultCipherSuites() {
return factory.getDefaultCipherSuites();
}
public String[] getSupportedCipherSuites() {
return factory.getSupportedCipherSuites();
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment