Merge HTTP SSL fixes from trunk

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/branches@9215 b35dd754-fafc-0310-a699-88a17e54d16e

Merge HTTP SSL fixes from trunk
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/branches@9215 b35dd754-fafc-0310-a699-88a17e54d16e
eef91eae · David Smith · david · 6a9c2e9c · eef91eae · eef91eae
Commit eef91eae authored Sep 25, 2007 by David Smith Committed by david Sep 25, 2007
11 changed files
--- a/3_3_1_branch/build/lib/merge/jetty-sslengine.jar
+++ b/3_3_1_branch/build/lib/merge/jetty-sslengine.jar
--- a/3_3_1_branch/build/lib/merge/jetty-util.jar
+++ b/3_3_1_branch/build/lib/merge/jetty-util.jar
--- a/3_3_1_branch/build/lib/merge/jetty.jar
+++ b/3_3_1_branch/build/lib/merge/jetty.jar
--- a/3_3_1_branch/build/projects/Openfire.iml
+++ b/3_3_1_branch/build/projects/Openfire.iml
@@ -348,16 +348,16 @@
    <orderEntry type="module-library">
      <library>
        <CLASSES>
-          <root url="jar://$MODULE_DIR$/../lib/merge/mina-filter-ssl-1.2.0.jar!/" />
+          <root url="jar://$MODULE_DIR$/../lib/ant-jive-edition.jar!/" />
        </CLASSES>
        <JAVADOC />
        <SOURCES />
      </library>
    </orderEntry>
-    <orderEntry type="module-library" exported="">
+    <orderEntry type="module-library">
      <library>
        <CLASSES>
-          <root url="jar://$MODULE_DIR$/../lib/merge/mina-core-1.2.0.jar!/" />
+          <root url="jar://$MODULE_DIR$/../lib/dist/activation.jar!/" />
        </CLASSES>
        <JAVADOC />
        <SOURCES />
@@ -366,7 +366,7 @@
    <orderEntry type="module-library">
      <library>
        <CLASSES>
-          <root url="jar://$MODULE_DIR$/../lib/merge/mina-filter-compression-1.2.0.jar!/" />
+          <root url="file://$MODULE_DIR$/../../src/resources/jar" />
        </CLASSES>
        <JAVADOC />
        <SOURCES />
@@ -375,7 +375,7 @@
    <orderEntry type="module-library">
      <library>
        <CLASSES>
-          <root url="jar://$MODULE_DIR$/../lib/ant-jive-edition.jar!/" />
+          <root url="jar://$MODULE_DIR$/../lib/merge/jetty-sslengine.jar!/" />
        </CLASSES>
        <JAVADOC />
        <SOURCES />
@@ -384,7 +384,7 @@
    <orderEntry type="module-library">
      <library>
        <CLASSES>
-          <root url="jar://$MODULE_DIR$/../lib/dist/activation.jar!/" />
+          <root url="jar://$MODULE_DIR$/../lib/merge/mina-filter-ssl.jar!/" />
        </CLASSES>
        <JAVADOC />
        <SOURCES />
@@ -393,7 +393,16 @@
    <orderEntry type="module-library">
      <library>
        <CLASSES>
-          <root url="file://$MODULE_DIR$/../../src/resources/jar" />
+          <root url="jar://$MODULE_DIR$/../lib/merge/mina-filter-compression.jar!/" />
+        </CLASSES>
+        <JAVADOC />
+        <SOURCES />
+      </library>
+    </orderEntry>
+    <orderEntry type="module-library">
+      <library>
+        <CLASSES>
+          <root url="jar://$MODULE_DIR$/../lib/merge/mina-core.jar!/" />
        </CLASSES>
        <JAVADOC />
        <SOURCES />

--- a/3_3_1_branch/src/java/org/jivesoftware/openfire/container/AdminConsolePlugin.java
+++ b/3_3_1_branch/src/java/org/jivesoftware/openfire/container/AdminConsolePlugin.java
@@ -19,11 +19,10 @@ import org.mortbay.jetty.Server;
 import org.mortbay.jetty.handler.ContextHandlerCollection;
 import org.mortbay.jetty.handler.DefaultHandler;
 import org.mortbay.jetty.nio.SelectChannelConnector;
-import org.mortbay.jetty.security.SslSocketConnector;
+import org.mortbay.jetty.security.SslSelectChannelConnector;
 import org.mortbay.jetty.servlet.Context;
 import org.mortbay.jetty.webapp.WebAppContext;
+import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLServerSocketFactory;
 import java.io.File;
 import java.security.KeyStore;
 import java.security.cert.X509Certificate;
@@ -315,11 +314,11 @@ public class AdminConsolePlugin implements Plugin {
        }
    }
-    private class JiveSslConnector extends SslSocketConnector {
+    private class JiveSslConnector extends SslSelectChannelConnector {
        @Override
-        protected SSLServerSocketFactory createFactory() throws Exception {
+        protected SSLContext createSSLContext() throws Exception {
-            return SSLConfig.getServerSocketFactory();
+            return SSLConfig.getSSLContext();
        }
    }
 }
\ No newline at end of file
--- a/3_3_1_branch/src/java/org/jivesoftware/openfire/http/HttpBindManager.java
+++ b/3_3_1_branch/src/java/org/jivesoftware/openfire/http/HttpBindManager.java
@@ -11,26 +11,25 @@
 package org.jivesoftware.openfire.http;
-import org.mortbay.jetty.Server;
+import org.jivesoftware.openfire.XMPPServer;
+import org.jivesoftware.openfire.net.SSLConfig;
+import org.jivesoftware.util.*;
 import org.mortbay.jetty.Connector;
 import org.mortbay.jetty.Handler;
-import org.mortbay.jetty.servlet.ServletHandler;
+import org.mortbay.jetty.Server;
+import org.mortbay.jetty.handler.ContextHandler;
 import org.mortbay.jetty.handler.ContextHandlerCollection;
 import org.mortbay.jetty.handler.DefaultHandler;
-import org.mortbay.jetty.handler.ContextHandler;
-import org.mortbay.jetty.webapp.WebAppContext;
-import org.mortbay.jetty.security.SslSocketConnector;
 import org.mortbay.jetty.nio.SelectChannelConnector;
-import org.jivesoftware.util.*;
+import org.mortbay.jetty.security.SslSelectChannelConnector;
-import org.jivesoftware.openfire.net.SSLConfig;
+import org.mortbay.jetty.servlet.ServletHandler;
-import org.jivesoftware.openfire.XMPPServer;
+import org.mortbay.jetty.webapp.WebAppContext;
+import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLServerSocketFactory;
+import java.io.File;
-import java.util.Map;
-import java.util.List;
 import java.security.KeyStore;
 import java.security.cert.X509Certificate;
-import java.io.File;
+import java.util.List;
+import java.util.Map;
 /**
 *
@@ -138,7 +137,7 @@ public final class HttpBindManager {
                            "the hosted domain");
                }
-                SslSocketConnector sslConnector = new JiveSslConnector();
+                JiveSslConnector sslConnector = new JiveSslConnector();
                sslConnector.setHost(getBindInterface());
                sslConnector.setPort(securePort);
@@ -430,11 +429,11 @@ public final class HttpBindManager {
        }
    }
-    private class JiveSslConnector extends SslSocketConnector {
+    private class JiveSslConnector extends SslSelectChannelConnector {
        @Override
-        protected SSLServerSocketFactory createFactory() throws Exception {
+        protected SSLContext createSSLContext() throws Exception {
-            return SSLConfig.getServerSocketFactory();
+            return SSLConfig.getSSLContext();
        }
    }

--- a/3_3_1_branch/src/java/org/jivesoftware/openfire/http/HttpBindServlet.java
+++ b/3_3_1_branch/src/java/org/jivesoftware/openfire/http/HttpBindServlet.java
@@ -234,8 +234,7 @@ public class HttpBindServlet extends HttpServlet {
                respond(response, createEmptyBody(), request.getMethod());
            }
            else {
-                connection
+                connection.setContinuation(ContinuationSupport.getContinuation(request, connection));
-                        .setContinuation(ContinuationSupport.getContinuation(request, connection));
                request.setAttribute("request-session", connection.getSession());
                request.setAttribute("request", connection.getRequestId());
                try {

--- a/3_3_1_branch/src/java/org/jivesoftware/openfire/http/HttpConnection.java
+++ b/3_3_1_branch/src/java/org/jivesoftware/openfire/http/HttpConnection.java
@@ -183,7 +183,7 @@ public class HttpConnection {
            return deliverable;
        }
        this.isDelivered = true;
-        throw new HttpBindTimeoutException("Request " + requestId + " exceded response time from " +
+        throw new HttpBindTimeoutException("Request " + requestId + " exceeded response time from " +
                "server of " + session.getWait() + " seconds.");
    }
 }
--- a/3_3_1_branch/src/java/org/jivesoftware/openfire/http/HttpSession.java
+++ b/3_3_1_branch/src/java/org/jivesoftware/openfire/http/HttpSession.java
@@ -309,7 +309,7 @@ public class HttpSession extends ClientSession {
     * @return the time in milliseconds since the epoch that this session was last active.
     */
    public synchronized long getLastActivity() {
-        if (connectionQueue.size() <= 0) {
+        if (connectionQueue.isEmpty()) {
            return lastActivity;
        }
        else {
@@ -416,7 +416,7 @@ public class HttpSession extends ClientSession {
    protected void sendPendingPackets() {
        // access blocked only on send to prevent deadlocks
        synchronized (packetsToSend) {
-            if (packetsToSend.size() <= 0) {
+            if (packetsToSend.isEmpty()) {
                return;
            }

--- a/3_3_1_branch/src/java/org/jivesoftware/openfire/net/SSLConfig.java
+++ b/3_3_1_branch/src/java/org/jivesoftware/openfire/net/SSLConfig.java
@@ -16,6 +16,8 @@ import org.jivesoftware.util.CertificateManager;
 import org.jivesoftware.util.JiveGlobals;
 import org.jivesoftware.util.Log;
+import javax.net.ssl.*;
+import javax.net.ServerSocketFactory;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
@@ -33,7 +35,7 @@ import java.util.List;
 */
 public class SSLConfig {
-    private static SSLJiveServerSocketFactory sslFactory;
+    private static SSLServerSocketFactory sslFactory;
    private static KeyStore keyStore;
    private static String keypass;
    private static KeyStore trustStore;
@@ -41,6 +43,7 @@ public class SSLConfig {
    private static String keyStoreLocation;
    private static String trustStoreLocation;
    private static String storeType;
+    private static SSLContext sslContext;
    private SSLConfig() {
    }
@@ -73,9 +76,7 @@ public class SSLConfig {
            trustStore = KeyStore.getInstance(storeType);
            trustStore.load(new FileInputStream(trustStoreLocation), trustpass.toCharArray());
+            resetFactory();
-            sslFactory = (SSLJiveServerSocketFactory)SSLJiveServerSocketFactory.getInstance(
-                    algorithm, keyStore, trustStore);
        }
        catch (Exception e) {
            Log.error("SSLConfig startup problem.\n" +
@@ -88,37 +89,52 @@ public class SSLConfig {
            trustStore = null;
            sslFactory = null;
        }
        // Reset ssl factoty when certificates are modified
        CertificateManager.addListener(new CertificateEventListener() {
-            public void certificateCreated(KeyStore keyStore, String alias, X509Certificate cert) {
            // Reset ssl factory since keystores have changed
-                resetFactory(keyStore);
+            public void certificateCreated(KeyStore keyStore, String alias, X509Certificate cert) {
+                resetFactory();
            }
            public void certificateDeleted(KeyStore keyStore, String alias) {
-                // Reset ssl factory since keystores have changed
+                resetFactory();
-                resetFactory(keyStore);
            }
+            public void certificateSigned(KeyStore keyStore, String alias, List<X509Certificate> certificates) {
-            public void certificateSigned(KeyStore keyStore, String alias,
+                resetFactory();
-                    List<X509Certificate> certificates) {
+            }
-                // Reset ssl factory since keystores have changed
+        });
-                resetFactory(keyStore);
    }
-            private void resetFactory(KeyStore keyStore) {
+    private static void resetFactory() {
        try {
            String algorithm = JiveGlobals.getProperty("xmpp.socket.ssl.algorithm", "TLS");
-                    sslFactory = (SSLJiveServerSocketFactory)SSLJiveServerSocketFactory.getInstance(
-                            algorithm, keyStore, trustStore);
+            sslContext = SSLContext.getInstance(algorithm);
+            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+            keyFactory.init(keyStore, SSLConfig.getKeyPassword().toCharArray());
+            TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            trustFactory.init(trustStore);
+            sslContext.init(keyFactory.getKeyManagers(),
+                    trustFactory.getTrustManagers(),
+                    new java.security.SecureRandom());
+            sslFactory = sslContext.getServerSocketFactory();
        }
-                catch (IOException e) {
+        catch (Exception e) {
-                    Log.error("Error while resetting ssl factory", e);
+            Log.error("SSLConfig factory setup problem.\n" +
+                    "  storeType: [" + storeType + "]\n" +
+                    "  keyStoreLocation: [" + keyStoreLocation + "]\n" +
+                    "  keypass: [" + keypass + "]\n" +
+                    "  trustStoreLocation: [" + trustStoreLocation+ "]\n" +
+                    "  trustpass: [" + trustpass + "]", e);
+            keyStore = null;
+            trustStore = null;
            sslFactory = null;
        }
    }
-        });
-    }
    public static String getKeyPassword() {
        return keypass;
@@ -199,7 +215,11 @@ public class SSLConfig {
        return storeType;
    }
-    public static SSLJiveServerSocketFactory getServerSocketFactory() {
+    public static SSLContext getSSLContext() {
+        return sslContext;
+    }
+    public static SSLServerSocketFactory getServerSocketFactory() {
        return sslFactory;
    }
 }
\ No newline at end of file
--- a/3_3_1_branch/src/java/org/jivesoftware/openfire/net/SSLJiveServerSocketFactory.java
+++ b/3_3_1_branch/src/java/org/jivesoftware/openfire/net/SSLJiveServerSocketFactory.java
-/**
- * $RCSfile$
- * $Revision: 1217 $
- * $Date: 2005-04-11 18:11:06 -0300 (Mon, 11 Apr 2005) $
- *
- * Copyright (C) 2004 Jive Software. All rights reserved.
- *
- * This software is published under the terms of the GNU Public License (GPL),
- * a copy of which is included in this distribution.
- */
-package org.jivesoftware.openfire.net;
-import org.jivesoftware.util.Log;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLServerSocketFactory;
-import javax.net.ssl.TrustManagerFactory;
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.ServerSocket;
-import java.security.KeyStore;
-/**
- * Securue socket factory wrapper allowing simple setup of all security
- * SSL related parameters.
- *
- * @author Iain Shigeoka
- */
-public class SSLJiveServerSocketFactory extends SSLServerSocketFactory {
-    public static SSLServerSocketFactory getInstance(String algorithm,
-                                                     KeyStore keystore,
-                                                     KeyStore truststore) throws
-            IOException {
-        try {
-            SSLContext sslcontext = SSLContext.getInstance(algorithm);
-            SSLServerSocketFactory factory;
-            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-            keyFactory.init(keystore, SSLConfig.getKeyPassword().toCharArray());
-            TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-            trustFactory.init(truststore);
-            sslcontext.init(keyFactory.getKeyManagers(),
-                    trustFactory.getTrustManagers(),
-                    new java.security.SecureRandom());
-            factory = sslcontext.getServerSocketFactory();
-            return new SSLJiveServerSocketFactory(factory);
-        }
-        catch (Exception e) {
-            Log.error(e);
-            throw new IOException(e.getMessage());
-        }
-    }
-    private SSLServerSocketFactory factory;
-    private SSLJiveServerSocketFactory(SSLServerSocketFactory factory) {
-        this.factory = factory;
-    }
-    public ServerSocket createServerSocket(int i) throws IOException {
-        return factory.createServerSocket(i);
-    }
-    public ServerSocket createServerSocket(int i, int i1) throws IOException {
-        return factory.createServerSocket(i, i1);
-    }
-    public ServerSocket createServerSocket(int i, int i1, InetAddress inetAddress) throws IOException {
-        return factory.createServerSocket(i, i1, inetAddress);
-    }
-    public String[] getDefaultCipherSuites() {
-        return factory.getDefaultCipherSuites();
-    }
-    public String[] getSupportedCipherSuites() {
-        return factory.getSupportedCipherSuites();
-    }
-}