tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dblev...@apache.org
Subject svn commit: r1357030 - in /openejb/trunk/openejb/server: openejb-client/src/main/java/org/apache/openejb/client/SocketConnectionFactory.java openejb-server/src/main/java/org/apache/openejb/server/ServiceDaemon.java
Date Wed, 04 Jul 2012 01:03:25 GMT
Author: dblevins
Date: Wed Jul  4 01:03:24 2012
New Revision: 1357030

URL: http://svn.apache.org/viewvc?rev=1357030&view=rev
Log:
OPENEJB-1856: Allow User selectable Cipher Suites to enhance ejbds SSL security
Patch from Jonathan Fisher
Thanks, Jonathan!
(congrats on your first code patch! third patch total)

Modified:
    openejb/trunk/openejb/server/openejb-client/src/main/java/org/apache/openejb/client/SocketConnectionFactory.java
    openejb/trunk/openejb/server/openejb-server/src/main/java/org/apache/openejb/server/ServiceDaemon.java

Modified: openejb/trunk/openejb/server/openejb-client/src/main/java/org/apache/openejb/client/SocketConnectionFactory.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb/server/openejb-client/src/main/java/org/apache/openejb/client/SocketConnectionFactory.java?rev=1357030&r1=1357029&r2=1357030&view=diff
==============================================================================
--- openejb/trunk/openejb/server/openejb-client/src/main/java/org/apache/openejb/client/SocketConnectionFactory.java
(original)
+++ openejb/trunk/openejb/server/openejb-client/src/main/java/org/apache/openejb/client/SocketConnectionFactory.java
Wed Jul  4 01:03:24 2012
@@ -16,12 +16,6 @@
  */
 package org.apache.openejb.client;
 
-import org.apache.openejb.client.event.ConnectionOpened;
-import org.apache.openejb.client.event.ConnectionPoolCreated;
-import org.apache.openejb.client.event.ConnectionPoolTimeout;
-
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
 import java.io.IOException;
@@ -41,6 +35,13 @@ import java.util.concurrent.TimeUnit;
 import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReentrantLock;
 
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.openejb.client.event.ConnectionOpened;
+import org.apache.openejb.client.event.ConnectionPoolCreated;
+import org.apache.openejb.client.event.ConnectionPoolTimeout;
+
 public class SocketConnectionFactory implements ConnectionFactory {
 
     private KeepAliveStyle keepAliveStyle = KeepAliveStyle.PING;
@@ -51,18 +52,20 @@ public class SocketConnectionFactory imp
     public static final String PROPERTY_POOL_SIZE = "openejb.client.connection.pool.size";
     private static final String PROPERTY_POOL_SIZE2 = "openejb.client.connectionpool.size";
     public static final String PROPERTY_KEEPALIVE = "openejb.client.keepalive";
+    public static final String ENABLED_CIPHER_SUITES = "openejb.client.enabledCipherSuites";
 
     private static final Map<URI, Pool> connections = new ConcurrentHashMap<URI,
Pool>();
     private int size = 5;
     private long timeoutPool = 1000;
     private int timeoutSocket = 150;
+    private String[] enabledCipherSuites;
 
     public SocketConnectionFactory() {
 
         this.size = getSize();
         this.timeoutPool = getTimeoutPool();
         this.timeoutSocket = getTimeoutSocket();
-
+        this.enabledCipherSuites = getEnabledCipherSuites();
         try {
             String property = System.getProperty(PROPERTY_KEEPALIVE);
             if (property != null) {
@@ -73,6 +76,15 @@ public class SocketConnectionFactory imp
             //Ignore
         }
     }
+    
+    private String[] getEnabledCipherSuites(){
+        String property = System.getProperty(ENABLED_CIPHER_SUITES);
+        if (property != null){
+            return property.split(",");
+        } else {
+    	    return new String[]{ "SSL_DH_anon_WITH_RC4_128_MD5"};
+        }
+    }
 
     private long getTimeoutPool() {
         final Properties p = System.getProperties();
@@ -242,11 +254,6 @@ public class SocketConnectionFactory imp
             try {
                 if (uri.getScheme().equalsIgnoreCase("ejbds")) {
                     final SSLSocket sslSocket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(address.getAddress(),
SocketConnectionFactory.this.timeoutSocket);
-                    // use an anonymous cipher suite so that a KeyManager or
-                    // TrustManager is not needed
-                    // NOTE: this assumes that the cipher suite is known. A check
-                    // -should- be done first.
-                    final String[] enabledCipherSuites = {"SSL_DH_anon_WITH_RC4_128_MD5"};
                     sslSocket.setEnabledCipherSuites(enabledCipherSuites);
                     this.socket = sslSocket;
                 } else {

Modified: openejb/trunk/openejb/server/openejb-server/src/main/java/org/apache/openejb/server/ServiceDaemon.java
URL: http://svn.apache.org/viewvc/openejb/trunk/openejb/server/openejb-server/src/main/java/org/apache/openejb/server/ServiceDaemon.java?rev=1357030&r1=1357029&r2=1357030&view=diff
==============================================================================
--- openejb/trunk/openejb/server/openejb-server/src/main/java/org/apache/openejb/server/ServiceDaemon.java
(original)
+++ openejb/trunk/openejb/server/openejb-server/src/main/java/org/apache/openejb/server/ServiceDaemon.java
Wed Jul  4 01:03:24 2012
@@ -68,6 +68,7 @@ public class ServiceDaemon implements Se
     private StringTemplate discoveryUriFormat;
     private URI serviceUri;
     private Properties props;
+	private String[] enabledCipherSuites;
 
     public ServiceDaemon(ServerService next) {
         this.next = next;
@@ -121,6 +122,8 @@ public class ServiceDaemon implements Se
         secure = options.get("secure", false);
 
         timeout = options.get("timeout", timeout);
+        
+        enabledCipherSuites = options.get("enabledCipherSuites", "SSL_DH_anon_WITH_RC4_128_MD5").split(",");
 
         next.init(props);
     }
@@ -140,7 +143,6 @@ public class ServiceDaemon implements Se
                 if (secure) {
                     ServerSocketFactory factory = SSLServerSocketFactory.getDefault();
                     serverSocket = factory.createServerSocket(port, backlog, inetAddress);
-                    final String[] enabledCipherSuites = {"SSL_DH_anon_WITH_RC4_128_MD5"};
                     ((SSLServerSocket) serverSocket).setEnabledCipherSuites(enabledCipherSuites);
                 } else {
                     serverSocket = new ServerSocket(port, backlog, inetAddress);



Mime
View raw message