Author: shawkins
Date: 2011-03-01 16:04:09 -0500 (Tue, 01 Mar 2011)
New Revision: 2953
Modified:
trunk/client/src/main/java/org/teiid/net/socket/SocketUtil.java
trunk/client/src/main/resources/org/teiid/jdbc/i18n.properties
Log:
TEIID-1488 changed the assertion to a warning, which will allow for a later error if a
suite cannot be negotiated.
Modified: trunk/client/src/main/java/org/teiid/net/socket/SocketUtil.java
===================================================================
--- trunk/client/src/main/java/org/teiid/net/socket/SocketUtil.java 2011-03-01 14:57:25
UTC (rev 2952)
+++ trunk/client/src/main/java/org/teiid/net/socket/SocketUtil.java 2011-03-01 21:04:09
UTC (rev 2953)
@@ -34,6 +34,7 @@
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Properties;
+import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
@@ -42,7 +43,6 @@
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
-import org.teiid.core.util.Assertion;
import org.teiid.core.util.PropertiesUtils;
import org.teiid.jdbc.JDBCPlugin;
@@ -54,6 +54,7 @@
* ssl connection
*/
public class SocketUtil {
+ private static Logger logger = Logger.getLogger(SocketUtil.class.getName());
static final String TRUSTSTORE_PASSWORD =
"org.teiid.ssl.trustStorePassword"; //$NON-NLS-1$
public static final String TRUSTSTORE_FILENAME =
"org.teiid.ssl.trustStore"; //$NON-NLS-1$
@@ -71,6 +72,7 @@
public static class SSLSocketFactory {
private boolean isAnon;
+ private boolean warned;
private javax.net.ssl.SSLSocketFactory factory;
public SSLSocketFactory(SSLContext context, boolean isAnon) {
@@ -81,8 +83,9 @@
public synchronized Socket getSocket() throws IOException {
SSLSocket result = (SSLSocket)factory.createSocket();
result.setUseClientMode(true);
- if (isAnon) {
- addCipherSuite(result, ANON_CIPHER_SUITE);
+ if (isAnon && !addCipherSuite(result, ANON_CIPHER_SUITE) &&
!warned) {
+ warned = true;
+
logger.warning(JDBCPlugin.Util.getString("SocketUtil.anon_not_available"));
//$NON-NLS-1$
}
return result;
}
@@ -131,8 +134,10 @@
return getSSLContext(keystore, password, truststore, truststorePassword,
algorithm, keystoreType, protocol);
}
- public static void addCipherSuite(SSLSocket engine, String cipherSuite) {
-
Assertion.assertTrue(Arrays.asList(engine.getSupportedCipherSuites()).contains(cipherSuite));
+ public static boolean addCipherSuite(SSLSocket engine, String cipherSuite) {
+ if (!Arrays.asList(engine.getSupportedCipherSuites()).contains(cipherSuite)) {
+ return false;
+ }
String[] suites = engine.getEnabledCipherSuites();
@@ -142,6 +147,7 @@
newSuites[suites.length] = cipherSuite;
engine.setEnabledCipherSuites(newSuites);
+ return true;
}
public static SSLContext getAnonSSLContext() throws IOException,
GeneralSecurityException {
Modified: trunk/client/src/main/resources/org/teiid/jdbc/i18n.properties
===================================================================
--- trunk/client/src/main/resources/org/teiid/jdbc/i18n.properties 2011-03-01 14:57:25 UTC
(rev 2952)
+++ trunk/client/src/main/resources/org/teiid/jdbc/i18n.properties 2011-03-01 21:04:09 UTC
(rev 2953)
@@ -142,6 +142,7 @@
SocketServerConnection.closed=Server connection is closed
SocketHelper.keystore_not_found=Key store ''{0}'' was not found.
+SocketUtil.anon_not_available=The anonymous cipher suite TLS_DH_anon_WITH_AES_128_CBC_SHA
could not be added. Anonymous SSL connections will fail.
MMURL.INVALID_FORMAT=The required socket url format is
mm[s]://server1:port1[,server2:port2]
TeiidURL.invalid_ipv6_hostport=The IPv6 host:port ''{0}'' is not valid.
{1}