[jboss-cvs] JBossAS SVN: r109832 - in branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security: ssl and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Dec 10 14:37:25 EST 2010
Author: mmoyses
Date: 2010-12-10 14:37:25 -0500 (Fri, 10 Dec 2010)
New Revision: 109832
Modified:
branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java
branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java
branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/SecurityKeyManager.java
branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/ssl/DomainServerSocketFactory.java
Log:
JBPAPP-5572: backporting additional options
Modified: branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java
===================================================================
--- branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java 2010-12-10 19:31:53 UTC (rev 109831)
+++ branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java 2010-12-10 19:37:25 UTC (rev 109832)
@@ -30,6 +30,7 @@
import java.security.KeyStore;
import java.security.Provider;
import java.util.Arrays;
+import java.util.Properties;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
@@ -158,6 +159,10 @@
private String trustMgrFactoryAlgorithm;
private String keyStoreProviderArgument;
private String trustStoreProviderArgument;
+
+ private String clientAlias;
+ private Properties additionalOptions;
+ private boolean clientAuth;
/** Creates a default JaasSecurityDomain for with a securityDomain
name of 'other'.
@@ -472,7 +477,47 @@
{
this.trustStoreProviderArgument = argument;
}
+
+ public String getClientAlias()
+ {
+ return clientAlias;
+ }
+ public void setClientAlias(String clientAlias)
+ {
+ this.clientAlias = clientAlias;
+ }
+
+ public String getServerAlias()
+ {
+ return keyStoreAlias;
+ }
+
+ public void setServerAlias(String serverAlias)
+ {
+ this.keyStoreAlias = serverAlias;
+ }
+
+ public Properties getAdditionalOptions()
+ {
+ return additionalOptions;
+ }
+
+ public void setAdditionalOptions(Properties additionalOptions)
+ {
+ this.additionalOptions = additionalOptions;
+ }
+
+ public boolean isClientAuth()
+ {
+ return clientAuth;
+ }
+
+ public void setClientAuth(boolean clientAuth)
+ {
+ this.clientAuth = clientAuth;
+ }
+
/**
Reload the key- and truststore
*/
@@ -575,7 +620,7 @@
KeyManager[] keyManagers = keyMgr.getKeyManagers();
for (int i = 0; i < keyManagers.length; i++)
{
- keyManagers[i] = new SecurityKeyManager((X509KeyManager) keyManagers[i], keyStoreAlias);
+ keyManagers[i] = new SecurityKeyManager((X509KeyManager) keyManagers[i], keyStoreAlias, clientAlias);
}
}
}
Modified: branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java
===================================================================
--- branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java 2010-12-10 19:31:53 UTC (rev 109831)
+++ branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java 2010-12-10 19:37:25 UTC (rev 109832)
@@ -22,6 +22,7 @@
package org.jboss.security.plugins;
import java.io.IOException;
+import java.util.Properties;
import javax.management.ObjectName;
@@ -228,4 +229,58 @@
* @param argument for the TrustStore provider
*/
public void setTrustStoreProviderArgument(String argument);
+
+ /**
+ * Gets the preferred client alias to be used in an eventual SSL connection
+ * @return client alias name
+ */
+ public String getClientAlias();
+
+ /**
+ * Sets the preferred client alias to be used in an eventual SSL connection
+ * @param clientAlias client alias name
+ */
+ public void setClientAlias(String clientAlias);
+
+ /**
+ * Gets the preferred server alias to be used in an eventual SSL connection
+ * @deprecated use getKeyStoreAlias() instead
+ * @return client alias name
+ */
+ public String getServerAlias();
+
+ /**
+ * Sets the preferred server alias to be used in an eventual SSL connection
+ * @deprecated use setKeyStoreAlias(String) instead
+ * @param clientAlias client alias name
+ */
+ public void setServerAlias(String serverAlias);
+
+ /**
+ * Gets the additionalOptions map
+ *
+ * @return the map
+ */
+ public Properties getAdditionalOptions();
+
+ /**
+ * Sets the additionalOptions map
+ *
+ * @param additionalOptions the map
+ */
+ public void setAdditionalOptions(Properties additionalOptions);
+
+ /**
+ * Gets the clientAuth flag
+ *
+ * @return flag
+ */
+ public boolean isClientAuth();
+
+ /**
+ * Sets the clientAuth flag
+ *
+ * @param clientAuth the flag
+ */
+ public void setClientAuth(boolean clientAuth);
}
Modified: branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/SecurityKeyManager.java
===================================================================
--- branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/SecurityKeyManager.java 2010-12-10 19:31:53 UTC (rev 109831)
+++ branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/plugins/SecurityKeyManager.java 2010-12-10 19:37:25 UTC (rev 109832)
@@ -38,12 +38,15 @@
{
private X509KeyManager delegate;
- private String keyAlias;
+ private String serverAlias;
- public SecurityKeyManager(X509KeyManager keyManager, String alias)
+ private String clientAlias;
+
+ public SecurityKeyManager(X509KeyManager keyManager, String serverAlias, String clientAlias)
{
this.delegate = keyManager;
- this.keyAlias = alias;
+ this.serverAlias = serverAlias;
+ this.clientAlias = clientAlias;
}
/**
@@ -51,7 +54,9 @@
*/
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
{
- return keyAlias;
+ if (clientAlias != null)
+ return clientAlias;
+ return delegate.chooseClientAlias(keyType, issuers, socket);
}
/**
@@ -59,6 +64,8 @@
*/
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
{
+ if (serverAlias != null)
+ return serverAlias;
return delegate.chooseServerAlias(keyType, issuers, socket);
}
Modified: branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/ssl/DomainServerSocketFactory.java
===================================================================
--- branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/ssl/DomainServerSocketFactory.java 2010-12-10 19:31:53 UTC (rev 109831)
+++ branches/JBPAPP_4_3_0_GA_CP09_JBPAPP-5571/security/src/main/org/jboss/security/ssl/DomainServerSocketFactory.java 2010-12-10 19:37:25 UTC (rev 109832)
@@ -40,6 +40,7 @@
import org.jboss.logging.Logger;
import org.jboss.security.SecurityDomain;
+import org.jboss.security.plugins.JaasSecurityDomain;
/** An implementation of ServerSocketFactory that creates SSL server sockets
using the JSSE SSLContext and a JBossSX SecurityDomain for the KeyManagerFactory
@@ -148,7 +149,19 @@
public boolean isNeedsClientAuth()
{
- return needsClientAuth;
+ boolean b;
+
+ if (securityDomain != null && securityDomain instanceof JaasSecurityDomain)
+ {
+ b = ((JaasSecurityDomain) securityDomain).isClientAuth();
+ }
+ else
+ {
+ b = needsClientAuth;
+ }
+
+ log.debug("server socket factory " + (b ? "wants" : "does NOT want") + " client authentication");
+ return b;
}
public void setNeedsClientAuth(boolean needsClientAuth)
{
@@ -236,9 +249,11 @@
String[] supportedCipherSuites = socket.getSupportedCipherSuites();
log.debug("Supported CipherSuites: " + Arrays.asList(supportedCipherSuites));
}
- socket.setNeedClientAuth(needsClientAuth);
- if (!needsClientAuth)
- socket.setWantClientAuth(wantsClientAuth);
+ socket.setNeedClientAuth(isNeedsClientAuth());
+ if (!isNeedsClientAuth())
+ {
+ socket.setWantClientAuth(wantsClientAuth);
+ }
if( protocols != null )
socket.setEnabledProtocols(protocols);
if( cipherSuites != null )
@@ -279,9 +294,11 @@
String[] supportedCipherSuites = socket.getSupportedCipherSuites();
log.debug("Supported CipherSuites: " + Arrays.asList(supportedCipherSuites));
}
- socket.setNeedClientAuth(needsClientAuth);
- if (!needsClientAuth)
- socket.setWantClientAuth(wantsClientAuth);
+ socket.setNeedClientAuth(isNeedsClientAuth());
+ if (!isNeedsClientAuth())
+ {
+ socket.setWantClientAuth(wantsClientAuth);
+ }
if( protocols != null )
socket.setEnabledProtocols(protocols);
if( cipherSuites != null )
More information about the jboss-cvs-commits
mailing list