diff options
| author | Benoit Foucher <benoit@zeroc.com> | 2009-03-24 11:45:18 +0100 |
|---|---|---|
| committer | Benoit Foucher <benoit@zeroc.com> | 2009-03-24 11:45:18 +0100 |
| commit | 06a08ecf28e205277336a97a6173db7ccbed1adc (patch) | |
| tree | a369a5044a63f8cdba9e7c0a461e24ae344486b4 /java/src/IceSSL/Instance.java | |
| parent | Merge branch 'R3_3_branch' (diff) | |
| parent | Bug 3924: slice2py missing from VC60 installer (diff) | |
| download | ice-06a08ecf28e205277336a97a6173db7ccbed1adc.tar.bz2 ice-06a08ecf28e205277336a97a6173db7ccbed1adc.tar.xz ice-06a08ecf28e205277336a97a6173db7ccbed1adc.zip | |
Merge commit 'origin/R3_3_branch'
Conflicts:
CHANGES
cpp/demo/Freeze/backup/.depend
cpp/demo/Freeze/bench/.depend
cpp/demo/Freeze/casino/.depend
cpp/demo/Freeze/customEvictor/.depend
cpp/demo/Freeze/library/.depend
cpp/demo/Freeze/phonebook/.depend
cpp/demo/Freeze/transform/.depend
cpp/demo/Glacier2/callback/.depend
cpp/demo/Glacier2/chat/.depend
cpp/demo/Ice/async/.depend
cpp/demo/Ice/bidir/.depend
cpp/demo/Ice/callback/.depend
cpp/demo/Ice/converter/.depend
cpp/demo/Ice/hello/.depend
cpp/demo/Ice/invoke/.depend
cpp/demo/Ice/latency/.depend
cpp/demo/Ice/minimal/.depend
cpp/demo/Ice/multicast/.depend
cpp/demo/Ice/nested/.depend
cpp/demo/Ice/nrvo/.depend
cpp/demo/Ice/session/.depend
cpp/demo/Ice/throughput/.depend
cpp/demo/Ice/value/.depend
cpp/demo/IceBox/hello/.depend
cpp/demo/IceGrid/allocate/.depend
cpp/demo/IceGrid/icebox/.depend
cpp/demo/IceGrid/replication/.depend
cpp/demo/IceGrid/sessionActivation/.depend
cpp/demo/IceGrid/simple/.depend
cpp/demo/IceStorm/clock/.depend
cpp/demo/IceStorm/counter/.depend
cpp/demo/IceStorm/replicated/.depend
cpp/demo/IceStorm/replicated2/.depend
cpp/demo/book/freeze_filesystem/.depend
cpp/demo/book/lifecycle/.depend
cpp/demo/book/printer/.depend
cpp/demo/book/simple_filesystem/.depend
cpp/src/Freeze/.depend
cpp/src/FreezeScript/.depend
cpp/src/Ice/.depend
cpp/src/Ice/UdpTransceiver.cpp
cpp/src/Ice/UdpTransceiver.h
cpp/src/IceBox/.depend
cpp/src/IceGrid/.depend
cpp/src/IceGridLib/.depend
cpp/src/IcePatch2/.depend
cpp/src/IceStorm/.depend
cpp/src/slice2freeze/.depend
cpp/test/Freeze/complex/.depend
cpp/test/Freeze/dbmap/.depend
cpp/test/Freeze/evictor/.depend
cpp/test/Freeze/oldevictor/.depend
cpp/test/FreezeScript/dbmap/.depend
cpp/test/FreezeScript/evictor/.depend
cpp/test/Glacier2/attack/.depend
cpp/test/Glacier2/dynamicFiltering/.depend
cpp/test/Glacier2/router/.depend
cpp/test/Glacier2/sessionControl/.depend
cpp/test/Glacier2/ssl/.depend
cpp/test/Glacier2/staticFiltering/.depend
cpp/test/Ice/adapterDeactivation/.depend
cpp/test/Ice/background/.depend
cpp/test/Ice/binding/.depend
cpp/test/Ice/checksum/.depend
cpp/test/Ice/checksum/server/.depend
cpp/test/Ice/custom/.depend
cpp/test/Ice/exceptions/.depend
cpp/test/Ice/facets/.depend
cpp/test/Ice/faultTolerance/.depend
cpp/test/Ice/gc/.depend
cpp/test/Ice/hold/.depend
cpp/test/Ice/inheritance/.depend
cpp/test/Ice/interceptor/.depend
cpp/test/Ice/location/.depend
cpp/test/Ice/objects/.depend
cpp/test/Ice/operations/.depend
cpp/test/Ice/proxy/.depend
cpp/test/Ice/retry/.depend
cpp/test/Ice/servantLocator/.depend
cpp/test/Ice/slicing/exceptions/.depend
cpp/test/Ice/slicing/objects/.depend
cpp/test/Ice/stream/.depend
cpp/test/Ice/stringConverter/.depend
cpp/test/Ice/timeout/.depend
cpp/test/Ice/udp/.depend
cpp/test/IceBox/configuration/.depend
cpp/test/IceGrid/activation/.depend
cpp/test/IceGrid/allocation/.depend
cpp/test/IceGrid/deployer/.depend
cpp/test/IceGrid/distribution/.depend
cpp/test/IceGrid/replicaGroup/.depend
cpp/test/IceGrid/replication/.depend
cpp/test/IceGrid/session/.depend
cpp/test/IceGrid/simple/.depend
cpp/test/IceGrid/update/.depend
cpp/test/IceSSL/configuration/.depend
cpp/test/IceStorm/federation/.depend
cpp/test/IceStorm/federation2/.depend
cpp/test/IceStorm/rep1/.depend
cpp/test/IceStorm/repgrid/.depend
cpp/test/IceStorm/repstress/.depend
cpp/test/IceStorm/single/.depend
cpp/test/IceStorm/stress/.depend
cpp/test/Slice/keyword/.depend
cs/src/Ice/Instance.cs
cs/src/IceSSL/ConnectorI.cs
java/demo/book/simple_filesystem/Filesystem/DirectoryI.java
java/demo/book/simple_filesystem/Filesystem/FileI.java
java/src/IceInternal/TcpConnector.java
java/src/IceSSL/ConnectorI.java
py/modules/IcePy/.depend
rb/src/IceRuby/.depend
Diffstat (limited to 'java/src/IceSSL/Instance.java')
| -rw-r--r-- | java/src/IceSSL/Instance.java | 214 |
1 files changed, 135 insertions, 79 deletions
diff --git a/java/src/IceSSL/Instance.java b/java/src/IceSSL/Instance.java index afddf43071a..efa1256ad48 100644 --- a/java/src/IceSSL/Instance.java +++ b/java/src/IceSSL/Instance.java @@ -13,8 +13,6 @@ import java.io.InputStream; import java.util.ArrayList; import java.util.List; -import Ice.Logger; - class Instance { Instance(Ice.Communicator communicator) @@ -108,7 +106,7 @@ class Instance throw e; } - Class cls = null; + Class<?> cls = null; try { cls = Class.forName(certVerifierClass); @@ -147,7 +145,7 @@ class Instance throw e; } - Class cls = null; + Class<?> cls = null; try { cls = Class.forName(passwordCallbackClass); @@ -209,22 +207,22 @@ class Instance final String[] arr = seedFiles.split(java.io.File.pathSeparator); for(int i = 0; i < arr.length; ++i) { - Ice.StringHolder seedFile = new Ice.StringHolder(arr[i]); - if(!checkPath(seedFile, false)) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: random seed file not found:\n" + arr[i]; - throw e; - } - java.io.File f = new java.io.File(seedFile.value); try { - _seeds.add(new java.io.FileInputStream(f)); + java.io.InputStream seedStream = openResource(arr[i]); + if(seedStream == null) + { + Ice.PluginInitializationException e = new Ice.PluginInitializationException(); + e.reason = "IceSSL: random seed file not found:\n" + arr[i]; + throw e; + } + + _seeds.add(seedStream); } catch(java.io.IOException ex) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: error while reading random seed file:\n" + arr[i]; + e.reason = "IceSSL: unable to access random seed file:\n" + arr[i]; e.initCause(ex); throw e; } @@ -275,7 +273,7 @@ class Instance // // The keystore holds private keys and associated certificates. // - Ice.StringHolder keystorePath = new Ice.StringHolder(properties.getProperty(prefix + "Keystore")); + String keystorePath = properties.getProperty(prefix + "Keystore"); // // The password for the keys. @@ -302,7 +300,7 @@ class Instance // // The truststore holds the certificates of trusted CAs. // - Ice.StringHolder truststorePath = new Ice.StringHolder(properties.getProperty(prefix + "Truststore")); + String truststorePath = properties.getProperty(prefix + "Truststore"); // // The password for the truststore. @@ -322,17 +320,27 @@ class Instance // javax.net.ssl.KeyManager[] keyManagers = null; java.security.KeyStore keys = null; - if(_keystoreStream != null || keystorePath.value.length() > 0) + if(_keystoreStream != null || keystorePath.length() > 0) { - if(_keystoreStream == null && !checkPath(keystorePath, false)) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: keystore file not found:\n" + keystorePath.value; - throw e; - } - keys = java.security.KeyStore.getInstance(keystoreType); + java.io.InputStream keystoreStream = null; try { + if(_keystoreStream != null) + { + keystoreStream = _keystoreStream; + } + else + { + keystoreStream = openResource(keystorePath); + if(keystoreStream == null) + { + Ice.PluginInitializationException e = new Ice.PluginInitializationException(); + e.reason = "IceSSL: keystore not found:\n" + keystorePath; + throw e; + } + } + + keys = java.security.KeyStore.getInstance(keystoreType); char[] passwordChars = null; if(keystorePassword.length() > 0) { @@ -348,16 +356,7 @@ class Instance passwordChars = new char[0]; } - java.io.InputStream bis; - if(_keystoreStream != null) - { - bis = _keystoreStream; - } - else - { - bis = new java.io.BufferedInputStream(new java.io.FileInputStream(keystorePath.value)); - } - keys.load(bis, passwordChars); + keys.load(keystoreStream, passwordChars); if(passwordChars != null) { @@ -368,10 +367,24 @@ class Instance catch(java.io.IOException ex) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: unable to load keystore:\n" + keystorePath.value; + e.reason = "IceSSL: unable to load keystore:\n" + keystorePath; e.initCause(ex); throw e; } + finally + { + if(keystoreStream != null) + { + try + { + keystoreStream.close(); + } + catch(java.io.IOException e) + { + // Ignore. + } + } + } String algorithm = javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm(); javax.net.ssl.KeyManagerFactory kmf = javax.net.ssl.KeyManagerFactory.getInstance(algorithm); @@ -416,31 +429,41 @@ class Instance // Collect the trust managers. // javax.net.ssl.TrustManager[] trustManagers = null; - if(_truststoreStream != null || truststorePath.value.length() > 0) + if(_truststoreStream != null || truststorePath.length() > 0) { - if(_truststoreStream == null && !checkPath(truststorePath, false)) - { - Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: truststore file not found:\n" + truststorePath.value; - throw e; - } - // // If the trust store and the key store are the same input // stream or file, don't create another key store. // java.security.KeyStore ts; if((_truststoreStream != null && _truststoreStream == _keystoreStream) || - (truststorePath.value.length() > 0 && truststorePath.value.equals(keystorePath.value))) + (truststorePath.length() > 0 && truststorePath.equals(keystorePath))) { assert keys != null; ts = keys; } else { - ts = java.security.KeyStore.getInstance(truststoreType); + java.io.InputStream truststoreStream = null; try { + if(_truststoreStream != null) + { + truststoreStream = _truststoreStream; + } + else + { + truststoreStream = openResource(truststorePath); + if(truststoreStream == null) + { + Ice.PluginInitializationException e = new Ice.PluginInitializationException(); + e.reason = "IceSSL: truststore not found:\n" + truststorePath; + throw e; + } + } + + ts = java.security.KeyStore.getInstance(truststoreType); + char[] passwordChars = null; if(truststorePassword.length() > 0) { @@ -456,17 +479,7 @@ class Instance passwordChars = new char[0]; } - java.io.InputStream bis; - if(_truststoreStream != null) - { - bis = _truststoreStream; - } - else - { - bis = new java.io.BufferedInputStream( - new java.io.FileInputStream(truststorePath.value)); - } - ts.load(bis, passwordChars); + ts.load(truststoreStream, passwordChars); if(passwordChars != null) { @@ -477,10 +490,24 @@ class Instance catch(java.io.IOException ex) { Ice.PluginInitializationException e = new Ice.PluginInitializationException(); - e.reason = "IceSSL: unable to load truststore:\n" + truststorePath.value; + e.reason = "IceSSL: unable to load truststore:\n" + truststorePath; e.initCause(ex); throw e; } + finally + { + if(truststoreStream != null) + { + try + { + truststoreStream.close(); + } + catch(java.io.IOException e) + { + // Ignore. + } + } + } } String algorithm = javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm(); @@ -681,11 +708,12 @@ class Instance if(_securityTraceLevel >= 1) { - StringBuffer s = new StringBuffer(); + StringBuilder s = new StringBuilder(128); s.append("enabling SSL ciphersuites:"); for(int i = 0; i < cipherSuites.length; ++i) { - s.append("\n " + cipherSuites[i]); + s.append("\n "); + s.append(cipherSuites[i]); } _logger.trace(_securityTraceCategory, s.toString()); } @@ -898,14 +926,15 @@ class Instance // if(!certNameOK && (_checkCertName || (_securityTraceLevel >= 1 && _verifier == null))) { - StringBuffer sb = new StringBuffer(); + StringBuilder sb = new StringBuilder(128); sb.append("IceSSL: "); if(!_checkCertName) { sb.append("ignoring "); } - sb.append("certificate validation failure:\npeer certificate does not contain `" + - address + "' in its subjectAltName extension"); + sb.append("certificate validation failure:\npeer certificate does not contain `"); + sb.append(address); + sb.append("' in its subjectAltName extension"); if(!dnsNames.isEmpty()) { sb.append("\nDNS names found in certificate: "); @@ -1057,33 +1086,60 @@ class Instance cipherList.toArray(_ciphers); } - private boolean - checkPath(Ice.StringHolder path, boolean dir) + private java.io.InputStream + openResource(String path) + throws java.io.IOException { // - // Check if file exists. If not, try prepending the default - // directory and check again. If the file is found, the - // string argument is modified and true is returned. Otherwise - // false is returned. + // We resolve the path as follows: + // + // 1. Try to open it as a class path resource + // 2. Try to open it in the file system + // 3. Prepend the value of IceSSL.DefaultDir (if defined) and try to open + // it in the file system + // + + // + // Calling getResourceAsStream on the class loader means all paths are absolute, + // whereas calling it on the class requires you to prepend "/" to the path in + // order to make it absolute, otherwise the path is interpreted relative to the + // class. + // + // getResourceAsStream returns null if the resource can't be found. // - java.io.File f = new java.io.File(path.value); - if(f.exists()) + java.io.InputStream stream = getClass().getClassLoader().getResourceAsStream(path); + if(stream != null) { - return dir ? f.isDirectory() : f.isFile(); + stream = new java.io.BufferedInputStream(stream); } - - if(_defaultDir.length() > 0) + else { - String s = _defaultDir + java.io.File.separator + path.value; - f = new java.io.File(s); - if(f.exists() && ((!dir && f.isFile()) || (dir && f.isDirectory()))) + try + { + java.io.File f = new java.io.File(path); + if(f.exists()) + { + stream = new java.io.BufferedInputStream(new java.io.FileInputStream(f)); + } + else + { + if(_defaultDir.length() > 0) + { + f = new java.io.File(_defaultDir + java.io.File.separator + path); + if(f.exists()) + { + stream = new java.io.BufferedInputStream(new java.io.FileInputStream(f)); + } + } + } + } + catch(java.lang.SecurityException ex) { - path.value = s; - return true; + // Ignore - a security manager may forbid access to the local file system. } } - return false; + return stream; } private static class CipherExpression |