cleanup, refactoring, align with C++/C#

author: Mark Spruiell <mes@zeroc.com> 2006-04-13 21:20:25 +0000
committer: Mark Spruiell <mes@zeroc.com> 2006-04-13 21:20:25 +0000
commit: 074bf1d6b113fffa7cf9df6433b90311f2199ea1 (patch)
tree: aff0594b90bceb6f6786b81ebecbcb16e735bb5f /java/src/IceSSL/Instance.java
parent: SSL fix (diff)
download: ice-074bf1d6b113fffa7cf9df6433b90311f2199ea1.tar.bz2
ice-074bf1d6b113fffa7cf9df6433b90311f2199ea1.tar.xz
ice-074bf1d6b113fffa7cf9df6433b90311f2199ea1.zip
1 files changed, 72 insertions, 35 deletions
diff --git a/java/src/IceSSL/Instance.java b/java/src/IceSSL/Instance.java
index e1dda63e598..b6494d69099 100644
--- a/java/src/IceSSL/Instance.java
+++ b/java/src/IceSSL/Instance.java
@@ -17,33 +17,62 @@ class Instance
 	_securityTraceLevel = communicator.getProperties().getPropertyAsIntWithDefault("IceSSL.Trace.Security", 0);
 	_securityTraceCategory = "Security";
 
-	java.security.SecureRandom rand;
-	try
-	{
-	    //
-	    // Create a SecureRandom object. We call nextInt() in order to
-	    // force the object to perform any time-consuming initialization tasks now.
-	    //
-	    rand = java.security.SecureRandom.getInstance("SHA1PRNG");
-
-	    //
-	    // We call nextInt() in order to force the object to perform any time-consuming
-	    // initialization tasks now.
-	    //
-	    rand.nextInt();
-
+	// 
+	// Initialize the plugin, unless IceSSL.DelayInit=1.
+	//
+	if(communicator.getProperties().getPropertyAsInt("IceSSL.DelayInit") == 0)
+	{   
+	    initialize(null, null);
 	}
-	catch(java.security.GeneralSecurityException ex)
-	{
+
+	// 
+	// Register the endpoint factory.
+	//
+	_facade.addEndpointFactory(new EndpointFactoryI(this));
+    }
+
+    void
+    initialize(javax.net.ssl.SSLContext clientContext, javax.net.ssl.SSLContext serverContext)
+    {
+	if(_clientContext != null)
+	{   
 	    Ice.PluginInitializationException e = new Ice.PluginInitializationException();
-	    e.reason = "IceSSL: unable to initialize secure PRNG";
-	    e.initCause(ex);
+	    e.reason = "plugin is already initialized";
 	    throw e;
 	}
 
+	//
+	// If we have to initialize an SSLContext, we'll need a SecureRandom object.
+	//
+	java.security.SecureRandom rand = null;
+	if(clientContext == null || serverContext == null)
+	{
+	    try
+	    {
+		rand = java.security.SecureRandom.getInstance("SHA1PRNG");
+
+		//
+		// We call nextInt() in order to force the object to perform any time-consuming
+		// initialization tasks now.
+		//
+		rand.nextInt();
+	    }
+	    catch(java.security.GeneralSecurityException ex)
+	    {
+		Ice.PluginInitializationException e = new Ice.PluginInitializationException();
+		e.reason = "IceSSL: unable to initialize secure PRNG";
+		e.initCause(ex);
+		throw e;
+	    }
+	}
+
+	//
+	// Create the client and server contexts. We always create both, even
+	// if only one is used.
+	//
 	try
 	{
-	    _clientContext = createContext("Client", rand);
+	    _clientContext = new Context(this, true, clientContext, rand);
 	}
 	catch(java.security.GeneralSecurityException ex)
 	{
@@ -55,7 +84,7 @@ class Instance
 
 	try
 	{
-	    _serverContext = createContext("Server", rand);
+	    _serverContext = new Context(this, false, serverContext, rand);
 	}
 	catch(java.security.GeneralSecurityException ex)
 	{
@@ -64,8 +93,12 @@ class Instance
 	    e.initCause(ex);
 	    throw e;
 	}
+    }
 
-	_facade.addEndpointFactory(new EndpointFactoryI(this));
+    void
+    setCertificateVerifier(CertificateVerifier verifier)
+    {
+	_verifier = verifier;
     }
 
     Ice.Communicator
@@ -107,28 +140,31 @@ class Instance
     Context
     clientContext()
     {
+	if(_clientContext == null)
+	{
+	    Ice.PluginInitializationException e = new Ice.PluginInitializationException();
+	    e.reason = "IceSSL: plugin is not fully initialized";
+	    throw e;
+	}
 	return _clientContext;
     }
 
     Context
     serverContext()
     {
+	if(_serverContext == null)
+	{
+	    Ice.PluginInitializationException e = new Ice.PluginInitializationException();
+	    e.reason = "IceSSL: plugin is not fully initialized";
+	    throw e;
+	}
 	return _serverContext;
     }
 
-    private Context
-    createContext(String mode, java.security.SecureRandom rand)
-	throws java.security.GeneralSecurityException
-    {
-	final String prefix = "IceSSL." + mode + ".";
-	Ice.Properties properties = communicator().getProperties();
-	String ciphers = properties.getProperty(prefix + "Ciphers");
-	String keyStore = properties.getProperty(prefix + "Keystore");
-	String password = properties.getProperty(prefix + "Password");
-	String keyStorePassword = properties.getProperty(prefix + "KeystorePassword");
-	String certs = properties.getProperty(prefix + "Certs");
-	String certsPassword = properties.getProperty(prefix + "CertsPassword");
-	return new Context(ciphers, keyStore, password, keyStorePassword, certs, certsPassword, rand);
+    CertificateVerifier
+    certificateVerifier()
+    {   
+	return _verifier;
     }
 
     private IceInternal.ProtocolPluginFacade _facade;
@@ -136,4 +172,5 @@ class Instance
     private String _securityTraceCategory;
     private Context _clientContext;
     private Context _serverContext;
+    private CertificateVerifier _verifier;
 }
author	Mark Spruiell <mes@zeroc.com>	2006-04-13 21:20:25 +0000
committer	Mark Spruiell <mes@zeroc.com>	2006-04-13 21:20:25 +0000
commit	074bf1d6b113fffa7cf9df6433b90311f2199ea1 (patch)
tree	aff0594b90bceb6f6786b81ebecbcb16e735bb5f /java/src/IceSSL/Instance.java
parent	SSL fix (diff)
download	ice-074bf1d6b113fffa7cf9df6433b90311f2199ea1.tar.bz2 ice-074bf1d6b113fffa7cf9df6433b90311f2199ea1.tar.xz ice-074bf1d6b113fffa7cf9df6433b90311f2199ea1.zip