summaryrefslogtreecommitdiff
path: root/java/ssl/jdk1.4
diff options
context:
space:
mode:
authorBernard Normier <bernard@zeroc.com>2007-02-01 17:09:49 +0000
committerBernard Normier <bernard@zeroc.com>2007-02-01 17:09:49 +0000
commitabada90e3f84dc703b8ddc9efcbed8a946fadead (patch)
tree2c6f9dccd510ea97cb927a7bd635422efaae547a /java/ssl/jdk1.4
parentremoving trace message (diff)
downloadice-abada90e3f84dc703b8ddc9efcbed8a946fadead.tar.bz2
ice-abada90e3f84dc703b8ddc9efcbed8a946fadead.tar.xz
ice-abada90e3f84dc703b8ddc9efcbed8a946fadead.zip
Expanded tabs into spaces
Diffstat (limited to 'java/ssl/jdk1.4')
-rw-r--r--java/ssl/jdk1.4/IceSSL/AcceptorI.java762
-rw-r--r--java/ssl/jdk1.4/IceSSL/ConnectionInvalidException.java4
-rw-r--r--java/ssl/jdk1.4/IceSSL/ConnectorI.java678
-rw-r--r--java/ssl/jdk1.4/IceSSL/EndpointFactoryI.java12
-rw-r--r--java/ssl/jdk1.4/IceSSL/EndpointI.java648
-rw-r--r--java/ssl/jdk1.4/IceSSL/Instance.java1328
-rw-r--r--java/ssl/jdk1.4/IceSSL/PluginFactory.java2
-rw-r--r--java/ssl/jdk1.4/IceSSL/PluginI.java10
-rw-r--r--java/ssl/jdk1.4/IceSSL/RFC2253.java628
-rw-r--r--java/ssl/jdk1.4/IceSSL/TransceiverI.java624
-rw-r--r--java/ssl/jdk1.4/IceSSL/TrustManager.java484
-rw-r--r--java/ssl/jdk1.4/IceSSL/Util.java160
-rw-r--r--java/ssl/jdk1.4/IceSSL/X509KeyManagerI.java12
-rw-r--r--java/ssl/jdk1.4/IceSSL/X509TrustManagerI.java32
14 files changed, 2692 insertions, 2692 deletions
diff --git a/java/ssl/jdk1.4/IceSSL/AcceptorI.java b/java/ssl/jdk1.4/IceSSL/AcceptorI.java
index 8594664f9c4..f9283d0c676 100644
--- a/java/ssl/jdk1.4/IceSSL/AcceptorI.java
+++ b/java/ssl/jdk1.4/IceSSL/AcceptorI.java
@@ -14,437 +14,437 @@ class AcceptorI implements IceInternal.Acceptor
public java.nio.channels.ServerSocketChannel
fd()
{
- return null;
+ return null;
}
public void
close()
{
- if(_instance.networkTraceLevel() >= 1)
- {
- String s = "stopping to accept ssl connections at " + toString();
- _logger.trace(_instance.networkTraceCategory(), s);
- }
-
- javax.net.ssl.SSLServerSocket fd;
- synchronized(this)
- {
- fd = _fd;
- _fd = null;
- }
- if(fd != null)
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException ex)
- {
- // Ignore.
- }
- }
+ if(_instance.networkTraceLevel() >= 1)
+ {
+ String s = "stopping to accept ssl connections at " + toString();
+ _logger.trace(_instance.networkTraceCategory(), s);
+ }
+
+ javax.net.ssl.SSLServerSocket fd;
+ synchronized(this)
+ {
+ fd = _fd;
+ _fd = null;
+ }
+ if(fd != null)
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException ex)
+ {
+ // Ignore.
+ }
+ }
}
public void
listen()
{
- // Nothing to do.
+ // Nothing to do.
- if(_instance.networkTraceLevel() >= 1)
- {
- String s = "accepting ssl connections at " + toString();
- _logger.trace(_instance.networkTraceCategory(), s);
- }
+ if(_instance.networkTraceLevel() >= 1)
+ {
+ String s = "accepting ssl connections at " + toString();
+ _logger.trace(_instance.networkTraceCategory(), s);
+ }
}
public IceInternal.Transceiver
accept(int timeout)
{
- //
- // The plugin may not be fully initialized.
- //
- if(!_instance.initialized())
- {
- Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
- ex.reason = "IceSSL: plugin is not initialized";
- throw ex;
- }
-
- javax.net.ssl.SSLSocket fd = null;
- ConnectionInfo connInfo = null;
- try
- {
- if(timeout == -1)
- {
- timeout = 0; // Infinite
- }
- else if(timeout == 0)
- {
- timeout = 1;
- }
- _fd.setSoTimeout(timeout);
- fd = (javax.net.ssl.SSLSocket)_fd.accept();
-
- //
- // Check whether this socket is the result of a call to connectToSelf.
- // Despite the fact that connectToSelf immediately closes the socket,
- // the server-side handshake process does not raise an exception.
- // Furthermore, we can't simply proceed with the regular handshake
- // process because we don't want to pass such a socket to the
- // certificate verifier (if any).
- //
- // In order to detect a call to connectToSelf, we compare the remote
- // address of the newly-accepted socket to that in _connectToSelfAddr.
- //
- java.net.SocketAddress remoteAddr = fd.getRemoteSocketAddress();
- synchronized(this)
- {
- if(remoteAddr.equals(_connectToSelfAddr))
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException e)
- {
- }
- return null;
- }
- }
-
- fd.setUseClientMode(false);
-
- //
- // getSession blocks until the initial handshake completes.
- //
- if(timeout == 0)
- {
- fd.getSession();
- }
- else
- {
- HandshakeThread ht = new HandshakeThread(fd);
- ht.start();
- if(!ht.waitForHandshake(timeout))
- {
- throw new Ice.TimeoutException();
- }
- }
-
- connInfo = Util.populateConnectionInfo(fd, _adapterName, true);
- _instance.verifyPeer(connInfo, fd, "", true);
- }
- catch(java.net.SocketTimeoutException ex)
- {
- if(fd != null)
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException e)
- {
- }
- }
- Ice.TimeoutException e = new Ice.TimeoutException();
- e.initCause(ex);
- throw e;
- }
- catch(javax.net.ssl.SSLException ex)
- {
- if(fd != null)
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException e)
- {
- }
- }
-
- //
- // Unfortunately, the situation where the cipher suite does not match
- // the certificates is not detected until accept is called. If we were
- // to throw a LocalException, the IncomingConnectionFactory would
- // simply log it and call accept again, resulting in an infinite loop.
- // To avoid this problem, we check for the special case and throw
- // an exception that IncomingConnectionFactory doesn't trap.
- //
- if(ex.getMessage().toLowerCase().startsWith("no available certificate corresponds to the ssl cipher " +
- "suites which are enabled"))
- {
- RuntimeException e = new RuntimeException();
- e.initCause(ex);
- throw e;
- }
-
- Ice.SecurityException e = new Ice.SecurityException();
- e.initCause(ex);
- throw e;
- }
- catch(java.io.IOException ex)
- {
- if(fd != null)
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException e)
- {
- }
- }
-
- if(IceInternal.Network.connectionLost(ex))
- {
- throw new Ice.ConnectionLostException();
- }
-
- Ice.SocketException e = new Ice.SocketException();
- e.initCause(ex);
- throw e;
- }
- catch(RuntimeException ex)
- {
- if(fd != null)
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException e)
- {
- }
- }
- throw ex;
- }
-
- if(_instance.networkTraceLevel() >= 1)
- {
- String s = "accepted ssl connection\n" + IceInternal.Network.fdToString(fd);
- _logger.trace(_instance.networkTraceCategory(), s);
- }
-
- if(_instance.securityTraceLevel() > 0)
- {
- _instance.traceConnection(fd, true);
- }
-
- return new TransceiverI(_instance, fd, connInfo);
+ //
+ // The plugin may not be fully initialized.
+ //
+ if(!_instance.initialized())
+ {
+ Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
+ ex.reason = "IceSSL: plugin is not initialized";
+ throw ex;
+ }
+
+ javax.net.ssl.SSLSocket fd = null;
+ ConnectionInfo connInfo = null;
+ try
+ {
+ if(timeout == -1)
+ {
+ timeout = 0; // Infinite
+ }
+ else if(timeout == 0)
+ {
+ timeout = 1;
+ }
+ _fd.setSoTimeout(timeout);
+ fd = (javax.net.ssl.SSLSocket)_fd.accept();
+
+ //
+ // Check whether this socket is the result of a call to connectToSelf.
+ // Despite the fact that connectToSelf immediately closes the socket,
+ // the server-side handshake process does not raise an exception.
+ // Furthermore, we can't simply proceed with the regular handshake
+ // process because we don't want to pass such a socket to the
+ // certificate verifier (if any).
+ //
+ // In order to detect a call to connectToSelf, we compare the remote
+ // address of the newly-accepted socket to that in _connectToSelfAddr.
+ //
+ java.net.SocketAddress remoteAddr = fd.getRemoteSocketAddress();
+ synchronized(this)
+ {
+ if(remoteAddr.equals(_connectToSelfAddr))
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ return null;
+ }
+ }
+
+ fd.setUseClientMode(false);
+
+ //
+ // getSession blocks until the initial handshake completes.
+ //
+ if(timeout == 0)
+ {
+ fd.getSession();
+ }
+ else
+ {
+ HandshakeThread ht = new HandshakeThread(fd);
+ ht.start();
+ if(!ht.waitForHandshake(timeout))
+ {
+ throw new Ice.TimeoutException();
+ }
+ }
+
+ connInfo = Util.populateConnectionInfo(fd, _adapterName, true);
+ _instance.verifyPeer(connInfo, fd, "", true);
+ }
+ catch(java.net.SocketTimeoutException ex)
+ {
+ if(fd != null)
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ }
+ Ice.TimeoutException e = new Ice.TimeoutException();
+ e.initCause(ex);
+ throw e;
+ }
+ catch(javax.net.ssl.SSLException ex)
+ {
+ if(fd != null)
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ }
+
+ //
+ // Unfortunately, the situation where the cipher suite does not match
+ // the certificates is not detected until accept is called. If we were
+ // to throw a LocalException, the IncomingConnectionFactory would
+ // simply log it and call accept again, resulting in an infinite loop.
+ // To avoid this problem, we check for the special case and throw
+ // an exception that IncomingConnectionFactory doesn't trap.
+ //
+ if(ex.getMessage().toLowerCase().startsWith("no available certificate corresponds to the ssl cipher " +
+ "suites which are enabled"))
+ {
+ RuntimeException e = new RuntimeException();
+ e.initCause(ex);
+ throw e;
+ }
+
+ Ice.SecurityException e = new Ice.SecurityException();
+ e.initCause(ex);
+ throw e;
+ }
+ catch(java.io.IOException ex)
+ {
+ if(fd != null)
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ }
+
+ if(IceInternal.Network.connectionLost(ex))
+ {
+ throw new Ice.ConnectionLostException();
+ }
+
+ Ice.SocketException e = new Ice.SocketException();
+ e.initCause(ex);
+ throw e;
+ }
+ catch(RuntimeException ex)
+ {
+ if(fd != null)
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ }
+ throw ex;
+ }
+
+ if(_instance.networkTraceLevel() >= 1)
+ {
+ String s = "accepted ssl connection\n" + IceInternal.Network.fdToString(fd);
+ _logger.trace(_instance.networkTraceCategory(), s);
+ }
+
+ if(_instance.securityTraceLevel() > 0)
+ {
+ _instance.traceConnection(fd, true);
+ }
+
+ return new TransceiverI(_instance, fd, connInfo);
}
public void
connectToSelf()
{
- java.nio.channels.SocketChannel fd = IceInternal.Network.createTcpSocket();
- IceInternal.Network.setBlock(fd, false);
- synchronized(this)
- {
- //
- // connectToSelf is called to wake up the thread blocked in
- // accept. We remember the originating address for use in
- // accept. See accept for details.
- //
- IceInternal.Network.doConnect(fd, _addr, -1);
- _connectToSelfAddr = (java.net.InetSocketAddress)fd.socket().getLocalSocketAddress();
- }
- IceInternal.Network.closeSocket(fd);
+ java.nio.channels.SocketChannel fd = IceInternal.Network.createTcpSocket();
+ IceInternal.Network.setBlock(fd, false);
+ synchronized(this)
+ {
+ //
+ // connectToSelf is called to wake up the thread blocked in
+ // accept. We remember the originating address for use in
+ // accept. See accept for details.
+ //
+ IceInternal.Network.doConnect(fd, _addr, -1);
+ _connectToSelfAddr = (java.net.InetSocketAddress)fd.socket().getLocalSocketAddress();
+ }
+ IceInternal.Network.closeSocket(fd);
}
public String
toString()
{
- return IceInternal.Network.addrToString(_addr);
+ return IceInternal.Network.addrToString(_addr);
}
final boolean
equivalent(String host, int port)
{
- java.net.InetSocketAddress addr = IceInternal.Network.getAddress(host, port);
- return addr.equals(_addr);
+ java.net.InetSocketAddress addr = IceInternal.Network.getAddress(host, port);
+ return addr.equals(_addr);
}
int
effectivePort()
{
- return _addr.getPort();
+ return _addr.getPort();
}
AcceptorI(Instance instance, String adapterName, String host, int port)
{
- _instance = instance;
- _adapterName = adapterName;
- _logger = instance.communicator().getLogger();
- _backlog = 0;
-
- if(_backlog <= 0)
- {
- _backlog = 5;
- }
-
- try
- {
- javax.net.ssl.SSLServerSocketFactory factory = _instance.context().getServerSocketFactory();
- _addr = new java.net.InetSocketAddress(host, port);
- if(_instance.networkTraceLevel() >= 2)
- {
- String s = "attempting to bind to ssl socket " + toString();
- _logger.trace(_instance.networkTraceCategory(), s);
- }
- java.net.InetSocketAddress iface = IceInternal.Network.getAddress(host, port);
- _fd = (javax.net.ssl.SSLServerSocket)factory.createServerSocket(port, _backlog, iface.getAddress());
- _addr = (java.net.InetSocketAddress)_fd.getLocalSocketAddress();
-
- int verifyPeer =
- _instance.communicator().getProperties().getPropertyAsIntWithDefault("IceSSL.VerifyPeer", 2);
- if(verifyPeer == 0)
- {
- _fd.setWantClientAuth(false);
- _fd.setNeedClientAuth(false);
- }
- else if(verifyPeer == 1)
- {
- _fd.setWantClientAuth(true);
- }
- else
- {
- _fd.setNeedClientAuth(true);
- }
-
- String[] cipherSuites =
- _instance.filterCiphers(_fd.getSupportedCipherSuites(), _fd.getEnabledCipherSuites());
- try
- {
- _fd.setEnabledCipherSuites(cipherSuites);
- }
- catch(IllegalArgumentException ex)
- {
- Ice.SecurityException e = new Ice.SecurityException();
- e.reason = "IceSSL: invalid ciphersuite";
- e.initCause(ex);
- throw e;
- }
- if(_instance.securityTraceLevel() > 0)
- {
- StringBuffer s = new StringBuffer();
- s.append("enabling SSL ciphersuites for server socket " + toString() + ":");
- for(int i = 0; i < cipherSuites.length; ++i)
- {
- s.append("\n " + cipherSuites[i]);
- }
- _logger.trace(_instance.securityTraceCategory(), s.toString());
- }
-
- String[] protocols = _instance.protocols();
- if(protocols != null)
- {
- try
- {
- _fd.setEnabledProtocols(protocols);
- }
- catch(IllegalArgumentException ex)
- {
- Ice.SecurityException e = new Ice.SecurityException();
- e.reason = "IceSSL: invalid protocol";
- e.initCause(ex);
- throw e;
- }
- }
- }
- catch(java.io.IOException ex)
- {
- try
- {
- if(_fd != null)
- {
- _fd.close();
- }
- }
- catch(java.io.IOException e)
- {
- }
- _fd = null;
- Ice.SocketException se = new Ice.SocketException();
- se.initCause(ex);
- throw se;
- }
+ _instance = instance;
+ _adapterName = adapterName;
+ _logger = instance.communicator().getLogger();
+ _backlog = 0;
+
+ if(_backlog <= 0)
+ {
+ _backlog = 5;
+ }
+
+ try
+ {
+ javax.net.ssl.SSLServerSocketFactory factory = _instance.context().getServerSocketFactory();
+ _addr = new java.net.InetSocketAddress(host, port);
+ if(_instance.networkTraceLevel() >= 2)
+ {
+ String s = "attempting to bind to ssl socket " + toString();
+ _logger.trace(_instance.networkTraceCategory(), s);
+ }
+ java.net.InetSocketAddress iface = IceInternal.Network.getAddress(host, port);
+ _fd = (javax.net.ssl.SSLServerSocket)factory.createServerSocket(port, _backlog, iface.getAddress());
+ _addr = (java.net.InetSocketAddress)_fd.getLocalSocketAddress();
+
+ int verifyPeer =
+ _instance.communicator().getProperties().getPropertyAsIntWithDefault("IceSSL.VerifyPeer", 2);
+ if(verifyPeer == 0)
+ {
+ _fd.setWantClientAuth(false);
+ _fd.setNeedClientAuth(false);
+ }
+ else if(verifyPeer == 1)
+ {
+ _fd.setWantClientAuth(true);
+ }
+ else
+ {
+ _fd.setNeedClientAuth(true);
+ }
+
+ String[] cipherSuites =
+ _instance.filterCiphers(_fd.getSupportedCipherSuites(), _fd.getEnabledCipherSuites());
+ try
+ {
+ _fd.setEnabledCipherSuites(cipherSuites);
+ }
+ catch(IllegalArgumentException ex)
+ {
+ Ice.SecurityException e = new Ice.SecurityException();
+ e.reason = "IceSSL: invalid ciphersuite";
+ e.initCause(ex);
+ throw e;
+ }
+ if(_instance.securityTraceLevel() > 0)
+ {
+ StringBuffer s = new StringBuffer();
+ s.append("enabling SSL ciphersuites for server socket " + toString() + ":");
+ for(int i = 0; i < cipherSuites.length; ++i)
+ {
+ s.append("\n " + cipherSuites[i]);
+ }
+ _logger.trace(_instance.securityTraceCategory(), s.toString());
+ }
+
+ String[] protocols = _instance.protocols();
+ if(protocols != null)
+ {
+ try
+ {
+ _fd.setEnabledProtocols(protocols);
+ }
+ catch(IllegalArgumentException ex)
+ {
+ Ice.SecurityException e = new Ice.SecurityException();
+ e.reason = "IceSSL: invalid protocol";
+ e.initCause(ex);
+ throw e;
+ }
+ }
+ }
+ catch(java.io.IOException ex)
+ {
+ try
+ {
+ if(_fd != null)
+ {
+ _fd.close();
+ }
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ _fd = null;
+ Ice.SocketException se = new Ice.SocketException();
+ se.initCause(ex);
+ throw se;
+ }
}
protected void
finalize()
- throws Throwable
+ throws Throwable
{
- assert(_fd == null);
+ assert(_fd == null);
- super.finalize();
+ super.finalize();
}
private static class HandshakeThread extends Thread
{
- HandshakeThread(javax.net.ssl.SSLSocket fd)
- {
- _fd = fd;
- _ok = false;
- }
-
- public void
- run()
- {
- try
- {
- _fd.getSession();
- synchronized(this)
- {
- _ok = true;
- notifyAll();
- }
-
- }
- catch(RuntimeException ex)
- {
- synchronized(this)
- {
- _ex = ex;
- notifyAll();
- }
- }
- }
-
- boolean
- waitForHandshake(int timeout)
- {
- boolean result = false;
-
- synchronized(this)
- {
- while(!_ok && _ex == null)
- {
- try
- {
- wait(timeout);
- break;
- }
- catch(InterruptedException ex)
- {
- continue;
- }
- }
-
- if(_ex != null)
- {
- throw _ex;
- }
-
- result = _ok;
- }
-
- return result;
- }
-
- private javax.net.ssl.SSLSocket _fd;
- private boolean _ok;
- private RuntimeException _ex;
+ HandshakeThread(javax.net.ssl.SSLSocket fd)
+ {
+ _fd = fd;
+ _ok = false;
+ }
+
+ public void
+ run()
+ {
+ try
+ {
+ _fd.getSession();
+ synchronized(this)
+ {
+ _ok = true;
+ notifyAll();
+ }
+
+ }
+ catch(RuntimeException ex)
+ {
+ synchronized(this)
+ {
+ _ex = ex;
+ notifyAll();
+ }
+ }
+ }
+
+ boolean
+ waitForHandshake(int timeout)
+ {
+ boolean result = false;
+
+ synchronized(this)
+ {
+ while(!_ok && _ex == null)
+ {
+ try
+ {
+ wait(timeout);
+ break;
+ }
+ catch(InterruptedException ex)
+ {
+ continue;
+ }
+ }
+
+ if(_ex != null)
+ {
+ throw _ex;
+ }
+
+ result = _ok;
+ }
+
+ return result;
+ }
+
+ private javax.net.ssl.SSLSocket _fd;
+ private boolean _ok;
+ private RuntimeException _ex;
}
private Instance _instance;
diff --git a/java/ssl/jdk1.4/IceSSL/ConnectionInvalidException.java b/java/ssl/jdk1.4/IceSSL/ConnectionInvalidException.java
index 475f5f29df6..3b7921ae9cf 100644
--- a/java/ssl/jdk1.4/IceSSL/ConnectionInvalidException.java
+++ b/java/ssl/jdk1.4/IceSSL/ConnectionInvalidException.java
@@ -17,13 +17,13 @@ public final class ConnectionInvalidException extends Ice.LocalException
public ConnectionInvalidException(String reason)
{
- this.reason = reason;
+ this.reason = reason;
}
public String
ice_name()
{
- return "Ice::ConnectionInvalidException";
+ return "Ice::ConnectionInvalidException";
}
public String reason;
diff --git a/java/ssl/jdk1.4/IceSSL/ConnectorI.java b/java/ssl/jdk1.4/IceSSL/ConnectorI.java
index f9859907b60..d4a5ed20272 100644
--- a/java/ssl/jdk1.4/IceSSL/ConnectorI.java
+++ b/java/ssl/jdk1.4/IceSSL/ConnectorI.java
@@ -14,221 +14,221 @@ final class ConnectorI implements IceInternal.Connector
public IceInternal.Transceiver
connect(int timeout)
{
- //
- // The plugin may not be fully initialized.
- //
- if(!_instance.initialized())
- {
- Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
- ex.reason = "IceSSL: plugin is not initialized";
- throw ex;
- }
-
- if(_instance.networkTraceLevel() >= 2)
- {
- String s = "trying to establish ssl connection to " + toString();
- _logger.trace(_instance.networkTraceCategory(), s);
- }
-
- javax.net.ssl.SSLSocket fd = null;
- ConnectionInfo connInfo = null;
- try
- {
- //
- // If a connect timeout is specified, do the connect in a separate thread.
- //
- if(timeout >= 0)
- {
- ConnectThread ct = new ConnectThread(_instance.context(), _addr);
- ct.start();
- fd = ct.getFd(timeout == 0 ? 1 : timeout);
- if(fd == null)
- {
- throw new Ice.ConnectTimeoutException();
- }
- }
- else
- {
- javax.net.SocketFactory factory = _instance.context().getSocketFactory();
- fd = (javax.net.ssl.SSLSocket)factory.createSocket(_addr.getAddress(), _addr.getPort());
- }
-
- fd.setUseClientMode(true);
-
- String[] cipherSuites = _instance.filterCiphers(fd.getSupportedCipherSuites(), fd.getEnabledCipherSuites());
- try
- {
- fd.setEnabledCipherSuites(cipherSuites);
- }
- catch(IllegalArgumentException ex)
- {
- Ice.SecurityException e = new Ice.SecurityException();
- e.reason = "IceSSL: invalid ciphersuite";
- e.initCause(ex);
- throw e;
- }
- if(_instance.securityTraceLevel() > 0)
- {
- StringBuffer s = new StringBuffer();
- s.append("enabling SSL ciphersuites for socket\n" + IceInternal.Network.fdToString(fd) + ":");
- for(int i = 0; i < cipherSuites.length; ++i)
- {
- s.append("\n " + cipherSuites[i]);
- }
- _logger.trace(_instance.securityTraceCategory(), s.toString());
- }
-
- String[] protocols = _instance.protocols();
- if(protocols != null)
- {
- try
- {
- fd.setEnabledProtocols(protocols);
- }
- catch(IllegalArgumentException ex)
- {
- Ice.SecurityException e = new Ice.SecurityException();
- e.reason = "IceSSL: invalid protocol";
- e.initCause(ex);
- throw e;
- }
- }
-
- //
- // If a connect timeout is specified, do the SSL handshake in a separate thread.
- //
- if(timeout >= 0)
- {
- HandshakeThread ht = new HandshakeThread(fd);
- ht.start();
- if(!ht.waitForHandshake(timeout == 0 ? 1 : timeout))
- {
- throw new Ice.ConnectTimeoutException();
- }
- }
- else
- {
- fd.startHandshake();
- }
-
- //
- // Check IceSSL.VerifyPeer.
- //
- int verifyPeer =
- _instance.communicator().getProperties().getPropertyAsIntWithDefault("IceSSL.VerifyPeer", 2);
- if(verifyPeer > 0)
- {
- try
- {
- fd.getSession().getPeerCertificates();
- }
- catch(javax.net.ssl.SSLPeerUnverifiedException ex)
- {
- Ice.SecurityException e = new Ice.SecurityException();
- e.reason = "IceSSL: server did not supply a certificate";
- e.initCause(ex);
- throw e;
- }
- }
-
- connInfo = Util.populateConnectionInfo(fd, "", false);
- _instance.verifyPeer(connInfo, fd, _host, false);
- }
+ //
+ // The plugin may not be fully initialized.
+ //
+ if(!_instance.initialized())
+ {
+ Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
+ ex.reason = "IceSSL: plugin is not initialized";
+ throw ex;
+ }
+
+ if(_instance.networkTraceLevel() >= 2)
+ {
+ String s = "trying to establish ssl connection to " + toString();
+ _logger.trace(_instance.networkTraceCategory(), s);
+ }
+
+ javax.net.ssl.SSLSocket fd = null;
+ ConnectionInfo connInfo = null;
+ try
+ {
+ //
+ // If a connect timeout is specified, do the connect in a separate thread.
+ //
+ if(timeout >= 0)
+ {
+ ConnectThread ct = new ConnectThread(_instance.context(), _addr);
+ ct.start();
+ fd = ct.getFd(timeout == 0 ? 1 : timeout);
+ if(fd == null)
+ {
+ throw new Ice.ConnectTimeoutException();
+ }
+ }
+ else
+ {
+ javax.net.SocketFactory factory = _instance.context().getSocketFactory();
+ fd = (javax.net.ssl.SSLSocket)factory.createSocket(_addr.getAddress(), _addr.getPort());
+ }
+
+ fd.setUseClientMode(true);
+
+ String[] cipherSuites = _instance.filterCiphers(fd.getSupportedCipherSuites(), fd.getEnabledCipherSuites());
+ try
+ {
+ fd.setEnabledCipherSuites(cipherSuites);
+ }
+ catch(IllegalArgumentException ex)
+ {
+ Ice.SecurityException e = new Ice.SecurityException();
+ e.reason = "IceSSL: invalid ciphersuite";
+ e.initCause(ex);
+ throw e;
+ }
+ if(_instance.securityTraceLevel() > 0)
+ {
+ StringBuffer s = new StringBuffer();
+ s.append("enabling SSL ciphersuites for socket\n" + IceInternal.Network.fdToString(fd) + ":");
+ for(int i = 0; i < cipherSuites.length; ++i)
+ {
+ s.append("\n " + cipherSuites[i]);
+ }
+ _logger.trace(_instance.securityTraceCategory(), s.toString());
+ }
+
+ String[] protocols = _instance.protocols();
+ if(protocols != null)
+ {
+ try
+ {
+ fd.setEnabledProtocols(protocols);
+ }
+ catch(IllegalArgumentException ex)
+ {
+ Ice.SecurityException e = new Ice.SecurityException();
+ e.reason = "IceSSL: invalid protocol";
+ e.initCause(ex);
+ throw e;
+ }
+ }
+
+ //
+ // If a connect timeout is specified, do the SSL handshake in a separate thread.
+ //
+ if(timeout >= 0)
+ {
+ HandshakeThread ht = new HandshakeThread(fd);
+ ht.start();
+ if(!ht.waitForHandshake(timeout == 0 ? 1 : timeout))
+ {
+ throw new Ice.ConnectTimeoutException();
+ }
+ }
+ else
+ {
+ fd.startHandshake();
+ }
+
+ //
+ // Check IceSSL.VerifyPeer.
+ //
+ int verifyPeer =
+ _instance.communicator().getProperties().getPropertyAsIntWithDefault("IceSSL.VerifyPeer", 2);
+ if(verifyPeer > 0)
+ {
+ try
+ {
+ fd.getSession().getPeerCertificates();
+ }
+ catch(javax.net.ssl.SSLPeerUnverifiedException ex)
+ {
+ Ice.SecurityException e = new Ice.SecurityException();
+ e.reason = "IceSSL: server did not supply a certificate";
+ e.initCause(ex);
+ throw e;
+ }
+ }
+
+ connInfo = Util.populateConnectionInfo(fd, "", false);
+ _instance.verifyPeer(connInfo, fd, _host, false);
+ }
catch(java.net.ConnectException ex)
{
- if(fd != null)
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException e)
- {
- }
- }
+ if(fd != null)
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ }
Ice.ConnectFailedException se;
- if(IceInternal.Network.connectionRefused(ex))
- {
- se = new Ice.ConnectionRefusedException();
- }
- else
- {
- se = new Ice.ConnectFailedException();
- }
+ if(IceInternal.Network.connectionRefused(ex))
+ {
+ se = new Ice.ConnectionRefusedException();
+ }
+ else
+ {
+ se = new Ice.ConnectFailedException();
+ }
se.initCause(ex);
throw se;
}
- catch(javax.net.ssl.SSLException ex)
- {
- if(fd != null)
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException e)
- {
- }
- }
- Ice.SecurityException e = new Ice.SecurityException();
- e.initCause(ex);
- throw e;
- }
- catch(java.io.IOException ex)
- {
- if(fd != null)
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException e)
- {
- }
- }
-
- if(IceInternal.Network.connectionLost(ex))
- {
- throw new Ice.ConnectionLostException();
- }
-
- Ice.SocketException e = new Ice.SocketException();
- e.initCause(ex);
- throw e;
- }
- catch(RuntimeException ex)
- {
- if(fd != null)
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException e)
- {
- }
- }
- throw ex;
- }
-
- if(_instance.networkTraceLevel() >= 1)
- {
- String s = "ssl connection established\n" + IceInternal.Network.fdToString(fd);
- _logger.trace(_instance.networkTraceCategory(), s);
- }
-
- if(_instance.securityTraceLevel() > 0)
- {
- _instance.traceConnection(fd, false);
- }
-
- return new TransceiverI(_instance, fd, connInfo);
+ catch(javax.net.ssl.SSLException ex)
+ {
+ if(fd != null)
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ }
+ Ice.SecurityException e = new Ice.SecurityException();
+ e.initCause(ex);
+ throw e;
+ }
+ catch(java.io.IOException ex)
+ {
+ if(fd != null)
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ }
+
+ if(IceInternal.Network.connectionLost(ex))
+ {
+ throw new Ice.ConnectionLostException();
+ }
+
+ Ice.SocketException e = new Ice.SocketException();
+ e.initCause(ex);
+ throw e;
+ }
+ catch(RuntimeException ex)
+ {
+ if(fd != null)
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ }
+ throw ex;
+ }
+
+ if(_instance.networkTraceLevel() >= 1)
+ {
+ String s = "ssl connection established\n" + IceInternal.Network.fdToString(fd);
+ _logger.trace(_instance.networkTraceCategory(), s);
+ }
+
+ if(_instance.securityTraceLevel() > 0)
+ {
+ _instance.traceConnection(fd, false);
+ }
+
+ return new TransceiverI(_instance, fd, connInfo);
}
public String
toString()
{
- return IceInternal.Network.addrToString(_addr);
+ return IceInternal.Network.addrToString(_addr);
}
//
@@ -236,150 +236,150 @@ final class ConnectorI implements IceInternal.Connector
//
ConnectorI(Instance instance, String host, int port)
{
- _instance = instance;
- _logger = instance.communicator().getLogger();
+ _instance = instance;
+ _logger = instance.communicator().getLogger();
- _host = host;
- _addr = IceInternal.Network.getAddress(host, port);
+ _host = host;
+ _addr = IceInternal.Network.getAddress(host, port);
}
private static class ConnectThread extends Thread
{
- ConnectThread(javax.net.ssl.SSLContext ctx, java.net.InetSocketAddress addr)
- {
- _ctx = ctx;
- _addr = addr;
- }
-
- public void
- run()
- {
- try
- {
- javax.net.SocketFactory factory = _ctx.getSocketFactory();
- javax.net.ssl.SSLSocket fd =
- (javax.net.ssl.SSLSocket)factory.createSocket(_addr.getAddress(), _addr.getPort());
- synchronized(this)
- {
- _fd = fd;
- notifyAll();
- }
- }
- catch(java.io.IOException ex)
- {
- synchronized(this)
- {
- _ex = ex;
- notifyAll();
- }
- }
- }
-
- javax.net.ssl.SSLSocket
- getFd(int timeout)
- throws java.io.IOException
- {
- javax.net.ssl.SSLSocket fd = null;
-
- synchronized(this)
- {
- while(_fd == null && _ex == null)
- {
- try
- {
- wait(timeout);
- break;
- }
- catch(InterruptedException ex)
- {
- continue;
- }
- }
-
- if(_ex != null)
- {
- throw _ex;
- }
-
- fd = _fd;
- _fd = null;
- }
-
- return fd;
- }
-
- private javax.net.ssl.SSLContext _ctx;
- private java.net.InetSocketAddress _addr;
- private javax.net.ssl.SSLSocket _fd;
- private java.io.IOException _ex;
+ ConnectThread(javax.net.ssl.SSLContext ctx, java.net.InetSocketAddress addr)
+ {
+ _ctx = ctx;
+ _addr = addr;
+ }
+
+ public void
+ run()
+ {
+ try
+ {
+ javax.net.SocketFactory factory = _ctx.getSocketFactory();
+ javax.net.ssl.SSLSocket fd =
+ (javax.net.ssl.SSLSocket)factory.createSocket(_addr.getAddress(), _addr.getPort());
+ synchronized(this)
+ {
+ _fd = fd;
+ notifyAll();
+ }
+ }
+ catch(java.io.IOException ex)
+ {
+ synchronized(this)
+ {
+ _ex = ex;
+ notifyAll();
+ }
+ }
+ }
+
+ javax.net.ssl.SSLSocket
+ getFd(int timeout)
+ throws java.io.IOException
+ {
+ javax.net.ssl.SSLSocket fd = null;
+
+ synchronized(this)
+ {
+ while(_fd == null && _ex == null)
+ {
+ try
+ {
+ wait(timeout);
+ break;
+ }
+ catch(InterruptedException ex)
+ {
+ continue;
+ }
+ }
+
+ if(_ex != null)
+ {
+ throw _ex;
+ }
+
+ fd = _fd;
+ _fd = null;
+ }
+
+ return fd;
+ }
+
+ private javax.net.ssl.SSLContext _ctx;
+ private java.net.InetSocketAddress _addr;
+ private javax.net.ssl.SSLSocket _fd;
+ private java.io.IOException _ex;
}
private static class HandshakeThread extends Thread
{
- HandshakeThread(javax.net.ssl.SSLSocket fd)
- {
- _fd = fd;
- _ok = false;
- }
-
- public void
- run()
- {
- try
- {
- _fd.startHandshake();
- synchronized(this)
- {
- _ok = true;
- notifyAll();
- }
-
- }
- catch(java.io.IOException ex)
- {
- synchronized(this)
- {
- _ex = ex;
- notifyAll();
- }
- }
- }
-
- boolean
- waitForHandshake(int timeout)
- throws java.io.IOException
- {
- boolean result = false;
-
- synchronized(this)
- {
- while(!_ok && _ex == null)
- {
- try
- {
- wait(timeout);
- break;
- }
- catch(InterruptedException ex)
- {
- continue;
- }
- }
-
- if(_ex != null)
- {
- throw _ex;
- }
-
- result = _ok;
- }
-
- return result;
- }
-
- private javax.net.ssl.SSLSocket _fd;
- private boolean _ok;
- private java.io.IOException _ex;
+ HandshakeThread(javax.net.ssl.SSLSocket fd)
+ {
+ _fd = fd;
+ _ok = false;
+ }
+
+ public void
+ run()
+ {
+ try
+ {
+ _fd.startHandshake();
+ synchronized(this)
+ {
+ _ok = true;
+ notifyAll();
+ }
+
+ }
+ catch(java.io.IOException ex)
+ {
+ synchronized(this)
+ {
+ _ex = ex;
+ notifyAll();
+ }
+ }
+ }
+
+ boolean
+ waitForHandshake(int timeout)
+ throws java.io.IOException
+ {
+ boolean result = false;
+
+ synchronized(this)
+ {
+ while(!_ok && _ex == null)
+ {
+ try
+ {
+ wait(timeout);
+ break;
+ }
+ catch(InterruptedException ex)
+ {
+ continue;
+ }
+ }
+
+ if(_ex != null)
+ {
+ throw _ex;
+ }
+
+ result = _ok;
+ }
+
+ return result;
+ }
+
+ private javax.net.ssl.SSLSocket _fd;
+ private boolean _ok;
+ private java.io.IOException _ex;
}
private Instance _instance;
diff --git a/java/ssl/jdk1.4/IceSSL/EndpointFactoryI.java b/java/ssl/jdk1.4/IceSSL/EndpointFactoryI.java
index dd19236bcb5..84bcd8bb21d 100644
--- a/java/ssl/jdk1.4/IceSSL/EndpointFactoryI.java
+++ b/java/ssl/jdk1.4/IceSSL/EndpointFactoryI.java
@@ -13,37 +13,37 @@ final class EndpointFactoryI implements IceInternal.EndpointFactory
{
EndpointFactoryI(Instance instance)
{
- _instance = instance;
+ _instance = instance;
}
public short
type()
{
- return EndpointI.TYPE;
+ return EndpointI.TYPE;
}
public String
protocol()
{
- return "ssl";
+ return "ssl";
}
public IceInternal.EndpointI
create(String str)
{
- return new EndpointI(_instance, str);
+ return new EndpointI(_instance, str);
}
public IceInternal.EndpointI
read(IceInternal.BasicStream s)
{
- return new EndpointI(_instance, s);
+ return new EndpointI(_instance, s);
}
public void
destroy()
{
- _instance = null;
+ _instance = null;
}
private Instance _instance;
diff --git a/java/ssl/jdk1.4/IceSSL/EndpointI.java b/java/ssl/jdk1.4/IceSSL/EndpointI.java
index 8babc3cbf3d..40c51386679 100644
--- a/java/ssl/jdk1.4/IceSSL/EndpointI.java
+++ b/java/ssl/jdk1.4/IceSSL/EndpointI.java
@@ -16,136 +16,136 @@ final class EndpointI extends IceInternal.EndpointI
public
EndpointI(Instance instance, String ho, int po, int ti, String conId, boolean co, boolean pub)
{
- _instance = instance;
- _host = ho;
- _port = po;
- _timeout = ti;
- _connectionId = conId;
- _compress = co;
- _publish = pub;
- calcHashValue();
+ _instance = instance;
+ _host = ho;
+ _port = po;
+ _timeout = ti;
+ _connectionId = conId;
+ _compress = co;
+ _publish = pub;
+ calcHashValue();
}
public
EndpointI(Instance instance, String str)
{
- _instance = instance;
- _host = null;
- _port = 0;
- _timeout = -1;
- _compress = false;
- _publish = true;
-
- String[] arr = str.split("[ \t\n\r]+");
-
- int i = 0;
- while(i < arr.length)
- {
- if(arr[i].length() == 0)
- {
- i++;
- continue;
- }
-
- String option = arr[i++];
- if(option.length() != 2 || option.charAt(0) != '-')
- {
- throw new Ice.EndpointParseException("ssl " + str);
- }
-
- String argument = null;
- if(i < arr.length && arr[i].charAt(0) != '-')
- {
- argument = arr[i++];
- }
-
- switch(option.charAt(1))
- {
- case 'h':
- {
- if(argument == null)
- {
- throw new Ice.EndpointParseException("ssl " + str);
- }
-
- _host = argument;
- break;
- }
-
- case 'p':
- {
- if(argument == null)
- {
- throw new Ice.EndpointParseException("ssl " + str);
- }
-
- try
- {
- _port = Integer.parseInt(argument);
- }
- catch(NumberFormatException ex)
- {
- throw new Ice.EndpointParseException("ssl " + str);
- }
-
- if(_port < 0 || _port > 65535)
- {
- throw new Ice.EndpointParseException("ssl " + str);
- }
-
- break;
- }
-
- case 't':
- {
- if(argument == null)
- {
- throw new Ice.EndpointParseException("ssl " + str);
- }
-
- try
- {
- _timeout = Integer.parseInt(argument);
- }
- catch(NumberFormatException ex)
- {
- throw new Ice.EndpointParseException("ssl " + str);
- }
-
- break;
- }
-
- case 'z':
- {
- if(argument != null)
- {
- throw new Ice.EndpointParseException("ssl " + str);
- }
-
- _compress = true;
- break;
- }
-
- default:
- {
- throw new Ice.EndpointParseException("ssl " + str);
- }
- }
- }
+ _instance = instance;
+ _host = null;
+ _port = 0;
+ _timeout = -1;
+ _compress = false;
+ _publish = true;
+
+ String[] arr = str.split("[ \t\n\r]+");
+
+ int i = 0;
+ while(i < arr.length)
+ {
+ if(arr[i].length() == 0)
+ {
+ i++;
+ continue;
+ }
+
+ String option = arr[i++];
+ if(option.length() != 2 || option.charAt(0) != '-')
+ {
+ throw new Ice.EndpointParseException("ssl " + str);
+ }
+
+ String argument = null;
+ if(i < arr.length && arr[i].charAt(0) != '-')
+ {
+ argument = arr[i++];
+ }
+
+ switch(option.charAt(1))
+ {
+ case 'h':
+ {
+ if(argument == null)
+ {
+ throw new Ice.EndpointParseException("ssl " + str);
+ }
+
+ _host = argument;
+ break;
+ }
+
+ case 'p':
+ {
+ if(argument == null)
+ {
+ throw new Ice.EndpointParseException("ssl " + str);
+ }
+
+ try
+ {
+ _port = Integer.parseInt(argument);
+ }
+ catch(NumberFormatException ex)
+ {
+ throw new Ice.EndpointParseException("ssl " + str);
+ }
+
+ if(_port < 0 || _port > 65535)
+ {
+ throw new Ice.EndpointParseException("ssl " + str);
+ }
+
+ break;
+ }
+
+ case 't':
+ {
+ if(argument == null)
+ {
+ throw new Ice.EndpointParseException("ssl " + str);
+ }
+
+ try
+ {
+ _timeout = Integer.parseInt(argument);
+ }
+ catch(NumberFormatException ex)
+ {
+ throw new Ice.EndpointParseException("ssl " + str);
+ }
+
+ break;
+ }
+
+ case 'z':
+ {
+ if(argument != null)
+ {
+ throw new Ice.EndpointParseException("ssl " + str);
+ }
+
+ _compress = true;
+ break;
+ }
+
+ default:
+ {
+ throw new Ice.EndpointParseException("ssl " + str);
+ }
+ }
+ }
}
public
EndpointI(Instance instance, IceInternal.BasicStream s)
{
- _instance = instance;
- s.startReadEncaps();
- _host = s.readString();
- _port = s.readInt();
- _timeout = s.readInt();
- _compress = s.readBool();
- s.endReadEncaps();
- _publish = true;
- calcHashValue();
+ _instance = instance;
+ s.startReadEncaps();
+ _host = s.readString();
+ _port = s.readInt();
+ _timeout = s.readInt();
+ _compress = s.readBool();
+ s.endReadEncaps();
+ _publish = true;
+ calcHashValue();
}
//
@@ -154,13 +154,13 @@ final class EndpointI extends IceInternal.EndpointI
public void
streamWrite(IceInternal.BasicStream s)
{
- s.writeShort(TYPE);
- s.startWriteEncaps();
- s.writeString(_host);
- s.writeInt(_port);
- s.writeInt(_timeout);
- s.writeBool(_compress);
- s.endWriteEncaps();
+ s.writeShort(TYPE);
+ s.startWriteEncaps();
+ s.writeString(_host);
+ s.writeInt(_port);
+ s.writeInt(_timeout);
+ s.writeBool(_compress);
+ s.endWriteEncaps();
}
//
@@ -169,23 +169,23 @@ final class EndpointI extends IceInternal.EndpointI
public String
_toString()
{
- //
- // WARNING: Certain features, such as proxy validation in Glacier2,
- // depend on the format of proxy strings. Changes to toString() and
- // methods called to generate parts of the reference string could break
- // these features. Please review for all features that depend on the
- // format of proxyToString() before changing this and related code.
- //
- String s = "ssl -h " + _host + " -p " + _port;
- if(_timeout != -1)
- {
- s += " -t " + _timeout;
- }
- if(_compress)
- {
- s += " -z";
- }
- return s;
+ //
+ // WARNING: Certain features, such as proxy validation in Glacier2,
+ // depend on the format of proxy strings. Changes to toString() and
+ // methods called to generate parts of the reference string could break
+ // these features. Please review for all features that depend on the
+ // format of proxyToString() before changing this and related code.
+ //
+ String s = "ssl -h " + _host + " -p " + _port;
+ if(_timeout != -1)
+ {
+ s += " -t " + _timeout;
+ }
+ if(_compress)
+ {
+ s += " -z";
+ }
+ return s;
}
//
@@ -194,7 +194,7 @@ final class EndpointI extends IceInternal.EndpointI
public short
type()
{
- return TYPE;
+ return TYPE;
}
//
@@ -204,7 +204,7 @@ final class EndpointI extends IceInternal.EndpointI
public int
timeout()
{
- return _timeout;
+ return _timeout;
}
//
@@ -215,14 +215,14 @@ final class EndpointI extends IceInternal.EndpointI
public IceInternal.EndpointI
timeout(int timeout)
{
- if(timeout == _timeout)
- {
- return this;
- }
- else
- {
- return new EndpointI(_instance, _host, _port, timeout, _connectionId, _compress, _publish);
- }
+ if(timeout == _timeout)
+ {
+ return this;
+ }
+ else
+ {
+ return new EndpointI(_instance, _host, _port, timeout, _connectionId, _compress, _publish);
+ }
}
//
@@ -231,14 +231,14 @@ final class EndpointI extends IceInternal.EndpointI
public IceInternal.EndpointI
connectionId(String connectionId)
{
- if(connectionId.equals(_connectionId))
- {
- return this;
- }
- else
- {
- return new EndpointI(_instance, _host, _port, _timeout, connectionId, _compress, _publish);
- }
+ if(connectionId.equals(_connectionId))
+ {
+ return this;
+ }
+ else
+ {
+ return new EndpointI(_instance, _host, _port, _timeout, connectionId, _compress, _publish);
+ }
}
//
@@ -248,7 +248,7 @@ final class EndpointI extends IceInternal.EndpointI
public boolean
compress()
{
- return _compress;
+ return _compress;
}
//
@@ -259,14 +259,14 @@ final class EndpointI extends IceInternal.EndpointI
public IceInternal.EndpointI
compress(boolean compress)
{
- if(compress == _compress)
- {
- return this;
- }
- else
- {
- return new EndpointI(_instance, _host, _port, _timeout, _connectionId, compress, _publish);
- }
+ if(compress == _compress)
+ {
+ return this;
+ }
+ else
+ {
+ return new EndpointI(_instance, _host, _port, _timeout, _connectionId, compress, _publish);
+ }
}
//
@@ -275,7 +275,7 @@ final class EndpointI extends IceInternal.EndpointI
public boolean
datagram()
{
- return false;
+ return false;
}
//
@@ -284,7 +284,7 @@ final class EndpointI extends IceInternal.EndpointI
public boolean
secure()
{
- return true;
+ return true;
}
//
@@ -293,7 +293,7 @@ final class EndpointI extends IceInternal.EndpointI
public boolean
unknown()
{
- return false;
+ return false;
}
//
@@ -303,7 +303,7 @@ final class EndpointI extends IceInternal.EndpointI
public IceInternal.Transceiver
clientTransceiver()
{
- return null;
+ return null;
}
//
@@ -316,8 +316,8 @@ final class EndpointI extends IceInternal.EndpointI
public IceInternal.Transceiver
serverTransceiver(IceInternal.EndpointIHolder endpoint)
{
- endpoint.value = this;
- return null;
+ endpoint.value = this;
+ return null;
}
//
@@ -327,7 +327,7 @@ final class EndpointI extends IceInternal.EndpointI
public IceInternal.Connector
connector()
{
- return new ConnectorI(_instance, _host, _port);
+ return new ConnectorI(_instance, _host, _port);
}
//
@@ -340,10 +340,10 @@ final class EndpointI extends IceInternal.EndpointI
public IceInternal.Acceptor
acceptor(IceInternal.EndpointIHolder endpoint, String adapterName)
{
- AcceptorI p = new AcceptorI(_instance, adapterName, _host, _port);
- endpoint.value = new EndpointI(_instance, _host, p.effectivePort(), _timeout, _connectionId, _compress,
- _publish);
- return p;
+ AcceptorI p = new AcceptorI(_instance, adapterName, _host, _port);
+ endpoint.value = new EndpointI(_instance, _host, p.effectivePort(), _timeout, _connectionId, _compress,
+ _publish);
+ return p;
}
//
@@ -354,25 +354,25 @@ final class EndpointI extends IceInternal.EndpointI
public java.util.ArrayList
expand(boolean server)
{
- if(_host == null)
- {
- _host = _instance.defaultHost();
+ if(_host == null)
+ {
+ _host = _instance.defaultHost();
if(_host == null)
{
- if(server)
- {
- _host = "0.0.0.0";
- }
- else
- {
- _host = "127.0.0.1";
- }
+ if(server)
+ {
+ _host = "0.0.0.0";
+ }
+ else
+ {
+ _host = "127.0.0.1";
+ }
}
- }
- else if(_host.equals("*"))
- {
- _host = "0.0.0.0";
- }
+ }
+ else if(_host.equals("*"))
+ {
+ _host = "0.0.0.0";
+ }
java.util.ArrayList endps = new java.util.ArrayList();
if(_host.equals("0.0.0.0"))
@@ -383,12 +383,12 @@ final class EndpointI extends IceInternal.EndpointI
{
String host = (String)iter.next();
endps.add(new EndpointI(_instance, host, _port, _timeout, _connectionId, _compress,
- hosts.size() == 1 || !host.equals("127.0.0.1")));
+ hosts.size() == 1 || !host.equals("127.0.0.1")));
}
}
else
{
- calcHashValue();
+ calcHashValue();
endps.add(this);
}
return endps;
@@ -411,28 +411,28 @@ final class EndpointI extends IceInternal.EndpointI
public boolean
equivalent(IceInternal.Transceiver transceiver)
{
- return false;
+ return false;
}
public boolean
equivalent(IceInternal.Acceptor acceptor)
{
- AcceptorI sslAcceptor = null;
- try
- {
- sslAcceptor = (AcceptorI)acceptor;
- }
- catch(ClassCastException ex)
- {
- return false;
- }
- return sslAcceptor.equivalent(_host, _port);
+ AcceptorI sslAcceptor = null;
+ try
+ {
+ sslAcceptor = (AcceptorI)acceptor;
+ }
+ catch(ClassCastException ex)
+ {
+ return false;
+ }
+ return sslAcceptor.equivalent(_host, _port);
}
public int
hashCode()
{
- return _hashCode;
+ return _hashCode;
}
//
@@ -441,111 +441,111 @@ final class EndpointI extends IceInternal.EndpointI
public boolean
equals(java.lang.Object obj)
{
- return compareTo(obj) == 0;
+ return compareTo(obj) == 0;
}
public int
compareTo(java.lang.Object obj) // From java.lang.Comparable
{
- EndpointI p = null;
-
- try
- {
- p = (EndpointI)obj;
- }
- catch(ClassCastException ex)
- {
- return 1;
- }
-
- if(this == p)
- {
- return 0;
- }
-
- if(_port < p._port)
- {
- return -1;
- }
- else if(p._port < _port)
- {
- return 1;
- }
-
- if(!_connectionId.equals(p._connectionId))
- {
- return _connectionId.compareTo(p._connectionId);
- }
-
- if(_timeout < p._timeout)
- {
- return -1;
- }
- else if(p._timeout < _timeout)
- {
- return 1;
- }
-
- if(!_compress && p._compress)
- {
- return -1;
- }
- else if(!p._compress && _compress)
- {
- return 1;
- }
-
- if(!_host.equals(p._host))
- {
- //
- // We do the most time-consuming part of the comparison last.
- //
- java.net.InetSocketAddress laddr = null;
- try
- {
- laddr = IceInternal.Network.getAddress(_host, _port);
- }
- catch(Ice.DNSException ex)
- {
- }
-
- java.net.InetSocketAddress raddr = null;
- try
- {
- raddr = IceInternal.Network.getAddress(p._host, p._port);
- }
- catch(Ice.DNSException ex)
- {
- }
-
- if(laddr == null && raddr != null)
- {
- return -1;
- }
- else if(raddr == null && laddr != null)
- {
- return 1;
- }
- else if(laddr != null && raddr != null)
- {
- byte[] larr = laddr.getAddress().getAddress();
- byte[] rarr = raddr.getAddress().getAddress();
- assert(larr.length == rarr.length);
- for(int i = 0; i < larr.length; i++)
- {
- if(larr[i] < rarr[i])
- {
- return -1;
- }
- else if(rarr[i] < larr[i])
- {
- return 1;
- }
- }
- }
- }
-
- return 0;
+ EndpointI p = null;
+
+ try
+ {
+ p = (EndpointI)obj;
+ }
+ catch(ClassCastException ex)
+ {
+ return 1;
+ }
+
+ if(this == p)
+ {
+ return 0;
+ }
+
+ if(_port < p._port)
+ {
+ return -1;
+ }
+ else if(p._port < _port)
+ {
+ return 1;
+ }
+
+ if(!_connectionId.equals(p._connectionId))
+ {
+ return _connectionId.compareTo(p._connectionId);
+ }
+
+ if(_timeout < p._timeout)
+ {
+ return -1;
+ }
+ else if(p._timeout < _timeout)
+ {
+ return 1;
+ }
+
+ if(!_compress && p._compress)
+ {
+ return -1;
+ }
+ else if(!p._compress && _compress)
+ {
+ return 1;
+ }
+
+ if(!_host.equals(p._host))
+ {
+ //
+ // We do the most time-consuming part of the comparison last.
+ //
+ java.net.InetSocketAddress laddr = null;
+ try
+ {
+ laddr = IceInternal.Network.getAddress(_host, _port);
+ }
+ catch(Ice.DNSException ex)
+ {
+ }
+
+ java.net.InetSocketAddress raddr = null;
+ try
+ {
+ raddr = IceInternal.Network.getAddress(p._host, p._port);
+ }
+ catch(Ice.DNSException ex)
+ {
+ }
+
+ if(laddr == null && raddr != null)
+ {
+ return -1;
+ }
+ else if(raddr == null && laddr != null)
+ {
+ return 1;
+ }
+ else if(laddr != null && raddr != null)
+ {
+ byte[] larr = laddr.getAddress().getAddress();
+ byte[] rarr = raddr.getAddress().getAddress();
+ assert(larr.length == rarr.length);
+ for(int i = 0; i < larr.length; i++)
+ {
+ if(larr[i] < rarr[i])
+ {
+ return -1;
+ }
+ else if(rarr[i] < larr[i])
+ {
+ return 1;
+ }
+ }
+ }
+ }
+
+ return 0;
}
public boolean
@@ -557,19 +557,19 @@ final class EndpointI extends IceInternal.EndpointI
private void
calcHashValue()
{
- try
- {
- java.net.InetSocketAddress addr = IceInternal.Network.getAddress(_host, _port);
- _hashCode = addr.getAddress().getHostAddress().hashCode();
- }
- catch(Ice.DNSException ex)
- {
- _hashCode = _host.hashCode();
- }
- _hashCode = 5 * _hashCode + _port;
- _hashCode = 5 * _hashCode + _timeout;
+ try
+ {
+ java.net.InetSocketAddress addr = IceInternal.Network.getAddress(_host, _port);
+ _hashCode = addr.getAddress().getHostAddress().hashCode();
+ }
+ catch(Ice.DNSException ex)
+ {
+ _hashCode = _host.hashCode();
+ }
+ _hashCode = 5 * _hashCode + _port;
+ _hashCode = 5 * _hashCode + _timeout;
_hashCode = 5 * _hashCode + _connectionId.hashCode();
- _hashCode = 5 * _hashCode + (_compress ? 1 : 0);
+ _hashCode = 5 * _hashCode + (_compress ? 1 : 0);
}
private Instance _instance;
diff --git a/java/ssl/jdk1.4/IceSSL/Instance.java b/java/ssl/jdk1.4/IceSSL/Instance.java
index 1ee0cec652a..2380100c223 100644
--- a/java/ssl/jdk1.4/IceSSL/Instance.java
+++ b/java/ssl/jdk1.4/IceSSL/Instance.java
@@ -13,759 +13,759 @@ class Instance
{
Instance(Ice.Communicator communicator)
{
- _logger = communicator.getLogger();
- _facade = Ice.Util.getProtocolPluginFacade(communicator);
- _securityTraceLevel = communicator.getProperties().getPropertyAsIntWithDefault("IceSSL.Trace.Security", 0);
- _securityTraceCategory = "Security";
- _initialized = false;
- _trustManager = new TrustManager(communicator);
-
- //
- // Register the endpoint factory. We have to do this now, rather than
- // in initialize, because the communicator may need to interpret
- // proxies before the plugin is fully initialized.
- //
- _facade.addEndpointFactory(new EndpointFactoryI(this));
+ _logger = communicator.getLogger();
+ _facade = Ice.Util.getProtocolPluginFacade(communicator);
+ _securityTraceLevel = communicator.getProperties().getPropertyAsIntWithDefault("IceSSL.Trace.Security", 0);
+ _securityTraceCategory = "Security";
+ _initialized = false;
+ _trustManager = new TrustManager(communicator);
+
+ //
+ // Register the endpoint factory. We have to do this now, rather than
+ // in initialize, because the communicator may need to interpret
+ // proxies before the plugin is fully initialized.
+ //
+ _facade.addEndpointFactory(new EndpointFactoryI(this));
}
void
initialize()
{
- if(_initialized)
- {
- return;
- }
-
- final String prefix = "IceSSL.";
- Ice.Properties properties = communicator().getProperties();
-
- //
- // Parse the cipher list.
- //
- String ciphers = properties.getProperty(prefix + "Ciphers");
- if(ciphers.length() > 0)
- {
- parseCiphers(ciphers);
- }
-
- //
- // Select protocols.
- //
- String protocols = properties.getProperty(prefix + "Protocols");
- if(protocols.length() > 0)
- {
- java.util.ArrayList l = new java.util.ArrayList();
- String[] arr = protocols.split("[ \t,]+");
- for(int i = 0; i < arr.length; ++i)
- {
- String s = arr[i].toLowerCase();
- if(s.equals("ssl3") || s.equals("sslv3"))
- {
- l.add("SSLv3");
- }
- else if(s.equals("tls") || s.equals("tls1") || s.equals("tlsv1"))
- {
- l.add("TLSv1");
- }
- else
- {
- Ice.PluginInitializationException e = new Ice.PluginInitializationException();
- e.reason = "IceSSL: unrecognized protocol `" + arr[i] + "'";
- throw e;
- }
- }
- _protocols = new String[l.size()];
- l.toArray(_protocols);
- }
-
- //
- // CheckCertName determines whether we compare the name in a peer's
- // certificate against its hostname.
- //
- _checkCertName = properties.getPropertyAsIntWithDefault(prefix + "CheckCertName", 0) > 0;
-
- //
- // VerifyDepthMax establishes the maximum length of a peer's certificate
- // chain, including the peer's certificate. A value of 0 means there is
- // no maximum.
- //
- _verifyDepthMax = properties.getPropertyAsIntWithDefault(prefix + "VerifyDepthMax", 2);
-
- //
- // If the user doesn't supply an SSLContext, we need to create one based
- // on property settings.
- //
- if(_context == null)
- {
- try
- {
- //
- // Check for a default directory. We look in this directory for
- // files mentioned in the configuration.
- //
- _defaultDir = properties.getProperty(prefix + "DefaultDir");
-
- //
- // We need a SecureRandom object.
- //
- // NOTE: The JDK recommends obtaining a SecureRandom object like this:
- //
- // java.security.SecureRandom rand = java.security.SecureRandom.getInstance("SHA1PRNG");
- //
- // However, there is a bug (6202721) which causes it to always use /dev/random,
- // which can lead to long delays at program startup. The workaround is to use
- // the default constructor.
- //
- java.security.SecureRandom rand = new java.security.SecureRandom();
-
- //
- // Check for seed data for the random number generator.
- //
- final String seedFiles = properties.getProperty(prefix + "Random");
- if(seedFiles.length() > 0)
- {
- byte[] seed = null;
- int start = 0;
- final String[] arr = seedFiles.split(java.io.File.pathSeparator);
- for(int i = 0; i < arr.length; ++i)
- {
- Ice.StringHolder seedFile = new Ice.StringHolder(arr[i]);
- if(!checkPath(seedFile, false))
- {
- Ice.PluginInitializationException e = new Ice.PluginInitializationException();
- e.reason = "IceSSL: random seed file not found:\n" + arr[i];
- throw e;
- }
- java.io.File f = new java.io.File(seedFile.value);
- int num = (int)f.length();
- if(seed == null)
- {
- seed = new byte[num];
- }
- else
- {
- byte[] tmp = new byte[seed.length + num];
- System.arraycopy(seed, 0, tmp, 0, seed.length);
- start = seed.length;
- seed = tmp;
- }
- try
- {
- java.io.FileInputStream in = new java.io.FileInputStream(f);
- in.read(seed, start, num);
- in.close();
- }
- catch(java.io.IOException ex)
- {
- Ice.PluginInitializationException e = new Ice.PluginInitializationException();
- e.reason = "IceSSL: error while reading random seed file:\n" + arr[i];
- e.initCause(ex);
- throw e;
- }
- }
- rand.setSeed(seed);
- }
-
- //
- // We call nextInt() in order to force the object to perform any time-consuming
- // initialization tasks now.
- //
- rand.nextInt();
-
- //
- // The keystore holds private keys and associated certificates.
- //
- Ice.StringHolder keystorePath = new Ice.StringHolder(properties.getProperty(prefix + "Keystore"));
-
- //
- // The password for the keys.
- //
- final String password = properties.getProperty(prefix + "Password");
-
- //
- // The password for the keystore.
- //
- final String keystorePassword = properties.getProperty(prefix + "KeystorePassword");
-
- //
- // The default keystore type value is "JKS", but it can also be "PKCS12".
- //
- final String defaultType = java.security.KeyStore.getDefaultType();
- final String keystoreType = properties.getPropertyWithDefault(prefix + "KeystoreType", defaultType);
-
- //
- // The alias of the key to use in authentication.
- //
- final String alias = properties.getProperty(prefix + "Alias");
-
- //
- // The truststore holds the certificates of trusted CAs.
- //
- Ice.StringHolder truststorePath = new Ice.StringHolder(properties.getProperty(prefix + "Truststore"));
-
- //
- // The password for the truststore.
- //
- final String truststorePassword = properties.getProperty(prefix + "TruststorePassword");
-
- //
- // The truststore type defaults to "JKS", but it can also be "PKCS12".
- //
- String truststoreType = properties.getPropertyWithDefault(prefix + "TruststoreType",
- java.security.KeyStore.getDefaultType());
-
- //
- // Collect the key managers.
- //
- javax.net.ssl.KeyManager[] keyManagers = null;
- if(keystorePath.value.length() > 0)
- {
- if(!checkPath(keystorePath, false))
- {
- Ice.PluginInitializationException e = new Ice.PluginInitializationException();
- e.reason = "IceSSL: keystore file not found:\n" + keystorePath.value;
- throw e;
- }
- java.security.KeyStore keys = java.security.KeyStore.getInstance(keystoreType);
- try
- {
- char[] passwordChars = null;
- if(keystorePassword.length() > 0)
- {
- passwordChars = keystorePassword.toCharArray();
- }
-
- java.io.BufferedInputStream bis =
- new java.io.BufferedInputStream(new java.io.FileInputStream(keystorePath.value));
- keys.load(bis, passwordChars);
- }
- catch(java.io.IOException ex)
- {
- Ice.PluginInitializationException e = new Ice.PluginInitializationException();
- e.reason = "IceSSL: unable to load keystore:\n" + keystorePath.value;
- e.initCause(ex);
- throw e;
- }
-
- String algorithm = javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm();
- javax.net.ssl.KeyManagerFactory kmf = javax.net.ssl.KeyManagerFactory.getInstance(algorithm);
- kmf.init(keys, password.toCharArray());
- keyManagers = kmf.getKeyManagers();
-
- //
- // If the user selected a specific alias, we need to wrap the key managers
- // in order to return the desired alias.
- //
- if(alias.length() > 0)
- {
- if(!keys.isKeyEntry(alias))
- {
- Ice.PluginInitializationException e = new Ice.PluginInitializationException();
- e.reason = "IceSSL: keystore does not contain an entry with alias `" + alias + "'";
- throw e;
- }
-
- for(int i = 0; i < keyManagers.length; ++i)
- {
- keyManagers[i] = new X509KeyManagerI((javax.net.ssl.X509KeyManager)keyManagers[i], alias);
- }
- }
- }
-
- //
- // Collect the trust managers.
- //
- javax.net.ssl.TrustManager[] trustManagers = null;
- if(truststorePath.value.length() > 0)
- {
- if(!checkPath(truststorePath, false))
- {
- Ice.PluginInitializationException e = new Ice.PluginInitializationException();
- e.reason = "IceSSL: truststore file not found:\n" + truststorePath.value;
- throw e;
- }
- java.security.KeyStore ts = java.security.KeyStore.getInstance(truststoreType);
- try
- {
- char[] passwordChars = null;
- if(truststorePassword.length() > 0)
- {
- passwordChars = truststorePassword.toCharArray();
- }
-
- java.io.BufferedInputStream bis =
- new java.io.BufferedInputStream(new java.io.FileInputStream(truststorePath.value));
- ts.load(bis, passwordChars);
- }
- catch(java.io.IOException ex)
- {
- Ice.PluginInitializationException e = new Ice.PluginInitializationException();
- e.reason = "IceSSL: unable to load truststore:\n" + truststorePath.value;
- e.initCause(ex);
- throw e;
- }
-
- String algorithm = javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm();
- javax.net.ssl.TrustManagerFactory tmf = javax.net.ssl.TrustManagerFactory.getInstance(algorithm);
- tmf.init(ts);
- trustManagers = tmf.getTrustManagers();
- }
-
- //
- // The default TrustManager implementation in IBM's JDK does not accept
- // anonymous ciphers, so we have to install our own.
- //
- if(trustManagers == null)
- {
- trustManagers = new javax.net.ssl.TrustManager[1];
- trustManagers[0] = new X509TrustManagerI(null);
- }
- else
- {
- for(int i = 0; i < trustManagers.length; ++i)
- {
- trustManagers[i] = new X509TrustManagerI((javax.net.ssl.X509TrustManager)trustManagers[i]);
- }
- }
-
- //
- // Initialize the SSL context.
- //
- _context = javax.net.ssl.SSLContext.getInstance("SSL");
- _context.init(keyManagers, trustManagers, rand);
- }
- catch(java.security.GeneralSecurityException ex)
- {
- Ice.PluginInitializationException e = new Ice.PluginInitializationException();
- e.reason = "IceSSL: unable to initialize context";
- e.initCause(ex);
- throw e;
- }
- }
-
- _initialized = true;
+ if(_initialized)
+ {
+ return;
+ }
+
+ final String prefix = "IceSSL.";
+ Ice.Properties properties = communicator().getProperties();
+
+ //
+ // Parse the cipher list.
+ //
+ String ciphers = properties.getProperty(prefix + "Ciphers");
+ if(ciphers.length() > 0)
+ {
+ parseCiphers(ciphers);
+ }
+
+ //
+ // Select protocols.
+ //
+ String protocols = properties.getProperty(prefix + "Protocols");
+ if(protocols.length() > 0)
+ {
+ java.util.ArrayList l = new java.util.ArrayList();
+ String[] arr = protocols.split("[ \t,]+");
+ for(int i = 0; i < arr.length; ++i)
+ {
+ String s = arr[i].toLowerCase();
+ if(s.equals("ssl3") || s.equals("sslv3"))
+ {
+ l.add("SSLv3");
+ }
+ else if(s.equals("tls") || s.equals("tls1") || s.equals("tlsv1"))
+ {
+ l.add("TLSv1");
+ }
+ else
+ {
+ Ice.PluginInitializationException e = new Ice.PluginInitializationException();
+ e.reason = "IceSSL: unrecognized protocol `" + arr[i] + "'";
+ throw e;
+ }
+ }
+ _protocols = new String[l.size()];
+ l.toArray(_protocols);
+ }
+
+ //
+ // CheckCertName determines whether we compare the name in a peer's
+ // certificate against its hostname.
+ //
+ _checkCertName = properties.getPropertyAsIntWithDefault(prefix + "CheckCertName", 0) > 0;
+
+ //
+ // VerifyDepthMax establishes the maximum length of a peer's certificate
+ // chain, including the peer's certificate. A value of 0 means there is
+ // no maximum.
+ //
+ _verifyDepthMax = properties.getPropertyAsIntWithDefault(prefix + "VerifyDepthMax", 2);
+
+ //
+ // If the user doesn't supply an SSLContext, we need to create one based
+ // on property settings.
+ //
+ if(_context == null)
+ {
+ try
+ {
+ //
+ // Check for a default directory. We look in this directory for
+ // files mentioned in the configuration.
+ //
+ _defaultDir = properties.getProperty(prefix + "DefaultDir");
+
+ //
+ // We need a SecureRandom object.
+ //
+ // NOTE: The JDK recommends obtaining a SecureRandom object like this:
+ //
+ // java.security.SecureRandom rand = java.security.SecureRandom.getInstance("SHA1PRNG");
+ //
+ // However, there is a bug (6202721) which causes it to always use /dev/random,
+ // which can lead to long delays at program startup. The workaround is to use
+ // the default constructor.
+ //
+ java.security.SecureRandom rand = new java.security.SecureRandom();
+
+ //
+ // Check for seed data for the random number generator.
+ //
+ final String seedFiles = properties.getProperty(prefix + "Random");
+ if(seedFiles.length() > 0)
+ {
+ byte[] seed = null;
+ int start = 0;
+ final String[] arr = seedFiles.split(java.io.File.pathSeparator);
+ for(int i = 0; i < arr.length; ++i)
+ {
+ Ice.StringHolder seedFile = new Ice.StringHolder(arr[i]);
+ if(!checkPath(seedFile, false))
+ {
+ Ice.PluginInitializationException e = new Ice.PluginInitializationException();
+ e.reason = "IceSSL: random seed file not found:\n" + arr[i];
+ throw e;
+ }
+ java.io.File f = new java.io.File(seedFile.value);
+ int num = (int)f.length();
+ if(seed == null)
+ {
+ seed = new byte[num];
+ }
+ else
+ {
+ byte[] tmp = new byte[seed.length + num];
+ System.arraycopy(seed, 0, tmp, 0, seed.length);
+ start = seed.length;
+ seed = tmp;
+ }
+ try
+ {
+ java.io.FileInputStream in = new java.io.FileInputStream(f);
+ in.read(seed, start, num);
+ in.close();
+ }
+ catch(java.io.IOException ex)
+ {
+ Ice.PluginInitializationException e = new Ice.PluginInitializationException();
+ e.reason = "IceSSL: error while reading random seed file:\n" + arr[i];
+ e.initCause(ex);
+ throw e;
+ }
+ }
+ rand.setSeed(seed);
+ }
+
+ //
+ // We call nextInt() in order to force the object to perform any time-consuming
+ // initialization tasks now.
+ //
+ rand.nextInt();
+
+ //
+ // The keystore holds private keys and associated certificates.
+ //
+ Ice.StringHolder keystorePath = new Ice.StringHolder(properties.getProperty(prefix + "Keystore"));
+
+ //
+ // The password for the keys.
+ //
+ final String password = properties.getProperty(prefix + "Password");
+
+ //
+ // The password for the keystore.
+ //
+ final String keystorePassword = properties.getProperty(prefix + "KeystorePassword");
+
+ //
+ // The default keystore type value is "JKS", but it can also be "PKCS12".
+ //
+ final String defaultType = java.security.KeyStore.getDefaultType();
+ final String keystoreType = properties.getPropertyWithDefault(prefix + "KeystoreType", defaultType);
+
+ //
+ // The alias of the key to use in authentication.
+ //
+ final String alias = properties.getProperty(prefix + "Alias");
+
+ //
+ // The truststore holds the certificates of trusted CAs.
+ //
+ Ice.StringHolder truststorePath = new Ice.StringHolder(properties.getProperty(prefix + "Truststore"));
+
+ //
+ // The password for the truststore.
+ //
+ final String truststorePassword = properties.getProperty(prefix + "TruststorePassword");
+
+ //
+ // The truststore type defaults to "JKS", but it can also be "PKCS12".
+ //
+ String truststoreType = properties.getPropertyWithDefault(prefix + "TruststoreType",
+ java.security.KeyStore.getDefaultType());
+
+ //
+ // Collect the key managers.
+ //
+ javax.net.ssl.KeyManager[] keyManagers = null;
+ if(keystorePath.value.length() > 0)
+ {
+ if(!checkPath(keystorePath, false))
+ {
+ Ice.PluginInitializationException e = new Ice.PluginInitializationException();
+ e.reason = "IceSSL: keystore file not found:\n" + keystorePath.value;
+ throw e;
+ }
+ java.security.KeyStore keys = java.security.KeyStore.getInstance(keystoreType);
+ try
+ {
+ char[] passwordChars = null;
+ if(keystorePassword.length() > 0)
+ {
+ passwordChars = keystorePassword.toCharArray();
+ }
+
+ java.io.BufferedInputStream bis =
+ new java.io.BufferedInputStream(new java.io.FileInputStream(keystorePath.value));
+ keys.load(bis, passwordChars);
+ }
+ catch(java.io.IOException ex)
+ {
+ Ice.PluginInitializationException e = new Ice.PluginInitializationException();
+ e.reason = "IceSSL: unable to load keystore:\n" + keystorePath.value;
+ e.initCause(ex);
+ throw e;
+ }
+
+ String algorithm = javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm();
+ javax.net.ssl.KeyManagerFactory kmf = javax.net.ssl.KeyManagerFactory.getInstance(algorithm);
+ kmf.init(keys, password.toCharArray());
+ keyManagers = kmf.getKeyManagers();
+
+ //
+ // If the user selected a specific alias, we need to wrap the key managers
+ // in order to return the desired alias.
+ //
+ if(alias.length() > 0)
+ {
+ if(!keys.isKeyEntry(alias))
+ {
+ Ice.PluginInitializationException e = new Ice.PluginInitializationException();
+ e.reason = "IceSSL: keystore does not contain an entry with alias `" + alias + "'";
+ throw e;
+ }
+
+ for(int i = 0; i < keyManagers.length; ++i)
+ {
+ keyManagers[i] = new X509KeyManagerI((javax.net.ssl.X509KeyManager)keyManagers[i], alias);
+ }
+ }
+ }
+
+ //
+ // Collect the trust managers.
+ //
+ javax.net.ssl.TrustManager[] trustManagers = null;
+ if(truststorePath.value.length() > 0)
+ {
+ if(!checkPath(truststorePath, false))
+ {
+ Ice.PluginInitializationException e = new Ice.PluginInitializationException();
+ e.reason = "IceSSL: truststore file not found:\n" + truststorePath.value;
+ throw e;
+ }
+ java.security.KeyStore ts = java.security.KeyStore.getInstance(truststoreType);
+ try
+ {
+ char[] passwordChars = null;
+ if(truststorePassword.length() > 0)
+ {
+ passwordChars = truststorePassword.toCharArray();
+ }
+
+ java.io.BufferedInputStream bis =
+ new java.io.BufferedInputStream(new java.io.FileInputStream(truststorePath.value));
+ ts.load(bis, passwordChars);
+ }
+ catch(java.io.IOException ex)
+ {
+ Ice.PluginInitializationException e = new Ice.PluginInitializationException();
+ e.reason = "IceSSL: unable to load truststore:\n" + truststorePath.value;
+ e.initCause(ex);
+ throw e;
+ }
+
+ String algorithm = javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm();
+ javax.net.ssl.TrustManagerFactory tmf = javax.net.ssl.TrustManagerFactory.getInstance(algorithm);
+ tmf.init(ts);
+ trustManagers = tmf.getTrustManagers();
+ }
+
+ //
+ // The default TrustManager implementation in IBM's JDK does not accept
+ // anonymous ciphers, so we have to install our own.
+ //
+ if(trustManagers == null)
+ {
+ trustManagers = new javax.net.ssl.TrustManager[1];
+ trustManagers[0] = new X509TrustManagerI(null);
+ }
+ else
+ {
+ for(int i = 0; i < trustManagers.length; ++i)
+ {
+ trustManagers[i] = new X509TrustManagerI((javax.net.ssl.X509TrustManager)trustManagers[i]);
+ }
+ }
+
+ //
+ // Initialize the SSL context.
+ //
+ _context = javax.net.ssl.SSLContext.getInstance("SSL");
+ _context.init(keyManagers, trustManagers, rand);
+ }
+ catch(java.security.GeneralSecurityException ex)
+ {
+ Ice.PluginInitializationException e = new Ice.PluginInitializationException();
+ e.reason = "IceSSL: unable to initialize context";
+ e.initCause(ex);
+ throw e;
+ }
+ }
+
+ _initialized = true;
}
void
context(javax.net.ssl.SSLContext context)
{
- if(_initialized)
- {
- Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
- ex.reason = "IceSSL: plugin is already initialized";
- throw ex;
- }
-
- _context = context;
+ if(_initialized)
+ {
+ Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
+ ex.reason = "IceSSL: plugin is already initialized";
+ throw ex;
+ }
+
+ _context = context;
}
javax.net.ssl.SSLContext
context()
{
- return _context;
+ return _context;
}
void
setCertificateVerifier(CertificateVerifier verifier)
{
- _verifier = verifier;
+ _verifier = verifier;
}
Ice.Communicator
communicator()
{
- return _facade.getCommunicator();
+ return _facade.getCommunicator();
}
String
defaultHost()
{
- return _facade.getDefaultHost();
+ return _facade.getDefaultHost();
}
int
networkTraceLevel()
{
- return _facade.getNetworkTraceLevel();
+ return _facade.getNetworkTraceLevel();
}
String
networkTraceCategory()
{
- return _facade.getNetworkTraceCategory();
+ return _facade.getNetworkTraceCategory();
}
int
securityTraceLevel()
{
- return _securityTraceLevel;
+ return _securityTraceLevel;
}
String
securityTraceCategory()
{
- return _securityTraceCategory;
+ return _securityTraceCategory;
}
boolean
initialized()
{
- return _initialized;
+ return _initialized;
}
String[]
filterCiphers(String[] supportedCiphers, String[] defaultCiphers)
{
- java.util.LinkedList result = new java.util.LinkedList();
- if(_allCiphers)
- {
- for(int i = 0; i < supportedCiphers.length; ++i)
- {
- result.add(supportedCiphers[i]);
- }
- }
- else if(!_noCiphers)
- {
- for(int i = 0; i < defaultCiphers.length; ++i)
- {
- result.add(defaultCiphers[i]);
- }
- }
-
- if(_ciphers != null)
- {
- for(int i = 0; i < _ciphers.length; ++i)
- {
- CipherExpression ce = (CipherExpression)_ciphers[i];
- if(ce.not)
- {
- java.util.Iterator e = result.iterator();
- while(e.hasNext())
- {
- String cipher = (String)e.next();
- if(ce.cipher != null)
- {
- if(ce.cipher.equals(cipher))
- {
- e.remove();
- }
- }
- else
- {
- assert(ce.re != null);
- java.util.regex.Matcher m = ce.re.matcher(cipher);
- if(m.find())
- {
- e.remove();
- }
- }
- }
- }
- else
- {
- if(ce.cipher != null)
- {
- result.add(0, ce.cipher);
- }
- else
- {
- assert(ce.re != null);
- for(int j = 0; j < supportedCiphers.length; ++j)
- {
- java.util.regex.Matcher m = ce.re.matcher(supportedCiphers[j]);
- if(m.find())
- {
- result.add(0, supportedCiphers[j]);
- }
- }
- }
- }
- }
- }
-
- String[] arr = new String[result.size()];
- result.toArray(arr);
- return arr;
+ java.util.LinkedList result = new java.util.LinkedList();
+ if(_allCiphers)
+ {
+ for(int i = 0; i < supportedCiphers.length; ++i)
+ {
+ result.add(supportedCiphers[i]);
+ }
+ }
+ else if(!_noCiphers)
+ {
+ for(int i = 0; i < defaultCiphers.length; ++i)
+ {
+ result.add(defaultCiphers[i]);
+ }
+ }
+
+ if(_ciphers != null)
+ {
+ for(int i = 0; i < _ciphers.length; ++i)
+ {
+ CipherExpression ce = (CipherExpression)_ciphers[i];
+ if(ce.not)
+ {
+ java.util.Iterator e = result.iterator();
+ while(e.hasNext())
+ {
+ String cipher = (String)e.next();
+ if(ce.cipher != null)
+ {
+ if(ce.cipher.equals(cipher))
+ {
+ e.remove();
+ }
+ }
+ else
+ {
+ assert(ce.re != null);
+ java.util.regex.Matcher m = ce.re.matcher(cipher);
+ if(m.find())
+ {
+ e.remove();
+ }
+ }
+ }
+ }
+ else
+ {
+ if(ce.cipher != null)
+ {
+ result.add(0, ce.cipher);
+ }
+ else
+ {
+ assert(ce.re != null);
+ for(int j = 0; j < supportedCiphers.length; ++j)
+ {
+ java.util.regex.Matcher m = ce.re.matcher(supportedCiphers[j]);
+ if(m.find())
+ {
+ result.add(0, supportedCiphers[j]);
+ }
+ }
+ }
+ }
+ }
+ }
+
+ String[] arr = new String[result.size()];
+ result.toArray(arr);
+ return arr;
}
String[]
protocols()
{
- return _protocols;
+ return _protocols;
}
void
traceConnection(javax.net.ssl.SSLSocket fd, boolean incoming)
{
- javax.net.ssl.SSLSession session = fd.getSession();
- String msg = "SSL summary for " + (incoming ? "incoming" : "outgoing") + " connection\n" +
- "cipher = " + session.getCipherSuite() + "\n" +
- "protocol = " + session.getProtocol() + "\n" +
- IceInternal.Network.fdToString(fd);
- _logger.trace(_securityTraceCategory, msg);
+ javax.net.ssl.SSLSession session = fd.getSession();
+ String msg = "SSL summary for " + (incoming ? "incoming" : "outgoing") + " connection\n" +
+ "cipher = " + session.getCipherSuite() + "\n" +
+ "protocol = " + session.getProtocol() + "\n" +
+ IceInternal.Network.fdToString(fd);
+ _logger.trace(_securityTraceCategory, msg);
}
void
verifyPeer(ConnectionInfo info, javax.net.ssl.SSLSocket fd, String address, boolean incoming)
{
- if(_verifyDepthMax > 0 && info.certs != null && info.certs.length > _verifyDepthMax)
- {
- String msg = (incoming ? "incoming" : "outgoing") + " connection rejected:\n" +
- "length of peer's certificate chain (" + info.certs.length + ") exceeds maximum of " +
- _verifyDepthMax + "\n" +
- IceInternal.Network.fdToString(fd);
- if(_securityTraceLevel >= 1)
- {
- _logger.trace(_securityTraceCategory, msg);
- }
- Ice.SecurityException ex = new Ice.SecurityException();
- ex.reason = msg;
- throw ex;
- }
-
- //
- // Extract the IP addresses and the DNS names from the subject
- // alternative names.
- //
- if(info.certs != null)
- {
- try
- {
- java.util.Collection subjectAltNames =
- ((java.security.cert.X509Certificate)info.certs[0]).getSubjectAlternativeNames();
- java.util.ArrayList ipAddresses = new java.util.ArrayList();
- java.util.ArrayList dnsNames = new java.util.ArrayList();
- if(subjectAltNames != null)
- {
- java.util.Iterator i = subjectAltNames.iterator();
- while(i.hasNext())
- {
- java.util.List l = (java.util.List)i.next();
- assert(!l.isEmpty());
- Integer n = (Integer)l.get(0);
- if(n.intValue() == 7)
- {
- ipAddresses.add((String)l.get(1));
- }
- else if(n.intValue() == 2)
- {
- dnsNames.add(((String)l.get(1)).toLowerCase());
- }
- }
- }
-
- //
- // Compare the peer's address against the dnsName and ipAddress values.
- // This is only relevant for an outgoing connection.
- //
- if(address.length() > 0)
- {
- boolean certNameOK = ipAddresses.contains(address);
- if(!certNameOK)
- {
- certNameOK = dnsNames.contains(address.toLowerCase());
- }
-
- //
- // Log a message if the name comparison fails. If CheckCertName is defined,
- // we also raise an exception to abort the connection. Don't log a message if
- // CheckCertName is not defined and a verifier is present.
- //
- if(!certNameOK && (_checkCertName || (_securityTraceLevel >= 1 && _verifier == null)))
- {
- StringBuffer sb = new StringBuffer();
- sb.append("IceSSL: ");
- if(!_checkCertName)
- {
- sb.append("ignoring ");
- }
- sb.append("certificate validation failure:\npeer certificate does not contain `" +
- address + "' in its subjectAltName extension");
- if(!dnsNames.isEmpty())
- {
- sb.append("\nDNS names found in certificate: ");
- for(int j = 0; j < dnsNames.size(); ++j)
- {
- if(j > 0)
- {
- sb.append(", ");
- }
- sb.append(dnsNames.get(j).toString());
- }
- }
- if(!ipAddresses.isEmpty())
- {
- sb.append("\nIP addresses found in certificate: ");
- for(int j = 0; j < ipAddresses.size(); ++j)
- {
- if(j > 0)
- {
- sb.append(", ");
- }
- sb.append(ipAddresses.get(j).toString());
- }
- }
- if(_securityTraceLevel >= 1)
- {
- _logger.trace(_securityTraceCategory, sb.toString());
- }
- if(_checkCertName)
- {
- Ice.SecurityException ex = new Ice.SecurityException();
- ex.reason = sb.toString();
- throw ex;
- }
- }
- }
- }
- catch(java.security.cert.CertificateParsingException ex)
- {
- assert(false);
- }
- }
-
- if(!_trustManager.verify(info))
- {
- String msg = (incoming ? "incoming" : "outgoing") + " connection rejected by trust manager\n" +
- IceInternal.Network.fdToString(fd);
- if(_securityTraceLevel >= 1)
- {
- _logger.trace(_securityTraceCategory, msg);
- }
- Ice.SecurityException ex = new Ice.SecurityException();
- ex.reason = msg;
- throw ex;
- }
-
- if(_verifier != null && !_verifier.verify(info))
- {
- String msg = (incoming ? "incoming" : "outgoing") + " connection rejected by certificate verifier\n" +
- IceInternal.Network.fdToString(fd);
-
- if(_securityTraceLevel > 0)
- {
- _logger.trace(_securityTraceCategory, msg);
- }
-
- Ice.SecurityException ex = new Ice.SecurityException();
- ex.reason = msg;
- throw ex;
- }
+ if(_verifyDepthMax > 0 && info.certs != null && info.certs.length > _verifyDepthMax)
+ {
+ String msg = (incoming ? "incoming" : "outgoing") + " connection rejected:\n" +
+ "length of peer's certificate chain (" + info.certs.length + ") exceeds maximum of " +
+ _verifyDepthMax + "\n" +
+ IceInternal.Network.fdToString(fd);
+ if(_securityTraceLevel >= 1)
+ {
+ _logger.trace(_securityTraceCategory, msg);
+ }
+ Ice.SecurityException ex = new Ice.SecurityException();
+ ex.reason = msg;
+ throw ex;
+ }
+
+ //
+ // Extract the IP addresses and the DNS names from the subject
+ // alternative names.
+ //
+ if(info.certs != null)
+ {
+ try
+ {
+ java.util.Collection subjectAltNames =
+ ((java.security.cert.X509Certificate)info.certs[0]).getSubjectAlternativeNames();
+ java.util.ArrayList ipAddresses = new java.util.ArrayList();
+ java.util.ArrayList dnsNames = new java.util.ArrayList();
+ if(subjectAltNames != null)
+ {
+ java.util.Iterator i = subjectAltNames.iterator();
+ while(i.hasNext())
+ {
+ java.util.List l = (java.util.List)i.next();
+ assert(!l.isEmpty());
+ Integer n = (Integer)l.get(0);
+ if(n.intValue() == 7)
+ {
+ ipAddresses.add((String)l.get(1));
+ }
+ else if(n.intValue() == 2)
+ {
+ dnsNames.add(((String)l.get(1)).toLowerCase());
+ }
+ }
+ }
+
+ //
+ // Compare the peer's address against the dnsName and ipAddress values.
+ // This is only relevant for an outgoing connection.
+ //
+ if(address.length() > 0)
+ {
+ boolean certNameOK = ipAddresses.contains(address);
+ if(!certNameOK)
+ {
+ certNameOK = dnsNames.contains(address.toLowerCase());
+ }
+
+ //
+ // Log a message if the name comparison fails. If CheckCertName is defined,
+ // we also raise an exception to abort the connection. Don't log a message if
+ // CheckCertName is not defined and a verifier is present.
+ //
+ if(!certNameOK && (_checkCertName || (_securityTraceLevel >= 1 && _verifier == null)))
+ {
+ StringBuffer sb = new StringBuffer();
+ sb.append("IceSSL: ");
+ if(!_checkCertName)
+ {
+ sb.append("ignoring ");
+ }
+ sb.append("certificate validation failure:\npeer certificate does not contain `" +
+ address + "' in its subjectAltName extension");
+ if(!dnsNames.isEmpty())
+ {
+ sb.append("\nDNS names found in certificate: ");
+ for(int j = 0; j < dnsNames.size(); ++j)
+ {
+ if(j > 0)
+ {
+ sb.append(", ");
+ }
+ sb.append(dnsNames.get(j).toString());
+ }
+ }
+ if(!ipAddresses.isEmpty())
+ {
+ sb.append("\nIP addresses found in certificate: ");
+ for(int j = 0; j < ipAddresses.size(); ++j)
+ {
+ if(j > 0)
+ {
+ sb.append(", ");
+ }
+ sb.append(ipAddresses.get(j).toString());
+ }
+ }
+ if(_securityTraceLevel >= 1)
+ {
+ _logger.trace(_securityTraceCategory, sb.toString());
+ }
+ if(_checkCertName)
+ {
+ Ice.SecurityException ex = new Ice.SecurityException();
+ ex.reason = sb.toString();
+ throw ex;
+ }
+ }
+ }
+ }
+ catch(java.security.cert.CertificateParsingException ex)
+ {
+ assert(false);
+ }
+ }
+
+ if(!_trustManager.verify(info))
+ {
+ String msg = (incoming ? "incoming" : "outgoing") + " connection rejected by trust manager\n" +
+ IceInternal.Network.fdToString(fd);
+ if(_securityTraceLevel >= 1)
+ {
+ _logger.trace(_securityTraceCategory, msg);
+ }
+ Ice.SecurityException ex = new Ice.SecurityException();
+ ex.reason = msg;
+ throw ex;
+ }
+
+ if(_verifier != null && !_verifier.verify(info))
+ {
+ String msg = (incoming ? "incoming" : "outgoing") + " connection rejected by certificate verifier\n" +
+ IceInternal.Network.fdToString(fd);
+
+ if(_securityTraceLevel > 0)
+ {
+ _logger.trace(_securityTraceCategory, msg);
+ }
+
+ Ice.SecurityException ex = new Ice.SecurityException();
+ ex.reason = msg;
+ throw ex;
+ }
}
private void
parseCiphers(String ciphers)
{
- java.util.ArrayList cipherList = new java.util.ArrayList();
- String[] expr = ciphers.split("[ \t]+");
- for(int i = 0; i < expr.length; ++i)
- {
- if(expr[i].equals("ALL"))
- {
- if(i != 0)
- {
- Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
- ex.reason = "IceSSL: `ALL' must be first in cipher list `" + ciphers + "'";
- throw ex;
- }
- _allCiphers = true;
- }
- else if(expr[i].equals("NONE"))
- {
- if(i != 0)
- {
- Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
- ex.reason = "IceSSL: `NONE' must be first in cipher list `" + ciphers + "'";
- throw ex;
- }
- _noCiphers = true;
- }
- else
- {
- CipherExpression ce = new CipherExpression();
- String exp = expr[i];
- if(exp.charAt(0) == '!')
- {
- ce.not = true;
- if(exp.length() > 1)
- {
- exp = exp.substring(1);
- }
- else
- {
- Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
- ex.reason = "IceSSL: invalid cipher expression `" + exp + "'";
- throw ex;
- }
- }
-
- if(exp.charAt(0) == '(')
- {
- if(!exp.endsWith(")"))
- {
- Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
- ex.reason = "IceSSL: invalid cipher expression `" + exp + "'";
- throw ex;
- }
-
- try
- {
- ce.re = java.util.regex.Pattern.compile(exp.substring(1, exp.length() - 2));
- }
- catch(java.util.regex.PatternSyntaxException ex)
- {
- Ice.PluginInitializationException e = new Ice.PluginInitializationException();
- e.reason = "IceSSL: invalid cipher expression `" + exp + "'";
- e.initCause(ex);
- throw e;
- }
- }
- else
- {
- ce.cipher = exp;
- }
-
- cipherList.add(ce);
- }
- }
- _ciphers = new CipherExpression[cipherList.size()];
- cipherList.toArray(_ciphers);
+ java.util.ArrayList cipherList = new java.util.ArrayList();
+ String[] expr = ciphers.split("[ \t]+");
+ for(int i = 0; i < expr.length; ++i)
+ {
+ if(expr[i].equals("ALL"))
+ {
+ if(i != 0)
+ {
+ Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
+ ex.reason = "IceSSL: `ALL' must be first in cipher list `" + ciphers + "'";
+ throw ex;
+ }
+ _allCiphers = true;
+ }
+ else if(expr[i].equals("NONE"))
+ {
+ if(i != 0)
+ {
+ Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
+ ex.reason = "IceSSL: `NONE' must be first in cipher list `" + ciphers + "'";
+ throw ex;
+ }
+ _noCiphers = true;
+ }
+ else
+ {
+ CipherExpression ce = new CipherExpression();
+ String exp = expr[i];
+ if(exp.charAt(0) == '!')
+ {
+ ce.not = true;
+ if(exp.length() > 1)
+ {
+ exp = exp.substring(1);
+ }
+ else
+ {
+ Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
+ ex.reason = "IceSSL: invalid cipher expression `" + exp + "'";
+ throw ex;
+ }
+ }
+
+ if(exp.charAt(0) == '(')
+ {
+ if(!exp.endsWith(")"))
+ {
+ Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
+ ex.reason = "IceSSL: invalid cipher expression `" + exp + "'";
+ throw ex;
+ }
+
+ try
+ {
+ ce.re = java.util.regex.Pattern.compile(exp.substring(1, exp.length() - 2));
+ }
+ catch(java.util.regex.PatternSyntaxException ex)
+ {
+ Ice.PluginInitializationException e = new Ice.PluginInitializationException();
+ e.reason = "IceSSL: invalid cipher expression `" + exp + "'";
+ e.initCause(ex);
+ throw e;
+ }
+ }
+ else
+ {
+ ce.cipher = exp;
+ }
+
+ cipherList.add(ce);
+ }
+ }
+ _ciphers = new CipherExpression[cipherList.size()];
+ cipherList.toArray(_ciphers);
}
private boolean
checkPath(Ice.StringHolder path, boolean dir)
{
- //
- // Check if file exists. If not, try prepending the default
- // directory and check again. If the file is found, the
- // string argument is modified and true is returned. Otherwise
- // false is returned.
- //
- java.io.File f = new java.io.File(path.value);
- if(f.exists())
- {
- return dir ? f.isDirectory() : f.isFile();
- }
-
- if(_defaultDir.length() > 0)
- {
- String s = _defaultDir + java.io.File.separator + path.value;
- f = new java.io.File(s);
- if(f.exists() && ((!dir && f.isFile()) || (dir && f.isDirectory())))
- {
- path.value = s;
- return true;
- }
- }
-
- return false;
+ //
+ // Check if file exists. If not, try prepending the default
+ // directory and check again. If the file is found, the
+ // string argument is modified and true is returned. Otherwise
+ // false is returned.
+ //
+ java.io.File f = new java.io.File(path.value);
+ if(f.exists())
+ {
+ return dir ? f.isDirectory() : f.isFile();
+ }
+
+ if(_defaultDir.length() > 0)
+ {
+ String s = _defaultDir + java.io.File.separator + path.value;
+ f = new java.io.File(s);
+ if(f.exists() && ((!dir && f.isFile()) || (dir && f.isDirectory())))
+ {
+ path.value = s;
+ return true;
+ }
+ }
+
+ return false;
}
private static class CipherExpression
{
- boolean not;
- String cipher;
- java.util.regex.Pattern re;
+ boolean not;
+ String cipher;
+ java.util.regex.Pattern re;
}
private Ice.Logger _logger;
diff --git a/java/ssl/jdk1.4/IceSSL/PluginFactory.java b/java/ssl/jdk1.4/IceSSL/PluginFactory.java
index 99780d2b4cc..70064d8a1b0 100644
--- a/java/ssl/jdk1.4/IceSSL/PluginFactory.java
+++ b/java/ssl/jdk1.4/IceSSL/PluginFactory.java
@@ -14,6 +14,6 @@ public class PluginFactory implements Ice.PluginFactory
public Ice.Plugin
create(Ice.Communicator communicator, String name, String[] args)
{
- return new PluginI(communicator);
+ return new PluginI(communicator);
}
}
diff --git a/java/ssl/jdk1.4/IceSSL/PluginI.java b/java/ssl/jdk1.4/IceSSL/PluginI.java
index 29033552bb3..3719852e718 100644
--- a/java/ssl/jdk1.4/IceSSL/PluginI.java
+++ b/java/ssl/jdk1.4/IceSSL/PluginI.java
@@ -14,13 +14,13 @@ class PluginI extends Ice.LocalObjectImpl implements Plugin
public
PluginI(Ice.Communicator communicator)
{
- _instance = new Instance(communicator);
+ _instance = new Instance(communicator);
}
public void
initialize()
{
- _instance.initialize();
+ _instance.initialize();
}
public void
@@ -31,19 +31,19 @@ class PluginI extends Ice.LocalObjectImpl implements Plugin
public void
setContext(javax.net.ssl.SSLContext context)
{
- _instance.context(context);
+ _instance.context(context);
}
public javax.net.ssl.SSLContext
getContext()
{
- return _instance.context();
+ return _instance.context();
}
public void
setCertificateVerifier(CertificateVerifier verifier)
{
- _instance.setCertificateVerifier(verifier);
+ _instance.setCertificateVerifier(verifier);
}
private Instance _instance;
diff --git a/java/ssl/jdk1.4/IceSSL/RFC2253.java b/java/ssl/jdk1.4/IceSSL/RFC2253.java
index d7034a9027b..601f8622aa4 100644
--- a/java/ssl/jdk1.4/IceSSL/RFC2253.java
+++ b/java/ssl/jdk1.4/IceSSL/RFC2253.java
@@ -16,324 +16,324 @@ class RFC2253
{
static class ParseException extends Ice.LocalException
{
- public ParseException()
- {
- }
+ public ParseException()
+ {
+ }
- public ParseException(String reason)
- {
- this.reason = reason;
- }
+ public ParseException(String reason)
+ {
+ this.reason = reason;
+ }
- public String
- ice_name()
- {
- return "RFC2253::ParseException";
- }
+ public String
+ ice_name()
+ {
+ return "RFC2253::ParseException";
+ }
- public String reason;
+ public String reason;
}
static class RDNPair
{
- String key;
- String value;
+ String key;
+ String value;
}
static private class ParseState
{
- String data;
- int pos;
+ String data;
+ int pos;
}
public static java.util.List
parse(String data)
- throws ParseException
+ throws ParseException
{
- java.util.List results = new java.util.LinkedList();
- java.util.List current = new java.util.LinkedList();
- ParseState state = new ParseState();
- state.data = data;
- state.pos = 0;
- while(state.pos < state.data.length())
- {
- current.add(parseNameComponent(state));
- eatWhite(state);
- if(state.pos < state.data.length() && state.data.charAt(state.pos) == ',')
- {
- ++state.pos;
- }
- else if(state.pos < state.data.length() && state.data.charAt(state.pos) == ';')
- {
- ++state.pos;
- results.add(current);
- current = new java.util.LinkedList();
- }
- else if(state.pos < state.data.length())
- {
- throw new ParseException("expected ',' or ';' at `" + state.data.substring(state.pos) + "'");
- }
- }
- if(!current.isEmpty())
- {
- results.add(current);
- }
+ java.util.List results = new java.util.LinkedList();
+ java.util.List current = new java.util.LinkedList();
+ ParseState state = new ParseState();
+ state.data = data;
+ state.pos = 0;
+ while(state.pos < state.data.length())
+ {
+ current.add(parseNameComponent(state));
+ eatWhite(state);
+ if(state.pos < state.data.length() && state.data.charAt(state.pos) == ',')
+ {
+ ++state.pos;
+ }
+ else if(state.pos < state.data.length() && state.data.charAt(state.pos) == ';')
+ {
+ ++state.pos;
+ results.add(current);
+ current = new java.util.LinkedList();
+ }
+ else if(state.pos < state.data.length())
+ {
+ throw new ParseException("expected ',' or ';' at `" + state.data.substring(state.pos) + "'");
+ }
+ }
+ if(!current.isEmpty())
+ {
+ results.add(current);
+ }
- return results;
+ return results;
}
public static java.util.List
parseStrict(String data)
- throws ParseException
+ throws ParseException
{
- java.util.List results = new java.util.LinkedList();
- ParseState state = new ParseState();
- state.data = data;
- state.pos = 0;
- while(state.pos < state.data.length())
- {
- results.add(parseNameComponent(state));
- eatWhite(state);
- if(state.pos < state.data.length() &&
- (state.data.charAt(state.pos) == ',' || state.data.charAt(state.pos) == ';'))
- {
- ++state.pos;
- }
- else if(state.pos < state.data.length())
- {
- throw new ParseException("expected ',' or ';' at `" + state.data.substring(state.pos) + "'");
- }
- }
- return results;
+ java.util.List results = new java.util.LinkedList();
+ ParseState state = new ParseState();
+ state.data = data;
+ state.pos = 0;
+ while(state.pos < state.data.length())
+ {
+ results.add(parseNameComponent(state));
+ eatWhite(state);
+ if(state.pos < state.data.length() &&
+ (state.data.charAt(state.pos) == ',' || state.data.charAt(state.pos) == ';'))
+ {
+ ++state.pos;
+ }
+ else if(state.pos < state.data.length())
+ {
+ throw new ParseException("expected ',' or ';' at `" + state.data.substring(state.pos) + "'");
+ }
+ }
+ return results;
}
private static RDNPair
parseNameComponent(ParseState state)
- throws ParseException
+ throws ParseException
{
- RDNPair result = parseAttributeTypeAndValue(state);
- while(state.pos < state.data.length())
- {
- eatWhite(state);
- if(state.pos < state.data.length() && state.data.charAt(state.pos) == '+')
- {
- ++state.pos;
- }
- else
- {
- break;
- }
- RDNPair p = parseAttributeTypeAndValue(state);
- result.value += "+";
- result.value += p.key;
- result.value += '=';
- result.value += p.value;
- }
- return result;
+ RDNPair result = parseAttributeTypeAndValue(state);
+ while(state.pos < state.data.length())
+ {
+ eatWhite(state);
+ if(state.pos < state.data.length() && state.data.charAt(state.pos) == '+')
+ {
+ ++state.pos;
+ }
+ else
+ {
+ break;
+ }
+ RDNPair p = parseAttributeTypeAndValue(state);
+ result.value += "+";
+ result.value += p.key;
+ result.value += '=';
+ result.value += p.value;
+ }
+ return result;
}
private static RDNPair
parseAttributeTypeAndValue(ParseState state)
- throws ParseException
+ throws ParseException
{
- RDNPair p = new RDNPair();
- p.key = parseAttributeType(state);
- eatWhite(state);
- if(state.pos >= state.data.length())
- {
- throw new ParseException("invalid attribute type/value pair (unexpected end of state.data)");
- }
- if(state.data.charAt(state.pos) != '=')
- {
- throw new ParseException("invalid attribute type/value pair (missing =)");
- }
- ++state.pos;
- p.value = parseAttributeValue(state);
- return p;
+ RDNPair p = new RDNPair();
+ p.key = parseAttributeType(state);
+ eatWhite(state);
+ if(state.pos >= state.data.length())
+ {
+ throw new ParseException("invalid attribute type/value pair (unexpected end of state.data)");
+ }
+ if(state.data.charAt(state.pos) != '=')
+ {
+ throw new ParseException("invalid attribute type/value pair (missing =)");
+ }
+ ++state.pos;
+ p.value = parseAttributeValue(state);
+ return p;
}
private static String
parseAttributeType(ParseState state)
- throws ParseException
+ throws ParseException
{
- eatWhite(state);
- if(state.pos >= state.data.length())
- {
- throw new ParseException("invalid attribute type (expected end of state.data)");
- }
+ eatWhite(state);
+ if(state.pos >= state.data.length())
+ {
+ throw new ParseException("invalid attribute type (expected end of state.data)");
+ }
- String result = new String();
+ String result = new String();
- //
- // RFC 1779.
- // <key> ::= 1*( <keychar> ) | "OID." <oid> | "oid." <oid>
- // <oid> ::= <digitString> | <digitstring> "." <oid>
- // RFC 2253:
- // attributeType = (ALPHA 1*keychar) | oid
- // keychar = ALPHA | DIGIT | "-"
- // oid = 1*DIGIT *("." 1*DIGIT)
- //
- // In section 4 of RFC 2253 the document says:
- // Implementations MUST allow an oid in the attribute type to be
- // prefixed by one of the character Strings "oid." or "OID.".
- //
- // Here we must also check for "oid." and "OID." before parsing
- // according to the ALPHA KEYCHAR* rule.
- //
- // First the OID case.
- //
- if(Character.isDigit(state.data.charAt(state.pos)) ||
- (state.data.length() - state.pos >= 4 && (state.data.substring(state.pos, state.pos + 4) == "oid." ||
- state.data.substring(state.pos, state.pos + 4) == "OID.")))
- {
- if(!Character.isDigit(state.data.charAt(state.pos)))
- {
- result += state.data.substring(state.pos, state.pos + 4);
- state.pos += 4;
- }
+ //
+ // RFC 1779.
+ // <key> ::= 1*( <keychar> ) | "OID." <oid> | "oid." <oid>
+ // <oid> ::= <digitString> | <digitstring> "." <oid>
+ // RFC 2253:
+ // attributeType = (ALPHA 1*keychar) | oid
+ // keychar = ALPHA | DIGIT | "-"
+ // oid = 1*DIGIT *("." 1*DIGIT)
+ //
+ // In section 4 of RFC 2253 the document says:
+ // Implementations MUST allow an oid in the attribute type to be
+ // prefixed by one of the character Strings "oid." or "OID.".
+ //
+ // Here we must also check for "oid." and "OID." before parsing
+ // according to the ALPHA KEYCHAR* rule.
+ //
+ // First the OID case.
+ //
+ if(Character.isDigit(state.data.charAt(state.pos)) ||
+ (state.data.length() - state.pos >= 4 && (state.data.substring(state.pos, state.pos + 4) == "oid." ||
+ state.data.substring(state.pos, state.pos + 4) == "OID.")))
+ {
+ if(!Character.isDigit(state.data.charAt(state.pos)))
+ {
+ result += state.data.substring(state.pos, state.pos + 4);
+ state.pos += 4;
+ }
- while(true)
- {
- // 1*DIGIT
- while(state.pos < state.data.length() && Character.isDigit(state.data.charAt(state.pos)))
- {
- result += state.data.charAt(state.pos);
- ++state.pos;
- }
- // "." 1*DIGIT
- if(state.pos < state.data.length() && state.data.charAt(state.pos) == '.')
- {
- result += state.data.charAt(state.pos);
- ++state.pos;
- // 1*DIGIT must follow "."
- if(state.pos < state.data.length() && !Character.isDigit(state.data.charAt(state.pos)))
- {
- throw new ParseException("invalid attribute type (expected end of state.data)");
- }
- }
- else
- {
- break;
- }
- }
- }
- else if(Character.isUpperCase(state.data.charAt(state.pos)) ||
- Character.isLowerCase(state.data.charAt(state.pos)))
- {
- //
- // The grammar is wrong in this case. It should be ALPHA
- // KEYCHAR* otherwise it will not accept "O" as a valid
- // attribute type.
- //
- result += state.data.charAt(state.pos);
- ++state.pos;
- // 1* KEYCHAR
- while(state.pos < state.data.length() &&
- (Character.isDigit(state.data.charAt(state.pos)) ||
- Character.isUpperCase(state.data.charAt(state.pos)) ||
- Character.isLowerCase(state.data.charAt(state.pos)) ||
- state.data.charAt(state.pos) == '-'))
- {
- result += state.data.charAt(state.pos);
- ++state.pos;
- }
- }
- else
- {
- throw new ParseException("invalid attribute type");
- }
- return result;
+ while(true)
+ {
+ // 1*DIGIT
+ while(state.pos < state.data.length() && Character.isDigit(state.data.charAt(state.pos)))
+ {
+ result += state.data.charAt(state.pos);
+ ++state.pos;
+ }
+ // "." 1*DIGIT
+ if(state.pos < state.data.length() && state.data.charAt(state.pos) == '.')
+ {
+ result += state.data.charAt(state.pos);
+ ++state.pos;
+ // 1*DIGIT must follow "."
+ if(state.pos < state.data.length() && !Character.isDigit(state.data.charAt(state.pos)))
+ {
+ throw new ParseException("invalid attribute type (expected end of state.data)");
+ }
+ }
+ else
+ {
+ break;
+ }
+ }
+ }
+ else if(Character.isUpperCase(state.data.charAt(state.pos)) ||
+ Character.isLowerCase(state.data.charAt(state.pos)))
+ {
+ //
+ // The grammar is wrong in this case. It should be ALPHA
+ // KEYCHAR* otherwise it will not accept "O" as a valid
+ // attribute type.
+ //
+ result += state.data.charAt(state.pos);
+ ++state.pos;
+ // 1* KEYCHAR
+ while(state.pos < state.data.length() &&
+ (Character.isDigit(state.data.charAt(state.pos)) ||
+ Character.isUpperCase(state.data.charAt(state.pos)) ||
+ Character.isLowerCase(state.data.charAt(state.pos)) ||
+ state.data.charAt(state.pos) == '-'))
+ {
+ result += state.data.charAt(state.pos);
+ ++state.pos;
+ }
+ }
+ else
+ {
+ throw new ParseException("invalid attribute type");
+ }
+ return result;
}
private static String
parseAttributeValue(ParseState state)
- throws ParseException
+ throws ParseException
{
- eatWhite(state);
- String result = new String();
- if(state.pos >= state.data.length())
- {
- return result;
- }
+ eatWhite(state);
+ String result = new String();
+ if(state.pos >= state.data.length())
+ {
+ return result;
+ }
- //
- // RFC 2253
- // # hexString
- //
- if(state.data.charAt(state.pos) == '#')
- {
- result += state.data.charAt(state.pos);
- ++state.pos;
- while(true)
- {
- String h = parseHexPair(state, true);
- if(h.length() == 0)
- {
- break;
- }
- result += h;
- }
- }
- //
- // RFC 2253
- // QUOTATION *( quotechar | pair ) QUOTATION ; only from v2
- // quotechar = <any character except "\" or QUOTATION >
- //
- else if(state.data.charAt(state.pos) == '"')
- {
- result += state.data.charAt(state.pos);
- ++state.pos;
- while(true)
- {
- if(state.pos >= state.data.length())
- {
- throw new ParseException("invalid attribute value (unexpected end of state.data)");
- }
- // final terminating "
- if(state.data.charAt(state.pos) == '"')
- {
- result += state.data.charAt(state.pos);
- ++state.pos;
- break;
- }
- // any character except '\'
- else if(state.data.charAt(state.pos) != '\\')
- {
- result += state.data.charAt(state.pos);
- ++state.pos;
- }
- // pair '\'
- else
- {
- result += parsePair(state);
- }
- }
- }
- //
- // RFC 2253
- // * (Stringchar | pair)
- // Stringchar = <any character except one of special, "\" or QUOTATION >
- //
- else
- {
- while(state.pos < state.data.length())
- {
- if(state.data.charAt(state.pos) == '\\')
- {
- result += parsePair(state);
- }
- else if(special.indexOf(state.data.charAt(state.pos)) == -1 && state.data.charAt(state.pos) != '"')
- {
- result += state.data.charAt(state.pos);
- ++state.pos;
- }
- else
- {
- break;
- }
- }
- }
- return result;
+ //
+ // RFC 2253
+ // # hexString
+ //
+ if(state.data.charAt(state.pos) == '#')
+ {
+ result += state.data.charAt(state.pos);
+ ++state.pos;
+ while(true)
+ {
+ String h = parseHexPair(state, true);
+ if(h.length() == 0)
+ {
+ break;
+ }
+ result += h;
+ }
+ }
+ //
+ // RFC 2253
+ // QUOTATION *( quotechar | pair ) QUOTATION ; only from v2
+ // quotechar = <any character except "\" or QUOTATION >
+ //
+ else if(state.data.charAt(state.pos) == '"')
+ {
+ result += state.data.charAt(state.pos);
+ ++state.pos;
+ while(true)
+ {
+ if(state.pos >= state.data.length())
+ {
+ throw new ParseException("invalid attribute value (unexpected end of state.data)");
+ }
+ // final terminating "
+ if(state.data.charAt(state.pos) == '"')
+ {
+ result += state.data.charAt(state.pos);
+ ++state.pos;
+ break;
+ }
+ // any character except '\'
+ else if(state.data.charAt(state.pos) != '\\')
+ {
+ result += state.data.charAt(state.pos);
+ ++state.pos;
+ }
+ // pair '\'
+ else
+ {
+ result += parsePair(state);
+ }
+ }
+ }
+ //
+ // RFC 2253
+ // * (Stringchar | pair)
+ // Stringchar = <any character except one of special, "\" or QUOTATION >
+ //
+ else
+ {
+ while(state.pos < state.data.length())
+ {
+ if(state.data.charAt(state.pos) == '\\')
+ {
+ result += parsePair(state);
+ }
+ else if(special.indexOf(state.data.charAt(state.pos)) == -1 && state.data.charAt(state.pos) != '"')
+ {
+ result += state.data.charAt(state.pos);
+ ++state.pos;
+ }
+ else
+ {
+ break;
+ }
+ }
+ }
+ return result;
}
//
@@ -342,27 +342,27 @@ class RFC2253
//
private static String
parsePair(ParseState state)
- throws ParseException
+ throws ParseException
{
- String result = new String();
+ String result = new String();
- assert(state.data.charAt(state.pos) == '\\');
- result += state.data.charAt(state.pos);
- ++state.pos;
+ assert(state.data.charAt(state.pos) == '\\');
+ result += state.data.charAt(state.pos);
+ ++state.pos;
- if(state.pos >= state.data.length())
- {
- throw new ParseException("invalid escape format (unexpected end of state.data)");
- }
+ if(state.pos >= state.data.length())
+ {
+ throw new ParseException("invalid escape format (unexpected end of state.data)");
+ }
- if(special.indexOf(state.data.charAt(state.pos)) != -1 || state.data.charAt(state.pos) != '\\' ||
- state.data.charAt(state.pos) != '"')
- {
- result += state.data.charAt(state.pos);
- ++state.pos;
- return result;
- }
- return parseHexPair(state, false);
+ if(special.indexOf(state.data.charAt(state.pos)) != -1 || state.data.charAt(state.pos) != '\\' ||
+ state.data.charAt(state.pos) != '"')
+ {
+ result += state.data.charAt(state.pos);
+ ++state.pos;
+ return result;
+ }
+ return parseHexPair(state, false);
}
//
@@ -371,28 +371,28 @@ class RFC2253
//
private static String
parseHexPair(ParseState state, boolean allowEmpty)
- throws ParseException
+ throws ParseException
{
- String result = new String();
- if(state.pos < state.data.length() && hexvalid.indexOf(state.data.charAt(state.pos)) != -1)
- {
- result += state.data.charAt(state.pos);
- ++state.pos;
- }
- if(state.pos < state.data.length() && hexvalid.indexOf(state.data.charAt(state.pos)) != -1)
- {
- result += state.data.charAt(state.pos);
- ++state.pos;
- }
- if(result.length() != 2)
- {
- if(allowEmpty && result.length() == 0)
- {
- return result;
- }
- throw new ParseException("invalid hex format");
- }
- return result;
+ String result = new String();
+ if(state.pos < state.data.length() && hexvalid.indexOf(state.data.charAt(state.pos)) != -1)
+ {
+ result += state.data.charAt(state.pos);
+ ++state.pos;
+ }
+ if(state.pos < state.data.length() && hexvalid.indexOf(state.data.charAt(state.pos)) != -1)
+ {
+ result += state.data.charAt(state.pos);
+ ++state.pos;
+ }
+ if(result.length() != 2)
+ {
+ if(allowEmpty && result.length() == 0)
+ {
+ return result;
+ }
+ throw new ParseException("invalid hex format");
+ }
+ return result;
}
//
@@ -406,10 +406,10 @@ class RFC2253
private static void
eatWhite(ParseState state)
{
- while(state.pos < state.data.length() && state.data.charAt(state.pos) == ' ')
- {
- ++state.pos;
- }
+ while(state.pos < state.data.length() && state.data.charAt(state.pos) == ' ')
+ {
+ ++state.pos;
+ }
}
private final static String special = ",=+<>#;";
diff --git a/java/ssl/jdk1.4/IceSSL/TransceiverI.java b/java/ssl/jdk1.4/IceSSL/TransceiverI.java
index 90933466437..c93696ab32c 100644
--- a/java/ssl/jdk1.4/IceSSL/TransceiverI.java
+++ b/java/ssl/jdk1.4/IceSSL/TransceiverI.java
@@ -14,327 +14,327 @@ final class TransceiverI implements IceInternal.Transceiver
public java.nio.channels.SelectableChannel
fd()
{
- return null;
+ return null;
}
public void
close()
{
- if(_instance.networkTraceLevel() >= 1)
- {
- String s = "closing ssl connection\n" + toString();
- _logger.trace(_instance.networkTraceCategory(), s);
- }
-
- synchronized(this)
- {
- assert(_fd != null);
- try
- {
- _fd.close();
- }
- catch(java.io.IOException ex)
- {
- Ice.SocketException se = new Ice.SocketException();
- se.initCause(ex);
- throw se;
- }
- finally
- {
- _fd = null;
- }
- }
+ if(_instance.networkTraceLevel() >= 1)
+ {
+ String s = "closing ssl connection\n" + toString();
+ _logger.trace(_instance.networkTraceCategory(), s);
+ }
+
+ synchronized(this)
+ {
+ assert(_fd != null);
+ try
+ {
+ _fd.close();
+ }
+ catch(java.io.IOException ex)
+ {
+ Ice.SocketException se = new Ice.SocketException();
+ se.initCause(ex);
+ throw se;
+ }
+ finally
+ {
+ _fd = null;
+ }
+ }
}
public void
shutdownWrite()
{
- /*
- * shutdownOutput is not supported by an SSL socket.
- *
- if(_instance.networkTraceLevel() >= 2)
- {
- String s = "shutting down ssl connection for writing\n" + toString();
- _logger.trace(_instance.networkTraceCategory(), s);
- }
-
- assert(_fd != null);
- try
- {
- _fd.shutdownOutput(); // Shutdown socket for writing
- }
- catch(UnsupportedOperationException ex)
- {
- // Ignore - shutdownOutput not supported.
- }
- catch(java.io.IOException ex)
- {
- Ice.SocketException se = new Ice.SocketException();
- se.initCause(ex);
- throw se;
- }
- */
+ /*
+ * shutdownOutput is not supported by an SSL socket.
+ *
+ if(_instance.networkTraceLevel() >= 2)
+ {
+ String s = "shutting down ssl connection for writing\n" + toString();
+ _logger.trace(_instance.networkTraceCategory(), s);
+ }
+
+ assert(_fd != null);
+ try
+ {
+ _fd.shutdownOutput(); // Shutdown socket for writing
+ }
+ catch(UnsupportedOperationException ex)
+ {
+ // Ignore - shutdownOutput not supported.
+ }
+ catch(java.io.IOException ex)
+ {
+ Ice.SocketException se = new Ice.SocketException();
+ se.initCause(ex);
+ throw se;
+ }
+ */
}
public void
shutdownReadWrite()
{
- if(_instance.networkTraceLevel() >= 2)
- {
- String s = "shutting down ssl connection for reading and writing\n" + toString();
- _logger.trace(_instance.networkTraceCategory(), s);
- }
-
- assert(_fd != null);
-
- _shutdown = true;
-
- /*
- * shutdownInput is not supported by an SSL socket.
- *
- try
- {
- _fd.shutdownInput(); // Shutdown socket for reading
- //_fd.shutdownOutput(); // Shutdown socket for writing
- }
- catch(UnsupportedOperationException ex)
- {
- // Ignore - shutdownInput not supported.
- }
- catch(java.net.SocketException ex)
- {
- // Ignore.
- }
- catch(java.io.IOException ex)
- {
- Ice.SocketException se = new Ice.SocketException();
- se.initCause(ex);
- throw se;
- }
- */
+ if(_instance.networkTraceLevel() >= 2)
+ {
+ String s = "shutting down ssl connection for reading and writing\n" + toString();
+ _logger.trace(_instance.networkTraceCategory(), s);
+ }
+
+ assert(_fd != null);
+
+ _shutdown = true;
+
+ /*
+ * shutdownInput is not supported by an SSL socket.
+ *
+ try
+ {
+ _fd.shutdownInput(); // Shutdown socket for reading
+ //_fd.shutdownOutput(); // Shutdown socket for writing
+ }
+ catch(UnsupportedOperationException ex)
+ {
+ // Ignore - shutdownInput not supported.
+ }
+ catch(java.net.SocketException ex)
+ {
+ // Ignore.
+ }
+ catch(java.io.IOException ex)
+ {
+ Ice.SocketException se = new Ice.SocketException();
+ se.initCause(ex);
+ throw se;
+ }
+ */
}
public void
write(IceInternal.BasicStream stream, int timeout)
- throws IceInternal.LocalExceptionWrapper
+ throws IceInternal.LocalExceptionWrapper
{
- java.nio.ByteBuffer buf = stream.prepareWrite();
-
- byte[] data = null;
- int off = 0;
- try
- {
- data = buf.array();
- off = buf.arrayOffset();
- }
- catch(UnsupportedOperationException ex)
- {
- assert(false);
- }
-
- try
- {
- if(timeout == -1)
- {
- timeout = 0; // Infinite
- }
- else if(timeout == 0)
- {
- timeout = 1;
- }
- _fd.setSoTimeout(timeout);
- }
- catch(java.net.SocketException ex)
- {
- Ice.SocketException se = new Ice.SocketException();
- se.initCause(ex);
- throw se;
- }
-
- while(buf.hasRemaining() && !_shutdown)
- {
- int pos = buf.position();
- try
- {
- assert(_fd != null);
- int rem = buf.remaining();
- _out.write(data, off + pos, rem);
- buf.position(pos + rem);
-
- if(_instance.networkTraceLevel() >= 3)
- {
- String s = "sent " + rem + " of " + buf.limit() + " bytes via ssl\n" + toString();
- _logger.trace(_instance.networkTraceCategory(), s);
- }
-
- if(_stats != null)
- {
- _stats.bytesSent(type(), rem);
- }
-
- break;
- }
- catch(java.io.InterruptedIOException ex)
- {
- buf.position(pos + ex.bytesTransferred);
- }
- catch(java.io.IOException ex)
- {
- if(IceInternal.Network.connectionLost(ex))
- {
- //
- // Java's SSL implementation might have successfully sent the
- // packet but then detected loss of connection and raised an
- // exception. As a result, we cannot be sure that it is safe
- // to retry in this situation, so we raise LocalExceptionWrapper.
- //
- Ice.ConnectionLostException se = new Ice.ConnectionLostException();
- se.initCause(ex);
- throw new IceInternal.LocalExceptionWrapper(se, false);
- }
-
- Ice.SocketException se = new Ice.SocketException();
- se.initCause(ex);
- throw se;
- }
- }
-
- if(_shutdown && buf.hasRemaining())
- {
- throw new Ice.ConnectionLostException();
- }
+ java.nio.ByteBuffer buf = stream.prepareWrite();
+
+ byte[] data = null;
+ int off = 0;
+ try
+ {
+ data = buf.array();
+ off = buf.arrayOffset();
+ }
+ catch(UnsupportedOperationException ex)
+ {
+ assert(false);
+ }
+
+ try
+ {
+ if(timeout == -1)
+ {
+ timeout = 0; // Infinite
+ }
+ else if(timeout == 0)
+ {
+ timeout = 1;
+ }
+ _fd.setSoTimeout(timeout);
+ }
+ catch(java.net.SocketException ex)
+ {
+ Ice.SocketException se = new Ice.SocketException();
+ se.initCause(ex);
+ throw se;
+ }
+
+ while(buf.hasRemaining() && !_shutdown)
+ {
+ int pos = buf.position();
+ try
+ {
+ assert(_fd != null);
+ int rem = buf.remaining();
+ _out.write(data, off + pos, rem);
+ buf.position(pos + rem);
+
+ if(_instance.networkTraceLevel() >= 3)
+ {
+ String s = "sent " + rem + " of " + buf.limit() + " bytes via ssl\n" + toString();
+ _logger.trace(_instance.networkTraceCategory(), s);
+ }
+
+ if(_stats != null)
+ {
+ _stats.bytesSent(type(), rem);
+ }
+
+ break;
+ }
+ catch(java.io.InterruptedIOException ex)
+ {
+ buf.position(pos + ex.bytesTransferred);
+ }
+ catch(java.io.IOException ex)
+ {
+ if(IceInternal.Network.connectionLost(ex))
+ {
+ //
+ // Java's SSL implementation might have successfully sent the
+ // packet but then detected loss of connection and raised an
+ // exception. As a result, we cannot be sure that it is safe
+ // to retry in this situation, so we raise LocalExceptionWrapper.
+ //
+ Ice.ConnectionLostException se = new Ice.ConnectionLostException();
+ se.initCause(ex);
+ throw new IceInternal.LocalExceptionWrapper(se, false);
+ }
+
+ Ice.SocketException se = new Ice.SocketException();
+ se.initCause(ex);
+ throw se;
+ }
+ }
+
+ if(_shutdown && buf.hasRemaining())
+ {
+ throw new Ice.ConnectionLostException();
+ }
}
public boolean
read(IceInternal.BasicStream stream, int timeout)
{
- java.nio.ByteBuffer buf = stream.prepareRead();
-
- int remaining = 0;
- if(_instance.networkTraceLevel() >= 3)
- {
- remaining = buf.remaining();
- }
-
- byte[] data = null;
- int off = 0;
- try
- {
- data = buf.array();
- off = buf.arrayOffset();
- }
- catch(UnsupportedOperationException ex)
- {
- assert(false);
- }
-
- int interval = 500;
- if(timeout >= 0 && timeout < interval)
- {
- interval = timeout;
- }
-
- while(buf.hasRemaining() && !_shutdown)
- {
- int pos = buf.position();
- try
- {
- _fd.setSoTimeout(interval);
- assert(_fd != null);
- int ret = _in.read(data, off + pos, buf.remaining());
-
- if(ret == -1)
- {
- throw new Ice.ConnectionLostException();
- }
-
- if(ret > 0)
- {
- if(_instance.networkTraceLevel() >= 3)
- {
- String s = "received " + ret + " of " + remaining + " bytes via ssl\n" + toString();
- _logger.trace(_instance.networkTraceCategory(), s);
- }
-
- if(_stats != null)
- {
- _stats.bytesReceived(type(), ret);
- }
-
- buf.position(pos + ret);
- }
- }
- catch(java.net.SocketTimeoutException ex)
- {
- if(ex.bytesTransferred > 0)
- {
- buf.position(pos + ex.bytesTransferred);
- }
- if(timeout >= 0)
- {
- if(interval >= timeout)
- {
- throw new Ice.TimeoutException();
- }
- timeout -= interval;
- }
- }
- catch(java.io.InterruptedIOException ex)
- {
- buf.position(pos + ex.bytesTransferred);
- }
- catch(java.io.IOException ex)
- {
- if(IceInternal.Network.connectionLost(ex))
- {
- Ice.ConnectionLostException se = new Ice.ConnectionLostException();
- se.initCause(ex);
- throw se;
- }
-
- Ice.SocketException se = new Ice.SocketException();
- se.initCause(ex);
- throw se;
- }
- }
-
- if(_shutdown)
- {
- throw new Ice.ConnectionLostException();
- }
-
- return false;
+ java.nio.ByteBuffer buf = stream.prepareRead();
+
+ int remaining = 0;
+ if(_instance.networkTraceLevel() >= 3)
+ {
+ remaining = buf.remaining();
+ }
+
+ byte[] data = null;
+ int off = 0;
+ try
+ {
+ data = buf.array();
+ off = buf.arrayOffset();
+ }
+ catch(UnsupportedOperationException ex)
+ {
+ assert(false);
+ }
+
+ int interval = 500;
+ if(timeout >= 0 && timeout < interval)
+ {
+ interval = timeout;
+ }
+
+ while(buf.hasRemaining() && !_shutdown)
+ {
+ int pos = buf.position();
+ try
+ {
+ _fd.setSoTimeout(interval);
+ assert(_fd != null);
+ int ret = _in.read(data, off + pos, buf.remaining());
+
+ if(ret == -1)
+ {
+ throw new Ice.ConnectionLostException();
+ }
+
+ if(ret > 0)
+ {
+ if(_instance.networkTraceLevel() >= 3)
+ {
+ String s = "received " + ret + " of " + remaining + " bytes via ssl\n" + toString();
+ _logger.trace(_instance.networkTraceCategory(), s);
+ }
+
+ if(_stats != null)
+ {
+ _stats.bytesReceived(type(), ret);
+ }
+
+ buf.position(pos + ret);
+ }
+ }
+ catch(java.net.SocketTimeoutException ex)
+ {
+ if(ex.bytesTransferred > 0)
+ {
+ buf.position(pos + ex.bytesTransferred);
+ }
+ if(timeout >= 0)
+ {
+ if(interval >= timeout)
+ {
+ throw new Ice.TimeoutException();
+ }
+ timeout -= interval;
+ }
+ }
+ catch(java.io.InterruptedIOException ex)
+ {
+ buf.position(pos + ex.bytesTransferred);
+ }
+ catch(java.io.IOException ex)
+ {
+ if(IceInternal.Network.connectionLost(ex))
+ {
+ Ice.ConnectionLostException se = new Ice.ConnectionLostException();
+ se.initCause(ex);
+ throw se;
+ }
+
+ Ice.SocketException se = new Ice.SocketException();
+ se.initCause(ex);
+ throw se;
+ }
+ }
+
+ if(_shutdown)
+ {
+ throw new Ice.ConnectionLostException();
+ }
+
+ return false;
}
public String
type()
{
- return "ssl";
+ return "ssl";
}
public String
toString()
{
- return _desc;
+ return _desc;
}
public void
checkSendSize(IceInternal.BasicStream stream, int messageSizeMax)
{
- if(stream.size() > messageSizeMax)
- {
- throw new Ice.MemoryLimitException();
- }
+ if(stream.size() > messageSizeMax)
+ {
+ throw new Ice.MemoryLimitException();
+ }
}
ConnectionInfo
getConnectionInfo()
{
- //
- // This can only be called on an open transceiver.
- //
- assert(_fd != null);
- return _info;
+ //
+ // This can only be called on an open transceiver.
+ //
+ assert(_fd != null);
+ return _info;
}
//
@@ -342,48 +342,48 @@ final class TransceiverI implements IceInternal.Transceiver
//
TransceiverI(Instance instance, javax.net.ssl.SSLSocket fd, ConnectionInfo info)
{
- _instance = instance;
- _fd = fd;
- _info = info;
- _logger = instance.communicator().getLogger();
- try
- {
- _stats = instance.communicator().getStats();
- }
- catch(Ice.CommunicatorDestroyedException ex)
- {
- // Ignore.
- }
- _desc = IceInternal.Network.fdToString(_fd);
- try
- {
- _in = _fd.getInputStream();
- _out = _fd.getOutputStream();
- }
- catch(java.io.IOException ex)
- {
- try
- {
- _fd.close();
- }
- catch(java.io.IOException e)
- {
- }
- _fd = null;
- Ice.SocketException se = new Ice.SocketException();
- se.initCause(ex);
- throw se;
- }
- _shutdown = false;
+ _instance = instance;
+ _fd = fd;
+ _info = info;
+ _logger = instance.communicator().getLogger();
+ try
+ {
+ _stats = instance.communicator().getStats();
+ }
+ catch(Ice.CommunicatorDestroyedException ex)
+ {
+ // Ignore.
+ }
+ _desc = IceInternal.Network.fdToString(_fd);
+ try
+ {
+ _in = _fd.getInputStream();
+ _out = _fd.getOutputStream();
+ }
+ catch(java.io.IOException ex)
+ {
+ try
+ {
+ _fd.close();
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ _fd = null;
+ Ice.SocketException se = new Ice.SocketException();
+ se.initCause(ex);
+ throw se;
+ }
+ _shutdown = false;
}
protected synchronized void
finalize()
- throws Throwable
+ throws Throwable
{
- assert(_fd == null);
+ assert(_fd == null);
- super.finalize();
+ super.finalize();
}
private Instance _instance;
diff --git a/java/ssl/jdk1.4/IceSSL/TrustManager.java b/java/ssl/jdk1.4/IceSSL/TrustManager.java
index 19c5f1ae6e6..1374b99dfec 100644
--- a/java/ssl/jdk1.4/IceSSL/TrustManager.java
+++ b/java/ssl/jdk1.4/IceSSL/TrustManager.java
@@ -13,277 +13,277 @@ class TrustManager
{
TrustManager(Ice.Communicator communicator)
{
- assert communicator != null;
- _communicator = communicator;
- Ice.Properties properties = communicator.getProperties();
- _traceLevel = properties.getPropertyAsInt("IceSSL.Trace.Security");
- String key = null;
- try
- {
- key = "IceSSL.TrustOnly";
- _all = parse(properties.getProperty(key));
- key = "IceSSL.TrustOnly.Client";
- _client = parse(properties.getProperty(key));
- key = "IceSSL.TrustOnly.Server";
- _allServer = parse(properties.getProperty(key));
- java.util.Map dict = properties.getPropertiesForPrefix("IceSSL.TrustOnly.Server.");
- java.util.Iterator p = dict.entrySet().iterator();
- while(p.hasNext())
- {
- java.util.Map.Entry entry = (java.util.Map.Entry)p.next();
- key = (String)entry.getKey();
- String name = key.substring("IceSSL.TrustOnly.Server.".length());
- _server.put(name, parse((String)entry.getValue()));
- }
- }
- catch(RFC2253.ParseException e)
- {
- Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
- ex.reason = "IceSSL: invalid property " + key + ":\n" + e.reason;
- throw ex;
- }
+ assert communicator != null;
+ _communicator = communicator;
+ Ice.Properties properties = communicator.getProperties();
+ _traceLevel = properties.getPropertyAsInt("IceSSL.Trace.Security");
+ String key = null;
+ try
+ {
+ key = "IceSSL.TrustOnly";
+ _all = parse(properties.getProperty(key));
+ key = "IceSSL.TrustOnly.Client";
+ _client = parse(properties.getProperty(key));
+ key = "IceSSL.TrustOnly.Server";
+ _allServer = parse(properties.getProperty(key));
+ java.util.Map dict = properties.getPropertiesForPrefix("IceSSL.TrustOnly.Server.");
+ java.util.Iterator p = dict.entrySet().iterator();
+ while(p.hasNext())
+ {
+ java.util.Map.Entry entry = (java.util.Map.Entry)p.next();
+ key = (String)entry.getKey();
+ String name = key.substring("IceSSL.TrustOnly.Server.".length());
+ _server.put(name, parse((String)entry.getValue()));
+ }
+ }
+ catch(RFC2253.ParseException e)
+ {
+ Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
+ ex.reason = "IceSSL: invalid property " + key + ":\n" + e.reason;
+ throw ex;
+ }
}
boolean
verify(ConnectionInfo info)
{
- java.util.List trustset = new java.util.LinkedList();
- if(!_all.isEmpty())
- {
- trustset.add(_all);
- }
+ java.util.List trustset = new java.util.LinkedList();
+ if(!_all.isEmpty())
+ {
+ trustset.add(_all);
+ }
- if(info.incoming)
- {
- if(!_allServer.isEmpty())
- {
- trustset.add(_allServer);
- }
- if(info.adapterName.length() > 0)
- {
- java.util.List p = (java.util.List)_server.get(info.adapterName);
- if(p != null)
- {
- trustset.add(p);
- }
- }
- }
- else
- {
- if(!_client.isEmpty())
- {
- trustset.add(_client);
- }
- }
+ if(info.incoming)
+ {
+ if(!_allServer.isEmpty())
+ {
+ trustset.add(_allServer);
+ }
+ if(info.adapterName.length() > 0)
+ {
+ java.util.List p = (java.util.List)_server.get(info.adapterName);
+ if(p != null)
+ {
+ trustset.add(p);
+ }
+ }
+ }
+ else
+ {
+ if(!_client.isEmpty())
+ {
+ trustset.add(_client);
+ }
+ }
- //
- // If there is nothing to match against, then we accept the cert.
- //
- if(trustset.isEmpty())
- {
- return true;
- }
+ //
+ // If there is nothing to match against, then we accept the cert.
+ //
+ if(trustset.isEmpty())
+ {
+ return true;
+ }
- //
- // If there is no certificate then we match false.
- //
- if(info.certs.length != 0)
- {
- javax.security.auth.x500.X500Principal subjectDN = (javax.security.auth.x500.X500Principal)
- ((java.security.cert.X509Certificate)info.certs[0]).getSubjectX500Principal();
- String subjectName = subjectDN.getName(javax.security.auth.x500.X500Principal.RFC2253);
- assert subjectName != null;
- try
- {
- //
- // Decompose the subject DN into the RDNs.
- //
- if(_traceLevel > 0)
- {
- if(info.incoming)
- {
- _communicator.getLogger().trace("Security", "trust manager evaluating client:\n" +
- "subject = " + subjectName + "\n" +
- "adapter = " + info.adapterName + "\n" +
- "local addr = " + IceInternal.Network.addrToString(info.localAddr) + "\n" +
- "remote addr = " + IceInternal.Network.addrToString(info.remoteAddr));
- }
- else
- {
- _communicator.getLogger().trace("Security", "trust manager evaluating server:\n" +
- "subject = " + subjectName + "\n" +
- "local addr = " + IceInternal.Network.addrToString(info.localAddr) + "\n" +
- "remote addr = " + IceInternal.Network.addrToString(info.remoteAddr));
- }
- }
- java.util.List dn = RFC2253.parseStrict(subjectName);
+ //
+ // If there is no certificate then we match false.
+ //
+ if(info.certs.length != 0)
+ {
+ javax.security.auth.x500.X500Principal subjectDN = (javax.security.auth.x500.X500Principal)
+ ((java.security.cert.X509Certificate)info.certs[0]).getSubjectX500Principal();
+ String subjectName = subjectDN.getName(javax.security.auth.x500.X500Principal.RFC2253);
+ assert subjectName != null;
+ try
+ {
+ //
+ // Decompose the subject DN into the RDNs.
+ //
+ if(_traceLevel > 0)
+ {
+ if(info.incoming)
+ {
+ _communicator.getLogger().trace("Security", "trust manager evaluating client:\n" +
+ "subject = " + subjectName + "\n" +
+ "adapter = " + info.adapterName + "\n" +
+ "local addr = " + IceInternal.Network.addrToString(info.localAddr) + "\n" +
+ "remote addr = " + IceInternal.Network.addrToString(info.remoteAddr));
+ }
+ else
+ {
+ _communicator.getLogger().trace("Security", "trust manager evaluating server:\n" +
+ "subject = " + subjectName + "\n" +
+ "local addr = " + IceInternal.Network.addrToString(info.localAddr) + "\n" +
+ "remote addr = " + IceInternal.Network.addrToString(info.remoteAddr));
+ }
+ }
+ java.util.List dn = RFC2253.parseStrict(subjectName);
- //
- // Try matching against everything in the trust set.
- //
- java.util.Iterator p = trustset.iterator();
- while(p.hasNext())
- {
- java.util.List matchSet = (java.util.List)p.next();
- if(_traceLevel > 1)
- {
- String s = "trust manager matching PDNs:\n";
- java.util.Iterator q = matchSet.iterator();
- boolean addSemi = false;
- while(q.hasNext())
- {
- if(addSemi)
- {
- s += ';';
- }
- addSemi = true;
- java.util.List rdnSet = (java.util.List)q.next();
- java.util.Iterator r = rdnSet.iterator();
- boolean addComma = false;
- while(r.hasNext())
- {
- if(addComma)
- {
- s += ',';
- }
- addComma = true;
- RFC2253.RDNPair rdn = (RFC2253.RDNPair)r.next();
- s += rdn.key;
- s += '=';
- s += rdn.value;
- }
- }
- _communicator.getLogger().trace("Security", s);
- }
+ //
+ // Try matching against everything in the trust set.
+ //
+ java.util.Iterator p = trustset.iterator();
+ while(p.hasNext())
+ {
+ java.util.List matchSet = (java.util.List)p.next();
+ if(_traceLevel > 1)
+ {
+ String s = "trust manager matching PDNs:\n";
+ java.util.Iterator q = matchSet.iterator();
+ boolean addSemi = false;
+ while(q.hasNext())
+ {
+ if(addSemi)
+ {
+ s += ';';
+ }
+ addSemi = true;
+ java.util.List rdnSet = (java.util.List)q.next();
+ java.util.Iterator r = rdnSet.iterator();
+ boolean addComma = false;
+ while(r.hasNext())
+ {
+ if(addComma)
+ {
+ s += ',';
+ }
+ addComma = true;
+ RFC2253.RDNPair rdn = (RFC2253.RDNPair)r.next();
+ s += rdn.key;
+ s += '=';
+ s += rdn.value;
+ }
+ }
+ _communicator.getLogger().trace("Security", s);
+ }
- if(match(matchSet, dn))
- {
- return true;
- }
- }
- }
- catch(RFC2253.ParseException e)
- {
- _communicator.getLogger().warning(
- "IceSSL: unable to parse certificate DN `" + subjectName + "'\nreason: " + e.reason);
- }
- }
+ if(match(matchSet, dn))
+ {
+ return true;
+ }
+ }
+ }
+ catch(RFC2253.ParseException e)
+ {
+ _communicator.getLogger().warning(
+ "IceSSL: unable to parse certificate DN `" + subjectName + "'\nreason: " + e.reason);
+ }
+ }
- return false;
+ return false;
}
private boolean
match(java.util.List matchSet, java.util.List subject)
{
- java.util.Iterator r = matchSet.iterator();
- while(r.hasNext())
- {
- if(matchRDNs((java.util.List)r.next(), subject))
- {
- return true;
- }
- }
- return false;
+ java.util.Iterator r = matchSet.iterator();
+ while(r.hasNext())
+ {
+ if(matchRDNs((java.util.List)r.next(), subject))
+ {
+ return true;
+ }
+ }
+ return false;
}
private boolean
matchRDNs(java.util.List match, java.util.List subject)
{
- java.util.Iterator p = match.iterator();
- while(p.hasNext())
- {
- RFC2253.RDNPair matchRDN = (RFC2253.RDNPair)p.next();
- boolean found = false;
- java.util.Iterator q = subject.iterator();
- while(q.hasNext())
- {
- RFC2253.RDNPair subjectRDN = (RFC2253.RDNPair)q.next();
- if(matchRDN.key.equals(subjectRDN.key))
- {
- found = true;
- if(!matchRDN.value.equals(subjectRDN.value))
- {
- return false;
- }
- }
- }
- if(!found)
- {
- return false;
- }
- }
- return true;
+ java.util.Iterator p = match.iterator();
+ while(p.hasNext())
+ {
+ RFC2253.RDNPair matchRDN = (RFC2253.RDNPair)p.next();
+ boolean found = false;
+ java.util.Iterator q = subject.iterator();
+ while(q.hasNext())
+ {
+ RFC2253.RDNPair subjectRDN = (RFC2253.RDNPair)q.next();
+ if(matchRDN.key.equals(subjectRDN.key))
+ {
+ found = true;
+ if(!matchRDN.value.equals(subjectRDN.value))
+ {
+ return false;
+ }
+ }
+ }
+ if(!found)
+ {
+ return false;
+ }
+ }
+ return true;
}
java.util.List
parse(String value)
- throws RFC2253.ParseException
+ throws RFC2253.ParseException
{
- //
- // Java X500Principal.getName says:
- //
- // If "RFC2253" is specified as the format, this method emits
- // the attribute type keywords defined in RFC 2253 (CN, L, ST,
- // O, OU, C, STREET, DC, UID). Any other attribute type is
- // emitted as an OID. Under a strict reading, RFC 2253 only
- // specifies a UTF-8 string representation. The String
- // returned by this method is the Unicode string achieved by
- // decoding this UTF-8 representation.
- //
- // This means that things like emailAddress and such will be turned into
- // something like:
- //
- // 1.2.840.113549.1.9.1=#160e696e666f407a65726f632e636f6d
- //
- // The left hand side is the OID (see
- // http://www.columbia.edu/~ariel/ssleay/asn1-oids.html) for a
- // list. The right hand side is a BER encoding of the value.
- //
- // This means that the user input, unless it uses the
- // unfriendly OID format, will not directly match the
- // principal.
- //
- // Two possible solutions:
- //
- // Have the RFC2253 parser convert anything that is not CN, L,
- // ST, O, OU, C, STREET, DC, UID into OID format, and have it
- // convert the values into a BER encoding.
- //
+ //
+ // Java X500Principal.getName says:
+ //
+ // If "RFC2253" is specified as the format, this method emits
+ // the attribute type keywords defined in RFC 2253 (CN, L, ST,
+ // O, OU, C, STREET, DC, UID). Any other attribute type is
+ // emitted as an OID. Under a strict reading, RFC 2253 only
+ // specifies a UTF-8 string representation. The String
+ // returned by this method is the Unicode string achieved by
+ // decoding this UTF-8 representation.
+ //
+ // This means that things like emailAddress and such will be turned into
+ // something like:
+ //
+ // 1.2.840.113549.1.9.1=#160e696e666f407a65726f632e636f6d
+ //
+ // The left hand side is the OID (see
+ // http://www.columbia.edu/~ariel/ssleay/asn1-oids.html) for a
+ // list. The right hand side is a BER encoding of the value.
+ //
+ // This means that the user input, unless it uses the
+ // unfriendly OID format, will not directly match the
+ // principal.
+ //
+ // Two possible solutions:
+ //
+ // Have the RFC2253 parser convert anything that is not CN, L,
+ // ST, O, OU, C, STREET, DC, UID into OID format, and have it
+ // convert the values into a BER encoding.
+ //
// Send the user data through X500Principal to string form and
// then through the RFC2253 encoder. This uses the
// X500Principal to do the encoding for us.
- //
- // The latter is much simpler, however, it means we need to
- // send the data through the parser twice because we split the
- // DNs on ';' which cannot be blindly split because of quotes,
- // \ and such.
- //
- java.util.List l = RFC2253.parse(value);
- java.util.List result = new java.util.LinkedList();
- java.util.Iterator p = l.iterator();
- while(p.hasNext())
- {
- java.util.List dn = (java.util.List)p.next();
- String v = new String();
- boolean first = true;
- java.util.Iterator q = dn.iterator();
- while(q.hasNext())
- {
- if(!first)
- {
- v += ",";
- }
- first = false;
- RFC2253.RDNPair pair = (RFC2253.RDNPair)q.next();
- v += pair.key;
- v += "=";
- v += pair.value;
- }
- javax.security.auth.x500.X500Principal princ = new javax.security.auth.x500.X500Principal(v);
- String subjectName = princ.getName(javax.security.auth.x500.X500Principal.RFC2253);
- result.add(RFC2253.parseStrict(subjectName));
- }
- return result;
+ //
+ // The latter is much simpler, however, it means we need to
+ // send the data through the parser twice because we split the
+ // DNs on ';' which cannot be blindly split because of quotes,
+ // \ and such.
+ //
+ java.util.List l = RFC2253.parse(value);
+ java.util.List result = new java.util.LinkedList();
+ java.util.Iterator p = l.iterator();
+ while(p.hasNext())
+ {
+ java.util.List dn = (java.util.List)p.next();
+ String v = new String();
+ boolean first = true;
+ java.util.Iterator q = dn.iterator();
+ while(q.hasNext())
+ {
+ if(!first)
+ {
+ v += ",";
+ }
+ first = false;
+ RFC2253.RDNPair pair = (RFC2253.RDNPair)q.next();
+ v += pair.key;
+ v += "=";
+ v += pair.value;
+ }
+ javax.security.auth.x500.X500Principal princ = new javax.security.auth.x500.X500Principal(v);
+ String subjectName = princ.getName(javax.security.auth.x500.X500Principal.RFC2253);
+ result.add(RFC2253.parseStrict(subjectName));
+ }
+ return result;
}
private Ice.Communicator _communicator;
diff --git a/java/ssl/jdk1.4/IceSSL/Util.java b/java/ssl/jdk1.4/IceSSL/Util.java
index a33e00d1c0e..717485180fa 100644
--- a/java/ssl/jdk1.4/IceSSL/Util.java
+++ b/java/ssl/jdk1.4/IceSSL/Util.java
@@ -14,36 +14,36 @@ public final class Util
public static ConnectionInfo
getConnectionInfo(Ice.Connection connection)
{
- Ice.ConnectionI con = (Ice.ConnectionI)connection;
- assert(con != null);
+ Ice.ConnectionI con = (Ice.ConnectionI)connection;
+ assert(con != null);
- //
- // Lock the connection directly. This is done because the only
- // thing that prevents the transceiver from being closed during
- // the duration of the invocation is the connection.
- //
- synchronized(con)
- {
- IceInternal.Transceiver transceiver = con.getTransceiver();
- if(transceiver == null)
- {
- ConnectionInvalidException ex = new ConnectionInvalidException();
- ex.reason = "connection closed";
- throw ex;
- }
+ //
+ // Lock the connection directly. This is done because the only
+ // thing that prevents the transceiver from being closed during
+ // the duration of the invocation is the connection.
+ //
+ synchronized(con)
+ {
+ IceInternal.Transceiver transceiver = con.getTransceiver();
+ if(transceiver == null)
+ {
+ ConnectionInvalidException ex = new ConnectionInvalidException();
+ ex.reason = "connection closed";
+ throw ex;
+ }
- try
- {
- TransceiverI sslTransceiver = (TransceiverI)transceiver;
- return sslTransceiver.getConnectionInfo();
- }
- catch(ClassCastException ex)
- {
- ConnectionInvalidException e = new ConnectionInvalidException();
- e.reason = "not ssl connection";
- throw e;
- }
- }
+ try
+ {
+ TransceiverI sslTransceiver = (TransceiverI)transceiver;
+ return sslTransceiver.getConnectionInfo();
+ }
+ catch(ClassCastException ex)
+ {
+ ConnectionInvalidException e = new ConnectionInvalidException();
+ e.reason = "not ssl connection";
+ throw e;
+ }
+ }
}
//
@@ -51,68 +51,68 @@ public final class Util
//
public static java.security.cert.X509Certificate
createCertificate(String certPEM)
- throws java.security.cert.CertificateException
+ throws java.security.cert.CertificateException
{
- final String header = "-----BEGIN CERTIFICATE-----";
- final String footer = "-----END CERTIFICATE-----";
+ final String header = "-----BEGIN CERTIFICATE-----";
+ final String footer = "-----END CERTIFICATE-----";
- //
- // The generateCertificate method requires that its input begin
- // with the PEM header.
- //
- int pos = certPEM.indexOf(header);
- if(pos == -1)
- {
- certPEM = header + "\n" + certPEM;
- }
- else if(pos > 0)
- {
- certPEM = certPEM.substring(pos);
- }
+ //
+ // The generateCertificate method requires that its input begin
+ // with the PEM header.
+ //
+ int pos = certPEM.indexOf(header);
+ if(pos == -1)
+ {
+ certPEM = header + "\n" + certPEM;
+ }
+ else if(pos > 0)
+ {
+ certPEM = certPEM.substring(pos);
+ }
- //
- // Add the footer if necessary.
- //
- if(certPEM.indexOf(footer) == -1)
- {
- certPEM = certPEM + footer;
- }
+ //
+ // Add the footer if necessary.
+ //
+ if(certPEM.indexOf(footer) == -1)
+ {
+ certPEM = certPEM + footer;
+ }
- byte[] bytes = null;
- try
- {
- bytes = certPEM.getBytes("UTF8");
- }
- catch(java.io.UnsupportedEncodingException ex)
- {
- assert(false);
- return null;
- }
+ byte[] bytes = null;
+ try
+ {
+ bytes = certPEM.getBytes("UTF8");
+ }
+ catch(java.io.UnsupportedEncodingException ex)
+ {
+ assert(false);
+ return null;
+ }
- java.io.ByteArrayInputStream in = new java.io.ByteArrayInputStream(bytes);
- java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
- return (java.security.cert.X509Certificate)cf.generateCertificate(in);
+ java.io.ByteArrayInputStream in = new java.io.ByteArrayInputStream(bytes);
+ java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
+ return (java.security.cert.X509Certificate)cf.generateCertificate(in);
}
static ConnectionInfo
populateConnectionInfo(javax.net.ssl.SSLSocket fd, String adapterName, boolean incoming)
{
- ConnectionInfo info = new ConnectionInfo();
- javax.net.ssl.SSLSession session = fd.getSession();
- try
- {
- info.certs = session.getPeerCertificates();
- }
- catch(javax.net.ssl.SSLPeerUnverifiedException ex)
- {
- // No peer certificates.
- }
- info.cipher = session.getCipherSuite();
- info.localAddr = (java.net.InetSocketAddress)fd.getLocalSocketAddress();
- info.remoteAddr = (java.net.InetSocketAddress)fd.getRemoteSocketAddress();
- info.adapterName = adapterName;
- info.incoming = incoming;
- return info;
+ ConnectionInfo info = new ConnectionInfo();
+ javax.net.ssl.SSLSession session = fd.getSession();
+ try
+ {
+ info.certs = session.getPeerCertificates();
+ }
+ catch(javax.net.ssl.SSLPeerUnverifiedException ex)
+ {
+ // No peer certificates.
+ }
+ info.cipher = session.getCipherSuite();
+ info.localAddr = (java.net.InetSocketAddress)fd.getLocalSocketAddress();
+ info.remoteAddr = (java.net.InetSocketAddress)fd.getRemoteSocketAddress();
+ info.adapterName = adapterName;
+ info.incoming = incoming;
+ return info;
}
public final static String jdkTarget = "1.4";
diff --git a/java/ssl/jdk1.4/IceSSL/X509KeyManagerI.java b/java/ssl/jdk1.4/IceSSL/X509KeyManagerI.java
index c0f0001951f..5f039a89034 100644
--- a/java/ssl/jdk1.4/IceSSL/X509KeyManagerI.java
+++ b/java/ssl/jdk1.4/IceSSL/X509KeyManagerI.java
@@ -20,37 +20,37 @@ final class X509KeyManagerI implements javax.net.ssl.X509KeyManager
public String
chooseClientAlias(String[] keyType, java.security.Principal[] issuers, java.net.Socket socket)
{
- return _alias;
+ return _alias;
}
public String
chooseServerAlias(String keyType, java.security.Principal[] issuers, java.net.Socket socket)
{
- return _alias;
+ return _alias;
}
public java.security.cert.X509Certificate[]
getCertificateChain(String alias)
{
- return _delegate.getCertificateChain(alias);
+ return _delegate.getCertificateChain(alias);
}
public String[]
getClientAliases(String keyType, java.security.Principal[] issuers)
{
- return _delegate.getClientAliases(keyType, issuers);
+ return _delegate.getClientAliases(keyType, issuers);
}
public String[]
getServerAliases(String keyType, java.security.Principal[] issuers)
{
- return _delegate.getServerAliases(keyType, issuers);
+ return _delegate.getServerAliases(keyType, issuers);
}
public java.security.PrivateKey
getPrivateKey(String alias)
{
- return _delegate.getPrivateKey(alias);
+ return _delegate.getPrivateKey(alias);
}
private javax.net.ssl.X509KeyManager _delegate;
diff --git a/java/ssl/jdk1.4/IceSSL/X509TrustManagerI.java b/java/ssl/jdk1.4/IceSSL/X509TrustManagerI.java
index 0bbdf896b7e..325287daec1 100644
--- a/java/ssl/jdk1.4/IceSSL/X509TrustManagerI.java
+++ b/java/ssl/jdk1.4/IceSSL/X509TrustManagerI.java
@@ -13,37 +13,37 @@ final class X509TrustManagerI implements javax.net.ssl.X509TrustManager
{
X509TrustManagerI(javax.net.ssl.X509TrustManager delegate)
{
- _delegate = delegate;
+ _delegate = delegate;
}
public void
checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType)
- throws java.security.cert.CertificateException
+ throws java.security.cert.CertificateException
{
- if(!authType.equals("DH_anon") && _delegate != null)
- {
- _delegate.checkClientTrusted(chain, authType);
- }
+ if(!authType.equals("DH_anon") && _delegate != null)
+ {
+ _delegate.checkClientTrusted(chain, authType);
+ }
}
public void
checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType)
- throws java.security.cert.CertificateException
+ throws java.security.cert.CertificateException
{
- if(!authType.equals("DH_anon") && _delegate != null)
- {
- _delegate.checkServerTrusted(chain, authType);
- }
+ if(!authType.equals("DH_anon") && _delegate != null)
+ {
+ _delegate.checkServerTrusted(chain, authType);
+ }
}
public java.security.cert.X509Certificate[]
getAcceptedIssuers()
{
- if(_delegate != null)
- {
- return _delegate.getAcceptedIssuers();
- }
- return null;
+ if(_delegate != null)
+ {
+ return _delegate.getAcceptedIssuers();
+ }
+ return null;
}
private javax.net.ssl.X509TrustManager _delegate;
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-03 20:18:41 +0000