mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 71917272 | patch | commit | ignore whitespace
Matthew Swift
22.35.2013 3d89796e2132d07e7b159c965c75d01d4c2d1b17 
Fix OPENDJ-673: LDAP SDK SSL connections use Grizzly default SSL configurator even when SSLContext is configured
2 files modified
49 ■■■■■ changed files
opendj-sdk/opendj3/opendj-ldap-sdk/src/main/java/com/forgerock/opendj/ldap/LDAPConnection.java 25 ●●●●● patch | view | raw | blame | history
opendj-sdk/opendj3/opendj-ldap-sdk/src/main/java/com/forgerock/opendj/ldap/LDAPServerFilter.java 24 ●●●●● patch | view | raw | blame | history 
 opendj-sdk/opendj3/opendj-ldap-sdk/src/main/java/com/forgerock/opendj/ldap/LDAPConnection.java


@@ -22,7 +22,7 @@


 *


 *


 *      Copyright 2010 Sun Microsystems, Inc.


 *      Portions Copyright 2011-2012 ForgeRock AS


 *      Portions Copyright 2011-2013 ForgeRock AS


 */




package com.forgerock.opendj.ldap;


@@ -31,6 +31,7 @@




import java.io.IOException;


import java.net.InetSocketAddress;


import java.security.GeneralSecurityException;


import java.util.List;


import java.util.concurrent.ConcurrentHashMap;


import java.util.concurrent.CopyOnWriteArrayList;


@@ -51,6 +52,8 @@


import org.forgerock.opendj.ldap.ResultCode;


import org.forgerock.opendj.ldap.ResultHandler;


import org.forgerock.opendj.ldap.SearchResultHandler;


import org.forgerock.opendj.ldap.SSLContextBuilder;


import org.forgerock.opendj.ldap.TrustManagers;


import org.forgerock.opendj.ldap.requests.AbandonRequest;


import org.forgerock.opendj.ldap.requests.AddRequest;


import org.forgerock.opendj.ldap.requests.BindClient;


@@ -85,6 +88,23 @@


 * LDAP connection implementation.


 */


final class LDAPConnection extends AbstractAsynchronousConnection implements Connection {


    /**


     * A dummy SSL client engine configurator as SSLFilter only needs client


     * config. This prevents Grizzly from needlessly using JVM defaults which


     * may be incorrectly configured.


     */


    private static final SSLEngineConfigurator DUMMY_SSL_ENGINE_CONFIGURATOR;


    static {


        try {


            DUMMY_SSL_ENGINE_CONFIGURATOR =


                    new SSLEngineConfigurator(new SSLContextBuilder().setTrustManager(


                            TrustManagers.distrustAll()).getSSLContext());


        } catch (GeneralSecurityException e) {


            // This should never happen.


            throw new IllegalStateException("Unable to create Dummy SSL Engine Configurator", e);


        }


    }




    private final AtomicBoolean bindOrStartTLSInProgress = new AtomicBoolean(false);


    private final org.glassfish.grizzly.Connection<?> connection;


    private final LDAPWriter ldapWriter = new LDAPWriter();


@@ -791,7 +811,8 @@


                    .toArray(new String[protocols.size()]));


            sslEngineConfigurator.setEnabledCipherSuites(cipherSuites.isEmpty() ? null


                    : cipherSuites.toArray(new String[cipherSuites.size()]));


            final SSLFilter sslFilter = new SSLFilter(null, sslEngineConfigurator);


            final SSLFilter sslFilter =


                    new SSLFilter(DUMMY_SSL_ENGINE_CONFIGURATOR, sslEngineConfigurator);


            installFilter(sslFilter);


            sslFilter.handshake(connection, completionHandler);


        }




 opendj-sdk/opendj3/opendj-ldap-sdk/src/main/java/com/forgerock/opendj/ldap/LDAPServerFilter.java


@@ -22,7 +22,7 @@


 *


 *


 *      Copyright 2010 Sun Microsystems, Inc.


 *      Portions copyright 2012 ForgeRock AS.


 *      Portions copyright 2012-2013 ForgeRock AS.


 */




package com.forgerock.opendj.ldap;


@@ -31,6 +31,7 @@




import java.io.IOException;


import java.net.InetSocketAddress;


import java.security.GeneralSecurityException;


import java.util.concurrent.atomic.AtomicBoolean;




import javax.net.ssl.SSLContext;


@@ -46,6 +47,8 @@


import org.forgerock.opendj.ldap.ResultHandler;


import org.forgerock.opendj.ldap.SearchResultHandler;


import org.forgerock.opendj.ldap.ServerConnection;


import org.forgerock.opendj.ldap.SSLContextBuilder;


import org.forgerock.opendj.ldap.TrustManagers;


import org.forgerock.opendj.ldap.controls.Control;


import org.forgerock.opendj.ldap.requests.AbandonRequest;


import org.forgerock.opendj.ldap.requests.AddRequest;


@@ -220,7 +223,7 @@


                sslEngineConfigurator.setEnabledProtocols(protocols);


                sslEngineConfigurator.setWantClientAuth(wantClientAuth);


                sslEngineConfigurator.setNeedClientAuth(needClientAuth);


                installFilter(new SSLFilter(sslEngineConfigurator, null));


                installFilter(new SSLFilter(sslEngineConfigurator, DUMMY_SSL_ENGINE_CONFIGURATOR));


            }


        }




@@ -637,6 +640,23 @@




    private static final LDAPWriter LDAP_WRITER = new LDAPWriter();




    /**


     * A dummy SSL client engine configurator as SSLFilter only needs server


     * config. This prevents Grizzly from needlessly using JVM defaults which


     * may be incorrectly configured.


     */


    private static final SSLEngineConfigurator DUMMY_SSL_ENGINE_CONFIGURATOR;


    static {


        try {


            DUMMY_SSL_ENGINE_CONFIGURATOR =


                    new SSLEngineConfigurator(new SSLContextBuilder().setTrustManager(


                            TrustManagers.distrustAll()).getSSLContext());


        } catch (GeneralSecurityException e) {


            // This should never happen.


            throw new IllegalStateException("Unable to create Dummy SSL Engine Configurator", e);


        }


    }




    private final LDAPReader ldapReader;


    private final LDAPListenerImpl listener;


    private final int maxASN1ElementSize;