From 7369ecc8296a0329e424596ff71c60629add3ce2 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Wed, 21 Feb 2007 19:44:18 +0000
Subject: [PATCH] Redesign the server to support multiple key manager providers, trust manager providers, and certificate mappers, and update the components which need access to those elements so that they can specify which one they want to use. Among other things, this will provide the ability to use different certificates for different listeners, and provide template configuration entries that make it easier for users to enable SSL and/or StartTLS.
---
opends/src/server/org/opends/server/extensions/TLSConnectionSecurityProvider.java | 68 ++++++++++++++++++++--------------
1 files changed, 40 insertions(+), 28 deletions(-)
diff --git a/opends/src/server/org/opends/server/extensions/TLSConnectionSecurityProvider.java b/opends/src/server/org/opends/server/extensions/TLSConnectionSecurityProvider.java
index eb1727b..292dab1 100644
--- a/opends/src/server/org/opends/server/extensions/TLSConnectionSecurityProvider.java
+++ b/opends/src/server/org/opends/server/extensions/TLSConnectionSecurityProvider.java
@@ -22,7 +22,7 @@
* CDDL HEADER END
*
*
- * Portions Copyright 2006 Sun Microsystems, Inc.
+ * Portions Copyright 2006-2007 Sun Microsystems, Inc.
*/
package org.opends.server.extensions;
@@ -160,6 +160,7 @@
SocketChannel socketChannel,
TLSConnectionSecurityProvider
parentProvider)
+ throws DirectoryException
{
super();
@@ -171,7 +172,43 @@
Socket socket = socketChannel.socket();
InetAddress inetAddress = socketChannel.socket().getInetAddress();
- sslContext = parentProvider.sslContext;
+
+ // Create an SSL session based on the configured key and trust stores in the
+ // Directory Server.
+ KeyManagerProvider keyManagerProvider =
+ DirectoryServer.getKeyManagerProvider(
+ clientConnection.getKeyManagerProviderDN());
+ if (keyManagerProvider == null)
+ {
+ keyManagerProvider = new NullKeyManagerProvider();
+ }
+
+ TrustManagerProvider trustManagerProvider =
+ DirectoryServer.getTrustManagerProvider(
+ clientConnection.getTrustManagerProviderDN());
+ if (trustManagerProvider == null)
+ {
+ trustManagerProvider = new NullTrustManagerProvider();
+ }
+
+ try
+ {
+ // FIXME -- Is it bad to create a new SSLContext for each connection?
+ sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
+ sslContext.init(keyManagerProvider.getKeyManagers(),
+ trustManagerProvider.getTrustManagers(), null);
+ }
+ catch (Exception e)
+ {
+ assert debugException(CLASS_NAME, "initializeConnectionSecurityProvider",
+ e);
+
+ int msgID = MSGID_TLS_SECURITY_PROVIDER_CANNOT_INITIALIZE;
+ String message = getMessage(msgID, stackTraceToSingleLineString(e));
+ throw new DirectoryException(DirectoryServer.getServerErrorResultCode(),
+ message, msgID, e);
+ }
+
sslEngine = sslContext.createSSLEngine(inetAddress.getHostName(),
socket.getPort());
sslEngine.setUseClientMode(false);
@@ -259,32 +296,7 @@
sslEngine = null;
-
- // Create an SSL session based on the configured key and trust stores in the
- // Directory Server.
- KeyManagerProvider keyManagerProvider =
- DirectoryServer.getKeyManagerProvider();
- TrustManagerProvider trustManagerProvider =
- DirectoryServer.getTrustManagerProvider();
-
- try
- {
- sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
- sslContext.init(keyManagerProvider.getKeyManagers(),
- trustManagerProvider.getTrustManagers(), null);
- }
- catch (Exception e)
- {
- assert debugException(CLASS_NAME, "initializeConnectionSecurityProvider",
- e);
-
- int msgID = MSGID_TLS_SECURITY_PROVIDER_CANNOT_INITIALIZE;
- String message = getMessage(msgID, stackTraceToSingleLineString(e));
- throw new InitializationException(msgID, message, e);
- }
-
-
- enabledProtocols = null;
+ enabledProtocols = null;
enabledCipherSuites = null;
sslClientAuthPolicy = SSLClientAuthPolicy.OPTIONAL;
}
--
Gitblit v1.10.0