Author: dblevins
Date: Wed Jul 4 01:03:24 2012
New Revision: 1357030
URL: http://svn.apache.org/viewvc?rev=1357030&view=rev
Log:
OPENEJB-1856: Allow User selectable Cipher Suites to enhance ejbds SSL security
Patch from Jonathan Fisher
Thanks, Jonathan!
(congrats on your first code patch! third patch total)
Modified:
openejb/trunk/openejb/server/openejb-client/src/main/java/org/apache/openejb/client/SocketConnectionFactory.java
openejb/trunk/openejb/server/openejb-server/src/main/java/org/apache/openejb/server/ServiceDaemon.java
Modified:
openejb/trunk/openejb/server/openejb-client/src/main/java/org/apache/openejb/client/SocketConnectionFactory.java
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb/server/openejb-client/src/main/java/org/apache/openejb/client/SocketConnectionFactory.java?rev=1357030&r1=1357029&r2=1357030&view=diff
==============================================================================
---
openejb/trunk/openejb/server/openejb-client/src/main/java/org/apache/openejb/client/SocketConnectionFactory.java
(original)
+++
openejb/trunk/openejb/server/openejb-client/src/main/java/org/apache/openejb/client/SocketConnectionFactory.java
Wed Jul 4 01:03:24 2012
@@ -16,12 +16,6 @@
*/
package org.apache.openejb.client;
-import org.apache.openejb.client.event.ConnectionOpened;
-import org.apache.openejb.client.event.ConnectionPoolCreated;
-import org.apache.openejb.client.event.ConnectionPoolTimeout;
-
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.IOException;
@@ -41,6 +35,13 @@ import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.openejb.client.event.ConnectionOpened;
+import org.apache.openejb.client.event.ConnectionPoolCreated;
+import org.apache.openejb.client.event.ConnectionPoolTimeout;
+
public class SocketConnectionFactory implements ConnectionFactory {
private KeepAliveStyle keepAliveStyle = KeepAliveStyle.PING;
@@ -51,18 +52,20 @@ public class SocketConnectionFactory imp
public static final String PROPERTY_POOL_SIZE =
"openejb.client.connection.pool.size";
private static final String PROPERTY_POOL_SIZE2 =
"openejb.client.connectionpool.size";
public static final String PROPERTY_KEEPALIVE = "openejb.client.keepalive";
+ public static final String ENABLED_CIPHER_SUITES =
"openejb.client.enabledCipherSuites";
private static final Map<URI, Pool> connections = new
ConcurrentHashMap<URI, Pool>();
private int size = 5;
private long timeoutPool = 1000;
private int timeoutSocket = 150;
+ private String[] enabledCipherSuites;
public SocketConnectionFactory() {
this.size = getSize();
this.timeoutPool = getTimeoutPool();
this.timeoutSocket = getTimeoutSocket();
-
+ this.enabledCipherSuites = getEnabledCipherSuites();
try {
String property = System.getProperty(PROPERTY_KEEPALIVE);
if (property != null) {
@@ -73,6 +76,15 @@ public class SocketConnectionFactory imp
//Ignore
}
}
+
+ private String[] getEnabledCipherSuites(){
+ String property = System.getProperty(ENABLED_CIPHER_SUITES);
+ if (property != null){
+ return property.split(",");
+ } else {
+ return new String[]{ "SSL_DH_anon_WITH_RC4_128_MD5"};
+ }
+ }
private long getTimeoutPool() {
final Properties p = System.getProperties();
@@ -242,11 +254,6 @@ public class SocketConnectionFactory imp
try {
if (uri.getScheme().equalsIgnoreCase("ejbds")) {
final SSLSocket sslSocket = (SSLSocket)
SSLSocketFactory.getDefault().createSocket(address.getAddress(),
SocketConnectionFactory.this.timeoutSocket);
- // use an anonymous cipher suite so that a KeyManager or
- // TrustManager is not needed
- // NOTE: this assumes that the cipher suite is known. A
check
- // -should- be done first.
- final String[] enabledCipherSuites =
{"SSL_DH_anon_WITH_RC4_128_MD5"};
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
this.socket = sslSocket;
} else {
Modified:
openejb/trunk/openejb/server/openejb-server/src/main/java/org/apache/openejb/server/ServiceDaemon.java
URL:
http://svn.apache.org/viewvc/openejb/trunk/openejb/server/openejb-server/src/main/java/org/apache/openejb/server/ServiceDaemon.java?rev=1357030&r1=1357029&r2=1357030&view=diff
==============================================================================
---
openejb/trunk/openejb/server/openejb-server/src/main/java/org/apache/openejb/server/ServiceDaemon.java
(original)
+++
openejb/trunk/openejb/server/openejb-server/src/main/java/org/apache/openejb/server/ServiceDaemon.java
Wed Jul 4 01:03:24 2012
@@ -68,6 +68,7 @@ public class ServiceDaemon implements Se
private StringTemplate discoveryUriFormat;
private URI serviceUri;
private Properties props;
+ private String[] enabledCipherSuites;
public ServiceDaemon(ServerService next) {
this.next = next;
@@ -121,6 +122,8 @@ public class ServiceDaemon implements Se
secure = options.get("secure", false);
timeout = options.get("timeout", timeout);
+
+ enabledCipherSuites = options.get("enabledCipherSuites",
"SSL_DH_anon_WITH_RC4_128_MD5").split(",");
next.init(props);
}
@@ -140,7 +143,6 @@ public class ServiceDaemon implements Se
if (secure) {
ServerSocketFactory factory =
SSLServerSocketFactory.getDefault();
serverSocket = factory.createServerSocket(port, backlog,
inetAddress);
- final String[] enabledCipherSuites =
{"SSL_DH_anon_WITH_RC4_128_MD5"};
((SSLServerSocket)
serverSocket).setEnabledCipherSuites(enabledCipherSuites);
} else {
serverSocket = new ServerSocket(port, backlog,
inetAddress);
