Concurrent with trying to enable Geronimo to use Yoko, I'm also working
on the changes for this JIRA
http://issues.apache.org/jira/browse/GERONIMO-2002
which configures the SSL support created for the ORB to use the Geronimo
KeystoreManager API. To handle this, I've create an SSLConfigGBean that
holds a reference to the KeystoreManager instance, the names of the
truststore and ketstores, etc. This GBean has methods for creating
SSLSocketFactory and SSLServerSocketFactory instances based on the
config information.
The challenge was then how to pass a reference to this GBean into the
socket factory instances used by the ORBs. The challenge here is the
same for both the Sun ORB and the Yoko ORB. The socket factories are
enabled by setting a property or argument to the name of the socket
factory class, and the ORB will use reflection to instantiate the
factory and plug it in. There's no way to pass in an already
constructed object through the ORB.init() call.
To pass in this instance, I'm able to set a string argument for the
factory, which I'm setting to the AbstractName for the GBean. The
factory then uses
Kernel kernel = KernelRegistry.getSingleKernel();
sslConfig = (SSLConfig)kernel.getGBean(new
AbstractName(new URI(configName)));
to retrieve the GBean. This works, and allows me access to the
SSLConfig object for getting the socket factories.
Unfortunately, for CorbaBean objects, I also need access to some of the
information stored in the TSSConfig that part of the CorbaBean instance
to sort out the requires and supports values for the created SSLSocket.
This information is needed to configure the socket once it is created
using the appropriate socket factory instance. I have to pass multiple
pieces of information from multiple sources through a very narrow pipe
(a single String).
There are a couple potential solutions I see:
1. Pass the requires/supports information as system properties. This
is the approach currently used in the Sun socket factory, but this
approach is not really thread safe, and also depends on the socket
factory initialization occurring on the same initialization thread.
2. Pass the supports/requires information somehow encoded with the
abstract name used to retrieve the factory. This will work, but
feels awkward to me.
3. Rather than using the AsbstactName of the SSLConfig GBean, pass in
the AbstractName of the CorbaBean (or CSSBean) that's being used.
The beans already are holding an instance of the SLLConfig GBean,
so all of the needed information can be requested directly from
the ORB configuration beans. I'll probably create an common
interface that both CorbaBean and CSSBean will implement so that
the socket factories don't need to deal with which sort of ORB is
getting created.
Does 3) sound like a reasonable approach? Are there other options I've
overlooked?
Rick
