maguro 2005/04/01 20:08:41
Modified: modules/core/src/java/org/openejb/corba/sunorb
OpenEJBSocketFactory.java SunORBConfigAdapter.java
Log:
Added SAS identity assertions.
Fixed some SSL configuration problems.
Revision Changes Path
1.3 +24 -10
openejb/modules/core/src/java/org/openejb/corba/sunorb/OpenEJBSocketFactory.java
Index: OpenEJBSocketFactory.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/core/src/java/org/openejb/corba/sunorb/OpenEJBSocketFactory.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- OpenEJBSocketFactory.java 28 Mar 2005 21:00:20 -0000 1.2
+++ OpenEJBSocketFactory.java 2 Apr 2005 01:08:41 -0000 1.3
@@ -73,6 +73,7 @@
import org.omg.IOP.TaggedComponent;
import org.openejb.corba.MinorCodes;
+import org.openejb.corba.security.config.ConfigUtil;
import org.openejb.corba.security.config.tss.TSSCompoundSecMechListConfig;
import org.openejb.corba.security.config.tss.TSSSSLTransportConfig;
import org.openejb.corba.security.config.tss.TSSTransportMechConfig;
@@ -140,13 +141,15 @@
} else if ("Integrity".equals(props[i])) {
} else if ("NoProtection".equals(props[i])) {
requires |= NoProtection.value;
- } else if (props[i].trim().length() == 0) {
- requires |= NoProtection.value;
} else {
log.error("Unsupported socket property: " + props[i]);
}
}
- if (requires == 0) requires = NoProtection.value;
+
+ if (log.isDebugEnabled()) {
+ log.debug(" SUPPORTS: " + ConfigUtil.flags(supports));
+ log.debug(" REQUIRES: " + ConfigUtil.flags(requires));
+ }
clientAuthSupported = caSupported;
clientAuthRequired = caRequired;
@@ -165,7 +168,7 @@
serverSocket.setEnabledCipherSuites(cipherSuites);
serverSocket.setWantClientAuth(clientAuthSupported);
serverSocket.setNeedClientAuth(clientAuthRequired);
- serverSocket.setSoTimeout(10 * 1000);
+ serverSocket.setSoTimeout(60 * 1000);
if (log.isDebugEnabled()) {
log.debug("Created SSL server socket on port " + port);
@@ -197,7 +200,7 @@
socket.setEnabledCipherSuites(cipherSuites);
socket.setWantClientAuth(clientAuthSupported);
socket.setNeedClientAuth(clientAuthRequired);
- socket.setSoTimeout(10 * 1000);
+ socket.setSoTimeout(60 * 1000);
if (log.isDebugEnabled()) {
log.debug("Created SSL socket to " + endPointInfo.getHost()
+ ":" + endPointInfo.getPort());
@@ -227,11 +230,22 @@
for (int j = 0; j < config.size(); j++) {
TSSTransportMechConfig transport_mech =
config.mechAt(j).getTransport_mech();
if (transport_mech instanceof TSSSSLTransportConfig) {
- TSSSSLTransportConfig sslConig =
(TSSSSLTransportConfig) transport_mech;
+ TSSSSLTransportConfig sslConfig =
(TSSSSLTransportConfig) transport_mech;
+
+ if (log.isDebugEnabled()) {
+ int supports = sslConfig.getSupports();
+ int requires = sslConfig.getRequires();
+
+ log.debug("IOR from target " +
sslConfig.getHostname().toLowerCase() + ":" + sslConfig.getPort());
+ log.debug(" SUPPORTS: " +
ConfigUtil.flags(supports));
+ log.debug(" REQUIRES: " +
ConfigUtil.flags(requires));
+ }
+
+ if ((NoProtection.value & sslConfig.getRequires())
== NoProtection.value) break;
return new EndPointImpl(IIOP_SSL,
- sslConig.getPort(),
-
sslConig.getHostname().toLowerCase());
+ sslConfig.getPort(),
+
sslConfig.getHostname().toLowerCase());
}
}
1.3 +2 -5
openejb/modules/core/src/java/org/openejb/corba/sunorb/SunORBConfigAdapter.java
Index: SunORBConfigAdapter.java
===================================================================
RCS file:
/home/projects/openejb/scm/openejb/modules/core/src/java/org/openejb/corba/sunorb/SunORBConfigAdapter.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SunORBConfigAdapter.java 28 Mar 2005 21:00:20 -0000 1.2
+++ SunORBConfigAdapter.java 2 Apr 2005 01:08:41 -0000 1.3
@@ -120,9 +120,6 @@
}
}
- } else {
- supProp = "NoProtection";
- reqProp = "NoProtection";
}
System.setProperty("org.openejb.corba.ssl.SocketProperties.supports", supProp);
System.setProperty("org.openejb.corba.ssl.SocketProperties.requires", reqProp);
