manifol...

kwright Wed, 23 Sep 2015 14:39:00 -0700

Author: kwright
Date: Wed Sep 23 21:38:16 2015
New Revision: 1704939

URL: http://svn.apache.org/viewvc?rev=1704939&view=rev
Log:
Create the infrastructure necessary to support SSL for LDAP connections. Part 
of CONNECTORS-1244.


Added:
    
manifoldcf/trunk/framework/connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/keystore/TrustingSSLSocketFactoryProducer.java
   (with props)
    
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/common/LDAPSSLSocketFactory.java
   (with props)
    
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/interfaces/ISSLSocketFactoryProducer.java
   (with props)
Modified:
    
manifoldcf/trunk/framework/connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/interfaces/IKeystoreManager.java

Modified: 
manifoldcf/trunk/framework/connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/interfaces/IKeystoreManager.java
URL: 
http://svn.apache.org/viewvc/manifoldcf/trunk/framework/connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/interfaces/IKeystoreManager.java?rev=1704939&r1=1704938&r2=1704939&view=diff
==============================================================================
--- 
manifoldcf/trunk/framework/connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/interfaces/IKeystoreManager.java
 (original)
+++ 
manifoldcf/trunk/framework/connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/interfaces/IKeystoreManager.java
 Wed Sep 23 21:38:16 2015
@@ -26,7 +26,7 @@ import java.io.*;
 * It's built on top of the JDK 1.4+ JSSE integration, and provides all the 
necessary logic
 * to work well within the ManifoldCF java environment.
 */
-public interface IKeystoreManager
+public interface IKeystoreManager extends ISSLSocketFactoryProducer
 {
   public static final String _rcsid = "@(#)$Id: IKeystoreManager.java 988245 
2010-08-23 18:39:35Z kwright $";
 
@@ -80,11 +80,4 @@ public interface IKeystoreManager
   public void addCertificate(String alias, java.security.cert.Certificate 
certificate)
     throws ManifoldCFException;
 
-  /** Build a secure socket factory based on this keystore.
-  */
-  public javax.net.ssl.SSLSocketFactory getSecureSocketFactory()
-    throws ManifoldCFException;
-
-
-
 }

Added: 
manifoldcf/trunk/framework/connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/keystore/TrustingSSLSocketFactoryProducer.java
URL: 
http://svn.apache.org/viewvc/manifoldcf/trunk/framework/connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/keystore/TrustingSSLSocketFactoryProducer.java?rev=1704939&view=auto
==============================================================================
--- 
manifoldcf/trunk/framework/connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/keystore/TrustingSSLSocketFactoryProducer.java
 (added)
+++ 
manifoldcf/trunk/framework/connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/keystore/TrustingSSLSocketFactoryProducer.java
 Wed Sep 23 21:38:16 2015
@@ -0,0 +1,86 @@
+/* $Id$ */
+
+/**
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.manifoldcf.connectorcommon.keystore;
+
+import org.apache.manifoldcf.core.interfaces.*;
+import javax.net.ssl.SSLSocketFactory;
+import java.security.*;
+import java.io.*;
+import java.net.Socket;
+import java.net.InetAddress;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.X509TrustManager;
+import javax.net.ssl.TrustManager;
+import java.security.cert.X509Certificate;
+import java.security.NoSuchAlgorithmException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+
+/** This SSLSocketFactoryProducer does no certificate checking whatsoever.
+*/
+public class TrustingSSLSocketFactoryProducer implements 
ISSLSocketFactoryProducer
+{
+  public TrustingSSLSocketFactoryProducer()
+  {
+  }
+  
+  /** Build a secure socket factory based on this producer.
+  */
+  @Override
+  public javax.net.ssl.SSLSocketFactory getSecureSocketFactory()
+    throws ManifoldCFException
+  {
+    try
+    {
+      final TrustManager tm = new X509TrustManager() {
+        @Override
+        public void checkClientTrusted(final X509Certificate[] chain, final 
String authType) throws CertificateException
+        {
+        }
+
+        @Override
+        public void checkServerTrusted(final X509Certificate[] chain, final 
String authType) throws CertificateException
+        {
+        }
+
+        @Override
+        public X509Certificate[] getAcceptedIssuers()
+        {
+          return null;
+        }
+      };
+
+      final SSLContext sslContext = SSLContext.getInstance("TLS");
+      sslContext.init(null, new TrustManager[] { tm }, null);
+      return sslContext.getSocketFactory();
+    }
+    catch (NoSuchAlgorithmException e)
+    {
+      throw new ManifoldCFException(e.getMessage(),e);
+    }
+    catch (KeyManagementException e)
+    {
+      throw new ManifoldCFException(e.getMessage(),e);
+    }
+  }
+
+}

Propchange: 
manifoldcf/trunk/framework/connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/keystore/TrustingSSLSocketFactoryProducer.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: 
manifoldcf/trunk/framework/connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/keystore/TrustingSSLSocketFactoryProducer.java
------------------------------------------------------------------------------
    svn:keywords = Id

Added: 
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/common/LDAPSSLSocketFactory.java
URL: 
http://svn.apache.org/viewvc/manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/common/LDAPSSLSocketFactory.java?rev=1704939&view=auto
==============================================================================
--- 
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/common/LDAPSSLSocketFactory.java
 (added)
+++ 
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/common/LDAPSSLSocketFactory.java
 Wed Sep 23 21:38:16 2015
@@ -0,0 +1,100 @@
+/* $Id$ */
+
+/**
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.manifoldcf.core.common;
+
+import org.apache.manifoldcf.core.interfaces.*;
+import javax.net.ssl.SSLSocketFactory;
+import java.security.*;
+import java.io.*;
+import java.net.Socket;
+import java.net.InetAddress;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.SSLContext;
+
+/** This SSLSocketFactory is meant to be instantiated by Java's LDAP code.  It 
has
+* to be instantiated by name, using the default constructor, so its 
functionality is quite
+* limited.  It really has little choice other than to trust the certificates 
from the server.
+*/
+public class LDAPSSLSocketFactory extends SSLSocketFactory
+{
+  /** This is the implicit way to pass in a socket factory producer */
+  protected static final ThreadLocal<ISSLSocketFactoryProducer> 
sslSocketFactoryProducer = new ThreadLocal<ISSLSocketFactoryProducer>();
+  
+  protected final SSLSocketFactory wrappedSocketFactory;
+  
+  /** Set the socket factory producer to use */
+  public static void setSocketFactoryProducer(final ISSLSocketFactoryProducer 
p)
+  {
+    sslSocketFactoryProducer.set(p);
+  }
+  
+  public LDAPSSLSocketFactory()
+    throws ManifoldCFException
+  {
+    // This must be preinitialized to contain the correct socket factory 
producer
+    this.wrappedSocketFactory = 
sslSocketFactoryProducer.get().getSecureSocketFactory();
+  }
+  
+  @Override
+  public Socket createSocket(final Socket s, final String host, final int 
port, final boolean autoClose)
+    throws IOException
+  {
+    return wrappedSocketFactory.createSocket(s, host, port, autoClose);
+  }
+
+  @Override
+  public Socket createSocket(final InetAddress source, final int port, final 
InetAddress target, final int targetPort)
+    throws IOException
+  {
+    return wrappedSocketFactory.createSocket(source, port, target, targetPort);
+  }
+
+  @Override
+  public Socket createSocket(final String source, final int port, final 
InetAddress target, final int targetPort)
+    throws IOException
+  {
+    return wrappedSocketFactory.createSocket(source, port, target, targetPort);
+  }
+
+  @Override
+  public Socket createSocket(final InetAddress source, final int port)
+    throws IOException
+  {
+    return wrappedSocketFactory.createSocket(source, port);
+  }
+
+  @Override
+  public Socket createSocket(final String source, final int port)
+    throws IOException
+  {
+    return wrappedSocketFactory.createSocket(source, port);
+  }
+  
+  @Override
+  public String[] getDefaultCipherSuites()
+  {
+    return wrappedSocketFactory.getDefaultCipherSuites();
+  }
+  
+  @Override
+  public String[] getSupportedCipherSuites()
+  {
+    return wrappedSocketFactory.getSupportedCipherSuites();
+  }
+}

Propchange: 
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/common/LDAPSSLSocketFactory.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: 
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/common/LDAPSSLSocketFactory.java
------------------------------------------------------------------------------
    svn:keywords = Id

Added: 
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/interfaces/ISSLSocketFactoryProducer.java
URL: 
http://svn.apache.org/viewvc/manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/interfaces/ISSLSocketFactoryProducer.java?rev=1704939&view=auto
==============================================================================
--- 
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/interfaces/ISSLSocketFactoryProducer.java
 (added)
+++ 
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/interfaces/ISSLSocketFactoryProducer.java
 Wed Sep 23 21:38:16 2015
@@ -0,0 +1,33 @@
+/* $Id$ */
+
+/**
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package org.apache.manifoldcf.core.interfaces;
+
+/** This interface describes a class that produces a SSLSocketFactory.
+*/
+public interface ISSLSocketFactoryProducer
+{
+  public static final String _rcsid = "@(#)$Id$";
+
+  /** Build a secure socket factory based on this producer.
+  */
+  public javax.net.ssl.SSLSocketFactory getSecureSocketFactory()
+    throws ManifoldCFException;
+
+}

Propchange: 
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/interfaces/ISSLSocketFactoryProducer.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: 
manifoldcf/trunk/framework/core/src/main/java/org/apache/manifoldcf/core/interfaces/ISSLSocketFactoryProducer.java
------------------------------------------------------------------------------
    svn:keywords = Id

svn commit: r1704939 - in /manifoldcf/trunk/framework: connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/interfaces/ connector-common/src/main/java/org/apache/manifoldcf/connectorcommon/keystore/ core/src/main/java/org/apache/manifol...

Reply via email to