diff options
| author | Christina Fu <cfu@redhat.com> | 2015-10-20 14:06:11 +0200 |
|---|---|---|
| committer | Christina Fu <cfu@redhat.com> | 2015-10-20 16:17:26 +0200 |
| commit | 562a49f08df2adb1a3f233a9b7490575182ece04 (patch) | |
| tree | 1e304bb3b022ab5c67a80f5fe10facc99b69e7c3 /base/server/cmscore/src/com/netscape/cmscore | |
| parent | 14c3c2992fc5eccb7cafad38d0b5a0e7503982d5 (diff) | |
| download | pki-562a49f08df2adb1a3f233a9b7490575182ece04.tar.gz pki-562a49f08df2adb1a3f233a9b7490575182ece04.tar.xz pki-562a49f08df2adb1a3f233a9b7490575182ece04.zip | |
Ticket #1648 [RFE] provide separate cipher lists for CS instances acting as client and server This patch provides subsystem->subsystem cipher configuration when acting as a client
Diffstat (limited to 'base/server/cmscore/src/com/netscape/cmscore')
4 files changed, 24 insertions, 14 deletions
diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java index 2452a417f..77f913636 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java +++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java @@ -1010,8 +1010,9 @@ public class CMSEngine implements ICMSEngine { } public IResender getResender(IAuthority authority, String nickname, + String clientCiphers, IRemoteAuthority remote, int interval) { - return new Resender(authority, nickname, remote, interval); + return new Resender(authority, nickname, clientCiphers, remote, interval); } public IPKIMessage getHttpPKIMessage() { diff --git a/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnFactory.java b/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnFactory.java index db2a51afd..47f5e6108 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnFactory.java +++ b/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnFactory.java @@ -43,6 +43,7 @@ public class HttpConnFactory { private IAuthority mSource; private IRemoteAuthority mDest = null; private String mNickname = ""; + private String mClientCiphers = null; private int mTimeout = 0; /** @@ -59,13 +60,18 @@ public class HttpConnFactory { * @param maxConns max number of connections to have available. This is * @param serverInfo server connection info - host, port, etc. */ - public HttpConnFactory(int minConns, int maxConns, IAuthority source, IRemoteAuthority dest, String nickname, + public HttpConnFactory(int minConns, int maxConns, IAuthority source, IRemoteAuthority dest, String nickname, String clientCiphers, int timeout) throws EBaseException { CMS.debug("In HttpConnFactory constructor mTimeout " + timeout); + if (mClientCiphers != null) + CMS.debug("In HttpConnFactory constructor mClientCiphers: " + mClientCiphers); + else + CMS.debug("In HttpConnFactory constructor mClientCiphers not specified, will take default "); mSource = source; mDest = dest; mNickname = nickname; + mClientCiphers = clientCiphers; mTimeout = timeout; init(minConns, maxConns); @@ -120,7 +126,7 @@ public class HttpConnFactory { CMS.debug("In HttpConnFactory.createConnection."); try { - ISocketFactory tFactory = new JssSSLSocketFactory(mNickname); + ISocketFactory tFactory = new JssSSLSocketFactory(mNickname, mClientCiphers); if (mTimeout == 0) { retConn = CMS.getHttpConnection(mDest, tFactory); diff --git a/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnector.java b/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnector.java index 9b6f8dd93..398becc20 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnector.java +++ b/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnector.java @@ -49,13 +49,13 @@ public class HttpConnector implements IConnector { private HttpConnFactory mConnFactory = null; - public HttpConnector(IAuthority source, String nickName, + public HttpConnector(IAuthority source, String nickName, String clientCiphers, IRemoteAuthority dest, int resendInterval, IConfigStore config) throws EBaseException { mTimeout = 0; mSource = source; mDest = dest; - mFactory = new JssSSLSocketFactory(nickName); + mFactory = new JssSSLSocketFactory(nickName, clientCiphers); int minConns = config.getInteger("minHttpConns", 1); int maxConns = config.getInteger("maxHttpConns", 15); @@ -64,7 +64,7 @@ public class HttpConnector implements IConnector { CMS.debug("HttpConn: max " + maxConns); try { - mConnFactory = new HttpConnFactory(minConns, maxConns, source, dest, nickName, 0); + mConnFactory = new HttpConnFactory(minConns, maxConns, source, dest, nickName, clientCiphers, 0); } catch (EBaseException e) { CMS.debug("can't create new HttpConnFactory " + e.toString()); } @@ -72,17 +72,17 @@ public class HttpConnector implements IConnector { // mConn = CMS.getHttpConnection(dest, mFactory); // this will start resending past requests in parallel. if (resendInterval >= 0) { - mResender = CMS.getResender(mSource, nickName, dest, resendInterval); + mResender = CMS.getResender(mSource, nickName, clientCiphers, dest, resendInterval); } } // Inserted by beomsuk - public HttpConnector(IAuthority source, String nickName, + public HttpConnector(IAuthority source, String nickName, String clientCiphers, IRemoteAuthority dest, int resendInterval, IConfigStore config, int timeout) throws EBaseException { mSource = source; mDest = dest; mTimeout = timeout; - mFactory = new JssSSLSocketFactory(nickName); + mFactory = new JssSSLSocketFactory(nickName, clientCiphers); int minConns = config.getInteger("minHttpConns", 1); int maxConns = config.getInteger("maxHttpConns", 15); @@ -91,14 +91,14 @@ public class HttpConnector implements IConnector { CMS.debug("HttpConn: max " + maxConns); try { - mConnFactory = new HttpConnFactory(minConns, maxConns, source, dest, nickName, timeout); + mConnFactory = new HttpConnFactory(minConns, maxConns, source, dest, nickName, clientCiphers, timeout); } catch (EBaseException e) { CMS.debug("can't create new HttpConnFactory"); } // this will start resending past requests in parallel. if (resendInterval >= 0) { - mResender = CMS.getResender(mSource, nickName, dest, resendInterval); + mResender = CMS.getResender(mSource, nickName, clientCiphers, dest, resendInterval); } } diff --git a/base/server/cmscore/src/com/netscape/cmscore/connector/Resender.java b/base/server/cmscore/src/com/netscape/cmscore/connector/Resender.java index a949b993e..e6d9ceda7 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/connector/Resender.java +++ b/base/server/cmscore/src/com/netscape/cmscore/connector/Resender.java @@ -57,6 +57,7 @@ public class Resender implements IResender { protected HttpConnection mConn = null; protected String mNickName = null; + protected String mClientCiphers = null; protected boolean connected = false; // default interval. @@ -64,20 +65,22 @@ public class Resender implements IResender { // was down (versus being serviced in request queue) protected int mInterval = 1 * MINUTE; - public Resender(IAuthority authority, String nickName, IRemoteAuthority dest) { + public Resender(IAuthority authority, String nickName, String clientCiphers, IRemoteAuthority dest) { mAuthority = authority; mQueue = mAuthority.getRequestQueue(); mDest = dest; mNickName = nickName; + mClientCiphers = clientCiphers; } public Resender( - IAuthority authority, String nickName, + IAuthority authority, String nickName, String clientCiphers, IRemoteAuthority dest, int interval) { mAuthority = authority; mQueue = mAuthority.getRequestQueue(); mDest = dest; mNickName = nickName; + mClientCiphers = clientCiphers; if (interval > 0) mInterval = interval; // interval specified in seconds. } @@ -124,7 +127,7 @@ public class Resender implements IResender { if (! connected) { CMS.debug("Connecting ..."); - mConn = new HttpConnection(mDest, new JssSSLSocketFactory(mNickName)); + mConn = new HttpConnection(mDest, new JssSSLSocketFactory(mNickName, mClientCiphers)); initRequests(); connected = true; } |