From 562a49f08df2adb1a3f233a9b7490575182ece04 Mon Sep 17 00:00:00 2001 From: Christina Fu Date: Tue, 20 Oct 2015 14:06:11 +0200 Subject: Ticket #1648 [RFE] provide separate cipher lists for CS instances acting as client and server This patch provides subsystem->subsystem cipher configuration when acting as a client --- .../cmscore/src/com/netscape/cmscore/apps/CMSEngine.java | 3 ++- .../com/netscape/cmscore/connector/HttpConnFactory.java | 10 ++++++++-- .../com/netscape/cmscore/connector/HttpConnector.java | 16 ++++++++-------- .../src/com/netscape/cmscore/connector/Resender.java | 9 ++++++--- 4 files changed, 24 insertions(+), 14 deletions(-) (limited to 'base/server/cmscore/src/com/netscape/cmscore') diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java index 2452a417f..77f913636 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java +++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java @@ -1010,8 +1010,9 @@ public class CMSEngine implements ICMSEngine { } public IResender getResender(IAuthority authority, String nickname, + String clientCiphers, IRemoteAuthority remote, int interval) { - return new Resender(authority, nickname, remote, interval); + return new Resender(authority, nickname, clientCiphers, remote, interval); } public IPKIMessage getHttpPKIMessage() { diff --git a/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnFactory.java b/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnFactory.java index db2a51afd..47f5e6108 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnFactory.java +++ b/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnFactory.java @@ -43,6 +43,7 @@ public class HttpConnFactory { private IAuthority mSource; private IRemoteAuthority mDest = null; private String mNickname = ""; + private String mClientCiphers = null; private int mTimeout = 0; /** @@ -59,13 +60,18 @@ public class HttpConnFactory { * @param maxConns max number of connections to have available. This is * @param serverInfo server connection info - host, port, etc. */ - public HttpConnFactory(int minConns, int maxConns, IAuthority source, IRemoteAuthority dest, String nickname, + public HttpConnFactory(int minConns, int maxConns, IAuthority source, IRemoteAuthority dest, String nickname, String clientCiphers, int timeout) throws EBaseException { CMS.debug("In HttpConnFactory constructor mTimeout " + timeout); + if (mClientCiphers != null) + CMS.debug("In HttpConnFactory constructor mClientCiphers: " + mClientCiphers); + else + CMS.debug("In HttpConnFactory constructor mClientCiphers not specified, will take default "); mSource = source; mDest = dest; mNickname = nickname; + mClientCiphers = clientCiphers; mTimeout = timeout; init(minConns, maxConns); @@ -120,7 +126,7 @@ public class HttpConnFactory { CMS.debug("In HttpConnFactory.createConnection."); try { - ISocketFactory tFactory = new JssSSLSocketFactory(mNickname); + ISocketFactory tFactory = new JssSSLSocketFactory(mNickname, mClientCiphers); if (mTimeout == 0) { retConn = CMS.getHttpConnection(mDest, tFactory); diff --git a/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnector.java b/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnector.java index 9b6f8dd93..398becc20 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnector.java +++ b/base/server/cmscore/src/com/netscape/cmscore/connector/HttpConnector.java @@ -49,13 +49,13 @@ public class HttpConnector implements IConnector { private HttpConnFactory mConnFactory = null; - public HttpConnector(IAuthority source, String nickName, + public HttpConnector(IAuthority source, String nickName, String clientCiphers, IRemoteAuthority dest, int resendInterval, IConfigStore config) throws EBaseException { mTimeout = 0; mSource = source; mDest = dest; - mFactory = new JssSSLSocketFactory(nickName); + mFactory = new JssSSLSocketFactory(nickName, clientCiphers); int minConns = config.getInteger("minHttpConns", 1); int maxConns = config.getInteger("maxHttpConns", 15); @@ -64,7 +64,7 @@ public class HttpConnector implements IConnector { CMS.debug("HttpConn: max " + maxConns); try { - mConnFactory = new HttpConnFactory(minConns, maxConns, source, dest, nickName, 0); + mConnFactory = new HttpConnFactory(minConns, maxConns, source, dest, nickName, clientCiphers, 0); } catch (EBaseException e) { CMS.debug("can't create new HttpConnFactory " + e.toString()); } @@ -72,17 +72,17 @@ public class HttpConnector implements IConnector { // mConn = CMS.getHttpConnection(dest, mFactory); // this will start resending past requests in parallel. if (resendInterval >= 0) { - mResender = CMS.getResender(mSource, nickName, dest, resendInterval); + mResender = CMS.getResender(mSource, nickName, clientCiphers, dest, resendInterval); } } // Inserted by beomsuk - public HttpConnector(IAuthority source, String nickName, + public HttpConnector(IAuthority source, String nickName, String clientCiphers, IRemoteAuthority dest, int resendInterval, IConfigStore config, int timeout) throws EBaseException { mSource = source; mDest = dest; mTimeout = timeout; - mFactory = new JssSSLSocketFactory(nickName); + mFactory = new JssSSLSocketFactory(nickName, clientCiphers); int minConns = config.getInteger("minHttpConns", 1); int maxConns = config.getInteger("maxHttpConns", 15); @@ -91,14 +91,14 @@ public class HttpConnector implements IConnector { CMS.debug("HttpConn: max " + maxConns); try { - mConnFactory = new HttpConnFactory(minConns, maxConns, source, dest, nickName, timeout); + mConnFactory = new HttpConnFactory(minConns, maxConns, source, dest, nickName, clientCiphers, timeout); } catch (EBaseException e) { CMS.debug("can't create new HttpConnFactory"); } // this will start resending past requests in parallel. if (resendInterval >= 0) { - mResender = CMS.getResender(mSource, nickName, dest, resendInterval); + mResender = CMS.getResender(mSource, nickName, clientCiphers, dest, resendInterval); } } diff --git a/base/server/cmscore/src/com/netscape/cmscore/connector/Resender.java b/base/server/cmscore/src/com/netscape/cmscore/connector/Resender.java index a949b993e..e6d9ceda7 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/connector/Resender.java +++ b/base/server/cmscore/src/com/netscape/cmscore/connector/Resender.java @@ -57,6 +57,7 @@ public class Resender implements IResender { protected HttpConnection mConn = null; protected String mNickName = null; + protected String mClientCiphers = null; protected boolean connected = false; // default interval. @@ -64,20 +65,22 @@ public class Resender implements IResender { // was down (versus being serviced in request queue) protected int mInterval = 1 * MINUTE; - public Resender(IAuthority authority, String nickName, IRemoteAuthority dest) { + public Resender(IAuthority authority, String nickName, String clientCiphers, IRemoteAuthority dest) { mAuthority = authority; mQueue = mAuthority.getRequestQueue(); mDest = dest; mNickName = nickName; + mClientCiphers = clientCiphers; } public Resender( - IAuthority authority, String nickName, + IAuthority authority, String nickName, String clientCiphers, IRemoteAuthority dest, int interval) { mAuthority = authority; mQueue = mAuthority.getRequestQueue(); mDest = dest; mNickName = nickName; + mClientCiphers = clientCiphers; if (interval > 0) mInterval = interval; // interval specified in seconds. } @@ -124,7 +127,7 @@ public class Resender implements IResender { if (! connected) { CMS.debug("Connecting ..."); - mConn = new HttpConnection(mDest, new JssSSLSocketFactory(mNickName)); + mConn = new HttpConnection(mDest, new JssSSLSocketFactory(mNickName, mClientCiphers)); initRequests(); connected = true; } -- cgit