6084.diff

     ** Module   : ServerDriver.java
     ** Abstract : command line driver for the server
     **
     ** Copyright (c) 2005-2021, Golden Code Development Corporation.
     ** Copyright (c) 2005-2022, Golden Code Development Corporation.
     **
     ** -#- -I- --Date-- --JPRM-- ----------------------------------Description-----------------------------------
     ** 001 NVS 20050418   @20786 Repackaging net package. This file has been created as a
-...
     **     IAS 20210827          Added BouncyCastle JCE/JSSE support
     **     GES 20210827          Added driver name initialization and diagnostics output.
     **     OM  20210923          Added -profile command line option for specifying the configuration profile.
     **     IAS 20220624          Added support for the Conscript JCE/JSSE provider
     */
     /*
-...
        protected void start(BootstrapConfig bc)
        throws Exception
+       {
           if (bc.getBoolean("security", "bouncycastle", "use", false) && BCProbe.bcFound)
           String provider = bc.getConfigItem("security", "provider", "name");
           if (provider == null)
+          {
+          }
           else if ("bouncycastle".equals(provider) && BCProbe.bcFound)
+          {
              Security.insertProviderAt(BCHolder.JCE, 1);
              Security.insertProviderAt(BCHolder.JSSE, 2);
-...
                 e.printStackTrace();
+             }
+          }
           else if ("conscrypt".equals(provider) && CSProbe.csFound)
+          {
              Security.insertProviderAt(CSHolder.SSL, 1);
+          }
           else
+          {
              throw new IllegalStateException("Unknown security provider name: [" + provider + "]");
+          }
           boolean single = bc.getBoolean("process", "arch", "single", false);

     ** Module   : SSL.java
     ** Abstract : Implements abstract SSL FSM on the top of SSLEngine.
     **
     ** Copyright (c) 2016-2021, Golden Code Development Corporation.
     ** Copyright (c) 2016-2022, Golden Code Development Corporation.
     **
     ** -#- -I- --Date--  ---------------------------------------Description---------------------------------------
     ** 001 IAS 20160805  Initial version
-...
     **     IAS 20210323  Re-worked synchronization logic and added logging.
     **     IAS 20210608  Provide more details on the unwrap() failure.
     **     IAS 20210827  Fixed sporadic SSL failures
     **     IAS 20220624  Added support for the Conscript JCE/JSSE provider
     */
     /*
     ** This program is free software: you can redistribute it and/or modify
-...
         */
        public SSL(SSLEngine engine, ExecutorService fsmWorkers)
+       {
           int delta = engine.getClass().getName().startsWith("org.conscrypt") ? 0 : 50;
           SSLSession session = engine.getSession();
           this.appBufferMax = session.getApplicationBufferSize();
           this.netBufferMax = session.getPacketBufferSize();
           LOG.log(Level.FINE, String.format("appBufferMax: %d, netBufferMax: %d \n", appBufferMax, netBufferMax));
           this.outWrap = ByteBuffer.allocate(appBufferMax + 50);
           this.outWrap = ByteBuffer.allocate(appBufferMax + delta);
           this.inpWrap = ByteBuffer.allocateDirect(appBufferMax + 50);
           this.outUnwrap = ByteBuffer.allocate(2 * netBufferMax);
           this.inpUnwrap = ByteBuffer.allocate(2 * netBufferMax);
           this.outUnwrap.limit(0);
           this.outUnwrap.limit(0);
           this.maxMessageSize = appBufferMax;
           this.maxMessageSize = appBufferMax - 50 + delta;
           this.engine = engine;
           this.fsmWorkers = fsmWorkers;
-...
                 break;
              case BUFFER_OVERFLOW:
                 throw new IllegalStateException("failed to wrap");
                 throw new IllegalStateException("failed to wrap - buffer overflow");
              case CLOSED:
                 this.onClosed();
-...
                 return false;
              case BUFFER_OVERFLOW:
                 throw new IllegalStateException("failed to unwrap");
                 throw new IllegalStateException("failed to unwrap - buffer overflow");
              case BUFFER_UNDERFLOW:
                 return false;

     ** Module   : SessionManager.java
     ** Abstract : Abstract base class for session management
     **
     ** Copyright (c) 2007-2021, Golden Code Development Corporation.
     ** Copyright (c) 2007-2022, Golden Code Development Corporation.
     **
     ** -#- -I- --Date-- --JPRM-- ---------------------------Description-------------------------------
     ** 001 ECF 20071101   @35865 Created initial version. Abstract base class
-...
     **     IAS 20210325          Added NIO configuration via BootstrapConfig
     **     IAS 20210505          Changed exception thrown on failed shutdown.
     **     IAS 20210827          Added allowed ciphers' filtering
     **     IAS 20220624          Added support for the configurable JCE/JSSE provider
     */
     /*
-...
               KeyStoreException,
               UnrecoverableKeyException,
               KeyManagementException,
               ConfigurationException
               ConfigurationException,
               NoSuchProviderException
+       {
           // detect if we must use TLS (by default we don't use TLS)
           boolean secure = bc.getBoolean("net", "connection", "secure", false);

     **     CA  20220405          Added authentication and authorization for web requests.  When this is enabled,
     **                           the target API call will be executed under the authenticated FWD context, and not
     **                           the agent's context.
     **     IAS 20220624          Added support for the Conscript JCE/JSSE provider
     */
     /*
-...
     import org.bouncycastle.jce.provider.*;
     import org.bouncycastle.jsse.provider.*;
     import org.conscrypt.*;
     import com.goldencode.expr.*;
     import com.goldencode.p2j.admin.*;
-...
              getSecureSocketContext();
+          }
           catch (UnrecoverableKeyException | KeyManagementException | NoSuchAlgorithmException
                 | KeyStoreException | ConfigurationException e)
                 | KeyStoreException | ConfigurationException | NoSuchProviderException e)
+          {
              throw new ConfigurationException("getSecureSocketContext()", e);
+          }
-...
               KeyStoreException,
               UnrecoverableKeyException,
               KeyManagementException,
               ConfigurationException
               ConfigurationException,
               NoSuchProviderException
+       {
           return getSecureSocketContext(cfg);
+       }
-...
               KeyStoreException,
               UnrecoverableKeyException,
               KeyManagementException,
               ConfigurationException
               ConfigurationException,
               NoSuchProviderException
+       {
           SSLContext ctx;
           if (config.getBoolean("security", "bouncycastle", "use", false) && BCProbe.bcFound)
           String provider = config.getConfigItem("security", "provider", "name");
           if (provider == null)
+          {
              ctx = SSLContext.getInstance("TLS");
+          }
           else if ("bouncycastle".equals(provider) && BCProbe.bcFound)
+          {
              Security.insertProviderAt(BCHolder.JCE, 1);
              Security.insertProviderAt(BCHolder.JSSE, 2);
              ctx = SSLContext.getInstance("TLS", BCHolder.JSSE);
+          }
           else if ("conscrypt".equals(provider) && CSProbe.csFound)
+          {
              Security.insertProviderAt(CSHolder.SSL, 1);
              ctx = SSLContext.getInstance("TLS", "Conscrypt");
+          }
           else
+          {
              ctx = SSLContext.getInstance("TLS");
              throw new IllegalStateException("Unknown security provider name: [" + provider + "]");
+          }
           // configure the SSL environment with our custom keys/certs
           TransportSecurity ts = getTransportSecurity(config);
-...
+       }
        /**
         * Conscrypt provider holder. Will be initialized only when referenced.
         */
        public static class CSHolder
+       {
           /** provider */
           public static final Provider SSL = new OpenSSLProvider();
+       }
        /**
         * BouncyCastle presence flag holder holder. Will be initialized only when referenced.
         */
        public static class BCProbe
-...
+       }
        /**
         * Conscrypt presence flag holder holder. Will be initialized only when referenced.
         */
        public static class CSProbe
+       {
           /** Logger */
           private static final Logger LOG = LogHelper.getLogger(BCProbe.class.getName());
           /** BouncyCastle presence flag */
           public static final boolean csFound = isCSFound();
           /**
            * Check if BouncyCastle JCE/JSSE present in the classpath
+           *
            * @return <code>true</code> if BouncyCastle JCE/JSSE found in the classpath
            */
           private static boolean isCSFound()
+          {
              try
+             {
                 Class.forName("org.conscrypt.OpenSSLProvider");
                 return true;
+             }
              catch (ClassNotFoundException e)
+             {
                 LOG.warning("Conscrypt SSL provider not found. Default one will be used");
                 return false;
+             }
+         }
+       }
        /**
         * A thread inheriting the FWD server context, used to perform authentication and authorization work for
         * web requests.
         */

Project

General

Profile

FWD » Core Development » Runtime Infrastructure