Projects tigase _server server-core Issues #583
Refactor SSLContextContainer and it's usage (#583)
Andrzej Wójcik (Tigase) opened 9 years ago
Due Date
2016-03-03

We need to refactor SSLContextContainer and classes using it as some components (ie. S2S, C2S, WS2S) needs to have different configuration/instances of SSLContext for same domain.

Currently there is implementation inside SSLContextContainer which keeps all this cached instances and ensures they are separated but this is complicated already and it will be better to refactor SSLContextContainer and it's usage to make it simpler and better.

During refactoring I think we need to forget about singleton instance of SSLContextContainer and split it so we will get:

  • one singleton instance keeping server certificates for each hosted domains

  • many SSLContext caching instances inside each component which requires to retrieve SSLContext

Andrzej Wójcik (Tigase) commented 9 years ago

I finished refactoring of SSLContextContainer in Tigase XMPP Server by:

  • spliting loading and handling of SSL certificates to CertificateContainer class

  • separation of root @SSLContextContainer@ responsible for caching SSLContext instances when no custom TrustManager is passed

  • creation of SSLContextContainer instances per ConnectionManager@, which will hold @SSLContext instances when custom TrustManager is passed (if not it will forward request to root instance of @SSLContextContainer@)

Due to that implementation of each class is simpler and easier to maintain and better fits requirements. From now on it will be possible to change configuration of SSLContext used by particular implementation of ConnectionManager by providing custom implementation of SSLContextContainer for particular connection manager.

I also removed SNISSLContextContainer for version 7.2.0-SNAPSHOT as I moved this feature to CertificateContainter and added new configuration option:

basic-conf/sni-disable[B]=true

to disable SNI support.

Still need to adjust PEMSSLContextContainer implementation in tigase-extras project.

Andrzej Wójcik (Tigase) commented 9 years ago

I removed PEMSSLContextContainer as it was not needed after refactoring and added PEMCertificateContainer instead which implements this functionality in new way.

Updated documentation to match changes.

issue 1 of 1
Type
Task
Priority
Normal
Assignee
RedmineID
3610
Version
tigase-server-8.0.0
Estimation
10h
Spent time
73h 30m
Issue Votes (0)
Watchers (0)
Reference
tigase/_server/server-core#583
Please wait...
Page is in error, reload to recover