Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security enhancement for the JTOpen library #200

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Security enhancement for the JTOpen library #200

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
65577cc
Security enhancement for the JTOpen library
MarcelRomijn Aug 27, 2024
b934120
Merge JTOpen branch 'main' into branch 'feature/security'
MarcelRomijn Sep 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions src/main/java/com/ibm/as400/access/AS400.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@
import java.util.TimeZone;
import java.util.Vector;

import javax.net.ssl.SSLSocketFactory;

import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;

Expand Down Expand Up @@ -5873,4 +5875,18 @@ public void setEnabledCipherSuites(String[] suites)
// ======== END =================
// Previous chunk of code moved from SecureAS400
// ======== END =================

/**
* Set the {@link SSLSocketFactory} that will be used when making secure connections.
* <p>
* <b>Note:</b>An exception will be thrown if the AS400 object is not an instance of SecureAS400.
*
* @param sslSocketFactory the {@link SSLSocketFactory} to use
*/
public void setSSLSocketFactory(SSLSocketFactory sslSocketFactory)
{
ensureSecureInstance();

useSSLConnection_.sslSocketFactory_ = sslSocketFactory;
}
}
9 changes: 9 additions & 0 deletions src/main/java/com/ibm/as400/access/AS400JDBCDriver.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@
import java.sql.SQLFeatureNotSupportedException;
import java.sql.Statement;
import java.util.logging.Logger;

import javax.net.ssl.SSLSocketFactory;

/* endif */
import java.util.Properties;
import java.util.MissingResourceException;
Expand Down Expand Up @@ -123,6 +126,8 @@ public class AS400JDBCDriver
static final String DATABASE_PRODUCT_NAME_ = "DB2 UDB for AS/400"; // @D0A
static final String DRIVER_NAME_ = "AS/400 Toolbox for Java JDBC Driver"; // @D0C @C5C @C6C
static final String DRIVER_LEVEL_ = Copyright.DRIVER_LEVEL;

public static final String PROPERTY_SSL_SOCKET_FACTORY = "property.ssl-socket-factory";

/* ifdef JDBC40 */
public static final int JDBC_MAJOR_VERSION_ = 4; // JDBC spec version: 4.0
Expand Down Expand Up @@ -1186,6 +1191,10 @@ else if (clearPassword == null)
as400 = AS400.newInstance(secure, serverName, userName);
else
as400 = AS400.newInstance(secure, serverName, userName, clearPassword, additionalAuthenticationFactor);
Object sslSocketFactoryObject = jdProperties.getOriginalInfo().get(PROPERTY_SSL_SOCKET_FACTORY);
if ((sslSocketFactoryObject != null) && (sslSocketFactoryObject instanceof SSLSocketFactory)) {
as400.setSSLSocketFactory((SSLSocketFactory) sslSocketFactoryObject);
}
}
catch (AS400SecurityException e)
{
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/com/ibm/as400/access/PortMapper.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@ static SocketContainer getServerSocket(String systemName,
if (Trace.traceOn_) Trace.log(Trace.DIAGNOSTIC, "Starting a secure socket to " + serviceName);
{ // JSSE is supported since v5r4.
sc = (SocketContainer)AS400.loadImpl("com.ibm.as400.access.SocketContainerJSSE");
sc.setProperties(socket, null, systemName, srvPort, null);
sc.setProperties(socket, null, systemName, srvPort, useSSL);
}
}
else
Expand Down
3 changes: 3 additions & 0 deletions src/main/java/com/ibm/as400/access/SSLOptions.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@

import java.io.Serializable;

import javax.net.ssl.SSLSocketFactory;

// Class to move SSL configuration options from proxy client to proxy server.
class SSLOptions implements Serializable
{
Expand Down Expand Up @@ -47,4 +49,5 @@ class SSLOptions implements Serializable
int proxyEncryptionMode_ = SecureAS400.CLIENT_TO_SERVER;
// Sslight removed
boolean useSslight_ = false;
SSLSocketFactory sslSocketFactory_ = null;
}
2 changes: 1 addition & 1 deletion src/main/java/com/ibm/as400/access/SocketContainerJSSE.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ void setProperties(Socket socket, String serviceName, String systemName, int por
{
if (Trace.isTraceOn()) Trace.log(Trace.DIAGNOSTIC, "SocketContainerJSSE: create SSLSocket");

SSLSocketFactory sslFactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocketFactory sslFactory = ((options != null) && (options.sslSocketFactory_ != null)) ? options.sslSocketFactory_ : (SSLSocketFactory)SSLSocketFactory.getDefault();
sslSocket_ = (SSLSocket)sslFactory.createSocket(socket, systemName, port, true);
//@P4A START
if(SecureAS400.changeCipherSuites)
Expand Down