check that subject did not change since creating SSLSocketFactory in GMS...

check that subject did not change since creating SSLSocketFactory in GMS clients, change VOSpaceAuthorizer to call both CADC and CANFAR GMS services

check that subject did not change since creating SSLSocketFactory in GMS...
a0efe6ae · Patrick Dowler · 14662ab5 · a0efe6ae
Commit a0efe6ae authored 10 years ago by Patrick Dowler
--- a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
+++ b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java
@@ -115,7 +115,8 @@ public class GMSClient
    private static final Logger log = Logger.getLogger(GMSClient.class);
    
    // socket factory to use when connecting
-    public SSLSocketFactory sslSocketFactory;
+    private SSLSocketFactory sslSocketFactory;
+    private SSLSocketFactory mySocketFactory;
    
    private String baseURL;

@@ -947,23 +948,40 @@ public class GMSClient
     */
    public void setSSLSocketFactory(SSLSocketFactory sslSocketFactory)
    {
+        if (mySocketFactory != null)
+            throw new IllegalStateException("Illegal use of GMSClient: "
+                    + "cannot set SSLSocketFactory after using one created from Subject");
        this.sslSocketFactory = sslSocketFactory;
    }
    
-    /**
-     * @return the sslSocketFactory
-     */
+    private int subjectHashCode = 0;
    private SSLSocketFactory getSSLSocketFactory()
    {
-        if (this.sslSocketFactory == null)
+        AccessControlContext ac = AccessController.getContext();
+        Subject s = Subject.getSubject(ac);
+        
+        // no real Subject: can only use the one from setSSLSocketFactory
+        if (s == null || s.getPrincipals().isEmpty())
+        {
+            return sslSocketFactory;
+        }
+        
+        // lazy init
+        if (this.mySocketFactory == null)
+        {
+            log.debug("getSSLSocketFactory: " + s);
+            this.mySocketFactory = SSLUtil.getSocketFactory(s);
+            this.subjectHashCode = s.hashCode();
+        }
+        else
        {
-            log.debug("initHTTPS: lazy init");
-            AccessControlContext ac = AccessController.getContext();
-            Subject s = Subject.getSubject(ac);
-            this.sslSocketFactory = SSLUtil.getSocketFactory(s);
-            log.debug("Socket Factory: " + this.sslSocketFactory);
+            int c = s.hashCode();
+            if (c != subjectHashCode)
+                throw new IllegalStateException("Illegal use of " 
+                        + this.getClass().getSimpleName()
+                        + ": subject change not supported for internal SSLSocketFactory");
        }
-        return this.sslSocketFactory;
+        return this.mySocketFactory;
    }
    
    protected void clearCache()