check that subject did not change since creating SSLSocketFactory in GMS... (a0efe6ae) · Commits · OATS-CADC / ac

projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/GMSClient.java

+29 −11

Original line number	Diff line number	Diff line
		@@ -115,7 +115,8 @@ public class GMSClient
		private static final Logger log = Logger.getLogger(GMSClient.class);

		// socket factory to use when connecting
		public SSLSocketFactory sslSocketFactory;
		private SSLSocketFactory sslSocketFactory;
		private SSLSocketFactory mySocketFactory;

		private String baseURL;

		@@ -947,23 +948,40 @@ public class GMSClient
		*/
		public void setSSLSocketFactory(SSLSocketFactory sslSocketFactory)
		{
		if (mySocketFactory != null)
		throw new IllegalStateException("Illegal use of GMSClient: "
		+ "cannot set SSLSocketFactory after using one created from Subject");
		this.sslSocketFactory = sslSocketFactory;
		}

		/**
		* @return the sslSocketFactory
		*/
		private int subjectHashCode = 0;
		private SSLSocketFactory getSSLSocketFactory()
		{
		if (this.sslSocketFactory == null)
		{
		log.debug("initHTTPS: lazy init");
		AccessControlContext ac = AccessController.getContext();
		Subject s = Subject.getSubject(ac);
		this.sslSocketFactory = SSLUtil.getSocketFactory(s);
		log.debug("Socket Factory: " + this.sslSocketFactory);

		// no real Subject: can only use the one from setSSLSocketFactory
		if (s == null \|\| s.getPrincipals().isEmpty())
		{
		return sslSocketFactory;
		}

		// lazy init
		if (this.mySocketFactory == null)
		{
		log.debug("getSSLSocketFactory: " + s);
		this.mySocketFactory = SSLUtil.getSocketFactory(s);
		this.subjectHashCode = s.hashCode();
		}
		else
		{
		int c = s.hashCode();
		if (c != subjectHashCode)
		throw new IllegalStateException("Illegal use of "
		+ this.getClass().getSimpleName()
		+ ": subject change not supported for internal SSLSocketFactory");
		}
		return this.sslSocketFactory;
		return this.mySocketFactory;
		}

		protected void clearCache()