activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tab...@apache.org
Subject svn commit: r1399438 - /activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
Date Wed, 17 Oct 2012 21:17:46 GMT
Author: tabish
Date: Wed Oct 17 21:17:45 2012
New Revision: 1399438

URL: http://svn.apache.org/viewvc?rev=1399438&view=rev
Log:
fix for: https://issues.apache.org/jira/browse/AMQ-3996


Modified:
    activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java

Modified: activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
URL: http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java?rev=1399438&r1=1399437&r2=1399438&view=diff
==============================================================================
--- activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
(original)
+++ activemq/trunk/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
Wed Oct 17 21:17:45 2012
@@ -41,8 +41,12 @@ import org.apache.activemq.thread.TaskRu
 import org.apache.activemq.util.IOExceptionSupport;
 import org.apache.activemq.util.ServiceStopper;
 import org.apache.activemq.wireformat.WireFormat;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
-public class NIOSSLTransport extends NIOTransport  {
+public class NIOSSLTransport extends NIOTransport {
+
+    private static final Logger LOG = LoggerFactory.getLogger(NIOSSLTransport.class);
 
     protected boolean needClientAuth;
     protected boolean wantClientAuth;
@@ -79,15 +83,36 @@ public class NIOSSLTransport extends NIO
                 sslContext = SSLContext.getDefault();
             }
 
+            String remoteHost = null;
+            int remotePort = -1;
+
+            try {
+                URI remoteAddress = new URI(this.getRemoteAddress());
+                remoteHost = remoteAddress.getHost();
+                remotePort = remoteAddress.getPort();
+            } catch (Exception e) {
+            }
+
             // initialize engine, the initial sslSession we get will need to be
             // updated once the ssl handshake process is completed.
-            sslEngine = sslContext.createSSLEngine();
+            if (remoteHost != null && remotePort != -1) {
+                sslEngine = sslContext.createSSLEngine(remoteHost, remotePort);
+            } else {
+                sslEngine = sslContext.createSSLEngine();
+            }
+
             sslEngine.setUseClientMode(false);
             if (enabledCipherSuites != null) {
                 sslEngine.setEnabledCipherSuites(enabledCipherSuites);
             }
-            sslEngine.setNeedClientAuth(needClientAuth);
-            sslEngine.setWantClientAuth(wantClientAuth);
+
+            if (wantClientAuth) {
+                sslEngine.setWantClientAuth(wantClientAuth);
+            }
+
+            if (needClientAuth) {
+                sslEngine.setNeedClientAuth(needClientAuth);
+            }
 
             sslSession = sslEngine.getSession();
 
@@ -107,31 +132,31 @@ public class NIOSSLTransport extends NIO
         }
     }
 
-    protected void finishHandshake() throws Exception  {
-          if (handshakeInProgress) {
-              handshakeInProgress = false;
-              nextFrameSize = -1;
-
-              // Once handshake completes we need to ask for the now real sslSession
-              // otherwise the session would return 'SSL_NULL_WITH_NULL_NULL' for the
-              // cipher suite.
-              sslSession = sslEngine.getSession();
-
-              // listen for events telling us when the socket is readable.
-              selection = SelectorManager.getInstance().register(channel, new SelectorManager.Listener()
{
-                  public void onSelect(SelectorSelection selection) {
-                      serviceRead();
-                  }
-
-                  public void onError(SelectorSelection selection, Throwable error) {
-                      if (error instanceof IOException) {
-                          onException((IOException) error);
-                      } else {
-                          onException(IOExceptionSupport.create(error));
-                      }
-                  }
-              });
-          }
+    protected void finishHandshake() throws Exception {
+        if (handshakeInProgress) {
+            handshakeInProgress = false;
+            nextFrameSize = -1;
+
+            // Once handshake completes we need to ask for the now real sslSession
+            // otherwise the session would return 'SSL_NULL_WITH_NULL_NULL' for the
+            // cipher suite.
+            sslSession = sslEngine.getSession();
+
+            // listen for events telling us when the socket is readable.
+            selection = SelectorManager.getInstance().register(channel, new SelectorManager.Listener()
{
+                public void onSelect(SelectorSelection selection) {
+                    serviceRead();
+                }
+
+                public void onError(SelectorSelection selection, Throwable error) {
+                    if (error instanceof IOException) {
+                        onException((IOException) error);
+                    } else {
+                        onException(IOExceptionSupport.create(error));
+                    }
+                }
+            });
+        }
     }
 
     protected void serviceRead() {
@@ -143,7 +168,7 @@ public class NIOSSLTransport extends NIO
             ByteBuffer plain = ByteBuffer.allocate(sslSession.getApplicationBufferSize());
             plain.position(plain.limit());
 
-            while(true) {
+            while (true) {
                 if (!plain.hasRemaining()) {
 
                     if (status == SSLEngineResult.Status.OK && handshakeStatus !=
SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
@@ -153,12 +178,11 @@ public class NIOSSLTransport extends NIO
                     }
                     int readCount = secureRead(plain);
 
-
                     if (readCount == 0)
                         break;
 
                     // channel is closed, cleanup
-                    if (readCount== -1) {
+                    if (readCount == -1) {
                         onException(new EOFException());
                         selection.close();
                         break;
@@ -181,7 +205,8 @@ public class NIOSSLTransport extends NIO
         if (wireFormat instanceof OpenWireFormat) {
             long maxFrameSize = ((OpenWireFormat) wireFormat).getMaxFrameSize();
             if (nextFrameSize > maxFrameSize) {
-                throw new IOException("Frame size of " + (nextFrameSize / (1024 * 1024))
+ " MB larger than max allowed " + (maxFrameSize / (1024 * 1024)) + " MB");
+                throw new IOException("Frame size of " + (nextFrameSize / (1024 * 1024))
+
+                                       " MB larger than max allowed " + (maxFrameSize / (1024
* 1024)) + " MB");
             }
         }
         currentBuffer = ByteBuffer.allocate(nextFrameSize + 4);
@@ -213,8 +238,7 @@ public class NIOSSLTransport extends NIO
 
             if (bytesRead == -1) {
                 sslEngine.closeInbound();
-                if (inputBuffer.position() == 0 ||
-                        status == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
+                if (inputBuffer.position() == 0 || status == SSLEngineResult.Status.BUFFER_UNDERFLOW)
{
                     return -1;
                 }
             }
@@ -226,18 +250,17 @@ public class NIOSSLTransport extends NIO
         SSLEngineResult res;
         do {
             res = sslEngine.unwrap(inputBuffer, plain);
-        } while (res.getStatus() == SSLEngineResult.Status.OK &&
-                res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_UNWRAP &&
-                res.bytesProduced() == 0);
+        } while (res.getStatus() == SSLEngineResult.Status.OK && res.getHandshakeStatus()
== SSLEngineResult.HandshakeStatus.NEED_UNWRAP
+                && res.bytesProduced() == 0);
 
         if (res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED) {
-           finishHandshake();
+            finishHandshake();
         }
 
         status = res.getStatus();
         handshakeStatus = res.getHandshakeStatus();
 
-        //TODO deal with BUFFER_OVERFLOW
+        // TODO deal with BUFFER_OVERFLOW
 
         if (status == SSLEngineResult.Status.CLOSED) {
             sslEngine.closeInbound();
@@ -254,22 +277,22 @@ public class NIOSSLTransport extends NIO
         handshakeInProgress = true;
         while (true) {
             switch (sslEngine.getHandshakeStatus()) {
-                case NEED_UNWRAP:
-                    secureRead(ByteBuffer.allocate(sslSession.getApplicationBufferSize()));
-                    break;
-                case NEED_TASK:
-                    Runnable task;
-                    while ((task = sslEngine.getDelegatedTask()) != null) {
-                        taskRunnerFactory.execute(task);
-                    }
-                    break;
-                case NEED_WRAP:
-                    ((NIOOutputStream)buffOut).write(ByteBuffer.allocate(0));
-                    break;
-                case FINISHED:
-                case NOT_HANDSHAKING:
-                    finishHandshake();
-                    return;
+            case NEED_UNWRAP:
+                secureRead(ByteBuffer.allocate(sslSession.getApplicationBufferSize()));
+                break;
+            case NEED_TASK:
+                Runnable task;
+                while ((task = sslEngine.getDelegatedTask()) != null) {
+                    taskRunnerFactory.execute(task);
+                }
+                break;
+            case NEED_WRAP:
+                ((NIOOutputStream) buffOut).write(ByteBuffer.allocate(0));
+                break;
+            case FINISHED:
+            case NOT_HANDSHAKING:
+                finishHandshake();
+                return;
             }
         }
     }
@@ -295,14 +318,15 @@ public class NIOSSLTransport extends NIO
     }
 
     /**
-     * Overriding in order to add the client's certificates to ConnectionInfo Commmands.
+     * Overriding in order to add the client's certificates to ConnectionInfo Commands.
      *
-     * @param command The Command coming in.
+     * @param command
+     *            The Command coming in.
      */
     @Override
     public void doConsume(Object command) {
         if (command instanceof ConnectionInfo) {
-            ConnectionInfo connectionInfo = (ConnectionInfo)command;
+            ConnectionInfo connectionInfo = (ConnectionInfo) command;
             connectionInfo.setTransportContext(getPeerCertificates());
         }
         super.doConsume(command);
@@ -315,10 +339,13 @@ public class NIOSSLTransport extends NIO
 
         X509Certificate[] clientCertChain = null;
         try {
-            if (sslSession != null) {
-                clientCertChain = (X509Certificate[])sslSession.getPeerCertificates();
+            if (sslEngine.getSession() != null) {
+                clientCertChain = (X509Certificate[]) sslEngine.getSession().getPeerCertificates();
             }
         } catch (SSLPeerUnverifiedException e) {
+            if (LOG.isTraceEnabled()) {
+                LOG.trace("Failed to get peer certificates.", e);
+            }
         }
 
         return clientCertChain;



Mime
View raw message