directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1205532 - in /directory: apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/ shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/
Date Wed, 23 Nov 2011 18:34:53 GMT
Author: elecharny
Date: Wed Nov 23 18:34:52 2011
New Revision: 1205532

URL: http://svn.apache.org/viewvc?rev=1205532&view=rev
Log:
Fix applied for DIRAPI-47 : the connection is now closed when we get an exception during the
SSL handshake (and even when we get an other exception), and the writeRequest( request ) method
does not block forever (waiting for the timeout) as we check that the session is still valid
every 100ms.

This is a *ugly* hack, but we have no other solution until we can switch to MINA 3, with a
better SSL handling.

Modified:
    directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java
    directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java

Modified: directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java?rev=1205532&r1=1205531&r2=1205532&view=diff
==============================================================================
--- directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java
(original)
+++ directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java
Wed Nov 23 18:34:52 2011
@@ -27,12 +27,11 @@ import static org.junit.Assert.assertTru
 import java.io.IOException;
 import java.util.List;
 
-import javax.naming.ConfigurationException;
-
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.apache.directory.ldap.client.api.LdapConnectionConfig;
 import org.apache.directory.ldap.client.api.LdapNetworkConnection;
 import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
+import org.apache.directory.ldap.client.api.exception.InvalidConnectionException;
 import org.apache.directory.server.annotations.CreateLdapServer;
 import org.apache.directory.server.annotations.CreateTransport;
 import org.apache.directory.server.annotations.SaslMechanism;
@@ -53,7 +52,7 @@ import org.junit.runner.RunWith;
 
 
 /**
- * Test the LdapConnection class by enabling SSL and StartTLS one after the other 
+ * Test the LdapConnection class by enabling SSL and StartTLS one after the other
  * (using both in the same test class saves the time required to start/stop another server
for StartTLS)
  * 
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
@@ -61,23 +60,23 @@ import org.junit.runner.RunWith;
 
 @RunWith(FrameworkRunner.class)
 @CreateLdapServer(transports =
-    { 
+    {
         @CreateTransport(protocol = "LDAP"),
-        @CreateTransport(protocol = "LDAPS") 
-    }, 
-    saslHost = "localhost", 
+        @CreateTransport(protocol = "LDAPS")
+    },
+    saslHost = "localhost",
     saslMechanisms =
-    { 
+    {
         @SaslMechanism(name = SupportedSaslMechanisms.PLAIN, implClass = PlainMechanismHandler.class),
         @SaslMechanism(name = SupportedSaslMechanisms.CRAM_MD5, implClass = CramMd5MechanismHandler.class),
         @SaslMechanism(name = SupportedSaslMechanisms.DIGEST_MD5, implClass = DigestMd5MechanismHandler.class),
         @SaslMechanism(name = SupportedSaslMechanisms.GSSAPI, implClass = GssapiMechanismHandler.class),
         @SaslMechanism(name = SupportedSaslMechanisms.NTLM, implClass = NtlmMechanismHandler.class),
         @SaslMechanism(name = SupportedSaslMechanisms.GSS_SPNEGO, implClass = NtlmMechanismHandler.class)
-    }, 
+    },
     extendedOpHandlers =
-    { 
-        StartTlsHandler.class 
+    {
+        StartTlsHandler.class
     })
 public class LdapSSLConnectionTest extends AbstractLdapTestUnit
 {
@@ -140,7 +139,7 @@ public class LdapSSLConnectionTest exten
         assertFalse( controlList.isEmpty() );
 
         connection.close();
-    }    
+    }
     
     
     /**
@@ -201,4 +200,18 @@ public class LdapSSLConnectionTest exten
         connection.startTls();
     }
 
+    @Test( expected = InvalidConnectionException.class )
+    public void testStallingSsl() throws Exception
+    {
+        LdapConnectionConfig sslConfig = new LdapConnectionConfig();
+        sslConfig.setLdapHost( "localhost" );
+        sslConfig.setUseSsl( true );
+        sslConfig.setLdapPort( getLdapServer().getPortSSL() );
+        //sslConfig.setTrustManagers( new NoVerificationTrustManager() );
+
+        LdapNetworkConnection connection = new LdapNetworkConnection( sslConfig );
+
+        // We should get an exception here, as we don't have a trustManager defined
+        connection.bind();
+    }
 }

Modified: directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java?rev=1205532&r1=1205531&r2=1205532&view=diff
==============================================================================
--- directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
(original)
+++ directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
Wed Nov 23 18:34:52 2011
@@ -112,6 +112,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.model.message.ModifyRequest;
 import org.apache.directory.shared.ldap.model.message.ModifyRequestImpl;
 import org.apache.directory.shared.ldap.model.message.ModifyResponse;
+import org.apache.directory.shared.ldap.model.message.Request;
 import org.apache.directory.shared.ldap.model.message.Response;
 import org.apache.directory.shared.ldap.model.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.model.message.SearchRequest;
@@ -230,6 +231,9 @@ public class LdapNetworkConnection exten
 
     /** the SslFilter key */
     private static final String SSL_FILTER_KEY = "sslFilter";
+    
+    /** The exception stored in the session if we've got one */
+    private static final String EXCEPTION_KEY = "sessionException";
 
     /** the StartTLS extended operation's OID */
     private static final String START_TLS_REQ_OID = "1.3.6.1.4.1.1466.20037";
@@ -523,8 +527,10 @@ public class LdapNetworkConnection exten
 
         // Wait until it's established
         connectionFuture.awaitUninterruptibly();
+        
+        boolean isConnected = connectionFuture.isConnected();
 
-        if ( !connectionFuture.isConnected() )
+        if ( !isConnected )
         {
             // disposing connector if not connected
             try
@@ -822,16 +828,7 @@ public class LdapNetworkConnection exten
         addToFutureMap( newId, addFuture );
 
         // Send the request to the server
-        WriteFuture writeFuture = ldapSession.write( addRequest );
-
-        // Wait for the message to be sent to the server
-        if ( !writeFuture.awaitUninterruptibly( timeout ) )
-        {
-            // We didn't received anything : this is an error
-            LOG.error( "Add failed : timeout occured" );
-
-            throw new LdapException( TIME_OUT_ERROR );
-        }
+        writeRequest( addRequest );
 
         // Ok, done return the future
         return addFuture;
@@ -1305,7 +1302,7 @@ public class LdapNetworkConnection exten
 
         addToFutureMap( newId, bindFuture );
 
-        writeBindRequest( bindRequest );
+        writeRequest( bindRequest );
 
         // Ok, done return the future
         return bindFuture;
@@ -1691,18 +1688,9 @@ public class LdapNetworkConnection exten
         addToFutureMap( searchRequest.getMessageId(), searchFuture );
 
         // Send the request to the server
-        WriteFuture writeFuture = ldapSession.write( searchRequest );
+        writeRequest( searchRequest );
 
-        // Wait for the message to be sent to the server
-        if ( !writeFuture.awaitUninterruptibly( timeout ) )
-        {
-            // We didn't received anything : this is an error
-            LOG.error( "Search failed : timeout occured" );
-
-            throw new LdapException( TIME_OUT_ERROR );
-        }
-
-        // Chekc that the future hasn't be canceled
+        // Check that the future hasn't be canceled
         if ( searchFuture.isCancelled() )
         {
             // Thow an exception here
@@ -1826,6 +1814,7 @@ public class LdapNetworkConnection exten
     public void exceptionCaught( IoSession session, Throwable cause ) throws Exception
     {
         LOG.warn( cause.getMessage(), cause );
+        session.setAttribute( EXCEPTION_KEY, cause );
 
         if ( cause instanceof ProtocolEncoderException )
         {
@@ -1840,10 +1829,8 @@ public class LdapNetworkConnection exten
                 response.setCause( realCause );
             }
         }
-        else
-        {
-            cause.printStackTrace();
-        }
+        
+        session.close( true );
     }
 
 
@@ -2365,16 +2352,7 @@ public class LdapNetworkConnection exten
         addToFutureMap( newId, modifyFuture );
 
         // Send the request to the server
-        WriteFuture writeFuture = ldapSession.write( modRequest );
-
-        // Wait for the message to be sent to the server
-        if ( !writeFuture.awaitUninterruptibly( timeout ) )
-        {
-            // We didn't received anything : this is an error
-            LOG.error( "Modify failed : timeout occured" );
-
-            throw new LdapException( TIME_OUT_ERROR );
-        }
+        writeRequest( modRequest );
 
         // Ok, done return the future
         return modifyFuture;
@@ -2679,16 +2657,7 @@ public class LdapNetworkConnection exten
         addToFutureMap( newId, modifyDnFuture );
 
         // Send the request to the server
-        WriteFuture writeFuture = ldapSession.write( modDnRequest );
-
-        // Wait for the message to be sent to the server
-        if ( !writeFuture.awaitUninterruptibly( timeout ) )
-        {
-            // We didn't received anything : this is an error
-            LOG.error( "Modify failed : timeout occured" );
-
-            throw new LdapException( TIME_OUT_ERROR );
-        }
+        writeRequest( modDnRequest );
 
         // Ok, done return the future
         return modifyDnFuture;
@@ -2878,16 +2847,7 @@ public class LdapNetworkConnection exten
         addToFutureMap( newId, deleteFuture );
 
         // Send the request to the server
-        WriteFuture writeFuture = ldapSession.write( deleteRequest );
-
-        // Wait for the message to be sent to the server
-        if ( !writeFuture.awaitUninterruptibly( timeout ) )
-        {
-            // We didn't received anything : this is an error
-            LOG.error( "Delete failed : timeout occured" );
-
-            throw new LdapException( TIME_OUT_ERROR );
-        }
+        writeRequest( deleteRequest );
 
         // Ok, done return the future
         return deleteFuture;
@@ -3068,16 +3028,7 @@ public class LdapNetworkConnection exten
         addToFutureMap( newId, compareFuture );
 
         // Send the request to the server
-        WriteFuture writeFuture = ldapSession.write( compareRequest );
-
-        // Wait for the message to be sent to the server
-        if ( !writeFuture.awaitUninterruptibly( timeout ) )
-        {
-            // We didn't received anything : this is an error
-            LOG.error( "Compare failed : timeout occured" );
-
-            throw new LdapException( TIME_OUT_ERROR );
-        }
+        writeRequest( compareRequest );
 
         // Ok, done return the future
         return compareFuture;
@@ -3222,16 +3173,7 @@ public class LdapNetworkConnection exten
         addToFutureMap( newId, extendedFuture );
 
         // Send the request to the server
-        WriteFuture writeFuture = ldapSession.write( extendedRequest );
-
-        // Wait for the message to be sent to the server
-        if ( !writeFuture.awaitUninterruptibly( timeout ) )
-        {
-            // We didn't received anything : this is an error
-            LOG.error( "Extended failed : timeout occured" );
-
-            throw new LdapException( TIME_OUT_ERROR );
-        }
+        writeRequest( extendedRequest );
 
         // Ok, done return the future
         return extendedFuture;
@@ -3793,7 +3735,7 @@ public class LdapNetworkConnection exten
             SSLContext sslContext = SSLContext.getInstance( config.getSslProtocol() );
             sslContext.init( config.getKeyManagers(), config.getTrustManagers(), config.getSecureRandom()
);
 
-            SslFilter sslFilter = new SslFilter( sslContext );
+            SslFilter sslFilter = new SslFilter( sslContext, true );
             sslFilter.setUseClientMode( true );
             sslFilter.setEnabledCipherSuites( config.getEnabledCipherSuites() );
 
@@ -3903,7 +3845,7 @@ public class LdapNetworkConnection exten
 
                 // Stores the challenge's response, and send it to the server
                 bindRequest.setCredentials( challengeResponse );
-                writeBindRequest( bindRequest );
+                writeRequest( bindRequest );
 
                 // Get the server's response, blocking
                 bindResponse = bindFuture.get( timeout, TimeUnit.MILLISECONDS );
@@ -3929,7 +3871,7 @@ public class LdapNetworkConnection exten
                 bindRequestCopy.setVersion3( bindRequest.getVersion3() );
                 bindRequestCopy.addAllControls( bindRequest.getControls().values().toArray(
new Control[0] ) );
 
-                writeBindRequest( bindRequestCopy );
+                writeRequest( bindRequestCopy );
 
                 bindResponse = bindFuture.get( timeout, TimeUnit.MILLISECONDS );
 
@@ -3963,7 +3905,7 @@ public class LdapNetworkConnection exten
 
                     addToFutureMap( newId, bindFuture );
 
-                    writeBindRequest( bindRequest );
+                    writeRequest( bindRequest );
 
                     bindResponse = bindFuture.get( timeout, TimeUnit.MILLISECONDS );
 
@@ -3992,24 +3934,56 @@ public class LdapNetworkConnection exten
             throw new LdapException( e );
         }
     }
-
-
+    
+    
     /**
      * a reusable code block to be used in various bind methods
      */
-    private void writeBindRequest( BindRequest bindRequest ) throws LdapException
+    private void writeRequest( Request request ) throws LdapException
     {
         // Send the request to the server
-        WriteFuture writeFuture = ldapSession.write( bindRequest );
+        WriteFuture writeFuture = ldapSession.write( request );
 
-        // Wait for the message to be sent to the server
-        if ( !writeFuture.awaitUninterruptibly( timeout ) )
+        long localTimeout = timeout;
+        
+        while ( localTimeout > 0 )
         {
-            // We didn't received anything : this is an error
-            LOG.error( "Bind failed : timeout occured" );
+            // Wait only 100 ms
+            boolean done = writeFuture.awaitUninterruptibly( 100 );
 
-            throw new LdapException( TIME_OUT_ERROR );
+            if ( done )
+            {
+                return;
+            }
+            
+            // Wait for the message to be sent to the server
+            if ( !ldapSession.isConnected() )
+            {
+                // We didn't received anything : this is an error
+                LOG.error( "Message failed : something wrong has occured" );
+                
+                Exception exception = (Exception)ldapSession.removeAttribute( EXCEPTION_KEY
);
+    
+                if ( exception != null )
+                {
+                    if ( exception instanceof LdapException )
+                    {
+                        throw (LdapException)exception;
+                    }
+                    else
+                    {
+                        throw new InvalidConnectionException( exception.getMessage() );
+                    }
+                }
+                
+                throw new InvalidConnectionException( "Error while sending some message :
the session has been closed" );
+            }
+            
+            localTimeout -= 100;
         }
+        
+        LOG.error( "TimeOut has occured" );
+        throw new LdapException( TIME_OUT_ERROR );
     }
 
 



Mime
View raw message