qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rgodf...@apache.org
Subject svn commit: r1557782 - in /qpid/trunk/qpid/java: broker-core/src/main/java/org/apache/qpid/server/model/adapter/ broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/
Date Mon, 13 Jan 2014 17:32:18 GMT
Author: rgodfrey
Date: Mon Jan 13 17:32:17 2014
New Revision: 1557782

URL: http://svn.apache.org/r1557782
Log:
QPID-5459 : [Java Broker] add secure websocket support to the broker, including ssl client
auth

Modified:
    qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AmqpPortAdapter.java
    qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/PortFactory.java
    qpid/trunk/qpid/java/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
    qpid/trunk/qpid/java/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketTransportProviderFactory.java

Modified: qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AmqpPortAdapter.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AmqpPortAdapter.java?rev=1557782&r1=1557781&r2=1557782&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AmqpPortAdapter.java
(original)
+++ qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/AmqpPortAdapter.java
Mon Jan 13 17:32:17 2014
@@ -82,7 +82,7 @@ public class AmqpPortAdapter extends Por
         }
 
         SSLContext sslContext = null;
-        if (transports.contains(Transport.SSL))
+        if (transports.contains(Transport.SSL) || transports.contains(Transport.WSS))
         {
             sslContext = createSslContext();
         }

Modified: qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/PortFactory.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/PortFactory.java?rev=1557782&r1=1557781&r2=1557782&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/PortFactory.java
(original)
+++ qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/PortFactory.java
Mon Jan 13 17:32:17 2014
@@ -111,7 +111,7 @@ public class PortFactory
                 throw new IllegalConfigurationException("Can't create port which requests
SSL client certificates but has no trust stores configured.");
             }
 
-            if(useClientAuth && !port.getTransports().contains(Transport.SSL))
+            if(useClientAuth && !(port.getTransports().contains(Transport.SSL) ||
port.getTransports().contains(Transport.WSS)))
             {
                 throw new IllegalConfigurationException("Can't create port which requests
SSL client certificates but doesn't use SSL transport.");
             }

Modified: qpid/trunk/qpid/java/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java?rev=1557782&r1=1557781&r2=1557782&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
(original)
+++ qpid/trunk/qpid/java/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketProvider.java
Mon Jan 13 17:32:17 2014
@@ -34,6 +34,7 @@ import org.apache.qpid.transport.network
 import org.eclipse.jetty.server.Connector;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.nio.SelectChannelConnector;
+import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
 import org.eclipse.jetty.server.ssl.SslSocketConnector;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
 import org.eclipse.jetty.websocket.WebSocket;
@@ -46,6 +47,9 @@ import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.nio.ByteBuffer;
 import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.Set;
 
 class WebSocketProvider implements AcceptingTransport
@@ -97,7 +101,8 @@ class WebSocketProvider implements Accep
         {
             SslContextFactory factory = new SslContextFactory();
             factory.setSslContext(_sslContext);
-            connector = new SslSocketConnector(factory);
+            factory.setNeedClientAuth(true);
+            connector = new SslSelectChannelConnector(factory);
         }
         else
         {
@@ -116,9 +121,21 @@ class WebSocketProvider implements Accep
             @Override
             public WebSocket doWebSocketConnect(final HttpServletRequest request, final String
protocol)
             {
+
+                Principal principal = null;
+                if(Collections.list(request.getAttributeNames()).contains("javax.servlet.request.X509Certificate"))
+                {
+                    X509Certificate[] certificates =
+                            (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
+                    if(certificates != null && certificates.length != 0)
+                    {
+                        principal = certificates[0].getSubjectDN();
+                    }
+                }
+
                 SocketAddress remoteAddress = new InetSocketAddress(request.getRemoteHost(),
request.getRemotePort());
                 SocketAddress localAddress = new InetSocketAddress(request.getLocalName(),
request.getLocalPort());
-                return AMQP_WEBSOCKET_SUBPROTOCOL.equals(protocol) ? new AmqpWebSocket(_transport,
localAddress, remoteAddress) : null;
+                return AMQP_WEBSOCKET_SUBPROTOCOL.equals(protocol) ? new AmqpWebSocket(_transport,
localAddress, remoteAddress, principal) : null;
             }
         };
 
@@ -144,17 +161,20 @@ class WebSocketProvider implements Accep
     {
         private final SocketAddress _localAddress;
         private final SocketAddress _remoteAddress;
+        private final Principal _userPrincipal;
         private Connection _connection;
         private final Transport _transport;
         private ProtocolEngine _engine;
 
         private AmqpWebSocket(final Transport transport,
                               final SocketAddress localAddress,
-                              final SocketAddress remoteAddress)
+                              final SocketAddress remoteAddress,
+                              final Principal userPrincipal)
         {
             _transport = transport;
             _localAddress = localAddress;
             _remoteAddress = remoteAddress;
+            _userPrincipal = userPrincipal;
         }
 
         @Override
@@ -170,7 +190,9 @@ class WebSocketProvider implements Accep
 
             _engine = _factory.newProtocolEngine();
 
-            final NetworkConnection connectionWrapper = new ConnectionWrapper(connection,
_localAddress, _remoteAddress);
+            final ConnectionWrapper connectionWrapper =
+                    new ConnectionWrapper(connection, _localAddress, _remoteAddress);
+            connectionWrapper.setPeerPrincipal(_userPrincipal);
             _engine.setNetworkConnection(connectionWrapper, connectionWrapper.getSender());
 
         }
@@ -190,6 +212,7 @@ class WebSocketProvider implements Accep
         private Principal _principal;
         private int _maxWriteIdle;
         private int _maxReadIdle;
+        private Principal _peerPrincipal;
 
         public ConnectionWrapper(final WebSocket.Connection connection,
                                  final SocketAddress localAddress,
@@ -270,7 +293,6 @@ class WebSocketProvider implements Accep
         @Override
         public Principal getPeerPrincipal()
         {
-            //TODO: how do we populate this?
             return _principal;
         }
 
@@ -285,5 +307,10 @@ class WebSocketProvider implements Accep
         {
             return _maxWriteIdle;
         }
+
+        void setPeerPrincipal(final Principal peerPrincipal)
+        {
+            _peerPrincipal = peerPrincipal;
+        }
     }
 }

Modified: qpid/trunk/qpid/java/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketTransportProviderFactory.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketTransportProviderFactory.java?rev=1557782&r1=1557781&r2=1557782&view=diff
==============================================================================
--- qpid/trunk/qpid/java/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketTransportProviderFactory.java
(original)
+++ qpid/trunk/qpid/java/broker-plugins/websocket/src/main/java/org/apache/qpid/server/transport/websocket/WebSocketTransportProviderFactory.java
Mon Jan 13 17:32:17 2014
@@ -24,8 +24,10 @@ import org.apache.qpid.server.model.Tran
 import org.apache.qpid.server.plugin.TransportProviderFactory;
 import org.apache.qpid.server.transport.TransportProvider;
 
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.EnumSet;
+import java.util.HashSet;
 import java.util.Set;
 
 public class WebSocketTransportProviderFactory implements TransportProviderFactory
@@ -36,7 +38,8 @@ public class WebSocketTransportProviderF
     @Override
     public Set<Set<Transport>> getSupportedTransports()
     {
-        return Collections.singleton((Set<Transport>)EnumSet.of(Transport.WS));
+        return new HashSet<Set<Transport>>(Arrays.asList(EnumSet.of(Transport.WS),
+                                                         EnumSet.of(Transport.WSS)));
     }
 
     @Override



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message