ssl.py

kwall Wed, 12 Dec 2012 09:39:24 -0800

Author: kwall
Date: Wed Dec 12 17:38:59 2012
New Revision: 1420862

URL: http://svn.apache.org/viewvc?rev=1420862&view=rev
Log:
PROTON-136: Python changes for SSL session resumption. Modified Python wrapper 
and ssl to test use the new SSL api that accepts session_details


Applied patch from Philip Harvey<[email protected]>.

Modified:
    qpid/proton/branches/kgiusti-proton-136/proton-c/bindings/python/proton.py
    
qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/scripts/proton.py
    qpid/proton/branches/kgiusti-proton-136/tests/proton_tests/ssl.py

Modified: 
qpid/proton/branches/kgiusti-proton-136/proton-c/bindings/python/proton.py
URL: 
http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-c/bindings/python/proton.py?rev=1420862&r1=1420861&r2=1420862&view=diff
==============================================================================
--- qpid/proton/branches/kgiusti-proton-136/proton-c/bindings/python/proton.py 
(original)
+++ qpid/proton/branches/kgiusti-proton-136/proton-c/bindings/python/proton.py 
Wed Dec 12 17:38:59 2012
@@ -33,6 +33,8 @@ The proton APIs consist of the following
 from cproton import *
 import uuid
 
+LANGUAGE = "C"
+
 class Constant(object):
 
   def __init__(self, name):
@@ -2322,11 +2324,10 @@ class SSL(object):
     else:
       return err
 
-  def __init__(self, transport, domain=None, session_id=None):
+  def __init__(self, transport, domain=None, session_details=None):
     if domain:
-      if session_id:
-        session_id = str(session_id)
-      self._ssl = pn_ssl_new( domain._domain, transport._trans, session_id )
+      if session_details:
+      self._ssl = pn_ssl_new( domain._domain, transport._trans, 
session_details.get_session_id() )
     else:   # old api:
       self._ssl = pn_ssl(transport._trans)
     if self._ssl is None:
@@ -2378,11 +2379,53 @@ class SSL(object):
   def resume_status(self):
     return pn_ssl_resume_status( self._ssl )
 
+class SSLSessionDetails(object):
+  """ Unique identifier for the SSL session.  Used to resume previous session 
on a new
+  SSL connection.
+  """
+
+  def __init__(self, session_id):
+    self._session_id = session_id
+
+  def get_session_id(self):
+    return self.session_id
 
-__all__ = ["Messenger", "Message", "ProtonException", "MessengerException",
-           "MessageException", "Timeout", "Condition", "Data", "Endpoint",
-           "Connection", "Session", "Link", "Terminus", "Sender", "Receiver",
-           "Delivery", "Transport", "TransportException", "SASL", "SSL",
-           "SSLDomain", "Described", "Array", "symbol", "char", "timestamp",
-           "ulong", "UNDESCRIBED", "SSLUnavailable", "PN_SESSION_WINDOW",
-           "AUTOMATIC", "MANUAL", "PENDING", "ACCEPTED", "REJECTED"]
+__all__ = [
+           "LANGUAGE",
+           "PN_SESSION_WINDOW",
+           "ACCEPTED",
+           "AUTOMATIC",
+           "PENDING",
+           "MANUAL",
+           "REJECTED"
+           "UNDESCRIBED",
+           "Array",
+           "Condition",
+           "Connection",
+           "Data",
+           "Delivery",
+           "Described",
+           "Endpoint",
+           "Link",
+           "Message",
+           "MessageException",
+           "Messenger",
+           "MessengerException",
+           "ProtonException",
+           "Receiver",
+           "SASL",
+           "Sender",
+           "Session",
+           "SSL",
+           "SSLDomain",
+           "SSLSessionDetails",
+           "SSLUnavailable",
+           "Terminus",
+           "Timeout",
+           "Transport",
+           "TransportException",
+           "char",
+           "symbol",
+           "timestamp",
+           "ulong"
+           ]

Modified: 
qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/scripts/proton.py
URL: 
http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/scripts/proton.py?rev=1420862&r1=1420861&r2=1420862&view=diff
==============================================================================
--- 
qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/scripts/proton.py
 (original)
+++ 
qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/scripts/proton.py
 Wed Dec 12 17:38:59 2012
@@ -17,9 +17,12 @@
 #
 
 from uuid import UUID
-from org.apache.qpid.proton.engine import EndpointState, TransportException, 
Sasl, Ssl
+
+from org.apache.qpid.proton.engine import EndpointState, TransportException, 
Sasl, Ssl, SslPeerDetails
 from org.apache.qpid.proton.engine.impl import ConnectionImpl, SessionImpl, \
     SenderImpl, ReceiverImpl, TransportImpl
+from org.apache.qpid.proton.engine.impl.ssl import SslDomainImpl
+
 from org.apache.qpid.proton.message import Message as MessageImpl, \
     MessageFormat
 from org.apache.qpid.proton.type.messaging import Source, Target, Accepted
@@ -27,6 +30,8 @@ from org.apache.qpid.proton.type import 
 from jarray import zeros
 from java.util import EnumSet, UUID as JUUID
 
+LANGUAGE = "Java"
+
 class Skipped(Exception):
   skipped = True
 
@@ -705,6 +710,28 @@ class SSLException(Exception):
 class SSLUnavailable(SSLException):
   pass
 
+class SSLDomain(object):
+  def __init__(self, mode):
+    self._domain = SslDomainImpl()
+    self._domain.setMode(mode)
+
+  def set_credentials(self, cert_file, key_file, password):
+    self._domain.setCredentials(cert_file, key_file, password)
+
+  def set_trusted_ca_db(self, certificate_db):
+    self._domain.setTrustedCaDb(certificate_db)
+
+  def set_default_peer_authentication(self, verify_mode, trusted_CAs=None):
+    # PHTODO rename to setDefault...
+    self._domain.setPeerAuthentication(verify_mode)
+    if trusted_CAs is not None:
+      self._domain.setTrustedCaDb(trusted_CAs)
+
+class SSLSessionDetails(object):
+
+  def __init__(self, session_id):
+    self._session_details = SslPeerDetails(session_id, 1)
+
 class SSL(object):
 
   MODE_SERVER = Ssl.Mode.SERVER
@@ -712,12 +739,29 @@ class SSL(object):
   VERIFY_PEER = Ssl.VerifyMode.VERIFY_PEER
   ANONYMOUS_PEER = Ssl.VerifyMode.ANONYMOUS_PEER
 
-  def __init__(self,transport):
-    self._ssl = transport.impl.ssl()
+  def __init__(self, transport, domain=None, session_details=None):
+    # PHTODO is it ok to pass potentially null paramters in for domain and 
session_details?
+
+    internal_session_details = None
+    if session_details:
+      internal_session_details = session_details._session_details
+    
+    self._ssl = transport.impl.ssl(domain._domain, internal_session_details)
+    self._session_details = session_details
 
   def init(self, mode):
     self._ssl.init(mode)
 
+  def get_session_details(self):
+    return self._session_details
+
+  RESUME_REUSED = "unused-for-java"
+
+  def resume_status(self):
+    # Java has no way to determine if an SSL session is being reused
+    return SSL.RESUME_REUSED
+
+
   def set_credentials(self, cert_file,key_file,password):
     self._ssl.setCredentials(cert_file,key_file,password)
 
@@ -738,8 +782,31 @@ class SSL(object):
   def allow_unsecured_client(self):
      self._ssl.allowUnsecuredClient(True)
 
-__all__ = ["Messenger", "Message", "ProtonException", "MessengerException",
-           "MessageException", "Timeout", "Condition", "Data", "Endpoint",
-           "Connection", "Session", "Link", "Terminus", "Sender", "Receiver",
-           "Delivery", "Transport", "TransportException", "SASL", "SSL",
-           "SSLException", "SSLUnavailable", "PN_SESSION_WINDOW", "symbol"]
+__all__ = [
+           "LANGUAGE",
+           "PN_SESSION_WINDOW",
+           "Condition",
+           "Connection",
+           "Data",
+           "Delivery",
+           "Endpoint",
+           "Link",
+           "Message",
+           "MessageException",
+           "Messenger",
+           "MessengerException",
+           "ProtonException",
+           "Receiver",
+           "SASL",
+           "Sender",
+           "Session",
+           "SSL",
+           "SSLDomain",
+           "SSLException",
+           "SSLSessionDetails",
+           "SSLUnavailable",
+           "Terminus",
+           "Timeout",
+           "Transport",
+           "TransportException",
+           "symbol"]

Modified: qpid/proton/branches/kgiusti-proton-136/tests/proton_tests/ssl.py
URL: 
http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/tests/proton_tests/ssl.py?rev=1420862&r1=1420861&r2=1420862&view=diff
==============================================================================
--- qpid/proton/branches/kgiusti-proton-136/tests/proton_tests/ssl.py (original)
+++ qpid/proton/branches/kgiusti-proton-136/tests/proton_tests/ssl.py Wed Dec 
12 17:38:59 2012
@@ -42,7 +42,7 @@ class SslTest(common.Test):
     class SslTestConnection(object):
         """ Represents a single SSL connection.
         """
-        def __init__(self, domain=None, session_id=None):
+        def __init__(self, domain=None, session_details=None):
             try:
                 self.ssl = None
                 self.domain = domain
@@ -50,7 +50,7 @@ class SslTest(common.Test):
                 self.connection = Connection()
                 self.transport.bind(self.connection)
                 if domain:
-                    self.ssl = SSL( self.transport, self.domain, session_id )
+                    self.ssl = SSL( self.transport, self.domain, 
session_details )
             except SSLUnavailable, e:
                 raise Skipped(e)
 
@@ -364,8 +364,11 @@ class SslTest(common.Test):
         
self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem"))
         self.client_domain.set_default_peer_authentication( SSL.VERIFY_PEER )
 
+        # details will be used in initial and subsequent connections to allow 
session to be resumed
+        initial_session_details = SSLSessionDetails("my-session-id")
+
         server = SslTest.SslTestConnection( self.server_domain )
-        client = SslTest.SslTestConnection( self.client_domain, 
"my-session-id" )
+        client = SslTest.SslTestConnection( self.client_domain, 
initial_session_details )
 
         # bring up the connection and store its state
         client.connection.open()
@@ -384,7 +387,8 @@ class SslTest(common.Test):
 
         # now create a new set of connections, use last session id
         server = SslTest.SslTestConnection( self.server_domain )
-        client = SslTest.SslTestConnection( self.client_domain, 
"my-session-id" )
+        # provide the details of the last session, allowing it to be resumed 
+        client = SslTest.SslTestConnection( self.client_domain, 
initial_session_details )
 
         #client.transport.trace(Transport.TRACE_DRV)
         #server.transport.trace(Transport.TRACE_DRV)
@@ -393,7 +397,12 @@ class SslTest(common.Test):
         server.connection.open()
         self._pump( client, server )
         assert server.ssl.protocol_name() is not None
-        assert client.ssl.resume_status() == SSL.RESUME_REUSED
+        if(LANGUAGE=="C"):
+            assert client.ssl.resume_status() == SSL.RESUME_REUSED
+        else:
+            # Java gives no way to check whether a previous session has been 
resumed
+            pass
+
         client.connection.close()
         server.connection.close()
         self._pump( client, server )
@@ -405,13 +414,15 @@ class SslTest(common.Test):
         del server
 
         server = SslTest.SslTestConnection( self.server_domain )
-        client = SslTest.SslTestConnection( self.client_domain, 
"some-other-session-id" )
+        client = SslTest.SslTestConnection( self.client_domain, 
SSLSessionDetails("some-other-session-id") )
 
         client.connection.open()
         server.connection.open()
         self._pump( client, server )
         assert server.ssl.protocol_name() is not None
-        assert client.ssl.resume_status() == SSL.RESUME_NEW
+        if(LANGUAGE=="C"):
+            assert client.ssl.resume_status() == SSL.RESUME_NEW
+
         client.connection.close()
         server.connection.close()
         self._pump( client, server )



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

svn commit: r1420862 - in /qpid/proton/branches/kgiusti-proton-136: proton-c/bindings/python/proton.py proton-j/proton/src/main/scripts/proton.py tests/proton_tests/ssl.py

Reply via email to