Author: kwall Date: Wed Dec 12 17:40:21 2012 New Revision: 1420865 URL: http://svn.apache.org/viewvc?rev=1420865&view=rev Log: PROTON-136: Minor changes: improved JavaDoc, and tweaked SSL engine facade interface. Java changes only.
Applied patch from Philip Harvey<[email protected]>. Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/SslDomain.java qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/DefaultSslEngineFacade.java qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapper.java qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacade.java qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/CapitalisingDummySslEngine.java Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/SslDomain.java URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/SslDomain.java?rev=1420865&r1=1420864&r2=1420865&view=diff ============================================================================== --- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/SslDomain.java (original) +++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/SslDomain.java Wed Dec 12 17:40:21 2012 @@ -25,6 +25,9 @@ import org.apache.qpid.proton.engine.imp */ public interface SslDomain { + /** + * Determines whether the endpoint acts as a client or server. + */ public enum Mode { /** Local connection endpoint is an SSL client */ @@ -37,26 +40,25 @@ public interface SslDomain /** * Determines the level of peer validation. * - * VERIFY_PEER will only connect to those peers that provide a valid identifying - * certificate signed by a trusted CA and are using an authenticated cipher. - * ANONYMOUS_PEER does not require a valid certificate, and permits use of ciphers that - * do not provide authentication. - * - * ANONYMOUS_PEER is configured by default. - * - * These settings can be changed via ::pn_ssl_set_peer_authentication() + * {@link #ANONYMOUS_PEER} is configured by default. */ public enum VerifyMode { - /** require peer to provide a valid identifying certificate */ + /** + * will only connect to those peers that provide a valid identifying certificate signed + * by a trusted CA and are using an authenticated cipher + */ VERIFY_PEER, - /** do not require a certificate nor cipher authorization */ + /** + * does not require a valid certificate, and permits use of ciphers that + * do not provide authentication + */ ANONYMOUS_PEER, } /** - * Initialize the pn_ssl_t object. + * Initialize the ssl domain object. * * An SSL object be either an SSL server or an SSL client. It cannot be both. Those * transports that will be used to accept incoming connection requests must be configured @@ -75,16 +77,16 @@ public interface SslDomain * remote if the remote needs to verify the identity of this node. This may be used for * both SSL servers and SSL clients (if client authentication is required by the server). * - * @param certificate_file path to file/database containing the identifying + * @param certificateFile path to file/database containing the identifying * certificate. - * @param private_key_file path to file/database containing the private key used to + * @param privateKeyFile path to file/database containing the private key used to * sign the certificate - * @param password the password used to sign the key, else NULL if key is not + * @param password the password used to sign the key, else null if key is not * protected. */ - void setCredentials(String certificate_file, String private_key_file, String password); + void setCredentials(String certificateFile, String privateKeyFile, String password); - String getPrivateKeyFile(); // TODO + String getPrivateKeyFile(); String getPrivateKeyPassword(); @@ -97,9 +99,9 @@ public interface SslDomain * validate the signature of the remote's certificate. This function sets the database of * trusted CAs that will be used to verify the signature of the remote's certificate. * - * @param certificate_db database of trusted CAs, used to authenticate the peer. + * @param certificateDb database of trusted CAs, used to authenticate the peer. */ - void setTrustedCaDb(String certificate_db); + void setTrustedCaDb(String certificateDb); String getTrustedCaDb(); @@ -107,14 +109,14 @@ public interface SslDomain * Configure the level of verification used on the peer certificate. * * This method controls how the peer's certificate is validated, if at all. By default, - * neither servers nor clients attempt to verify their peers (PN_SSL_ANONYMOUS_PEER). + * neither servers nor clients attempt to verify their peers ({@link VerifyMode#ANONYMOUS_PEER}). * Once certificates and trusted CAs are configured, peer verification can be enabled. * * In order to verify a peer, a trusted CA must be configured. See - * #setTrustedCaDb(). + * {@link #setTrustedCaDb(String)}. * * @note Servers must provide their own certificate when verifying a peer. See - * #setCredentials(). + * {@link #setCredentials(String, String, String)}). * * @param mode the level of validation to apply to the peer */ Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/DefaultSslEngineFacade.java URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/DefaultSslEngineFacade.java?rev=1420865&r1=1420864&r2=1420865&view=diff ============================================================================== --- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/DefaultSslEngineFacade.java (original) +++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/DefaultSslEngineFacade.java Wed Dec 12 17:40:21 2012 @@ -26,17 +26,13 @@ import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLEngineResult.HandshakeStatus; import javax.net.ssl.SSLException; -import org.apache.qpid.proton.engine.SslDomain; - class DefaultSslEngineFacade implements SslEngineFacade { private final SSLEngine _sslEngine; - private final SslDomain.Mode _mode; - public DefaultSslEngineFacade(SSLEngine sslEngine, SslDomain.Mode mode) + public DefaultSslEngineFacade(SSLEngine sslEngine) { _sslEngine = sslEngine; - _mode = mode; } @Override @@ -88,8 +84,8 @@ class DefaultSslEngineFacade implements } @Override - public SslDomain.Mode getMode() + public boolean getUseClientMode() { - return _mode; + return _sslEngine.getUseClientMode(); } } Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapper.java URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapper.java?rev=1420865&r1=1420864&r2=1420865&view=diff ============================================================================== --- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapper.java (original) +++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapper.java Wed Dec 12 17:40:21 2012 @@ -31,7 +31,6 @@ import javax.net.ssl.SSLEngineResult.Sta import javax.net.ssl.SSLException; import javax.net.ssl.SSLSession; -import org.apache.qpid.proton.engine.Ssl; import org.apache.qpid.proton.engine.TransportException; import org.apache.qpid.proton.engine.impl.TransportInput; import org.apache.qpid.proton.engine.impl.TransportOutput; @@ -121,10 +120,7 @@ public class SimpleSslTransportWrapper i runDelegatedTasks(result); updateCipherAndProtocolName(result); - if(_logger.isLoggable(Level.FINEST)) - { - _logger.log(Level.FINEST, _sslEngine.getMode() + " input " + resultToString(result)); - } + logEngineClientModeAndResult(result, "input"); Status sslResultStatus = result.getStatus(); HandshakeStatus handshakeStatus = result.getHandshakeStatus(); @@ -167,19 +163,10 @@ public class SimpleSslTransportWrapper i } catch(SSLException e) { - throw new TransportException("Problem during input. Mode: " + _sslEngine.getMode(), e); + throw new TransportException("Problem during input. useClientMode: " + _sslEngine.getUseClientMode(), e); } } - private String resultToString(SSLEngineResult result) - { - return new StringBuilder("[SSLEngineResult status = ").append(result.getStatus()) - .append(" handshakeStatus = ").append(result.getHandshakeStatus()) - .append(" bytesConsumed = ").append(result.bytesConsumed()) - .append(" bytesProduced = ").append(result.bytesProduced()) - .append("]").toString(); - } - /** * Write encoded output to the supplied destination. * @@ -224,6 +211,8 @@ public class SimpleSslTransportWrapper i } SSLEngineResult result = _sslEngine.wrap(_clearOutputHolder.prepareToRead(), sslWrapDst); + logEngineClientModeAndResult(result, "output"); + _clearOutputHolder.prepareToWrite(); Status sslResultStatus = result.getStatus(); @@ -257,7 +246,7 @@ public class SimpleSslTransportWrapper i } catch(SSLException e) { - throw new TransportException("Problem during output. Mode: " + _sslEngine.getMode(), e); + throw new TransportException("Problem during output. useClientMode: " + _sslEngine.getUseClientMode(), e); } } @@ -301,4 +290,22 @@ public class SimpleSslTransportWrapper i } } } + + private void logEngineClientModeAndResult(SSLEngineResult result, String direction) + { + if(_logger.isLoggable(Level.FINEST)) + { + _logger.log(Level.FINEST, "useClientMode = " + _sslEngine.getUseClientMode() + " direction = " + direction + + " " + resultToString(result)); + } + } + + private String resultToString(SSLEngineResult result) + { + return new StringBuilder("[SSLEngineResult status = ").append(result.getStatus()) + .append(" handshakeStatus = ").append(result.getHandshakeStatus()) + .append(" bytesConsumed = ").append(result.bytesConsumed()) + .append(" bytesProduced = ").append(result.bytesProduced()) + .append("]").toString(); + } } Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacade.java URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacade.java?rev=1420865&r1=1420864&r2=1420865&view=diff ============================================================================== --- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacade.java (original) +++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacade.java Wed Dec 12 17:40:21 2012 @@ -27,8 +27,6 @@ import javax.net.ssl.SSLEngineResult.Han import javax.net.ssl.SSLEngineResult.Status; import javax.net.ssl.SSLException; -import org.apache.qpid.proton.engine.SslDomain; - /** * Thin wrapper around an {@link SSLEngine}. */ @@ -62,5 +60,5 @@ public interface SslEngineFacade int getPacketBufferSize(); String getCipherSuite(); String getProtocol(); - SslDomain.Mode getMode(); + boolean getUseClientMode(); } Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java?rev=1420865&r1=1420864&r2=1420865&view=diff ============================================================================== --- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java (original) +++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java Wed Dec 12 17:40:21 2012 @@ -97,7 +97,7 @@ public class SslEngineFacadeFactory { _logger.fine("Created SSL engine: " + engineToString(engine)); } - return new DefaultSslEngineFacade(engine, domain.getMode()); + return new DefaultSslEngineFacade(engine); } Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/CapitalisingDummySslEngine.java URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/CapitalisingDummySslEngine.java?rev=1420865&r1=1420864&r2=1420865&view=diff ============================================================================== --- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/CapitalisingDummySslEngine.java (original) +++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/CapitalisingDummySslEngine.java Wed Dec 12 17:40:21 2012 @@ -30,8 +30,6 @@ import javax.net.ssl.SSLEngineResult.Han import javax.net.ssl.SSLEngineResult.Status; import javax.net.ssl.SSLException; -import org.apache.qpid.proton.engine.SslDomain.Mode; - /** * A simpler implementation of an SSLEngine that has predictable human-readable output, and that allows us to @@ -225,8 +223,8 @@ public class CapitalisingDummySslEngine } @Override - public Mode getMode() + public boolean getUseClientMode() { - return Mode.CLIENT; + return true; } } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
