Author: kwall
Date: Wed Dec 10 17:17:24 2014
New Revision: 1644485
URL: http://svn.apache.org/r1644485
Log:
Reenable support for SSL and Plain on the same port (i.e. the transport
sniffing). Reenable all TLS tests
Modified:
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/TCPandSSLTransport.java
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/common/src/main/java/org/apache/qpid/transport/ServerDelegate.java
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/common/src/main/java/org/apache/qpid/transport/network/io/NonBlockingConnection.java
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/common/src/main/java/org/apache/qpid/transport/network/io/NonBlockingSenderReceiver.java
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/test-profiles/JavaExcludes
Modified:
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/TCPandSSLTransport.java
URL:
http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/TCPandSSLTransport.java?rev=1644485&r1=1644484&r2=1644485&view=diff
==============================================================================
---
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/TCPandSSLTransport.java
(original)
+++
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/broker-core/src/main/java/org/apache/qpid/server/transport/TCPandSSLTransport.java
Wed Dec 10 17:17:24 2014
@@ -99,8 +99,7 @@ class TCPandSSLTransport implements Acce
{
encryptionSet.add(TransportEncryption.TLS);
}
- _networkTransport.accept(settings, protocolEngineFactory,
_transports.contains(Transport.TCP) ? null : _sslContext,
- encryptionSet);
+ _networkTransport.accept(settings, protocolEngineFactory, _sslContext,
encryptionSet);
}
public int getAcceptingPort()
Modified:
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/common/src/main/java/org/apache/qpid/transport/ServerDelegate.java
URL:
http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/common/src/main/java/org/apache/qpid/transport/ServerDelegate.java?rev=1644485&r1=1644484&r2=1644485&view=diff
==============================================================================
---
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/common/src/main/java/org/apache/qpid/transport/ServerDelegate.java
(original)
+++
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/common/src/main/java/org/apache/qpid/transport/ServerDelegate.java
Wed Dec 10 17:17:24 2014
@@ -126,8 +126,11 @@ public class ServerDelegate extends Conn
protected void connectionAuthFailed(final Connection conn, Exception e)
{
- conn.exception(e);
- conn.connectionClose(ConnectionCloseCode.CONNECTION_FORCED,
e.getMessage());
+ if (e != null)
+ {
+ conn.exception(e);
+ }
+ conn.connectionClose(ConnectionCloseCode.CONNECTION_FORCED, e == null
? "Authentication failed" : e.getMessage());
}
protected void connectionAuthContinue(final Connection conn, byte[]
challenge)
Modified:
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/common/src/main/java/org/apache/qpid/transport/network/io/NonBlockingConnection.java
URL:
http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/common/src/main/java/org/apache/qpid/transport/network/io/NonBlockingConnection.java?rev=1644485&r1=1644484&r2=1644485&view=diff
==============================================================================
---
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/common/src/main/java/org/apache/qpid/transport/network/io/NonBlockingConnection.java
(original)
+++
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/common/src/main/java/org/apache/qpid/transport/network/io/NonBlockingConnection.java
Wed Dec 10 17:17:24 2014
@@ -110,17 +110,8 @@ public class NonBlockingConnection imple
{
if(!_principalChecked)
{
- if(_socket.socket() instanceof SSLSocket)
- {
- try
- {
- _principal = ((SSLSocket)
_socket.socket()).getSession().getPeerPrincipal();
- }
- catch(SSLPeerUnverifiedException e)
- {
- _principal = null;
- }
- }
+
+ _principal = _nonBlockingSenderReceiver.getPeerPrincipal();
_principalChecked = true;
}
Modified:
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/common/src/main/java/org/apache/qpid/transport/network/io/NonBlockingSenderReceiver.java
URL:
http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/common/src/main/java/org/apache/qpid/transport/network/io/NonBlockingSenderReceiver.java?rev=1644485&r1=1644484&r2=1644485&view=diff
==============================================================================
---
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/common/src/main/java/org/apache/qpid/transport/network/io/NonBlockingSenderReceiver.java
(original)
+++
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/common/src/main/java/org/apache/qpid/transport/network/io/NonBlockingSenderReceiver.java
Wed Dec 10 17:17:24 2014
@@ -24,6 +24,7 @@ import java.nio.ByteBuffer;
import java.nio.channels.SelectionKey;
import java.nio.channels.Selector;
import java.nio.channels.SocketChannel;
+import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -35,6 +36,7 @@ import java.util.concurrent.atomic.Atomi
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLPeerUnverifiedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -389,6 +391,38 @@ public class NonBlockingSenderReceiver
runSSLEngineTasks(_status);
}
}
+ else
+ {
+ int read = 1;
+ while (!_closed.get() && read > 0)
+ {
+
+ read = _socketChannel.read(_netInputBuffer);
+ LOGGER.debug("Read " + read + " possibly encrypted bytes " +
_netInputBuffer);
+
+ if (_netInputBuffer.position() >= 6)
+ {
+ _netInputBuffer.flip();
+ final byte[] headerBytes = new byte[6];
+ ByteBuffer dup = _netInputBuffer.duplicate();
+ dup.get(headerBytes);
+
+ _transportEncryption = looksLikeSSL(headerBytes) ?
TransportEncryption.TLS : TransportEncryption.NONE;
+ LOGGER.debug("Identified transport encryption as " +
_transportEncryption);
+
+ if (_transportEncryption == TransportEncryption.NONE)
+ {
+ _receiver.received(_netInputBuffer);
+ }
+ else
+ {
+ _netInputBuffer.compact();
+ doRead();
+ }
+ break;
+ }
+ }
+ }
}
private void runSSLEngineTasks(final SSLEngineResult status)
@@ -403,4 +437,48 @@ public class NonBlockingSenderReceiver
}
}
}
+
+ private boolean looksLikeSSL(byte[] headerBytes)
+ {
+ return looksLikeSSLv3ClientHello(headerBytes) ||
looksLikeSSLv2ClientHello(headerBytes);
+ }
+
+ private boolean looksLikeSSLv3ClientHello(byte[] headerBytes)
+ {
+ return headerBytes[0] == 22 && // SSL Handshake
+ (headerBytes[1] == 3 && // SSL 3.0 / TLS 1.x
+ (headerBytes[2] == 0 || // SSL 3.0
+ headerBytes[2] == 1 || // TLS 1.0
+ headerBytes[2] == 2 || // TLS 1.1
+ headerBytes[2] == 3)) && // TLS1.2
+ (headerBytes[5] == 1); // client_hello
+ }
+
+ private boolean looksLikeSSLv2ClientHello(byte[] headerBytes)
+ {
+ return headerBytes[0] == -128 &&
+ headerBytes[3] == 3 && // SSL 3.0 / TLS 1.x
+ (headerBytes[4] == 0 || // SSL 3.0
+ headerBytes[4] == 1 || // TLS 1.0
+ headerBytes[4] == 2 || // TLS 1.1
+ headerBytes[4] == 3);
+ }
+
+ public Principal getPeerPrincipal()
+ {
+
+ if (_sslEngine != null)
+ {
+ try
+ {
+ return _sslEngine.getSession().getPeerPrincipal();
+ }
+ catch (SSLPeerUnverifiedException e)
+ {
+ return null;
+ }
+ }
+
+ return null;
+ }
}
Modified:
qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/test-profiles/JavaExcludes
URL:
http://svn.apache.org/viewvc/qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/test-profiles/JavaExcludes?rev=1644485&r1=1644484&r2=1644485&view=diff
==============================================================================
--- qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/test-profiles/JavaExcludes
(original)
+++ qpid/branches/QPID-6262-JavaBrokerNIO/qpid/java/test-profiles/JavaExcludes
Wed Dec 10 17:17:24 2014
@@ -30,10 +30,3 @@ org.apache.qpid.test.unit.topic.DurableS
//QPID-4153 Messages causing a runtime selector error should be dead-lettered
(or something similar)
org.apache.qpid.test.client.message.SelectorTest#testRuntimeSelectorError
-
-
-// QPID-6262: Temporary exclusion whilst NIO refactoring is in flight
-org.apache.qpid.server.transport.TCPandSSLTransportTest#*
-org.apache.qpid.server.security.auth.manager.ExternalAuthenticationTest#*
-org.apache.qpid.server.logging.BrokerLoggingTest#testBrokerStartupListeningTCPSSL
-org.apache.qpid.server.logging.BrokerLoggingTest#testBrokerShutdownListeningTCPSSL
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
