Hiranya, Before discussing the implementation, could you please explain the use case?
Andreas On Mon, Jul 20, 2009 at 14:47, Hiranya Jayathilaka<[email protected]> wrote: > Hi Folks, > > I'm working on an enhancement which enables us to specify multiple SSL > configurations for the HTTPS transport sender and refer to such > configurations at the endpoint level (See SYNAPSE-563 for a problem > description). Then we'll be able to use different SSL configurations when > connecting to different endpoints. This is how I propose to implement this > feature. > > 1. We introduce the concept of SSL profiles to the HTTPS transport sender. > Then in the axis2.xml, under https transport sender configuration, we can > have the usual SSL configuration and optionally a set of SSL profiles. The > below sample shows an https configuration with one profile definition > (called myprofile). > > <transportSender name="https" > class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender"> > <parameter name="non-blocking" locked="false">true</parameter> > <parameter name="keystore" locked="false"> > <KeyStore> > <Location>lib/identity.jks</Location> > <Type>JKS</Type> > <Password>password</Password> > <KeyPassword>password</KeyPassword> > </KeyStore> > </parameter> > <parameter name="truststore" locked="false"> > <TrustStore> > <Location>lib/trust.jks</Location> > <Type>JKS</Type> > <Password>password</Password> > </TrustStore> > </parameter> > <parameter name="customSSLProfiles"> > <!-- We can have zero or more profiles defines here --> > <profile name="myprofile"> > <KeyStore> > <Location>/home/hiranya/cert/service.jks</Location> > <Type>JKS</Type> > <Password>abc123</Password> > <KeyPassword>abc123</KeyPassword> > </KeyStore> > <TrustStore> > <Location>/home/hiranya/cert/client.jks</Location> > <Type>JKS</Type> > <Password>abc123</Password> > </TrustStore> > </profile> > </parameter> > </transportSender> > > 2. We create SSL contexts for each profile and the default SSL > configuration, during sender initialization and associate each SSL context > with an IOReactor instance. All the IOReactors except for the default one > would be stored in a map keyed by its corresponding profile name. > > 3. We make it possible to specify a SSL profile at endpoint definition level > as follows. > > <endpoint> > <address > uri="https://localhost:9002/services/SimpleStockQuoteService";> > <sslProfile>myprofile</sslProfile> > </address> > </endpoint> > > 4. The Axis2FlexibleMEPClient will set the profile name as a message context > property when sending messages using endpoint definitions. > > 5. At the transport level we retrieve the property and lookup the map to > find an IOReactor to send the message (if the property is not set we use the > default IOReactor) > > As far as the transport is concerened all the heavy work of creating SSL > contexts and IOReactor objects will happen during transport initialization. > Only runtime overhead would be the effort made to check the message context > property for a SSL profile name. > > I already have some working code implementing this and would love to > contribute it. But before I do I would like to know what the Synapse team > thinks about implementing this feature in the suggested manner. Your > feedback is most appreciated. > > Thanks, > -- > Hiranya Jayathilaka > Software Engineer; > WSO2 Inc.; http://wso2.org > E-mail: [email protected]; Mobile: +94 77 633 3491 > Blog: http://techfeast-hiranya.blogspot.com > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
