Author: remm Date: Wed Jul 15 15:50:12 2015 New Revision: 1691237 URL: http://svn.apache.org/r1691237 Log: Add ALPN to NIO2 with JSSE and OpenSSL. No NIO yet since it would need a refactoring to pass the socket wrapper to NioChannel to be able to set the negotiated protocol (?).
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1691237&r1=1691236&r2=1691237&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Wed Jul 15 15:50:12 2015 @@ -575,6 +575,9 @@ public abstract class AbstractEndpoint<S public void addNegotiatedProtocol(String negotiableProtocol) { negotiableProtocols.add(negotiableProtocol); } + public boolean hasNegotiableProtocols() { + return (negotiableProtocols.size() > 0); + } /** * Attributes provide a way for configuration to be passed to sub-components Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java?rev=1691237&r1=1691236&r2=1691237&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java Wed Jul 15 15:50:12 2015 @@ -60,4 +60,11 @@ public interface SSLUtil { */ public String[] getEnableableProtocols(SSLContext context); + public interface ProtocolInfo { + /** + * ALPN information. + * @return the protocol selected using ALPN + */ + public String getNegotiatedProtocol(); + } } Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java?rev=1691237&r1=1691236&r2=1691237&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java Wed Jul 15 15:50:12 2015 @@ -216,6 +216,9 @@ public class SecureNio2Channel extends N throw new IOException(sm.getString("channel.nio.ssl.notHandshaking")); } case FINISHED: { + if (endpoint.hasNegotiableProtocols() && sslEngine instanceof SSLUtil.ProtocolInfo) { + socket.setNegotiatedProtocol(((SSLUtil.ProtocolInfo) sslEngine).getNegotiatedProtocol()); + } //we are complete if we have delivered the last package handshakeComplete = !netOutBuffer.hasRemaining(); //return 0 if we are complete, otherwise we still have data to write Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1691237&r1=1691236&r2=1691237&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java Wed Jul 15 15:50:12 2015 @@ -449,7 +449,8 @@ public class OpenSSLContext implements o @Override public SSLEngine createSSLEngine() { - return new OpenSSLEngine(ctx, defaultProtocol, false, sessionContext); + return new OpenSSLEngine(ctx, defaultProtocol, false, sessionContext, + (negotiableProtocols != null && negotiableProtocols.size() > 0)); } @Override Modified: tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java?rev=1691237&r1=1691236&r2=1691237&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java Wed Jul 15 15:50:12 2015 @@ -51,6 +51,7 @@ import org.apache.tomcat.jni.SSL; import org.apache.tomcat.jni.SSLContext; import org.apache.tomcat.util.buf.ByteBufferUtils; import org.apache.tomcat.util.net.Constants; +import org.apache.tomcat.util.net.SSLUtil; import org.apache.tomcat.util.res.StringManager; /** @@ -58,7 +59,7 @@ import org.apache.tomcat.util.res.String * <a href="https://www.openssl.org/docs/crypto/BIO_s_bio.html#EXAMPLE">OpenSSL * BIO abstractions</a>. */ -public final class OpenSSLEngine extends SSLEngine { +public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolInfo { private static final Log logger = LogFactory.getLog(OpenSSLEngine.class); private static final StringManager sm = StringManager.getManager(OpenSSLEngine.class); @@ -175,6 +176,9 @@ public final class OpenSSLEngine extends private final boolean clientMode; private final String fallbackApplicationProtocol; private final OpenSSLSessionContext sessionContext; + private final boolean alpn; + + private String selectedProtocol = null; private volatile SSLSession session; @@ -190,7 +194,7 @@ public final class OpenSSLEngine extends * {@link SSLEngine} belongs to. */ OpenSSLEngine(long sslCtx, String fallbackApplicationProtocol, - boolean clientMode, OpenSSLSessionContext sessionContext) { + boolean clientMode, OpenSSLSessionContext sessionContext, boolean alpn) { if (sslCtx == 0) { throw new IllegalArgumentException(sm.getString("engine.noSSLContext")); } @@ -199,6 +203,12 @@ public final class OpenSSLEngine extends this.fallbackApplicationProtocol = fallbackApplicationProtocol; this.clientMode = clientMode; this.sessionContext = sessionContext; + this.alpn = alpn; + } + + @Override + public String getNegotiatedProtocol() { + return selectedProtocol; } /** @@ -1152,8 +1162,11 @@ public final class OpenSSLEngine extends throw new SSLException(err); } } else { + if (alpn) { + selectedProtocol = SSL.getAlpnSelected(ssl); + } // if SSL_do_handshake returns > 0 it means the handshake was finished. This means we can update - // handshakeFinished directly and so eliminate uncessary calls to SSL.isInInit(...) + // handshakeFinished directly and so eliminate unnecessary calls to SSL.isInInit(...) handshakeFinished = true; } } @@ -1182,6 +1195,9 @@ public final class OpenSSLEngine extends // No pending data to be sent to the peer // Check to see if we have finished handshaking if (SSL.isInInit(ssl) == 0) { + if (alpn) { + selectedProtocol = SSL.getAlpnSelected(ssl); + } handshakeFinished = true; return SSLEngineResult.HandshakeStatus.FINISHED; } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org