Author: remm
Date: Wed Jul 15 15:50:12 2015
New Revision: 1691237
URL: http://svn.apache.org/r1691237
Log:
Add ALPN to NIO2 with JSSE and OpenSSL. No NIO yet since it would need a
refactoring to pass the socket wrapper to NioChannel to be able to set the
negotiated protocol (?).
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1691237&r1=1691236&r2=1691237&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Wed Jul
15 15:50:12 2015
@@ -575,6 +575,9 @@ public abstract class AbstractEndpoint<S
public void addNegotiatedProtocol(String negotiableProtocol) {
negotiableProtocols.add(negotiableProtocol);
}
+ public boolean hasNegotiableProtocols() {
+ return (negotiableProtocols.size() > 0);
+ }
/**
* Attributes provide a way for configuration to be passed to
sub-components
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java?rev=1691237&r1=1691236&r2=1691237&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtil.java Wed Jul 15
15:50:12 2015
@@ -60,4 +60,11 @@ public interface SSLUtil {
*/
public String[] getEnableableProtocols(SSLContext context);
+ public interface ProtocolInfo {
+ /**
+ * ALPN information.
+ * @return the protocol selected using ALPN
+ */
+ public String getNegotiatedProtocol();
+ }
}
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java?rev=1691237&r1=1691236&r2=1691237&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java Wed Jul
15 15:50:12 2015
@@ -216,6 +216,9 @@ public class SecureNio2Channel extends N
throw new
IOException(sm.getString("channel.nio.ssl.notHandshaking"));
}
case FINISHED: {
+ if (endpoint.hasNegotiableProtocols() && sslEngine
instanceof SSLUtil.ProtocolInfo) {
+ socket.setNegotiatedProtocol(((SSLUtil.ProtocolInfo)
sslEngine).getNegotiatedProtocol());
+ }
//we are complete if we have delivered the last package
handshakeComplete = !netOutBuffer.hasRemaining();
//return 0 if we are complete, otherwise we still have
data to write
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java?rev=1691237&r1=1691236&r2=1691237&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
Wed Jul 15 15:50:12 2015
@@ -449,7 +449,8 @@ public class OpenSSLContext implements o
@Override
public SSLEngine createSSLEngine() {
- return new OpenSSLEngine(ctx, defaultProtocol, false, sessionContext);
+ return new OpenSSLEngine(ctx, defaultProtocol, false, sessionContext,
+ (negotiableProtocols != null && negotiableProtocols.size() >
0));
}
@Override
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java?rev=1691237&r1=1691236&r2=1691237&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java Wed
Jul 15 15:50:12 2015
@@ -51,6 +51,7 @@ import org.apache.tomcat.jni.SSL;
import org.apache.tomcat.jni.SSLContext;
import org.apache.tomcat.util.buf.ByteBufferUtils;
import org.apache.tomcat.util.net.Constants;
+import org.apache.tomcat.util.net.SSLUtil;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -58,7 +59,7 @@ import org.apache.tomcat.util.res.String
* <a href="https://www.openssl.org/docs/crypto/BIO_s_bio.html#EXAMPLE";>OpenSSL
* BIO abstractions</a>.
*/
-public final class OpenSSLEngine extends SSLEngine {
+public final class OpenSSLEngine extends SSLEngine implements
SSLUtil.ProtocolInfo {
private static final Log logger = LogFactory.getLog(OpenSSLEngine.class);
private static final StringManager sm =
StringManager.getManager(OpenSSLEngine.class);
@@ -175,6 +176,9 @@ public final class OpenSSLEngine extends
private final boolean clientMode;
private final String fallbackApplicationProtocol;
private final OpenSSLSessionContext sessionContext;
+ private final boolean alpn;
+
+ private String selectedProtocol = null;
private volatile SSLSession session;
@@ -190,7 +194,7 @@ public final class OpenSSLEngine extends
* {@link SSLEngine} belongs to.
*/
OpenSSLEngine(long sslCtx, String fallbackApplicationProtocol,
- boolean clientMode, OpenSSLSessionContext sessionContext) {
+ boolean clientMode, OpenSSLSessionContext sessionContext, boolean
alpn) {
if (sslCtx == 0) {
throw new
IllegalArgumentException(sm.getString("engine.noSSLContext"));
}
@@ -199,6 +203,12 @@ public final class OpenSSLEngine extends
this.fallbackApplicationProtocol = fallbackApplicationProtocol;
this.clientMode = clientMode;
this.sessionContext = sessionContext;
+ this.alpn = alpn;
+ }
+
+ @Override
+ public String getNegotiatedProtocol() {
+ return selectedProtocol;
}
/**
@@ -1152,8 +1162,11 @@ public final class OpenSSLEngine extends
throw new SSLException(err);
}
} else {
+ if (alpn) {
+ selectedProtocol = SSL.getAlpnSelected(ssl);
+ }
// if SSL_do_handshake returns > 0 it means the handshake was
finished. This means we can update
- // handshakeFinished directly and so eliminate uncessary calls to
SSL.isInInit(...)
+ // handshakeFinished directly and so eliminate unnecessary calls
to SSL.isInInit(...)
handshakeFinished = true;
}
}
@@ -1182,6 +1195,9 @@ public final class OpenSSLEngine extends
// No pending data to be sent to the peer
// Check to see if we have finished handshaking
if (SSL.isInInit(ssl) == 0) {
+ if (alpn) {
+ selectedProtocol = SSL.getAlpnSelected(ssl);
+ }
handshakeFinished = true;
return SSLEngineResult.HandshakeStatus.FINISHED;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
