http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ccdcf329/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportOutput.java ---------------------------------------------------------------------- diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportOutput.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportOutput.java deleted file mode 100644 index b8df26b..0000000 --- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportOutput.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.proton.engine.impl; - -import java.nio.ByteBuffer; - -import org.apache.qpid.proton.engine.Transport; - -public interface TransportOutput -{ - - int pending(); - - ByteBuffer head(); - - void pop(int bytes); - - void close_head(); - -}
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ccdcf329/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportOutputAdaptor.java ---------------------------------------------------------------------- diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportOutputAdaptor.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportOutputAdaptor.java deleted file mode 100644 index 2c43bfe..0000000 --- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportOutputAdaptor.java +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.qpid.proton.engine.impl; - -import static org.apache.qpid.proton.engine.impl.ByteBufferUtils.*; - -import java.nio.ByteBuffer; - -import org.apache.qpid.proton.engine.Transport; - -class TransportOutputAdaptor implements TransportOutput -{ - private static final ByteBuffer _emptyHead = newReadableBuffer(0).asReadOnlyBuffer(); - - private final TransportOutputWriter _transportOutputWriter; - private final int _maxFrameSize; - - private ByteBuffer _outputBuffer = null; - private ByteBuffer _head = null; - private boolean _output_done = false; - private boolean _head_closed = false; - - TransportOutputAdaptor(TransportOutputWriter transportOutputWriter, int maxFrameSize) - { - _transportOutputWriter = transportOutputWriter; - _maxFrameSize = maxFrameSize > 0 ? maxFrameSize : 4*1024; - } - - @Override - public int pending() - { - if (_head_closed) { - return Transport.END_OF_STREAM; - } - - if(_outputBuffer == null) - { - init_buffers(); - } - - _output_done = _transportOutputWriter.writeInto(_outputBuffer); - _head.limit(_outputBuffer.position()); - - if (_outputBuffer.position() == 0 && _outputBuffer.capacity() > TransportImpl.BUFFER_RELEASE_THRESHOLD) - { - release_buffers(); - } - - if (_output_done && (_outputBuffer == null || _outputBuffer.position() == 0)) - { - return Transport.END_OF_STREAM; - } - else - { - return _outputBuffer == null ? 0 : _outputBuffer.position(); - } - } - - @Override - public ByteBuffer head() - { - pending(); - return _head != null ? _head : _emptyHead; - } - - @Override - public void pop(int bytes) - { - if (_outputBuffer != null) { - _outputBuffer.flip(); - _outputBuffer.position(bytes); - _outputBuffer.compact(); - _head.position(0); - _head.limit(_outputBuffer.position()); - if (_outputBuffer.position() == 0 && _outputBuffer.capacity() > TransportImpl.BUFFER_RELEASE_THRESHOLD) { - release_buffers(); - } - } - } - - @Override - public void close_head() - { - _head_closed = true; - _transportOutputWriter.closed(null); - release_buffers(); - } - - private void init_buffers() { - _outputBuffer = newWriteableBuffer(_maxFrameSize); - _head = _outputBuffer.asReadOnlyBuffer(); - _head.limit(0); - } - - private void release_buffers() { - _head = null; - _outputBuffer = null; - } -} http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ccdcf329/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportOutputWriter.java ---------------------------------------------------------------------- diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportOutputWriter.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportOutputWriter.java deleted file mode 100644 index 76c0df7..0000000 --- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportOutputWriter.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.qpid.proton.engine.impl; - -import java.nio.ByteBuffer; - -import org.apache.qpid.proton.engine.TransportException; - -interface TransportOutputWriter -{ - /** - * Writes my pending output bytes into outputBuffer. Does not - * subsequently flip it. Returns true on end of stream. - */ - boolean writeInto(ByteBuffer outputBuffer); - - void closed(TransportException error); - -} http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ccdcf329/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportReceiver.java ---------------------------------------------------------------------- diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportReceiver.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportReceiver.java deleted file mode 100644 index 29d97c4..0000000 --- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportReceiver.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ - -package org.apache.qpid.proton.engine.impl; - -import org.apache.qpid.proton.amqp.transport.Flow; - -class TransportReceiver extends TransportLink<ReceiverImpl> -{ - - - TransportReceiver(ReceiverImpl link) - { - super(link); - link.setTransportLink(this); - } - - public ReceiverImpl getReceiver() - { - return getLink(); - } - - @Override - void handleFlow(Flow flow) - { - super.handleFlow(flow); - int remote = getRemoteDeliveryCount().intValue(); - int local = getDeliveryCount().intValue(); - int delta = remote - local; - if(delta > 0) - { - getLink().addCredit(-delta); - addCredit(-delta); - setDeliveryCount(getRemoteDeliveryCount()); - getLink().setDrained(getLink().getDrained() + delta); - } - - - } -} http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ccdcf329/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportSender.java ---------------------------------------------------------------------- diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportSender.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportSender.java deleted file mode 100644 index cebe577..0000000 --- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportSender.java +++ /dev/null @@ -1,70 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ - -package org.apache.qpid.proton.engine.impl; - -import org.apache.qpid.proton.amqp.UnsignedInteger; -import org.apache.qpid.proton.amqp.transport.Flow; - -class TransportSender extends TransportLink<SenderImpl> -{ - private boolean _drain; - private DeliveryImpl _inProgressDelivery; - private static final UnsignedInteger ORIGINAL_DELIVERY_COUNT = UnsignedInteger.ZERO; - - TransportSender(SenderImpl link) - { - super(link); - setDeliveryCount(ORIGINAL_DELIVERY_COUNT); - link.setTransportLink(this); - } - - @Override - void handleFlow(Flow flow) - { - super.handleFlow(flow); - _drain = flow.getDrain(); - getLink().setDrain(flow.getDrain()); - int oldCredit = getLink().getCredit(); - UnsignedInteger oldLimit = getLinkCredit().add(getDeliveryCount()); - UnsignedInteger transferLimit = flow.getLinkCredit().add(flow.getDeliveryCount() == null - ? ORIGINAL_DELIVERY_COUNT - : flow.getDeliveryCount()); - UnsignedInteger linkCredit = transferLimit.subtract(getDeliveryCount()); - - setLinkCredit(linkCredit); - getLink().setCredit(transferLimit.subtract(oldLimit).intValue() + oldCredit); - - DeliveryImpl current = getLink().current(); - getLink().getConnectionImpl().workUpdate(current); - setLinkCredit(linkCredit); - } - - public void setInProgressDelivery(DeliveryImpl inProgressDelivery) - { - _inProgressDelivery = inProgressDelivery; - } - - public DeliveryImpl getInProgressDelivery() - { - return _inProgressDelivery; - } -} http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ccdcf329/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportSession.java ---------------------------------------------------------------------- diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportSession.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportSession.java deleted file mode 100644 index d9c1083..0000000 --- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportSession.java +++ /dev/null @@ -1,500 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ - -package org.apache.qpid.proton.engine.impl; - -import java.util.HashMap; -import java.util.Map; - -import org.apache.qpid.proton.amqp.Binary; -import org.apache.qpid.proton.amqp.UnsignedInteger; -import org.apache.qpid.proton.amqp.transport.Disposition; -import org.apache.qpid.proton.amqp.transport.Flow; -import org.apache.qpid.proton.amqp.transport.Role; -import org.apache.qpid.proton.amqp.transport.Transfer; -import org.apache.qpid.proton.engine.Event; - -class TransportSession -{ - private static final int HANDLE_MAX = 65535; - - private final TransportImpl _transport; - private final SessionImpl _session; - private int _localChannel = -1; - private int _remoteChannel = -1; - private boolean _openSent; - private final UnsignedInteger _handleMax = UnsignedInteger.valueOf(HANDLE_MAX); //TODO: should this be configurable? - // This is used for the delivery-id actually stamped in each transfer frame of a given message delivery. - private UnsignedInteger _outgoingDeliveryId = UnsignedInteger.ZERO; - // These are used for the session windows communicated via Begin/Flow frames - // and the conceptual transfer-id relating to updating them. - private UnsignedInteger _incomingWindowSize = UnsignedInteger.ZERO; - private UnsignedInteger _outgoingWindowSize = UnsignedInteger.ZERO; - private UnsignedInteger _nextOutgoingId = UnsignedInteger.ONE; - private UnsignedInteger _nextIncomingId = null; - - private final Map<UnsignedInteger, TransportLink<?>> _remoteHandlesMap = new HashMap<UnsignedInteger, TransportLink<?>>(); - private final Map<UnsignedInteger, TransportLink<?>> _localHandlesMap = new HashMap<UnsignedInteger, TransportLink<?>>(); - private final Map<String, TransportLink> _halfOpenLinks = new HashMap<String, TransportLink>(); - - - private UnsignedInteger _incomingDeliveryId = null; - private UnsignedInteger _remoteIncomingWindow; - private UnsignedInteger _remoteOutgoingWindow; - private UnsignedInteger _remoteNextIncomingId = _nextOutgoingId; - private UnsignedInteger _remoteNextOutgoingId; - private final Map<UnsignedInteger, DeliveryImpl> - _unsettledIncomingDeliveriesById = new HashMap<UnsignedInteger, DeliveryImpl>(); - private final Map<UnsignedInteger, DeliveryImpl> - _unsettledOutgoingDeliveriesById = new HashMap<UnsignedInteger, DeliveryImpl>(); - private int _unsettledIncomingSize; - private boolean _endReceived; - private boolean _beginSent; - - TransportSession(TransportImpl transport, SessionImpl session) - { - _transport = transport; - _session = session; - _outgoingWindowSize = UnsignedInteger.valueOf(session.getOutgoingWindow()); - } - - void unbind() - { - unsetLocalChannel(); - unsetRemoteChannel(); - } - - public SessionImpl getSession() - { - return _session; - } - - public int getLocalChannel() - { - return _localChannel; - } - - public void setLocalChannel(int localChannel) - { - if (!isLocalChannelSet()) { - _session.incref(); - } - _localChannel = localChannel; - } - - public int getRemoteChannel() - { - return _remoteChannel; - } - - public void setRemoteChannel(int remoteChannel) - { - if (!isRemoteChannelSet()) { - _session.incref(); - } - _remoteChannel = remoteChannel; - } - - public boolean isOpenSent() - { - return _openSent; - } - - public void setOpenSent(boolean openSent) - { - _openSent = openSent; - } - - public boolean isRemoteChannelSet() - { - return _remoteChannel != -1; - } - - public boolean isLocalChannelSet() - { - return _localChannel != -1; - } - - public void unsetLocalChannel() - { - if (isLocalChannelSet()) { - unsetLocalHandles(); - _session.decref(); - } - _localChannel = -1; - } - - private void unsetLocalHandles() - { - for (TransportLink<?> tl : _localHandlesMap.values()) - { - tl.clearLocalHandle(); - } - _localHandlesMap.clear(); - } - - public void unsetRemoteChannel() - { - if (isRemoteChannelSet()) { - unsetRemoteHandles(); - _session.decref(); - } - _remoteChannel = -1; - } - - private void unsetRemoteHandles() - { - for (TransportLink<?> tl : _remoteHandlesMap.values()) - { - tl.clearRemoteHandle(); - } - _remoteHandlesMap.clear(); - } - - public UnsignedInteger getHandleMax() - { - return _handleMax; - } - - public UnsignedInteger getIncomingWindowSize() - { - return _incomingWindowSize; - } - - void updateIncomingWindow() - { - int size = _transport.getMaxFrameSize(); - if (size <= 0) { - _incomingWindowSize = UnsignedInteger.valueOf(2147483647); // biggest legal value - } else { - _incomingWindowSize = UnsignedInteger.valueOf((_session.getIncomingCapacity() - _session.getIncomingBytes())/size); - } - } - - public UnsignedInteger getOutgoingDeliveryId() - { - return _outgoingDeliveryId; - } - - void incrementOutgoingDeliveryId() - { - _outgoingDeliveryId = _outgoingDeliveryId.add(UnsignedInteger.ONE); - } - - public UnsignedInteger getOutgoingWindowSize() - { - return _outgoingWindowSize; - } - - public UnsignedInteger getNextOutgoingId() - { - return _nextOutgoingId; - } - - public TransportLink getLinkFromRemoteHandle(UnsignedInteger handle) - { - return _remoteHandlesMap.get(handle); - } - - public UnsignedInteger allocateLocalHandle(TransportLink transportLink) - { - for(int i = 0; i <= HANDLE_MAX; i++) - { - UnsignedInteger handle = UnsignedInteger.valueOf(i); - if(!_localHandlesMap.containsKey(handle)) - { - _localHandlesMap.put(handle, transportLink); - transportLink.setLocalHandle(handle); - return handle; - } - } - throw new IllegalStateException("no local handle available for allocation"); - } - - public void addLinkRemoteHandle(TransportLink link, UnsignedInteger remoteHandle) - { - _remoteHandlesMap.put(remoteHandle, link); - } - - public void addLinkLocalHandle(TransportLink link, UnsignedInteger localhandle) - { - _localHandlesMap.put(localhandle, link); - } - - public void freeLocalHandle(UnsignedInteger handle) - { - _localHandlesMap.remove(handle); - } - - public void freeRemoteHandle(UnsignedInteger handle) - { - _remoteHandlesMap.remove(handle); - } - - public TransportLink resolveHalfOpenLink(String name) - { - return _halfOpenLinks.remove(name); - } - - public void addHalfOpenLink(TransportLink link) - { - _halfOpenLinks.put(link.getName(), link); - } - - public void handleTransfer(Transfer transfer, Binary payload) - { - DeliveryImpl delivery; - incrementNextIncomingId(); - if(transfer.getDeliveryId() == null || transfer.getDeliveryId().equals(_incomingDeliveryId)) - { - TransportReceiver transportReceiver = (TransportReceiver) getLinkFromRemoteHandle(transfer.getHandle()); - ReceiverImpl receiver = transportReceiver.getReceiver(); - Binary deliveryTag = transfer.getDeliveryTag(); - delivery = _unsettledIncomingDeliveriesById.get(_incomingDeliveryId); - delivery.getTransportDelivery().incrementSessionSize(); - - } - else - { - // TODO - check deliveryId has been incremented by one - _incomingDeliveryId = transfer.getDeliveryId(); - // TODO - check link handle valid and a receiver - TransportReceiver transportReceiver = (TransportReceiver) getLinkFromRemoteHandle(transfer.getHandle()); - ReceiverImpl receiver = transportReceiver.getReceiver(); - Binary deliveryTag = transfer.getDeliveryTag(); - delivery = receiver.delivery(deliveryTag.getArray(), deliveryTag.getArrayOffset(), - deliveryTag.getLength()); - UnsignedInteger messageFormat = transfer.getMessageFormat(); - if(messageFormat != null) { - delivery.setMessageFormat(messageFormat.intValue()); - } - TransportDelivery transportDelivery = new TransportDelivery(_incomingDeliveryId, delivery, transportReceiver); - delivery.setTransportDelivery(transportDelivery); - _unsettledIncomingDeliveriesById.put(_incomingDeliveryId, delivery); - getSession().incrementIncomingDeliveries(1); - } - if( transfer.getState()!=null ) - { - delivery.setRemoteDeliveryState(transfer.getState()); - } - _unsettledIncomingSize++; - // TODO - should this be a copy? - if(payload != null) - { - if(delivery.getDataLength() == 0) - { - delivery.setData(payload.getArray()); - delivery.setDataLength(payload.getLength()); - delivery.setDataOffset(payload.getArrayOffset()); - } - else - { - byte[] data = new byte[delivery.getDataLength() + payload.getLength()]; - System.arraycopy(delivery.getData(), delivery.getDataOffset(), data, 0, delivery.getDataLength()); - System.arraycopy(payload.getArray(), payload.getArrayOffset(), data, delivery.getDataLength(), payload.getLength()); - delivery.setData(data); - delivery.setDataOffset(0); - delivery.setDataLength(data.length); - } - getSession().incrementIncomingBytes(payload.getLength()); - } - delivery.updateWork(); - - - if(!(transfer.getMore() || transfer.getAborted())) - { - delivery.setComplete(); - delivery.getLink().getTransportLink().decrementLinkCredit(); - delivery.getLink().getTransportLink().incrementDeliveryCount(); - } - if(Boolean.TRUE.equals(transfer.getSettled())) - { - delivery.setRemoteSettled(true); - } - - _incomingWindowSize = _incomingWindowSize.subtract(UnsignedInteger.ONE); - - // this will cause a flow to happen - if (_incomingWindowSize.equals(UnsignedInteger.ZERO)) { - delivery.getLink().modified(false); - } - - getSession().getConnection().put(Event.Type.DELIVERY, delivery); - } - - public void freeLocalChannel() - { - unsetLocalChannel(); - } - - public void freeRemoteChannel() - { - unsetRemoteChannel(); - } - - private void setRemoteIncomingWindow(UnsignedInteger incomingWindow) - { - _remoteIncomingWindow = incomingWindow; - } - - void decrementRemoteIncomingWindow() - { - _remoteIncomingWindow = _remoteIncomingWindow.subtract(UnsignedInteger.ONE); - } - - private void setRemoteOutgoingWindow(UnsignedInteger outgoingWindow) - { - _remoteOutgoingWindow = outgoingWindow; - } - - void handleFlow(Flow flow) - { - UnsignedInteger inext = flow.getNextIncomingId(); - UnsignedInteger iwin = flow.getIncomingWindow(); - - if(inext != null) - { - setRemoteNextIncomingId(inext); - setRemoteIncomingWindow(inext.add(iwin).subtract(_nextOutgoingId)); - } - else - { - setRemoteIncomingWindow(iwin); - } - setRemoteNextOutgoingId(flow.getNextOutgoingId()); - setRemoteOutgoingWindow(flow.getOutgoingWindow()); - - if(flow.getHandle() != null) - { - TransportLink transportLink = getLinkFromRemoteHandle(flow.getHandle()); - transportLink.handleFlow(flow); - - - } - } - - private void setRemoteNextOutgoingId(UnsignedInteger nextOutgoingId) - { - _remoteNextOutgoingId = nextOutgoingId; - } - - private void setRemoteNextIncomingId(UnsignedInteger remoteNextIncomingId) - { - _remoteNextIncomingId = remoteNextIncomingId; - } - - void handleDisposition(Disposition disposition) - { - UnsignedInteger id = disposition.getFirst(); - UnsignedInteger last = disposition.getLast() == null ? id : disposition.getLast(); - final Map<UnsignedInteger, DeliveryImpl> unsettledDeliveries = - disposition.getRole() == Role.RECEIVER ? _unsettledOutgoingDeliveriesById - : _unsettledIncomingDeliveriesById; - - while(id.compareTo(last)<=0) - { - DeliveryImpl delivery = unsettledDeliveries.get(id); - if(delivery != null) - { - if(disposition.getState() != null) - { - delivery.setRemoteDeliveryState(disposition.getState()); - } - if(Boolean.TRUE.equals(disposition.getSettled())) - { - delivery.setRemoteSettled(true); - unsettledDeliveries.remove(id); - } - delivery.updateWork(); - - getSession().getConnection().put(Event.Type.DELIVERY, delivery); - } - id = id.add(UnsignedInteger.ONE); - } - //TODO - Implement. - } - - void addUnsettledOutgoing(UnsignedInteger deliveryId, DeliveryImpl delivery) - { - _unsettledOutgoingDeliveriesById.put(deliveryId, delivery); - } - - public boolean hasOutgoingCredit() - { - return _remoteIncomingWindow == null ? false - : _remoteIncomingWindow.compareTo(UnsignedInteger.ZERO)>0; - - } - - void incrementOutgoingId() - { - _nextOutgoingId = _nextOutgoingId.add(UnsignedInteger.ONE); - } - - public void settled(TransportDelivery transportDelivery) - { - if(transportDelivery.getTransportLink().getLink() instanceof ReceiverImpl) - { - _unsettledIncomingDeliveriesById.remove(transportDelivery.getDeliveryId()); - getSession().modified(false); - } - else - { - _unsettledOutgoingDeliveriesById.remove(transportDelivery.getDeliveryId()); - getSession().modified(false); - } - } - - public UnsignedInteger getNextIncomingId() - { - return _nextIncomingId; - } - - public void setNextIncomingId(UnsignedInteger nextIncomingId) - { - _nextIncomingId = nextIncomingId; - } - - public void incrementNextIncomingId() - { - _nextIncomingId = _nextIncomingId.add(UnsignedInteger.ONE); - } - - public boolean endReceived() - { - return _endReceived; - } - - public void receivedEnd() - { - _endReceived = true; - } - - public boolean beginSent() - { - return _beginSent; - } - - public void sentBegin() - { - _beginSent = true; - } -} http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ccdcf329/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportWrapper.java ---------------------------------------------------------------------- diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportWrapper.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportWrapper.java deleted file mode 100644 index f0b5f5c..0000000 --- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/TransportWrapper.java +++ /dev/null @@ -1,26 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.proton.engine.impl; - - -public interface TransportWrapper extends TransportInput, TransportOutput -{ -} http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ccdcf329/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/DefaultSslEngineFacade.java ---------------------------------------------------------------------- diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/DefaultSslEngineFacade.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/DefaultSslEngineFacade.java deleted file mode 100644 index 8c38126..0000000 --- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/DefaultSslEngineFacade.java +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.proton.engine.impl.ssl; - -import java.nio.ByteBuffer; - -import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLEngineResult; -import javax.net.ssl.SSLEngineResult.HandshakeStatus; -import javax.net.ssl.SSLEngineResult.Status; -import javax.net.ssl.SSLException; -import javax.net.ssl.SSLSession; - - -class DefaultSslEngineFacade implements ProtonSslEngine -{ - private final SSLEngine _sslEngine; - - /** - * Our testing has shown that application buffers need to be a bit larger - * than that provided by {@link SSLSession#getApplicationBufferSize()} otherwise - * {@link Status#BUFFER_OVERFLOW} will result on {@link SSLEngine#unwrap()}. - * Sun's own example uses 50, so we use the same. - */ - private static final int APPLICATION_BUFFER_EXTRA = 50; - - DefaultSslEngineFacade(SSLEngine sslEngine) - { - _sslEngine = sslEngine; - } - - @Override - public SSLEngineResult wrap(ByteBuffer src, ByteBuffer dst) throws SSLException - { - return _sslEngine.wrap(src, dst); - } - - @Override - public SSLEngineResult unwrap(ByteBuffer src, ByteBuffer dst) throws SSLException - { - return _sslEngine.unwrap(src, dst); - } - - /** - * @see #APPLICATION_BUFFER_EXTRA - */ - @Override - public int getEffectiveApplicationBufferSize() - { - return getApplicationBufferSize() + APPLICATION_BUFFER_EXTRA; - } - - private int getApplicationBufferSize() - { - return _sslEngine.getSession().getApplicationBufferSize(); - } - - @Override - public int getPacketBufferSize() - { - return _sslEngine.getSession().getPacketBufferSize(); - } - - @Override - public String getCipherSuite() - { - return _sslEngine.getSession().getCipherSuite(); - } - - @Override - public String getProtocol() - { - return _sslEngine.getSession().getProtocol(); - } - - @Override - public Runnable getDelegatedTask() - { - return _sslEngine.getDelegatedTask(); - } - - @Override - public HandshakeStatus getHandshakeStatus() - { - return _sslEngine.getHandshakeStatus(); - } - - @Override - public boolean getUseClientMode() - { - return _sslEngine.getUseClientMode(); - } - - @Override - public String toString() - { - StringBuilder builder = new StringBuilder(); - builder.append("DefaultSslEngineFacade [_sslEngine=").append(_sslEngine).append("]"); - return builder.toString(); - } - -} http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ccdcf329/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngine.java ---------------------------------------------------------------------- diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngine.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngine.java deleted file mode 100644 index a5ebc65..0000000 --- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngine.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.proton.engine.impl.ssl; - -import java.nio.ByteBuffer; - -import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLEngineResult; -import javax.net.ssl.SSLEngineResult.HandshakeStatus; -import javax.net.ssl.SSLEngineResult.Status; -import javax.net.ssl.SSLException; - -/** - * Thin wrapper around an {@link SSLEngine}. - */ -public interface ProtonSslEngine -{ - /** - * @see SSLEngine#wrap(ByteBuffer, ByteBuffer) - * - * Note that wrap really does write <em>one</em> packet worth of data to the - * dst byte buffer. If dst byte buffer is insufficiently large the - * pointers within both src and dst are unchanged and the bytesConsumed and - * bytesProduced on the returned result are zero. - */ - SSLEngineResult wrap(ByteBuffer src, ByteBuffer dst) throws SSLException; - - /** - * @see SSLEngine#unwrap(ByteBuffer, ByteBuffer) - * - * Note that unwrap does read exactly one packet of encoded data from src - * and write to dst. If src contains insufficient bytes to read a complete - * packet {@link Status#BUFFER_UNDERFLOW} occurs. If underflow occurs the - * pointers within both src and dst are unchanged and the bytesConsumed and - * bytesProduced on the returned result are zero. - */ - SSLEngineResult unwrap(ByteBuffer src, ByteBuffer dst) throws SSLException; - - Runnable getDelegatedTask(); - HandshakeStatus getHandshakeStatus(); - - /** - * Gets the application buffer size. - */ - int getEffectiveApplicationBufferSize(); - - int getPacketBufferSize(); - String getCipherSuite(); - String getProtocol(); - boolean getUseClientMode(); - -} http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ccdcf329/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngineProvider.java ---------------------------------------------------------------------- diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngineProvider.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngineProvider.java deleted file mode 100644 index 95ae337..0000000 --- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngineProvider.java +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.qpid.proton.engine.impl.ssl; - -import org.apache.qpid.proton.engine.SslPeerDetails; - -public interface ProtonSslEngineProvider -{ - /** - * Returns an SSL engine. - * - * @param peerDetails the details of the remote peer. If non-null, may be used to assist SSL session resumption. - */ - public ProtonSslEngine createSslEngine(SslPeerDetails peerDetails); -} http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ccdcf329/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapper.java ---------------------------------------------------------------------- diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapper.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapper.java deleted file mode 100644 index a30e88b..0000000 --- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapper.java +++ /dev/null @@ -1,441 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.proton.engine.impl.ssl; - - -import static org.apache.qpid.proton.engine.impl.ByteBufferUtils.newWriteableBuffer; - -import java.nio.ByteBuffer; -import java.util.logging.Level; -import java.util.logging.Logger; - -import javax.net.ssl.SSLEngineResult; -import javax.net.ssl.SSLEngineResult.HandshakeStatus; -import javax.net.ssl.SSLEngineResult.Status; -import javax.net.ssl.SSLException; - -import org.apache.qpid.proton.engine.Transport; -import org.apache.qpid.proton.engine.TransportException; -import org.apache.qpid.proton.engine.impl.TransportInput; -import org.apache.qpid.proton.engine.impl.TransportOutput; - -/** - * TODO close the SSLEngine when told to, and modify {@link #wrapOutput()} and {@link #unwrapInput()} - * to respond appropriately thereafter. - */ -public class SimpleSslTransportWrapper implements SslTransportWrapper -{ - private static final Logger _logger = Logger.getLogger(SimpleSslTransportWrapper.class.getName()); - - private final ProtonSslEngine _sslEngine; - - private final TransportInput _underlyingInput; - private final TransportOutput _underlyingOutput; - - private boolean _tail_closed = false; - private ByteBuffer _inputBuffer; - - private boolean _head_closed = false; - private ByteBuffer _outputBuffer; - private ByteBuffer _head; - - /** - * A buffer for the decoded bytes that will be passed to _underlyingInput. - * This extra layer of buffering is necessary in case the underlying input's buffer - * is too small for SSLEngine to ever unwrap into. - */ - private ByteBuffer _decodedInputBuffer; - - /** could change during the lifetime of the ssl connection owing to renegotiation. */ - private String _cipherName; - - /** could change during the lifetime of the ssl connection owing to renegotiation. */ - private String _protocolName; - - - SimpleSslTransportWrapper(ProtonSslEngine sslEngine, TransportInput underlyingInput, TransportOutput underlyingOutput) - { - _underlyingInput = underlyingInput; - _underlyingOutput = underlyingOutput; - _sslEngine = sslEngine; - - int effectiveAppBufferMax = _sslEngine.getEffectiveApplicationBufferSize(); - int packetSize = _sslEngine.getPacketBufferSize(); - - // Input and output buffers need to be large enough to contain one SSL packet, - // as stated in SSLEngine JavaDoc. - _inputBuffer = newWriteableBuffer(packetSize); - _outputBuffer = newWriteableBuffer(packetSize); - _head = _outputBuffer.asReadOnlyBuffer(); - _head.limit(0); - - _decodedInputBuffer = newWriteableBuffer(effectiveAppBufferMax); - - if(_logger.isLoggable(Level.FINE)) - { - _logger.fine("Constructed " + this); - } - } - - - /** - * Unwraps the contents of {@link #_inputBuffer} and passes it to {@link #_underlyingInput}. - * - * Regarding the state of {@link #_inputBuffer}: - * - On entry, it is assumed to be readable. - * - On exit, it is still readable and its "remaining" bytes are those that we were unable - * to unwrap (e.g. if they don't form a whole packet). - */ - private void unwrapInput() throws SSLException - { - while (true) { - SSLEngineResult result = _sslEngine.unwrap(_inputBuffer, _decodedInputBuffer); - logEngineClientModeAndResult(result, "input"); - - int read = result.bytesProduced(); - Status status = result.getStatus(); - HandshakeStatus hstatus = result.getHandshakeStatus(); - - int capacity = _underlyingInput.capacity(); - if (capacity == Transport.END_OF_STREAM || capacity <= 0) { - _tail_closed = true; - if (_decodedInputBuffer.position() > 0) { - throw new TransportException("bytes left unconsumed"); - } - } else { - _decodedInputBuffer.flip(); - - while (_decodedInputBuffer.hasRemaining() && capacity > 0) { - ByteBuffer tail = _underlyingInput.tail(); - int limit = _decodedInputBuffer.limit(); - int overflow = _decodedInputBuffer.remaining() - capacity; - if (overflow > 0) { - _decodedInputBuffer.limit(limit - overflow); - } - tail.put(_decodedInputBuffer); - _decodedInputBuffer.limit(limit); - _underlyingInput.process(); - capacity = _underlyingInput.capacity(); - } - - if (capacity == Transport.END_OF_STREAM || capacity <= 0) { - _tail_closed = true; - if (_decodedInputBuffer.hasRemaining()) { - throw new TransportException("bytes left unconsumed"); - } - } - - _decodedInputBuffer.compact(); - } - - switch (status) { - case CLOSED: - _tail_closed = true; - break; - case BUFFER_OVERFLOW: - { - ByteBuffer old = _decodedInputBuffer; - _decodedInputBuffer = newWriteableBuffer(old.capacity()*2); - old.flip(); - _decodedInputBuffer.put(old); - } - continue; - case BUFFER_UNDERFLOW: - if (_tail_closed) { - _head_closed = true; - } - // wait for more data - break; - case OK: - break; - } - - switch (hstatus) - { - case NEED_WRAP: - // wait for write to kick in - break; - case NEED_TASK: - runDelegatedTasks(result); - continue; - case FINISHED: - updateCipherAndProtocolName(result); - case NOT_HANDSHAKING: - case NEED_UNWRAP: - if (_inputBuffer.position() > 0 && status == Status.OK) { - continue; - } else { - if (_inputBuffer.position() == 0 && - hstatus == HandshakeStatus.NEED_UNWRAP && - _tail_closed) { - _head_closed = true; - } - break; - } - } - - break; - } - } - - /** - * Wrap the underlying transport's output, passing it to the output buffer. - * - * {@link #_outputBuffer} is assumed to be writeable on entry and is guaranteed to - * be still writeable on exit. - */ - private void wrapOutput() throws SSLException - { - while (true) { - int pending = _underlyingOutput.pending(); - if (pending < 0) { - _head_closed = true; - } - - ByteBuffer clearOutputBuffer = _underlyingOutput.head(); - SSLEngineResult result = _sslEngine.wrap(clearOutputBuffer, _outputBuffer); - logEngineClientModeAndResult(result, "output"); - - int written = result.bytesConsumed(); - _underlyingOutput.pop(written); - pending = _underlyingOutput.pending(); - - Status status = result.getStatus(); - switch (status) { - case CLOSED: - _head_closed = true; - break; - case OK: - break; - case BUFFER_OVERFLOW: - ByteBuffer old = _outputBuffer; - _outputBuffer = newWriteableBuffer(_outputBuffer.capacity()*2); - _head = _outputBuffer.asReadOnlyBuffer(); - old.flip(); - _outputBuffer.put(old); - continue; - case BUFFER_UNDERFLOW: - throw new IllegalStateException("app buffer underflow"); - } - - HandshakeStatus hstatus = result.getHandshakeStatus(); - switch (hstatus) { - case NEED_UNWRAP: - // wait for input data - if (_inputBuffer.position() == 0 && _tail_closed) { - _head_closed = true; - } - break; - case NEED_WRAP: - // keep looping - continue; - case NEED_TASK: - runDelegatedTasks(result); - continue; - case FINISHED: - updateCipherAndProtocolName(result); - // intentionally fall through - case NOT_HANDSHAKING: - if (pending > 0 && status == Status.OK) { - continue; - } else { - break; - } - } - - break; - } - } - - private boolean hasSpaceForSslPacket(ByteBuffer byteBuffer) - { - return byteBuffer.remaining() >= _sslEngine.getPacketBufferSize(); - } - - /** @return the cipher name, which is null until the SSL handshaking is completed */ - @Override - public String getCipherName() - { - return _cipherName; - } - - /** @return the protocol name, which is null until the SSL handshaking is completed */ - @Override - public String getProtocolName() - { - return _protocolName; - } - - private void updateCipherAndProtocolName(SSLEngineResult result) - { - if (result.getHandshakeStatus() == HandshakeStatus.FINISHED) - { - _cipherName = _sslEngine.getCipherSuite(); - _protocolName = _sslEngine.getProtocol(); - } - } - - private void runDelegatedTasks(SSLEngineResult result) - { - if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) - { - Runnable runnable; - while ((runnable = _sslEngine.getDelegatedTask()) != null) - { - runnable.run(); - } - - HandshakeStatus hsStatus = _sslEngine.getHandshakeStatus(); - if (hsStatus == HandshakeStatus.NEED_TASK) - { - throw new RuntimeException("handshake shouldn't need additional tasks"); - } - } - } - - private void logEngineClientModeAndResult(SSLEngineResult result, String direction) - { - if(_logger.isLoggable(Level.FINEST)) - { - _logger.log(Level.FINEST, "useClientMode = " + _sslEngine.getUseClientMode() + " direction = " + direction - + " " + resultToString(result)); - } - } - - private String resultToString(SSLEngineResult result) - { - return new StringBuilder("[SSLEngineResult status = ").append(result.getStatus()) - .append(" handshakeStatus = ").append(result.getHandshakeStatus()) - .append(" bytesConsumed = ").append(result.bytesConsumed()) - .append(" bytesProduced = ").append(result.bytesProduced()) - .append("]").toString(); - } - - @Override - public int capacity() - { - if (_tail_closed) return Transport.END_OF_STREAM; - return _inputBuffer.remaining(); - } - - @Override - public int position() - { - if (_tail_closed) return Transport.END_OF_STREAM; - return _inputBuffer.position(); - } - - @Override - public ByteBuffer tail() - { - if (_tail_closed) throw new TransportException("tail closed"); - return _inputBuffer; - } - - @Override - public void process() throws TransportException - { - if (_tail_closed) throw new TransportException("tail closed"); - - _inputBuffer.flip(); - - try { - unwrapInput(); - } catch (SSLException e) { - _logger.log(Level.WARNING, e.getMessage()); - _inputBuffer.position(_inputBuffer.limit()); - _tail_closed = true; - } finally { - _inputBuffer.compact(); - } - } - - @Override - public void close_tail() - { - try { - _underlyingInput.close_tail(); - } finally { - _tail_closed = true; - } - } - - @Override - public int pending() - { - try { - wrapOutput(); - } catch (SSLException e) { - _logger.log(Level.WARNING, e.getMessage()); - _head_closed = true; - } - - _head.limit(_outputBuffer.position()); - - if (_head_closed && _outputBuffer.position() == 0) { - return Transport.END_OF_STREAM; - } - - return _outputBuffer.position(); - } - - @Override - public ByteBuffer head() - { - pending(); - return _head; - } - - @Override - public void pop(int bytes) - { - _outputBuffer.flip(); - _outputBuffer.position(bytes); - _outputBuffer.compact(); - _head.position(0); - _head.limit(_outputBuffer.position()); - } - - @Override - public void close_head() - { - _underlyingOutput.close_head(); - int p = pending(); - if (p > 0) { - pop(p); - } - } - - - @Override - public String toString() - { - StringBuilder builder = new StringBuilder(); - builder.append("SimpleSslTransportWrapper [sslEngine=").append(_sslEngine) - .append(", inputBuffer=").append(_inputBuffer) - .append(", outputBuffer=").append(_outputBuffer) - .append(", decodedInputBuffer=").append(_decodedInputBuffer) - .append(", cipherName=").append(_cipherName) - .append(", protocolName=").append(_protocolName) - .append("]"); - return builder.toString(); - } -} http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ccdcf329/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslDomainImpl.java ---------------------------------------------------------------------- diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslDomainImpl.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslDomainImpl.java deleted file mode 100644 index 583e3ca..0000000 --- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslDomainImpl.java +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.qpid.proton.engine.impl.ssl; - -import org.apache.qpid.proton.ProtonUnsupportedOperationException; -import org.apache.qpid.proton.engine.ProtonJSslDomain; -import org.apache.qpid.proton.engine.SslDomain; -import org.apache.qpid.proton.engine.SslPeerDetails; - -public class SslDomainImpl implements SslDomain, ProtonSslEngineProvider, ProtonJSslDomain -{ - private Mode _mode; - private VerifyMode _verifyMode = VerifyMode.ANONYMOUS_PEER; - private String _certificateFile; - private String _privateKeyFile; - private String _privateKeyPassword; - private String _trustedCaDb; - private boolean _allowUnsecuredClient; - - private final SslEngineFacadeFactory _sslEngineFacadeFactory = new SslEngineFacadeFactory(); - - /** - * @deprecated This constructor's visibility will be reduced to the default scope in a future release. - * Client code outside this module should use {@link SslDomain.Factory#create()} instead. - */ - @Deprecated public SslDomainImpl() - { - } - - @Override - public void init(Mode mode) - { - _sslEngineFacadeFactory.resetCache(); - _mode = mode; - } - - @Override - public Mode getMode() - { - return _mode; - } - - @Override - public void setCredentials(String certificateFile, String privateKeyFile, String privateKeyPassword) - { - _certificateFile = certificateFile; - _privateKeyFile = privateKeyFile; - _privateKeyPassword = privateKeyPassword; - _sslEngineFacadeFactory.resetCache(); - } - - @Override - public void setTrustedCaDb(String certificateDb) - { - _trustedCaDb = certificateDb; - _sslEngineFacadeFactory.resetCache(); - } - - @Override - public String getTrustedCaDb() - { - return _trustedCaDb; - } - - @Override - public void setPeerAuthentication(VerifyMode verifyMode) - { - if(verifyMode == VerifyMode.VERIFY_PEER_NAME) - { - throw new ProtonUnsupportedOperationException(); - } - _verifyMode = verifyMode; - _sslEngineFacadeFactory.resetCache(); - } - - @Override - public VerifyMode getPeerAuthentication() - { - return _verifyMode; - } - - @Override - public String getPrivateKeyFile() - { - return _privateKeyFile; - } - - @Override - public String getPrivateKeyPassword() - { - return _privateKeyPassword; - } - - @Override - public String getCertificateFile() - { - return _certificateFile; - } - - @Override - public void allowUnsecuredClient(boolean allowUnsecured) - { - _allowUnsecuredClient = allowUnsecured; - _sslEngineFacadeFactory.resetCache(); - } - - @Override - public boolean allowUnsecuredClient() - { - return _allowUnsecuredClient; - } - - @Override - public ProtonSslEngine createSslEngine(SslPeerDetails peerDetails) - { - return _sslEngineFacadeFactory.createProtonSslEngine(this, peerDetails); - } - - @Override - public String toString() - { - StringBuilder builder = new StringBuilder(); - builder.append("SslDomainImpl [_mode=").append(_mode) - .append(", _verifyMode=").append(_verifyMode) - .append(", _certificateFile=").append(_certificateFile) - .append(", _privateKeyFile=").append(_privateKeyFile) - .append(", _trustedCaDb=").append(_trustedCaDb) - .append(", _allowUnsecuredClient=").append(_allowUnsecuredClient) - .append("]"); - return builder.toString(); - } -} http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ccdcf329/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java ---------------------------------------------------------------------- diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java deleted file mode 100644 index f6346aa..0000000 --- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java +++ /dev/null @@ -1,578 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.proton.engine.impl.ssl; - -import java.io.Closeable; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.FileReader; -import java.io.IOException; -import java.io.InputStream; -import java.io.Reader; -import java.lang.reflect.Constructor; -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.security.KeyManagementException; -import java.security.KeyPair; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.Security; -import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.logging.Level; -import java.util.logging.Logger; - -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLEngine; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509TrustManager; - -import org.apache.qpid.proton.engine.SslDomain; -import org.apache.qpid.proton.engine.SslPeerDetails; -import org.apache.qpid.proton.engine.TransportException; - -public class SslEngineFacadeFactory -{ - private static final Logger _logger = Logger.getLogger(SslEngineFacadeFactory.class.getName()); - - /** - * The protocol name used to create an {@link SSLContext}, taken from Java's list of - * standard names at http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html - * - * TODO allow the protocol name to be overridden somehow - */ - private static final String TLS_PROTOCOL = "TLS"; - - // BouncyCastle Reflection Helpers - private static final Constructor<?> pemParserCons; - private static final Method pemReadMethod; - - private static final Constructor<?> JcaPEMKeyConverterCons; - private static final Class<?> PEMKeyPairClass; - private static final Method getKeyPairMethod; - private static final Method getPrivateKeyMethod; - - private static final Class<?> PEMEncryptedKeyPairClass; - private static final Method decryptKeyPairMethod; - - private static final Constructor<?> JcePEMDecryptorProviderBuilderCons; - private static final Method builderMethod; - - private static final Class<?> PrivateKeyInfoClass; - private static final Exception bouncyCastleSetupException; - - static - { - // Setup BouncyCastle Reflection artifacts - Constructor<?> pemParserConsResult = null; - Method pemReadMethodResult = null; - Constructor<?> JcaPEMKeyConverterConsResult = null; - Class<?> PEMKeyPairClassResult = null; - Method getKeyPairMethodResult = null; - Method getPrivateKeyMethodResult = null; - Class<?> PEMEncryptedKeyPairClassResult = null; - Method decryptKeyPairMethodResult = null; - Constructor<?> JcePEMDecryptorProviderBuilderConsResult = null; - Method builderMethodResult = null; - Class<?> PrivateKeyInfoClassResult = null; - Exception bouncyCastleSetupExceptionResult = null; - - try - { - final Class<?> pemParserClass = Class.forName("org.bouncycastle.openssl.PEMParser"); - pemParserConsResult = pemParserClass.getConstructor(Reader.class); - pemReadMethodResult = pemParserClass.getMethod("readObject"); - - final Class<?> jcaPEMKeyConverterClass = Class.forName("org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter"); - JcaPEMKeyConverterConsResult = jcaPEMKeyConverterClass.getConstructor(); - PEMKeyPairClassResult = Class.forName("org.bouncycastle.openssl.PEMKeyPair"); - getKeyPairMethodResult = jcaPEMKeyConverterClass.getMethod("getKeyPair", PEMKeyPairClassResult); - - final Class<?> PEMDecrypterProvider = Class.forName("org.bouncycastle.openssl.PEMDecryptorProvider"); - - PEMEncryptedKeyPairClassResult = Class.forName("org.bouncycastle.openssl.PEMEncryptedKeyPair"); - decryptKeyPairMethodResult = PEMEncryptedKeyPairClassResult.getMethod("decryptKeyPair", PEMDecrypterProvider); - - final Class<?> jcePEMDecryptorProviderBuilderClass = Class.forName( - "org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder"); - JcePEMDecryptorProviderBuilderConsResult = jcePEMDecryptorProviderBuilderClass.getConstructor(); - builderMethodResult = jcePEMDecryptorProviderBuilderClass.getMethod("build", char[].class); - - PrivateKeyInfoClassResult = Class.forName("org.bouncycastle.asn1.pkcs.PrivateKeyInfo"); - getPrivateKeyMethodResult = jcaPEMKeyConverterClass.getMethod("getPrivateKey", PrivateKeyInfoClassResult); - - // Try loading BC as a provider - Class<?> klass = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider"); - Provider provider = (Provider) klass.getConstructor().newInstance(); - Security.addProvider(provider); - } - catch (Exception e) - { - bouncyCastleSetupExceptionResult = e; - } - finally { - pemParserCons = pemParserConsResult; - pemReadMethod = pemReadMethodResult; - JcaPEMKeyConverterCons = JcaPEMKeyConverterConsResult; - PEMKeyPairClass = PEMKeyPairClassResult; - getKeyPairMethod = getKeyPairMethodResult; - getPrivateKeyMethod = getPrivateKeyMethodResult; - PEMEncryptedKeyPairClass = PEMEncryptedKeyPairClassResult; - decryptKeyPairMethod = decryptKeyPairMethodResult; - JcePEMDecryptorProviderBuilderCons = JcePEMDecryptorProviderBuilderConsResult; - builderMethod = builderMethodResult; - PrivateKeyInfoClass = PrivateKeyInfoClassResult; - bouncyCastleSetupException = bouncyCastleSetupExceptionResult; - } - } - - SslEngineFacadeFactory() - { - } - - /** - * This is a list of all anonymous cipher suites supported by Java 6, excluding those that - * use MD5. These are all supported by both Oracle's and IBM's Java 6 implementation. - */ - private static final List<String> ANONYMOUS_CIPHER_SUITES = Arrays.asList( - "TLS_DH_anon_WITH_AES_128_CBC_SHA", - "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", - "SSL_DH_anon_WITH_DES_CBC_SHA", - "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"); - - /** lazily initialized */ - private SSLContext _sslContext; - - - /** - * Returns a {@link ProtonSslEngine}. May cache the domain's settings so callers should invoke - * {@link #resetCache()} if the domain changes. - * - * @param peerDetails may be used to return an engine that supports SSL resume. - */ - public ProtonSslEngine createProtonSslEngine(SslDomain domain, SslPeerDetails peerDetails) - { - SSLEngine engine = createAndInitialiseSslEngine(domain, peerDetails); - if(_logger.isLoggable(Level.FINE)) - { - _logger.fine("Created SSL engine: " + engineToString(engine)); - } - return new DefaultSslEngineFacade(engine); - } - - - /** - * Guarantees that no cached settings are used in subsequent calls to - * {@link #createProtonSslEngine(SslDomain, SslPeerDetails)}. - */ - public void resetCache() - { - _sslContext = null; - } - - - private SSLEngine createAndInitialiseSslEngine(SslDomain domain, SslPeerDetails peerDetails) - { - SslDomain.Mode mode = domain.getMode(); - - SSLContext sslContext = getOrCreateSslContext(domain); - SSLEngine sslEngine = createSslEngine(sslContext, peerDetails); - - if (domain.getPeerAuthentication() == SslDomain.VerifyMode.ANONYMOUS_PEER) - { - addAnonymousCipherSuites(sslEngine); - } - else - { - if (mode == SslDomain.Mode.SERVER) - { - sslEngine.setNeedClientAuth(true); - } - } - - if(_logger.isLoggable(Level.FINE)) - { - _logger.log(Level.FINE, mode + " Enabled cipher suites " + Arrays.asList(sslEngine.getEnabledCipherSuites())); - } - - boolean useClientMode = mode == SslDomain.Mode.CLIENT ? true : false; - sslEngine.setUseClientMode(useClientMode); - - removeSSLv3Support(sslEngine); - - return sslEngine; - } - - private static final String SSLV3_PROTOCOL = "SSLv3"; - - private static void removeSSLv3Support(final SSLEngine engine) - { - List<String> enabledProtocols = Arrays.asList(engine.getEnabledProtocols()); - if(enabledProtocols.contains(SSLV3_PROTOCOL)) - { - List<String> allowedProtocols = new ArrayList<String>(enabledProtocols); - allowedProtocols.remove(SSLV3_PROTOCOL); - engine.setEnabledProtocols(allowedProtocols.toArray(new String[allowedProtocols.size()])); - } - } - - /** - * @param sslPeerDetails is allowed to be null. A non-null value is used to hint that SSL resumption - * should be attempted - */ - private SSLEngine createSslEngine(SSLContext sslContext, SslPeerDetails sslPeerDetails) - { - final SSLEngine sslEngine; - if(sslPeerDetails == null) - { - sslEngine = sslContext.createSSLEngine(); - } - else - { - sslEngine = sslContext.createSSLEngine(sslPeerDetails.getHostname(), sslPeerDetails.getPort()); - } - return sslEngine; - } - - private SSLContext getOrCreateSslContext(SslDomain sslDomain) - { - if(_sslContext == null) - { - if(_logger.isLoggable(Level.FINE)) - { - _logger.fine("lazily creating new SSLContext using domain " + sslDomain); - } - - final char[] dummyPassword = "unused-passphrase".toCharArray(); // Dummy password required by KeyStore and KeyManagerFactory, but never referred to again - - try - { - SSLContext sslContext = SSLContext.getInstance(TLS_PROTOCOL); - KeyStore ksKeys = createKeyStoreFrom(sslDomain, dummyPassword); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); - kmf.init(ksKeys, dummyPassword); - - final TrustManager[] trustManagers; - if (sslDomain.getPeerAuthentication() == SslDomain.VerifyMode.ANONYMOUS_PEER) - { - trustManagers = new TrustManager[] { new AlwaysTrustingTrustManager() }; - } - else - { - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(ksKeys); - trustManagers = tmf.getTrustManagers(); - } - - sslContext.init(kmf.getKeyManagers(), trustManagers, null); - _sslContext = sslContext; - } - catch (NoSuchAlgorithmException e) - { - throw new TransportException("Unexpected exception creating SSLContext", e); - } - catch (KeyStoreException e) - { - throw new TransportException("Unexpected exception creating SSLContext", e); - } - catch (UnrecoverableKeyException e) - { - throw new TransportException("Unexpected exception creating SSLContext", e); - } - catch (KeyManagementException e) - { - throw new TransportException("Unexpected exception creating SSLContext", e); - } - } - return _sslContext; - } - - private KeyStore createKeyStoreFrom(SslDomain sslDomain, char[] dummyPassword) - { - try - { - KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); - keystore.load(null, null); - - if (sslDomain.getTrustedCaDb() != null) - { - String caCertAlias = "cacert"; - - if(_logger.isLoggable(Level.FINE)) - { - _logger.log(Level.FINE, "_sslParams.getTrustedCaDb() : " + sslDomain.getTrustedCaDb()); - } - Certificate trustedCaCert = readCertificate(sslDomain.getTrustedCaDb()); - keystore.setCertificateEntry(caCertAlias, trustedCaCert); - } - - if (sslDomain.getCertificateFile() != null - && sslDomain.getPrivateKeyFile() != null) - { - String clientPrivateKeyAlias = "clientPrivateKey"; - - Certificate clientCertificate = (Certificate) readCertificate(sslDomain.getCertificateFile()); - PrivateKey clientPrivateKey = readPrivateKey(sslDomain.getPrivateKeyFile(), sslDomain.getPrivateKeyPassword()); - - keystore.setKeyEntry(clientPrivateKeyAlias, clientPrivateKey, - dummyPassword, new Certificate[] { clientCertificate }); - } - - return keystore; - } - catch (KeyStoreException e) - { - throw new TransportException("Unexpected exception creating keystore", e); - } - catch (NoSuchAlgorithmException e) - { - throw new TransportException("Unexpected exception creating keystore", e); - } - catch (CertificateException e) - { - throw new TransportException("Unexpected exception creating keystore", e); - } - catch (IOException e) - { - throw new TransportException("Unexpected exception creating keystore", e); - } - } - - private void addAnonymousCipherSuites(SSLEngine sslEngine) - { - List<String> supportedSuites = Arrays.asList(sslEngine.getSupportedCipherSuites()); - List<String> currentEnabledSuites = Arrays.asList(sslEngine.getEnabledCipherSuites()); - - List<String> enabledSuites = buildEnabledSuitesIncludingAnonymous(ANONYMOUS_CIPHER_SUITES, supportedSuites, currentEnabledSuites); - sslEngine.setEnabledCipherSuites(enabledSuites.toArray(new String[0])); - } - - private List<String> buildEnabledSuitesIncludingAnonymous( - List<String> anonymousCipherSuites, List<String> supportedSuites, List<String> currentEnabled) - { - List<String> newEnabled = new ArrayList<String>(currentEnabled); - - int addedAnonymousCipherSuites = 0; - for (String anonymousCipherSuiteName : anonymousCipherSuites) - { - if (supportedSuites.contains(anonymousCipherSuiteName)) - { - newEnabled.add(anonymousCipherSuiteName); - addedAnonymousCipherSuites++; - } - } - - if (addedAnonymousCipherSuites == 0) - { - throw new TransportException - ("None of " + anonymousCipherSuites - + " anonymous cipher suites are within the supported list " - + supportedSuites); - } - - if(_logger.isLoggable(Level.FINE)) - { - _logger.fine("There are now " + newEnabled.size() - + " cipher suites enabled (previously " + currentEnabled.size() - + "), including " + addedAnonymousCipherSuites + " out of the " - + anonymousCipherSuites.size() + " requested anonymous ones." ); - } - - return newEnabled; - } - - private String engineToString(SSLEngine engine) - { - return new StringBuilder("[ " ) - .append(engine) - .append(", needClientAuth=").append(engine.getNeedClientAuth()) - .append(", useClientMode=").append(engine.getUseClientMode()) - .append(", peerHost=").append(engine.getPeerHost()) - .append(", peerPort=").append(engine.getPeerPort()) - .append(" ]").toString(); - } - - Certificate readCertificate(String pemFile) - { - InputStream is = null; - - try - { - CertificateFactory cFactory = CertificateFactory.getInstance("X.509"); - is = new FileInputStream(pemFile); - return cFactory.generateCertificate(is); - } - catch (CertificateException ce) - { - String msg = "Failed to load certificate [" + pemFile + "]"; - _logger.log(Level.SEVERE, msg, ce); - throw new TransportException(msg, ce); - } - catch (FileNotFoundException e) - { - String msg = "Certificate file not found [" + pemFile + "]"; - _logger.log(Level.SEVERE, msg); - throw new TransportException(msg, e); - } - finally - { - closeSafely(is); - } - } - - PrivateKey readPrivateKey(String pemFile, String password) - { - if (bouncyCastleSetupException != null) - { - throw new TransportException("BouncyCastle failed to load", bouncyCastleSetupException); - } - - final Object pemObject = readPemObject(pemFile); - PrivateKey privateKey = null; - - try - { - Object keyConverter = JcaPEMKeyConverterCons.newInstance(); - setProvider(keyConverter, "BC"); - - if (PEMEncryptedKeyPairClass.isInstance(pemObject)) - { - Object decryptorBuilder = JcePEMDecryptorProviderBuilderCons.newInstance(); - - // Build a PEMDecryptProvider - Object decryptProvider = builderMethod.invoke(decryptorBuilder, password.toCharArray()); - - Object decryptedKeyPair = decryptKeyPairMethod.invoke(pemObject, decryptProvider); - KeyPair keyPair = (KeyPair) getKeyPairMethod.invoke(keyConverter, decryptedKeyPair); - - privateKey = keyPair.getPrivate(); - } - else if (PEMKeyPairClass.isInstance(pemObject)) - { - // It's a KeyPair but not encrypted. - KeyPair keyPair = (KeyPair) getKeyPairMethod.invoke(keyConverter, pemObject); - privateKey = keyPair.getPrivate(); - } - else if (PrivateKeyInfoClass.isInstance(pemObject)) - { - // It's an unencrypted private key - privateKey = (PrivateKey) getPrivateKeyMethod.invoke(keyConverter, pemObject); - } - else - { - final String msg = "Unable to load PrivateKey, Unpexected Object [" + pemObject.getClass().getName() - + "]"; - _logger.log(Level.SEVERE, msg); - throw new TransportException(msg); - } - } - catch (InstantiationException | IllegalAccessException | IllegalArgumentException - | InvocationTargetException | NoSuchMethodException | SecurityException e) - { - final String msg = "Failed to process key file [" + pemFile + "] - " + e.getMessage(); - throw new TransportException(msg, e); - } - - return privateKey; - } - - private Object readPemObject(String pemFile) - { - Reader reader = null; - Object pemParser = null; - Object pemObject = null; - - try - { - reader = new FileReader(pemFile); - pemParser = pemParserCons.newInstance(reader); // = new PEMParser(reader); - pemObject = pemReadMethod.invoke(pemParser); // = pemParser.readObject(); - } - catch (IOException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | InstantiationException e) - { - _logger.log(Level.SEVERE, "Unable to read PEM object. Perhaps you need the unlimited strength libraries in <java-home>/jre/lib/security/ ?", e); - throw new TransportException("Unable to read PEM object from file " + pemFile, e); - } - finally - { - closeSafely(reader); - } - - return pemObject; - } - - private void setProvider(Object obj, String provider) throws IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException - { - final Class<?> aClz = obj.getClass(); - final Method setProvider = aClz.getMethod("setProvider", String.class); - setProvider.invoke(obj, provider); - } - - private void closeSafely(Closeable c) - { - if (c != null) - { - try - { - c.close(); - } - catch (IOException e) - { - // Swallow - } - } - } - - private static final class AlwaysTrustingTrustManager implements X509TrustManager - { - @Override - public X509Certificate[] getAcceptedIssuers() - { - return null; - } - - @Override - public void checkServerTrusted(X509Certificate[] arg0, String arg1) - throws CertificateException - { - // Do not check certificate - } - - @Override - public void checkClientTrusted(X509Certificate[] arg0, String arg1) - throws CertificateException - { - // Do not check certificate - } - } -} http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ccdcf329/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslHandshakeSniffingTransportWrapper.java ---------------------------------------------------------------------- diff --git a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslHandshakeSniffingTransportWrapper.java b/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslHandshakeSniffingTransportWrapper.java deleted file mode 100644 index c678343..0000000 --- a/proton-j/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslHandshakeSniffingTransportWrapper.java +++ /dev/null @@ -1,137 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.proton.engine.impl.ssl; - -import org.apache.qpid.proton.engine.impl.HandshakeSniffingTransportWrapper; -import org.apache.qpid.proton.engine.impl.TransportWrapper; - - -/** - * SslHandshakeSniffingTransportWrapper - * - */ - -public class SslHandshakeSniffingTransportWrapper extends HandshakeSniffingTransportWrapper<SslTransportWrapper, TransportWrapper> - implements SslTransportWrapper -{ - - SslHandshakeSniffingTransportWrapper(SslTransportWrapper ssl, TransportWrapper plain) { - super(ssl, plain); - } - - @Override - public String getCipherName() - { - if(isSecureWrapperSelected()) - { - return _wrapper1.getCipherName(); - } - else - { - return null; - } - } - - - @Override - public String getProtocolName() - { - if (isSecureWrapperSelected()) - { - return _wrapper1.getProtocolName(); - } - else - { - return null; - } - } - - private boolean isSecureWrapperSelected() - { - return _selectedTransportWrapper == _wrapper1; - } - - protected int bufferSize() { - // minimum length for determination - return 5; - } - - protected void makeDetermination(byte[] bytesInput) - { - boolean isSecure = checkForSslHandshake(bytesInput); - if (isSecure) - { - _selectedTransportWrapper = _wrapper1; - } - else - { - _selectedTransportWrapper = _wrapper2; - } - } - - // TODO perhaps the sniffer should save up the bytes from each - // input call until it has sufficient bytes to make the determination - // and only then pass them to the secure or plain wrapped transport? - private boolean checkForSslHandshake(byte[] buf) - { - if (buf.length >= bufferSize()) - { - /* - * SSLv2 Client Hello format - * http://www.mozilla.org/projects/security/pki/nss/ssl/draft02.html - * - * Bytes 0-1: RECORD-LENGTH Byte 2: MSG-CLIENT-HELLO (1) Byte 3: - * CLIENT-VERSION-MSB Byte 4: CLIENT-VERSION-LSB - * - * Allowed versions: 2.0 - SSLv2 3.0 - SSLv3 3.1 - TLS 1.0 3.2 - TLS - * 1.1 3.3 - TLS 1.2 - * - * The version sent in the Client-Hello is the latest version - * supported by the client. NSS may send version 3.x in an SSLv2 - * header for maximum compatibility. - */ - boolean isSSL2Handshake = buf[2] == 1 && // MSG-CLIENT-HELLO - ((buf[3] == 3 && buf[4] <= 3) || // SSL 3.0 & TLS 1.0-1.2 - // (v3.1-3.3) - (buf[3] == 2 && buf[4] == 0)); // SSL 2 - - /* - * SSLv3/TLS Client Hello format RFC 2246 - * - * Byte 0: ContentType (handshake - 22) Bytes 1-2: ProtocolVersion - * {major, minor} - * - * Allowed versions: 3.0 - SSLv3 3.1 - TLS 1.0 3.2 - TLS 1.1 3.3 - - * TLS 1.2 - */ - boolean isSSL3Handshake = buf[0] == 22 && // handshake - (buf[1] == 3 && buf[2] <= 3); // SSL 3.0 & TLS 1.0-1.2 - // (v3.1-3.3) - - return (isSSL2Handshake || isSSL3Handshake); - } - else - { - throw new IllegalArgumentException("Too few bytes (" + buf.length + ") to make SSL/plain determination."); - } - } - -} --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org
