net: NioEndpoint.java SecureNioChannel.java

fhanik Wed, 09 Aug 2006 12:41:28 -0700

Author: fhanik
Date: Wed Aug  9 12:41:02 2006
New Revision: 430130

URL: http://svn.apache.org/viewvc?rev=430130&view=rev
Log:
SSL byte buffers are cached as well


Modified:
    tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
    tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java

Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?rev=430130&r1=430129&r2=430130&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Wed 
Aug  9 12:41:02 2006
@@ -46,6 +46,7 @@
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.LinkedBlockingQueue;
 import java.net.Socket;
+import java.util.StringTokenizer;
 
 /**
  * NIO tailored thread pool, providing the following services:
@@ -152,6 +153,7 @@
 
     protected ConcurrentLinkedQueue<NioChannel> nioChannels = new 
ConcurrentLinkedQueue<NioChannel>() {
         public boolean offer(NioChannel o) {
+            if ( getSecure() ) return false;
             //avoid over growing our cache or add after we have stopped
             if ( running && (size() < curThreads) ) return super.offer(o);
             else return false;
@@ -370,13 +372,33 @@
     public String getKeystoreType() { return keystoreType;}
     public void setKeystoreType(String s ) { this.keystoreType = s;}
 
-    protected String sslProtocol = "TLS";
+    protected String sslProtocol = "TLS"; 
+    
     public String getSslProtocol() { return sslProtocol;}
     public void setSslProtocol(String s) { sslProtocol = s;}
     
+    protected String sslEnabledProtocols=null; //"TLSv1,SSLv3,SSLv2Hello"
+    protected String[] sslEnabledProtocolsarr =  new String[0];
+    public void setSslEnabledProtocols(String s) {
+        this.sslEnabledProtocols = s;
+        StringTokenizer t = new StringTokenizer(s,",");
+        sslEnabledProtocolsarr = new String[t.countTokens()];
+        for (int i=0; i<sslEnabledProtocolsarr.length; i++ ) 
sslEnabledProtocolsarr[i] = t.nextToken();
+    }
+    
+    
     protected String ciphers = null;
+    protected String[] ciphersarr = new String[0];
     public String getCiphers() { return ciphers;}
-    public void setCiphers(String s) { ciphers = s;}
+    public void setCiphers(String s) { 
+        ciphers = s;
+        if ( s == null ) ciphersarr = new String[0];
+        else {
+            StringTokenizer t = new StringTokenizer(s,",");
+            ciphersarr = new String[t.countTokens()];
+            for (int i=0; i<ciphersarr.length; i++ ) ciphersarr[i] = 
t.nextToken();
+        }
+    }
     
     protected boolean secure = false;
     public boolean getSecure() { return secure;}
@@ -678,9 +700,7 @@
                 step = 2;
 
                 if (sslContext != null) {
-                    SSLEngine engine = sslContext.createSSLEngine();
-                    engine.setNeedClientAuth(getClientAuth());
-                    engine.setUseClientMode(false);
+                    SSLEngine engine = createSSLEngine();
                     int appbufsize = 
engine.getSession().getApplicationBufferSize();
                     int bufsize = Math.max(Math.max(getReadBufSize(), 
getWriteBufSize()), appbufsize);
                     NioBufferHandler bufhandler = new 
NioBufferHandler(bufsize, bufsize);
@@ -690,25 +710,37 @@
                     channel = new NioChannel(socket, bufhandler);
                 }
             } else {
+                
                 channel.setIOChannel(socket);
-                channel.reset();
+                if ( channel instanceof SecureNioChannel ) {
+                    SSLEngine engine = createSSLEngine();
+                    ((SecureNioChannel)channel).reset(engine);
+                } else {
+                    channel.reset();
+                }
             }
             getPoller0().register(channel);
 
         } catch (Throwable t) {
-            if (log.isDebugEnabled()) {
-                if (step == 2) {
-                    log.debug(sm.getString("endpoint.err.handshake"), t);
-                } else {
-                    log.debug(sm.getString("endpoint.err.unexpected"), t);
-                }
-            }
+            try {
+                log.error("",t);
+            }catch ( Throwable tt){}
             // Tell to close the socket
             return false;
         }
         return true;
     }
 
+    protected SSLEngine createSSLEngine() {
+        SSLEngine engine = sslContext.createSSLEngine();
+        engine.setNeedClientAuth(getClientAuth());
+        engine.setUseClientMode(false);
+        if ( ciphersarr.length > 0 ) engine.setEnabledCipherSuites(ciphersarr);
+        if ( sslEnabledProtocolsarr.length > 0 ) 
engine.setEnabledProtocols(sslEnabledProtocolsarr);
+        
+        return engine;
+    }
+
 
     /**
      * Create (or allocate) and return an available processor for use in
@@ -872,14 +904,8 @@
                 try {
                     // Accept the next incoming connection from the server 
socket
                     SocketChannel socket = serverSock.accept();
-                    processSocket(socket);
                     // Hand this socket off to an appropriate processor
-//                    if(!setSocketOptions(socket))
-//                    {
-//                        // Close socket right away
-//                        socket.socket().close();
-//                        socket.close();
-//                    }
+                    if ( running && (!paused) && socket != null ) 
processSocket(socket);
                 } catch (Throwable t) {
                     log.error(sm.getString("endpoint.accept.fail"), t);
                 }

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=430130&r1=430129&r2=430130&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java 
Wed Aug  9 12:41:02 2006
@@ -45,17 +45,23 @@
         reset();
     }
     
+    public void reset(SSLEngine engine) throws IOException {
+        this.sslEngine = engine;
+        reset();
+    }
     public void reset() throws IOException {
         super.reset();
         netOutBuffer.position(0);
         netOutBuffer.limit(0);
         netInBuffer.position(0);
         netInBuffer.limit(0);
-
+        initHandshakeComplete = false;
+        closed = false;
+        closing = false;
         //initiate handshake
         sslEngine.beginHandshake();
         initHandshakeStatus = sslEngine.getHandshakeStatus();
-        
+
     }
     
 
//===========================================================================================
    



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r430130 - in /tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net: NioEndpoint.java SecureNioChannel.java

Reply via email to