Author: david.lloyd(a)jboss.com Date: 2010-03-04 17:19:36 -0500 (Thu, 04 Mar 2010) New Revision: 5800 Modified: remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServer.java remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServerFactory.java remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/RemoteConnectionHandler.java remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ServerOpenListener.java Log: Only offer EXTERNAL if the peer has a verified identity Modified: remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServer.java =================================================================== --- remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServer.java 2010-03-04 16:58:10 UTC (rev 5799) +++ remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServer.java 2010-03-04 22:19:36 UTC (rev 5800) @@ -26,10 +26,7 @@ import java.io.UnsupportedEncodingException; import java.security.Principal; import java.util.concurrent.atomic.AtomicBoolean; -import org.jboss.xnio.channels.SslChannel; -import javax.net.ssl.SSLPeerUnverifiedException; -import javax.net.ssl.SSLSession; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; @@ -40,13 +37,13 @@ final class ExternalSaslServer implements SaslServer { private final AtomicBoolean complete = new AtomicBoolean(); private String authorizationID; - private final SslChannel sslChannel; + private final Principal peerPrincipal; private final CallbackHandler callbackHandler; private static final byte[] EMPTY = new byte[0]; - ExternalSaslServer(final SslChannel sslChannel, final CallbackHandler callbackHandler) { - this.sslChannel = sslChannel; + ExternalSaslServer(final CallbackHandler callbackHandler, final Principal peerPrincipal) { this.callbackHandler = callbackHandler; + this.peerPrincipal = peerPrincipal; } public String getMechanismName() { @@ -63,13 +60,6 @@ } catch (UnsupportedEncodingException e) { throw new SaslException("Cannot convert user name from UTF-8", e); } - final SSLSession session = sslChannel.getSslSession(); - final Principal peerPrincipal; - try { - peerPrincipal = session.getPeerPrincipal(); - } catch (SSLPeerUnverifiedException e) { - throw new SaslException("SSL peer is unverified", e); - } final AuthorizeCallback authorizeCallback = new AuthorizeCallback(peerPrincipal.getName(), userName); handleCallback(callbackHandler, authorizeCallback); authorizationID = userName; Modified: remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServerFactory.java =================================================================== --- remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServerFactory.java 2010-03-04 16:58:10 UTC (rev 5799) +++ remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ExternalSaslServerFactory.java 2010-03-04 22:19:36 UTC (rev 5800) @@ -22,8 +22,8 @@ package org.jboss.remoting3.remote; +import java.security.Principal; import java.util.Map; -import org.jboss.xnio.channels.SslChannel; import javax.security.auth.callback.CallbackHandler; import javax.security.sasl.SaslException; @@ -34,17 +34,14 @@ private static final String[] NAMES = new String[] { "EXTERNAL" }; - private final SslChannel sslChannel; + private final Principal peerPrincipal; - ExternalSaslServerFactory(final SslChannel sslChannel) { - this.sslChannel = sslChannel; + ExternalSaslServerFactory(final Principal peerPrincipal) { + this.peerPrincipal = peerPrincipal; } public SaslServer createSaslServer(final String mechanism, final String protocol, final String serverName, final Map<String, ?> props, final CallbackHandler cbh) throws SaslException { - if (! "EXTERNAL".equalsIgnoreCase(mechanism)) { - return null; - } - return new ExternalSaslServer(sslChannel, cbh); + return new ExternalSaslServer(cbh, peerPrincipal); } public String[] getMechanismNames(final Map<String, ?> props) { Modified: remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/RemoteConnectionHandler.java =================================================================== --- remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/RemoteConnectionHandler.java 2010-03-04 16:58:10 UTC (rev 5799) +++ remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/RemoteConnectionHandler.java 2010-03-04 22:19:36 UTC (rev 5800) @@ -65,6 +65,9 @@ private final IntKeyMap<OutboundRequest> outboundRequests = new IntKeyMap<OutboundRequest>(); private final IntKeyMap<InboundRequest> inboundRequests = new IntKeyMap<InboundRequest>(); + private final IntKeyMap<OutboundStream> outboundStreams = new IntKeyMap<OutboundStream>(); + private final IntKeyMap<InboundStream> inboundStreams = new IntKeyMap<InboundStream>(); + private final AtomicBoolean closed = new AtomicBoolean(); RemoteConnectionHandler(final ConnectionHandlerContext connectionContext, final RemoteConnection remoteConnection, final MarshallerFactory marshallerFactory) { @@ -74,7 +77,7 @@ this.marshallerFactory = marshallerFactory; final MarshallingConfiguration config = new MarshallingConfiguration(); config.setClassExternalizerFactory(PrimaryExternalizerFactory.INSTANCE); - config.setObjectTable(new PrimaryObjectTable(connectionContext.getConnectionProviderContext().getEndpoint())); + config.setObjectTable(new PrimaryObjectTable(connectionContext.getConnectionProviderContext().getEndpoint(), this)); config.setStreamHeader(Marshalling.nullStreamHeader()); // fixed for now (v0) config.setVersion(2); @@ -189,10 +192,14 @@ return inboundRequests; } - AtomicBoolean getClosed() { - return closed; + IntKeyMap<OutboundStream> getOutboundStreams() { + return outboundStreams; } + IntKeyMap<InboundStream> getInboundStreams() { + return inboundStreams; + } + RemoteConnection getRemoteConnection() { return remoteConnection; } Modified: remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ServerOpenListener.java =================================================================== --- remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ServerOpenListener.java 2010-03-04 16:58:10 UTC (rev 5799) +++ remoting3/trunk/jboss-remoting/src/main/java/org/jboss/remoting3/remote/ServerOpenListener.java 2010-03-04 22:19:36 UTC (rev 5800) @@ -25,6 +25,7 @@ import java.io.IOException; import java.net.InetSocketAddress; import java.nio.ByteBuffer; +import java.security.Principal; import java.util.Enumeration; import java.util.HashSet; import java.util.LinkedHashMap; @@ -43,6 +44,8 @@ import org.jboss.xnio.channels.ConnectedStreamChannel; import org.jboss.xnio.channels.SslChannel; +import javax.net.ssl.SSLPeerUnverifiedException; +import javax.net.ssl.SSLSession; import javax.security.sasl.Sasl; import javax.security.sasl.SaslServerFactory; @@ -87,8 +90,15 @@ final Enumeration<SaslServerFactory> e = Sasl.getSaslServerFactories(); final Map<String, SaslServerFactory> saslServerFactories = new LinkedHashMap<String, SaslServerFactory>(); if (channel instanceof SslChannel && (includes == null | includes.contains("EXTERNAL"))) { - // automatically the best mechanism. - saslServerFactories.put("EXTERNAL", new ExternalSaslServerFactory((SslChannel) channel)); + final SslChannel sslChannel = (SslChannel) channel; + final SSLSession session = sslChannel.getSslSession(); + try { + final Principal peerPrincipal = session.getPeerPrincipal(); + // automatically the best mechanism. + saslServerFactories.put("EXTERNAL", new ExternalSaslServerFactory(peerPrincipal)); + } catch (SSLPeerUnverifiedException e1) { + // ignore + } } while (e.hasMoreElements()) { final SaslServerFactory saslServerFactory = e.nextElement();