Author: shawkins
Date: 2010-02-24 16:14:30 -0500 (Wed, 24 Feb 2010)
New Revision: 1872
Modified:
branches/JCA/runtime/src/main/java/org/teiid/transport/SSLAwareChannelHandler.java
branches/JCA/runtime/src/main/java/org/teiid/transport/SSLConfiguration.java
branches/JCA/runtime/src/main/java/org/teiid/transport/SocketListener.java
branches/JCA/runtime/src/main/java/org/teiid/transport/SocketTransport.java
branches/JCA/runtime/src/test/java/org/teiid/transport/TestCommSockets.java
Log:
TEIID-833 ensuring that a new sslengine is used for each channel
Modified:
branches/JCA/runtime/src/main/java/org/teiid/transport/SSLAwareChannelHandler.java
===================================================================
---
branches/JCA/runtime/src/main/java/org/teiid/transport/SSLAwareChannelHandler.java 2010-02-24
19:24:18 UTC (rev 1871)
+++
branches/JCA/runtime/src/main/java/org/teiid/transport/SSLAwareChannelHandler.java 2010-02-24
21:14:30 UTC (rev 1872)
@@ -138,7 +138,7 @@
}
private final ChannelListener.ChannelListenerFactory listenerFactory;
- private final SSLEngine engine;
+ private final SSLConfiguration config;
private final ClassLoader classLoader;
private Map<Channel, ChannelListener> listeners = Collections.synchronizedMap(new
HashMap<Channel, ChannelListener>());
private AtomicLong objectsRead = new AtomicLong(0);
@@ -158,9 +158,9 @@
};
public SSLAwareChannelHandler(ChannelListener.ChannelListenerFactory listenerFactory,
- SSLEngine engine, ClassLoader classloader) {
+ SSLConfiguration config, ClassLoader classloader) {
this.listenerFactory = listenerFactory;
- this.engine = engine;
+ this.config = config;
this.classLoader = classloader;
}
@@ -172,8 +172,8 @@
this.listeners.put(e.getChannel(), listener);
maxChannels = Math.max(maxChannels, this.listeners.size());
}
- if (engine != null) {
- SslHandler sslHandler = ctx.getPipeline().get(SslHandler.class);
+ SslHandler sslHandler = ctx.getPipeline().get(SslHandler.class);
+ if (sslHandler != null) {
sslHandler.handshake(e.getChannel()).addListener(new ChannelFutureListener() {
public void operationComplete(ChannelFuture arg0)
throws Exception {
@@ -224,6 +224,7 @@
public ChannelPipeline getPipeline() throws Exception {
ChannelPipeline pipeline = new DefaultChannelPipeline();
+ SSLEngine engine = config.getServerSSLEngine();
if (engine != null) {
pipeline.addLast("ssl", new SslHandler(engine)); //$NON-NLS-1$
}
Modified: branches/JCA/runtime/src/main/java/org/teiid/transport/SSLConfiguration.java
===================================================================
---
branches/JCA/runtime/src/main/java/org/teiid/transport/SSLConfiguration.java 2010-02-24
19:24:18 UTC (rev 1871)
+++
branches/JCA/runtime/src/main/java/org/teiid/transport/SSLConfiguration.java 2010-02-24
21:14:30 UTC (rev 1872)
@@ -36,9 +36,9 @@
public class SSLConfiguration {
- private static final String ONEWAY = "1-way"; //$NON-NLS-1$ - one way is
the default
- private static final String TWOWAY = "2-way"; //$NON-NLS-1$
- private static final String ANONYMOUS = "anonymous"; //$NON-NLS-1$
+ public static final String ONEWAY = "1-way"; //$NON-NLS-1$ - one way is the
default
+ public static final String TWOWAY = "2-way"; //$NON-NLS-1$
+ public static final String ANONYMOUS = "anonymous"; //$NON-NLS-1$
private static final String DEFAULT_SSL_PROTOCOL = "SSLv3"; //$NON-NLS-1$
private static final String DEFAULT_KEYSTORE_TYPE = "JKS"; //$NON-NLS-1$
Modified: branches/JCA/runtime/src/main/java/org/teiid/transport/SocketListener.java
===================================================================
--- branches/JCA/runtime/src/main/java/org/teiid/transport/SocketListener.java 2010-02-24
19:24:18 UTC (rev 1871)
+++ branches/JCA/runtime/src/main/java/org/teiid/transport/SocketListener.java 2010-02-24
21:14:30 UTC (rev 1872)
@@ -26,8 +26,6 @@
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
-import javax.net.ssl.SSLEngine;
-
import org.jboss.netty.bootstrap.ServerBootstrap;
import org.jboss.netty.channel.Channel;
import org.jboss.netty.channel.ChannelFactory;
@@ -61,8 +59,8 @@
* @param server
*/
public SocketListener(int port, String bindAddress, int inputBufferSize,
- int outputBufferSize, int maxWorkers, SSLEngine engine, boolean
isClientEncryptionEnabled, ClientServiceRegistryImpl csr) {
- this.isClientEncryptionEnabled = isClientEncryptionEnabled;
+ int outputBufferSize, int maxWorkers, SSLConfiguration config,
ClientServiceRegistryImpl csr) {
+ this.isClientEncryptionEnabled = config.isClientEncryptionEnabled();
this.csr = csr;
if (port < 0 || port > 0xFFFF) {
throw new IllegalArgumentException("port out of range:" + port);
//$NON-NLS-1$
@@ -76,7 +74,7 @@
ChannelFactory factory = new NioServerSocketChannelFactory(this.nettyPool,
this.nettyPool, Math.min(Runtime.getRuntime().availableProcessors(), maxWorkers));
ServerBootstrap bootstrap = new ServerBootstrap(factory);
- this.channelHandler = new SSLAwareChannelHandler(this, engine,
Thread.currentThread().getContextClassLoader());
+ this.channelHandler = new SSLAwareChannelHandler(this, config,
Thread.currentThread().getContextClassLoader());
bootstrap.setPipelineFactory(channelHandler);
if (inputBufferSize != 0) {
bootstrap.setOption("receiveBufferSize", new
Integer(inputBufferSize)); //$NON-NLS-1$
Modified: branches/JCA/runtime/src/main/java/org/teiid/transport/SocketTransport.java
===================================================================
--- branches/JCA/runtime/src/main/java/org/teiid/transport/SocketTransport.java 2010-02-24
19:24:18 UTC (rev 1871)
+++ branches/JCA/runtime/src/main/java/org/teiid/transport/SocketTransport.java 2010-02-24
21:14:30 UTC (rev 1872)
@@ -21,13 +21,8 @@
*/
package org.teiid.transport;
-import java.io.IOException;
-import java.net.UnknownHostException;
-import java.security.GeneralSecurityException;
-
import com.metamatrix.common.log.LogManager;
import com.metamatrix.common.util.LogConstants;
-import com.metamatrix.core.MetaMatrixRuntimeException;
import com.metamatrix.dqp.embedded.DQPEmbeddedPlugin;
/**
@@ -48,33 +43,14 @@
public void start() {
String bindAddress = this.config.getHostAddress().getHostAddress();
- try {
- if (this.config.isEnabled()) {
- LogManager.logDetail(LogConstants.CTX_SERVER,
DQPEmbeddedPlugin.Util.getString("SocketTransport.1", new Object[] {bindAddress,
String.valueOf(this.config.getPortNumber())})); //$NON-NLS-1$
- this.listener = new SocketListener(this.config.getPortNumber(), bindAddress,
this.config.getInputBufferSize(), this.config.getOutputBufferSize(),
this.config.getMaxSocketThreads(), this.config.getSSLConfiguration().getServerSSLEngine(),
this.config.getSSLConfiguration().isClientEncryptionEnabled(), csr);
-
- }
- else {
- LogManager.logDetail(LogConstants.CTX_SERVER,
DQPEmbeddedPlugin.Util.getString("SocketTransport.3")); //$NON-NLS-1$
- }
-
- } catch (UnknownHostException e) {
- throw new MetaMatrixRuntimeException(e,
DQPEmbeddedPlugin.Util.getString("SocketTransport.2",new Object[] {bindAddress,
String.valueOf(this.config.getPortNumber())})); //$NON-NLS-1$
- } catch (IOException e) {
- throw new MetaMatrixRuntimeException(e,
DQPEmbeddedPlugin.Util.getString("SocketTransport.2",new Object[] {bindAddress,
String.valueOf(this.config.getPortNumber())})); //$NON-NLS-1$
- } catch (GeneralSecurityException e) {
- throw new MetaMatrixRuntimeException(e,
DQPEmbeddedPlugin.Util.getString("SocketTransport.2",new Object[] {bindAddress,
String.valueOf(this.config.getPortNumber())})); //$NON-NLS-1$
- }
+ LogManager.logDetail(LogConstants.CTX_SERVER,
DQPEmbeddedPlugin.Util.getString("SocketTransport.1", new Object[] {bindAddress,
String.valueOf(this.config.getPortNumber())})); //$NON-NLS-1$
+ this.listener = new SocketListener(this.config.getPortNumber(), bindAddress,
this.config.getInputBufferSize(), this.config.getOutputBufferSize(),
this.config.getMaxSocketThreads(), this.config.getSSLConfiguration(), csr);
}
public void stop() {
this.listener.stop();
}
- public int getPort() {
- return this.listener.getPort();
- }
-
public SocketListenerStats getStats() {
return this.listener.getStats();
}
Modified: branches/JCA/runtime/src/test/java/org/teiid/transport/TestCommSockets.java
===================================================================
--- branches/JCA/runtime/src/test/java/org/teiid/transport/TestCommSockets.java 2010-02-24
19:24:18 UTC (rev 1871)
+++ branches/JCA/runtime/src/test/java/org/teiid/transport/TestCommSockets.java 2010-02-24
21:14:30 UTC (rev 1872)
@@ -33,12 +33,10 @@
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
-import org.mockito.Mockito;
import com.metamatrix.api.exception.ComponentNotFoundException;
import com.metamatrix.api.exception.security.LogonException;
import com.metamatrix.common.api.MMURL;
-import com.metamatrix.common.comm.api.ServerConnectionFactory;
import com.metamatrix.common.comm.exception.CommunicationException;
import com.metamatrix.common.comm.exception.ConnectionException;
import com.metamatrix.common.comm.platform.socket.SocketUtil;
@@ -67,7 +65,8 @@
}
@Test public void testFailedConnect() throws Exception {
- listener = new SocketListener(addr.getPort(), addr.getAddress().getHostAddress(),1024,
1024, 1, null, true, null);
+ SSLConfiguration config = new SSLConfiguration();
+ listener = new SocketListener(addr.getPort(), addr.getAddress().getHostAddress(),1024,
1024, 1, config, null);
try {
Properties p = new Properties();
@@ -83,7 +82,7 @@
@Test public void testConnectWithoutPooling() throws Exception {
Properties p = new Properties();
p.setProperty("org.teiid.sockets.maxCachedInstances", String.valueOf(0));
//$NON-NLS-1$
- SocketServerConnection conn = helpEstablishConnection(false, null, true, p);
+ SocketServerConnection conn = helpEstablishConnection(false, new SSLConfiguration(),
p);
SocketListenerStats stats = listener.getStats();
assertEquals(2, stats.objectsRead); // handshake response, logon,
assertEquals(1, stats.sockets);
@@ -101,7 +100,7 @@
}
@Test public void testConnectWithPooling() throws Exception {
- SocketServerConnection conn = helpEstablishConnection(false, null);
+ SocketServerConnection conn = helpEstablishConnection(false);
SocketListenerStats stats = listener.getStats();
assertEquals(2, stats.objectsRead); // handshake response, logon,
assertEquals(1, stats.sockets);
@@ -111,7 +110,7 @@
assertEquals(3, stats.objectsRead); // handshake response, logon, logoff
stats = listener.getStats();
assertEquals(1, stats.sockets);
- conn = helpEstablishConnection(false, null);
+ conn = helpEstablishConnection(false);
conn.close();
stats = listener.getStats();
assertEquals(1, stats.sockets);
@@ -120,18 +119,18 @@
@Test public void testConnectWithoutClientEncryption() throws Exception {
- SocketServerConnection conn = helpEstablishConnection(false, null, false, new
Properties());
+ SSLConfiguration config = new SSLConfiguration();
+ config.setClientEncryptionEnabled(false);
+ SocketServerConnection conn = helpEstablishConnection(false, config, new
Properties());
assertTrue(conn.selectServerInstance().getCryptor() instanceof NullCryptor);
conn.close();
}
- private SocketServerConnection helpEstablishConnection(boolean secure,
- SSLEngine serverSSL) throws CommunicationException, ConnectionException {
- return helpEstablishConnection(secure, serverSSL, true, new Properties());
+ private SocketServerConnection helpEstablishConnection(boolean secure) throws
CommunicationException, ConnectionException {
+ return helpEstablishConnection(secure, new SSLConfiguration(), new Properties());
}
- private SocketServerConnection helpEstablishConnection(boolean secure,
- SSLEngine serverSSL, boolean isClientEncryptionEnabled, Properties socketConfig)
throws CommunicationException,
+ private SocketServerConnection helpEstablishConnection(boolean clientSecure,
SSLConfiguration config, Properties socketConfig) throws CommunicationException,
ConnectionException {
if (listener == null) {
ClientServiceRegistryImpl server = new ClientServiceRegistryImpl();
@@ -143,7 +142,7 @@
}
}, null);
- listener = new SocketListener(addr.getPort(), addr.getAddress().getHostAddress(),
1024, 1024, 1, serverSSL, isClientEncryptionEnabled, server);
+ listener = new SocketListener(addr.getPort(), addr.getAddress().getHostAddress(),
1024, 1024, 1, config, server);
SocketListenerStats stats = listener.getStats();
assertEquals(0, stats.maxSockets);
@@ -153,7 +152,7 @@
}
Properties p = new Properties();
- String url = new MMURL(addr.getHostName(),
listener.getPort(),secure).getAppServerURL();
+ String url = new MMURL(addr.getHostName(), listener.getPort(),
clientSecure).getAppServerURL();
p.setProperty(MMURL.CONNECTION.SERVER_URL, url);
p.setProperty(MMURL.CONNECTION.DISCOVERY_STRATEGY,
UrlServerDiscovery.class.getName());
if (sscf == null) {
@@ -165,7 +164,7 @@
@Test public void testSSLConnectWithNonSSLServer() throws Exception {
try {
- helpEstablishConnection(true, null);
+ helpEstablishConnection(true);
fail("exception expected"); //$NON-NLS-1$
} catch (CommunicationException e) {
@@ -178,7 +177,10 @@
engine.setEnabledCipherSuites(new String[] { SocketUtil.ANON_CIPHER_SUITE });
Properties p = new Properties();
p.setProperty(SocketUtil.TRUSTSTORE_FILENAME, SocketUtil.NONE);
- SocketServerConnection conn = helpEstablishConnection(true, engine, true, p);
+ SSLConfiguration config = new SSLConfiguration();
+ config.setSslEnabled(true);
+ config.setAuthenticationMode(SSLConfiguration.ANONYMOUS);
+ SocketServerConnection conn = helpEstablishConnection(true, config, p);
conn.close();
}