geode-core/src/main/java/org/apache/geode/internal/net/SCClusterSocketCreator.java - geode - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
  * agreements. See the NOTICE file distributed with this work for additional information regarding
  * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance with the License. You may obtain a
  * copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License
  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
 package org.apache.geode.internal.net;

 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.ServerSocket;
 import java.net.Socket;

 import javax.net.ServerSocketFactory;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLServerSocket;

 import org.apache.geode.GemFireConfigException;
 import org.apache.geode.distributed.internal.tcpserver.ClusterSocketCreatorImpl;
 import org.apache.geode.net.SSLParameterExtension;

 class SCClusterSocketCreator extends ClusterSocketCreatorImpl {
   private final SocketCreator coreSocketCreator;

   protected SCClusterSocketCreator(SocketCreator socketCreator) {
     super(socketCreator);
     coreSocketCreator = socketCreator;
   }

   @Override
   public void handshakeIfSocketIsSSL(Socket socket, int timeout) throws IOException {
     coreSocketCreator.handshakeIfSocketIsSSL(socket, timeout);
   }

   public ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr,
       int socketBufferSize) throws IOException {
     return createServerSocket(nport, backlog, bindAddr, socketBufferSize,
         coreSocketCreator.useSSL());
   }

   @Override
   protected ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr,
       int socketBufferSize, boolean sslConnection) throws IOException {
     coreSocketCreator.printConfig();
     if (!sslConnection) {
       return super.createServerSocket(nport, backlog, bindAddr, socketBufferSize, sslConnection);
     }
     if (coreSocketCreator.getSslContext() == null) {
       throw new GemFireConfigException(
           "SSL not configured correctly, Please look at previous error");
     }
     ServerSocketFactory ssf = coreSocketCreator.getSslContext().getServerSocketFactory();
     SSLServerSocket serverSocket = (SSLServerSocket) ssf.createServerSocket();
     serverSocket.setReuseAddress(true);
     // If necessary, set the receive buffer size before binding the socket so
     // that large buffers will be allocated on accepted sockets (see
     // java.net.ServerSocket.setReceiverBufferSize javadocs)
     if (socketBufferSize != -1) {
       serverSocket.setReceiveBufferSize(socketBufferSize);
     }
     serverSocket.bind(new InetSocketAddress(bindAddr, nport), backlog);
     finishServerSocket(serverSocket);
     return serverSocket;
   }

   /**
    * Configure the SSLServerSocket based on this SocketCreator's settings.
    */
   private void finishServerSocket(SSLServerSocket serverSocket) {
     SSLConfig sslConfig = coreSocketCreator.getSslConfig();
     serverSocket.setUseClientMode(false);
     if (sslConfig.isRequireAuth()) {
       // serverSocket.setWantClientAuth( true );
       serverSocket.setNeedClientAuth(true);
     }
     serverSocket.setEnableSessionCreation(true);

     // restrict protocols
     String[] protocols = sslConfig.getProtocolsAsStringArray();
     if (!"any".equalsIgnoreCase(protocols[0])) {
       serverSocket.setEnabledProtocols(protocols);
     }
     // restrict ciphers
     String[] ciphers = sslConfig.getCiphersAsStringArray();
     if (!"any".equalsIgnoreCase(ciphers[0])) {
       serverSocket.setEnabledCipherSuites(ciphers);
     }

     SSLParameterExtension sslParameterExtension = sslConfig.getSSLParameterExtension();
     if (sslParameterExtension != null) {
       SSLParameters modifiedParams =
           sslParameterExtension.modifySSLServerSocketParameters(serverSocket.getSSLParameters());
       serverSocket.setSSLParameters(modifiedParams);
     }

   }


 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
	* agreements. See the NOTICE file distributed with this work for additional information regarding
	* copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance with the License. You may obtain a
	* copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software distributed under the License
	* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
	* or implied. See the License for the specific language governing permissions and limitations under
	* the License.
	*/
	package org.apache.geode.internal.net;

	import java.io.IOException;
	import java.net.InetAddress;
	import java.net.InetSocketAddress;
	import java.net.ServerSocket;
	import java.net.Socket;

	import javax.net.ServerSocketFactory;
	import javax.net.ssl.SSLParameters;
	import javax.net.ssl.SSLServerSocket;

	import org.apache.geode.GemFireConfigException;
	import org.apache.geode.distributed.internal.tcpserver.ClusterSocketCreatorImpl;
	import org.apache.geode.net.SSLParameterExtension;

	class SCClusterSocketCreator extends ClusterSocketCreatorImpl {
	private final SocketCreator coreSocketCreator;

	protected SCClusterSocketCreator(SocketCreator socketCreator) {
	super(socketCreator);
	coreSocketCreator = socketCreator;
	}

	@Override
	public void handshakeIfSocketIsSSL(Socket socket, int timeout) throws IOException {
	coreSocketCreator.handshakeIfSocketIsSSL(socket, timeout);
	}

	public ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr,
	int socketBufferSize) throws IOException {
	return createServerSocket(nport, backlog, bindAddr, socketBufferSize,
	coreSocketCreator.useSSL());
	}

	@Override
	protected ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr,
	int socketBufferSize, boolean sslConnection) throws IOException {
	coreSocketCreator.printConfig();
	if (!sslConnection) {
	return super.createServerSocket(nport, backlog, bindAddr, socketBufferSize, sslConnection);
	}
	if (coreSocketCreator.getSslContext() == null) {
	throw new GemFireConfigException(
	"SSL not configured correctly, Please look at previous error");
	}
	ServerSocketFactory ssf = coreSocketCreator.getSslContext().getServerSocketFactory();
	SSLServerSocket serverSocket = (SSLServerSocket) ssf.createServerSocket();
	serverSocket.setReuseAddress(true);
	// If necessary, set the receive buffer size before binding the socket so
	// that large buffers will be allocated on accepted sockets (see
	// java.net.ServerSocket.setReceiverBufferSize javadocs)
	if (socketBufferSize != -1) {
	serverSocket.setReceiveBufferSize(socketBufferSize);
	}
	serverSocket.bind(new InetSocketAddress(bindAddr, nport), backlog);
	finishServerSocket(serverSocket);
	return serverSocket;
	}

	/**
	* Configure the SSLServerSocket based on this SocketCreator's settings.
	*/
	private void finishServerSocket(SSLServerSocket serverSocket) {
	SSLConfig sslConfig = coreSocketCreator.getSslConfig();
	serverSocket.setUseClientMode(false);
	if (sslConfig.isRequireAuth()) {
	// serverSocket.setWantClientAuth( true );
	serverSocket.setNeedClientAuth(true);
	}
	serverSocket.setEnableSessionCreation(true);

	// restrict protocols
	String[] protocols = sslConfig.getProtocolsAsStringArray();
	if (!"any".equalsIgnoreCase(protocols[0])) {
	serverSocket.setEnabledProtocols(protocols);
	}
	// restrict ciphers
	String[] ciphers = sslConfig.getCiphersAsStringArray();
	if (!"any".equalsIgnoreCase(ciphers[0])) {
	serverSocket.setEnabledCipherSuites(ciphers);
	}

	SSLParameterExtension sslParameterExtension = sslConfig.getSSLParameterExtension();
	if (sslParameterExtension != null) {
	SSLParameters modifiedParams =
	sslParameterExtension.modifySSLServerSocketParameters(serverSocket.getSSLParameters());
	serverSocket.setSSLParameters(modifiedParams);
	}

	}


	}