| /* |
| * |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| * |
| */ |
| package org.apache.qpid.server.management.plugin.connector; |
| |
| import java.io.IOException; |
| import java.nio.channels.SelectionKey; |
| import java.nio.channels.SocketChannel; |
| |
| import javax.net.ssl.SSLEngine; |
| import javax.net.ssl.SSLSession; |
| |
| import org.eclipse.jetty.http.HttpSchemes; |
| import org.eclipse.jetty.io.AsyncEndPoint; |
| import org.eclipse.jetty.io.Buffer; |
| import org.eclipse.jetty.io.Connection; |
| import org.eclipse.jetty.io.EndPoint; |
| import org.eclipse.jetty.io.nio.AsyncConnection; |
| import org.eclipse.jetty.io.nio.IndirectNIOBuffer; |
| import org.eclipse.jetty.io.nio.SelectChannelEndPoint; |
| import org.eclipse.jetty.io.nio.SelectorManager; |
| import org.eclipse.jetty.io.nio.SslConnection; |
| import org.eclipse.jetty.server.AsyncHttpConnection; |
| import org.eclipse.jetty.server.Request; |
| import org.eclipse.jetty.server.nio.SelectChannelConnector; |
| import org.eclipse.jetty.server.ssl.SslCertificates; |
| import org.eclipse.jetty.util.log.Log; |
| import org.eclipse.jetty.util.log.Logger; |
| import org.eclipse.jetty.util.ssl.SslContextFactory; |
| |
| public class TcpAndSslSelectChannelConnector extends SelectChannelConnector |
| { |
| |
| private static final Logger LOG = Log.getLogger(TcpAndSslSelectChannelConnector.class); |
| |
| private final SslContextFactory _sslContextFactory; |
| |
| public TcpAndSslSelectChannelConnector(SslContextFactory factory) |
| { |
| _sslContextFactory = factory; |
| addBean(_sslContextFactory); |
| setUseDirectBuffers(false); |
| setSoLingerTime(30000); |
| } |
| |
| |
| @Override |
| public void customize(EndPoint endpoint, Request request) throws IOException |
| { |
| if(endpoint instanceof SslConnection.SslEndPoint) |
| { |
| request.setScheme(HttpSchemes.HTTPS); |
| } |
| |
| super.customize(endpoint,request); |
| |
| if(endpoint instanceof SslConnection.SslEndPoint) |
| { |
| SslConnection.SslEndPoint sslEndpoint = (SslConnection.SslEndPoint) endpoint; |
| SSLEngine sslEngine = sslEndpoint.getSslEngine(); |
| SSLSession sslSession = sslEngine.getSession(); |
| |
| SslCertificates.customize(sslSession, endpoint, request); |
| } |
| } |
| |
| @Override |
| protected AsyncConnection newConnection(SocketChannel channel, AsyncEndPoint endpoint) |
| { |
| return new ProtocolIdentifyingConnection((ProtocolIdentifyingEndpoint) endpoint); |
| } |
| |
| @Override |
| protected SelectChannelEndPoint newEndPoint(final SocketChannel channel, |
| final SelectorManager.SelectSet selectSet, |
| final SelectionKey key) throws IOException |
| { |
| |
| ProtocolIdentifyingEndpoint endpoint = new ProtocolIdentifyingEndpoint(channel,selectSet,key, getMaxIdleTime()); |
| endpoint.setConnection(selectSet.getManager().newConnection(channel, endpoint, key.attachment())); |
| return endpoint; |
| } |
| |
| protected SSLEngine createSSLEngine(SocketChannel channel) throws IOException |
| { |
| SSLEngine engine; |
| if (channel != null) |
| { |
| String peerHost = channel.socket().getInetAddress().getHostAddress(); |
| int peerPort = channel.socket().getPort(); |
| engine = _sslContextFactory.newSslEngine(peerHost, peerPort); |
| } |
| else |
| { |
| engine = _sslContextFactory.newSslEngine(); |
| } |
| |
| engine.setUseClientMode(false); |
| return engine; |
| } |
| |
| @Override |
| protected void doStart() throws Exception |
| { |
| _sslContextFactory.checkKeyStore(); |
| _sslContextFactory.start(); |
| |
| SSLEngine sslEngine = _sslContextFactory.newSslEngine(); |
| |
| sslEngine.setUseClientMode(false); |
| |
| SSLSession sslSession = sslEngine.getSession(); |
| |
| if (getRequestHeaderSize()<sslSession.getApplicationBufferSize()) |
| setRequestHeaderSize(sslSession.getApplicationBufferSize()); |
| if (getRequestBufferSize()<sslSession.getApplicationBufferSize()) |
| setRequestBufferSize(sslSession.getApplicationBufferSize()); |
| |
| super.doStart(); |
| } |
| |
| @Override |
| public boolean isConfidential(final Request request) |
| { |
| if(request.getScheme().equals(HttpSchemes.HTTPS)) |
| { |
| final int confidentialPort=getConfidentialPort(); |
| return confidentialPort==0||confidentialPort==request.getServerPort(); |
| } |
| return super.isConfidential(request); |
| } |
| |
| enum Protocol { UNKNOWN, TCP , SSL } |
| |
| private class ProtocolIdentifyingEndpoint extends SelectChannelEndPoint |
| { |
| |
| private Protocol _protocol = Protocol.UNKNOWN; |
| private Buffer _preBuffer = new IndirectNIOBuffer(6); |
| |
| public ProtocolIdentifyingEndpoint(final SocketChannel channel, |
| final SelectorManager.SelectSet selectSet, |
| final SelectionKey key, final int maxIdleTime) throws IOException |
| { |
| super(channel, selectSet, key, maxIdleTime); |
| } |
| |
| public Protocol getProtocol() throws IOException |
| { |
| if(_protocol == Protocol.UNKNOWN) |
| { |
| if(_preBuffer.space() != 0) |
| { |
| super.fill(_preBuffer); |
| _protocol = identifyFromPreBuffer(); |
| } |
| } |
| return _protocol; |
| } |
| |
| public SocketChannel getSocketChannel() |
| { |
| return (SocketChannel) getChannel(); |
| } |
| |
| private Protocol identifyFromPreBuffer() |
| { |
| if(_preBuffer.space() == 0) |
| { |
| byte[] helloBytes = _preBuffer.array(); |
| if (looksLikeSSLv2ClientHello(helloBytes) || looksLikeSSLv3ClientHello(helloBytes)) |
| { |
| return Protocol.SSL; |
| } |
| else |
| { |
| return Protocol.TCP; |
| } |
| } |
| return Protocol.UNKNOWN; |
| } |
| |
| private boolean looksLikeSSLv3ClientHello(byte[] headerBytes) |
| { |
| return headerBytes[0] == 22 && // SSL Handshake |
| (headerBytes[1] == 3 && // SSL 3.0 / TLS 1.x |
| (headerBytes[2] == 0 || // SSL 3.0 |
| headerBytes[2] == 1 || // TLS 1.0 |
| headerBytes[2] == 2 || // TLS 1.1 |
| headerBytes[2] == 3)) && // TLS1.2 |
| (headerBytes[5] == 1); // client_hello |
| } |
| |
| private boolean looksLikeSSLv2ClientHello(byte[] headerBytes) |
| { |
| return headerBytes[0] == -128 && |
| headerBytes[3] == 3 && // SSL 3.0 / TLS 1.x |
| (headerBytes[4] == 0 || // SSL 3.0 |
| headerBytes[4] == 1 || // TLS 1.0 |
| headerBytes[4] == 2 || // TLS 1.1 |
| headerBytes[4] == 3); |
| } |
| |
| @Override |
| public int fill(final Buffer buffer) throws IOException |
| { |
| int size = 0; |
| |
| if(getProtocol() != Protocol.UNKNOWN) |
| { |
| if (_preBuffer.hasContent()) |
| { |
| size = buffer.put(_preBuffer); |
| _preBuffer.skip(size); |
| } |
| if (buffer.space() != 0) |
| { |
| size += super.fill(buffer); |
| } |
| } |
| return size; |
| } |
| } |
| |
| private class ProtocolIdentifyingConnection implements AsyncConnection |
| { |
| private final ProtocolIdentifyingEndpoint _endpoint; |
| private AsyncConnection _delegate; |
| private final long _timestamp; |
| private IOException _exception; |
| |
| private ProtocolIdentifyingConnection(final ProtocolIdentifyingEndpoint endpoint) |
| { |
| _endpoint = endpoint; |
| _timestamp = System.currentTimeMillis(); |
| } |
| |
| @Override |
| public void onInputShutdown() throws IOException |
| { |
| if (_delegate == null) |
| { |
| createDelegate(true); |
| } |
| _delegate.onInputShutdown(); |
| } |
| |
| private boolean createDelegate(boolean createPlainWhenUnknown) throws IOException |
| { |
| if(_exception != null) |
| { |
| throw _exception; |
| } |
| Protocol protocol = _endpoint.getProtocol(); |
| if(protocol == Protocol.TCP || (createPlainWhenUnknown && protocol == Protocol.UNKNOWN)) |
| { |
| _delegate = new AsyncHttpConnection(TcpAndSslSelectChannelConnector.this, _endpoint, getServer()); |
| return true; |
| } |
| else if(protocol == Protocol.SSL) |
| { |
| SocketChannel channel = _endpoint.getSocketChannel(); |
| SSLEngine engine = createSSLEngine(channel); |
| SslConnection connection = new SslConnection(engine, _endpoint); |
| AsyncConnection delegate = new AsyncHttpConnection(TcpAndSslSelectChannelConnector.this, |
| connection.getSslEndPoint(), |
| getServer()); |
| connection.getSslEndPoint().setConnection(delegate); |
| connection.setAllowRenegotiate(_sslContextFactory.isAllowRenegotiate()); |
| |
| _delegate = connection; |
| return true; |
| } |
| return false; |
| } |
| |
| private boolean createDelegateNoException() |
| { |
| try |
| { |
| return createDelegate(false); |
| } |
| catch (IOException e) |
| { |
| _exception = e; |
| return false; |
| } |
| } |
| |
| @Override |
| public Connection handle() throws IOException |
| { |
| if(_delegate != null || createDelegate(false)) |
| { |
| return _delegate.handle(); |
| } |
| return this; |
| } |
| |
| @Override |
| public long getTimeStamp() |
| { |
| return _timestamp; |
| } |
| |
| @Override |
| public boolean isIdle() |
| { |
| if(_delegate != null || createDelegateNoException()) |
| { |
| return _delegate.isIdle(); |
| } |
| return false; |
| } |
| |
| @Override |
| public boolean isSuspended() |
| { |
| if(_delegate != null || createDelegateNoException()) |
| { |
| return _delegate.isSuspended(); |
| } |
| return false; |
| } |
| |
| @Override |
| public void onClose() |
| { |
| if(_delegate != null) |
| { |
| _delegate.onClose(); |
| } |
| } |
| |
| @Override |
| public void onIdleExpired(final long idleForMs) |
| { |
| try |
| { |
| if(_delegate != null || createDelegate(true)) |
| { |
| _delegate.onIdleExpired(idleForMs); |
| } |
| } |
| catch (IOException e) |
| { |
| LOG.ignore(e); |
| |
| try |
| { |
| _endpoint.close(); |
| } |
| catch(IOException e2) |
| { |
| LOG.ignore(e2); |
| } |
| } |
| } |
| } |
| |
| } |