broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/connector/TcpAndSslSelectChannelConnector.java - qpid-jms-amqp-0-x - Git at Google

 /*
  *
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  *
  */
 package org.apache.qpid.server.management.plugin.connector;

 import java.io.IOException;
 import java.nio.channels.SelectionKey;
 import java.nio.channels.SocketChannel;

 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLSession;

 import org.eclipse.jetty.http.HttpSchemes;
 import org.eclipse.jetty.io.AsyncEndPoint;
 import org.eclipse.jetty.io.Buffer;
 import org.eclipse.jetty.io.Connection;
 import org.eclipse.jetty.io.EndPoint;
 import org.eclipse.jetty.io.nio.AsyncConnection;
 import org.eclipse.jetty.io.nio.IndirectNIOBuffer;
 import org.eclipse.jetty.io.nio.SelectChannelEndPoint;
 import org.eclipse.jetty.io.nio.SelectorManager;
 import org.eclipse.jetty.io.nio.SslConnection;
 import org.eclipse.jetty.server.AsyncHttpConnection;
 import org.eclipse.jetty.server.Request;
 import org.eclipse.jetty.server.nio.SelectChannelConnector;
 import org.eclipse.jetty.server.ssl.SslCertificates;
 import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.log.Logger;
 import org.eclipse.jetty.util.ssl.SslContextFactory;

 public class TcpAndSslSelectChannelConnector extends SelectChannelConnector
 {

     private static final Logger LOG = Log.getLogger(TcpAndSslSelectChannelConnector.class);

     private final SslContextFactory _sslContextFactory;

     public TcpAndSslSelectChannelConnector(SslContextFactory factory)
     {
         _sslContextFactory = factory;
         addBean(_sslContextFactory);
         setUseDirectBuffers(false);
         setSoLingerTime(30000);
     }


     @Override
     public void customize(EndPoint endpoint, Request request) throws IOException
     {
         if(endpoint instanceof SslConnection.SslEndPoint)
         {
             request.setScheme(HttpSchemes.HTTPS);
         }

         super.customize(endpoint,request);

         if(endpoint instanceof SslConnection.SslEndPoint)
         {
             SslConnection.SslEndPoint sslEndpoint = (SslConnection.SslEndPoint) endpoint;
             SSLEngine sslEngine = sslEndpoint.getSslEngine();
             SSLSession sslSession = sslEngine.getSession();

             SslCertificates.customize(sslSession, endpoint, request);
         }
     }

     @Override
     protected AsyncConnection newConnection(SocketChannel channel, AsyncEndPoint endpoint)
     {
         return new ProtocolIdentifyingConnection((ProtocolIdentifyingEndpoint) endpoint);
     }

     @Override
     protected SelectChannelEndPoint newEndPoint(final SocketChannel channel,
                                                 final SelectorManager.SelectSet selectSet,
                                                 final SelectionKey key) throws IOException
     {

         ProtocolIdentifyingEndpoint endpoint = new ProtocolIdentifyingEndpoint(channel,selectSet,key, getMaxIdleTime());
         endpoint.setConnection(selectSet.getManager().newConnection(channel, endpoint, key.attachment()));
         return endpoint;
     }

     protected SSLEngine createSSLEngine(SocketChannel channel) throws IOException
     {
         SSLEngine engine;
         if (channel != null)
         {
             String peerHost = channel.socket().getInetAddress().getHostAddress();
             int peerPort = channel.socket().getPort();
             engine = _sslContextFactory.newSslEngine(peerHost, peerPort);
         }
         else
         {
             engine = _sslContextFactory.newSslEngine();
         }

         engine.setUseClientMode(false);
         return engine;
     }

     @Override
     protected void doStart() throws Exception
     {
         _sslContextFactory.checkKeyStore();
         _sslContextFactory.start();

         SSLEngine sslEngine = _sslContextFactory.newSslEngine();

         sslEngine.setUseClientMode(false);

         SSLSession sslSession = sslEngine.getSession();

         if (getRequestHeaderSize()<sslSession.getApplicationBufferSize())
             setRequestHeaderSize(sslSession.getApplicationBufferSize());
         if (getRequestBufferSize()<sslSession.getApplicationBufferSize())
             setRequestBufferSize(sslSession.getApplicationBufferSize());

         super.doStart();
     }

     @Override
     public boolean isConfidential(final Request request)
     {
         if(request.getScheme().equals(HttpSchemes.HTTPS))
         {
             final int confidentialPort=getConfidentialPort();
             return confidentialPort==0||confidentialPort==request.getServerPort();
         }
         return super.isConfidential(request);
     }

     enum Protocol { UNKNOWN, TCP , SSL }

     private class ProtocolIdentifyingEndpoint extends SelectChannelEndPoint
     {

         private Protocol _protocol = Protocol.UNKNOWN;
         private Buffer _preBuffer = new IndirectNIOBuffer(6);

         public ProtocolIdentifyingEndpoint(final SocketChannel channel,
                                            final SelectorManager.SelectSet selectSet,
                                            final SelectionKey key, final int maxIdleTime) throws IOException
         {
             super(channel, selectSet, key, maxIdleTime);
         }

         public Protocol getProtocol() throws IOException
         {
             if(_protocol == Protocol.UNKNOWN)
             {
                 if(_preBuffer.space() != 0)
                 {
                     super.fill(_preBuffer);
                     _protocol = identifyFromPreBuffer();
                 }
             }
             return _protocol;
         }

         public SocketChannel getSocketChannel()
         {
             return (SocketChannel) getChannel();
         }

         private Protocol identifyFromPreBuffer()
         {
             if(_preBuffer.space() == 0)
             {
                 byte[] helloBytes = _preBuffer.array();
                 if (looksLikeSSLv2ClientHello(helloBytes) || looksLikeSSLv3ClientHello(helloBytes))
                 {
                     return Protocol.SSL;
                 }
                 else
                 {
                     return Protocol.TCP;
                 }
             }
             return Protocol.UNKNOWN;
         }

         private boolean looksLikeSSLv3ClientHello(byte[] headerBytes)
         {
             return headerBytes[0] == 22 && // SSL Handshake
                    (headerBytes[1] == 3 && // SSL 3.0 / TLS 1.x
                     (headerBytes[2] == 0 || // SSL 3.0
                      headerBytes[2] == 1 || // TLS 1.0
                      headerBytes[2] == 2 || // TLS 1.1
                      headerBytes[2] == 3)) && // TLS1.2
                    (headerBytes[5] == 1); // client_hello
         }

         private boolean looksLikeSSLv2ClientHello(byte[] headerBytes)
         {
             return headerBytes[0] == -128 &&
                    headerBytes[3] == 3 && // SSL 3.0 / TLS 1.x
                    (headerBytes[4] == 0 || // SSL 3.0
                     headerBytes[4] == 1 || // TLS 1.0
                     headerBytes[4] == 2 || // TLS 1.1
                     headerBytes[4] == 3);
         }

         @Override
         public int fill(final Buffer buffer) throws IOException
         {
             int size = 0;

             if(getProtocol() != Protocol.UNKNOWN)
             {
                 if (_preBuffer.hasContent())
                 {
                     size = buffer.put(_preBuffer);
                     _preBuffer.skip(size);
                 }
                 if (buffer.space() != 0)
                 {
                     size += super.fill(buffer);
                 }
             }
             return size;
         }
     }

     private class ProtocolIdentifyingConnection implements AsyncConnection
     {
         private final ProtocolIdentifyingEndpoint _endpoint;
         private AsyncConnection _delegate;
         private final long _timestamp;
         private IOException _exception;

         private ProtocolIdentifyingConnection(final ProtocolIdentifyingEndpoint endpoint)
         {
             _endpoint = endpoint;
             _timestamp = System.currentTimeMillis();
         }

         @Override
         public void onInputShutdown() throws IOException
         {
             if (_delegate == null)
             {
                 createDelegate(true);
             }
             _delegate.onInputShutdown();
         }

         private boolean createDelegate(boolean createPlainWhenUnknown) throws IOException
         {
             if(_exception != null)
             {
                 throw _exception;
             }
             Protocol protocol = _endpoint.getProtocol();
             if(protocol == Protocol.TCP || (createPlainWhenUnknown && protocol == Protocol.UNKNOWN))
             {
                 _delegate = new AsyncHttpConnection(TcpAndSslSelectChannelConnector.this, _endpoint, getServer());
                 return true;
             }
             else if(protocol == Protocol.SSL)
             {
                 SocketChannel channel = _endpoint.getSocketChannel();
                 SSLEngine engine = createSSLEngine(channel);
                 SslConnection connection = new SslConnection(engine, _endpoint);
                 AsyncConnection delegate = new AsyncHttpConnection(TcpAndSslSelectChannelConnector.this,
                                                                    connection.getSslEndPoint(),
                                                                    getServer());
                 connection.getSslEndPoint().setConnection(delegate);
                 connection.setAllowRenegotiate(_sslContextFactory.isAllowRenegotiate());

                 _delegate = connection;
                 return true;
             }
             return false;
         }

         private boolean createDelegateNoException()
         {
             try
             {
                 return createDelegate(false);
             }
             catch (IOException e)
             {
                 _exception = e;
                 return false;
             }
         }

         @Override
         public Connection handle() throws IOException
         {
             if(_delegate != null || createDelegate(false))
             {
                 return _delegate.handle();
             }
             return this;
         }

         @Override
         public long getTimeStamp()
         {
             return _timestamp;
         }

         @Override
         public boolean isIdle()
         {
             if(_delegate != null || createDelegateNoException())
             {
                 return _delegate.isIdle();
             }
             return false;
         }

         @Override
         public boolean isSuspended()
         {
             if(_delegate != null || createDelegateNoException())
             {
                 return _delegate.isSuspended();
             }
             return false;
         }

         @Override
         public void onClose()
         {
             if(_delegate != null)
             {
                 _delegate.onClose();
             }
         }

         @Override
         public void onIdleExpired(final long idleForMs)
         {
             try
             {
                 if(_delegate != null || createDelegate(true))
                 {
                     _delegate.onIdleExpired(idleForMs);
                 }
             }
             catch (IOException e)
             {
                 LOG.ignore(e);

                 try
                 {
                     _endpoint.close();
                 }
                 catch(IOException e2)
                 {
                     LOG.ignore(e2);
                 }
             }
         }
     }

 }
	/*
	*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.qpid.server.management.plugin.connector;

	import java.io.IOException;
	import java.nio.channels.SelectionKey;
	import java.nio.channels.SocketChannel;

	import javax.net.ssl.SSLEngine;
	import javax.net.ssl.SSLSession;

	import org.eclipse.jetty.http.HttpSchemes;
	import org.eclipse.jetty.io.AsyncEndPoint;
	import org.eclipse.jetty.io.Buffer;
	import org.eclipse.jetty.io.Connection;
	import org.eclipse.jetty.io.EndPoint;
	import org.eclipse.jetty.io.nio.AsyncConnection;
	import org.eclipse.jetty.io.nio.IndirectNIOBuffer;
	import org.eclipse.jetty.io.nio.SelectChannelEndPoint;
	import org.eclipse.jetty.io.nio.SelectorManager;
	import org.eclipse.jetty.io.nio.SslConnection;
	import org.eclipse.jetty.server.AsyncHttpConnection;
	import org.eclipse.jetty.server.Request;
	import org.eclipse.jetty.server.nio.SelectChannelConnector;
	import org.eclipse.jetty.server.ssl.SslCertificates;
	import org.eclipse.jetty.util.log.Log;
	import org.eclipse.jetty.util.log.Logger;
	import org.eclipse.jetty.util.ssl.SslContextFactory;

	public class TcpAndSslSelectChannelConnector extends SelectChannelConnector
	{

	private static final Logger LOG = Log.getLogger(TcpAndSslSelectChannelConnector.class);

	private final SslContextFactory _sslContextFactory;

	public TcpAndSslSelectChannelConnector(SslContextFactory factory)
	{
	_sslContextFactory = factory;
	addBean(_sslContextFactory);
	setUseDirectBuffers(false);
	setSoLingerTime(30000);
	}


	@Override
	public void customize(EndPoint endpoint, Request request) throws IOException
	{
	if(endpoint instanceof SslConnection.SslEndPoint)
	{
	request.setScheme(HttpSchemes.HTTPS);
	}

	super.customize(endpoint,request);

	if(endpoint instanceof SslConnection.SslEndPoint)
	{
	SslConnection.SslEndPoint sslEndpoint = (SslConnection.SslEndPoint) endpoint;
	SSLEngine sslEngine = sslEndpoint.getSslEngine();
	SSLSession sslSession = sslEngine.getSession();

	SslCertificates.customize(sslSession, endpoint, request);
	}
	}

	@Override
	protected AsyncConnection newConnection(SocketChannel channel, AsyncEndPoint endpoint)
	{
	return new ProtocolIdentifyingConnection((ProtocolIdentifyingEndpoint) endpoint);
	}

	@Override
	protected SelectChannelEndPoint newEndPoint(final SocketChannel channel,
	final SelectorManager.SelectSet selectSet,
	final SelectionKey key) throws IOException
	{

	ProtocolIdentifyingEndpoint endpoint = new ProtocolIdentifyingEndpoint(channel,selectSet,key, getMaxIdleTime());
	endpoint.setConnection(selectSet.getManager().newConnection(channel, endpoint, key.attachment()));
	return endpoint;
	}

	protected SSLEngine createSSLEngine(SocketChannel channel) throws IOException
	{
	SSLEngine engine;
	if (channel != null)
	{
	String peerHost = channel.socket().getInetAddress().getHostAddress();
	int peerPort = channel.socket().getPort();
	engine = _sslContextFactory.newSslEngine(peerHost, peerPort);
	}
	else
	{
	engine = _sslContextFactory.newSslEngine();
	}

	engine.setUseClientMode(false);
	return engine;
	}

	@Override
	protected void doStart() throws Exception
	{
	_sslContextFactory.checkKeyStore();
	_sslContextFactory.start();

	SSLEngine sslEngine = _sslContextFactory.newSslEngine();

	sslEngine.setUseClientMode(false);

	SSLSession sslSession = sslEngine.getSession();

	if (getRequestHeaderSize()<sslSession.getApplicationBufferSize())
	setRequestHeaderSize(sslSession.getApplicationBufferSize());
	if (getRequestBufferSize()<sslSession.getApplicationBufferSize())
	setRequestBufferSize(sslSession.getApplicationBufferSize());

	super.doStart();
	}

	@Override
	public boolean isConfidential(final Request request)
	{
	if(request.getScheme().equals(HttpSchemes.HTTPS))
	{
	final int confidentialPort=getConfidentialPort();
	return confidentialPort==0\|\|confidentialPort==request.getServerPort();
	}
	return super.isConfidential(request);
	}

	enum Protocol { UNKNOWN, TCP , SSL }

	private class ProtocolIdentifyingEndpoint extends SelectChannelEndPoint
	{

	private Protocol _protocol = Protocol.UNKNOWN;
	private Buffer _preBuffer = new IndirectNIOBuffer(6);

	public ProtocolIdentifyingEndpoint(final SocketChannel channel,
	final SelectorManager.SelectSet selectSet,
	final SelectionKey key, final int maxIdleTime) throws IOException
	{
	super(channel, selectSet, key, maxIdleTime);
	}

	public Protocol getProtocol() throws IOException
	{
	if(_protocol == Protocol.UNKNOWN)
	{
	if(_preBuffer.space() != 0)
	{
	super.fill(_preBuffer);
	_protocol = identifyFromPreBuffer();
	}
	}
	return _protocol;
	}

	public SocketChannel getSocketChannel()
	{
	return (SocketChannel) getChannel();
	}

	private Protocol identifyFromPreBuffer()
	{
	if(_preBuffer.space() == 0)
	{
	byte[] helloBytes = _preBuffer.array();
	if (looksLikeSSLv2ClientHello(helloBytes) \|\| looksLikeSSLv3ClientHello(helloBytes))
	{
	return Protocol.SSL;
	}
	else
	{
	return Protocol.TCP;
	}
	}
	return Protocol.UNKNOWN;
	}

	private boolean looksLikeSSLv3ClientHello(byte[] headerBytes)
	{
	return headerBytes[0] == 22 && // SSL Handshake
	(headerBytes[1] == 3 && // SSL 3.0 / TLS 1.x
	(headerBytes[2] == 0 \|\| // SSL 3.0
	headerBytes[2] == 1 \|\| // TLS 1.0
	headerBytes[2] == 2 \|\| // TLS 1.1
	headerBytes[2] == 3)) && // TLS1.2
	(headerBytes[5] == 1); // client_hello
	}

	private boolean looksLikeSSLv2ClientHello(byte[] headerBytes)
	{
	return headerBytes[0] == -128 &&
	headerBytes[3] == 3 && // SSL 3.0 / TLS 1.x
	(headerBytes[4] == 0 \|\| // SSL 3.0
	headerBytes[4] == 1 \|\| // TLS 1.0
	headerBytes[4] == 2 \|\| // TLS 1.1
	headerBytes[4] == 3);
	}

	@Override
	public int fill(final Buffer buffer) throws IOException
	{
	int size = 0;

	if(getProtocol() != Protocol.UNKNOWN)
	{
	if (_preBuffer.hasContent())
	{
	size = buffer.put(_preBuffer);
	_preBuffer.skip(size);
	}
	if (buffer.space() != 0)
	{
	size += super.fill(buffer);
	}
	}
	return size;
	}
	}

	private class ProtocolIdentifyingConnection implements AsyncConnection
	{
	private final ProtocolIdentifyingEndpoint _endpoint;
	private AsyncConnection _delegate;
	private final long _timestamp;
	private IOException _exception;

	private ProtocolIdentifyingConnection(final ProtocolIdentifyingEndpoint endpoint)
	{
	_endpoint = endpoint;
	_timestamp = System.currentTimeMillis();
	}

	@Override
	public void onInputShutdown() throws IOException
	{
	if (_delegate == null)
	{
	createDelegate(true);
	}
	_delegate.onInputShutdown();
	}

	private boolean createDelegate(boolean createPlainWhenUnknown) throws IOException
	{
	if(_exception != null)
	{
	throw _exception;
	}
	Protocol protocol = _endpoint.getProtocol();
	if(protocol == Protocol.TCP \|\| (createPlainWhenUnknown && protocol == Protocol.UNKNOWN))
	{
	_delegate = new AsyncHttpConnection(TcpAndSslSelectChannelConnector.this, _endpoint, getServer());
	return true;
	}
	else if(protocol == Protocol.SSL)
	{
	SocketChannel channel = _endpoint.getSocketChannel();
	SSLEngine engine = createSSLEngine(channel);
	SslConnection connection = new SslConnection(engine, _endpoint);
	AsyncConnection delegate = new AsyncHttpConnection(TcpAndSslSelectChannelConnector.this,
	connection.getSslEndPoint(),
	getServer());
	connection.getSslEndPoint().setConnection(delegate);
	connection.setAllowRenegotiate(_sslContextFactory.isAllowRenegotiate());

	_delegate = connection;
	return true;
	}
	return false;
	}

	private boolean createDelegateNoException()
	{
	try
	{
	return createDelegate(false);
	}
	catch (IOException e)
	{
	_exception = e;
	return false;
	}
	}

	@Override
	public Connection handle() throws IOException
	{
	if(_delegate != null \|\| createDelegate(false))
	{
	return _delegate.handle();
	}
	return this;
	}

	@Override
	public long getTimeStamp()
	{
	return _timestamp;
	}

	@Override
	public boolean isIdle()
	{
	if(_delegate != null \|\| createDelegateNoException())
	{
	return _delegate.isIdle();
	}
	return false;
	}

	@Override
	public boolean isSuspended()
	{
	if(_delegate != null \|\| createDelegateNoException())
	{
	return _delegate.isSuspended();
	}
	return false;
	}

	@Override
	public void onClose()
	{
	if(_delegate != null)
	{
	_delegate.onClose();
	}
	}

	@Override
	public void onIdleExpired(final long idleForMs)
	{
	try
	{
	if(_delegate != null \|\| createDelegate(true))
	{
	_delegate.onIdleExpired(idleForMs);
	}
	}
	catch (IOException e)
	{
	LOG.ignore(e);

	try
	{
	_endpoint.close();
	}
	catch(IOException e2)
	{
	LOG.ignore(e2);
	}
	}
	}
	}

	}