You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ra...@apache.org on 2010/01/28 03:13:56 UTC
svn commit: r903942 - in
/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network:
ConnectionBinding.java security/ security/sasl/
security/sasl/SASLEncryptor.java security/sasl/SASLReceiver.java
security/sasl/SASLSender.java
Author: rajith
Date: Thu Jan 28 02:13:55 2010
New Revision: 903942
URL: http://svn.apache.org/viewvc?rev=903942&view=rev
Log:
This is related to QPID-2352
The SASL encryption layer is not fully functional, however it's dormant unless explicitly enabled using the jvm arg "qpid.sasl_encryption" or the connection parameter "sasl_encryption".
Added:
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java
Modified:
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/ConnectionBinding.java
Modified: qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/ConnectionBinding.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/ConnectionBinding.java?rev=903942&r1=903941&r2=903942&view=diff
==============================================================================
--- qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/ConnectionBinding.java (original)
+++ qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/ConnectionBinding.java Thu Jan 28 02:13:55 2010
@@ -25,8 +25,11 @@
import org.apache.qpid.transport.Binding;
import org.apache.qpid.transport.Connection;
import org.apache.qpid.transport.ConnectionDelegate;
+import org.apache.qpid.transport.ConnectionListener;
import org.apache.qpid.transport.Receiver;
import org.apache.qpid.transport.Sender;
+import org.apache.qpid.transport.network.security.sasl.SASLReceiver;
+import org.apache.qpid.transport.network.security.sasl.SASLSender;
/**
* ConnectionBinding
@@ -69,6 +72,12 @@
{
Connection conn = connection();
+ if (conn.getConnectionSettings().isUseSASLEncryption())
+ {
+ sender = new SASLSender(sender);
+ conn.addConnectionListener((ConnectionListener)sender);
+ }
+
// XXX: hardcoded max-frame
Disassembler dis = new Disassembler(sender, MAX_FRAME_SIZE);
conn.setSender(dis);
@@ -77,7 +86,16 @@
public Receiver<ByteBuffer> receiver(Connection conn)
{
- return new InputHandler(new Assembler(conn));
+ if (conn.getConnectionSettings().isUseSASLEncryption())
+ {
+ SASLReceiver receiver = new SASLReceiver(new InputHandler(new Assembler(conn)));
+ conn.addConnectionListener((ConnectionListener)receiver);
+ return receiver;
+ }
+ else
+ {
+ return new InputHandler(new Assembler(conn));
+ }
}
}
Added: qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java?rev=903942&view=auto
==============================================================================
--- qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java (added)
+++ qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java Thu Jan 28 02:13:55 2010
@@ -0,0 +1,45 @@
+package org.apache.qpid.transport.network.security.sasl;
+
+import java.util.concurrent.atomic.AtomicBoolean;
+
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslClient;
+
+import org.apache.qpid.transport.Connection;
+import org.apache.qpid.transport.ConnectionException;
+import org.apache.qpid.transport.ConnectionListener;
+
+public abstract class SASLEncryptor implements ConnectionListener
+{
+ protected SaslClient saslClient;
+ protected boolean securityLayerEstablished = false;
+ protected int sendBuffSize;
+ protected int recvBuffSize;
+
+ public boolean isSecurityLayerEstablished()
+ {
+ return securityLayerEstablished;
+ }
+
+ public void opened(Connection conn)
+ {
+ if (conn.getSaslClient() != null)
+ {
+ saslClient = conn.getSaslClient();
+ if (saslClient.isComplete() && saslClient.getNegotiatedProperty(Sasl.QOP) == "auth-conf")
+ {
+ sendBuffSize = Integer.parseInt(
+ (String)saslClient.getNegotiatedProperty(Sasl.RAW_SEND_SIZE));
+ recvBuffSize = Integer.parseInt(
+ (String)saslClient.getNegotiatedProperty(Sasl.MAX_BUFFER));
+ securityLayerEstablished();
+ securityLayerEstablished = true;
+ }
+ }
+ }
+
+ public void exception(Connection conn, ConnectionException exception){}
+ public void closed(Connection conn) {}
+
+ public abstract void securityLayerEstablished();
+}
Added: qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java?rev=903942&view=auto
==============================================================================
--- qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java (added)
+++ qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java Thu Jan 28 02:13:55 2010
@@ -0,0 +1,67 @@
+package org.apache.qpid.transport.network.security.sasl;
+
+import java.nio.ByteBuffer;
+
+import javax.security.sasl.SaslClient;
+import javax.security.sasl.SaslException;
+
+import org.apache.qpid.transport.Receiver;
+import org.apache.qpid.transport.SenderException;
+import org.apache.qpid.transport.util.Logger;
+
+public class SASLReceiver extends SASLEncryptor implements Receiver<ByteBuffer> {
+
+ Receiver<ByteBuffer> delegate;
+ private byte[] netData;
+ private static final Logger log = Logger.get(SASLReceiver.class);
+
+ public SASLReceiver(Receiver<ByteBuffer> delegate)
+ {
+ this.delegate = delegate;
+ }
+
+ @Override
+ public void closed()
+ {
+ delegate.closed();
+ }
+
+ @Override
+ public void exception(Throwable t)
+ {
+ delegate.equals(t);
+ }
+
+ @Override
+ public void received(ByteBuffer buf)
+ {
+ if (isSecurityLayerEstablished())
+ {
+ while (buf.hasRemaining())
+ {
+ int length = Math.min(buf.remaining(),recvBuffSize);
+ buf.get(netData, 0, length);
+ try
+ {
+ byte[] out = saslClient.unwrap(netData, 0, length);
+ delegate.received(ByteBuffer.wrap(out));
+ }
+ catch (SaslException e)
+ {
+ throw new SenderException("SASL Sender, Error occurred while encrypting data",e);
+ }
+ }
+ }
+ else
+ {
+ delegate.received(buf);
+ }
+ }
+
+ public void securityLayerEstablished()
+ {
+ netData = new byte[recvBuffSize];
+ log.debug("SASL Security Layer Established");
+ }
+
+}
Added: qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java?rev=903942&view=auto
==============================================================================
--- qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java (added)
+++ qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java Thu Jan 28 02:13:55 2010
@@ -0,0 +1,102 @@
+package org.apache.qpid.transport.network.security.sasl;
+
+import java.nio.ByteBuffer;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+import javax.security.sasl.SaslClient;
+import javax.security.sasl.SaslException;
+
+import org.apache.qpid.transport.Sender;
+import org.apache.qpid.transport.SenderException;
+import org.apache.qpid.transport.util.Logger;
+
+public class SASLSender extends SASLEncryptor implements Sender<ByteBuffer> {
+
+ protected Sender<ByteBuffer> delegate;
+ private byte[] appData;
+ private final AtomicBoolean closed = new AtomicBoolean(false);
+ private static final Logger log = Logger.get(SASLSender.class);
+
+ public SASLSender(Sender<ByteBuffer> delegate)
+ {
+ this.delegate = delegate;
+ log.debug("SASL Sender enabled");
+ }
+
+ @Override
+ public void close()
+ {
+
+ if (!closed.getAndSet(true))
+ {
+ delegate.close();
+ if (isSecurityLayerEstablished())
+ {
+ try
+ {
+ saslClient.dispose();
+ }
+ catch (SaslException e)
+ {
+ throw new SenderException("Error closing SASL Sender",e);
+ }
+ }
+ }
+ }
+
+ @Override
+ public void flush()
+ {
+ delegate.flush();
+ }
+
+ @Override
+ public void send(ByteBuffer buf)
+ {
+ if (closed.get())
+ {
+ throw new SenderException("SSL Sender is closed");
+ }
+
+ if (isSecurityLayerEstablished())
+ {
+ while (buf.hasRemaining())
+ {
+ int length = Math.min(buf.remaining(),sendBuffSize);
+ log.debug("sendBuffSize %s", sendBuffSize);
+ log.debug("buf.remaining() %s", buf.remaining());
+
+ buf.get(appData, 0, length);
+ try
+ {
+ byte[] out = saslClient.wrap(appData, 0, length);
+ log.debug("out.length %s", out.length);
+
+ delegate.send(ByteBuffer.wrap(out));
+ }
+ catch (SaslException e)
+ {
+ log.error("Exception while encrypting data.",e);
+ throw new SenderException("SASL Sender, Error occurred while encrypting data",e);
+ }
+ }
+ }
+ else
+ {
+ delegate.send(buf);
+ }
+ }
+
+ @Override
+ public void setIdleTimeout(int i)
+ {
+ delegate.setIdleTimeout(i);
+ }
+
+ public void securityLayerEstablished()
+ {
+ appData = new byte[sendBuffSize];
+ log.debug("SASL Security Layer Established");
+ }
+
+}
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org