You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ph...@apache.org on 2012/12/17 16:52:35 UTC
svn commit: r1422986 - in /qpid/proton/branches/kgiusti-proton-136/proton-j:
proton-api/src/main/java/org/apache/qpid/proton/engine/
proton/src/main/java/org/apache/qpid/proton/engine/impl/
proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ p...
Author: philharveyonline
Date: Mon Dec 17 15:52:33 2012
New Revision: 1422986
URL: http://svn.apache.org/viewvc?rev=1422986&view=rev
Log:
PROTON-136: moved proton-j SSLDomain's createSSLEngine method from public interface in proton-api into implementation class.
Added:
qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngine.java
qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngineProvider.java
Removed:
qpid/proton/branches/kgiusti-proton-136/proton-j/proton-api/src/main/java/org/apache/qpid/proton/engine/SslEngineFacade.java
Modified:
qpid/proton/branches/kgiusti-proton-136/proton-j/proton-api/src/main/java/org/apache/qpid/proton/engine/SslDomain.java
qpid/proton/branches/kgiusti-proton-136/proton-j/proton-api/src/main/java/org/apache/qpid/proton/engine/Transport.java
qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/TransportImpl.java
qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/DefaultSslEngineFacade.java
qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapper.java
qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslDomainImpl.java
qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslImpl.java
qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/CapitalisingDummySslEngine.java
Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton-api/src/main/java/org/apache/qpid/proton/engine/SslDomain.java
URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton-api/src/main/java/org/apache/qpid/proton/engine/SslDomain.java?rev=1422986&r1=1422985&r2=1422986&view=diff
==============================================================================
--- qpid/proton/branches/kgiusti-proton-136/proton-j/proton-api/src/main/java/org/apache/qpid/proton/engine/SslDomain.java (original)
+++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton-api/src/main/java/org/apache/qpid/proton/engine/SslDomain.java Mon Dec 17 15:52:33 2012
@@ -132,11 +132,4 @@ public interface SslDomain
void allowUnsecuredClient(boolean allowUnsecured);
boolean allowUnsecuredClient();
-
- /**
- * Returns an SSL engine. Only intended to be used inside {@link Transport#ssl(SslDomain, SslPeerDetailsImpl)}.
- *
- * @param sslPeerDetails the details of the remote peer. If non-null, may be used to assist SSL session resumption.
- */
- SslEngineFacade createSslEngine(SslPeerDetails sslPeerDetails);
}
Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton-api/src/main/java/org/apache/qpid/proton/engine/Transport.java
URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton-api/src/main/java/org/apache/qpid/proton/engine/Transport.java?rev=1422986&r1=1422985&r2=1422986&view=diff
==============================================================================
--- qpid/proton/branches/kgiusti-proton-136/proton-j/proton-api/src/main/java/org/apache/qpid/proton/engine/Transport.java (original)
+++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton-api/src/main/java/org/apache/qpid/proton/engine/Transport.java Mon Dec 17 15:52:33 2012
@@ -62,6 +62,7 @@ public interface Transport extends Endpo
/**
* Wrap this transport's output and input to apply SSL encryption and decryption respectively.
*
+ * @param sslDomain the SSL settings to use
* @param sslPeerDetails may be null, in which case SSL session resume will not be attempted
* @return an {@link Ssl} object representing the SSL session.
*/
Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/TransportImpl.java
URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/TransportImpl.java?rev=1422986&r1=1422985&r2=1422986&view=diff
==============================================================================
--- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/TransportImpl.java (original)
+++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/TransportImpl.java Mon Dec 17 15:52:33 2012
@@ -38,6 +38,7 @@ import org.apache.qpid.proton.engine.Ssl
import org.apache.qpid.proton.engine.SslPeerDetails;
import org.apache.qpid.proton.engine.Transport;
import org.apache.qpid.proton.engine.TransportException;
+import org.apache.qpid.proton.engine.impl.ssl.ProtonSslEngineProvider;
import org.apache.qpid.proton.engine.impl.ssl.SslImpl;
import org.apache.qpid.proton.framing.TransportFrame;
import org.apache.qpid.proton.amqp.transport.Attach;
@@ -240,6 +241,13 @@ public class TransportImpl extends Endpo
}
+ /**
+ * {@inheritDoc}
+ *
+ * <p>Note that sslDomain must implement {@link ProtonSslEngineProvider}. This is not possible
+ * enforce at the API level because {@link ProtonSslEngineProvider} is not part of the
+ * public Proton API.</p>
+ */
@Override
public Ssl ssl(SslDomain sslDomain, SslPeerDetails sslPeerDetails)
{
Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/DefaultSslEngineFacade.java
URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/DefaultSslEngineFacade.java?rev=1422986&r1=1422985&r2=1422986&view=diff
==============================================================================
--- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/DefaultSslEngineFacade.java (original)
+++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/DefaultSslEngineFacade.java Mon Dec 17 15:52:33 2012
@@ -26,9 +26,8 @@ import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
import javax.net.ssl.SSLException;
-import org.apache.qpid.proton.engine.SslEngineFacade;
-class DefaultSslEngineFacade implements SslEngineFacade
+class DefaultSslEngineFacade implements ProtonSslEngine
{
private final SSLEngine _sslEngine;
Added: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngine.java
URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngine.java?rev=1422986&view=auto
==============================================================================
--- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngine.java (added)
+++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngine.java Mon Dec 17 15:52:33 2012
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.proton.engine.impl.ssl;
+
+import java.nio.ByteBuffer;
+
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLEngineResult.HandshakeStatus;
+import javax.net.ssl.SSLEngineResult.Status;
+import javax.net.ssl.SSLException;
+
+/**
+ * Thin wrapper around an {@link SSLEngine}.
+ */
+public interface ProtonSslEngine
+{
+ /**
+ * @see SSLEngine#wrap(ByteBuffer, ByteBuffer)
+ *
+ * Note that wrap really does write <em>one</em> packet worth of data to the
+ * dst byte buffer. If dst byte buffer is insufficiently large the
+ * pointers within both src and dst are unchanged and the bytesConsumed and
+ * bytesProduced on the returned result are zero.
+ */
+ SSLEngineResult wrap(ByteBuffer src, ByteBuffer dst) throws SSLException;
+
+ /**
+ * @see SSLEngine#unwrap(ByteBuffer, ByteBuffer)
+ *
+ * Note that unwrap does read exactly one packet of encoded data from src
+ * and write to dst. If src contains insufficient bytes to read a complete
+ * packet {@link Status#BUFFER_UNDERFLOW} occurs. If underflow occurs the
+ * pointers within both src and dst are unchanged and the bytesConsumed and
+ * bytesProduced on the returned result are zero.
+ */
+ SSLEngineResult unwrap(ByteBuffer src, ByteBuffer dst) throws SSLException;
+
+ Runnable getDelegatedTask();
+ HandshakeStatus getHandshakeStatus();
+
+ int getApplicationBufferSize();
+ int getPacketBufferSize();
+ String getCipherSuite();
+ String getProtocol();
+ boolean getUseClientMode();
+}
Added: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngineProvider.java
URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngineProvider.java?rev=1422986&view=auto
==============================================================================
--- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngineProvider.java (added)
+++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/ProtonSslEngineProvider.java Mon Dec 17 15:52:33 2012
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.qpid.proton.engine.impl.ssl;
+
+import org.apache.qpid.proton.engine.SslPeerDetails;
+
+public interface ProtonSslEngineProvider
+{
+ /**
+ * Returns an SSL engine.
+ *
+ * @param sslPeerDetails the details of the remote peer. If non-null, may be used to assist SSL session resumption.
+ */
+ public ProtonSslEngine createSslEngine(SslPeerDetails peerDetails);
+}
Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapper.java
URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapper.java?rev=1422986&r1=1422985&r2=1422986&view=diff
==============================================================================
--- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapper.java (original)
+++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SimpleSslTransportWrapper.java Mon Dec 17 15:52:33 2012
@@ -31,7 +31,6 @@ import javax.net.ssl.SSLEngineResult.Sta
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
-import org.apache.qpid.proton.engine.SslEngineFacade;
import org.apache.qpid.proton.engine.TransportException;
import org.apache.qpid.proton.engine.impl.TransportInput;
import org.apache.qpid.proton.engine.impl.TransportOutput;
@@ -55,7 +54,7 @@ public class SimpleSslTransportWrapper i
private final TransportInput _underlyingInput;
private final TransportOutput _underlyingOutput;
- private SslEngineFacade _sslEngine;
+ private ProtonSslEngine _sslEngine;
/** Used by {@link #output(byte[], int, int)}. Acts as a buffer for the output from underlyingOutput */
private ByteHolder _clearOutputHolder;
@@ -75,7 +74,7 @@ public class SimpleSslTransportWrapper i
/** could change during the lifetime of the ssl connection owing to renegotiation. */
private String _protocolName;
- SimpleSslTransportWrapper(SslEngineFacade sslEngine, TransportInput underlyingInput, TransportOutput underlyingOutput)
+ SimpleSslTransportWrapper(ProtonSslEngine sslEngine, TransportInput underlyingInput, TransportOutput underlyingOutput)
{
_underlyingInput = underlyingInput;
_underlyingOutput = underlyingOutput;
Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslDomainImpl.java
URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslDomainImpl.java?rev=1422986&r1=1422985&r2=1422986&view=diff
==============================================================================
--- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslDomainImpl.java (original)
+++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslDomainImpl.java Mon Dec 17 15:52:33 2012
@@ -19,10 +19,9 @@
package org.apache.qpid.proton.engine.impl.ssl;
import org.apache.qpid.proton.engine.SslDomain;
-import org.apache.qpid.proton.engine.SslEngineFacade;
import org.apache.qpid.proton.engine.SslPeerDetails;
-public class SslDomainImpl implements SslDomain
+public class SslDomainImpl implements SslDomain, ProtonSslEngineProvider
{
private Mode _mode;
private VerifyMode _verifyMode = VerifyMode.ANONYMOUS_PEER;
@@ -114,7 +113,7 @@ public class SslDomainImpl implements Ss
}
@Override
- public SslEngineFacade createSslEngine(SslPeerDetails peerDetails)
+ public ProtonSslEngine createSslEngine(SslPeerDetails peerDetails)
{
return _sslEngineFacadeFactory.createProtonSslEngine(this, peerDetails);
}
Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java
URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java?rev=1422986&r1=1422985&r2=1422986&view=diff
==============================================================================
--- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java (original)
+++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java Mon Dec 17 15:52:33 2012
@@ -47,7 +47,6 @@ import javax.net.ssl.TrustManagerFactory
import javax.net.ssl.X509TrustManager;
import org.apache.qpid.proton.engine.SslDomain;
-import org.apache.qpid.proton.engine.SslEngineFacade;
import org.apache.qpid.proton.engine.SslPeerDetails;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMException;
@@ -86,12 +85,12 @@ public class SslEngineFacadeFactory
/**
- * Returns a {@link SslEngineFacade}. May cache the domain's settings so callers should invoke
+ * Returns a {@link ProtonSslEngine}. May cache the domain's settings so callers should invoke
* {@link #resetCache()} if the domain changes.
*
* @param peerDetails may be used to return an engine that supports SSL resume.
*/
- public SslEngineFacade createProtonSslEngine(SslDomain domain, SslPeerDetails peerDetails)
+ public ProtonSslEngine createProtonSslEngine(SslDomain domain, SslPeerDetails peerDetails)
{
SSLEngine engine = createAndInitialiseSslEngine(domain, peerDetails);
if(_logger.isLoggable(Level.FINE))
Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslImpl.java
URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslImpl.java?rev=1422986&r1=1422985&r2=1422986&view=diff
==============================================================================
--- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslImpl.java (original)
+++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslImpl.java Mon Dec 17 15:52:33 2012
@@ -33,12 +33,19 @@ public class SslImpl implements Ssl
private SslTransportWrapper _unsecureClientAwareTransportWrapper;
private final SslDomain _domain;
+ private final ProtonSslEngineProvider _protonSslEngineProvider;
private final SslPeerDetails _peerDetails;
+ /**
+ * @param sslDomain must implement {@link ProtonSslEngineProvider}. This is not possible
+ * enforce at the API level because {@link ProtonSslEngineProvider} is not part of the
+ * public Proton API.</p>
+ */
public SslImpl(SslDomain domain, SslPeerDetails peerDetails)
{
_domain = domain;
+ _protonSslEngineProvider = (ProtonSslEngineProvider)domain;
_peerDetails = peerDetails;
}
@@ -132,7 +139,11 @@ public class SslImpl implements Ssl
{
if (_transportWrapper == null)
{
- SslTransportWrapper sslTransportWrapper = new SimpleSslTransportWrapper(_domain.createSslEngine(_peerDetails), _inputProcessor, _outputProcessor);
+ SslTransportWrapper sslTransportWrapper = new SimpleSslTransportWrapper(
+ _protonSslEngineProvider.createSslEngine(_peerDetails),
+ _inputProcessor,
+ _outputProcessor);
+
if (_domain.allowUnsecuredClient())
{
TransportWrapper plainTransportWrapper = new PlainTransportWrapper(_outputProcessor, _inputProcessor);
Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/CapitalisingDummySslEngine.java
URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/CapitalisingDummySslEngine.java?rev=1422986&r1=1422985&r2=1422986&view=diff
==============================================================================
--- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/CapitalisingDummySslEngine.java (original)
+++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/test/java/org/apache/qpid/proton/engine/impl/ssl/CapitalisingDummySslEngine.java Mon Dec 17 15:52:33 2012
@@ -30,7 +30,6 @@ import javax.net.ssl.SSLEngineResult.Han
import javax.net.ssl.SSLEngineResult.Status;
import javax.net.ssl.SSLException;
-import org.apache.qpid.proton.engine.SslEngineFacade;
/**
@@ -39,7 +38,7 @@ import org.apache.qpid.proton.engine.Ssl
*
* Using a true SSLEngine for this would be impractical.
*/
-public class CapitalisingDummySslEngine implements SslEngineFacade
+public class CapitalisingDummySslEngine implements ProtonSslEngine
{
static final int SHORT_ENCODED_CHUNK_SIZE = 2;
private static final int MAX_ENCODED_CHUNK_SIZE = 5;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org