You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by ch...@apache.org on 2012/08/25 02:28:16 UTC

svn commit: r1377163 - in /activemq/activemq-apollo/trunk: apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/ apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/jetty/ apollo-broker/src/main/scala/org/apache/activemq/apollo/bro...

Author: chirino
Date: Sat Aug 25 00:28:16 2012
New Revision: 1377163

URL: http://svn.apache.org/viewvc?rev=1377163&view=rev
Log:
Support configuring the SSL protocol and getting the X509 certs from it.

Added:
    activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/SslDTO.java
Modified:
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connection.scala
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/jetty/WebSocketTransportFactory.scala
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/protocol/SSLProtocol.scala
    activemq/activemq-apollo/trunk/apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/OpenwireProtocolHandler.scala
    activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connection.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connection.scala?rev=1377163&r1=1377162&r2=1377163&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connection.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connection.scala Sat Aug 25 00:28:16 2012
@@ -22,8 +22,10 @@ import org.fusesource.hawtdispatch._
 import protocol.{ProtocolHandler}
 import org.apache.activemq.apollo.filter.BooleanExpression
 import org.fusesource.hawtdispatch.transport._
-import org.apache.activemq.apollo.dto.{DestinationDTO, ConnectionStatusDTO}
+import org.apache.activemq.apollo.dto._
 import org.apache.activemq.apollo.util.{Dispatched, Log, BaseService}
+import scala.Some
+import java.security.cert.X509Certificate
 
 /**
  * @author <a href="http://hiramchirino.com">Hiram Chirino</a>
@@ -168,7 +170,7 @@ class BrokerConnection(var connector: Co
     result
   }
 
-  def protocol_codec[T<:ProtocolCodec](clazz:Class[T]):T = {
+  def protocol_codec[T<:AnyRef](clazz:Class[T]):T = {
     var rc = transport.getProtocolCodec
     while( rc !=null ) {
       if( clazz.isInstance(rc) ) {
@@ -181,6 +183,18 @@ class BrokerConnection(var connector: Co
     }
     return null.asInstanceOf[T]
   }
+
+  def certificates = {
+    (transport match {
+      case ttransport:SecuredSession=>
+        Option(ttransport.getPeerX509Certificates)
+      case _ =>
+        protocol_codec(classOf[SecuredSession]) match {
+          case null => None
+          case protocol_codec=> Option(protocol_codec.getPeerX509Certificates)
+        }
+    }).getOrElse(Array[X509Certificate]())
+  }
 }
 
 /**

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala?rev=1377163&r1=1377162&r2=1377163&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala Sat Aug 25 00:28:16 2012
@@ -50,6 +50,17 @@ trait Connector extends BaseService with
   def resource_kind = SecuredResource.ConnectorKind
   def update_buffer_settings = {}
 
+  def protocol_codec_config[T<:ProtocolDTO](clazz:Class[T]):Option[T] = {
+    import collection.JavaConversions._
+    val connector_config = config.asInstanceOf[AcceptingConnectorDTO]
+    for( x <- connector_config.protocols ) {
+      if( clazz.isInstance(x) ) {
+        return Some(clazz.cast(x))
+      }
+    }
+    return None
+  }
+
 }
 
 trait ConnectorFactory {

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/jetty/WebSocketTransportFactory.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/jetty/WebSocketTransportFactory.scala?rev=1377163&r1=1377162&r2=1377163&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/jetty/WebSocketTransportFactory.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/jetty/WebSocketTransportFactory.scala Sat Aug 25 00:28:16 2012
@@ -196,7 +196,7 @@ object WebSocketTransportFactory extends
    *
    */
   case class WebSocketTransport(server: WsTransportServer, request: HttpServletRequest, protocol: String) 
-          extends BaseService with WebSocket.OnTextMessage with WebSocket.OnBinaryMessage with SecureTransport with ScatteringByteChannel with GatheringByteChannel {
+          extends BaseService with WebSocket.OnTextMessage with WebSocket.OnBinaryMessage with Transport with SecuredSession with ScatteringByteChannel with GatheringByteChannel {
 
     /////////////////////////////////////////////////////////////////////////
     // Transport interface methods.

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/protocol/SSLProtocol.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/protocol/SSLProtocol.scala?rev=1377163&r1=1377162&r2=1377163&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/protocol/SSLProtocol.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/protocol/SSLProtocol.scala Sat Aug 25 00:28:16 2012
@@ -18,6 +18,8 @@ package org.apache.activemq.apollo.broke
 import org.fusesource.hawtdispatch.transport.SSLProtocolCodec
 import org.fusesource.hawtbuf.Buffer
 import org.apache.activemq.apollo.broker.Connector
+import org.apache.activemq.apollo.dto.SslDTO
+import org.fusesource.hawtdispatch.transport.SSLProtocolCodec.ClientAuth
 
 /**
  */
@@ -26,6 +28,7 @@ class SSLProtocol extends Protocol {
 
   override def isIdentifiable = true
   override def maxIdentificaionLength = 5
+
   override def matchesIdentification(buffer: Buffer):Boolean = {
     if( buffer.length >= 5 ) {
 
@@ -52,9 +55,22 @@ class SSLProtocol extends Protocol {
   }
 
   def createProtocolCodec(connector:Connector) = {
+    val config = connector.protocol_codec_config(classOf[SslDTO]).getOrElse(new SslDTO)
+    val client_auth =  if( config.client_auth!=null ) {
+      ClientAuth.valueOf(config.client_auth.toUpperCase());
+    } else {
+      ClientAuth.WANT
+    }
+
+    val version = if( config.version!=null ) {
+      config.version;
+    } else {
+      "SSL"
+    }
+
     val rc = new SSLProtocolCodec()
-    rc.setSSLContext(connector.broker.ssl_context("SSL"))
-    rc.server(SSLProtocolCodec.ClientAuth.NONE)
+    rc.setSSLContext(connector.broker.ssl_context(version))
+    rc.server(client_auth);
     rc.setNext(new AnyProtocolCodec(connector))
     rc
   }

Added: activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/SslDTO.java
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/SslDTO.java?rev=1377163&view=auto
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/SslDTO.java (added)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/SslDTO.java Sat Aug 25 00:28:16 2012
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.apollo.dto;
+
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlRootElement;
+
+/**
+ * Allow you to customize protocol detection handling.
+ *
+ * @author <a href="http://hiramchirino.com">Hiram Chirino</a>
+ */
+@XmlRootElement(name="ssl")
+@XmlAccessorType(XmlAccessType.FIELD)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class SslDTO extends ProtocolDTO {
+
+    /**
+     * Should clients be authorized?  Set to WANT, NEED, or NONE.  Defaults to WANT.
+     */
+    @XmlAttribute(name="client_auth")
+    public String client_auth;
+
+    /**
+     * The SSL protocol version to use.  Set to SSL, TLS, TLSv1, TLSv3 etc.
+     */
+    @XmlAttribute(name="version")
+    public String version;
+
+}

Modified: activemq/activemq-apollo/trunk/apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/OpenwireProtocolHandler.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/OpenwireProtocolHandler.scala?rev=1377163&r1=1377162&r2=1377163&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/OpenwireProtocolHandler.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/OpenwireProtocolHandler.scala Sat Aug 25 00:28:16 2012
@@ -431,12 +431,7 @@ class OpenwireProtocolHandler extends Pr
     if (connection_context==null) {
       new ConnectionContext(info).attach
 
-      connection.transport match {
-        case t:SecureTransport=>
-          security_context.certificates = Option(t.getPeerX509Certificates).getOrElse(Array[X509Certificate]())
-        case _ =>
-      }
-
+      security_context.certificates = connection.certificates
       security_context.user = Option(info.getUserName).map(_.toString).getOrElse(null)
       security_context.password = Option(info.getPassword).map(_.toString).getOrElse(null)
       security_context.session_id = Some(info.getConnectionId.toString)

Modified: activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala?rev=1377163&r1=1377162&r2=1377163&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala Sat Aug 25 00:28:16 2012
@@ -36,7 +36,7 @@ import java.security.cert.X509Certificat
 import collection.mutable.{ListBuffer, HashMap}
 import java.io.IOException
 import org.apache.activemq.apollo.dto._
-import org.fusesource.hawtdispatch.transport.{SecureTransport, HeartBeatMonitor, SslTransport}
+import org.fusesource.hawtdispatch.transport.{SecuredSession, HeartBeatMonitor, SslTransport}
 import path.{LiteralPart, Path, PathParser}
 
 
@@ -925,12 +925,7 @@ class StompProtocolHandler extends Proto
 
   def on_stomp_connect(headers:HeaderMap):Unit = {
 
-    connection.transport match {
-      case t:SecureTransport=>
-        security_context.certificates = Option(t.getPeerX509Certificates).getOrElse(Array[X509Certificate]())
-      case _ =>
-    }
-
+    security_context.certificates = connection.certificates
     security_context.local_address = connection.transport.getLocalAddress
     security_context.remote_address = connection.transport.getRemoteAddress
     security_context.user = get(headers, LOGIN).map(decode_header _).getOrElse(null)