You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by ch...@apache.org on 2012/08/25 02:28:16 UTC
svn commit: r1377163 - in /activemq/activemq-apollo/trunk:
apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/
apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/jetty/
apollo-broker/src/main/scala/org/apache/activemq/apollo/bro...
Author: chirino
Date: Sat Aug 25 00:28:16 2012
New Revision: 1377163
URL: http://svn.apache.org/viewvc?rev=1377163&view=rev
Log:
Support configuring the SSL protocol and getting the X509 certs from it.
Added:
activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/SslDTO.java
Modified:
activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connection.scala
activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala
activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/jetty/WebSocketTransportFactory.scala
activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/protocol/SSLProtocol.scala
activemq/activemq-apollo/trunk/apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/OpenwireProtocolHandler.scala
activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connection.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connection.scala?rev=1377163&r1=1377162&r2=1377163&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connection.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connection.scala Sat Aug 25 00:28:16 2012
@@ -22,8 +22,10 @@ import org.fusesource.hawtdispatch._
import protocol.{ProtocolHandler}
import org.apache.activemq.apollo.filter.BooleanExpression
import org.fusesource.hawtdispatch.transport._
-import org.apache.activemq.apollo.dto.{DestinationDTO, ConnectionStatusDTO}
+import org.apache.activemq.apollo.dto._
import org.apache.activemq.apollo.util.{Dispatched, Log, BaseService}
+import scala.Some
+import java.security.cert.X509Certificate
/**
* @author <a href="http://hiramchirino.com">Hiram Chirino</a>
@@ -168,7 +170,7 @@ class BrokerConnection(var connector: Co
result
}
- def protocol_codec[T<:ProtocolCodec](clazz:Class[T]):T = {
+ def protocol_codec[T<:AnyRef](clazz:Class[T]):T = {
var rc = transport.getProtocolCodec
while( rc !=null ) {
if( clazz.isInstance(rc) ) {
@@ -181,6 +183,18 @@ class BrokerConnection(var connector: Co
}
return null.asInstanceOf[T]
}
+
+ def certificates = {
+ (transport match {
+ case ttransport:SecuredSession=>
+ Option(ttransport.getPeerX509Certificates)
+ case _ =>
+ protocol_codec(classOf[SecuredSession]) match {
+ case null => None
+ case protocol_codec=> Option(protocol_codec.getPeerX509Certificates)
+ }
+ }).getOrElse(Array[X509Certificate]())
+ }
}
/**
Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala?rev=1377163&r1=1377162&r2=1377163&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/Connector.scala Sat Aug 25 00:28:16 2012
@@ -50,6 +50,17 @@ trait Connector extends BaseService with
def resource_kind = SecuredResource.ConnectorKind
def update_buffer_settings = {}
+ def protocol_codec_config[T<:ProtocolDTO](clazz:Class[T]):Option[T] = {
+ import collection.JavaConversions._
+ val connector_config = config.asInstanceOf[AcceptingConnectorDTO]
+ for( x <- connector_config.protocols ) {
+ if( clazz.isInstance(x) ) {
+ return Some(clazz.cast(x))
+ }
+ }
+ return None
+ }
+
}
trait ConnectorFactory {
Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/jetty/WebSocketTransportFactory.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/jetty/WebSocketTransportFactory.scala?rev=1377163&r1=1377162&r2=1377163&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/jetty/WebSocketTransportFactory.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/jetty/WebSocketTransportFactory.scala Sat Aug 25 00:28:16 2012
@@ -196,7 +196,7 @@ object WebSocketTransportFactory extends
*
*/
case class WebSocketTransport(server: WsTransportServer, request: HttpServletRequest, protocol: String)
- extends BaseService with WebSocket.OnTextMessage with WebSocket.OnBinaryMessage with SecureTransport with ScatteringByteChannel with GatheringByteChannel {
+ extends BaseService with WebSocket.OnTextMessage with WebSocket.OnBinaryMessage with Transport with SecuredSession with ScatteringByteChannel with GatheringByteChannel {
/////////////////////////////////////////////////////////////////////////
// Transport interface methods.
Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/protocol/SSLProtocol.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/protocol/SSLProtocol.scala?rev=1377163&r1=1377162&r2=1377163&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/protocol/SSLProtocol.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/protocol/SSLProtocol.scala Sat Aug 25 00:28:16 2012
@@ -18,6 +18,8 @@ package org.apache.activemq.apollo.broke
import org.fusesource.hawtdispatch.transport.SSLProtocolCodec
import org.fusesource.hawtbuf.Buffer
import org.apache.activemq.apollo.broker.Connector
+import org.apache.activemq.apollo.dto.SslDTO
+import org.fusesource.hawtdispatch.transport.SSLProtocolCodec.ClientAuth
/**
*/
@@ -26,6 +28,7 @@ class SSLProtocol extends Protocol {
override def isIdentifiable = true
override def maxIdentificaionLength = 5
+
override def matchesIdentification(buffer: Buffer):Boolean = {
if( buffer.length >= 5 ) {
@@ -52,9 +55,22 @@ class SSLProtocol extends Protocol {
}
def createProtocolCodec(connector:Connector) = {
+ val config = connector.protocol_codec_config(classOf[SslDTO]).getOrElse(new SslDTO)
+ val client_auth = if( config.client_auth!=null ) {
+ ClientAuth.valueOf(config.client_auth.toUpperCase());
+ } else {
+ ClientAuth.WANT
+ }
+
+ val version = if( config.version!=null ) {
+ config.version;
+ } else {
+ "SSL"
+ }
+
val rc = new SSLProtocolCodec()
- rc.setSSLContext(connector.broker.ssl_context("SSL"))
- rc.server(SSLProtocolCodec.ClientAuth.NONE)
+ rc.setSSLContext(connector.broker.ssl_context(version))
+ rc.server(client_auth);
rc.setNext(new AnyProtocolCodec(connector))
rc
}
Added: activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/SslDTO.java
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/SslDTO.java?rev=1377163&view=auto
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/SslDTO.java (added)
+++ activemq/activemq-apollo/trunk/apollo-dto/src/main/java/org/apache/activemq/apollo/dto/SslDTO.java Sat Aug 25 00:28:16 2012
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.apollo.dto;
+
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlRootElement;
+
+/**
+ * Allow you to customize protocol detection handling.
+ *
+ * @author <a href="http://hiramchirino.com">Hiram Chirino</a>
+ */
+@XmlRootElement(name="ssl")
+@XmlAccessorType(XmlAccessType.FIELD)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class SslDTO extends ProtocolDTO {
+
+ /**
+ * Should clients be authorized? Set to WANT, NEED, or NONE. Defaults to WANT.
+ */
+ @XmlAttribute(name="client_auth")
+ public String client_auth;
+
+ /**
+ * The SSL protocol version to use. Set to SSL, TLS, TLSv1, TLSv3 etc.
+ */
+ @XmlAttribute(name="version")
+ public String version;
+
+}
Modified: activemq/activemq-apollo/trunk/apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/OpenwireProtocolHandler.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/OpenwireProtocolHandler.scala?rev=1377163&r1=1377162&r2=1377163&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/OpenwireProtocolHandler.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-openwire/src/main/scala/org/apache/activemq/apollo/openwire/OpenwireProtocolHandler.scala Sat Aug 25 00:28:16 2012
@@ -431,12 +431,7 @@ class OpenwireProtocolHandler extends Pr
if (connection_context==null) {
new ConnectionContext(info).attach
- connection.transport match {
- case t:SecureTransport=>
- security_context.certificates = Option(t.getPeerX509Certificates).getOrElse(Array[X509Certificate]())
- case _ =>
- }
-
+ security_context.certificates = connection.certificates
security_context.user = Option(info.getUserName).map(_.toString).getOrElse(null)
security_context.password = Option(info.getPassword).map(_.toString).getOrElse(null)
security_context.session_id = Some(info.getConnectionId.toString)
Modified: activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala?rev=1377163&r1=1377162&r2=1377163&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-stomp/src/main/scala/org/apache/activemq/apollo/stomp/StompProtocolHandler.scala Sat Aug 25 00:28:16 2012
@@ -36,7 +36,7 @@ import java.security.cert.X509Certificat
import collection.mutable.{ListBuffer, HashMap}
import java.io.IOException
import org.apache.activemq.apollo.dto._
-import org.fusesource.hawtdispatch.transport.{SecureTransport, HeartBeatMonitor, SslTransport}
+import org.fusesource.hawtdispatch.transport.{SecuredSession, HeartBeatMonitor, SslTransport}
import path.{LiteralPart, Path, PathParser}
@@ -925,12 +925,7 @@ class StompProtocolHandler extends Proto
def on_stomp_connect(headers:HeaderMap):Unit = {
- connection.transport match {
- case t:SecureTransport=>
- security_context.certificates = Option(t.getPeerX509Certificates).getOrElse(Array[X509Certificate]())
- case _ =>
- }
-
+ security_context.certificates = connection.certificates
security_context.local_address = connection.transport.getLocalAddress
security_context.remote_address = connection.transport.getRemoteAddress
security_context.user = get(headers, LOGIN).map(decode_header _).getOrElse(null)