You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/04/09 20:17:24 UTC
svn commit: r1672437 - in /tomcat/trunk/java/org/apache/tomcat/util/net:
NioEndpoint.java SecureNioChannel.java
Author: markt
Date: Thu Apr 9 18:17:24 2015
New Revision: 1672437
URL: http://svn.apache.org/r1672437
Log:
SNI Refactoring. I'm doing this in small steps as I tried to do it a single go and got something wrong that broke secure connections.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?rev=1672437&r1=1672436&r2=1672437&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Thu Apr 9 18:17:24 2015
@@ -465,7 +465,7 @@ public class NioEndpoint extends Abstrac
Math.max(appbufsize,socketProperties.getAppReadBufSize()),
Math.max(appbufsize,socketProperties.getAppWriteBufSize()),
socketProperties.getDirectBuffer());
- channel = new SecureNioChannel(socket, engine, bufhandler, selectorPool);
+ channel = new SecureNioChannel(socket, engine, bufhandler, selectorPool, this);
} else {
// normal tcp setup
SocketBufferHandler bufhandler = new SocketBufferHandler(
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1672437&r1=1672436&r2=1672437&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Thu Apr 9 18:17:24 2015
@@ -52,18 +52,16 @@ public class SecureNioChannel extends Ni
protected boolean closing = false;
protected NioSelectorPool pool;
+ private final NioEndpoint endpoint;
public SecureNioChannel(SocketChannel channel, SSLEngine engine, SocketBufferHandler bufHandler,
- NioSelectorPool pool) {
+ NioSelectorPool pool, NioEndpoint endpoint) {
super(channel,bufHandler);
this.sslEngine = engine;
- int netBufSize = sslEngine.getSession().getPacketBufferSize();
- //allocate network buffers - TODO, add in optional direct non-direct buffers
- if ( netInBuffer == null ) netInBuffer = ByteBuffer.allocateDirect(netBufSize);
- if ( netOutBuffer == null ) netOutBuffer = ByteBuffer.allocateDirect(netBufSize);
- //selector pool for blocking operations
+ // selector pool for blocking operations
this.pool = pool;
+ this.endpoint = endpoint;
}
public void reset(SSLEngine engine) throws IOException {
@@ -74,10 +72,6 @@ public class SecureNioChannel extends Ni
@Override
public void reset() throws IOException {
super.reset();
- netOutBuffer.position(0);
- netOutBuffer.limit(0);
- netInBuffer.position(0);
- netInBuffer.limit(0);
sniComplete = false;
handshakeComplete = false;
closed = false;
@@ -223,6 +217,46 @@ public class SecureNioChannel extends Ni
* provided host name, configure the SSLEngine for this connection.
*/
private int processSNI() throws SSLException {
+ // TODO The peek at the available data to determine the host requested
+ // via SNI (if any) goes here.
+
+ SocketProperties sp = endpoint.getSocketProperties();
+ // Create/expand network buffers.
+ // In/Out are always created in a pair with identical settings so only
+ // need to test one to determine what needs to be done for both.
+ int netBufSize = sslEngine.getSession().getPacketBufferSize();
+ if (netInBuffer == null) {
+ if (sp.getDirectSslBuffer()) {
+ netInBuffer = ByteBuffer.allocateDirect(netBufSize);
+ netOutBuffer = ByteBuffer.allocateDirect(netBufSize);
+ } else {
+ netInBuffer = ByteBuffer.allocate(netBufSize);
+ netOutBuffer = ByteBuffer.allocate(netBufSize);
+ }
+ } else if (netInBuffer.capacity() < netBufSize) {
+ // Need to expand the buffers, making sure no data is lost.
+ ByteBuffer newInBuffer;
+ ByteBuffer newOutBuffer;
+ if (sp.getDirectSslBuffer()) {
+ newInBuffer = ByteBuffer.allocateDirect(netBufSize);
+ newOutBuffer = ByteBuffer.allocateDirect(netBufSize);
+ } else {
+ newInBuffer = ByteBuffer.allocate(netBufSize);
+ newOutBuffer = ByteBuffer.allocate(netBufSize);
+ }
+ newInBuffer.put(netInBuffer);
+ newOutBuffer.put(netOutBuffer);
+ netInBuffer = newInBuffer;
+ netOutBuffer = newOutBuffer;
+ } else {
+ // Existing buffers are big enough. Nothing to do here.
+ }
+ // Set limit and position to expected values
+ netInBuffer.position(0);
+ netInBuffer.limit(0);
+ netOutBuffer.position(0);
+ netOutBuffer.limit(0);
+
// Initiate handshake
sslEngine.beginHandshake();
handshakeStatus = sslEngine.getHandshakeStatus();
@@ -246,7 +280,7 @@ public class SecureNioChannel extends Ni
if (netOutBuffer.position() > 0 && netOutBuffer.position()<netOutBuffer.limit()) throw new IOException(sm.getString("channel.nio.ssl.netOutputNotEmpty"));
if (!getBufHandler().isReadBufferEmpty()) throw new IOException(sm.getString("channel.nio.ssl.appInputNotEmpty"));
if (!getBufHandler().isWriteBufferEmpty()) throw new IOException(sm.getString("channel.nio.ssl.appOutputNotEmpty"));
- reset();
+ handshakeComplete = false;
boolean isReadable = true;
boolean isWriteable = true;
boolean handshaking = true;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org