diff options
| author | Rajith Muditha Attapattu <rajith@apache.org> | 2010-01-28 02:13:55 +0000 |
|---|---|---|
| committer | Rajith Muditha Attapattu <rajith@apache.org> | 2010-01-28 02:13:55 +0000 |
| commit | a5318490afdca4c9a16329f2a0e2f9ded0813f36 (patch) | |
| tree | bb5b38c3bf9df8c14bc15082e8624489ca6cb5de /java/common/src | |
| parent | ced42b83b5bcc435db7163a06f6992162b958009 (diff) | |
| download | qpid-python-a5318490afdca4c9a16329f2a0e2f9ded0813f36.tar.gz | |
This is related to QPID-2352
The SASL encryption layer is not fully functional, however it's dormant unless explicitly enabled using the jvm arg "qpid.sasl_encryption" or the connection parameter "sasl_encryption".
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@903942 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'java/common/src')
4 files changed, 233 insertions, 1 deletions
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/ConnectionBinding.java b/java/common/src/main/java/org/apache/qpid/transport/network/ConnectionBinding.java index 8a2aba2e6d..b9f8c29dde 100644 --- a/java/common/src/main/java/org/apache/qpid/transport/network/ConnectionBinding.java +++ b/java/common/src/main/java/org/apache/qpid/transport/network/ConnectionBinding.java @@ -25,8 +25,11 @@ import java.nio.ByteBuffer; import org.apache.qpid.transport.Binding; import org.apache.qpid.transport.Connection; import org.apache.qpid.transport.ConnectionDelegate; +import org.apache.qpid.transport.ConnectionListener; import org.apache.qpid.transport.Receiver; import org.apache.qpid.transport.Sender; +import org.apache.qpid.transport.network.security.sasl.SASLReceiver; +import org.apache.qpid.transport.network.security.sasl.SASLSender; /** * ConnectionBinding @@ -69,6 +72,12 @@ public abstract class ConnectionBinding { Connection conn = connection(); + if (conn.getConnectionSettings().isUseSASLEncryption()) + { + sender = new SASLSender(sender); + conn.addConnectionListener((ConnectionListener)sender); + } + // XXX: hardcoded max-frame Disassembler dis = new Disassembler(sender, MAX_FRAME_SIZE); conn.setSender(dis); @@ -77,7 +86,16 @@ public abstract class ConnectionBinding public Receiver<ByteBuffer> receiver(Connection conn) { - return new InputHandler(new Assembler(conn)); + if (conn.getConnectionSettings().isUseSASLEncryption()) + { + SASLReceiver receiver = new SASLReceiver(new InputHandler(new Assembler(conn))); + conn.addConnectionListener((ConnectionListener)receiver); + return receiver; + } + else + { + return new InputHandler(new Assembler(conn)); + } } } diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java new file mode 100644 index 0000000000..939483a280 --- /dev/null +++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java @@ -0,0 +1,45 @@ +package org.apache.qpid.transport.network.security.sasl; + +import java.util.concurrent.atomic.AtomicBoolean; + +import javax.security.sasl.Sasl; +import javax.security.sasl.SaslClient; + +import org.apache.qpid.transport.Connection; +import org.apache.qpid.transport.ConnectionException; +import org.apache.qpid.transport.ConnectionListener; + +public abstract class SASLEncryptor implements ConnectionListener +{ + protected SaslClient saslClient; + protected boolean securityLayerEstablished = false; + protected int sendBuffSize; + protected int recvBuffSize; + + public boolean isSecurityLayerEstablished() + { + return securityLayerEstablished; + } + + public void opened(Connection conn) + { + if (conn.getSaslClient() != null) + { + saslClient = conn.getSaslClient(); + if (saslClient.isComplete() && saslClient.getNegotiatedProperty(Sasl.QOP) == "auth-conf") + { + sendBuffSize = Integer.parseInt( + (String)saslClient.getNegotiatedProperty(Sasl.RAW_SEND_SIZE)); + recvBuffSize = Integer.parseInt( + (String)saslClient.getNegotiatedProperty(Sasl.MAX_BUFFER)); + securityLayerEstablished(); + securityLayerEstablished = true; + } + } + } + + public void exception(Connection conn, ConnectionException exception){} + public void closed(Connection conn) {} + + public abstract void securityLayerEstablished(); +} diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java new file mode 100644 index 0000000000..2e6cce33fd --- /dev/null +++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java @@ -0,0 +1,67 @@ +package org.apache.qpid.transport.network.security.sasl; + +import java.nio.ByteBuffer; + +import javax.security.sasl.SaslClient; +import javax.security.sasl.SaslException; + +import org.apache.qpid.transport.Receiver; +import org.apache.qpid.transport.SenderException; +import org.apache.qpid.transport.util.Logger; + +public class SASLReceiver extends SASLEncryptor implements Receiver<ByteBuffer> { + + Receiver<ByteBuffer> delegate; + private byte[] netData; + private static final Logger log = Logger.get(SASLReceiver.class); + + public SASLReceiver(Receiver<ByteBuffer> delegate) + { + this.delegate = delegate; + } + + @Override + public void closed() + { + delegate.closed(); + } + + @Override + public void exception(Throwable t) + { + delegate.equals(t); + } + + @Override + public void received(ByteBuffer buf) + { + if (isSecurityLayerEstablished()) + { + while (buf.hasRemaining()) + { + int length = Math.min(buf.remaining(),recvBuffSize); + buf.get(netData, 0, length); + try + { + byte[] out = saslClient.unwrap(netData, 0, length); + delegate.received(ByteBuffer.wrap(out)); + } + catch (SaslException e) + { + throw new SenderException("SASL Sender, Error occurred while encrypting data",e); + } + } + } + else + { + delegate.received(buf); + } + } + + public void securityLayerEstablished() + { + netData = new byte[recvBuffSize]; + log.debug("SASL Security Layer Established"); + } + +} diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java new file mode 100644 index 0000000000..4c50606c60 --- /dev/null +++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java @@ -0,0 +1,102 @@ +package org.apache.qpid.transport.network.security.sasl; + +import java.nio.ByteBuffer; +import java.util.concurrent.atomic.AtomicBoolean; + +import javax.security.sasl.SaslClient; +import javax.security.sasl.SaslException; + +import org.apache.qpid.transport.Sender; +import org.apache.qpid.transport.SenderException; +import org.apache.qpid.transport.util.Logger; + +public class SASLSender extends SASLEncryptor implements Sender<ByteBuffer> { + + protected Sender<ByteBuffer> delegate; + private byte[] appData; + private final AtomicBoolean closed = new AtomicBoolean(false); + private static final Logger log = Logger.get(SASLSender.class); + + public SASLSender(Sender<ByteBuffer> delegate) + { + this.delegate = delegate; + log.debug("SASL Sender enabled"); + } + + @Override + public void close() + { + + if (!closed.getAndSet(true)) + { + delegate.close(); + if (isSecurityLayerEstablished()) + { + try + { + saslClient.dispose(); + } + catch (SaslException e) + { + throw new SenderException("Error closing SASL Sender",e); + } + } + } + } + + @Override + public void flush() + { + delegate.flush(); + } + + @Override + public void send(ByteBuffer buf) + { + if (closed.get()) + { + throw new SenderException("SSL Sender is closed"); + } + + if (isSecurityLayerEstablished()) + { + while (buf.hasRemaining()) + { + int length = Math.min(buf.remaining(),sendBuffSize); + log.debug("sendBuffSize %s", sendBuffSize); + log.debug("buf.remaining() %s", buf.remaining()); + + buf.get(appData, 0, length); + try + { + byte[] out = saslClient.wrap(appData, 0, length); + log.debug("out.length %s", out.length); + + delegate.send(ByteBuffer.wrap(out)); + } + catch (SaslException e) + { + log.error("Exception while encrypting data.",e); + throw new SenderException("SASL Sender, Error occurred while encrypting data",e); + } + } + } + else + { + delegate.send(buf); + } + } + + @Override + public void setIdleTimeout(int i) + { + delegate.setIdleTimeout(i); + } + + public void securityLayerEstablished() + { + appData = new byte[sendBuffSize]; + log.debug("SASL Security Layer Established"); + } + +} |