From a5318490afdca4c9a16329f2a0e2f9ded0813f36 Mon Sep 17 00:00:00 2001 From: Rajith Muditha Attapattu Date: Thu, 28 Jan 2010 02:13:55 +0000 Subject: This is related to QPID-2352 The SASL encryption layer is not fully functional, however it's dormant unless explicitly enabled using the jvm arg "qpid.sasl_encryption" or the connection parameter "sasl_encryption". git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@903942 13f79535-47bb-0310-9956-ffa450edef68 --- .../qpid/transport/network/ConnectionBinding.java | 20 +++- .../network/security/sasl/SASLEncryptor.java | 45 +++++++++ .../network/security/sasl/SASLReceiver.java | 67 ++++++++++++++ .../network/security/sasl/SASLSender.java | 102 +++++++++++++++++++++ 4 files changed, 233 insertions(+), 1 deletion(-) create mode 100644 java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java create mode 100644 java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java create mode 100644 java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java (limited to 'java/common/src') diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/ConnectionBinding.java b/java/common/src/main/java/org/apache/qpid/transport/network/ConnectionBinding.java index 8a2aba2e6d..b9f8c29dde 100644 --- a/java/common/src/main/java/org/apache/qpid/transport/network/ConnectionBinding.java +++ b/java/common/src/main/java/org/apache/qpid/transport/network/ConnectionBinding.java @@ -25,8 +25,11 @@ import java.nio.ByteBuffer; import org.apache.qpid.transport.Binding; import org.apache.qpid.transport.Connection; import org.apache.qpid.transport.ConnectionDelegate; +import org.apache.qpid.transport.ConnectionListener; import org.apache.qpid.transport.Receiver; import org.apache.qpid.transport.Sender; +import org.apache.qpid.transport.network.security.sasl.SASLReceiver; +import org.apache.qpid.transport.network.security.sasl.SASLSender; /** * ConnectionBinding @@ -69,6 +72,12 @@ public abstract class ConnectionBinding { Connection conn = connection(); + if (conn.getConnectionSettings().isUseSASLEncryption()) + { + sender = new SASLSender(sender); + conn.addConnectionListener((ConnectionListener)sender); + } + // XXX: hardcoded max-frame Disassembler dis = new Disassembler(sender, MAX_FRAME_SIZE); conn.setSender(dis); @@ -77,7 +86,16 @@ public abstract class ConnectionBinding public Receiver receiver(Connection conn) { - return new InputHandler(new Assembler(conn)); + if (conn.getConnectionSettings().isUseSASLEncryption()) + { + SASLReceiver receiver = new SASLReceiver(new InputHandler(new Assembler(conn))); + conn.addConnectionListener((ConnectionListener)receiver); + return receiver; + } + else + { + return new InputHandler(new Assembler(conn)); + } } } diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java new file mode 100644 index 0000000000..939483a280 --- /dev/null +++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLEncryptor.java @@ -0,0 +1,45 @@ +package org.apache.qpid.transport.network.security.sasl; + +import java.util.concurrent.atomic.AtomicBoolean; + +import javax.security.sasl.Sasl; +import javax.security.sasl.SaslClient; + +import org.apache.qpid.transport.Connection; +import org.apache.qpid.transport.ConnectionException; +import org.apache.qpid.transport.ConnectionListener; + +public abstract class SASLEncryptor implements ConnectionListener +{ + protected SaslClient saslClient; + protected boolean securityLayerEstablished = false; + protected int sendBuffSize; + protected int recvBuffSize; + + public boolean isSecurityLayerEstablished() + { + return securityLayerEstablished; + } + + public void opened(Connection conn) + { + if (conn.getSaslClient() != null) + { + saslClient = conn.getSaslClient(); + if (saslClient.isComplete() && saslClient.getNegotiatedProperty(Sasl.QOP) == "auth-conf") + { + sendBuffSize = Integer.parseInt( + (String)saslClient.getNegotiatedProperty(Sasl.RAW_SEND_SIZE)); + recvBuffSize = Integer.parseInt( + (String)saslClient.getNegotiatedProperty(Sasl.MAX_BUFFER)); + securityLayerEstablished(); + securityLayerEstablished = true; + } + } + } + + public void exception(Connection conn, ConnectionException exception){} + public void closed(Connection conn) {} + + public abstract void securityLayerEstablished(); +} diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java new file mode 100644 index 0000000000..2e6cce33fd --- /dev/null +++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLReceiver.java @@ -0,0 +1,67 @@ +package org.apache.qpid.transport.network.security.sasl; + +import java.nio.ByteBuffer; + +import javax.security.sasl.SaslClient; +import javax.security.sasl.SaslException; + +import org.apache.qpid.transport.Receiver; +import org.apache.qpid.transport.SenderException; +import org.apache.qpid.transport.util.Logger; + +public class SASLReceiver extends SASLEncryptor implements Receiver { + + Receiver delegate; + private byte[] netData; + private static final Logger log = Logger.get(SASLReceiver.class); + + public SASLReceiver(Receiver delegate) + { + this.delegate = delegate; + } + + @Override + public void closed() + { + delegate.closed(); + } + + @Override + public void exception(Throwable t) + { + delegate.equals(t); + } + + @Override + public void received(ByteBuffer buf) + { + if (isSecurityLayerEstablished()) + { + while (buf.hasRemaining()) + { + int length = Math.min(buf.remaining(),recvBuffSize); + buf.get(netData, 0, length); + try + { + byte[] out = saslClient.unwrap(netData, 0, length); + delegate.received(ByteBuffer.wrap(out)); + } + catch (SaslException e) + { + throw new SenderException("SASL Sender, Error occurred while encrypting data",e); + } + } + } + else + { + delegate.received(buf); + } + } + + public void securityLayerEstablished() + { + netData = new byte[recvBuffSize]; + log.debug("SASL Security Layer Established"); + } + +} diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java new file mode 100644 index 0000000000..4c50606c60 --- /dev/null +++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/sasl/SASLSender.java @@ -0,0 +1,102 @@ +package org.apache.qpid.transport.network.security.sasl; + +import java.nio.ByteBuffer; +import java.util.concurrent.atomic.AtomicBoolean; + +import javax.security.sasl.SaslClient; +import javax.security.sasl.SaslException; + +import org.apache.qpid.transport.Sender; +import org.apache.qpid.transport.SenderException; +import org.apache.qpid.transport.util.Logger; + +public class SASLSender extends SASLEncryptor implements Sender { + + protected Sender delegate; + private byte[] appData; + private final AtomicBoolean closed = new AtomicBoolean(false); + private static final Logger log = Logger.get(SASLSender.class); + + public SASLSender(Sender delegate) + { + this.delegate = delegate; + log.debug("SASL Sender enabled"); + } + + @Override + public void close() + { + + if (!closed.getAndSet(true)) + { + delegate.close(); + if (isSecurityLayerEstablished()) + { + try + { + saslClient.dispose(); + } + catch (SaslException e) + { + throw new SenderException("Error closing SASL Sender",e); + } + } + } + } + + @Override + public void flush() + { + delegate.flush(); + } + + @Override + public void send(ByteBuffer buf) + { + if (closed.get()) + { + throw new SenderException("SSL Sender is closed"); + } + + if (isSecurityLayerEstablished()) + { + while (buf.hasRemaining()) + { + int length = Math.min(buf.remaining(),sendBuffSize); + log.debug("sendBuffSize %s", sendBuffSize); + log.debug("buf.remaining() %s", buf.remaining()); + + buf.get(appData, 0, length); + try + { + byte[] out = saslClient.wrap(appData, 0, length); + log.debug("out.length %s", out.length); + + delegate.send(ByteBuffer.wrap(out)); + } + catch (SaslException e) + { + log.error("Exception while encrypting data.",e); + throw new SenderException("SASL Sender, Error occurred while encrypting data",e); + } + } + } + else + { + delegate.send(buf); + } + } + + @Override + public void setIdleTimeout(int i) + { + delegate.setIdleTimeout(i); + } + + public void securityLayerEstablished() + { + appData = new byte[sendBuffSize]; + log.debug("SASL Security Layer Established"); + } + +} -- cgit v1.2.1