use of org.glassfish.grizzly.ssl.SSLFilter in project openmq by eclipse-ee4j.
the class StompServer method init.
public synchronized void init(BridgeContext bc) throws Exception {
_bc = bc;
Properties props = bc.getConfig();
String domain = props.getProperty(BridgeContext.BRIDGE_PROP_PREFIX);
String cn = props.getProperty(domain + PROP_MSGTRANSFORM_SUFFIX);
if (cn != null) {
_msgTransformer = (MessageTransformer<Message, Message>) Class.forName(cn).getDeclaredConstructor().newInstance();
}
jmsprop = new Properties();
String flowlimit = props.getProperty(domain + PROP_FLOWLIMIT_SUFFIX);
if (flowlimit != null) {
jmsprop.setProperty(com.sun.messaging.ConnectionConfiguration.imqConsumerFlowLimit, String.valueOf(Integer.parseInt(flowlimit)));
}
_logger = Logger.getLogger(domain);
if (bc.isSilentMode()) {
_logger.setUseParentHandlers(false);
}
String var = bc.getRootDir();
File dir = new File(var);
if (!dir.exists()) {
if (!dir.mkdirs()) {
throw new IOException("File.mkdirs(" + var + ")");
}
}
String logfile = var + File.separator + "stomp%g.log";
int limit = 0, count = 1;
String limits = props.getProperty(domain + PROP_LOGFILE_LIMIT_SUFFIX);
if (limits != null) {
limit = Integer.parseInt(limits);
}
String counts = props.getProperty(domain + PROP_LOGFILE_COUNT_SUFFIX);
if (counts != null) {
count = Integer.parseInt(counts);
}
FileHandler h = new FileHandler(logfile, limit, count, true);
h.setFormatter(new LogSimpleFormatter(_logger));
_logger.addHandler(h);
_logger.log(Level.INFO, getStompBridgeResources().getString(StompBridgeResources.I_LOG_DOMAIN, domain));
_logger.log(Level.INFO, getStompBridgeResources().getString(StompBridgeResources.I_LOG_FILE, logfile) + "[" + limit + "," + count + "]");
String v = props.getProperty(domain + PROP_TCPENABLED_SUFFIX, "true");
if (v != null && Boolean.parseBoolean(v)) {
String p = props.getProperty(domain + PROP_TCPPORT_SUFFIX, String.valueOf(DEFAULT_TCPPORT));
TCPPORT = Integer.parseInt(p);
_tcpEnabled = true;
}
v = props.getProperty(domain + PROP_SSLENABLED_SUFFIX, "false");
if (v != null && Boolean.parseBoolean(v)) {
String p = props.getProperty(domain + PROP_SSLPORT_SUFFIX, String.valueOf(DEFAULT_SSLPORT));
SSLPORT = Integer.parseInt(p);
_sslEnabled = true;
}
if (!_tcpEnabled && !_sslEnabled) {
throw new IllegalArgumentException(getStompBridgeResources().getKString(StompBridgeResources.X_NO_PROTOCOL));
}
v = props.getProperty(domain + PROP_HOSTNAME_SUFFIX);
if (v == null || v.length() == 0) {
v = bc.getBrokerHostName();
}
String hn = null;
if (v != null && v.length() > 0) {
hn = v;
HOST = InetAddress.getByName(v);
} else {
hn = InetAddress.getLocalHost().getCanonicalHostName();
}
URL u = new URL("http", hn, TCPPORT, "");
TCPHOSTNAMEPORT = u.getHost() + ":" + TCPPORT;
u = new URL("http", hn, SSLPORT, "");
SSLHOSTNAMEPORT = u.getHost() + ":" + SSLPORT;
int major = Grizzly.getMajorVersion();
// int minor = Grizzly.getMinorVersion();
if (major < 2) {
String[] params = { String.valueOf(major), Grizzly.getDotedVersion(), String.valueOf(1) };
String emsg = getStompBridgeResources().getKString(StompBridgeResources.X_INCOMPATIBLE_GRIZZLY_MAJOR_VERSION, params);
_logger.log(Level.SEVERE, emsg);
throw new UnsupportedOperationException(emsg);
}
_logger.log(Level.INFO, getStompBridgeResources().getString(StompBridgeResources.I_INIT_GRIZZLY, Grizzly.getDotedVersion()));
PUService pu = null;
if (_bc.doBind() && (_tcpEnabled || _sslEnabled)) {
pu = (PUService) bc.getPUService();
if (pu == null) {
if (_tcpEnabled) {
FilterChainBuilder filterChainBuilder = FilterChainBuilder.stateless();
filterChainBuilder.add(new TransportFilter());
filterChainBuilder.add(new StompMessageFilter(this));
filterChainBuilder.add(new StompMessageDispatchFilter(this));
_tcpTransport = TCPNIOTransportBuilder.newInstance().build();
_tcpTransport.setProcessor(filterChainBuilder.build());
InetSocketAddress saddr = (HOST == null ? new InetSocketAddress(TCPPORT) : new InetSocketAddress(HOST, TCPPORT));
_tcpTransport.bind(saddr);
}
if (_sslEnabled) {
final SSLEngineConfigurator serverConfig = initializeSSL(_bc, domain, props, _logger);
final SSLEngineConfigurator clientConfig = serverConfig.copy().setClientMode(true);
FilterChainBuilder filterChainBuilder = FilterChainBuilder.stateless();
filterChainBuilder.add(new TransportFilter());
filterChainBuilder.add(new SSLFilter(serverConfig, clientConfig));
filterChainBuilder.add(new StompMessageFilter(this));
filterChainBuilder.add(new StompMessageDispatchFilter(this));
_sslTransport = TCPNIOTransportBuilder.newInstance().build();
_sslTransport.setProcessor(filterChainBuilder.build());
InetSocketAddress saddr = (HOST == null ? new InetSocketAddress(SSLPORT) : new InetSocketAddress(HOST, SSLPORT));
_sslTransport.bind(saddr);
}
} else {
if (_tcpEnabled) {
final FilterChain puProtocolFilterChain = pu.getPUFilterChainBuilder().add(new StompMessageFilter(this)).add(new StompMessageDispatchFilter(this)).build();
StompProtocolFinder pf = new StompProtocolFinder();
_tcppup = new PUProtocol(pf, puProtocolFilterChain);
}
if (_sslEnabled) {
Properties sslprops = bc.getDefaultSSLContextConfig();
boolean reqcauth = false;
v = props.getProperty(domain + PROP_SSL_REQUIRE_CLIENTAUTH_SUFFIX, "false");
if (v != null && Boolean.parseBoolean(v)) {
reqcauth = true;
}
if (!pu.initializeSSL(sslprops, reqcauth, null, _bc.getPoodleFixEnabled(), _bc.getKnownSSLEnabledProtocols())) {
if (pu.getSSLClientAuthRequired() != reqcauth) {
_logger.log(Level.WARNING, getStompBridgeResources().getString(StompBridgeResources.W_PROPERTY_SETTING_OVERRIDE_BY_BROKER, domain + PROP_SSL_REQUIRE_CLIENTAUTH_SUFFIX + "=" + reqcauth, domain + PROP_SSL_REQUIRE_CLIENTAUTH_SUFFIX + "=" + pu.getSSLClientAuthRequired()));
}
}
final FilterChain puProtocolFilterChain = pu.getSSLPUFilterChainBuilder().add(new StompMessageFilter(this)).add(new StompMessageDispatchFilter(this)).build();
StompProtocolFinder pf = new StompProtocolFinder();
_sslpup = new PUProtocol(pf, puProtocolFilterChain);
}
}
}
if (_bc.doBind() && _tcpEnabled && pu == null) {
_bc.registerService("stomp[TCP]", "stomp", TCPPORT, null);
}
if (_bc.doBind() && _sslEnabled && pu == null) {
_bc.registerService("stomp[SSL/TLS]", "stomp", SSLPORT, null);
}
_inited = true;
}
use of org.glassfish.grizzly.ssl.SSLFilter in project openmq by eclipse-ee4j.
the class PUService method initializeSSL.
@SuppressWarnings("deprecation")
public synchronized boolean initializeSSL(Properties props, boolean clientAuthRequired, PUServiceCallback cb, boolean poodleFixEnabled, String[] knownSSLEnabledProtocols) throws IOException {
if (rootpuf == null) {
throw new IOException("Illegal call: PUService not initialized");
}
if (sslpuf != null) {
return false;
}
SSLContextConfigurator sslcf = createSSLContextConfigrattor(props);
if (!sslcf.validateConfiguration(true)) {
throw new IOException("Invalid SSL context configuration:" + sslcf);
}
SSLEngineConfigurator clientc = new SSLEngineConfigurator(sslcf.createSSLContext(false));
SSLEngineConfigurator serverc = new SSLEngineConfigurator(sslcf.createSSLContext(false), false, clientAuthRequired, clientAuthRequired);
if (poodleFixEnabled) {
applyPoodleFix(clientc, knownSSLEnabledProtocols, "PUService");
applyPoodleFix(serverc, knownSSLEnabledProtocols, "PUService");
}
sslpuf = new PUFilter();
FilterChain sslProtocolFilterChain = rootpuf.getPUFilterChainBuilder().add(new SSLFilter(serverc, clientc)).add(sslpuf).build();
PUProtocol pu = new PUProtocol(new SSLProtocolFinder(serverc), sslProtocolFilterChain);
try {
register(pu, cb);
this.sslClientAuthRequired = clientAuthRequired;
return true;
} catch (Exception e) {
sslpuf = null;
this.sslClientAuthRequired = false;
if (e instanceof IOException) {
throw (IOException) e;
}
throw new IOException(e.toString(), e);
}
}
Aggregations