Search in sources :

Example 1 with SSLFilter

use of org.glassfish.grizzly.ssl.SSLFilter in project openmq by eclipse-ee4j.

the class StompServer method init.

public synchronized void init(BridgeContext bc) throws Exception {
    _bc = bc;
    Properties props = bc.getConfig();
    String domain = props.getProperty(BridgeContext.BRIDGE_PROP_PREFIX);
    String cn = props.getProperty(domain + PROP_MSGTRANSFORM_SUFFIX);
    if (cn != null) {
        _msgTransformer = (MessageTransformer<Message, Message>) Class.forName(cn).getDeclaredConstructor().newInstance();
    }
    jmsprop = new Properties();
    String flowlimit = props.getProperty(domain + PROP_FLOWLIMIT_SUFFIX);
    if (flowlimit != null) {
        jmsprop.setProperty(com.sun.messaging.ConnectionConfiguration.imqConsumerFlowLimit, String.valueOf(Integer.parseInt(flowlimit)));
    }
    _logger = Logger.getLogger(domain);
    if (bc.isSilentMode()) {
        _logger.setUseParentHandlers(false);
    }
    String var = bc.getRootDir();
    File dir = new File(var);
    if (!dir.exists()) {
        if (!dir.mkdirs()) {
            throw new IOException("File.mkdirs(" + var + ")");
        }
    }
    String logfile = var + File.separator + "stomp%g.log";
    int limit = 0, count = 1;
    String limits = props.getProperty(domain + PROP_LOGFILE_LIMIT_SUFFIX);
    if (limits != null) {
        limit = Integer.parseInt(limits);
    }
    String counts = props.getProperty(domain + PROP_LOGFILE_COUNT_SUFFIX);
    if (counts != null) {
        count = Integer.parseInt(counts);
    }
    FileHandler h = new FileHandler(logfile, limit, count, true);
    h.setFormatter(new LogSimpleFormatter(_logger));
    _logger.addHandler(h);
    _logger.log(Level.INFO, getStompBridgeResources().getString(StompBridgeResources.I_LOG_DOMAIN, domain));
    _logger.log(Level.INFO, getStompBridgeResources().getString(StompBridgeResources.I_LOG_FILE, logfile) + "[" + limit + "," + count + "]");
    String v = props.getProperty(domain + PROP_TCPENABLED_SUFFIX, "true");
    if (v != null && Boolean.parseBoolean(v)) {
        String p = props.getProperty(domain + PROP_TCPPORT_SUFFIX, String.valueOf(DEFAULT_TCPPORT));
        TCPPORT = Integer.parseInt(p);
        _tcpEnabled = true;
    }
    v = props.getProperty(domain + PROP_SSLENABLED_SUFFIX, "false");
    if (v != null && Boolean.parseBoolean(v)) {
        String p = props.getProperty(domain + PROP_SSLPORT_SUFFIX, String.valueOf(DEFAULT_SSLPORT));
        SSLPORT = Integer.parseInt(p);
        _sslEnabled = true;
    }
    if (!_tcpEnabled && !_sslEnabled) {
        throw new IllegalArgumentException(getStompBridgeResources().getKString(StompBridgeResources.X_NO_PROTOCOL));
    }
    v = props.getProperty(domain + PROP_HOSTNAME_SUFFIX);
    if (v == null || v.length() == 0) {
        v = bc.getBrokerHostName();
    }
    String hn = null;
    if (v != null && v.length() > 0) {
        hn = v;
        HOST = InetAddress.getByName(v);
    } else {
        hn = InetAddress.getLocalHost().getCanonicalHostName();
    }
    URL u = new URL("http", hn, TCPPORT, "");
    TCPHOSTNAMEPORT = u.getHost() + ":" + TCPPORT;
    u = new URL("http", hn, SSLPORT, "");
    SSLHOSTNAMEPORT = u.getHost() + ":" + SSLPORT;
    int major = Grizzly.getMajorVersion();
    // int minor = Grizzly.getMinorVersion();
    if (major < 2) {
        String[] params = { String.valueOf(major), Grizzly.getDotedVersion(), String.valueOf(1) };
        String emsg = getStompBridgeResources().getKString(StompBridgeResources.X_INCOMPATIBLE_GRIZZLY_MAJOR_VERSION, params);
        _logger.log(Level.SEVERE, emsg);
        throw new UnsupportedOperationException(emsg);
    }
    _logger.log(Level.INFO, getStompBridgeResources().getString(StompBridgeResources.I_INIT_GRIZZLY, Grizzly.getDotedVersion()));
    PUService pu = null;
    if (_bc.doBind() && (_tcpEnabled || _sslEnabled)) {
        pu = (PUService) bc.getPUService();
        if (pu == null) {
            if (_tcpEnabled) {
                FilterChainBuilder filterChainBuilder = FilterChainBuilder.stateless();
                filterChainBuilder.add(new TransportFilter());
                filterChainBuilder.add(new StompMessageFilter(this));
                filterChainBuilder.add(new StompMessageDispatchFilter(this));
                _tcpTransport = TCPNIOTransportBuilder.newInstance().build();
                _tcpTransport.setProcessor(filterChainBuilder.build());
                InetSocketAddress saddr = (HOST == null ? new InetSocketAddress(TCPPORT) : new InetSocketAddress(HOST, TCPPORT));
                _tcpTransport.bind(saddr);
            }
            if (_sslEnabled) {
                final SSLEngineConfigurator serverConfig = initializeSSL(_bc, domain, props, _logger);
                final SSLEngineConfigurator clientConfig = serverConfig.copy().setClientMode(true);
                FilterChainBuilder filterChainBuilder = FilterChainBuilder.stateless();
                filterChainBuilder.add(new TransportFilter());
                filterChainBuilder.add(new SSLFilter(serverConfig, clientConfig));
                filterChainBuilder.add(new StompMessageFilter(this));
                filterChainBuilder.add(new StompMessageDispatchFilter(this));
                _sslTransport = TCPNIOTransportBuilder.newInstance().build();
                _sslTransport.setProcessor(filterChainBuilder.build());
                InetSocketAddress saddr = (HOST == null ? new InetSocketAddress(SSLPORT) : new InetSocketAddress(HOST, SSLPORT));
                _sslTransport.bind(saddr);
            }
        } else {
            if (_tcpEnabled) {
                final FilterChain puProtocolFilterChain = pu.getPUFilterChainBuilder().add(new StompMessageFilter(this)).add(new StompMessageDispatchFilter(this)).build();
                StompProtocolFinder pf = new StompProtocolFinder();
                _tcppup = new PUProtocol(pf, puProtocolFilterChain);
            }
            if (_sslEnabled) {
                Properties sslprops = bc.getDefaultSSLContextConfig();
                boolean reqcauth = false;
                v = props.getProperty(domain + PROP_SSL_REQUIRE_CLIENTAUTH_SUFFIX, "false");
                if (v != null && Boolean.parseBoolean(v)) {
                    reqcauth = true;
                }
                if (!pu.initializeSSL(sslprops, reqcauth, null, _bc.getPoodleFixEnabled(), _bc.getKnownSSLEnabledProtocols())) {
                    if (pu.getSSLClientAuthRequired() != reqcauth) {
                        _logger.log(Level.WARNING, getStompBridgeResources().getString(StompBridgeResources.W_PROPERTY_SETTING_OVERRIDE_BY_BROKER, domain + PROP_SSL_REQUIRE_CLIENTAUTH_SUFFIX + "=" + reqcauth, domain + PROP_SSL_REQUIRE_CLIENTAUTH_SUFFIX + "=" + pu.getSSLClientAuthRequired()));
                    }
                }
                final FilterChain puProtocolFilterChain = pu.getSSLPUFilterChainBuilder().add(new StompMessageFilter(this)).add(new StompMessageDispatchFilter(this)).build();
                StompProtocolFinder pf = new StompProtocolFinder();
                _sslpup = new PUProtocol(pf, puProtocolFilterChain);
            }
        }
    }
    if (_bc.doBind() && _tcpEnabled && pu == null) {
        _bc.registerService("stomp[TCP]", "stomp", TCPPORT, null);
    }
    if (_bc.doBind() && _sslEnabled && pu == null) {
        _bc.registerService("stomp[SSL/TLS]", "stomp", SSLPORT, null);
    }
    _inited = true;
}
Also used : Message(jakarta.jms.Message) InetSocketAddress(java.net.InetSocketAddress) StompProtocolFinder(com.sun.messaging.portunif.StompProtocolFinder) FilterChain(org.glassfish.grizzly.filterchain.FilterChain) Properties(java.util.Properties) TransportFilter(org.glassfish.grizzly.filterchain.TransportFilter) PUProtocol(org.glassfish.grizzly.portunif.PUProtocol) URL(java.net.URL) FileHandler(java.util.logging.FileHandler) LogSimpleFormatter(com.sun.messaging.bridge.api.LogSimpleFormatter) PUService(com.sun.messaging.portunif.PUService) SSLEngineConfigurator(org.glassfish.grizzly.ssl.SSLEngineConfigurator) FilterChainBuilder(org.glassfish.grizzly.filterchain.FilterChainBuilder) SSLFilter(org.glassfish.grizzly.ssl.SSLFilter)

Example 2 with SSLFilter

use of org.glassfish.grizzly.ssl.SSLFilter in project openmq by eclipse-ee4j.

the class PUService method initializeSSL.

@SuppressWarnings("deprecation")
public synchronized boolean initializeSSL(Properties props, boolean clientAuthRequired, PUServiceCallback cb, boolean poodleFixEnabled, String[] knownSSLEnabledProtocols) throws IOException {
    if (rootpuf == null) {
        throw new IOException("Illegal call: PUService not initialized");
    }
    if (sslpuf != null) {
        return false;
    }
    SSLContextConfigurator sslcf = createSSLContextConfigrattor(props);
    if (!sslcf.validateConfiguration(true)) {
        throw new IOException("Invalid SSL context configuration:" + sslcf);
    }
    SSLEngineConfigurator clientc = new SSLEngineConfigurator(sslcf.createSSLContext(false));
    SSLEngineConfigurator serverc = new SSLEngineConfigurator(sslcf.createSSLContext(false), false, clientAuthRequired, clientAuthRequired);
    if (poodleFixEnabled) {
        applyPoodleFix(clientc, knownSSLEnabledProtocols, "PUService");
        applyPoodleFix(serverc, knownSSLEnabledProtocols, "PUService");
    }
    sslpuf = new PUFilter();
    FilterChain sslProtocolFilterChain = rootpuf.getPUFilterChainBuilder().add(new SSLFilter(serverc, clientc)).add(sslpuf).build();
    PUProtocol pu = new PUProtocol(new SSLProtocolFinder(serverc), sslProtocolFilterChain);
    try {
        register(pu, cb);
        this.sslClientAuthRequired = clientAuthRequired;
        return true;
    } catch (Exception e) {
        sslpuf = null;
        this.sslClientAuthRequired = false;
        if (e instanceof IOException) {
            throw (IOException) e;
        }
        throw new IOException(e.toString(), e);
    }
}
Also used : PUFilter(org.glassfish.grizzly.portunif.PUFilter) SSLEngineConfigurator(org.glassfish.grizzly.ssl.SSLEngineConfigurator) FilterChain(org.glassfish.grizzly.filterchain.FilterChain) IOException(java.io.IOException) SSLProtocolFinder(org.glassfish.grizzly.portunif.finders.SSLProtocolFinder) SSLFilter(org.glassfish.grizzly.ssl.SSLFilter) PUProtocol(org.glassfish.grizzly.portunif.PUProtocol) SSLContextConfigurator(org.glassfish.grizzly.ssl.SSLContextConfigurator) IOException(java.io.IOException)

Aggregations

FilterChain (org.glassfish.grizzly.filterchain.FilterChain)2 PUProtocol (org.glassfish.grizzly.portunif.PUProtocol)2 SSLEngineConfigurator (org.glassfish.grizzly.ssl.SSLEngineConfigurator)2 SSLFilter (org.glassfish.grizzly.ssl.SSLFilter)2 LogSimpleFormatter (com.sun.messaging.bridge.api.LogSimpleFormatter)1 PUService (com.sun.messaging.portunif.PUService)1 StompProtocolFinder (com.sun.messaging.portunif.StompProtocolFinder)1 Message (jakarta.jms.Message)1 IOException (java.io.IOException)1 InetSocketAddress (java.net.InetSocketAddress)1 URL (java.net.URL)1 Properties (java.util.Properties)1 FileHandler (java.util.logging.FileHandler)1 FilterChainBuilder (org.glassfish.grizzly.filterchain.FilterChainBuilder)1 TransportFilter (org.glassfish.grizzly.filterchain.TransportFilter)1 PUFilter (org.glassfish.grizzly.portunif.PUFilter)1 SSLProtocolFinder (org.glassfish.grizzly.portunif.finders.SSLProtocolFinder)1 SSLContextConfigurator (org.glassfish.grizzly.ssl.SSLContextConfigurator)1