fix for: https://issues.apache.org/jira/browse/AMQ-3996

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1399438 13f79535-47bb-0310-9956-ffa450edef68
2012-10-17 21:17:45 +00:00 · 2012-10-17 21:17:45 +00:00 · 65af81e09e
parent b5e46ef9c5
commit 65af81e09e
1 changed files with 85 additions and 58 deletions
--- a/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
+++ b/activemq-core/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
@ -41,9 +41,13 @@ import org.apache.activemq.thread.TaskRunnerFactory;
 import org.apache.activemq.util.IOExceptionSupport;
 import org.apache.activemq.util.ServiceStopper;
 import org.apache.activemq.wireformat.WireFormat;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;

 public class NIOSSLTransport extends NIOTransport {

+    private static final Logger LOG = LoggerFactory.getLogger(NIOSSLTransport.class);
+
    protected boolean needClientAuth;
    protected boolean wantClientAuth;
    protected String[] enabledCipherSuites;
@ -79,15 +83,36 @@ public class NIOSSLTransport extends NIOTransport  {
                sslContext = SSLContext.getDefault();
            }

+            String remoteHost = null;
+            int remotePort = -1;
+
+            try {
+                URI remoteAddress = new URI(this.getRemoteAddress());
+                remoteHost = remoteAddress.getHost();
+                remotePort = remoteAddress.getPort();
+            } catch (Exception e) {
+            }
+
            // initialize engine, the initial sslSession we get will need to be
            // updated once the ssl handshake process is completed.
+            if (remoteHost != null && remotePort != -1) {
+                sslEngine = sslContext.createSSLEngine(remoteHost, remotePort);
+            } else {
                sslEngine = sslContext.createSSLEngine();
+            }
+
            sslEngine.setUseClientMode(false);
            if (enabledCipherSuites != null) {
                sslEngine.setEnabledCipherSuites(enabledCipherSuites);
            }
-            sslEngine.setNeedClientAuth(needClientAuth);
+
+            if (wantClientAuth) {
                sslEngine.setWantClientAuth(wantClientAuth);
+            }
+
+            if (needClientAuth) {
+                sslEngine.setNeedClientAuth(needClientAuth);
+            }

            sslSession = sslEngine.getSession();

@ -153,7 +178,6 @@ public class NIOSSLTransport extends NIOTransport  {
                    }
                    int readCount = secureRead(plain);

-
                    if (readCount == 0)
                        break;

@ -181,7 +205,8 @@ public class NIOSSLTransport extends NIOTransport  {
        if (wireFormat instanceof OpenWireFormat) {
            long maxFrameSize = ((OpenWireFormat) wireFormat).getMaxFrameSize();
            if (nextFrameSize > maxFrameSize) {
-                throw new IOException("Frame size of " + (nextFrameSize / (1024 * 1024)) + " MB larger than max allowed " + (maxFrameSize / (1024 * 1024)) + " MB");
+                throw new IOException("Frame size of " + (nextFrameSize / (1024 * 1024)) +
+                                       " MB larger than max allowed " + (maxFrameSize / (1024 * 1024)) + " MB");
            }
        }
        currentBuffer = ByteBuffer.allocate(nextFrameSize + 4);
@ -213,8 +238,7 @@ public class NIOSSLTransport extends NIOTransport  {

            if (bytesRead == -1) {
                sslEngine.closeInbound();
-                if (inputBuffer.position() == 0 ||
-                        status == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
+                if (inputBuffer.position() == 0 || status == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                    return -1;
                }
            }
@ -226,9 +250,8 @@ public class NIOSSLTransport extends NIOTransport  {
        SSLEngineResult res;
        do {
            res = sslEngine.unwrap(inputBuffer, plain);
-        } while (res.getStatus() == SSLEngineResult.Status.OK &&
-                res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_UNWRAP &&
-                res.bytesProduced() == 0);
+        } while (res.getStatus() == SSLEngineResult.Status.OK && res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_UNWRAP
+                && res.bytesProduced() == 0);

        if (res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED) {
            finishHandshake();
@ -295,9 +318,10 @@ public class NIOSSLTransport extends NIOTransport  {
    }

    /**
-     * Overriding in order to add the client's certificates to ConnectionInfo Commmands.
+     * Overriding in order to add the client's certificates to ConnectionInfo Commands.
     *
-     * @param command The Command coming in.
+     * @param command
+     *            The Command coming in.
     */
    @Override
    public void doConsume(Object command) {
@ -315,10 +339,13 @@ public class NIOSSLTransport extends NIOTransport  {

        X509Certificate[] clientCertChain = null;
        try {
-            if (sslSession != null) {
-                clientCertChain = (X509Certificate[])sslSession.getPeerCertificates();
+            if (sslEngine.getSession() != null) {
+                clientCertChain = (X509Certificate[]) sslEngine.getSession().getPeerCertificates();
            }
        } catch (SSLPeerUnverifiedException e) {
+            if (LOG.isTraceEnabled()) {
+                LOG.trace("Failed to get peer certificates.", e);
+            }
        }

        return clientCertChain;