345615 Enable SSL Session caching

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@3145 7e9141cc-0065-0410-87d8-b60c137991c4
2011-05-14 01:30:26 +00:00 · 2011-05-14 01:30:26 +00:00 · ab85bcda4f
parent c31facdec2
commit ab85bcda4f
5 changed files with 100 additions and 19 deletions
--- a/VERSION.txt
+++ b/VERSION.txt
@ -1,5 +1,6 @@
 jetty-7.4.2-SNAPSHOT
 + 345729 binding for managing server and system classes globally
+ + 345615 Enable SSL Session caching

 jetty-7.4.1.v20110513
 + 288563 remove unsupported and deprecated --secure option
--- a/jetty-client/src/main/java/org/eclipse/jetty/client/SelectConnector.java
+++ b/jetty-client/src/main/java/org/eclipse/jetty/client/SelectConnector.java
@ -25,6 +25,7 @@ import javax.net.ssl.SSLSession;

 import org.eclipse.jetty.http.HttpGenerator;
 import org.eclipse.jetty.http.HttpParser;
+import org.eclipse.jetty.http.ssl.SslContextFactory;
 import org.eclipse.jetty.io.Buffer;
 import org.eclipse.jetty.io.Buffers;
 import org.eclipse.jetty.io.Buffers.Type;
@ -47,6 +48,7 @@ class SelectConnector extends AbstractLifeCycle implements HttpClient.Connector,
    private SSLContext _sslContext;
    private Buffers _sslBuffers;
    private int _maxBuffers=1024;
+    private boolean _enableSslSessionCaching;

    /**
     * @param httpClient
@ -66,7 +68,7 @@ class SelectConnector extends AbstractLifeCycle implements HttpClient.Connector,

        final boolean direct=_httpClient.getUseDirectBuffers();

-        SSLEngine sslEngine=_selectorManager.newSslEngine();
+        SSLEngine sslEngine=_selectorManager.newSslEngine(null);
        final SSLSession ssl_session=sslEngine.getSession();
        _sslBuffers = BuffersFactory.newBuffers(
                direct?Type.DIRECT:Type.INDIRECT,ssl_session.getApplicationBufferSize(),
@ -141,7 +143,7 @@ class SelectConnector extends AbstractLifeCycle implements HttpClient.Connector,
        @Override
        public boolean dispatch(Runnable task)
        {
-            return SelectConnector.this._httpClient._threadPool.dispatch(task);
+            return _httpClient._threadPool.dispatch(task);
        }

        @Override
@ -186,12 +188,12 @@ class SelectConnector extends AbstractLifeCycle implements HttpClient.Connector,
            {
                if (dest.isProxied())
                {
-                    SSLEngine engine=newSslEngine();
+                    SSLEngine engine=newSslEngine(channel);
                    ep = new ProxySelectChannelEndPoint(channel, selectSet, key, _sslBuffers, engine, (int)_httpClient.getIdleTimeout());
                }
                else
                {
-                    SSLEngine engine=newSslEngine();
+                    SSLEngine engine=newSslEngine(channel);
                    ep = new SslSelectChannelEndPoint(_sslBuffers, channel, selectSet, key, engine, (int)_httpClient.getIdleTimeout());
                }
            }
@ -206,14 +208,26 @@ class SelectConnector extends AbstractLifeCycle implements HttpClient.Connector,
            return ep;
        }

-        private synchronized SSLEngine newSslEngine() throws IOException
+        private synchronized SSLEngine newSslEngine(SocketChannel channel) throws IOException
        {
            if (_sslContext==null)
            {
-                _sslContext = SelectConnector.this._httpClient.getSSLContext();
+                _sslContext = _httpClient.getSslContextFactory().getSslContext();
+                _enableSslSessionCaching = _httpClient.getSslContextFactory().isEnableSessionCaching();
            }

-            SSLEngine sslEngine = _sslContext.createSSLEngine();
+            SSLEngine sslEngine = null;
+            if (channel != null && _enableSslSessionCaching)
+            {
+                String peerHost = channel.socket().getInetAddress().getCanonicalHostName();
+                int peerPort = channel.socket().getPort();
+
+                sslEngine = _sslContext.createSSLEngine(peerHost, peerPort);
+            }
+            else
+            {
+                sslEngine = _sslContext.createSSLEngine();
+            }
            sslEngine.setUseClientMode(true);
            sslEngine.beginHandshake();

--- a/jetty-client/src/test/java/org/eclipse/jetty/client/SslContentExchangeTest.java
+++ b/jetty-client/src/test/java/org/eclipse/jetty/client/SslContentExchangeTest.java
@ -40,6 +40,7 @@ public class SslContentExchangeTest
        cf.setKeyStore(keystore.getAbsolutePath());
        cf.setKeyStorePassword("storepwd");
        cf.setKeyManagerPassword("keypwd");
+        cf.setEnableSessionCaching(true);
        server.addConnector(connector);
                
        Handler handler = new TestHandler(getBasePath());
@ -55,4 +56,14 @@ public class SslContentExchangeTest
        handlers.setHandlers(new Handler[]{handler, root});
        server.setHandler( handlers ); 
    }
+
+    @Override
+    protected void configureClient(HttpClient client)
+        throws Exception
+    {
+        client.setConnectorType(HttpClient.CONNECTOR_SELECT_CHANNEL);
+
+        SslContextFactory cf = client.getSslContextFactory();
+        cf.setEnableSessionCaching(true);
+    }
 }
--- a/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java
+++ b/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java
@ -153,7 +153,9 @@ public class SslContextFactory extends AbstractLifeCycle
    private KeyStore _keyStore;
    /** SSL truststore */
    private KeyStore _trustStore;
-    
+    /** Set to true to enable SSL Session caching */
+    private boolean _enableSessionCaching;
+         
    /** SSL context */
    private SSLContext _context;

@ -1235,4 +1237,20 @@ public class SslContextFactory extends AbstractLifeCycle
        }
    }
    
+    /** 
+    * @return true if SSL Session caching is enabled
+    */
+    public boolean isEnableSessionCaching()
+    {
+        return _enableSessionCaching;
+    }
+    
+    /* ------------------------------------------------------------ */
+    /** Set the flag to enable SSL Session caching.
+    * @param enableSessionCaching the value of the flag 
+    */
+    public void setEnableSessionCaching(boolean enableSessionCaching)
+    {
+        _enableSessionCaching = enableSessionCaching;
+    }
 }
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/ssl/SslSelectChannelConnector.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/ssl/SslSelectChannelConnector.java
@ -542,7 +542,8 @@ public class SslSelectChannelConnector extends SelectChannelConnector implements
    @Override
    protected SelectChannelEndPoint newEndPoint(SocketChannel channel, SelectSet selectSet, SelectionKey key) throws IOException
    {
-        SslSelectChannelEndPoint endp = new SslSelectChannelEndPoint(_sslBuffers,channel,selectSet,key,createSSLEngine(), SslSelectChannelConnector.this._maxIdleTime);
+        SSLEngine engine = createSSLEngine(_sslContextFactory.isEnableSessionCaching() ? channel : null);
+        SslSelectChannelEndPoint endp = new SslSelectChannelEndPoint(_sslBuffers,channel,selectSet,key,engine, SslSelectChannelConnector.this._maxIdleTime);
        endp.setAllowRenegotiate(_sslContextFactory.isAllowRenegotiate());
        return endp;
    }
@ -563,16 +564,8 @@ public class SslSelectChannelConnector extends SelectChannelConnector implements
        try
        {
            engine = _sslContextFactory.getSslContext().createSSLEngine();
-            engine.setUseClientMode(false);
-
-            if (_sslContextFactory.getWantClientAuth())
-                engine.setWantClientAuth(_sslContextFactory.getWantClientAuth());
-            if (_sslContextFactory.getNeedClientAuth())
-                engine.setNeedClientAuth(_sslContextFactory.getNeedClientAuth());
-
-            engine.setEnabledCipherSuites(
-                    _sslContextFactory.selectCipherSuites(engine.getEnabledCipherSuites(),
-                                                          engine.getSupportedCipherSuites()));
+            
+            customizeEngine(engine);
        }
        catch (Exception e)
        {
@ -583,6 +576,50 @@ public class SslSelectChannelConnector extends SelectChannelConnector implements
        return engine;
    }

+    /* ------------------------------------------------------------ */
+    protected SSLEngine createSSLEngine(SocketChannel channel) throws IOException
+    {
+        SSLEngine engine = null;
+        if (channel == null)
+        {
+            engine = createSSLEngine();
+        }
+        else
+        {
+            try
+            {
+                String peerHost = channel.socket().getInetAddress().getCanonicalHostName();
+                int peerPort = channel.socket().getPort();
+                
+                engine = _sslContextFactory.getSslContext().createSSLEngine(peerHost, peerPort);
+                
+                customizeEngine(engine);
+            }
+            catch (Exception e)
+            {
+                Log.warn("Error creating sslEngine -- closing this connector",e);
+                close();
+                throw new IllegalStateException(e);
+            }
+        }
+        return engine;
+    }
+    
+    /* ------------------------------------------------------------ */
+    private void customizeEngine(SSLEngine engine)
+    {
+        engine.setUseClientMode(false);
+
+        if (_sslContextFactory.getWantClientAuth())
+            engine.setWantClientAuth(_sslContextFactory.getWantClientAuth());
+        if (_sslContextFactory.getNeedClientAuth())
+            engine.setNeedClientAuth(_sslContextFactory.getNeedClientAuth());
+
+        engine.setEnabledCipherSuites(
+                _sslContextFactory.selectCipherSuites(engine.getEnabledCipherSuites(),
+                                                      engine.getSupportedCipherSuites()));
+    }
+
    /* ------------------------------------------------------------ */
    /**
     * @see org.eclipse.jetty.server.nio.SelectChannelConnector#doStart()