From ad7a401ad98da5a8a33e60d39789e941aa8ccfc4 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Felix=20D=C3=B6rre?= Date: Wed, 2 Jul 2014 17:32:00 +0200 Subject: [PATCH] [jetty]: Make SNI implementations possible. --- .../eclipse/jetty/io/ssl/SslConnection.java | 18 ++++++++++-- .../jetty/io/ssl/SslReconfigurator.java | 29 +++++++++++++++++++ .../jetty/server/SslConnectionFactory.java | 13 +++++++-- 3 files changed, 56 insertions(+), 4 deletions(-) create mode 100644 lib/jetty/org/eclipse/jetty/io/ssl/SslReconfigurator.java diff --git a/lib/jetty/org/eclipse/jetty/io/ssl/SslConnection.java b/lib/jetty/org/eclipse/jetty/io/ssl/SslConnection.java index ee9e449b..37e81111 100644 --- a/lib/jetty/org/eclipse/jetty/io/ssl/SslConnection.java +++ b/lib/jetty/org/eclipse/jetty/io/ssl/SslConnection.java @@ -83,7 +83,8 @@ public class SslConnection extends AbstractConnection private static final ByteBuffer __FILL_CALLED_FLUSH= BufferUtil.allocate(0); private static final ByteBuffer __FLUSH_CALLED_FILL= BufferUtil.allocate(0); private final ByteBufferPool _bufferPool; - private final SSLEngine _sslEngine; + private SSLEngine _sslEngine; + private final SslReconfigurator _sslFactory; private final DecryptedEndPoint _decryptedEndPoint; private ByteBuffer _decryptedInput; private ByteBuffer _encryptedInput; @@ -101,12 +102,17 @@ public class SslConnection extends AbstractConnection private boolean _renegotiationAllowed; public SslConnection(ByteBufferPool byteBufferPool, Executor executor, EndPoint endPoint, SSLEngine sslEngine) + { + this(byteBufferPool, executor, endPoint, sslEngine, null); + } + public SslConnection(ByteBufferPool byteBufferPool, Executor executor, EndPoint endPoint, SSLEngine sslEngine, SslReconfigurator fact) { // This connection does not execute calls to onfillable, so they will be called by the selector thread. // onfillable does not block and will only wakeup another thread to do the actual reading and handling. super(endPoint, executor, !EXECUTE_ONFILLABLE); this._bufferPool = byteBufferPool; this._sslEngine = sslEngine; + this._sslFactory = fact; this._decryptedEndPoint = newDecryptedEndPoint(); } @@ -246,6 +252,7 @@ public class SslConnection extends AbstractConnection private boolean _cannotAcceptMoreAppDataToFlush; private boolean _handshaken; private boolean _underFlown; + private boolean _peeking = _sslFactory != null; private final Callback _writeCallback = new Callback() { @@ -480,7 +487,7 @@ public class SslConnection extends AbstractConnection // We will need a network buffer if (_encryptedInput == null) _encryptedInput = _bufferPool.acquire(_sslEngine.getSession().getPacketBufferSize(), _encryptedDirectBuffers); - else + else if(!_peeking) BufferUtil.compact(_encryptedInput); // We also need an app buffer, but can use the passed buffer if it is big enough @@ -594,6 +601,13 @@ public class SslConnection extends AbstractConnection case NEED_TASK: { _sslEngine.getDelegatedTask().run(); + if(_peeking) + { + _sslEngine = _sslFactory.restartSSL(_sslEngine.getHandshakeSession()); + _encryptedInput.position(0); + _peeking = false; + continue decryption; + } continue; } case NEED_WRAP: diff --git a/lib/jetty/org/eclipse/jetty/io/ssl/SslReconfigurator.java b/lib/jetty/org/eclipse/jetty/io/ssl/SslReconfigurator.java new file mode 100644 index 00000000..b393d88c --- /dev/null +++ b/lib/jetty/org/eclipse/jetty/io/ssl/SslReconfigurator.java @@ -0,0 +1,29 @@ +// +// ======================================================================== +// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. +// ------------------------------------------------------------------------ +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Eclipse Public License v1.0 +// and Apache License v2.0 which accompanies this distribution. +// +// The Eclipse Public License is available at +// http://www.eclipse.org/legal/epl-v10.html +// +// The Apache License v2.0 is available at +// http://www.opensource.org/licenses/apache2.0.php +// +// You may elect to redistribute this code under either of these licenses. +// ======================================================================== +// + +package org.eclipse.jetty.io.ssl; + +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLSession; + +public interface SslReconfigurator { + public boolean shouldRestartSSL(); + + public SSLEngine restartSSL(SSLSession sslSession); + +} diff --git a/lib/jetty/org/eclipse/jetty/server/SslConnectionFactory.java b/lib/jetty/org/eclipse/jetty/server/SslConnectionFactory.java index 5fcc1038..9552f0db 100644 --- a/lib/jetty/org/eclipse/jetty/server/SslConnectionFactory.java +++ b/lib/jetty/org/eclipse/jetty/server/SslConnectionFactory.java @@ -27,10 +27,11 @@ import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.io.Connection; import org.eclipse.jetty.io.EndPoint; import org.eclipse.jetty.io.ssl.SslConnection; +import org.eclipse.jetty.io.ssl.SslReconfigurator; import org.eclipse.jetty.util.annotation.Name; import org.eclipse.jetty.util.ssl.SslContextFactory; -public class SslConnectionFactory extends AbstractConnectionFactory +public class SslConnectionFactory extends AbstractConnectionFactory implements SslReconfigurator { private final SslContextFactory _sslContextFactory; private final String _nextProtocol; @@ -91,7 +92,15 @@ public class SslConnectionFactory extends AbstractConnectionFactory protected SslConnection newSslConnection(Connector connector, EndPoint endPoint, SSLEngine engine) { - return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine); + return new SslConnection(connector.getByteBufferPool(), connector.getExecutor(), endPoint, engine, shouldRestartSSL()?this:null); + } + + public boolean shouldRestartSSL(){ + return false; + } + + public SSLEngine restartSSL(SSLSession sslSession){ + throw new UnsupportedOperationException(); } @Override -- 2.39.2