/** * Checks if the handshake status is finished * Sets the interestOps for the selectionKey. */ private void handshakeFinished() throws IOException { // SSLEngine.getHandshakeStatus is transient and it doesn't record FINISHED status properly. // It can move from FINISHED status to NOT_HANDSHAKING after the handshake is completed. // Hence we also need to check handshakeResult.getHandshakeStatus() if the handshake finished or not if (handshakeResult.getHandshakeStatus() == HandshakeStatus.FINISHED) { //we are complete if we have delivered the last packet //remove OP_WRITE if we are complete, otherwise we still have data to write if (netWriteBuffer.hasRemaining()) key.interestOps(key.interestOps() | SelectionKey.OP_WRITE); else { state = State.READY; key.interestOps(key.interestOps() & ~SelectionKey.OP_WRITE); SSLSession session = sslEngine.getSession(); log.debug("SSL handshake completed successfully with peerHost '{}' peerPort {} peerPrincipal '{}' cipherSuite '{}'", session.getPeerHost(), session.getPeerPort(), peerPrincipal(), session.getCipherSuite()); } log.trace("SSLHandshake FINISHED channelId {}, appReadBuffer pos {}, netReadBuffer pos {}, netWriteBuffer pos {} ", channelId, appReadBuffer.position(), netReadBuffer.position(), netWriteBuffer.position()); } else { throw new IOException("NOT_HANDSHAKING during handshake"); } }
public int getPeerPort() { return unwrap().getPeerPort(); }
/** * Invalidates all SSL/TLS sessions in {@code sessionContext} associated with {@code remoteAddress}. * * @param sessionContext collection of SSL/TLS sessions to be (potentially) invalidated * @param remoteAddress associated with sessions to invalidate */ private void clearSessionCache(final SSLSessionContext sessionContext, final InetSocketAddress remoteAddress) { final String hostName = remoteAddress.getHostName(); final int port = remoteAddress.getPort(); final Enumeration<byte[]> ids = sessionContext.getIds(); if (ids == null) { return; } while (ids.hasMoreElements()) { final byte[] id = ids.nextElement(); final SSLSession session = sessionContext.getSession(id); if (session != null && session.getPeerHost() != null && session.getPeerHost().equalsIgnoreCase(hostName) && session.getPeerPort() == port) { session.invalidate(); if (LOG.isDebugEnabled()) { LOG.debug("Invalidated session " + session); } } } }
/** * Invalidates all SSL/TLS sessions in {@code sessionContext} associated with {@code remoteAddress}. * * @param sessionContext collection of SSL/TLS sessions to be (potentially) invalidated * @param remoteAddress associated with sessions to invalidate */ private void clearSessionCache(final SSLSessionContext sessionContext, final InetSocketAddress remoteAddress) { final String hostName = remoteAddress.getHostName(); final int port = remoteAddress.getPort(); final Enumeration<byte[]> ids = sessionContext.getIds(); if (ids == null) { return; } while (ids.hasMoreElements()) { final byte[] id = ids.nextElement(); final SSLSession session = sessionContext.getSession(id); if (session != null && session.getPeerHost() != null && session.getPeerHost().equalsIgnoreCase(hostName) && session.getPeerPort() == port) { session.invalidate(); if (LOG.isDebugEnabled()) { LOG.debug("Invalidated session " + session); } } } }
@Override public int getPeerPort() { return delegate().getPeerPort(); }
@Override public int getPeerPort() { return unwrap().getPeerPort(); }
@Override public int getPeerPort() { return unwrap().getPeerPort(); }
public int getPeerPort() { return unwrap().getPeerPort(); }
public int getPeerPort() { return unwrap().getPeerPort(); }
@Override public int getPeerPort() { return unwrap().getPeerPort(); }
protected void sessionRemoved(SSLSession session) { String host = session.getPeerHost(); int port = session.getPeerPort(); if (host == null) { return; } HostAndPort hostAndPortKey = new HostAndPort(host, port); synchronized (sessionsByHostAndPort) { sessionsByHostAndPort.remove(hostAndPortKey); } }
protected void sessionRemoved(SSLSession session) { String host = session.getPeerHost(); int port = session.getPeerPort(); if (host == null) { return; } HostAndPort hostAndPortKey = new HostAndPort(host, port); synchronized (sessionsByHostAndPort) { sessionsByHostAndPort.remove(hostAndPortKey); } }
MuxSSLSession(SSLSession ssls) { id = ssls.getId(); id = id == null ? Bytes.EMPTY_BYTES : id; cipherSuite = ssls.getCipherSuite(); protocol = ssls.getProtocol(); peerHost = ssls.getPeerHost(); peerPort = ssls.getPeerPort(); try { peerCertificates = ssls.getPeerCertificates(); } catch (IOException e) { peerCertificates = null; } localCertificates = ssls.getLocalCertificates(); }
/** * Invalidates all SSL/TLS sessions in {@code sessionContext} associated with {@code remoteAddress}. * * @param sessionContext collection of SSL/TLS sessions to be (potentially) invalidated * @param remoteAddress associated with sessions to invalidate */ private void clearSessionCache(final SSLSessionContext sessionContext, final InetSocketAddress remoteAddress) { final String hostName = remoteAddress.getHostName(); final int port = remoteAddress.getPort(); final Enumeration<byte[]> ids = sessionContext.getIds(); if (ids == null) { return; } while (ids.hasMoreElements()) { final byte[] id = ids.nextElement(); final SSLSession session = sessionContext.getSession(id); if (session != null && session.getPeerHost() != null && session.getPeerHost().equalsIgnoreCase(hostName) && session.getPeerPort() == port) { session.invalidate(); if (LOG.isDebugEnabled()) { LOG.debug("Invalidated session " + session); } } } }
/** * Invalidates all SSL/TLS sessions in {@code sessionContext} associated with {@code remoteAddress}. * * @param sessionContext collection of SSL/TLS sessions to be (potentially) invalidated * @param remoteAddress associated with sessions to invalidate */ private void clearSessionCache(final SSLSessionContext sessionContext, final InetSocketAddress remoteAddress) { final String hostName = remoteAddress.getHostName(); final int port = remoteAddress.getPort(); final Enumeration<byte[]> ids = sessionContext.getIds(); if (ids == null) { return; } while (ids.hasMoreElements()) { final byte[] id = ids.nextElement(); final SSLSession session = sessionContext.getSession(id); if (session != null && session.getPeerHost() != null && session.getPeerHost().equalsIgnoreCase(hostName) && session.getPeerPort() == port) { session.invalidate(); if (LOG.isDebugEnabled()) { LOG.debug("Invalidated session " + session); } } } }
/** * Invalidates all SSL/TLS sessions in {@code sessionContext} associated with {@code remoteAddress}. * @param sessionContext collection of SSL/TLS sessions to be (potentially) invalidated * @param remoteAddress associated with sessions to invalidate */ private void clearSessionCache(final SSLSessionContext sessionContext, final InetSocketAddress remoteAddress) { final String hostName = remoteAddress.getHostName(); final int port = remoteAddress.getPort(); final Enumeration<byte[]> ids = sessionContext.getIds(); if (ids == null) { return; } while (ids.hasMoreElements()) { final byte[] id = ids.nextElement(); final SSLSession session = sessionContext.getSession(id); if (session != null && session.getPeerHost() != null && session.getPeerHost().equalsIgnoreCase(hostName) && session.getPeerPort() == port) { session.invalidate(); if (log.isDebugEnabled()) { log.debug("Invalidated session " + session); } } } }
public GlobusTLSContext(SSLSession sslSession) { containerSubject = new Subject(); containerSubject.getPrincipals().add(sslSession.getLocalPrincipal()); containerSubject.getPublicCredentials().add( getLocalCertChain(sslSession)); GlobusTLSContext.containerSubjectHolder.set(containerSubject); peerSubject = new Subject(); try { peerSubject.getPrincipals().add(sslSession.getPeerPrincipal()); } catch (SSLPeerUnverifiedException e) { // We should already be verified, but if by some crazy chance we // aren't logger.warn(e.getLocalizedMessage(), e); } peerSubject.getPublicCredentials().add(getPeerCertChain(sslSession)); creationTime = new Date(sslSession.getCreationTime()); try { sessionId = new String(Hex.encodeHex(sslSession.getId())); } catch (Exception e) { logger.warn(e.getLocalizedMessage(), e); } cipherSuite = sslSession.getCipherSuite(); protocol = sslSession.getProtocol(); peerHost = sslSession.getPeerHost(); peerPort = sslSession.getPeerPort(); }
@Override public void putSession(SSLSession session) { super.putSession(session); String host = session.getPeerHost(); int port = session.getPeerPort(); if (host == null) { return; } HostAndPort hostAndPortKey = new HostAndPort(host, port); synchronized (sessionsByHostAndPort) { sessionsByHostAndPort.put(hostAndPortKey, session); } // TODO: This in a background thread. if (persistentCache != null) { byte[] data = toBytes(session); if (data != null) { persistentCache.putSessionData(session, data); } } }
@Override public void putSession(SSLSession session) { super.putSession(session); String host = session.getPeerHost(); int port = session.getPeerPort(); if (host == null) { return; } HostAndPort hostAndPortKey = new HostAndPort(host, port); synchronized (sessionsByHostAndPort) { sessionsByHostAndPort.put(hostAndPortKey, session); } // TODO: This in a background thread. if (persistentCache != null) { byte[] data = toBytes(session); if (data != null) { persistentCache.putSessionData(session, data); } } }
@Override public void handshakeCompleted(HandshakeCompletedEvent event) { SSLSession session = event.getSession(); sslConnectionInfos.setPeerHost(session.getPeerHost()); sslConnectionInfos.setPeerPort(session.getPeerPort()); sslConnectionInfos.setProtocol(session.getProtocol()); sslConnectionInfos.setCipherSuite(session.getCipherSuite()); Certificate[] locChain = session.getLocalCertificates(); if (locChain != null) { X509Certificate[] clientCertificates = Arrays.copyOf(locChain, locChain.length, X509Certificate[].class); sslConnectionInfos.setClientCertificates(clientCertificates); } try { Certificate[] chain = session.getPeerCertificates(); if (chain != null) { X509Certificate[] serverCertificates = Arrays.copyOf(chain, chain.length, X509Certificate[].class); sslConnectionInfos.setServerCertificates(serverCertificates); } } catch (SSLPeerUnverifiedException e) { // do nothing } }