summaryrefslogtreecommitdiff
path: root/java/ssl/jdk1.4/IceSSL/AcceptorI.java
diff options
context:
space:
mode:
authorBernard Normier <bernard@zeroc.com>2007-02-01 17:09:49 +0000
committerBernard Normier <bernard@zeroc.com>2007-02-01 17:09:49 +0000
commitabada90e3f84dc703b8ddc9efcbed8a946fadead (patch)
tree2c6f9dccd510ea97cb927a7bd635422efaae547a /java/ssl/jdk1.4/IceSSL/AcceptorI.java
parentremoving trace message (diff)
downloadice-abada90e3f84dc703b8ddc9efcbed8a946fadead.tar.bz2
ice-abada90e3f84dc703b8ddc9efcbed8a946fadead.tar.xz
ice-abada90e3f84dc703b8ddc9efcbed8a946fadead.zip
Expanded tabs into spaces
Diffstat (limited to 'java/ssl/jdk1.4/IceSSL/AcceptorI.java')
-rw-r--r--java/ssl/jdk1.4/IceSSL/AcceptorI.java762
1 files changed, 381 insertions, 381 deletions
diff --git a/java/ssl/jdk1.4/IceSSL/AcceptorI.java b/java/ssl/jdk1.4/IceSSL/AcceptorI.java
index 8594664f9c4..f9283d0c676 100644
--- a/java/ssl/jdk1.4/IceSSL/AcceptorI.java
+++ b/java/ssl/jdk1.4/IceSSL/AcceptorI.java
@@ -14,437 +14,437 @@ class AcceptorI implements IceInternal.Acceptor
public java.nio.channels.ServerSocketChannel
fd()
{
- return null;
+ return null;
}
public void
close()
{
- if(_instance.networkTraceLevel() >= 1)
- {
- String s = "stopping to accept ssl connections at " + toString();
- _logger.trace(_instance.networkTraceCategory(), s);
- }
-
- javax.net.ssl.SSLServerSocket fd;
- synchronized(this)
- {
- fd = _fd;
- _fd = null;
- }
- if(fd != null)
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException ex)
- {
- // Ignore.
- }
- }
+ if(_instance.networkTraceLevel() >= 1)
+ {
+ String s = "stopping to accept ssl connections at " + toString();
+ _logger.trace(_instance.networkTraceCategory(), s);
+ }
+
+ javax.net.ssl.SSLServerSocket fd;
+ synchronized(this)
+ {
+ fd = _fd;
+ _fd = null;
+ }
+ if(fd != null)
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException ex)
+ {
+ // Ignore.
+ }
+ }
}
public void
listen()
{
- // Nothing to do.
+ // Nothing to do.
- if(_instance.networkTraceLevel() >= 1)
- {
- String s = "accepting ssl connections at " + toString();
- _logger.trace(_instance.networkTraceCategory(), s);
- }
+ if(_instance.networkTraceLevel() >= 1)
+ {
+ String s = "accepting ssl connections at " + toString();
+ _logger.trace(_instance.networkTraceCategory(), s);
+ }
}
public IceInternal.Transceiver
accept(int timeout)
{
- //
- // The plugin may not be fully initialized.
- //
- if(!_instance.initialized())
- {
- Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
- ex.reason = "IceSSL: plugin is not initialized";
- throw ex;
- }
-
- javax.net.ssl.SSLSocket fd = null;
- ConnectionInfo connInfo = null;
- try
- {
- if(timeout == -1)
- {
- timeout = 0; // Infinite
- }
- else if(timeout == 0)
- {
- timeout = 1;
- }
- _fd.setSoTimeout(timeout);
- fd = (javax.net.ssl.SSLSocket)_fd.accept();
-
- //
- // Check whether this socket is the result of a call to connectToSelf.
- // Despite the fact that connectToSelf immediately closes the socket,
- // the server-side handshake process does not raise an exception.
- // Furthermore, we can't simply proceed with the regular handshake
- // process because we don't want to pass such a socket to the
- // certificate verifier (if any).
- //
- // In order to detect a call to connectToSelf, we compare the remote
- // address of the newly-accepted socket to that in _connectToSelfAddr.
- //
- java.net.SocketAddress remoteAddr = fd.getRemoteSocketAddress();
- synchronized(this)
- {
- if(remoteAddr.equals(_connectToSelfAddr))
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException e)
- {
- }
- return null;
- }
- }
-
- fd.setUseClientMode(false);
-
- //
- // getSession blocks until the initial handshake completes.
- //
- if(timeout == 0)
- {
- fd.getSession();
- }
- else
- {
- HandshakeThread ht = new HandshakeThread(fd);
- ht.start();
- if(!ht.waitForHandshake(timeout))
- {
- throw new Ice.TimeoutException();
- }
- }
-
- connInfo = Util.populateConnectionInfo(fd, _adapterName, true);
- _instance.verifyPeer(connInfo, fd, "", true);
- }
- catch(java.net.SocketTimeoutException ex)
- {
- if(fd != null)
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException e)
- {
- }
- }
- Ice.TimeoutException e = new Ice.TimeoutException();
- e.initCause(ex);
- throw e;
- }
- catch(javax.net.ssl.SSLException ex)
- {
- if(fd != null)
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException e)
- {
- }
- }
-
- //
- // Unfortunately, the situation where the cipher suite does not match
- // the certificates is not detected until accept is called. If we were
- // to throw a LocalException, the IncomingConnectionFactory would
- // simply log it and call accept again, resulting in an infinite loop.
- // To avoid this problem, we check for the special case and throw
- // an exception that IncomingConnectionFactory doesn't trap.
- //
- if(ex.getMessage().toLowerCase().startsWith("no available certificate corresponds to the ssl cipher " +
- "suites which are enabled"))
- {
- RuntimeException e = new RuntimeException();
- e.initCause(ex);
- throw e;
- }
-
- Ice.SecurityException e = new Ice.SecurityException();
- e.initCause(ex);
- throw e;
- }
- catch(java.io.IOException ex)
- {
- if(fd != null)
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException e)
- {
- }
- }
-
- if(IceInternal.Network.connectionLost(ex))
- {
- throw new Ice.ConnectionLostException();
- }
-
- Ice.SocketException e = new Ice.SocketException();
- e.initCause(ex);
- throw e;
- }
- catch(RuntimeException ex)
- {
- if(fd != null)
- {
- try
- {
- fd.close();
- }
- catch(java.io.IOException e)
- {
- }
- }
- throw ex;
- }
-
- if(_instance.networkTraceLevel() >= 1)
- {
- String s = "accepted ssl connection\n" + IceInternal.Network.fdToString(fd);
- _logger.trace(_instance.networkTraceCategory(), s);
- }
-
- if(_instance.securityTraceLevel() > 0)
- {
- _instance.traceConnection(fd, true);
- }
-
- return new TransceiverI(_instance, fd, connInfo);
+ //
+ // The plugin may not be fully initialized.
+ //
+ if(!_instance.initialized())
+ {
+ Ice.PluginInitializationException ex = new Ice.PluginInitializationException();
+ ex.reason = "IceSSL: plugin is not initialized";
+ throw ex;
+ }
+
+ javax.net.ssl.SSLSocket fd = null;
+ ConnectionInfo connInfo = null;
+ try
+ {
+ if(timeout == -1)
+ {
+ timeout = 0; // Infinite
+ }
+ else if(timeout == 0)
+ {
+ timeout = 1;
+ }
+ _fd.setSoTimeout(timeout);
+ fd = (javax.net.ssl.SSLSocket)_fd.accept();
+
+ //
+ // Check whether this socket is the result of a call to connectToSelf.
+ // Despite the fact that connectToSelf immediately closes the socket,
+ // the server-side handshake process does not raise an exception.
+ // Furthermore, we can't simply proceed with the regular handshake
+ // process because we don't want to pass such a socket to the
+ // certificate verifier (if any).
+ //
+ // In order to detect a call to connectToSelf, we compare the remote
+ // address of the newly-accepted socket to that in _connectToSelfAddr.
+ //
+ java.net.SocketAddress remoteAddr = fd.getRemoteSocketAddress();
+ synchronized(this)
+ {
+ if(remoteAddr.equals(_connectToSelfAddr))
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ return null;
+ }
+ }
+
+ fd.setUseClientMode(false);
+
+ //
+ // getSession blocks until the initial handshake completes.
+ //
+ if(timeout == 0)
+ {
+ fd.getSession();
+ }
+ else
+ {
+ HandshakeThread ht = new HandshakeThread(fd);
+ ht.start();
+ if(!ht.waitForHandshake(timeout))
+ {
+ throw new Ice.TimeoutException();
+ }
+ }
+
+ connInfo = Util.populateConnectionInfo(fd, _adapterName, true);
+ _instance.verifyPeer(connInfo, fd, "", true);
+ }
+ catch(java.net.SocketTimeoutException ex)
+ {
+ if(fd != null)
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ }
+ Ice.TimeoutException e = new Ice.TimeoutException();
+ e.initCause(ex);
+ throw e;
+ }
+ catch(javax.net.ssl.SSLException ex)
+ {
+ if(fd != null)
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ }
+
+ //
+ // Unfortunately, the situation where the cipher suite does not match
+ // the certificates is not detected until accept is called. If we were
+ // to throw a LocalException, the IncomingConnectionFactory would
+ // simply log it and call accept again, resulting in an infinite loop.
+ // To avoid this problem, we check for the special case and throw
+ // an exception that IncomingConnectionFactory doesn't trap.
+ //
+ if(ex.getMessage().toLowerCase().startsWith("no available certificate corresponds to the ssl cipher " +
+ "suites which are enabled"))
+ {
+ RuntimeException e = new RuntimeException();
+ e.initCause(ex);
+ throw e;
+ }
+
+ Ice.SecurityException e = new Ice.SecurityException();
+ e.initCause(ex);
+ throw e;
+ }
+ catch(java.io.IOException ex)
+ {
+ if(fd != null)
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ }
+
+ if(IceInternal.Network.connectionLost(ex))
+ {
+ throw new Ice.ConnectionLostException();
+ }
+
+ Ice.SocketException e = new Ice.SocketException();
+ e.initCause(ex);
+ throw e;
+ }
+ catch(RuntimeException ex)
+ {
+ if(fd != null)
+ {
+ try
+ {
+ fd.close();
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ }
+ throw ex;
+ }
+
+ if(_instance.networkTraceLevel() >= 1)
+ {
+ String s = "accepted ssl connection\n" + IceInternal.Network.fdToString(fd);
+ _logger.trace(_instance.networkTraceCategory(), s);
+ }
+
+ if(_instance.securityTraceLevel() > 0)
+ {
+ _instance.traceConnection(fd, true);
+ }
+
+ return new TransceiverI(_instance, fd, connInfo);
}
public void
connectToSelf()
{
- java.nio.channels.SocketChannel fd = IceInternal.Network.createTcpSocket();
- IceInternal.Network.setBlock(fd, false);
- synchronized(this)
- {
- //
- // connectToSelf is called to wake up the thread blocked in
- // accept. We remember the originating address for use in
- // accept. See accept for details.
- //
- IceInternal.Network.doConnect(fd, _addr, -1);
- _connectToSelfAddr = (java.net.InetSocketAddress)fd.socket().getLocalSocketAddress();
- }
- IceInternal.Network.closeSocket(fd);
+ java.nio.channels.SocketChannel fd = IceInternal.Network.createTcpSocket();
+ IceInternal.Network.setBlock(fd, false);
+ synchronized(this)
+ {
+ //
+ // connectToSelf is called to wake up the thread blocked in
+ // accept. We remember the originating address for use in
+ // accept. See accept for details.
+ //
+ IceInternal.Network.doConnect(fd, _addr, -1);
+ _connectToSelfAddr = (java.net.InetSocketAddress)fd.socket().getLocalSocketAddress();
+ }
+ IceInternal.Network.closeSocket(fd);
}
public String
toString()
{
- return IceInternal.Network.addrToString(_addr);
+ return IceInternal.Network.addrToString(_addr);
}
final boolean
equivalent(String host, int port)
{
- java.net.InetSocketAddress addr = IceInternal.Network.getAddress(host, port);
- return addr.equals(_addr);
+ java.net.InetSocketAddress addr = IceInternal.Network.getAddress(host, port);
+ return addr.equals(_addr);
}
int
effectivePort()
{
- return _addr.getPort();
+ return _addr.getPort();
}
AcceptorI(Instance instance, String adapterName, String host, int port)
{
- _instance = instance;
- _adapterName = adapterName;
- _logger = instance.communicator().getLogger();
- _backlog = 0;
-
- if(_backlog <= 0)
- {
- _backlog = 5;
- }
-
- try
- {
- javax.net.ssl.SSLServerSocketFactory factory = _instance.context().getServerSocketFactory();
- _addr = new java.net.InetSocketAddress(host, port);
- if(_instance.networkTraceLevel() >= 2)
- {
- String s = "attempting to bind to ssl socket " + toString();
- _logger.trace(_instance.networkTraceCategory(), s);
- }
- java.net.InetSocketAddress iface = IceInternal.Network.getAddress(host, port);
- _fd = (javax.net.ssl.SSLServerSocket)factory.createServerSocket(port, _backlog, iface.getAddress());
- _addr = (java.net.InetSocketAddress)_fd.getLocalSocketAddress();
-
- int verifyPeer =
- _instance.communicator().getProperties().getPropertyAsIntWithDefault("IceSSL.VerifyPeer", 2);
- if(verifyPeer == 0)
- {
- _fd.setWantClientAuth(false);
- _fd.setNeedClientAuth(false);
- }
- else if(verifyPeer == 1)
- {
- _fd.setWantClientAuth(true);
- }
- else
- {
- _fd.setNeedClientAuth(true);
- }
-
- String[] cipherSuites =
- _instance.filterCiphers(_fd.getSupportedCipherSuites(), _fd.getEnabledCipherSuites());
- try
- {
- _fd.setEnabledCipherSuites(cipherSuites);
- }
- catch(IllegalArgumentException ex)
- {
- Ice.SecurityException e = new Ice.SecurityException();
- e.reason = "IceSSL: invalid ciphersuite";
- e.initCause(ex);
- throw e;
- }
- if(_instance.securityTraceLevel() > 0)
- {
- StringBuffer s = new StringBuffer();
- s.append("enabling SSL ciphersuites for server socket " + toString() + ":");
- for(int i = 0; i < cipherSuites.length; ++i)
- {
- s.append("\n " + cipherSuites[i]);
- }
- _logger.trace(_instance.securityTraceCategory(), s.toString());
- }
-
- String[] protocols = _instance.protocols();
- if(protocols != null)
- {
- try
- {
- _fd.setEnabledProtocols(protocols);
- }
- catch(IllegalArgumentException ex)
- {
- Ice.SecurityException e = new Ice.SecurityException();
- e.reason = "IceSSL: invalid protocol";
- e.initCause(ex);
- throw e;
- }
- }
- }
- catch(java.io.IOException ex)
- {
- try
- {
- if(_fd != null)
- {
- _fd.close();
- }
- }
- catch(java.io.IOException e)
- {
- }
- _fd = null;
- Ice.SocketException se = new Ice.SocketException();
- se.initCause(ex);
- throw se;
- }
+ _instance = instance;
+ _adapterName = adapterName;
+ _logger = instance.communicator().getLogger();
+ _backlog = 0;
+
+ if(_backlog <= 0)
+ {
+ _backlog = 5;
+ }
+
+ try
+ {
+ javax.net.ssl.SSLServerSocketFactory factory = _instance.context().getServerSocketFactory();
+ _addr = new java.net.InetSocketAddress(host, port);
+ if(_instance.networkTraceLevel() >= 2)
+ {
+ String s = "attempting to bind to ssl socket " + toString();
+ _logger.trace(_instance.networkTraceCategory(), s);
+ }
+ java.net.InetSocketAddress iface = IceInternal.Network.getAddress(host, port);
+ _fd = (javax.net.ssl.SSLServerSocket)factory.createServerSocket(port, _backlog, iface.getAddress());
+ _addr = (java.net.InetSocketAddress)_fd.getLocalSocketAddress();
+
+ int verifyPeer =
+ _instance.communicator().getProperties().getPropertyAsIntWithDefault("IceSSL.VerifyPeer", 2);
+ if(verifyPeer == 0)
+ {
+ _fd.setWantClientAuth(false);
+ _fd.setNeedClientAuth(false);
+ }
+ else if(verifyPeer == 1)
+ {
+ _fd.setWantClientAuth(true);
+ }
+ else
+ {
+ _fd.setNeedClientAuth(true);
+ }
+
+ String[] cipherSuites =
+ _instance.filterCiphers(_fd.getSupportedCipherSuites(), _fd.getEnabledCipherSuites());
+ try
+ {
+ _fd.setEnabledCipherSuites(cipherSuites);
+ }
+ catch(IllegalArgumentException ex)
+ {
+ Ice.SecurityException e = new Ice.SecurityException();
+ e.reason = "IceSSL: invalid ciphersuite";
+ e.initCause(ex);
+ throw e;
+ }
+ if(_instance.securityTraceLevel() > 0)
+ {
+ StringBuffer s = new StringBuffer();
+ s.append("enabling SSL ciphersuites for server socket " + toString() + ":");
+ for(int i = 0; i < cipherSuites.length; ++i)
+ {
+ s.append("\n " + cipherSuites[i]);
+ }
+ _logger.trace(_instance.securityTraceCategory(), s.toString());
+ }
+
+ String[] protocols = _instance.protocols();
+ if(protocols != null)
+ {
+ try
+ {
+ _fd.setEnabledProtocols(protocols);
+ }
+ catch(IllegalArgumentException ex)
+ {
+ Ice.SecurityException e = new Ice.SecurityException();
+ e.reason = "IceSSL: invalid protocol";
+ e.initCause(ex);
+ throw e;
+ }
+ }
+ }
+ catch(java.io.IOException ex)
+ {
+ try
+ {
+ if(_fd != null)
+ {
+ _fd.close();
+ }
+ }
+ catch(java.io.IOException e)
+ {
+ }
+ _fd = null;
+ Ice.SocketException se = new Ice.SocketException();
+ se.initCause(ex);
+ throw se;
+ }
}
protected void
finalize()
- throws Throwable
+ throws Throwable
{
- assert(_fd == null);
+ assert(_fd == null);
- super.finalize();
+ super.finalize();
}
private static class HandshakeThread extends Thread
{
- HandshakeThread(javax.net.ssl.SSLSocket fd)
- {
- _fd = fd;
- _ok = false;
- }
-
- public void
- run()
- {
- try
- {
- _fd.getSession();
- synchronized(this)
- {
- _ok = true;
- notifyAll();
- }
-
- }
- catch(RuntimeException ex)
- {
- synchronized(this)
- {
- _ex = ex;
- notifyAll();
- }
- }
- }
-
- boolean
- waitForHandshake(int timeout)
- {
- boolean result = false;
-
- synchronized(this)
- {
- while(!_ok && _ex == null)
- {
- try
- {
- wait(timeout);
- break;
- }
- catch(InterruptedException ex)
- {
- continue;
- }
- }
-
- if(_ex != null)
- {
- throw _ex;
- }
-
- result = _ok;
- }
-
- return result;
- }
-
- private javax.net.ssl.SSLSocket _fd;
- private boolean _ok;
- private RuntimeException _ex;
+ HandshakeThread(javax.net.ssl.SSLSocket fd)
+ {
+ _fd = fd;
+ _ok = false;
+ }
+
+ public void
+ run()
+ {
+ try
+ {
+ _fd.getSession();
+ synchronized(this)
+ {
+ _ok = true;
+ notifyAll();
+ }
+
+ }
+ catch(RuntimeException ex)
+ {
+ synchronized(this)
+ {
+ _ex = ex;
+ notifyAll();
+ }
+ }
+ }
+
+ boolean
+ waitForHandshake(int timeout)
+ {
+ boolean result = false;
+
+ synchronized(this)
+ {
+ while(!_ok && _ex == null)
+ {
+ try
+ {
+ wait(timeout);
+ break;
+ }
+ catch(InterruptedException ex)
+ {
+ continue;
+ }
+ }
+
+ if(_ex != null)
+ {
+ throw _ex;
+ }
+
+ result = _ok;
+ }
+
+ return result;
+ }
+
+ private javax.net.ssl.SSLSocket _fd;
+ private boolean _ok;
+ private RuntimeException _ex;
}
private Instance _instance;
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-03 18:21:07 +0000