📄 tlstransport.java
字号:
membership = (PSEMembershipService) groupMembership; PropertyChangeListener mpcl = new membershipPCL(); membership.addPropertyChangeListener( mpcl ); try { serviceCert = membership.getPSEConfig().getTrustedCertificateChain(assignedID); Enumeration eachCred = membership.getCurrentCredentials(); while (eachCred.hasMoreElements()) { PSECredential aCred = (PSECredential) eachCred.nextElement(); // send a fake property change event. mpcl.propertyChange(new PropertyChangeEvent(membership, "addCredential", null, aCred)); } } catch (IOException failed) { serviceCert = null; } catch (KeyStoreException failed) { serviceCert = null; } // Create the TLS Manager manager = new TlsManager(this); // Connect ourself to the EndpointService try { endpoint.addIncomingMessageListener(manager, JTlsDefs.ServiceName, null); } catch (Throwable e2) { if (LOG.isEnabledFor(Level.ERROR)) { LOG.error("TLS could not register listener...as good as dead", e2); } return -1; } return 0; } /** * {@inheritDoc} */ public synchronized void stopApp() { if( null != endpoint ) { endpoint.removeIncomingMessageListener(JTlsDefs.ServiceName, null); endpoint.removeMessageTransport(this); endpoint = null; } if(null != manager) { manager.close(); manager = null; } if(null != membership) { membership.removePropertyChangeListener(membershipListener); membershipListener = null; membership = null; } PSECredential temp = credential; if (null != temp) { temp.removePropertyChangeListener(credentialListener); credentialListener = null; credential = null; } } /** * {@inheritDoc} **/ public boolean isConnectionOriented() { return true; } /** * {@inheritDoc} */ public boolean allowsRouting() { // The TLS connection should not be used for default routing return false; } /** * {@inheritDoc} */ public Object transportControl(Object operation, Object Value) { return null; } /** * {@inheritDoc} */ public EndpointAddress getPublicAddress() { return (EndpointAddress) localTlsPeerAddr.clone(); } /** * {@inheritDoc} */ public EndpointService getEndpointService() { return endpoint; } /** * {@inheritDoc} */ public Iterator getPublicAddresses() { return Collections.singletonList(getPublicAddress()).iterator(); } /** * {@inheritDoc} */ public String getProtocolName() { return JTlsDefs.tlsPName; } /** *(@inheritdoc} */ public boolean isPropagateEnabled() { return false; } /** *(@inheritdoc} */ public boolean isPropagationSupported() { return false; } /** * {@inheritDoc} * * <p/>TLS provides a point to point secure channel. It is not intended * to provide a one to many secure channel, therefore propagation is not * possible on TlsTransport. * * <p/>All messages are lost in the ether */ public void propagate(Message srcMsg, String pName, String pParam, String prunePeer) throws IOException {} /** * {@inheritDoc} */ public boolean ping(EndpointAddress addr) { return null != getMessenger(addr, null); } /** * {@inheritDoc} * * XXX bondolo 20040522 The hint could be used in request for the * underlying messenger. */ public Messenger getMessenger(EndpointAddress addr, Object hintIgnored) { if (LOG.isEnabledFor(Level.DEBUG)) { LOG.debug("getMessenger for " + addr ); } EndpointAddress plainAddress = new EndpointAddress(addr, null, null); // If the dest is the local peer, just loop it back without going // through the TLS. Local communication do not use TLS. if (plainAddress.equals(localTlsPeerAddr)) { if (LOG.isEnabledFor(Level.DEBUG)) { LOG.debug("returning LoopbackMessenger"); } return new TlsLoopbackMessenger(endpoint, plainAddress, addr, localPeerAddr); } // Create a Peer EndpointAddress EndpointAddress dstPAddr = mkAddress(ID.URIEncodingName + ":" + ID.URNNamespace + ":" + addr.getProtocolAddress(), null, null); TlsConn conn = manager.getTlsConn(dstPAddr); if (conn == null) { if (LOG.isEnabledFor(Level.ERROR)) { LOG.error("Cannot get a TLS connection for " + dstPAddr); } // No connection was either available or created. Cannot do TLS // with the destination address. return null; } if (LOG.isEnabledFor(Level.DEBUG)) { LOG.debug("TlsMessanger with TlsConn DONE"); } // Build a TlsMessenger around it that will add our header. // Right now we do not want to "announce" outgoing messengers because they get pooled and so must // not be grabbed by a listener. If "announcing" is to be done, that should be by the endpoint // and probably with a subtely different interface. return new TlsMessenger(addr, conn, this); } /** * processReceivedMessage is invoked by the TLS Manager when a message has been * completely received and is ready to be delivered to the service/application */ void processReceivedMessage(Message msg) { if (LOG.isEnabledFor(Level.DEBUG)) { LOG.debug("processReceivedMessage starts"); } // add a property to the message to indicate it came from us. msg.setMessageProperty(TlsTransport.class, this); // let the message continue to its final destination. try { endpoint.demux(msg); } catch (Throwable e) { if (LOG.isEnabledFor(Level.WARN)) { LOG.warn("Failure demuxing an incoming message", e); } } } /** * Convenience method for constructing an endpoint address from an id * * @param destPeer peer id * @param serv the service name (if any) * @param parm the service param (if any) * @param endpointAddress for this peer id. */ private final static EndpointAddress mkAddress(String destPeer, String serv, String parm) { ID asID = null; try { asID = IDFactory.fromURI(new URI(destPeer)); } catch (URISyntaxException caught) { throw new IllegalArgumentException(caught.getMessage()); } return mkAddress(asID, serv, parm); } /** * Convenience method for constructing an endpoint address from an id * * @param destPeer peer id * @param serv the service name (if any) * @param parm the service param (if any) * @param endpointAddress for this peer id. */ private final static EndpointAddress mkAddress(ID destPeer, String serv, String parm) { EndpointAddress addr = new EndpointAddress("jxta", destPeer.getUniqueValue().toString(), serv, parm); return addr; } /** * Listener for Property Changed Events on our credential **/ class credentialPCL implements PropertyChangeListener { /** * {@inheritDoc} * * <p/>Handle events on our active credential. **/ public synchronized void propertyChange(PropertyChangeEvent evt) { if (credential == evt.getSource()) { if (!credential.isValid()) { if (LOG.isEnabledFor(Level.INFO)) { LOG.info("Clearing credential/certfile " ); } credential.removePropertyChangeListener(this); credential = null; } } } } /** * Listener for Property Changed Events on membership service **/ class membershipPCL implements PropertyChangeListener { /** * {@inheritDoc} **/ public synchronized void propertyChange(PropertyChangeEvent evt) { String evtProp = evt.getPropertyName(); PSECredential cred = (PSECredential) evt.getNewValue(); boolean validCertificate = true; if (null != serviceCert) try { serviceCert[0].checkValidity(); } catch (Exception notValidException) { validCertificate = false; } if ("addCredential".equals(evtProp) && ((null == serviceCert) || !validCertificate )) { // no service Cert or Non-valid Cert? Make one. Exception failure = null; try { X509Certificate peerCert = membership.getPSEConfig().getTrustedCertificate(group.getPeerID()); X500Principal credSubjectDN = cred.getCertificate().getSubjectX500Principal(); X500Principal peerCertSubjectDN = peerCert.getSubjectX500Principal(); if (LOG.isEnabledFor(Level.DEBUG)) { LOG.debug("Checking credential cert for match to peer cert" + "\n\tcred subject=" + credSubjectDN + "\n\tpeer subject=" + peerCertSubjectDN ); } if (peerCertSubjectDN.equals(credSubjectDN) ) { serviceCert = cred.generateServiceCertificate( assignedID ); } } catch( IOException failed ) { failure = failed; } catch( KeyStoreException failed ) { failure = failed; } catch( InvalidKeyException failed ) { failure = failed; } catch( SignatureException failed ) { failure = failed; } if(null != failure) { if( LOG.isEnabledFor(Level.ERROR) ) { LOG.error( "Failure building service certificate", failure ); } return; } } if ("addCredential".equals(evtProp)) { Exception failure = null; try { X509Certificate credCert = (X509Certificate) cred.getCertificate(); X500Principal credSubjectDN = credCert.getSubjectX500Principal(); X500Principal serviceIssuerDN = serviceCert[0].getIssuerX500Principal(); if (LOG.isEnabledFor(Level.DEBUG)) { LOG.debug("Checking credential cert for match to service issuer cert" + "\n\tcred subject=" + credSubjectDN + "\n\t svc issuer=" + serviceIssuerDN ); } if (credSubjectDN.equals(serviceIssuerDN)) { if (LOG.isEnabledFor(Level.INFO)) { LOG.info("Setting credential/certfile " ); } credential = cred.getServiceCredential( assignedID ); if( null != credential ) { credentialListener = new credentialPCL(); credential.addPropertyChangeListener(credentialListener); } } } catch( IOException failed ) { failure = failed; } catch( PeerGroupException failed ) { failure = failed; } catch( InvalidKeyException failed ) { failure = failed; } catch( SignatureException failed ) { failure = failed; } if(null != failure) { if( LOG.isEnabledFor(Level.ERROR) ) { LOG.error( "Failure building service credential", failure ); } return; } } } }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -