📄 tlstransport.java
字号:
} membership = (PSEMembershipService) groupMembership; PropertyChangeListener mpcl = new membershipPCL(); membership.addPropertyChangeListener(mpcl); try { serviceCert = membership.getPSEConfig().getTrustedCertificateChain(assignedID); Enumeration eachCred = membership.getCurrentCredentials(); while (eachCred.hasMoreElements()) { PSECredential aCred = (PSECredential) eachCred.nextElement(); // send a fake property change event. mpcl.propertyChange(new PropertyChangeEvent(membership, "addCredential", null, aCred)); } } catch (IOException failed) { serviceCert = null; } catch (KeyStoreException failed) { serviceCert = null; } // Create the TLS Manager manager = new TlsManager(this); // Connect ourself to the EndpointService try { endpoint.addIncomingMessageListener(manager, JTlsDefs.ServiceName, null); } catch (Throwable e2) { if (Logging.SHOW_SEVERE && LOG.isLoggable(Level.SEVERE)) { LOG.log(Level.SEVERE, "TLS could not register listener...as good as dead", e2); } return -1; } return 0; } /** * {@inheritDoc} */ public synchronized void stopApp() { if (null != endpoint) { endpoint.removeIncomingMessageListener(JTlsDefs.ServiceName, null); endpoint.removeMessageTransport(this); endpoint = null; } if (null != manager) { manager.close(); manager = null; } if (null != membership) { membership.removePropertyChangeListener(membershipListener); membershipListener = null; membership = null; } PSECredential temp = credential; if (null != temp) { temp.removePropertyChangeListener(credentialListener); credentialListener = null; credential = null; } } /** * {@inheritDoc} **/ public boolean isConnectionOriented() { return true; } /** * {@inheritDoc} */ public boolean allowsRouting() { // The TLS connection should not be used for default routing return false; } /** * {@inheritDoc} */ public Object transportControl(Object operation, Object Value) { return null; } /** * {@inheritDoc} */ public EndpointAddress getPublicAddress() { return localTlsPeerAddr; } /** * {@inheritDoc} */ public EndpointService getEndpointService() { return endpoint; } /** * {@inheritDoc} */ public Iterator getPublicAddresses() { return Collections.singletonList(getPublicAddress()).iterator(); } /** * {@inheritDoc} */ public String getProtocolName() { return JTlsDefs.tlsPName; } /** * {@inheritDoc} */ public boolean ping(EndpointAddress addr) { return null != getMessenger(addr, null); } /** * {@inheritDoc} * * XXX bondolo 20040522 The hint could be used in request for the * underlying messenger. */ public Messenger getMessenger(EndpointAddress addr, Object hintIgnored) { if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) { LOG.fine("getMessenger for " + addr); } EndpointAddress plainAddress = new EndpointAddress(addr, null, null); // If the dest is the local peer, just loop it back without going // through the TLS. Local communication do not use TLS. if (plainAddress.equals(localTlsPeerAddr)) { if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) { LOG.fine("returning LoopbackMessenger"); } return new TlsLoopbackMessenger(endpoint, plainAddress, addr, localPeerAddr); } // Create a Peer EndpointAddress EndpointAddress dstPAddr = mkAddress(ID.URIEncodingName + ":" + ID.URNNamespace + ":" + addr.getProtocolAddress(), null , null); TlsConn conn = manager.getTlsConn(dstPAddr); if (conn == null) { if (Logging.SHOW_SEVERE && LOG.isLoggable(Level.SEVERE)) { LOG.severe("Cannot get a TLS connection for " + dstPAddr); } // No connection was either available or created. Cannot do TLS // with the destination address. return null; } if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) { LOG.fine("TlsMessanger with TlsConn DONE"); } // Build a TlsMessenger around it that will add our header. // Right now we do not want to "announce" outgoing messengers because they get pooled and so must // not be grabbed by a listener. If "announcing" is to be done, that should be by the endpoint // and probably with a subtely different interface. return new TlsMessenger(addr, conn, this); } /** * processReceivedMessage is invoked by the TLS Manager when a message has been * completely received and is ready to be delivered to the service/application */ void processReceivedMessage(final Message msg) { if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) { LOG.fine("processReceivedMessage starts"); } // add a property to the message to indicate it came from us. msg.setMessageProperty(TlsTransport.class, this); // let the message continue to its final destination. try { ((GenericPeerGroup)group).getExecutor().execute( new Runnable() { public void run() { try { endpoint.demux(msg); } catch(Throwable uncaught) { if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) { LOG.log(Level.WARNING, "Failure demuxing an incoming message", uncaught); } } } }); } catch (Throwable e) { if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) { LOG.log(Level.WARNING, "Failure demuxing an incoming message", e); } } } /** * Convenience method for constructing an endpoint address from an id * * @param destPeer peer id * @param serv the service name (if any) * @param parm the service param (if any) * @param endpointAddress for this peer id. */ private final static EndpointAddress mkAddress(String destPeer, String serv, String parm) { ID asID = null; try { asID = IDFactory.fromURI(new URI(destPeer)); } catch (URISyntaxException caught) { throw new IllegalArgumentException(caught.getMessage()); } return mkAddress(asID, serv, parm); } /** * Convenience method for constructing an endpoint address from an id * * @param destPeer peer id * @param serv the service name (if any) * @param parm the service param (if any) * @param endpointAddress for this peer id. */ private final static EndpointAddress mkAddress(ID destPeer, String serv, String parm) { EndpointAddress addr = new EndpointAddress("jxta", destPeer.getUniqueValue().toString(), serv, parm); return addr; } /** * Listener for Property Changed Events on our credential **/ class credentialPCL implements PropertyChangeListener { /** * {@inheritDoc} * * <p/>Handle events on our active credential. **/ public synchronized void propertyChange(PropertyChangeEvent evt) { if (credential == evt.getSource()) { if (!credential.isValid()) { if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) { LOG.info("Clearing credential/certfile "); } credential.removePropertyChangeListener(this); credential = null; } } } } /** * Listener for Property Changed Events on membership service **/ class membershipPCL implements PropertyChangeListener { /** * {@inheritDoc} **/ public synchronized void propertyChange(PropertyChangeEvent evt) { String evtProp = evt.getPropertyName(); PSECredential cred = (PSECredential) evt.getNewValue(); boolean validCertificate = true; if (null != serviceCert) { try { serviceCert[0].checkValidity(); } catch (Exception notValidException) { validCertificate = false; } } if ("addCredential".equals(evtProp) && ((null == serviceCert) || !validCertificate)) { // no service Cert or Non-valid Cert? Make one. Exception failure = null; try { X509Certificate peerCert = membership.getPSEConfig().getTrustedCertificate(group.getPeerID()); X500Principal credSubjectDN = cred.getCertificate().getSubjectX500Principal(); X500Principal peerCertSubjectDN = peerCert.getSubjectX500Principal(); if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) { LOG.fine( "Checking credential cert for match to peer cert" + "\n\tcred subject=" + credSubjectDN + "\n\tpeer subject=" + peerCertSubjectDN); } if (peerCertSubjectDN.equals(credSubjectDN)) { serviceCert = cred.generateServiceCertificate(assignedID); } } catch (IOException failed) { failure = failed; } catch (KeyStoreException failed) { failure = failed; } catch (InvalidKeyException failed) { failure = failed; } catch (SignatureException failed) { failure = failed; } if (null != failure) { if (Logging.SHOW_SEVERE && LOG.isLoggable(Level.SEVERE)) { LOG.log(Level.SEVERE, "Failure building service certificate", failure); } return; } } if ("addCredential".equals(evtProp)) { Exception failure = null; try { X509Certificate credCert = cred.getCertificate(); X500Principal credSubjectDN = credCert.getSubjectX500Principal(); X500Principal serviceIssuerDN = serviceCert[0].getIssuerX500Principal(); if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) { LOG.fine( "Checking credential cert for match to service issuer cert" + "\n\tcred subject=" + credSubjectDN + "\n\t svc issuer=" + serviceIssuerDN); } if (credSubjectDN.equals(serviceIssuerDN)) { if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) { LOG.info("Setting credential/certfile "); } credential = cred.getServiceCredential(assignedID); if (null != credential) { credentialListener = new credentialPCL(); credential.addPropertyChangeListener(credentialListener); } } } catch (IOException failed) { failure = failed; } catch (PeerGroupException failed) { failure = failed; } catch (InvalidKeyException failed) { failure = failed; } catch (SignatureException failed) { failure = failed; } if (null != failure) { if (Logging.SHOW_SEVERE && LOG.isLoggable(Level.SEVERE)) { LOG.log(Level.SEVERE, "Failure building service credential", failure); } return; } } } }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -