View Javadoc

1   /*
2    * $Id: SslMessageReceiver.java 10961 2008-02-22 19:01:02Z dfeist $
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSource, Inc.  All rights reserved.  http://www.mulesource.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  
11  package org.mule.transport.ssl;
12  
13  import org.mule.DefaultMuleMessage;
14  import org.mule.api.endpoint.InboundEndpoint;
15  import org.mule.api.lifecycle.CreateException;
16  import org.mule.api.service.Service;
17  import org.mule.api.transport.Connector;
18  import org.mule.transport.AbstractMessageReceiver;
19  import org.mule.transport.tcp.TcpMessageReceiver;
20  
21  import java.io.IOException;
22  import java.net.Socket;
23  import java.security.cert.Certificate;
24  
25  import javax.net.ssl.HandshakeCompletedEvent;
26  import javax.net.ssl.HandshakeCompletedListener;
27  import javax.net.ssl.SSLPeerUnverifiedException;
28  import javax.net.ssl.SSLSocket;
29  import javax.resource.spi.work.Work;
30  
31  import edu.emory.mathcs.backport.java.util.concurrent.CountDownLatch;
32  import edu.emory.mathcs.backport.java.util.concurrent.TimeUnit;
33  
34  
35  public class SslMessageReceiver extends TcpMessageReceiver implements HandshakeCompletedListener
36  {
37  
38      // we must wait for handshake to complete before sending message, as the callback
39      // sets important properties.  the wait period is arbitrary, but the two threads
40      // are approximately synchronized (handshake completes before/at same time as
41      // message is received) so value should not be critical
42      private CountDownLatch handshakeComplete = new CountDownLatch(1);
43      private static final long HANDSHAKE_WAIT = 30000L;
44      private Certificate[] peerCertificateChain;
45      private Certificate[] localCertificateChain;
46  
47      public SslMessageReceiver(Connector connector, Service service, InboundEndpoint endpoint)
48              throws CreateException
49      {
50          super(connector, service, endpoint);
51      }
52  
53      protected Work createWork(Socket socket) throws IOException
54      {
55          return new SslWorker(socket, this);
56      }
57  
58      private void preRoute(DefaultMuleMessage message) throws Exception
59      {
60          handshakeComplete.await(HANDSHAKE_WAIT, TimeUnit.MILLISECONDS);
61          if (0 != handshakeComplete.getCount())
62          {
63              throw new IllegalStateException("Handshake did not complete");
64          }
65          if (peerCertificateChain != null)
66          {
67              message.setProperty(SslConnector.PEER_CERTIFICATES, peerCertificateChain);
68          }
69          if (localCertificateChain != null)
70          {
71              message.setProperty(SslConnector.LOCAL_CERTIFICATES, localCertificateChain);
72          }
73      }
74  
75      public void handshakeCompleted(HandshakeCompletedEvent event)
76      {
77          try
78          {
79              localCertificateChain = event.getLocalCertificates();
80              try
81              {
82                  peerCertificateChain = event.getPeerCertificates();
83              }
84              catch (SSLPeerUnverifiedException e)
85              {
86                  logger.debug("Cannot get peer certificate chain: "+ e.getMessage());
87              }
88          }
89          finally
90          {
91              handshakeComplete.countDown();
92          }
93      }
94  
95      protected class SslWorker extends TcpWorker
96      {
97          public SslWorker(Socket socket, AbstractMessageReceiver receiver) throws IOException
98          {
99              super(socket, receiver);
100             ((SSLSocket) socket).addHandshakeCompletedListener(SslMessageReceiver.this);
101         }
102 
103         protected void preRouteMuleMessage(DefaultMuleMessage message) throws Exception
104         {
105             super.preRouteMuleMessage(message);
106 
107             preRoute(message);
108         }
109 
110         protected void shutdownSocket() throws IOException
111         {
112             // SSL Sockets don't support shutdownSocket
113         }
114     }
115     
116 }