/*
|
* CDDL HEADER START
|
*
|
* The contents of this file are subject to the terms of the
|
* Common Development and Distribution License, Version 1.0 only
|
* (the "License"). You may not use this file except in compliance
|
* with the License.
|
*
|
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
|
* or http://forgerock.org/license/CDDLv1.0.html.
|
* See the License for the specific language governing permissions
|
* and limitations under the License.
|
*
|
* When distributing Covered Code, include this CDDL HEADER in each
|
* file and include the License file at legal-notices/CDDLv1_0.txt.
|
* If applicable, add the following below this CDDL HEADER, with the
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
* information:
|
* Portions Copyright [yyyy] [name of copyright owner]
|
*
|
* CDDL HEADER END
|
*
|
*
|
* Copyright 2014 ForgeRock AS
|
*/
|
|
package org.forgerock.opendj.grizzly;
|
|
import java.io.IOException;
|
import java.security.GeneralSecurityException;
|
import java.util.List;
|
|
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.SSLEngine;
|
|
import org.forgerock.opendj.io.LDAPWriter;
|
import org.forgerock.opendj.ldap.IntermediateResponseHandler;
|
import org.forgerock.opendj.ldap.LdapException;
|
import org.forgerock.opendj.ldap.LdapPromise;
|
import org.forgerock.opendj.ldap.ResultCode;
|
import org.forgerock.opendj.ldap.SSLContextBuilder;
|
import org.forgerock.opendj.ldap.TrustManagers;
|
import org.forgerock.opendj.ldap.requests.AbandonRequest;
|
import org.forgerock.opendj.ldap.requests.BindClient;
|
import org.forgerock.opendj.ldap.requests.BindRequest;
|
import org.forgerock.opendj.ldap.requests.GenericBindRequest;
|
import org.forgerock.opendj.ldap.requests.Request;
|
import org.forgerock.opendj.ldap.requests.UnbindRequest;
|
import org.forgerock.opendj.ldap.responses.ExtendedResult;
|
import org.forgerock.opendj.ldap.responses.Responses;
|
import org.forgerock.opendj.ldap.responses.Result;
|
import org.forgerock.opendj.ldap.spi.AbstractLdapConnectionImpl;
|
import org.forgerock.opendj.ldap.spi.BindResultLdapPromiseImpl;
|
import org.forgerock.opendj.ldap.spi.ResultLdapPromiseImpl;
|
import org.forgerock.util.Reject;
|
import org.glassfish.grizzly.CompletionHandler;
|
import org.glassfish.grizzly.filterchain.Filter;
|
import org.glassfish.grizzly.filterchain.FilterChain;
|
import org.glassfish.grizzly.ssl.SSLEngineConfigurator;
|
import org.glassfish.grizzly.ssl.SSLFilter;
|
|
import static org.forgerock.opendj.ldap.LdapException.*;
|
import static org.forgerock.opendj.ldap.spi.LdapPromises.*;
|
|
final class GrizzlyLDAPConnection extends AbstractLdapConnectionImpl<GrizzlyLDAPConnectionFactory> {
|
/**
|
* A dummy SSL client engine configurator as SSLFilter only needs client
|
* config. This prevents Grizzly from needlessly using JVM defaults which
|
* may be incorrectly configured.
|
*/
|
private static final SSLEngineConfigurator DUMMY_SSL_ENGINE_CONFIGURATOR;
|
static {
|
try {
|
DUMMY_SSL_ENGINE_CONFIGURATOR = new SSLEngineConfigurator(new SSLContextBuilder().setTrustManager(
|
TrustManagers.distrustAll()).getSSLContext());
|
} catch (GeneralSecurityException e) {
|
// This should never happen.
|
throw new IllegalStateException("Unable to create Dummy SSL Engine Configurator", e);
|
}
|
}
|
|
private final org.glassfish.grizzly.Connection<?> connection;
|
|
@SuppressWarnings("rawtypes")
|
public GrizzlyLDAPConnection(final org.glassfish.grizzly.Connection connection,
|
final GrizzlyLDAPConnectionFactory attachedFactory) {
|
super(attachedFactory);
|
this.connection = connection;
|
}
|
|
@Override
|
protected LdapPromise<Void> abandonAsync0(final int messageID, final AbandonRequest request) {
|
final LDAPWriter<ASN1BufferWriter> writer = GrizzlyUtils.getWriter();
|
try {
|
writer.writeAbandonRequest(messageID, request);
|
connection.write(writer.getASN1Writer().getBuffer(), null);
|
return newSuccessfulLdapPromise((Void) null, messageID);
|
} catch (final IOException e) {
|
return newFailedLdapPromise(newLdapException(adaptRequestIOException(e)));
|
} finally {
|
GrizzlyUtils.recycleWriter(writer);
|
}
|
}
|
|
@Override
|
protected void bindAsync0(final int messageID, final BindRequest request, final BindClient bindClient,
|
final IntermediateResponseHandler intermediateResponseHandler) throws LdapException {
|
checkConnectionIsValid();
|
final LDAPWriter<ASN1BufferWriter> writer = GrizzlyUtils.getWriter();
|
try {
|
// Use the bind client to get the initial request instead of
|
// using the bind request passed to this method.
|
final GenericBindRequest initialRequest = bindClient.nextBindRequest();
|
writer.writeBindRequest(messageID, 3, initialRequest);
|
connection.write(writer.getASN1Writer().getBuffer(), null);
|
} catch (final IOException e) {
|
throw newLdapException(adaptRequestIOException(e));
|
} finally {
|
GrizzlyUtils.recycleWriter(writer);
|
}
|
}
|
|
@Override
|
protected void close0(final int messageID, UnbindRequest unbindRequest, String reason) {
|
Reject.ifNull(unbindRequest);
|
// This is the final client initiated close then release the connection
|
// and release resources.
|
final LDAPWriter<ASN1BufferWriter> writer = GrizzlyUtils.getWriter();
|
try {
|
writer.writeUnbindRequest(messageID, unbindRequest);
|
connection.write(writer.getASN1Writer().getBuffer(), null);
|
} catch (final Exception ignore) {
|
/*
|
* Underlying channel probably blown up. Ignore all errors,
|
* including possibly runtime exceptions (see OPENDJ-672).
|
*/
|
} finally {
|
GrizzlyUtils.recycleWriter(writer);
|
}
|
getFactory().getTimeoutChecker().removeListener(this);
|
connection.closeSilently();
|
}
|
|
@Override
|
protected <R extends Request> void writeRequest(final int messageID, final R request,
|
final IntermediateResponseHandler intermediateResponseHandler, final RequestWriter<R> requestWriter) {
|
final LDAPWriter<ASN1BufferWriter> writer = GrizzlyUtils.getWriter();
|
try {
|
requestWriter.writeRequest(messageID, writer, request);
|
connection.write(writer.getASN1Writer().getBuffer(), null);
|
} catch (final IOException e) {
|
removePendingResult(messageID).setResultOrError(adaptRequestIOException(e));
|
} finally {
|
GrizzlyUtils.recycleWriter(writer);
|
}
|
}
|
|
/**
|
* Installs a new Grizzly filter (e.g. SSL/SASL) beneath the top-level LDAP
|
* filter.
|
*
|
* @param filter
|
* The filter to be installed.
|
*/
|
void installFilter(final Filter filter) {
|
synchronized (state) {
|
GrizzlyUtils.addFilterToConnection(filter, connection);
|
}
|
}
|
|
@Override
|
protected boolean isTLSEnabled() {
|
synchronized (state) {
|
final FilterChain currentFilterChain = (FilterChain) connection.getProcessor();
|
for (final Filter filter : currentFilterChain) {
|
if (filter instanceof SSLFilter) {
|
return true;
|
}
|
}
|
return false;
|
}
|
}
|
|
void startTLS(final SSLContext sslContext, final List<String> protocols, final List<String> cipherSuites,
|
final CompletionHandler<SSLEngine> completionHandler) throws IOException {
|
synchronized (state) {
|
if (isTLSEnabled()) {
|
throw new IllegalStateException("TLS already enabled");
|
}
|
|
final SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(sslContext, true, false,
|
false);
|
sslEngineConfigurator.setEnabledProtocols(protocols.isEmpty() ? null : protocols
|
.toArray(new String[protocols.size()]));
|
sslEngineConfigurator.setEnabledCipherSuites(cipherSuites.isEmpty() ? null : cipherSuites
|
.toArray(new String[cipherSuites.size()]));
|
final SSLFilter sslFilter = new SSLFilter(DUMMY_SSL_ENGINE_CONFIGURATOR, sslEngineConfigurator);
|
installFilter(sslFilter);
|
sslFilter.handshake(connection, completionHandler);
|
}
|
}
|
|
private Result adaptRequestIOException(final IOException e) {
|
// FIXME: what other sort of IOExceptions can be thrown?
|
// FIXME: Is this the best result code?
|
final Result errorResult = Responses.newResult(ResultCode.CLIENT_SIDE_ENCODING_ERROR).setCause(e);
|
connectionErrorOccurred(false, errorResult);
|
return errorResult;
|
}
|
|
@Override
|
protected ResultLdapPromiseImpl<?, ?> getPendingResult(int messageID) {
|
return super.getPendingResult(messageID);
|
};
|
|
@Override
|
protected <R extends Request, S extends Result> ResultLdapPromiseImpl<R, S> removePendingResult(
|
final Integer messageID) {
|
return super.removePendingResult(messageID);
|
}
|
|
@Override
|
protected void connectionErrorOccurred(boolean isDisconnectNotification, Result reason) {
|
super.connectionErrorOccurred(isDisconnectNotification, reason);
|
}
|
|
@Override
|
protected void handleUnsolicitedNotification(final ExtendedResult notification) {
|
super.handleUnsolicitedNotification(notification);
|
}
|
|
int continuePendingBindRequest(BindResultLdapPromiseImpl promise)
|
throws LdapException {
|
final int newMsgID = newMessageID();
|
checkConnectionIsValid();
|
addPendingResult(newMsgID, promise);
|
|
return newMsgID;
|
}
|
}
|
