Apache MINA 2.2.X update

Author: the-thing

quickfixj-core/pom.xml

@@ -59,7 +59,7 @@
         <dependency>
             <groupId>org.apache.mina</groupId>
             <artifactId>mina-core</artifactId>
-            <version>2.1.6</version>
+            <version>2.2.2-SNAPSHOT</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>

quickfixj-core/src/main/java/quickfix/mina/acceptor/AbstractSocketAcceptor.java

@@ -133,9 +133,8 @@ private void installSSL(AcceptorSocketDescriptor descriptor,
         SSLConfig sslConfig = descriptor.getSslConfig();
         SSLContext sslContext = SSLContextFactory.getInstance(sslConfig);
         SSLFilter sslFilter = new SSLFilter(sslContext);
-        sslFilter.setUseClientMode(false);
         sslFilter.setNeedClientAuth(sslConfig.isNeedClientAuth());
-        sslFilter.setCipherSuites(sslConfig.getEnabledCipherSuites() != null ? sslConfig.getEnabledCipherSuites()
+        sslFilter.setEnabledCipherSuites(sslConfig.getEnabledCipherSuites() != null ? sslConfig.getEnabledCipherSuites()
                 : SSLSupport.getDefaultCipherSuites(sslContext));
         sslFilter.setEnabledProtocols(sslConfig.getEnabledProtocols() != null ? sslConfig.getEnabledProtocols()
                 : SSLSupport.getSupportedProtocols(sslContext));

quickfixj-core/src/main/java/quickfix/mina/initiator/InitiatorProxyIoHandler.java

@@ -61,8 +61,8 @@ public void exceptionCaught(IoSession ioSession, Throwable cause) throws Excepti
 
     @Override
     public void proxySessionOpened(IoSession ioSession) throws Exception {
-        if (this.sslFilter != null) {
-            this.sslFilter.initiateHandshake(ioSession);
-        }
+//        if (this.sslFilter != null) {
+//            this.sslFilter.initiateHandshake(ioSession);
+//        }
     }
 }

quickfixj-core/src/main/java/quickfix/mina/initiator/IoSessionInitiator.java

@@ -155,7 +155,7 @@ private void setupIoConnector() throws ConfigError, GeneralSecurityException {
 
             SSLFilter sslFilter = null;
             if (sslEnabled) {
-                sslFilter = installSslFilter(ioFilterChainBuilder, !hasProxy);
+                sslFilter = installSslFilter(ioFilterChainBuilder);
             }
 
             ioFilterChainBuilder.addLast(FIXProtocolCodecFactory.FILTER_NAME, new ProtocolCodecFilter(new FIXProtocolCodecFactory()));
@@ -188,16 +188,15 @@ private void setupIoConnector() throws ConfigError, GeneralSecurityException {
             ioConnector = newConnector;
         }
 
-        private SSLFilter installSslFilter(CompositeIoFilterChainBuilder ioFilterChainBuilder, boolean autoStart)
+        private SSLFilter installSslFilter(CompositeIoFilterChainBuilder ioFilterChainBuilder)
                 throws GeneralSecurityException {
             final SSLContext sslContext = SSLContextFactory.getInstance(sslConfig);
-            final SSLFilter sslFilter = new SSLFilter(sslContext, autoStart);
-            sslFilter.setUseClientMode(true);
-            sslFilter.setCipherSuites(sslConfig.getEnabledCipherSuites() != null ? sslConfig.getEnabledCipherSuites()
+            final SSLFilter sslFilter = new SSLFilter(sslContext);
+            sslFilter.setEnabledCipherSuites(sslConfig.getEnabledCipherSuites() != null ? sslConfig.getEnabledCipherSuites()
                     : SSLSupport.getDefaultCipherSuites(sslContext));
             sslFilter.setEnabledProtocols(sslConfig.getEnabledProtocols() != null ? sslConfig.getEnabledProtocols()
                     : SSLSupport.getSupportedProtocols(sslContext));
-            sslFilter.setUseSNI(sslConfig.isUseSNI());
+            sslFilter.setEndpointIdentificationAlgorithm(sslConfig.getEndpointIdentificationAlgorithm());
             ioFilterChainBuilder.addLast(SSLSupport.FILTER_NAME, sslFilter);
             return sslFilter;
         }

quickfixj-core/src/main/java/quickfix/mina/ssl/SSLConfig.java

@@ -20,6 +20,7 @@
 package quickfix.mina.ssl;
 
 import java.util.Arrays;
+import java.util.Objects;
 
 /**
  * Groups together SSL related configuration.
@@ -36,58 +37,7 @@ public class SSLConfig {
 	private String[] enabledProtocols;
 	private String[] enabledCipherSuites;
 	private boolean needClientAuth;
-	private boolean useSNI;
-
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj)
-			return true;
-		if (obj == null)
-			return false;
-		if (getClass() != obj.getClass())
-			return false;
-		SSLConfig other = (SSLConfig) obj;
-		if (!Arrays.equals(enabledCipherSuites, other.enabledCipherSuites))
-			return false;
-		if (!Arrays.equals(enabledProtocols, other.enabledProtocols))
-			return false;
-		if (keyManagerFactoryAlgorithm == null) {
-			if (other.keyManagerFactoryAlgorithm != null)
-				return false;
-		} else if (!keyManagerFactoryAlgorithm.equals(other.keyManagerFactoryAlgorithm))
-			return false;
-		if (keyStoreName == null) {
-			if (other.keyStoreName != null)
-				return false;
-		} else if (!keyStoreName.equals(other.keyStoreName))
-			return false;
-		if (!Arrays.equals(keyStorePassword, other.keyStorePassword))
-			return false;
-		if (keyStoreType == null) {
-			if (other.keyStoreType != null)
-				return false;
-		} else if (!keyStoreType.equals(other.keyStoreType))
-			return false;
-		if (needClientAuth != other.needClientAuth)
-			return false;
-		if (trustManagerFactoryAlgorithm == null) {
-			if (other.trustManagerFactoryAlgorithm != null)
-				return false;
-		} else if (!trustManagerFactoryAlgorithm.equals(other.trustManagerFactoryAlgorithm))
-			return false;
-		if (trustStoreName == null) {
-			if (other.trustStoreName != null)
-				return false;
-		} else if (!trustStoreName.equals(other.trustStoreName))
-			return false;
-		if (!Arrays.equals(trustStorePassword, other.trustStorePassword))
-			return false;
-		if(useSNI != other.useSNI)
-			return false;
-		if (trustStoreType == null) {
-			return other.trustStoreType == null;
-		} else return trustStoreType.equals(other.trustStoreType);
-	}
+	private String endpointIdentificationAlgorithm;
 
 	public String[] getEnabledCipherSuites() {
 		return enabledCipherSuites;
@@ -129,31 +79,12 @@ public String getTrustStoreType() {
 		return trustStoreType;
 	}
 
-	@Override
-	public int hashCode() {
-		final int prime = 31;
-		int result = 1;
-		result = prime * result + Arrays.hashCode(enabledCipherSuites);
-		result = prime * result + Arrays.hashCode(enabledProtocols);
-		result = prime * result + ((keyManagerFactoryAlgorithm == null) ? 0 : keyManagerFactoryAlgorithm.hashCode());
-		result = prime * result + ((keyStoreName == null) ? 0 : keyStoreName.hashCode());
-		result = prime * result + Arrays.hashCode(keyStorePassword);
-		result = prime * result + ((keyStoreType == null) ? 0 : keyStoreType.hashCode());
-		result = prime * result + (needClientAuth ? 1231 : 1237);
-		result = prime * result
-				+ ((trustManagerFactoryAlgorithm == null) ? 0 : trustManagerFactoryAlgorithm.hashCode());
-		result = prime * result + ((trustStoreName == null) ? 0 : trustStoreName.hashCode());
-		result = prime * result + Arrays.hashCode(trustStorePassword);
-		result = prime * result + ((trustStoreType == null) ? 0 : trustStoreType.hashCode());
-		return result;
-	}
-
 	public boolean isNeedClientAuth() {
 		return needClientAuth;
 	}
 
-	public boolean isUseSNI() {
-		return useSNI;
+	public String getEndpointIdentificationAlgorithm() {
+		return endpointIdentificationAlgorithm;
 	}
 
 	public void setEnabledCipherSuites(String[] enabledCipherSuites) {
@@ -184,8 +115,8 @@ public void setNeedClientAuth(boolean needClientAuth) {
 		this.needClientAuth = needClientAuth;
 	}
 
-	public void setUseSNI(boolean useSNI) {
-		this.useSNI = useSNI;
+	public void setEndpointIdentificationAlgorithm(String endpointIdentificationAlgorithm) {
+		this.endpointIdentificationAlgorithm = endpointIdentificationAlgorithm;
 	}
 
 	public void setTrustManagerFactoryAlgorithm(String trustManagerFactoryAlgorithm) {
@@ -203,4 +134,33 @@ public void setTrustStorePassword(char[] trustStorePassword) {
 	public void setTrustStoreType(String trustStoreType) {
 		this.trustStoreType = trustStoreType;
 	}
+
+	@Override
+	public boolean equals(Object o) {
+		if (this == o) return true;
+		if (o == null || getClass() != o.getClass()) return false;
+		SSLConfig sslConfig = (SSLConfig) o;
+		return needClientAuth == sslConfig.needClientAuth &&
+				Objects.equals(keyStoreName, sslConfig.keyStoreName) &&
+				Arrays.equals(keyStorePassword, sslConfig.keyStorePassword) &&
+				Objects.equals(keyManagerFactoryAlgorithm, sslConfig.keyManagerFactoryAlgorithm) &&
+				Objects.equals(keyStoreType, sslConfig.keyStoreType) &&
+				Objects.equals(trustStoreName, sslConfig.trustStoreName) &&
+				Arrays.equals(trustStorePassword, sslConfig.trustStorePassword) &&
+				Objects.equals(trustManagerFactoryAlgorithm, sslConfig.trustManagerFactoryAlgorithm) &&
+				Objects.equals(trustStoreType, sslConfig.trustStoreType) &&
+				Arrays.equals(enabledProtocols, sslConfig.enabledProtocols) &&
+				Arrays.equals(enabledCipherSuites, sslConfig.enabledCipherSuites) &&
+				Objects.equals(endpointIdentificationAlgorithm, sslConfig.endpointIdentificationAlgorithm);
+	}
+
+	@Override
+	public int hashCode() {
+		int result = Objects.hash(keyStoreName, keyManagerFactoryAlgorithm, keyStoreType, trustStoreName, trustManagerFactoryAlgorithm, trustStoreType, needClientAuth, endpointIdentificationAlgorithm);
+		result = 31 * result + Arrays.hashCode(keyStorePassword);
+		result = 31 * result + Arrays.hashCode(trustStorePassword);
+		result = 31 * result + Arrays.hashCode(enabledProtocols);
+		result = 31 * result + Arrays.hashCode(enabledCipherSuites);
+		return result;
+	}
 }

quickfixj-core/src/main/java/quickfix/mina/ssl/SSLFilter.java

@@ -19,70 +19,17 @@
 
 package quickfix.mina.ssl;
 
-import java.net.InetSocketAddress;
-import java.net.SocketAddress;
-import javax.net.ssl.SSLContext;
-
-import javax.net.ssl.SSLException;
-import org.apache.mina.core.filterchain.IoFilterChain;
-import org.apache.mina.core.session.IoSession;
 import org.apache.mina.filter.ssl.SslFilter;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+
+import javax.net.ssl.SSLContext;
 
 /**
  * An extended SSL filter based on MINA {@link SslFilter} that applies
  * some adaptations.
  */
 public class SSLFilter extends SslFilter {
 
-    private final Logger log = LoggerFactory.getLogger(getClass());
-    private boolean useSNI;
-
-    public SSLFilter(SSLContext sslContext, boolean autoStart) {
-        super(sslContext, autoStart);
-    }
-
     public SSLFilter(SSLContext sslContext) {
         super(sslContext);
     }
-
-    /**
-     * Called from {@link SslFilter#onPreAdd} every time a new
-     * session is created which makes it impossible to override enabled cipher
-     * suites configuration.
-     */
-    @Override
-    public void setEnabledCipherSuites(String[] cipherSuites) {
-    }
-
-    public void setCipherSuites(String[] cipherSuites) {
-        super.setEnabledCipherSuites(cipherSuites);
-    }
-
-    /**
-     * Called before filter is added into the chain.
-     * We activate Server Name Indication if it is enabled in the session config.
-     */
-    @Override
-    public void onPreAdd(IoFilterChain parent, String name, NextFilter nextFilter)
-        throws SSLException {
-
-        if (useSNI) {
-            IoSession session = parent.getSession();
-            SocketAddress remoteAddress = session.getRemoteAddress();
-
-            if (remoteAddress instanceof InetSocketAddress) {
-                // activate the SNI support in the JSSE SSLEngine
-                log.info("Activating TLS SNI support for peer address: {}", remoteAddress);
-                session.setAttribute(PEER_ADDRESS, remoteAddress);
-            }
-        }
-
-        super.onPreAdd(parent, name, nextFilter);
-    }
-
-    public void setUseSNI(boolean useSNI) {
-        this.useSNI = useSNI;
-    }
 }

quickfixj-core/src/main/java/quickfix/mina/ssl/SSLSupport.java

@@ -39,7 +39,7 @@ public class SSLSupport {
     public static final String SETTING_TRUST_MANAGER_FACTORY_ALGORITHM = "TrustManagerFactoryAlgorithm";
     public static final String SETTING_TRUST_STORE_TYPE = "TrustStoreType";
     public static final String SETTING_NEED_CLIENT_AUTH = "NeedClientAuth";
-    public static final String SETTING_USE_SNI = "UseSNI";
+    public static final String SETTING_ENDPOINT_IDENTIFICATION_ALGORITHM = "EndpointIdentificationAlgorithm";
     public static final String SETTING_ENABLED_PROTOCOLS = "EnabledProtocols";
     public static final String SETTING_CIPHER_SUITES = "CipherSuites";
     static final String DEFAULT_STORE_TYPE = "JKS";
@@ -111,7 +111,7 @@ public static SSLConfig getSslConfig(SessionSettings sessionSettings, SessionID
         sslConfig.setEnabledCipherSuites(getEnabledCipherSuites(sessionSettings, sessionID));
         sslConfig.setEnabledProtocols(getEnabledProtocols(sessionSettings, sessionID));
         sslConfig.setNeedClientAuth(isNeedClientAuth(sessionSettings, sessionID));
-        sslConfig.setUseSNI(isUseSNI(sessionSettings, sessionID));
+        sslConfig.setEndpointIdentificationAlgorithm(getEndpointIdentificationAlgorithm(sessionSettings, sessionID));
 
         return sslConfig;
     }
@@ -150,7 +150,7 @@ public static boolean isNeedClientAuth(SessionSettings sessionSettings, SessionI
         return "Y".equals(getString(sessionSettings, sessionID, SETTING_NEED_CLIENT_AUTH, "N"));
     }
 
-    public static boolean isUseSNI(SessionSettings sessionSettings, SessionID sessionID) {
-        return "Y".equals(getString(sessionSettings, sessionID, SETTING_USE_SNI, "N"));
+    public static String getEndpointIdentificationAlgorithm(SessionSettings sessionSettings, SessionID sessionID) {
+        return getString(sessionSettings, sessionID, SETTING_ENDPOINT_IDENTIFICATION_ALGORITHM, null);
     }
 }