Merge pull request #635 from the-thing/634_-_mina_2.2.X_update

Apache MINA 2.2.3 update

Author: chrjohn

pom.xml

@@ -101,7 +101,7 @@
 		<fix-orchestra.repository.version>1.6.8</fix-orchestra.repository.version>
 		<docgen.version>1.6.8</docgen.version>
 		<jaxb.version>2.3.3</jaxb.version>
-		<apache.mina.version>2.1.6</apache.mina.version>
+		<apache.mina.version>2.2.3</apache.mina.version>
 		<commons.io.version>2.11.0</commons.io.version>
 		<guava.version>32.0.0-jre</guava.version>
 		<orchestra.file>OrchestraFIXLatest.xml</orchestra.file>

quickfixj-core/src/main/doc/usermanual/usage/configuration.html

@@ -692,10 +692,12 @@ <H3>QuickFIX Settings</H3>
     <TD><a href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html">Java default cipher suites</a></TD>
   </TR>
   <TR ALIGN="left" VALIGN="middle">
-    <TD valign="top"> <I>UseSNI</I></TD>
-    <TD>Configures the SSL engine to use Server Name Indication. This option is only useful to initiators.</TD>
-    <TD>Y<BR>N</TD>
-    <TD>N</TD>
+    <TD valign="top"> <I>EndpointIdentificationAlgorithm</I></TD>
+      <TD>Sets the endpoint identification algorithm. If the algorithm parameter is non-null, the endpoint identification/verification procedures must be handled during SSL/TLS handshaking. See
+          <a href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#jssenames">Endpoint Identification
+          Algorithm Names</a></TD>
+    <TD></TD>
+    <TD></TD>
   </TR>
 
   <TR ALIGN="center" VALIGN="middle">

quickfixj-core/src/main/java/quickfix/mina/acceptor/AbstractSocketAcceptor.java

@@ -23,6 +23,7 @@
 import org.apache.mina.core.buffer.SimpleBufferAllocator;
 import org.apache.mina.core.service.IoAcceptor;
 import org.apache.mina.filter.codec.ProtocolCodecFilter;
+import org.apache.mina.filter.ssl.SslFilter;
 import quickfix.Acceptor;
 import quickfix.Application;
 import quickfix.ConfigError;
@@ -45,7 +46,6 @@
 import quickfix.mina.message.FIXProtocolCodecFactory;
 import quickfix.mina.ssl.SSLConfig;
 import quickfix.mina.ssl.SSLContextFactory;
-import quickfix.mina.ssl.SSLFilter;
 import quickfix.mina.ssl.SSLSupport;
 
 import javax.net.ssl.SSLContext;
@@ -132,10 +132,9 @@ private void installSSL(AcceptorSocketDescriptor descriptor,
         log.info("Installing SSL filter for {}", descriptor.getAddress());
         SSLConfig sslConfig = descriptor.getSslConfig();
         SSLContext sslContext = SSLContextFactory.getInstance(sslConfig);
-        SSLFilter sslFilter = new SSLFilter(sslContext);
-        sslFilter.setUseClientMode(false);
+        SslFilter sslFilter = new SslFilter(sslContext);
         sslFilter.setNeedClientAuth(sslConfig.isNeedClientAuth());
-        sslFilter.setCipherSuites(sslConfig.getEnabledCipherSuites() != null ? sslConfig.getEnabledCipherSuites()
+        sslFilter.setEnabledCipherSuites(sslConfig.getEnabledCipherSuites() != null ? sslConfig.getEnabledCipherSuites()
                 : SSLSupport.getDefaultCipherSuites(sslContext));
         sslFilter.setEnabledProtocols(sslConfig.getEnabledProtocols() != null ? sslConfig.getEnabledProtocols()
                 : SSLSupport.getSupportedProtocols(sslContext));

quickfixj-core/src/main/java/quickfix/mina/initiator/InitiatorProxyIoHandler.java

@@ -22,16 +22,12 @@
 import org.apache.mina.core.session.IoSession;
 import org.apache.mina.proxy.AbstractProxyIoHandler;
 
-import quickfix.mina.ssl.SSLFilter;
-
 class InitiatorProxyIoHandler extends AbstractProxyIoHandler {
     private final InitiatorIoHandler initiatorIoHandler;
-    private final SSLFilter sslFilter;
 
-    InitiatorProxyIoHandler(InitiatorIoHandler initiatorIoHandler, SSLFilter sslFilter) {
+    InitiatorProxyIoHandler(InitiatorIoHandler initiatorIoHandler) {
         super();
         this.initiatorIoHandler = initiatorIoHandler;
-        this.sslFilter = sslFilter;
     }
 
     @Override
@@ -60,9 +56,6 @@ public void exceptionCaught(IoSession ioSession, Throwable cause) throws Excepti
     }
 
     @Override
-    public void proxySessionOpened(IoSession ioSession) throws Exception {
-        if (this.sslFilter != null) {
-            this.sslFilter.initiateHandshake(ioSession);
-        }
+    public void proxySessionOpened(IoSession ioSession) {
     }
 }

quickfixj-core/src/main/java/quickfix/mina/initiator/IoSessionInitiator.java

@@ -24,6 +24,7 @@
 import org.apache.mina.core.service.IoConnector;
 import org.apache.mina.core.session.IoSession;
 import org.apache.mina.filter.codec.ProtocolCodecFilter;
+import org.apache.mina.filter.ssl.SslFilter;
 import org.apache.mina.proxy.ProxyConnector;
 import org.apache.mina.transport.socket.SocketConnector;
 import quickfix.ConfigError;
@@ -40,7 +41,6 @@
 import quickfix.mina.message.FIXProtocolCodecFactory;
 import quickfix.mina.ssl.SSLConfig;
 import quickfix.mina.ssl.SSLContextFactory;
-import quickfix.mina.ssl.SSLFilter;
 import quickfix.mina.ssl.SSLSupport;
 
 import javax.net.ssl.SSLContext;
@@ -153,9 +153,9 @@ private void setupIoConnector() throws ConfigError, GeneralSecurityException {
 
             boolean hasProxy = proxyType != null && proxyPort > 0 && socketAddresses[nextSocketAddressIndex] instanceof InetSocketAddress;
 
-            SSLFilter sslFilter = null;
+            SslFilter sslFilter = null;
             if (sslEnabled) {
-                sslFilter = installSslFilter(ioFilterChainBuilder, !hasProxy);
+                sslFilter = installSslFilter(ioFilterChainBuilder);
             }
 
             ioFilterChainBuilder.addLast(FIXProtocolCodecFactory.FILTER_NAME, new ProtocolCodecFilter(new FIXProtocolCodecFactory()));
@@ -175,9 +175,7 @@ private void setupIoConnector() throws ConfigError, GeneralSecurityException {
                 );
 
                 proxyConnector.setHandler(new InitiatorProxyIoHandler(
-                        new InitiatorIoHandler(fixSession, sessionSettings, networkingOptions, eventHandlingStrategy),
-                        sslFilter
-                ));
+                        new InitiatorIoHandler(fixSession, sessionSettings, networkingOptions, eventHandlingStrategy)));
 
                 newConnector = proxyConnector;
             }
@@ -188,16 +186,15 @@ private void setupIoConnector() throws ConfigError, GeneralSecurityException {
             ioConnector = newConnector;
         }
 
-        private SSLFilter installSslFilter(CompositeIoFilterChainBuilder ioFilterChainBuilder, boolean autoStart)
+        private SslFilter installSslFilter(CompositeIoFilterChainBuilder ioFilterChainBuilder)
                 throws GeneralSecurityException {
             final SSLContext sslContext = SSLContextFactory.getInstance(sslConfig);
-            final SSLFilter sslFilter = new SSLFilter(sslContext, autoStart);
-            sslFilter.setUseClientMode(true);
-            sslFilter.setCipherSuites(sslConfig.getEnabledCipherSuites() != null ? sslConfig.getEnabledCipherSuites()
+            final SslFilter sslFilter = new SslFilter(sslContext);
+            sslFilter.setEnabledCipherSuites(sslConfig.getEnabledCipherSuites() != null ? sslConfig.getEnabledCipherSuites()
                     : SSLSupport.getDefaultCipherSuites(sslContext));
             sslFilter.setEnabledProtocols(sslConfig.getEnabledProtocols() != null ? sslConfig.getEnabledProtocols()
                     : SSLSupport.getSupportedProtocols(sslContext));
-            sslFilter.setUseSNI(sslConfig.isUseSNI());
+            sslFilter.setEndpointIdentificationAlgorithm(sslConfig.getEndpointIdentificationAlgorithm());
             ioFilterChainBuilder.addLast(SSLSupport.FILTER_NAME, sslFilter);
             return sslFilter;
         }

quickfixj-core/src/main/java/quickfix/mina/ssl/SSLConfig.java

@@ -20,6 +20,7 @@
 package quickfix.mina.ssl;
 
 import java.util.Arrays;
+import java.util.Objects;
 
 /**
  * Groups together SSL related configuration.
@@ -36,58 +37,7 @@ public class SSLConfig {
 	private String[] enabledProtocols;
 	private String[] enabledCipherSuites;
 	private boolean needClientAuth;
-	private boolean useSNI;
-
-	@Override
-	public boolean equals(Object obj) {
-		if (this == obj)
-			return true;
-		if (obj == null)
-			return false;
-		if (getClass() != obj.getClass())
-			return false;
-		SSLConfig other = (SSLConfig) obj;
-		if (!Arrays.equals(enabledCipherSuites, other.enabledCipherSuites))
-			return false;
-		if (!Arrays.equals(enabledProtocols, other.enabledProtocols))
-			return false;
-		if (keyManagerFactoryAlgorithm == null) {
-			if (other.keyManagerFactoryAlgorithm != null)
-				return false;
-		} else if (!keyManagerFactoryAlgorithm.equals(other.keyManagerFactoryAlgorithm))
-			return false;
-		if (keyStoreName == null) {
-			if (other.keyStoreName != null)
-				return false;
-		} else if (!keyStoreName.equals(other.keyStoreName))
-			return false;
-		if (!Arrays.equals(keyStorePassword, other.keyStorePassword))
-			return false;
-		if (keyStoreType == null) {
-			if (other.keyStoreType != null)
-				return false;
-		} else if (!keyStoreType.equals(other.keyStoreType))
-			return false;
-		if (needClientAuth != other.needClientAuth)
-			return false;
-		if (trustManagerFactoryAlgorithm == null) {
-			if (other.trustManagerFactoryAlgorithm != null)
-				return false;
-		} else if (!trustManagerFactoryAlgorithm.equals(other.trustManagerFactoryAlgorithm))
-			return false;
-		if (trustStoreName == null) {
-			if (other.trustStoreName != null)
-				return false;
-		} else if (!trustStoreName.equals(other.trustStoreName))
-			return false;
-		if (!Arrays.equals(trustStorePassword, other.trustStorePassword))
-			return false;
-		if(useSNI != other.useSNI)
-			return false;
-		if (trustStoreType == null) {
-			return other.trustStoreType == null;
-		} else return trustStoreType.equals(other.trustStoreType);
-	}
+	private String endpointIdentificationAlgorithm;
 
 	public String[] getEnabledCipherSuites() {
 		return enabledCipherSuites;
@@ -129,31 +79,12 @@ public String getTrustStoreType() {
 		return trustStoreType;
 	}
 
-	@Override
-	public int hashCode() {
-		final int prime = 31;
-		int result = 1;
-		result = prime * result + Arrays.hashCode(enabledCipherSuites);
-		result = prime * result + Arrays.hashCode(enabledProtocols);
-		result = prime * result + ((keyManagerFactoryAlgorithm == null) ? 0 : keyManagerFactoryAlgorithm.hashCode());
-		result = prime * result + ((keyStoreName == null) ? 0 : keyStoreName.hashCode());
-		result = prime * result + Arrays.hashCode(keyStorePassword);
-		result = prime * result + ((keyStoreType == null) ? 0 : keyStoreType.hashCode());
-		result = prime * result + (needClientAuth ? 1231 : 1237);
-		result = prime * result
-				+ ((trustManagerFactoryAlgorithm == null) ? 0 : trustManagerFactoryAlgorithm.hashCode());
-		result = prime * result + ((trustStoreName == null) ? 0 : trustStoreName.hashCode());
-		result = prime * result + Arrays.hashCode(trustStorePassword);
-		result = prime * result + ((trustStoreType == null) ? 0 : trustStoreType.hashCode());
-		return result;
-	}
-
 	public boolean isNeedClientAuth() {
 		return needClientAuth;
 	}
 
-	public boolean isUseSNI() {
-		return useSNI;
+	public String getEndpointIdentificationAlgorithm() {
+		return endpointIdentificationAlgorithm;
 	}
 
 	public void setEnabledCipherSuites(String[] enabledCipherSuites) {
@@ -184,8 +115,8 @@ public void setNeedClientAuth(boolean needClientAuth) {
 		this.needClientAuth = needClientAuth;
 	}
 
-	public void setUseSNI(boolean useSNI) {
-		this.useSNI = useSNI;
+	public void setEndpointIdentificationAlgorithm(String endpointIdentificationAlgorithm) {
+		this.endpointIdentificationAlgorithm = endpointIdentificationAlgorithm;
 	}
 
 	public void setTrustManagerFactoryAlgorithm(String trustManagerFactoryAlgorithm) {
@@ -203,4 +134,33 @@ public void setTrustStorePassword(char[] trustStorePassword) {
 	public void setTrustStoreType(String trustStoreType) {
 		this.trustStoreType = trustStoreType;
 	}
+
+	@Override
+	public boolean equals(Object o) {
+		if (this == o) return true;
+		if (o == null || getClass() != o.getClass()) return false;
+		SSLConfig sslConfig = (SSLConfig) o;
+		return needClientAuth == sslConfig.needClientAuth &&
+				Objects.equals(keyStoreName, sslConfig.keyStoreName) &&
+				Arrays.equals(keyStorePassword, sslConfig.keyStorePassword) &&
+				Objects.equals(keyManagerFactoryAlgorithm, sslConfig.keyManagerFactoryAlgorithm) &&
+				Objects.equals(keyStoreType, sslConfig.keyStoreType) &&
+				Objects.equals(trustStoreName, sslConfig.trustStoreName) &&
+				Arrays.equals(trustStorePassword, sslConfig.trustStorePassword) &&
+				Objects.equals(trustManagerFactoryAlgorithm, sslConfig.trustManagerFactoryAlgorithm) &&
+				Objects.equals(trustStoreType, sslConfig.trustStoreType) &&
+				Arrays.equals(enabledProtocols, sslConfig.enabledProtocols) &&
+				Arrays.equals(enabledCipherSuites, sslConfig.enabledCipherSuites) &&
+				Objects.equals(endpointIdentificationAlgorithm, sslConfig.endpointIdentificationAlgorithm);
+	}
+
+	@Override
+	public int hashCode() {
+		int result = Objects.hash(keyStoreName, keyManagerFactoryAlgorithm, keyStoreType, trustStoreName, trustManagerFactoryAlgorithm, trustStoreType, needClientAuth, endpointIdentificationAlgorithm);
+		result = 31 * result + Arrays.hashCode(keyStorePassword);
+		result = 31 * result + Arrays.hashCode(trustStorePassword);
+		result = 31 * result + Arrays.hashCode(enabledProtocols);
+		result = 31 * result + Arrays.hashCode(enabledCipherSuites);
+		return result;
+	}
 }