Move creation of SSLSupport instances to the SocketWrapper

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1656023 13f79535-47bb-0310-9956-ffa450edef68

java/org/apache/coyote/AbstractProtocol.java

@@ -628,7 +628,8 @@ public SocketState process(SocketWrapperBase<S> wrapper,
                     processor = createProcessor();
                 }
 
-                initSsl(wrapper, processor);
+                processor.setSslSupport(
+                        wrapper.getSslSupport(getProtocol().getClientCertProvider()));
 
                 SocketState state = SocketState.CLOSED;
                 Iterator<DispatchType> dispatches = null;
@@ -774,8 +775,6 @@ public SocketState process(SocketWrapperBase<S> wrapper,
         }
 
         protected abstract P createProcessor();
-        protected abstract void initSsl(SocketWrapperBase<S> socket,
-                Processor processor);
         protected abstract void longPoll(SocketWrapperBase<S> socket,
                 Processor processor);
 

java/org/apache/coyote/Processor.java

@@ -76,6 +76,4 @@ public interface Processor {
      * @return leftover bytes
      */
     ByteBuffer getLeftoverInput();
-
-
 }

java/org/apache/coyote/ajp/AbstractAjpProtocol.java

@@ -134,11 +134,6 @@ protected AjpProcessor createProcessor() {
             return processor;
         }
 
-        @Override
-        protected void initSsl(SocketWrapperBase<S> socket, Processor processor) {
-            // NOOP for AJP
-        }
-
         @Override
         protected void longPoll(SocketWrapperBase<S> socket, Processor processor) {
             // Same requirements for all AJP connectors

java/org/apache/coyote/ajp/AjpNio2Protocol.java

@@ -24,7 +24,6 @@
 import org.apache.tomcat.util.net.Nio2Channel;
 import org.apache.tomcat.util.net.Nio2Endpoint;
 import org.apache.tomcat.util.net.Nio2Endpoint.Handler;
-import org.apache.tomcat.util.net.SSLImplementation;
 import org.apache.tomcat.util.net.SocketWrapperBase;
 
 
@@ -72,12 +71,6 @@ protected Log getLog() {
             return log;
         }
 
-        @Override
-        public SSLImplementation getSslImplementation() {
-            // AJP does not support SSL
-            return null;
-        }
-
         /**
          * Expected to be used by the Poller to release resources on socket
          * close, errors etc.

java/org/apache/coyote/ajp/AjpNioProtocol.java

@@ -27,7 +27,6 @@
 import org.apache.tomcat.util.net.NioChannel;
 import org.apache.tomcat.util.net.NioEndpoint;
 import org.apache.tomcat.util.net.NioEndpoint.Handler;
-import org.apache.tomcat.util.net.SSLImplementation;
 import org.apache.tomcat.util.net.SocketWrapperBase;
 
 /**
@@ -74,12 +73,6 @@ protected Log getLog() {
             return log;
         }
 
-        @Override
-        public SSLImplementation getSslImplementation() {
-            // AJP does not support SSL
-            return null;
-        }
-
         /**
          * Expected to be used by the Poller to release resources on socket
          * close, errors etc.

java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java

@@ -17,13 +17,10 @@
 package org.apache.coyote.http11;
 
 import org.apache.tomcat.util.net.AbstractEndpoint;
-import org.apache.tomcat.util.net.SSLImplementation;
 
 public abstract class AbstractHttp11JsseProtocol<S>
         extends AbstractHttp11Protocol<S> {
 
-    protected SSLImplementation sslImplementation = null;
-
     public AbstractHttp11JsseProtocol(AbstractEndpoint<S> endpoint) {
         super(endpoint);
     }
@@ -109,19 +106,6 @@ public String getAllowUnsafeLegacyRenegotiation() {
         return getEndpoint().getAllowUnsafeLegacyRenegotiation();
     }
 
-    private String sslImplementationName = null;
-    public String getSslImplementationName() { return sslImplementationName; }
-    public void setSslImplementationName(String s) {
-        this.sslImplementationName = s;
-    }
-
-    // ------------------------------------------------------- Lifecycle methods
-
-    @Override
-    public void init() throws Exception {
-        // SSL implementation needs to be in place before end point is
-        // initialized
-        sslImplementation = SSLImplementation.getInstance(sslImplementationName);
-        super.init();
-    }
+    public String getSslImplementationName() { return getEndpoint().getSslImplementationName(); }
+    public void setSslImplementationName(String s) { getEndpoint().setSslImplementationName(s); }
 }

java/org/apache/coyote/http11/Http11AprProtocol.java

@@ -21,7 +21,6 @@
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.net.AprEndpoint;
 import org.apache.tomcat.util.net.AprEndpoint.Poller;
-import org.apache.tomcat.util.net.AprSSLSupport;
 import org.apache.tomcat.util.net.SocketStatus;
 import org.apache.tomcat.util.net.SocketWrapperBase;
 
@@ -250,17 +249,6 @@ public SocketState process(SocketWrapperBase<Long> socket,
             return super.process(socket, status);
         }
 
-        @Override
-        protected void initSsl(SocketWrapperBase<Long> socket, Processor processor) {
-            if (getProtocol().isSSLEnabled()) {
-                AprSSLSupport sslSupport =
-                        new AprSSLSupport(socket, processor.getClientCertProvider());
-                processor.setSslSupport(sslSupport);
-            } else {
-                processor.setSslSupport(null);
-            }
-        }
-
         @Override
         protected void longPoll(SocketWrapperBase<Long> socket, Processor processor) {
 

java/org/apache/coyote/http11/Http11Nio2Protocol.java

@@ -27,8 +27,6 @@
 import org.apache.tomcat.util.net.Nio2Endpoint;
 import org.apache.tomcat.util.net.Nio2Endpoint.Handler;
 import org.apache.tomcat.util.net.Nio2Endpoint.Nio2SocketWrapper;
-import org.apache.tomcat.util.net.SSLImplementation;
-import org.apache.tomcat.util.net.SecureNio2Channel;
 import org.apache.tomcat.util.net.SocketStatus;
 import org.apache.tomcat.util.net.SocketWrapperBase;
 
@@ -108,12 +106,6 @@ protected Log getLog() {
             return log;
         }
 
-
-        @Override
-        public SSLImplementation getSslImplementation() {
-            return ((Http11Nio2Protocol) getProtocol()).sslImplementation;
-        }
-
         /**
          * Expected to be used by the Poller to release resources on socket
          * close, errors etc.
@@ -154,19 +146,6 @@ public void release(SocketWrapperBase<Nio2Channel> socket,
         }
 
 
-        @Override
-        protected void initSsl(SocketWrapperBase<Nio2Channel> socket, Processor processor) {
-            if (getProtocol().isSSLEnabled() && getSslImplementation() != null
-                    && (socket.getSocket() instanceof SecureNio2Channel)) {
-                SecureNio2Channel ch = (SecureNio2Channel)socket.getSocket();
-                processor.setSslSupport(getSslImplementation().getSSLSupport(
-                            ch.getSslEngine().getSession()));
-            } else {
-                processor.setSslSupport(null);
-            }
-
-        }
-
         @Override
         protected void longPoll(SocketWrapperBase<Nio2Channel> socket, Processor processor) {
             if (processor.isAsync()) {

java/org/apache/coyote/http11/Http11NioProtocol.java

@@ -27,8 +27,6 @@
 import org.apache.tomcat.util.net.NioChannel;
 import org.apache.tomcat.util.net.NioEndpoint;
 import org.apache.tomcat.util.net.NioEndpoint.Handler;
-import org.apache.tomcat.util.net.SSLImplementation;
-import org.apache.tomcat.util.net.SecureNioChannel;
 import org.apache.tomcat.util.net.SocketStatus;
 import org.apache.tomcat.util.net.SocketWrapperBase;
 
@@ -135,11 +133,6 @@ protected Log getLog() {
         }
 
 
-        @Override
-        public SSLImplementation getSslImplementation() {
-            return ((Http11NioProtocol) getProtocol()).sslImplementation;
-        }
-
         /**
          * Expected to be used by the Poller to release resources on socket
          * close, errors etc.
@@ -201,22 +194,6 @@ public void release(SocketWrapperBase<NioChannel> socket,
             }
         }
 
-
-        @Override
-        protected void initSsl(SocketWrapperBase<NioChannel> socket, Processor processor) {
-            if (getProtocol().isSSLEnabled() &&
-                    (getSslImplementation() != null)
-                    && (socket.getSocket() instanceof SecureNioChannel)) {
-                SecureNioChannel ch = (SecureNioChannel)socket.getSocket();
-                processor.setSslSupport(
-                        getSslImplementation().getSSLSupport(
-                                ch.getSslEngine().getSession()));
-            } else {
-                processor.setSslSupport(null);
-            }
-
-        }
-
         @Override
         protected void longPoll(SocketWrapperBase<NioChannel> socket, Processor processor) {
 

java/org/apache/coyote/spdy/SpdyProxyProtocol.java

@@ -32,7 +32,6 @@
 import org.apache.tomcat.spdy.SpdyStream;
 import org.apache.tomcat.util.net.NioChannel;
 import org.apache.tomcat.util.net.NioEndpoint;
-import org.apache.tomcat.util.net.SSLImplementation;
 import org.apache.tomcat.util.net.SocketStatus;
 import org.apache.tomcat.util.net.SocketWrapperBase;
 
@@ -129,11 +128,6 @@ public SocketState process(SocketWrapperBase<NioChannel> socket,
             return SocketState.CLOSED;
         }
 
-        @Override
-        public SSLImplementation getSslImplementation() {
-            return null;
-        }
-
         @Override
         public void release(SocketWrapperBase<NioChannel> socket) {
             // TODO Auto-generated method stub

java/org/apache/tomcat/util/net/AbstractEndpoint.java

@@ -915,6 +915,12 @@ protected int handleExceptionWithDelay(int currentErrorDelay) {
 
     // --------------------  SSL related properties --------------------
 
+    private String sslImplementationName = null;
+    public String getSslImplementationName() { return sslImplementationName; }
+    public void setSslImplementationName(String s) {
+        this.sslImplementationName = s;
+    }
+
     private String algorithm = KeyManagerFactory.getDefaultAlgorithm();
     public String getAlgorithm() { return algorithm;}
     public void setAlgorithm(String s ) { this.algorithm = s;}

java/org/apache/tomcat/util/net/AprEndpoint.java

@@ -2751,6 +2751,16 @@ protected void populateLocalPort() {
         }
 
 
+        @Override
+        public SSLSupport getSslSupport(String clientCertProvider) {
+            if (getEndpoint().isSSLEnabled()) {
+                return new  AprSSLSupport(this, clientCertProvider);
+            } else {
+                return null;
+            }
+        }
+
+
         @Override
         public void doClientAuth(SSLSupport sslSupport) {
             long socket = getSocket().longValue();

java/org/apache/tomcat/util/net/Nio2Endpoint.java

@@ -45,6 +45,7 @@
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSessionContext;
 import javax.net.ssl.X509KeyManager;
 
@@ -168,6 +169,7 @@ public void setOomParachuteData(byte[] oomParachuteData) {
     }
 
 
+    private SSLImplementation sslImplementation = null;
     private SSLContext sslContext = null;
     public SSLContext getSSLContext() { return sslContext;}
     public void setSSLContext(SSLContext c) { sslContext = c;}
@@ -197,6 +199,11 @@ public int getLocalPort() {
     }
 
 
+    public SSLImplementation getSslImplementation() {
+        return sslImplementation;
+    }
+
+
     @Override
     public String[] getCiphersUsed() {
         return enabledCiphers;
@@ -282,7 +289,8 @@ public void bind() throws Exception {
 
         // Initialize SSL if needed
         if (isSSLEnabled()) {
-            SSLUtil sslUtil = handler.getSslImplementation().getSSLUtil(this);
+            sslImplementation = SSLImplementation.getInstance(getSslImplementationName());
+            SSLUtil sslUtil = sslImplementation.getSSLUtil(this);
 
             sslContext = sslUtil.createSSLContext();
             sslContext.init(wrap(sslUtil.getKeyManagers()),
@@ -335,6 +343,8 @@ public void startInternal() throws Exception {
                         socketProperties.getBufferPool());
             }
 
+            sslImplementation = SSLImplementation.getInstance(getSslImplementationName());
+
             // Create worker collection
             if ( getExecutor() == null ) {
                 createExecutor();
@@ -1419,6 +1429,22 @@ protected void populateLocalPort() {
         }
 
 
+        /**
+         * {@inheritDoc}
+         * @param clientCertProvider Ignored for this implementation
+         */
+        @Override
+        public SSLSupport getSslSupport(String clientCertProvider) {
+            if (getSocket() instanceof SecureNio2Channel) {
+                SecureNio2Channel ch = (SecureNio2Channel) getSocket();
+                SSLSession session = ch.getSslEngine().getSession();
+                return ((Nio2Endpoint) getEndpoint()).getSslImplementation().getSSLSupport(session);
+            } else {
+                return null;
+            }
+        }
+
+
         @Override
         public void doClientAuth(SSLSupport sslSupport) {
             SecureNio2Channel sslChannel = (SecureNio2Channel) getSocket();
@@ -1447,7 +1473,6 @@ public void doClientAuth(SSLSupport sslSupport) {
     public interface Handler extends AbstractEndpoint.Handler<Nio2Channel> {
         public void release(SocketWrapperBase<Nio2Channel> socket);
         public void closeAll();
-        public SSLImplementation getSslImplementation();
         public void onCreateSSLEngine(SSLEngine engine);
     }