QPID-5549: windows ssl over AMQP 1.0

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1569916 13f79535-47bb-0310-9956-ffa450edef68
author: Clifford Allan Jansen <cliffjansen@apache.org> 2014-02-19 20:52:23 +0000
committer: Clifford Allan Jansen <cliffjansen@apache.org> 2014-02-19 20:52:23 +0000
commit: 29a70653f314b99c103c8149cacc4fed2a13898c (patch)
tree: 75fb9ac8054a88ffa83ebf74a512297bb06577d5
parent: c1bba6bc0ca449b879534bb0beb234c07f697b64 (diff)
download: qpid-python-29a70653f314b99c103c8149cacc4fed2a13898c.tar.gz
3 files changed, 143 insertions, 4 deletions
diff --git a/qpid/cpp/src/amqp.cmake b/qpid/cpp/src/amqp.cmake
index 05336cb2bb..39f45954f3 100644
--- a/qpid/cpp/src/amqp.cmake
+++ b/qpid/cpp/src/amqp.cmake
@@ -171,6 +171,9 @@ if (BUILD_AMQP)
         )
 
     if (WIN32)
+        list (APPEND amqp_SOURCES qpid/messaging/amqp/windows/SslTransport.cpp)
+        list (APPEND amqpc_SOURCES qpid/messaging/amqp/windows/SslTransport.cpp)
+
         set(proton_dll  "${PROTON_LIBRARY_DIRS}/${PROTON_LIBRARIES}.dll")
         set(proton_dlld "${PROTON_LIBRARY_DIRS}/${PROTON_LIBRARIES}d.dll")
 
diff --git a/qpid/cpp/src/qpid/messaging/amqp/TcpTransport.h b/qpid/cpp/src/qpid/messaging/amqp/TcpTransport.h
index cf5d4a0855..21cc988624 100644
--- a/qpid/cpp/src/qpid/messaging/amqp/TcpTransport.h
+++ b/qpid/cpp/src/qpid/messaging/amqp/TcpTransport.h
@@ -52,23 +52,26 @@ class TcpTransport : public Transport
     void close();
     const qpid::sys::SecuritySettings* getSecuritySettings();
 
-  private:
+  protected:
     boost::scoped_ptr<qpid::sys::Socket> socket;
     TransportContext& context;
     qpid::sys::AsynchConnector* connector;
     qpid::sys::AsynchIO* aio;
     boost::shared_ptr<qpid::sys::Poller> poller;
     std::string id;
-    bool closed;
-    qpid::sys::Mutex lock;
 
-    void connected(const qpid::sys::Socket&);
+    virtual ~TcpTransport() {}
+    virtual void connected(const qpid::sys::Socket&);
     void failed(const std::string& msg);
     void read(qpid::sys::AsynchIO&, qpid::sys::AsynchIOBufferBase*);
     void write(qpid::sys::AsynchIO&);
     void eof(qpid::sys::AsynchIO&);
     void disconnected(qpid::sys::AsynchIO&);
     void socketClosed(qpid::sys::AsynchIO&, const qpid::sys::Socket&);
+
+  private:
+    bool closed;
+    qpid::sys::Mutex lock;
 };
 }}} // namespace qpid::messaging::amqp
 
diff --git a/qpid/cpp/src/qpid/messaging/amqp/windows/SslTransport.cpp b/qpid/cpp/src/qpid/messaging/amqp/windows/SslTransport.cpp
new file mode 100644
index 0000000000..ad47fd98d9
--- /dev/null
+++ b/qpid/cpp/src/qpid/messaging/amqp/windows/SslTransport.cpp
@@ -0,0 +1,133 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+#include "qpid/messaging/amqp/TcpTransport.h"
+#include "qpid/messaging/amqp/TransportContext.h"
+#include "qpid/messaging/ConnectionOptions.h"
+#include "qpid/sys/SecuritySettings.h"
+#include "qpid/sys/ConnectionCodec.h"
+#include "qpid/sys/Poller.h"
+#include "qpid/log/Statement.h"
+#include <boost/bind.hpp>
+#include <boost/format.hpp>
+
+#include "qpid/sys/windows/check.h"
+#include "qpid/sys/windows/util.h"
+#include "qpid/sys/windows/SslAsynchIO.h"
+#include "qpid/sys/windows/SslCredential.h"
+
+using namespace qpid::sys;
+
+namespace qpid {
+namespace messaging {
+namespace amqp {
+
+class SslTransport : public TcpTransport
+{
+  public:
+    SslTransport(TransportContext&, boost::shared_ptr<qpid::sys::Poller> p);
+
+    void connect(const std::string& host, const std::string& port);
+    void negotiationDone(SECURITY_STATUS status);
+    const qpid::sys::SecuritySettings* getSecuritySettings();
+
+  private:
+    std::string brokerHost;
+    qpid::sys::windows::SslCredential sslCredential;
+    bool certLoaded;
+    qpid::sys::SecuritySettings securitySettings;
+
+    void connected(const qpid::sys::Socket&);
+};
+
+// Static constructor which registers connector here
+namespace {
+Transport* create(TransportContext& c, Poller::shared_ptr p)
+{
+    return new SslTransport(c, p);
+}
+
+struct StaticInit
+{
+    StaticInit()
+    {
+        Transport::add("ssl", &create);
+    };
+} init;
+}
+
+
+void SslTransport::negotiationDone(SECURITY_STATUS status)
+{
+    if (status == SEC_E_OK) {
+        connector = 0;
+        context.opened();
+        id = boost::str(boost::format("[%1%]") % socket->getFullAddress());
+    } else {
+        if (status == SEC_E_INCOMPLETE_CREDENTIALS && !certLoaded) {
+            // Server requested a client cert but we supplied none for the following reason:
+            failed(QPID_MSG(sslCredential.error()));
+        }
+        else
+            failed(QPID_MSG(qpid::sys::strError(status)));
+    }
+}
+
+SslTransport::SslTransport(TransportContext& c, boost::shared_ptr<Poller> p) : TcpTransport(c, p)
+{
+    const ConnectionOptions* options = context.getOptions();
+    const std::string& name = (options->sslCertName != "") ?
+        options->sslCertName : qpid::sys::ssl::SslOptions::global.certName;
+    certLoaded = sslCredential.load(name);
+    QPID_LOG(debug, "SslTransport created");
+}
+
+void SslTransport::connect(const std::string& host, const std::string& port)
+{
+    brokerHost = host;
+    TcpTransport::connect(host, port);
+}
+
+void SslTransport::connected(const Socket& s)
+{
+    aio = new qpid::sys::windows::ClientSslAsynchIO(brokerHost,
+                                                     s,
+                                                     sslCredential.handle(),
+                                                     boost::bind(&SslTransport::read, this, _1, _2),
+                                                     boost::bind(&SslTransport::eof, this, _1),
+                                                     boost::bind(&SslTransport::disconnected, this, _1),
+                                                     boost::bind(&SslTransport::socketClosed, this, _1, _2),
+                                                     0, // nobuffs
+                                                     boost::bind(&SslTransport::write, this, _1),
+                                                     boost::bind(&SslTransport::negotiationDone, this, _1));
+
+    aio->createBuffers(std::numeric_limits<uint16_t>::max());//note: AMQP 1.0 _can_ handle large frame sizes
+    aio->start(poller);
+}
+
+const qpid::sys::SecuritySettings* SslTransport::getSecuritySettings()
+{
+    securitySettings.ssf = socket->getKeyLen();
+    securitySettings.authid = "dummy";//set to non-empty string to enable external authentication
+    return &securitySettings;
+}
+
+}}} // namespace qpid::messaging::amqp
author	Clifford Allan Jansen <cliffjansen@apache.org>	2014-02-19 20:52:23 +0000
committer	Clifford Allan Jansen <cliffjansen@apache.org>	2014-02-19 20:52:23 +0000
commit	29a70653f314b99c103c8149cacc4fed2a13898c (patch)
tree	75fb9ac8054a88ffa83ebf74a512297bb06577d5
parent	c1bba6bc0ca449b879534bb0beb234c07f697b64 (diff)
download	qpid-python-29a70653f314b99c103c8149cacc4fed2a13898c.tar.gz