QPID-5373: move retrieval of the peer Principal into the connection IO thread, retrieving from the NetworkConnection during the AMQP handshak after the SSL handshake must have already been completed.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1557467 13f79535-47bb-0310-9956-ffa450edef68

4 files changed, 28 insertions, 35 deletions

diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/NetworkConnection.java b/java/common/src/main/java/org/apache/qpid/transport/network/NetworkConnection.java
index 050d194c47..1b8bbebdf5 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/NetworkConnection.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/NetworkConnection.java
@@ -47,8 +47,6 @@ public interface NetworkConnection
 
     void setMaxReadIdle(int sec);
 
-    void setPeerPrincipal(Principal principal);
-
     Principal getPeerPrincipal();
 
     int getMaxReadIdle();
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkConnection.java b/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkConnection.java
index f5c09ac2cc..4a4bd3ddc0 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkConnection.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkConnection.java
@@ -24,11 +24,14 @@ import java.net.Socket;
 import java.net.SocketAddress;
 import java.nio.ByteBuffer;
 import java.security.Principal;
+
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSocket;
+
 import org.apache.qpid.transport.Receiver;
 import org.apache.qpid.transport.Sender;
 import org.apache.qpid.transport.network.Ticker;
 import org.apache.qpid.transport.network.NetworkConnection;
-
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -39,15 +42,11 @@ public class IoNetworkConnection implements NetworkConnection
     private final long _timeout;
     private final IoSender _ioSender;
     private final IoReceiver _ioReceiver;
-    private Principal _principal;
     private int _maxReadIdle;
     private int _maxWriteIdle;
-
-    public IoNetworkConnection(Socket socket, Receiver<ByteBuffer> delegate,
-                               int sendBufferSize, int receiveBufferSize, long timeout)
-    {
-        this(socket,delegate,sendBufferSize,receiveBufferSize,timeout,null);
-    }
+    private Principal _principal;
+    private boolean _principalChecked;
+    private final Object _lock = new Object();
 
     public IoNetworkConnection(Socket socket, Receiver<ByteBuffer> delegate,
             int sendBufferSize, int receiveBufferSize, long timeout, Ticker ticker)
@@ -108,15 +107,29 @@ public class IoNetworkConnection implements NetworkConnection
     }
 
     @Override
-    public void setPeerPrincipal(Principal principal)
-    {
-        _principal = principal;
-    }
-
-    @Override
     public Principal getPeerPrincipal()
     {
-        return _principal;
+        synchronized (_lock)
+        {
+            if(!_principalChecked)
+            {
+                if(_socket instanceof SSLSocket)
+                {
+                    try
+                    {
+                        _principal = ((SSLSocket) _socket).getSession().getPeerPrincipal();
+                    }
+                    catch(SSLPeerUnverifiedException e)
+                    {
+                        _principal = null;
+                    }
+                }
+
+                _principalChecked = true;
+            }
+
+            return _principal;
+        }
     }
 
     @Override
diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkTransport.java b/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkTransport.java
index 18a8bf2779..b584769de0 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkTransport.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/io/IoNetworkTransport.java
@@ -245,19 +245,6 @@ public class IoNetworkTransport implements OutgoingNetworkTransport, IncomingNet
 
                         ticker.setConnection(connection);
 
-                        if(_sslContext != null && socket instanceof SSLSocket)
-                        {
-                            try
-                            {
-                                Principal peerPrincipal = ((SSLSocket) socket).getSession().getPeerPrincipal();
-                                connection.setPeerPrincipal(peerPrincipal);
-                            }
-                            catch(SSLPeerUnverifiedException e)
-                            {
-                                // ignore
-                            }
-                        }
-
                         engine.setNetworkConnection(connection, connection.getSender());
 
                         connection.start();
diff --git a/java/common/src/test/java/org/apache/qpid/transport/network/io/IdleTimeoutTickerTest.java b/java/common/src/test/java/org/apache/qpid/transport/network/io/IdleTimeoutTickerTest.java
index 5cdd7a8597..a445cff0a7 100644
--- a/java/common/src/test/java/org/apache/qpid/transport/network/io/IdleTimeoutTickerTest.java
+++ b/java/common/src/test/java/org/apache/qpid/transport/network/io/IdleTimeoutTickerTest.java
@@ -233,11 +233,6 @@ public class IdleTimeoutTickerTest extends TestCase implements TransportActivity
     }
 
     @Override
-    public void setPeerPrincipal(Principal principal)
-    {
-    }
-
-    @Override
     public Principal getPeerPrincipal()
     {
         return null;