SSL: Added SSL/TLS implementation for both HTTP and Binary Protocols

crbaptiste · crbaptiste · commit fa8065e6239f · 2014-04-08T09:50:33.000-04:00
diff --git a/client/src/main/java/com/orientechnologies/orient/client/remote/OStorageRemote.java b/client/src/main/java/com/orientechnologies/orient/client/remote/OStorageRemote.java
@@ -97,6 +97,7 @@ public class OStorageRemote extends OStorageAbstract implements OStorageProxy, O
   public static final String                     PARAM_DB_TYPE        = "dbtype";
   private static final String                    DEFAULT_HOST         = "localhost";
   private static final int                       DEFAULT_PORT         = 2424;
+  private static final int                       DEFAULT_SSL_PORT     = 2434;  
   private static final String                    ADDRESS_SEPARATOR    = ";";
   private static final String                    DRIVER_NAME          = "OrientDB Java";
   protected final List<String>                   serverURLs           = new ArrayList<String>();
@@ -1798,8 +1799,10 @@ protected String addHost(String host) {
       host = "127.0.0.1" + host.substring("localhost".length());
 
     // REGISTER THE REMOTE SERVER+PORT
-    if (!host.contains(":"))
-      host += ":" + getDefaultPort();
+    if (!host.contains(":"))   
+      host += ":" + (clientConfiguration.getValueAsBoolean(
+    		  OGlobalConfiguration.CLIENT_USE_SSL) ? getDefaultSSLPort() : getDefaultPort());
+    
 
     if (!serverURLs.contains(host))
       serverURLs.add(host);
@@ -1814,7 +1817,11 @@ protected String getDefaultHost() {
   protected int getDefaultPort() {
     return DEFAULT_PORT;
   }
-
+  
+  protected int getDefaultSSLPort() {
+	return DEFAULT_SSL_PORT;
+  }  
+  
   protected OChannelBinaryAsynchClient createNetworkConnection() throws IOException {
     final String currentServerURL = getServerURL();
 
diff --git a/core/src/main/java/com/orientechnologies/orient/core/config/OGlobalConfiguration.java b/core/src/main/java/com/orientechnologies/orient/core/config/OGlobalConfiguration.java
@@ -499,6 +499,9 @@ public void change(final Object iCurrentValue, final Object iNewValue) {
 
   CLIENT_DB_RELEASE_WAIT_TIMEOUT("client.channel.dbReleaseWaitTimeout",
       "Delay in ms. after which data modification command will be resent if DB was frozen", Integer.class, 10000),
+      
+  CLIENT_USE_SSL("client.ssl.enabled", "Use SSL for client connections", Boolean.class, false),
+      
 
   // SERVER
   SERVER_CHANNEL_CLEAN_DELAY("server.channel.cleanDelay", "Time in ms of delay to check pending closed connections", Integer.class,
diff --git a/enterprise/src/main/java/com/orientechnologies/orient/enterprise/channel/OSocketFactory.java b/enterprise/src/main/java/com/orientechnologies/orient/enterprise/channel/OSocketFactory.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2014 Charles Baptiste (cbaptiste--at--blacksparkcorp.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.orientechnologies.orient.enterprise.channel;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.SocketException;
+import java.net.UnknownHostException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
+
+import com.orientechnologies.common.log.OLogManager;
+import com.orientechnologies.orient.core.config.OContextConfiguration;
+import com.orientechnologies.orient.core.config.OGlobalConfiguration;
+
+public class OSocketFactory {
+
+	SocketFactory socketFactory;
+	boolean useSSL = false;
+	SSLContext context = null;
+	OContextConfiguration config;
+
+	private OSocketFactory(OContextConfiguration iConfig) {
+		config = iConfig;		
+		setUseSSL(iConfig.getValueAsBoolean(OGlobalConfiguration.CLIENT_USE_SSL));
+	}
+
+	public static OSocketFactory instance(final OContextConfiguration iConfig) {
+		return new OSocketFactory(iConfig);
+	}
+
+	public static OSocketFactory instance(final OContextConfiguration iConfig,
+			SSLContext context) {
+
+		OSocketFactory sFactory = instance(iConfig);
+		sFactory.setSSLContent(context);
+		return sFactory;
+	}
+
+	private SocketFactory getBackingFactory() {
+		if (socketFactory == null) {
+			if (getUseSSL()) {
+				socketFactory = getSSLContext().getSocketFactory();
+			} else {
+				socketFactory = SocketFactory.getDefault();
+			}
+		}
+		return socketFactory;
+	}
+
+	public void setSSLContent(SSLContext context) {
+		this.context = context;
+		synchronized(socketFactory) {
+			socketFactory = null;
+		}
+	}
+
+	private SSLContext getSSLContext() {
+		if (context == null) {
+			try {
+				context = SSLContext.getDefault();
+			} catch (NoSuchAlgorithmException e) {
+				OLogManager.instance().error(this,
+						"Error creating ssl context", e);
+			}
+		}
+		return context;
+	}
+
+	public void setUseSSL(boolean useSSL) {
+		this.useSSL = useSSL;
+	}
+
+	public boolean getUseSSL() {
+		return useSSL;
+	}
+	
+	private Socket configureSocket(Socket socket) throws SocketException {
+				
+		// Add possible timeouts?
+		return socket;
+	}
+
+	public Socket createSocket() throws IOException {
+		return configureSocket(getBackingFactory().createSocket());
+	}
+
+	public Socket createSocket(String host, int port) throws IOException,
+			UnknownHostException {
+		return configureSocket(getBackingFactory().createSocket(host, port));
+	}
+
+	public Socket createSocket(InetAddress host, int port) throws IOException {
+		return configureSocket(getBackingFactory().createSocket(host, port));
+	}
+
+	public Socket createSocket(String host, int port, InetAddress localHost,
+			int localPort) throws IOException, UnknownHostException {
+		return configureSocket(getBackingFactory().createSocket(host, port, localHost,
+				localPort));
+	}
+
+	public Socket createSocket(InetAddress address, int port,
+			InetAddress localAddress, int localPort) throws IOException {
+		return configureSocket(getBackingFactory().createSocket(address, port, localAddress,
+				localPort));
+	}
+
+}
diff --git a/enterprise/src/main/java/com/orientechnologies/orient/enterprise/channel/binary/OChannelBinaryAsynchClient.java b/enterprise/src/main/java/com/orientechnologies/orient/enterprise/channel/binary/OChannelBinaryAsynchClient.java
@@ -25,6 +25,7 @@
 import com.orientechnologies.orient.core.config.OGlobalConfiguration;
 import com.orientechnologies.orient.core.exception.OStorageException;
 import com.orientechnologies.orient.core.serialization.OMemoryInputStream;
+import com.orientechnologies.orient.enterprise.channel.OSocketFactory;
 
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
@@ -35,7 +36,6 @@
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
 import java.net.InetSocketAddress;
-import java.net.Socket;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
@@ -60,8 +60,8 @@ public OChannelBinaryAsynchClient(final String remoteHost, final int remotePort,
 
   public OChannelBinaryAsynchClient(final String remoteHost, final int remotePort, final OContextConfiguration iConfig,
       final int protocolVersion, final ORemoteServerEventListener asynchEventListener) throws IOException {
-    super(new Socket(), iConfig);
-
+	super(OSocketFactory.instance(iConfig).createSocket(), iConfig);
+        
     maxUnreadResponses = OGlobalConfiguration.NETWORK_BINARY_READ_RESPONSE_MAX_TIMES.getValueAsInteger();
     serverURL = remoteHost + ":" + remotePort;
     socketTimeout = iConfig.getValueAsInteger(OGlobalConfiguration.NETWORK_SOCKET_TIMEOUT);
diff --git a/graphdb/config/orientdb-server-config.xml b/graphdb/config/orientdb-server-config.xml
@@ -45,6 +45,26 @@
 
     </handlers>
     <network>
+        <!-- <sockets>
+                <socket implementation="com.orientechnologies.orient.server.network.OServerSSLSocketFactory" name="ssl">
+                  <parameters>
+                    <parameter value="true" name="network.ssl.clientAuth"/>
+                    <parameter value="bin/orientdb.ks" name="network.ssl.keyStore"/>
+                    <parameter value="password" name="network.ssl.keyStorePassword"/>
+                    <parameter value="bin/orientdb.ts" name="network.ssl.trustStore"/>
+                    <parameter value="password" name="network.ssl.trustStorePassword"/>
+                  </parameters>
+                </socket>
+                <socket implementation="com.orientechnologies.orient.server.network.OServerSSLSocketFactory" name="https">
+                  <parameters>
+                    <parameter value="false" name="network.ssl.clientAuth"/>
+                    <parameter value="bin/orientdb.ks" name="network.ssl.keyStore"/>
+                    <parameter value="password" name="network.ssl.keyStorePassword"/>
+                    <parameter value="bin/orientdb.ts" name="network.ssl.trustStore"/>
+                    <parameter value="password" name="network.ssl.trustStorePassword"/>
+                  </parameters>
+                </socket>
+        </sockets> -->     
         <protocols>
             <!-- Default registered protocol. It reads commands using the HTTP protocol
                 and write data locally -->
@@ -55,6 +75,8 @@
         </protocols>
         <listeners>
             <listener protocol="binary" ip-address="0.0.0.0" port-range="2424-2430"/>
+            <!-- <listener protocol="binary" ip-address="0.0.0.0" port-range="2434-2440" socket="ssl"/> -->
+            <!-- <listener protocol="http" ip-address="0.0.0.0" port-range="2480-2490" socket="https"> -->
             <listener protocol="http" ip-address="0.0.0.0" port-range="2480-2490">
                 <parameters>
                     <!-- Connection's custom parameters. If not specified the global configuration
diff --git a/graphdb/script/console.sh b/graphdb/script/console.sh
@@ -36,5 +36,10 @@ export JAVA
 
 ORIENTDB_SETTINGS="-Dcache.level1.enabled=false -Dcache.level2.enabled=false -Djava.util.logging.config.file="$ORIENTDB_HOME/config/orientdb-client-log.properties" -Djava.awt.headless=true"
 #JAVA_OPTS=-Xmx1024m
+#KEYSTORE=$ORIENTDB_HOME/bin/orientdb-console.ks
+#KEYSTORE_PASS=password
+#TRUSTSTORE=$ORIENTDB_HOME/bin/orientdb-console.ts
+#TRUSTSTORE_PASS=password
+#SSL_OPTS="-Dclient.ssl.enabled=true -Djavax.net.ssl.keyStore=$KEYSTORE -Djavax.net.ssl.keyStorePassword=$KEYSTORE_PASS -Djavax.net.ssl.trustStore=$TRUSTSTORE -Djavax.net.ssl.trustStorePassword=$TRUSTSTORE_PASS"
 
-$JAVA -client $JAVA_OPTS $ORIENTDB_SETTINGS -Dfile.encoding=utf-8 -Dorientdb.build.number="@BUILD@" -cp "$ORIENTDB_HOME/lib/orientdb-tools-@VERSION@.jar:$ORIENTDB_HOME/lib/*" com.orientechnologies.orient.graph.console.OGremlinConsole $*
+$JAVA -client $JAVA_OPTS $ORIENTDB_SETTINGS $SSL_OPTS -Dfile.encoding=utf-8 -Dorientdb.build.number="@BUILD@" -cp "$ORIENTDB_HOME/lib/orientdb-tools-@VERSION@.jar:$ORIENTDB_HOME/lib/*" com.orientechnologies.orient.graph.console.OGremlinConsole $*
diff --git a/server/src/main/java/com/orientechnologies/orient/server/OServer.java b/server/src/main/java/com/orientechnologies/orient/server/OServer.java
@@ -44,11 +44,13 @@
 import com.orientechnologies.orient.server.config.OServerNetworkListenerConfiguration;
 import com.orientechnologies.orient.server.config.OServerNetworkProtocolConfiguration;
 import com.orientechnologies.orient.server.config.OServerParameterConfiguration;
+import com.orientechnologies.orient.server.config.OServerSocketFactoryConfiguration;
 import com.orientechnologies.orient.server.config.OServerStorageConfiguration;
 import com.orientechnologies.orient.server.config.OServerUserConfiguration;
 import com.orientechnologies.orient.server.distributed.ODistributedServerManager;
 import com.orientechnologies.orient.server.handler.OConfigurableHooksManager;
 import com.orientechnologies.orient.server.network.OServerNetworkListener;
+import com.orientechnologies.orient.server.network.OServerSocketFactory;
 import com.orientechnologies.orient.server.network.protocol.ONetworkProtocol;
 import com.orientechnologies.orient.server.plugin.OServerPlugin;
 import com.orientechnologies.orient.server.plugin.OServerPluginInfo;
@@ -85,6 +87,7 @@ public class OServer {
   protected OContextConfiguration                          contextConfiguration;
   protected OServerShutdownHook                            shutdownHook;
   protected Map<String, Class<? extends ONetworkProtocol>> networkProtocols   = new HashMap<String, Class<? extends ONetworkProtocol>>();
+  protected Map<String, OServerSocketFactory> networkSocketFactories   = new HashMap<String, OServerSocketFactory>();  
   protected List<OServerNetworkListener>                   networkListeners   = new ArrayList<OServerNetworkListener>();
   protected List<OServerLifecycleListener>                 lifecycleListeners = new ArrayList<OServerLifecycleListener>();
   protected OServerPluginManager                           pluginManager;
@@ -215,14 +218,29 @@ public OServer startup(final OServerConfiguration iConfiguration) throws Illegal
   public OServer activate() throws ClassNotFoundException, InstantiationException, IllegalAccessException {
     for (OServerLifecycleListener l : lifecycleListeners)
       l.onBeforeActivate();
+    
+    // REGISTER/CREATE SOCKET FACTORIES  
+    if (configuration.network.sockets != null) {
+	    for (OServerSocketFactoryConfiguration f : configuration.network.sockets) {
+	        Class<? extends OServerSocketFactory> fClass = (Class<? extends OServerSocketFactory>) Class.forName(f.implementation);
+	        OServerSocketFactory factory = fClass.newInstance();
+	        try {
+	                factory.config(f.name, f.parameters);
+	                networkSocketFactories.put(f.name, factory);
+	        }
+	        catch (OConfigurationException e) {
+	                OLogManager.instance().error(this, "Error creating socket factory", e);
+	        }
+	    }    
+    }
 
     // REGISTER PROTOCOLS
     for (OServerNetworkProtocolConfiguration p : configuration.network.protocols)
       networkProtocols.put(p.name, (Class<? extends ONetworkProtocol>) Class.forName(p.implementation));
 
     // STARTUP LISTENERS
     for (OServerNetworkListenerConfiguration l : configuration.network.listeners)
-      networkListeners.add(new OServerNetworkListener(this, l.ipAddress, l.portRange, l.protocol, networkProtocols.get(l.protocol),
+      networkListeners.add(new OServerNetworkListener(this, networkSocketFactories.get(l.socket), l.ipAddress, l.portRange, l.protocol, networkProtocols.get(l.protocol),
           l.parameters, l.commands));
 
     registerPlugins();
diff --git a/server/src/main/java/com/orientechnologies/orient/server/config/OServerNetworkConfiguration.java b/server/src/main/java/com/orientechnologies/orient/server/config/OServerNetworkConfiguration.java
@@ -27,6 +27,11 @@
 
 @XmlRootElement(name = "network")
 public class OServerNetworkConfiguration {
+  @XmlElementWrapper
+  @XmlAnyElement
+  @XmlElementRef(type = OServerSocketFactoryConfiguration.class)
+  public List<OServerSocketFactoryConfiguration> sockets;	
+	
   @XmlElementWrapper
   @XmlAnyElement
   @XmlElementRef(type = OServerNetworkProtocolConfiguration.class)
diff --git a/server/src/main/java/com/orientechnologies/orient/server/config/OServerNetworkListenerConfiguration.java b/server/src/main/java/com/orientechnologies/orient/server/config/OServerNetworkListenerConfiguration.java
@@ -18,7 +18,7 @@
 import javax.xml.bind.annotation.*;
 
 @XmlRootElement(name = "listener")
-@XmlType(propOrder = { "commands", "parameters", "protocol", "portRange", "ipAddress" })
+@XmlType(propOrder = { "commands", "parameters", "protocol", "socket", "portRange", "ipAddress" })
 public class OServerNetworkListenerConfiguration {
 
   @XmlAttribute(name = "ip-address", required = true)
@@ -29,6 +29,9 @@ public class OServerNetworkListenerConfiguration {
 
   @XmlAttribute
   public String                          protocol  = "binary";
+  
+  @XmlAttribute
+  public String                          socket  = "default";  
 
   @XmlElementWrapper
   @XmlElementRef(type = OServerParameterConfiguration.class)
diff --git a/server/src/main/java/com/orientechnologies/orient/server/config/OServerSocketFactoryConfiguration.java b/server/src/main/java/com/orientechnologies/orient/server/config/OServerSocketFactoryConfiguration.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2014 Charles Baptiste (cbaptiste--at--blacksparkcorp.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.orientechnologies.orient.server.config;
+
+import javax.xml.bind.annotation.XmlAttribute;
+import javax.xml.bind.annotation.XmlElementRef;
+import javax.xml.bind.annotation.XmlElementWrapper;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+
+@XmlRootElement(name = "socket")
+@XmlType(propOrder = { "parameters", "implementation", "name" })
+public class OServerSocketFactoryConfiguration {
+
+	public OServerSocketFactoryConfiguration() {
+	}
+
+	public OServerSocketFactoryConfiguration(String name, String implementation) {
+		this.name = name;
+		this.implementation = implementation;
+	}
+
+	@XmlAttribute(required = true)
+	public String name;
+
+	@XmlAttribute(required = true)
+	public String implementation;
+
+	@XmlElementWrapper
+	@XmlElementRef(type = OServerParameterConfiguration.class)
+	public OServerParameterConfiguration[] parameters;
+}
diff --git a/server/src/main/java/com/orientechnologies/orient/server/network/OServerNetworkListener.java b/server/src/main/java/com/orientechnologies/orient/server/network/OServerNetworkListener.java
diff --git a/server/src/main/java/com/orientechnologies/orient/server/network/OServerSSLSocketFactory.java b/server/src/main/java/com/orientechnologies/orient/server/network/OServerSSLSocketFactory.java
diff --git a/server/src/main/java/com/orientechnologies/orient/server/network/OServerSocketFactory.java b/server/src/main/java/com/orientechnologies/orient/server/network/OServerSocketFactory.java
