View Javadoc
1   /*
2    * Copyright 2014 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.handler.ssl;
17  
18  import io.netty.util.internal.ObjectUtil;
19  import io.netty.internal.tcnative.SSL;
20  import io.netty.internal.tcnative.SSLContext;
21  import io.netty.internal.tcnative.SessionTicketKey;
22  
23  import javax.net.ssl.SSLSession;
24  import javax.net.ssl.SSLSessionContext;
25  import java.util.Arrays;
26  import java.util.Enumeration;
27  import java.util.NoSuchElementException;
28  import java.util.concurrent.locks.Lock;
29  
30  /**
31   * OpenSSL specific {@link SSLSessionContext} implementation.
32   */
33  public abstract class OpenSslSessionContext implements SSLSessionContext {
34      private static final Enumeration<byte[]> EMPTY = new EmptyEnumeration();
35  
36      private final OpenSslSessionStats stats;
37  
38      // The OpenSslKeyMaterialProvider is not really used by the OpenSslSessionContext but only be stored here
39      // to make it easier to destroy it later because the ReferenceCountedOpenSslContext will hold a reference
40      // to OpenSslSessionContext.
41      private final OpenSslKeyMaterialProvider provider;
42  
43      final ReferenceCountedOpenSslContext context;
44  
45      // IMPORTANT: We take the OpenSslContext and not just the long (which points the native instance) to prevent
46      //            the GC to collect OpenSslContext as this would also free the pointer and so could result in a
47      //            segfault when the user calls any of the methods here that try to pass the pointer down to the native
48      //            level.
49      OpenSslSessionContext(ReferenceCountedOpenSslContext context, OpenSslKeyMaterialProvider provider) {
50          this.context = context;
51          this.provider = provider;
52          stats = new OpenSslSessionStats(context);
53      }
54  
55      @Override
56      public SSLSession getSession(byte[] bytes) {
57          if (bytes == null) {
58              throw new NullPointerException("bytes");
59          }
60          return null;
61      }
62  
63      @Override
64      public Enumeration<byte[]> getIds() {
65          return EMPTY;
66      }
67  
68      /**
69       * Sets the SSL session ticket keys of this context.
70       * @deprecated use {@link #setTicketKeys(OpenSslSessionTicketKey...)}.
71       */
72      @Deprecated
73      public void setTicketKeys(byte[] keys) {
74          if (keys.length % SessionTicketKey.TICKET_KEY_SIZE != 0) {
75              throw new IllegalArgumentException("keys.length % " + SessionTicketKey.TICKET_KEY_SIZE  + " != 0");
76          }
77          SessionTicketKey[] tickets = new SessionTicketKey[keys.length / SessionTicketKey.TICKET_KEY_SIZE];
78          for (int i = 0, a = 0; i < tickets.length; i++) {
79              byte[] name = Arrays.copyOfRange(keys, a, SessionTicketKey.NAME_SIZE);
80              a += SessionTicketKey.NAME_SIZE;
81              byte[] hmacKey = Arrays.copyOfRange(keys, a, SessionTicketKey.HMAC_KEY_SIZE);
82              i += SessionTicketKey.HMAC_KEY_SIZE;
83              byte[] aesKey = Arrays.copyOfRange(keys, a, SessionTicketKey.AES_KEY_SIZE);
84              a += SessionTicketKey.AES_KEY_SIZE;
85              tickets[i] = new SessionTicketKey(name, hmacKey, aesKey);
86          }
87          Lock writerLock = context.ctxLock.writeLock();
88          writerLock.lock();
89          try {
90              SSLContext.clearOptions(context.ctx, SSL.SSL_OP_NO_TICKET);
91              SSLContext.setSessionTicketKeys(context.ctx, tickets);
92          } finally {
93              writerLock.unlock();
94          }
95      }
96  
97      /**
98       * Sets the SSL session ticket keys of this context.
99       */
100     public void setTicketKeys(OpenSslSessionTicketKey... keys) {
101         ObjectUtil.checkNotNull(keys, "keys");
102         SessionTicketKey[] ticketKeys = new SessionTicketKey[keys.length];
103         for (int i = 0; i < ticketKeys.length; i++) {
104             ticketKeys[i] = keys[i].key;
105         }
106         Lock writerLock = context.ctxLock.writeLock();
107         writerLock.lock();
108         try {
109             SSLContext.clearOptions(context.ctx, SSL.SSL_OP_NO_TICKET);
110             SSLContext.setSessionTicketKeys(context.ctx, ticketKeys);
111         } finally {
112             writerLock.unlock();
113         }
114     }
115 
116     /**
117      * Enable or disable caching of SSL sessions.
118      */
119     public abstract void setSessionCacheEnabled(boolean enabled);
120 
121     /**
122      * Return {@code true} if caching of SSL sessions is enabled, {@code false} otherwise.
123      */
124     public abstract boolean isSessionCacheEnabled();
125 
126     /**
127      * Returns the stats of this context.
128      */
129     public OpenSslSessionStats stats() {
130         return stats;
131     }
132 
133     final void destroy() {
134         if (provider != null) {
135             provider.destroy();
136         }
137     }
138 
139     private static final class EmptyEnumeration implements Enumeration<byte[]> {
140         @Override
141         public boolean hasMoreElements() {
142             return false;
143         }
144 
145         @Override
146         public byte[] nextElement() {
147             throw new NoSuchElementException();
148         }
149     }
150 }