1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package io.netty.handler.ssl;
18
19 import java.security.KeyStore;
20 import java.security.Provider;
21 import javax.net.ssl.KeyManager;
22
23 import javax.net.ssl.KeyManagerFactory;
24 import javax.net.ssl.SSLContext;
25 import javax.net.ssl.SSLException;
26 import javax.net.ssl.SSLSessionContext;
27 import javax.net.ssl.TrustManager;
28 import javax.net.ssl.TrustManagerFactory;
29 import java.io.File;
30 import java.security.PrivateKey;
31 import java.security.cert.X509Certificate;
32
33
34
35
36
37
38
39 @Deprecated
40 public final class JdkSslServerContext extends JdkSslContext {
41
42
43
44
45
46
47
48
49 @Deprecated
50 public JdkSslServerContext(File certChainFile, File keyFile) throws SSLException {
51 this(null, certChainFile, keyFile, null, null, IdentityCipherSuiteFilter.INSTANCE,
52 JdkDefaultApplicationProtocolNegotiator.INSTANCE, 0, 0, null);
53 }
54
55
56
57
58
59
60
61
62
63
64 @Deprecated
65 public JdkSslServerContext(File certChainFile, File keyFile, String keyPassword) throws SSLException {
66 this(certChainFile, keyFile, keyPassword, null, IdentityCipherSuiteFilter.INSTANCE,
67 JdkDefaultApplicationProtocolNegotiator.INSTANCE, 0, 0);
68 }
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87 @Deprecated
88 public JdkSslServerContext(
89 File certChainFile, File keyFile, String keyPassword,
90 Iterable<String> ciphers, Iterable<String> nextProtocols,
91 long sessionCacheSize, long sessionTimeout) throws SSLException {
92 this(null, certChainFile, keyFile, keyPassword, ciphers, IdentityCipherSuiteFilter.INSTANCE,
93 toNegotiator(toApplicationProtocolConfig(nextProtocols), true), sessionCacheSize,
94 sessionTimeout, KeyStore.getDefaultType());
95 }
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114 @Deprecated
115 public JdkSslServerContext(
116 File certChainFile, File keyFile, String keyPassword,
117 Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
118 long sessionCacheSize, long sessionTimeout) throws SSLException {
119 this(null, certChainFile, keyFile, keyPassword, ciphers, cipherFilter,
120 toNegotiator(apn, true), sessionCacheSize, sessionTimeout, KeyStore.getDefaultType());
121 }
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140 @Deprecated
141 public JdkSslServerContext(
142 File certChainFile, File keyFile, String keyPassword,
143 Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn,
144 long sessionCacheSize, long sessionTimeout) throws SSLException {
145 this(null, certChainFile, keyFile, keyPassword, ciphers, cipherFilter, apn,
146 sessionCacheSize, sessionTimeout, KeyStore.getDefaultType());
147 }
148
149 JdkSslServerContext(Provider provider,
150 File certChainFile, File keyFile, String keyPassword,
151 Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn,
152 long sessionCacheSize, long sessionTimeout, String keyStore) throws SSLException {
153 super(newSSLContext(provider, null, null,
154 toX509CertificatesInternal(certChainFile), toPrivateKeyInternal(keyFile, keyPassword),
155 keyPassword, null, sessionCacheSize, sessionTimeout, keyStore), false,
156 ciphers, cipherFilter, apn, ClientAuth.NONE, null, false);
157 }
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187 @Deprecated
188 public JdkSslServerContext(File trustCertCollectionFile, TrustManagerFactory trustManagerFactory,
189 File keyCertChainFile, File keyFile, String keyPassword,
190 KeyManagerFactory keyManagerFactory,
191 Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
192 long sessionCacheSize, long sessionTimeout) throws SSLException {
193 super(newSSLContext(null, toX509CertificatesInternal(trustCertCollectionFile), trustManagerFactory,
194 toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword),
195 keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout, null), false,
196 ciphers, cipherFilter, apn, ClientAuth.NONE, null, false);
197 }
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227 @Deprecated
228 public JdkSslServerContext(File trustCertCollectionFile, TrustManagerFactory trustManagerFactory,
229 File keyCertChainFile, File keyFile, String keyPassword,
230 KeyManagerFactory keyManagerFactory,
231 Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
232 JdkApplicationProtocolNegotiator apn,
233 long sessionCacheSize, long sessionTimeout) throws SSLException {
234 super(newSSLContext(null, toX509CertificatesInternal(trustCertCollectionFile), trustManagerFactory,
235 toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword),
236 keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout, KeyStore.getDefaultType()), false,
237 ciphers, cipherFilter, apn, ClientAuth.NONE, null, false);
238 }
239
240 JdkSslServerContext(Provider provider,
241 X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
242 X509Certificate[] keyCertChain, PrivateKey key, String keyPassword,
243 KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
244 ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout,
245 ClientAuth clientAuth, String[] protocols, boolean startTls,
246 String keyStore) throws SSLException {
247 super(newSSLContext(provider, trustCertCollection, trustManagerFactory, keyCertChain, key,
248 keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout, keyStore), false,
249 ciphers, cipherFilter, toNegotiator(apn, true), clientAuth, protocols, startTls);
250 }
251
252 private static SSLContext newSSLContext(Provider sslContextProvider, X509Certificate[] trustCertCollection,
253 TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain,
254 PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
255 long sessionCacheSize, long sessionTimeout, String keyStore)
256 throws SSLException {
257 if (key == null && keyManagerFactory == null) {
258 throw new NullPointerException("key, keyManagerFactory");
259 }
260
261 try {
262 if (trustCertCollection != null) {
263 trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory, keyStore);
264 }
265 if (key != null) {
266 keyManagerFactory = buildKeyManagerFactory(keyCertChain, null,
267 key, keyPassword, keyManagerFactory, null);
268 }
269
270
271 SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL)
272 : SSLContext.getInstance(PROTOCOL, sslContextProvider);
273 ctx.init(keyManagerFactory.getKeyManagers(),
274 trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
275 null);
276
277 SSLSessionContext sessCtx = ctx.getServerSessionContext();
278 if (sessionCacheSize > 0) {
279 sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
280 }
281 if (sessionTimeout > 0) {
282 sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
283 }
284 return ctx;
285 } catch (Exception e) {
286 if (e instanceof SSLException) {
287 throw (SSLException) e;
288 }
289 throw new SSLException("failed to initialize the server-side SSL context", e);
290 }
291 }
292
293 }