View Javadoc
1   /*
2    * Copyright 2018 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.handler.ssl;
17  
18  import io.netty.util.internal.ObjectUtil;
19  
20  import javax.net.ssl.KeyManager;
21  import javax.net.ssl.KeyManagerFactory;
22  import javax.net.ssl.KeyManagerFactorySpi;
23  import javax.net.ssl.ManagerFactoryParameters;
24  import javax.net.ssl.X509KeyManager;
25  import java.security.InvalidAlgorithmParameterException;
26  import java.security.KeyStore;
27  import java.security.KeyStoreException;
28  import java.security.NoSuchAlgorithmException;
29  import java.security.PrivateKey;
30  import java.security.UnrecoverableKeyException;
31  import java.security.cert.X509Certificate;
32  
33  /**
34   * Wraps another {@link KeyManagerFactory} and caches its chains / certs for an alias for better performance when using
35   * {@link SslProvider#OPENSSL} or {@link SslProvider#OPENSSL_REFCNT}.
36   *
37   * Because of the caching its important that the wrapped {@link KeyManagerFactory}s {@link X509KeyManager}s always
38   * return the same {@link X509Certificate} chain and {@link PrivateKey} for the same alias.
39   */
40  public final class OpenSslCachingX509KeyManagerFactory extends KeyManagerFactory {
41  
42      private final int maxCachedEntries;
43  
44      public OpenSslCachingX509KeyManagerFactory(final KeyManagerFactory factory) {
45          this(factory, 1024);
46      }
47  
48      public OpenSslCachingX509KeyManagerFactory(final KeyManagerFactory factory, int maxCachedEntries) {
49          super(new KeyManagerFactorySpi() {
50              @Override
51              protected void engineInit(KeyStore keyStore, char[] chars)
52                      throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
53                  factory.init(keyStore, chars);
54              }
55  
56              @Override
57              protected void engineInit(ManagerFactoryParameters managerFactoryParameters)
58                      throws InvalidAlgorithmParameterException {
59                  factory.init(managerFactoryParameters);
60              }
61  
62              @Override
63              protected KeyManager[] engineGetKeyManagers() {
64                  return factory.getKeyManagers();
65              }
66          }, factory.getProvider(), factory.getAlgorithm());
67          this.maxCachedEntries = ObjectUtil.checkPositive(maxCachedEntries, "maxCachedEntries");
68      }
69  
70      OpenSslKeyMaterialProvider newProvider(String password) {
71          X509KeyManager keyManager = ReferenceCountedOpenSslContext.chooseX509KeyManager(getKeyManagers());
72          if ("sun.security.ssl.X509KeyManagerImpl".equals(keyManager.getClass().getName())) {
73              // Don't do caching if X509KeyManagerImpl is used as the returned aliases are not stable and will change
74              // between invocations.
75              return new OpenSslKeyMaterialProvider(keyManager, password);
76          }
77          return new OpenSslCachingKeyMaterialProvider(
78                  ReferenceCountedOpenSslContext.chooseX509KeyManager(getKeyManagers()), password, maxCachedEntries);
79      }
80  }