View Javadoc
1   /*
2    * Copyright 2014 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.handler.ssl;
17  
18  import io.netty.buffer.ByteBufAllocator;
19  import io.netty.handler.ssl.util.BouncyCastleUtil;
20  
21  import javax.net.ssl.SSLEngine;
22  
23  /**
24   * The {@link JdkApplicationProtocolNegotiator} to use if you need ALPN and are using {@link SslProvider#JDK}.
25   *
26   * @deprecated use {@link ApplicationProtocolConfig}.
27   */
28  @Deprecated
29  public final class JdkAlpnApplicationProtocolNegotiator extends JdkBaseApplicationProtocolNegotiator {
30      private static final boolean AVAILABLE = Conscrypt.isAvailable() ||
31                                               JdkAlpnSslUtils.supportsAlpn() ||
32              (BouncyCastleUtil.isBcTlsAvailable() && BouncyCastleAlpnSslUtils.isAlpnSupported());
33  
34      private static final SslEngineWrapperFactory ALPN_WRAPPER = AVAILABLE ? new AlpnWrapper() : new FailureWrapper();
35  
36      /**
37       * Create a new instance.
38       * @param protocols The order of iteration determines the preference of support for protocols.
39       */
40      public JdkAlpnApplicationProtocolNegotiator(Iterable<String> protocols) {
41          this(false, protocols);
42      }
43  
44      /**
45       * Create a new instance.
46       * @param protocols The order of iteration determines the preference of support for protocols.
47       */
48      public JdkAlpnApplicationProtocolNegotiator(String... protocols) {
49          this(false, protocols);
50      }
51  
52      /**
53       * Create a new instance.
54       * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
55       * @param protocols The order of iteration determines the preference of support for protocols.
56       */
57      public JdkAlpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, Iterable<String> protocols) {
58          this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
59      }
60  
61      /**
62       * Create a new instance.
63       * @param failIfNoCommonProtocols Fail with a fatal alert if not common protocols are detected.
64       * @param protocols The order of iteration determines the preference of support for protocols.
65       */
66      public JdkAlpnApplicationProtocolNegotiator(boolean failIfNoCommonProtocols, String... protocols) {
67          this(failIfNoCommonProtocols, failIfNoCommonProtocols, protocols);
68      }
69  
70      /**
71       * Create a new instance.
72       * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
73       * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
74       * @param protocols The order of iteration determines the preference of support for protocols.
75       */
76      public JdkAlpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
77              boolean serverFailIfNoCommonProtocols, Iterable<String> protocols) {
78          this(serverFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
79                  clientFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
80                  protocols);
81      }
82  
83      /**
84       * Create a new instance.
85       * @param clientFailIfNoCommonProtocols Client side fail with a fatal alert if not common protocols are detected.
86       * @param serverFailIfNoCommonProtocols Server side fail with a fatal alert if not common protocols are detected.
87       * @param protocols The order of iteration determines the preference of support for protocols.
88       */
89      public JdkAlpnApplicationProtocolNegotiator(boolean clientFailIfNoCommonProtocols,
90              boolean serverFailIfNoCommonProtocols, String... protocols) {
91          this(serverFailIfNoCommonProtocols ? FAIL_SELECTOR_FACTORY : NO_FAIL_SELECTOR_FACTORY,
92                  clientFailIfNoCommonProtocols ? FAIL_SELECTION_LISTENER_FACTORY : NO_FAIL_SELECTION_LISTENER_FACTORY,
93                  protocols);
94      }
95  
96      /**
97       * Create a new instance.
98       * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
99       * @param listenerFactory The factory which provides to be notified of which protocol was selected.
100      * @param protocols The order of iteration determines the preference of support for protocols.
101      */
102     public JdkAlpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
103             ProtocolSelectionListenerFactory listenerFactory, Iterable<String> protocols) {
104         super(ALPN_WRAPPER, selectorFactory, listenerFactory, protocols);
105     }
106 
107     /**
108      * Create a new instance.
109      * @param selectorFactory The factory which provides classes responsible for selecting the protocol.
110      * @param listenerFactory The factory which provides to be notified of which protocol was selected.
111      * @param protocols The order of iteration determines the preference of support for protocols.
112      */
113     public JdkAlpnApplicationProtocolNegotiator(ProtocolSelectorFactory selectorFactory,
114             ProtocolSelectionListenerFactory listenerFactory, String... protocols) {
115         super(ALPN_WRAPPER, selectorFactory, listenerFactory, protocols);
116     }
117 
118     private static final class FailureWrapper extends AllocatorAwareSslEngineWrapperFactory {
119         @Override
120         public SSLEngine wrapSslEngine(SSLEngine engine, ByteBufAllocator alloc,
121                                        JdkApplicationProtocolNegotiator applicationNegotiator, boolean isServer) {
122             throw new RuntimeException("ALPN unsupported. Does your JDK version support it?"
123                     + " For Conscrypt, add the appropriate Conscrypt JAR to classpath and set the security provider.");
124         }
125     }
126 
127     private static final class AlpnWrapper extends AllocatorAwareSslEngineWrapperFactory {
128         @Override
129         public SSLEngine wrapSslEngine(SSLEngine engine, ByteBufAllocator alloc,
130                                        JdkApplicationProtocolNegotiator applicationNegotiator, boolean isServer) {
131             if (Conscrypt.isEngineSupported(engine)) {
132                 return isServer ? ConscryptAlpnSslEngine.newServerEngine(engine, alloc, applicationNegotiator)
133                         : ConscryptAlpnSslEngine.newClientEngine(engine, alloc, applicationNegotiator);
134             }
135             if (BouncyCastleUtil.isBcJsseInUse(engine) && BouncyCastleAlpnSslUtils.isAlpnSupported()) {
136                 return new BouncyCastleAlpnSslEngine(engine, applicationNegotiator, isServer);
137             }
138             // ALPN support was recently backported to Java8 as
139             // https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8230977.
140             // Because of this lets not do a Java version runtime check but just depend on if the required methods are
141             // present
142             if (JdkAlpnSslUtils.supportsAlpn()) {
143                 return new JdkAlpnSslEngine(engine, applicationNegotiator, isServer);
144             }
145             throw new UnsupportedOperationException("ALPN not supported. Unable to wrap SSLEngine of type '"
146                     + engine.getClass().getName() + "')");
147         }
148     }
149 
150     static boolean isAlpnSupported() {
151         return AVAILABLE;
152     }
153 }