View Javadoc
1   /*
2    * Copyright 2014 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  
17  package io.netty5.handler.ssl;
18  
19  import javax.net.ssl.KeyManagerFactory;
20  import javax.net.ssl.SSLContext;
21  import javax.net.ssl.SSLException;
22  import javax.net.ssl.SSLSessionContext;
23  import javax.net.ssl.TrustManagerFactory;
24  import java.io.File;
25  import java.security.KeyStore;
26  import java.security.PrivateKey;
27  import java.security.Provider;
28  import java.security.cert.X509Certificate;
29  
30  /**
31   * A client-side {@link SslContext} which uses JDK's SSL/TLS implementation.
32   */
33  final class JdkSslClientContext extends JdkSslContext {
34  
35      // FIXME test only
36      JdkSslClientContext(Provider provider,
37                          File trustCertCollectionFile,
38                          TrustManagerFactory trustManagerFactory,
39                          Iterable<String> ciphers,
40                          CipherSuiteFilter cipherFilter,
41                          JdkApplicationProtocolNegotiator apn,
42                          long sessionCacheSize,
43                          long sessionTimeout)
44        throws Exception {
45          super(newSSLContext(provider, toX509CertificatesInternal(trustCertCollectionFile),
46            trustManagerFactory, null, null,
47            null, null, sessionCacheSize, sessionTimeout, KeyStore.getDefaultType()), true,
48            ciphers, cipherFilter, apn, ClientAuth.NONE, null, false);
49      }
50  
51      JdkSslClientContext(Provider sslContextProvider,
52                          X509Certificate[] trustCertCollection,
53                          TrustManagerFactory trustManagerFactory,
54                          X509Certificate[] keyCertChain,
55                          PrivateKey key,
56                          String keyPassword,
57                          KeyManagerFactory keyManagerFactory,
58                          Iterable<String> ciphers,
59                          CipherSuiteFilter cipherFilter,
60                          ApplicationProtocolConfig apn,
61                          String[] protocols,
62                          long sessionCacheSize,
63                          long sessionTimeout,
64                          String keyStore)
65        throws Exception {
66          super(newSSLContext(sslContextProvider, trustCertCollection, trustManagerFactory,
67            keyCertChain, key, keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout, keyStore),
68            true, ciphers, cipherFilter, toNegotiator(apn, false), ClientAuth.NONE, protocols, false);
69      }
70  
71      private static SSLContext newSSLContext(Provider sslContextProvider,
72                                              X509Certificate[] trustCertCollection,
73                                              TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain,
74                                              PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
75                                              long sessionCacheSize, long sessionTimeout,
76                                              String keyStore) throws SSLException {
77          try {
78              if (trustCertCollection != null) {
79                  trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory, keyStore);
80              }
81              if (keyCertChain != null) {
82                  keyManagerFactory = buildKeyManagerFactory(keyCertChain, null,
83                          key, keyPassword, keyManagerFactory, keyStore);
84              }
85              SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL)
86                  : SSLContext.getInstance(PROTOCOL, sslContextProvider);
87              ctx.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(),
88                       trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
89                       null);
90  
91              SSLSessionContext sessCtx = ctx.getClientSessionContext();
92              if (sessionCacheSize > 0) {
93                  sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
94              }
95              if (sessionTimeout > 0) {
96                  sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
97              }
98              return ctx;
99          } catch (Exception e) {
100             if (e instanceof SSLException) {
101                 throw (SSLException) e;
102             }
103             throw new SSLException("failed to initialize the client-side SSL context", e);
104         }
105     }
106 }