View Javadoc
1   /*
2    * Copyright 2014 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty5.handler.ssl;
17  
18  import io.netty.internal.tcnative.SSL;
19  
20  import javax.net.ssl.KeyManagerFactory;
21  import javax.net.ssl.SSLException;
22  import javax.net.ssl.TrustManagerFactory;
23  import java.security.PrivateKey;
24  import java.security.cert.X509Certificate;
25  import java.util.Map;
26  
27  import static io.netty5.handler.ssl.ReferenceCountedOpenSslClientContext.newSessionContext;
28  
29  /**
30   * A client-side {@link SslContext} which uses OpenSSL's SSL/TLS implementation.
31   * <p>This class will use a finalizer to ensure native resources are automatically cleaned up. To avoid finalizers
32   * and manually release the native memory see {@link ReferenceCountedOpenSslClientContext}.
33   */
34  final class OpenSslClientContext extends OpenSslContext {
35      private final OpenSslSessionContext sessionContext;
36  
37      OpenSslClientContext(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
38                           X509Certificate[] keyCertChain, PrivateKey key, String keyPassword,
39                                  KeyManagerFactory keyManagerFactory, Iterable<String> ciphers,
40                                  CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, String[] protocols,
41                                  long sessionCacheSize, long sessionTimeout, boolean enableOcsp, String keyStore,
42                           Map.Entry<SslContextOption<?>, Object>... options)
43              throws SSLException {
44          super(ciphers, cipherFilter, apn, SSL.SSL_MODE_CLIENT, keyCertChain,
45                  ClientAuth.NONE, protocols, false, enableOcsp, options);
46          boolean success = false;
47          try {
48              OpenSslKeyMaterialProvider.validateKeyMaterialSupported(keyCertChain, key, keyPassword);
49              sessionContext = newSessionContext(this, ctx, engineMap, trustCertCollection, trustManagerFactory,
50                                                 keyCertChain, key, keyPassword, keyManagerFactory, keyStore,
51                                                 sessionCacheSize, sessionTimeout);
52              success = true;
53          } finally {
54              if (!success) {
55                  release();
56              }
57          }
58      }
59  
60      @Override
61      public OpenSslSessionContext sessionContext() {
62          return sessionContext;
63      }
64  }