All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.asynchttpclient.shaded.netty.ssl.DefaultSslEngineFactory Maven / Gradle / Ivy

/*
 * Copyright (c) 2015 AsyncHttpClient Project. All rights reserved.
 *
 * This program is licensed to you under the Apache License Version 2.0,
 * and you may not use this file except in compliance with the Apache License Version 2.0.
 * You may obtain a copy of the Apache License Version 2.0 at
 *     http://www.apache.org/licenses/LICENSE-2.0.
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the Apache License Version 2.0 is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
 */
package org.asynchttpclient.shaded.netty.ssl;

import org.asynchttpclient.shaded.io.netty.buffer.ByteBufAllocator;
import org.asynchttpclient.shaded.io.netty.handler.ssl.IdentityCipherSuiteFilter;
import org.asynchttpclient.shaded.io.netty.handler.ssl.SslContext;
import org.asynchttpclient.shaded.io.netty.handler.ssl.SslContextBuilder;
import org.asynchttpclient.shaded.io.netty.handler.ssl.SslProvider;
import org.asynchttpclient.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import org.asynchttpclient.shaded.io.netty.util.ReferenceCountUtil;
import org.asynchttpclient.shaded.AsyncHttpClientConfig;

import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import java.util.Arrays;

import static org.asynchttpclient.shaded.util.MiscUtils.isNonEmpty;

public class DefaultSslEngineFactory extends SslEngineFactoryBase {

  private volatile SslContext sslContext;

  private SslContext buildSslContext(AsyncHttpClientConfig config) throws SSLException {
    if (config.getSslContext() != null) {
      return config.getSslContext();
    }

    SslContextBuilder sslContextBuilder = SslContextBuilder.forClient()
            .sslProvider(config.isUseOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK)
            .sessionCacheSize(config.getSslSessionCacheSize())
            .sessionTimeout(config.getSslSessionTimeout());

    if (isNonEmpty(config.getEnabledProtocols())) {
      sslContextBuilder.protocols(config.getEnabledProtocols());
    }

    if (isNonEmpty(config.getEnabledCipherSuites())) {
      sslContextBuilder.ciphers(Arrays.asList(config.getEnabledCipherSuites()));
    } else if (!config.isFilterInsecureCipherSuites()) {
      sslContextBuilder.ciphers(null, IdentityCipherSuiteFilter.INSTANCE_DEFAULTING_TO_SUPPORTED_CIPHERS);
    }

    if (config.isUseInsecureTrustManager()) {
      sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
    }

    return configureSslContextBuilder(sslContextBuilder).build();
  }

  @Override
  public SSLEngine newSslEngine(AsyncHttpClientConfig config, String peerHost, int peerPort) {
    SSLEngine sslEngine =
      config.isDisableHttpsEndpointIdentificationAlgorithm() ?
        sslContext.newEngine(ByteBufAllocator.DEFAULT) :
        sslContext.newEngine(ByteBufAllocator.DEFAULT, domain(peerHost), peerPort);
    configureSslEngine(sslEngine, config);
    return sslEngine;
  }

  @Override
  public void init(AsyncHttpClientConfig config) throws SSLException {
    sslContext = buildSslContext(config);
  }

  @Override
  public void destroy() {
    ReferenceCountUtil.release(sslContext);
  }

  /**
   * The last step of configuring the SslContextBuilder used to create an SslContext when no context is provided in the {@link AsyncHttpClientConfig}. This defaults to no-op and
   * is intended to be overridden as needed.
   *
   * @param builder builder with normal configuration applied
   * @return builder to be used to build context (can be the same object as the input)
   */
  protected SslContextBuilder configureSslContextBuilder(SslContextBuilder builder) {
    // default to no op
    return builder;
  }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy