All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.twitter.finagle.ssl.Ssl.scala Maven / Gradle / Ivy

The newest version!
package com.twitter.finagle.ssl

import java.util.logging.Logger
import javax.net.ssl._


import collection.mutable.{Map => MutableMap}

/*
 * SSL helper object, capable of creating cached SSLEngine instances
 * backed by both the native APR/OpenSSL bindings, or pure Java JSSE.
 */
object Ssl {
  private[this] val log = Logger.getLogger(getClass.getName)
  private[this] val cacheContexts = true

  /**
   * Get a server engine, using the native OpenSSL provider if available.
   *
   * @param certificatePath The path to the PEM encoded certificate file.
   * @param keyPath The path to the corresponding PEM encoded key file
   * @param caCertPath The path to the optional PEM encoded CA cert
   *   file. [JSSE: If caCertPath is set, it should contain the
   *   certificate and will be used in place of certificatePath.]
   * @param cipherSpec [OpenSSL] The cipher spec
   * @throws RuntimeException if no provider could be initialized
   * @return an SSLEngine
   */
  def server(
    certificatePath: String,
    keyPath: String,
    caCertPath: String,
    ciphers: String,
    nextProtos: String
  ): Engine = {
    val nativeInstance = OpenSSL.server(
      certificatePath,
      keyPath,
      caCertPath,
      ciphers,
      nextProtos,
      cacheContexts
    )

    nativeInstance.getOrElse {
      require(ciphers == null, "'Ciphers' parameter unsupported with JSSE SSL provider")
      require(nextProtos == null, "'Next Protocols' parameter unsupported with JSSE SSL provider")

      val jsseInstance = JSSE.server(
        certificatePath,
        keyPath,
        if (caCertPath == null) None else Some(caCertPath),
        cacheContexts
      )

      require(jsseInstance.isDefined, "Could not create an SSLEngine")

      jsseInstance.get
    }
  }

  /**
   * Get a client engine
   */
  def client(): Engine = JSSE.client()

  /**
   * Get a client engine, from the given context
   */
  def client(sslContext : SSLContext): Engine = JSSE.client(sslContext)

  /**
   * Get a client engine that doesn't check the validity of certificates
   *
   * N.B.: This is probably a bad idea for anything but testing!
   */
  def clientWithoutCertificateValidation(): Engine =
    JSSE.clientWithoutCertificateValidation()
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy