Expose new way of setting session keys
Motivation: We should provide a better way to set session keys that not use the deprecated method of netty-tcnative. Modifications: - Add OpenSslSessionTicketKey - Expose new method on OpenSslServerContext and deprecate the old method. Result: Easier to use and can remove the deprecated method later on.
This commit is contained in:
Norman Maurer
parent
e775eae88a
commit
18f52e7e88
@ -16,6 +16,7 @@
|
|||||||
package io.netty.handler.ssl;
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
import org.apache.tomcat.jni.SSLContext;
|
import org.apache.tomcat.jni.SSLContext;
|
||||||
|
import org.apache.tomcat.jni.SessionTicketKey;
|
||||||
|
|
||||||
import javax.net.ssl.SSLSession;
|
import javax.net.ssl.SSLSession;
|
||||||
import javax.net.ssl.SSLSessionContext;
|
import javax.net.ssl.SSLSessionContext;
|
||||||
@ -51,7 +52,9 @@ public abstract class OpenSslSessionContext implements SSLSessionContext {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Sets the SSL session ticket keys of this context.
|
* Sets the SSL session ticket keys of this context.
|
||||||
|
* @deprecated use {@link #setTicketKeys(OpenSslSessionTicketKey...)}.
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public void setTicketKeys(byte[] keys) {
|
public void setTicketKeys(byte[] keys) {
|
||||||
if (keys == null) {
|
if (keys == null) {
|
||||||
throw new NullPointerException("keys");
|
throw new NullPointerException("keys");
|
||||||
@ -59,6 +62,20 @@ public abstract class OpenSslSessionContext implements SSLSessionContext {
|
|||||||
SSLContext.setSessionTicketKeys(context, keys);
|
SSLContext.setSessionTicketKeys(context, keys);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets the SSL session ticket keys of this context.
|
||||||
|
*/
|
||||||
|
public void setTicketKeys(OpenSslSessionTicketKey... keys) {
|
||||||
|
if (keys == null) {
|
||||||
|
throw new NullPointerException("keys");
|
||||||
|
}
|
||||||
|
SessionTicketKey[] ticketKeys = new SessionTicketKey[keys.length];
|
||||||
|
for (int i = 0; i < ticketKeys.length; i++) {
|
||||||
|
ticketKeys[i] = keys[i].key;
|
||||||
|
}
|
||||||
|
SSLContext.setSessionTicketKeys(context, ticketKeys);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Enable or disable caching of SSL sessions.
|
* Enable or disable caching of SSL sessions.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -0,0 +1,78 @@
|
|||||||
|
/*
|
||||||
|
* Copyright 2015 The Netty Project
|
||||||
|
*
|
||||||
|
* The Netty Project licenses this file to you under the Apache License,
|
||||||
|
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at:
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package io.netty.handler.ssl;
|
||||||
|
|
||||||
|
import org.apache.tomcat.jni.SessionTicketKey;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Session Ticket Key
|
||||||
|
*/
|
||||||
|
public final class OpenSslSessionTicketKey {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Size of session ticket key name
|
||||||
|
*/
|
||||||
|
public static final int NAME_SIZE = SessionTicketKey.NAME_SIZE;
|
||||||
|
/**
|
||||||
|
* Size of session ticket key HMAC key
|
||||||
|
*/
|
||||||
|
public static final int HMAC_KEY_SIZE = SessionTicketKey.HMAC_KEY_SIZE;
|
||||||
|
/**
|
||||||
|
* Size of session ticket key AES key
|
||||||
|
*/
|
||||||
|
public static final int AES_KEY_SIZE = SessionTicketKey.AES_KEY_SIZE;
|
||||||
|
/**
|
||||||
|
* Size of session ticker key
|
||||||
|
*/
|
||||||
|
public static final int TICKET_KEY_SIZE = SessionTicketKey.TICKET_KEY_SIZE;
|
||||||
|
|
||||||
|
final SessionTicketKey key;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Construct a OpenSslSessionTicketKey.
|
||||||
|
*
|
||||||
|
* @param name the name of the session ticket key
|
||||||
|
* @param hmacKey the HMAC key of the session ticket key
|
||||||
|
* @param aesKey the AES key of the session ticket key
|
||||||
|
*/
|
||||||
|
public OpenSslSessionTicketKey(byte[] name, byte[] hmacKey, byte[] aesKey) {
|
||||||
|
key = new SessionTicketKey(name.clone(), hmacKey.clone(), aesKey.clone());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get name.
|
||||||
|
* @return the name of the session ticket key
|
||||||
|
*/
|
||||||
|
public byte[] name() {
|
||||||
|
return key.getName().clone();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get HMAC key.
|
||||||
|
* @return the HMAC key of the session ticket key
|
||||||
|
*/
|
||||||
|
public byte[] hmacKey() {
|
||||||
|
return key.getHmacKey().clone();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get AES Key.
|
||||||
|
* @return the AES key of the session ticket key
|
||||||
|
*/
|
||||||
|
public byte[] aesKey() {
|
||||||
|
return key.getAesKey().clone();
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue
Block a user