Use OpenSslClientContext as default if openssl is avaible

Motivation:

As we now support OpenSslEngine for client side, we should use it when avaible.

Modifications:

Use SslProvider.OPENSSL when openssl can be found

Result:

OpenSslEngine is used whenever possible
This commit is contained in:
Norman Maurer 2014-10-30 08:56:07 +01:00 committed by Norman Maurer
parent 0f152cfbc4
commit a2004f25b0
2 changed files with 37 additions and 14 deletions

View File

@ -94,6 +94,29 @@ public final class OpenSslServerContext extends OpenSslContext {
toNegotiator(apn, false), sessionCacheSize, sessionTimeout); toNegotiator(apn, false), sessionCacheSize, sessionTimeout);
} }
/**
* Creates a new instance.
*
* @param certChainFile an X.509 certificate chain file in PEM format
* @param keyFile a PKCS#8 private key file in PEM format
* @param keyPassword the password of the {@code keyFile}.
* {@code null} if it's not password-protected.
* @param ciphers the cipher suites to enable, in the order of preference.
* {@code null} to use the default cipher suites.
* @param config Application protocol config.
* @param sessionCacheSize the size of the cache used for storing SSL session objects.
* {@code 0} to use the default value.
* @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
* {@code 0} to use the default value.
*/
public OpenSslServerContext(
File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory,
Iterable<String> ciphers, ApplicationProtocolConfig config,
long sessionCacheSize, long sessionTimeout) throws SSLException {
this(certChainFile, keyFile, keyPassword, trustManagerFactory, ciphers,
toNegotiator(config, true), sessionCacheSize, sessionTimeout);
}
/** /**
* Creates a new instance. * Creates a new instance.
* *

View File

@ -82,21 +82,25 @@ public abstract class SslContext {
* @return {@link SslProvider#OPENSSL} if OpenSSL is available. {@link SslProvider#JDK} otherwise. * @return {@link SslProvider#OPENSSL} if OpenSSL is available. {@link SslProvider#JDK} otherwise.
*/ */
public static SslProvider defaultServerProvider() { public static SslProvider defaultServerProvider() {
if (OpenSsl.isAvailable()) { return defaultProvider();
return SslProvider.OPENSSL;
} else {
return SslProvider.JDK;
}
} }
/** /**
* Returns the default client-side implementation provider currently in use. * Returns the default client-side implementation provider currently in use.
* *
* @return {@link SslProvider#JDK}, because it is the only implementation at the moment * @return {@link SslProvider#OPENSSL} if OpenSSL is available. {@link SslProvider#JDK} otherwise.
*/ */
public static SslProvider defaultClientProvider() { public static SslProvider defaultClientProvider() {
return defaultProvider();
}
private static SslProvider defaultProvider() {
if (OpenSsl.isAvailable()) {
return SslProvider.OPENSSL;
} else {
return SslProvider.JDK; return SslProvider.JDK;
} }
}
/** /**
* Creates a new server-side {@link SslContext}. * Creates a new server-side {@link SslContext}.
@ -246,7 +250,7 @@ public abstract class SslContext {
long sessionCacheSize, long sessionTimeout) throws SSLException { long sessionCacheSize, long sessionTimeout) throws SSLException {
if (provider == null) { if (provider == null) {
provider = OpenSsl.isAvailable()? SslProvider.OPENSSL : SslProvider.JDK; provider = defaultServerProvider();
} }
switch (provider) { switch (provider) {
@ -256,7 +260,7 @@ public abstract class SslContext {
keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout); keyManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout);
case OPENSSL: case OPENSSL:
return new OpenSslServerContext( return new OpenSslServerContext(
keyCertChainFile, keyFile, keyPassword, keyCertChainFile, keyFile, keyPassword, trustManagerFactory,
ciphers, apn, sessionCacheSize, sessionTimeout); ciphers, apn, sessionCacheSize, sessionTimeout);
default: default:
throw new Error(provider.toString()); throw new Error(provider.toString());
@ -470,12 +474,8 @@ public abstract class SslContext {
File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
long sessionCacheSize, long sessionTimeout) throws SSLException { long sessionCacheSize, long sessionTimeout) throws SSLException {
if (provider != null && provider != SslProvider.JDK) {
throw new SSLException("client context unsupported for: " + provider);
}
if (provider == null) { if (provider == null) {
provider = SslProvider.JDK; provider = defaultClientProvider();
} }
switch (provider) { switch (provider) {
case JDK: case JDK: