From b77e338cb7860e4efd26b46ca3375480f692f651 Mon Sep 17 00:00:00 2001 From: Norman Maurer Date: Thu, 6 Nov 2014 09:48:54 +0100 Subject: [PATCH] Allow to set the context for which sessions can be used. Motivation: Openssl supports the SSL_CTX_set_session_id_context function to limit for which context a session can be used. We should support this. Modifications: Add OpenSslServerSessionContext that exposes a setSessionIdContext(...) method now. Result: It's now possible to use SSL_CTX_set_session_id_context. --- .../handler/ssl/OpenSslServerContext.java | 47 +---------- .../ssl/OpenSslServerSessionContext.java | 79 +++++++++++++++++++ 2 files changed, 81 insertions(+), 45 deletions(-) create mode 100644 handler/src/main/java/io/netty/handler/ssl/OpenSslServerSessionContext.java diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java index 16309c2625..f69b4d2577 100644 --- a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java +++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java @@ -46,7 +46,7 @@ import static io.netty.util.internal.ObjectUtil.*; public final class OpenSslServerContext extends OpenSslContext { private static final InternalLogger logger = InternalLoggerFactory.getInstance(OpenSslServerContext.class); - private final OpenSslSessionContext sessionContext; + private final OpenSslServerSessionContext sessionContext; /** * Creates a new instance. @@ -285,50 +285,7 @@ public final class OpenSslServerContext extends OpenSslContext { } @Override - public OpenSslSessionContext sessionContext() { + public OpenSslServerSessionContext sessionContext() { return sessionContext; } - - private static final class OpenSslServerSessionContext extends OpenSslSessionContext { - private OpenSslServerSessionContext(long context) { - super(context); - } - - @Override - public void setSessionTimeout(int seconds) { - if (seconds < 0) { - throw new IllegalArgumentException(); - } - SSLContext.setSessionCacheTimeout(context, seconds); - } - - @Override - public int getSessionTimeout() { - return (int) SSLContext.getSessionCacheTimeout(context); - } - - @Override - public void setSessionCacheSize(int size) { - if (size < 0) { - throw new IllegalArgumentException(); - } - SSLContext.setSessionCacheSize(context, size); - } - - @Override - public int getSessionCacheSize() { - return (int) SSLContext.getSessionCacheSize(context); - } - - @Override - public void setSessionCacheEnabled(boolean enabled) { - long mode = enabled ? SSL.SSL_SESS_CACHE_SERVER : SSL.SSL_SESS_CACHE_OFF; - SSLContext.setSessionCacheMode(context, mode); - } - - @Override - public boolean isSessionCacheEnabled() { - return SSLContext.getSessionCacheMode(context) == SSL.SSL_SESS_CACHE_SERVER; - } - } } diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerSessionContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerSessionContext.java new file mode 100644 index 0000000000..693801ff8a --- /dev/null +++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerSessionContext.java @@ -0,0 +1,79 @@ +/* + * Copyright 2014 The Netty Project + * + * The Netty Project licenses this file to you under the Apache License, + * version 2.0 (the "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + */ +package io.netty.handler.ssl; + +import org.apache.tomcat.jni.SSL; +import org.apache.tomcat.jni.SSLContext; + + +/** + * {@link OpenSslSessionContext} implementation which offers extra methods which are only useful for the server-side. + */ +public final class OpenSslServerSessionContext extends OpenSslSessionContext { + OpenSslServerSessionContext(long context) { + super(context); + } + + @Override + public void setSessionTimeout(int seconds) { + if (seconds < 0) { + throw new IllegalArgumentException(); + } + SSLContext.setSessionCacheTimeout(context, seconds); + } + + @Override + public int getSessionTimeout() { + return (int) SSLContext.getSessionCacheTimeout(context); + } + + @Override + public void setSessionCacheSize(int size) { + if (size < 0) { + throw new IllegalArgumentException(); + } + SSLContext.setSessionCacheSize(context, size); + } + + @Override + public int getSessionCacheSize() { + return (int) SSLContext.getSessionCacheSize(context); + } + + @Override + public void setSessionCacheEnabled(boolean enabled) { + long mode = enabled ? SSL.SSL_SESS_CACHE_SERVER : SSL.SSL_SESS_CACHE_OFF; + SSLContext.setSessionCacheMode(context, mode); + } + + @Override + public boolean isSessionCacheEnabled() { + return SSLContext.getSessionCacheMode(context) == SSL.SSL_SESS_CACHE_SERVER; + } + + /** + * Set the context within which session be reused (server side only) + * See + * man SSL_CTX_set_session_id_context + * + * @param sidCtx can be any kind of binary data, it is therefore possible to use e.g. the name + * of the application and/or the hostname and/or service name + * @return {@code true} if success, {@code false} otherwise. + */ + public boolean setSessionIdContext(byte[] sidCtx) { + return SSLContext.setSessionIdContext(context, sidCtx); + } +}