From de717916beb07b973042e98fd90071da19e4af7d Mon Sep 17 00:00:00 2001 From: Trustin Lee Date: Thu, 25 Jun 2009 10:26:04 +0000 Subject: [PATCH] Added more configuration parameters for SSLEngine --- .../HttpTunnelingClientSocketChannel.java | 14 ++++- .../HttpTunnelingSocketChannelConfig.java | 52 +++++++++++++++++++ .../netty/util/internal/ConversionUtil.java | 26 ++++++++++ 3 files changed, 91 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/jboss/netty/channel/socket/http/HttpTunnelingClientSocketChannel.java b/src/main/java/org/jboss/netty/channel/socket/http/HttpTunnelingClientSocketChannel.java index 89d0c3e932..a9c0959eb4 100644 --- a/src/main/java/org/jboss/netty/channel/socket/http/HttpTunnelingClientSocketChannel.java +++ b/src/main/java/org/jboss/netty/channel/socket/http/HttpTunnelingClientSocketChannel.java @@ -254,12 +254,24 @@ class HttpTunnelingClientSocketChannel extends AbstractChannel @Override public void channelConnected(ChannelHandlerContext ctx, ChannelStateEvent e) throws Exception { - SSLContext sslContext = getConfig().getSslContext(); + HttpTunnelingSocketChannelConfig config = getConfig(); + SSLContext sslContext = config.getSslContext(); if (sslContext != null) { URI uri = remoteAddress.getUri(); SSLEngine engine = sslContext.createSSLEngine( uri.getHost(), uri.getPort()); + + // Configure the SSLEngine. engine.setUseClientMode(true); + engine.setEnableSessionCreation(config.isEnableSslSessionCreation()); + String[] enabledCipherSuites = config.getEnabledSslCipherSuites(); + if (enabledCipherSuites != null) { + engine.setEnabledCipherSuites(enabledCipherSuites); + } + String[] enabledProtocols = config.getEnabledSslProtocols(); + if (enabledProtocols != null) { + engine.setEnabledProtocols(enabledProtocols); + } SocketChannel ch = (SocketChannel) e.getChannel(); SslHandler sslHandler = new SslHandler(engine); diff --git a/src/main/java/org/jboss/netty/channel/socket/http/HttpTunnelingSocketChannelConfig.java b/src/main/java/org/jboss/netty/channel/socket/http/HttpTunnelingSocketChannelConfig.java index e7c2a2b87c..764289b851 100644 --- a/src/main/java/org/jboss/netty/channel/socket/http/HttpTunnelingSocketChannelConfig.java +++ b/src/main/java/org/jboss/netty/channel/socket/http/HttpTunnelingSocketChannelConfig.java @@ -31,6 +31,7 @@ import org.jboss.netty.channel.ChannelConfig; import org.jboss.netty.channel.ChannelPipelineFactory; import org.jboss.netty.channel.socket.SocketChannel; import org.jboss.netty.channel.socket.SocketChannelConfig; +import org.jboss.netty.util.internal.ConversionUtil; /** * The {@link ChannelConfig} of a client-side HTTP tunneling @@ -61,6 +62,9 @@ public final class HttpTunnelingSocketChannelConfig implements SocketChannelConf private final HttpTunnelingClientSocketChannel channel; private volatile SSLContext sslContext; + private volatile String[] enabledSslCipherSuites; + private volatile String[] enabledSslProtocols; + private volatile boolean enableSslSessionCreation = true; /** * Creates a new instance. @@ -85,6 +89,48 @@ public final class HttpTunnelingSocketChannelConfig implements SocketChannelConf this.sslContext = sslContext; } + public String[] getEnabledSslCipherSuites() { + String[] suites = enabledSslCipherSuites; + if (suites == null) { + return null; + } else { + return suites.clone(); + } + } + + public void setEnabledSslCipherSuites(String[] suites) { + if (suites == null) { + enabledSslCipherSuites = null; + } else { + enabledSslCipherSuites = suites.clone(); + } + } + + public String[] getEnabledSslProtocols() { + String[] protocols = enabledSslProtocols; + if (protocols == null) { + return null; + } else { + return protocols.clone(); + } + } + + public void setEnabledSslProtocols(String[] protocols) { + if (protocols == null) { + enabledSslProtocols = null; + } else { + enabledSslProtocols = protocols.clone(); + } + } + + public boolean isEnableSslSessionCreation() { + return enableSslSessionCreation; + } + + public void setEnableSslSessionCreation(boolean flag) { + enableSslSessionCreation = flag; + } + public void setOptions(Map options) { channel.channel.getConfig().setOptions(options); SSLContext sslContext = (SSLContext) options.get("sslContext"); @@ -100,6 +146,12 @@ public final class HttpTunnelingSocketChannelConfig implements SocketChannelConf if (key.equals("sslContext")) { setSslContext((SSLContext) value); + } else if (key.equals("enabledSslCipherSuites")){ + setEnabledSslCipherSuites(ConversionUtil.toStringArray(value)); + } else if (key.equals("enabledSslProtocols")){ + setEnabledSslProtocols(ConversionUtil.toStringArray(value)); + } else if (key.equals("enableSslSessionCreation")){ + setEnableSslSessionCreation(ConversionUtil.toBoolean(value)); } else { return false; } diff --git a/src/main/java/org/jboss/netty/util/internal/ConversionUtil.java b/src/main/java/org/jboss/netty/util/internal/ConversionUtil.java index b6b8a4783a..4a8b14e0a3 100644 --- a/src/main/java/org/jboss/netty/util/internal/ConversionUtil.java +++ b/src/main/java/org/jboss/netty/util/internal/ConversionUtil.java @@ -22,6 +22,9 @@ */ package org.jboss.netty.util.internal; +import java.util.ArrayList; +import java.util.List; + /** * Conversion utility class to parse a property represented as a string or * an object. @@ -77,4 +80,27 @@ public class ConversionUtil { private ConversionUtil() { // Unused } + + /** + * Converts the specified object into an array of strings. + */ + public static String[] toStringArray(Object value) { + if (value instanceof String[]) { + return (String[]) value; + } + + if (value instanceof Iterable) { + List answer = new ArrayList(); + for (Object v: (Iterable) value) { + if (v == null) { + answer.add(null); + } else { + answer.add(String.valueOf(v)); + } + } + return answer.toArray(new String[answer.size()]); + } + + return String.valueOf(value).split("[, \\t\\n\\r\\f\\e\\a]"); + } }