Add unified NextProtoNego extension support to SslContext
Motivation: - OpenSslEngine and JDK SSLEngine (+ Jetty NPN) have different APIs to support NextProtoNego extension. - It is impossible to configure NPN with SslContext when the provider type is JDK. Modification: - Implement NextProtoNego extension by overriding the behavior of SSLSession.getProtocol() for both OpenSSLEngine and JDK SSLEngine. - SSLEngine.getProtocol() returns a string delimited by a colon (':') where the first component is the transport protosol (e.g. TLSv1.2) and the second component is the name of the application protocol - Remove the direct reference of Jetty NPN classes from the examples - Add SslContext.newApplicationProtocolSelector Result: - A user can now use both JDK SSLEngine and OpenSslEngine for NPN-based protocols such as HTTP2 and SPDY
This commit is contained in:
parent
3051c1ee0f
commit
e167ec51eb
@ -22,11 +22,11 @@ import io.netty.channel.ChannelOption;
|
||||
import io.netty.channel.EventLoopGroup;
|
||||
import io.netty.channel.nio.NioEventLoopGroup;
|
||||
import io.netty.channel.socket.nio.NioSocketChannel;
|
||||
import io.netty.example.http2.server.Http2Server;
|
||||
import io.netty.handler.codec.http.HttpMethod;
|
||||
import io.netty.handler.codec.http2.DefaultHttp2Headers;
|
||||
import io.netty.handler.codec.http2.Http2Exception;
|
||||
import io.netty.handler.codec.http2.Http2Headers;
|
||||
import io.netty.handler.codec.http2.Http2OrHttpChooser.SelectedProtocol;
|
||||
import io.netty.handler.ssl.SslContext;
|
||||
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
|
||||
|
||||
@ -50,7 +50,13 @@ public class Http2Client {
|
||||
private EventLoopGroup workerGroup;
|
||||
|
||||
public Http2Client(String host, int port) throws SSLException {
|
||||
sslCtx = SslContext.newClientContext(InsecureTrustManagerFactory.INSTANCE);
|
||||
sslCtx = SslContext.newClientContext(
|
||||
null, InsecureTrustManagerFactory.INSTANCE, null,
|
||||
SslContext.newApplicationProtocolSelector(
|
||||
SelectedProtocol.HTTP_2.protocolName(),
|
||||
SelectedProtocol.HTTP_1_1.protocolName()),
|
||||
0, 0);
|
||||
|
||||
this.host = host;
|
||||
this.port = port;
|
||||
http2ConnectionHandler = new Http2ClientConnectionHandler();
|
||||
@ -108,7 +114,6 @@ public class Http2Client {
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
Http2Server.checkForNpnSupport();
|
||||
int port;
|
||||
if (args.length > 0) {
|
||||
port = Integer.parseInt(args[0]);
|
||||
|
@ -15,14 +15,9 @@
|
||||
package io.netty.example.http2.client;
|
||||
|
||||
import io.netty.channel.ChannelInitializer;
|
||||
import io.netty.channel.ChannelPipeline;
|
||||
import io.netty.channel.socket.SocketChannel;
|
||||
import io.netty.handler.codec.http2.AbstractHttp2ConnectionHandler;
|
||||
import io.netty.handler.ssl.SslContext;
|
||||
import io.netty.handler.ssl.SslHandler;
|
||||
import org.eclipse.jetty.npn.NextProtoNego;
|
||||
|
||||
import javax.net.ssl.SSLEngine;
|
||||
|
||||
/**
|
||||
* Configures the client pipeline to support HTTP/2 frames.
|
||||
@ -39,14 +34,6 @@ public class Http2ClientInitializer extends ChannelInitializer<SocketChannel> {
|
||||
|
||||
@Override
|
||||
public void initChannel(SocketChannel ch) throws Exception {
|
||||
SslHandler sslHandler = sslCtx.newHandler(ch.alloc());
|
||||
SSLEngine engine = sslHandler.engine();
|
||||
NextProtoNego.put(engine, new Http2ClientProvider());
|
||||
NextProtoNego.debug = true;
|
||||
|
||||
ChannelPipeline pipeline = ch.pipeline();
|
||||
|
||||
pipeline.addLast("ssl", new SslHandler(engine));
|
||||
pipeline.addLast("http2ConnectionHandler", connectionHandler);
|
||||
ch.pipeline().addLast(sslCtx.newHandler(ch.alloc()), connectionHandler);
|
||||
}
|
||||
}
|
||||
|
@ -1,58 +0,0 @@
|
||||
/*
|
||||
* Copyright 2014 The Netty Project
|
||||
*
|
||||
* The Netty Project licenses this file to you under the Apache License,
|
||||
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at:
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package io.netty.example.http2.client;
|
||||
|
||||
import org.eclipse.jetty.npn.NextProtoNego;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import static io.netty.handler.codec.http2.Http2OrHttpChooser.SelectedProtocol.*;
|
||||
|
||||
/**
|
||||
* The Jetty project provides an implementation of the Transport Layer Security (TLS) extension for Next Protocol
|
||||
* Negotiation (NPN) for OpenJDK 7 or greater. NPN allows the application layer to negotiate which protocol to use
|
||||
* over the secure connection.
|
||||
* <p>
|
||||
* This NPN service provider negotiates using HTTP2.
|
||||
* <p>
|
||||
* To enable NPN support, start the JVM with: {@code java -Xbootclasspath/p:<path_to_npn_boot_jar> ...}. The
|
||||
* "path_to_npn_boot_jar" is the path on the file system for the NPN Boot Jar file which can be downloaded from Maven
|
||||
* at coordinates org.mortbay.jetty.npn:npn-boot. Different versions applies to different OpenJDK versions.
|
||||
*
|
||||
* @see <a href="http://www.eclipse.org/jetty/documentation/current/npn-chapter.html">Jetty documentation</a>
|
||||
*/
|
||||
public class Http2ClientProvider implements NextProtoNego.ClientProvider {
|
||||
|
||||
private String selectedProtocol;
|
||||
|
||||
@Override
|
||||
public String selectProtocol(List<String> protocols) {
|
||||
if (protocols.contains(HTTP_2.protocolName())) {
|
||||
selectedProtocol = HTTP_2.protocolName();
|
||||
}
|
||||
return selectedProtocol;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean supports() {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void unsupported() {
|
||||
selectedProtocol = HTTP_1_1.protocolName();
|
||||
}
|
||||
}
|
@ -17,10 +17,7 @@ package io.netty.example.http2.server;
|
||||
import io.netty.channel.ChannelHandler;
|
||||
import io.netty.handler.codec.http2.Http2OrHttpChooser;
|
||||
|
||||
import org.eclipse.jetty.npn.NextProtoNego;
|
||||
|
||||
import javax.net.ssl.SSLEngine;
|
||||
|
||||
import java.util.logging.Logger;
|
||||
|
||||
/**
|
||||
@ -41,8 +38,8 @@ public class Http2OrHttpHandler extends Http2OrHttpChooser {
|
||||
|
||||
@Override
|
||||
protected SelectedProtocol getProtocol(SSLEngine engine) {
|
||||
Http2ServerProvider provider = (Http2ServerProvider) NextProtoNego.get(engine);
|
||||
SelectedProtocol selectedProtocol = provider.getSelectedProtocol();
|
||||
String[] protocol = engine.getSession().getProtocol().split(":");
|
||||
SelectedProtocol selectedProtocol = SelectedProtocol.protocol(protocol[1]);
|
||||
|
||||
logger.info("Selected Protocol is " + selectedProtocol);
|
||||
return selectedProtocol;
|
||||
|
@ -22,10 +22,12 @@ import io.netty.channel.ChannelOption;
|
||||
import io.netty.channel.EventLoopGroup;
|
||||
import io.netty.channel.nio.NioEventLoopGroup;
|
||||
import io.netty.channel.socket.nio.NioServerSocketChannel;
|
||||
import io.netty.handler.codec.http2.Http2OrHttpChooser.SelectedProtocol;
|
||||
import io.netty.handler.ssl.SslContext;
|
||||
import io.netty.handler.ssl.SslProvider;
|
||||
import io.netty.handler.ssl.util.SelfSignedCertificate;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
/**
|
||||
* A HTTP/2 Server that responds to requests with a Hello World.
|
||||
* <p>
|
||||
@ -60,7 +62,6 @@ public class Http2Server {
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
checkForNpnSupport();
|
||||
int port;
|
||||
if (args.length > 0) {
|
||||
port = Integer.parseInt(args[0]);
|
||||
@ -72,22 +73,13 @@ public class Http2Server {
|
||||
|
||||
// Configure SSL context.
|
||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||
SslContext sslCtx = SslContext.newServerContext(SslProvider.JDK, ssc.certificate(), ssc.privateKey());
|
||||
SslContext sslCtx = SslContext.newServerContext(
|
||||
ssc.certificate(), ssc.privateKey(), null, null,
|
||||
Arrays.asList(
|
||||
SelectedProtocol.HTTP_2.protocolName(),
|
||||
SelectedProtocol.HTTP_1_1.protocolName()),
|
||||
0, 0);
|
||||
|
||||
new Http2Server(sslCtx, port).run();
|
||||
}
|
||||
|
||||
public static void checkForNpnSupport() {
|
||||
try {
|
||||
Class.forName("sun.security.ssl.NextProtoNegoExtension");
|
||||
} catch (ClassNotFoundException ignored) {
|
||||
System.err.println();
|
||||
System.err.println("Could not locate Next Protocol Negotiation (NPN) implementation.");
|
||||
System.err.println("The NPN jar should have been made available when building the examples with maven.");
|
||||
System.err.println("Please check that your JDK is among those supported by Jetty-NPN:");
|
||||
System.err.println("http://wiki.eclipse.org/Jetty/Feature/NPN#Versions");
|
||||
System.err.println();
|
||||
throw new IllegalStateException("Could not locate NPN implementation. See console err for details.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -17,13 +17,8 @@
|
||||
package io.netty.example.http2.server;
|
||||
|
||||
import io.netty.channel.ChannelInitializer;
|
||||
import io.netty.channel.ChannelPipeline;
|
||||
import io.netty.channel.socket.SocketChannel;
|
||||
import io.netty.handler.ssl.SslContext;
|
||||
import io.netty.handler.ssl.SslHandler;
|
||||
import org.eclipse.jetty.npn.NextProtoNego;
|
||||
|
||||
import javax.net.ssl.SSLEngine;
|
||||
|
||||
/**
|
||||
* Sets up the Netty pipeline
|
||||
@ -38,17 +33,6 @@ public class Http2ServerInitializer extends ChannelInitializer<SocketChannel> {
|
||||
|
||||
@Override
|
||||
public void initChannel(SocketChannel ch) throws Exception {
|
||||
ChannelPipeline p = ch.pipeline();
|
||||
|
||||
SslHandler handler = sslCtx.newHandler(ch.alloc());
|
||||
SSLEngine engine = handler.engine();
|
||||
p.addLast("ssl", new SslHandler(engine));
|
||||
|
||||
// Setup NextProtoNego with our server provider
|
||||
NextProtoNego.put(engine, new Http2ServerProvider());
|
||||
NextProtoNego.debug = true;
|
||||
|
||||
// Negotiates with the browser if HTTP2 or HTTP is going to be used
|
||||
p.addLast("handler", new Http2OrHttpHandler());
|
||||
ch.pipeline().addLast(sslCtx.newHandler(ch.alloc()), new Http2OrHttpHandler());
|
||||
}
|
||||
}
|
||||
|
@ -1,66 +0,0 @@
|
||||
/*
|
||||
* Copyright 2014 The Netty Project
|
||||
*
|
||||
* The Netty Project licenses this file to you under the Apache License,
|
||||
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at:
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package io.netty.example.http2.server;
|
||||
|
||||
import io.netty.handler.codec.http2.Http2OrHttpChooser;
|
||||
|
||||
import org.eclipse.jetty.npn.NextProtoNego.ServerProvider;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import static io.netty.handler.codec.http2.Http2OrHttpChooser.SelectedProtocol.*;
|
||||
|
||||
/**
|
||||
* The Jetty project provides an implementation of the Transport Layer Security (TLS) extension for Next
|
||||
* Protocol Negotiation (NPN) for OpenJDK 7 or greater. NPN allows the application layer to negotiate which
|
||||
* protocol to use over the secure connection.
|
||||
* <p>
|
||||
* This NPN service provider negotiates using HTTP_2.
|
||||
* <p>
|
||||
* To enable NPN support, start the JVM with: {@code java -Xbootclasspath/p:<path_to_npn_boot_jar> ...}. The
|
||||
* "path_to_npn_boot_jar" is the path on the file system for the NPN Boot Jar file which can be downloaded from
|
||||
* Maven at coordinates org.mortbay.jetty.npn:npn-boot. Different versions applies to different OpenJDK versions.
|
||||
*
|
||||
* @see <a href="http://www.eclipse.org/jetty/documentation/current/npn-chapter.html">Jetty documentation</a>
|
||||
*/
|
||||
public class Http2ServerProvider implements ServerProvider {
|
||||
|
||||
private String selectedProtocol;
|
||||
|
||||
@Override
|
||||
public void unsupported() {
|
||||
// if unsupported, default to http/1.1
|
||||
selectedProtocol = HTTP_1_1.protocolName();
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> protocols() {
|
||||
return Arrays.asList(HTTP_2.protocolName(), HTTP_1_1.protocolName());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void protocolSelected(String protocol) {
|
||||
selectedProtocol = protocol;
|
||||
}
|
||||
|
||||
public Http2OrHttpChooser.SelectedProtocol getSelectedProtocol() {
|
||||
if (selectedProtocol == null) {
|
||||
return UNKNOWN;
|
||||
}
|
||||
return protocol(selectedProtocol);
|
||||
}
|
||||
}
|
@ -27,8 +27,8 @@ import io.netty.handler.codec.http.HttpHeaders;
|
||||
import io.netty.handler.codec.http.HttpMethod;
|
||||
import io.netty.handler.codec.http.HttpRequest;
|
||||
import io.netty.handler.codec.http.HttpVersion;
|
||||
import io.netty.handler.codec.spdy.SpdyOrHttpChooser.SelectedProtocol;
|
||||
import io.netty.handler.ssl.SslContext;
|
||||
import io.netty.handler.ssl.SslProvider;
|
||||
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
|
||||
|
||||
import javax.net.ssl.SSLException;
|
||||
@ -60,7 +60,13 @@ public class SpdyClient {
|
||||
private EventLoopGroup workerGroup;
|
||||
|
||||
public SpdyClient(String host, int port) throws SSLException {
|
||||
sslCtx = SslContext.newClientContext(SslProvider.JDK, InsecureTrustManagerFactory.INSTANCE);
|
||||
sslCtx = SslContext.newClientContext(
|
||||
null, InsecureTrustManagerFactory.INSTANCE, null,
|
||||
SslContext.newApplicationProtocolSelector(
|
||||
SelectedProtocol.SPDY_3_1.protocolName(),
|
||||
SelectedProtocol.HTTP_1_1.protocolName()),
|
||||
0, 0);
|
||||
|
||||
this.host = host;
|
||||
this.port = port;
|
||||
httpResponseHandler = new HttpResponseClientHandler();
|
||||
|
@ -23,10 +23,6 @@ import io.netty.handler.codec.spdy.SpdyHttpDecoder;
|
||||
import io.netty.handler.codec.spdy.SpdyHttpEncoder;
|
||||
import io.netty.handler.codec.spdy.SpdySessionHandler;
|
||||
import io.netty.handler.ssl.SslContext;
|
||||
import io.netty.handler.ssl.SslHandler;
|
||||
import org.eclipse.jetty.npn.NextProtoNego;
|
||||
|
||||
import javax.net.ssl.SSLEngine;
|
||||
|
||||
import static io.netty.handler.codec.spdy.SpdyVersion.*;
|
||||
import static io.netty.util.internal.logging.InternalLogLevel.*;
|
||||
@ -45,14 +41,8 @@ public class SpdyClientInitializer extends ChannelInitializer<SocketChannel> {
|
||||
|
||||
@Override
|
||||
public void initChannel(SocketChannel ch) throws Exception {
|
||||
SslHandler sslHandler = sslCtx.newHandler(ch.alloc());
|
||||
SSLEngine engine = sslHandler.engine();
|
||||
NextProtoNego.put(engine, new SpdyClientProvider());
|
||||
NextProtoNego.debug = true;
|
||||
|
||||
ChannelPipeline pipeline = ch.pipeline();
|
||||
|
||||
pipeline.addLast("ssl", sslHandler);
|
||||
pipeline.addLast("ssl", sslCtx.newHandler(ch.alloc()));
|
||||
pipeline.addLast("spdyFrameCodec", new SpdyFrameCodec(SPDY_3_1));
|
||||
pipeline.addLast("spdyFrameLogger", new SpdyFrameLogger(INFO));
|
||||
pipeline.addLast("spdySessionHandler", new SpdySessionHandler(SPDY_3_1, false));
|
||||
|
@ -1,58 +0,0 @@
|
||||
/*
|
||||
* Copyright 2014 The Netty Project
|
||||
*
|
||||
* The Netty Project licenses this file to you under the Apache License,
|
||||
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at:
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package io.netty.example.spdy.client;
|
||||
|
||||
import org.eclipse.jetty.npn.NextProtoNego.ClientProvider;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import static io.netty.handler.codec.spdy.SpdyOrHttpChooser.SelectedProtocol.*;
|
||||
|
||||
/**
|
||||
* The Jetty project provides an implementation of the Transport Layer Security (TLS) extension for Next Protocol
|
||||
* Negotiation (NPN) for OpenJDK 7 or greater. NPN allows the application layer to negotiate which protocol to use
|
||||
* over the secure connection.
|
||||
* <p>
|
||||
* This NPN service provider negotiates using SPDY.
|
||||
* <p>
|
||||
* To enable NPN support, start the JVM with: {@code java -Xbootclasspath/p:<path_to_npn_boot_jar> ...}. The
|
||||
* "path_to_npn_boot_jar" is the path on the file system for the NPN Boot Jar file which can be downloaded from Maven
|
||||
* at coordinates org.mortbay.jetty.npn:npn-boot. Different versions applies to different OpenJDK versions.
|
||||
*
|
||||
* @see <a href="http://www.eclipse.org/jetty/documentation/current/npn-chapter.html">Jetty documentation</a>
|
||||
*/
|
||||
public class SpdyClientProvider implements ClientProvider {
|
||||
|
||||
private String selectedProtocol;
|
||||
|
||||
@Override
|
||||
public String selectProtocol(List<String> protocols) {
|
||||
if (protocols.contains(SPDY_3_1.protocolName())) {
|
||||
return SPDY_3_1.protocolName();
|
||||
}
|
||||
return selectedProtocol;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean supports() {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void unsupported() {
|
||||
selectedProtocol = HTTP_1_1.protocolName();
|
||||
}
|
||||
}
|
@ -17,7 +17,6 @@ package io.netty.example.spdy.server;
|
||||
|
||||
import io.netty.channel.ChannelHandler;
|
||||
import io.netty.handler.codec.spdy.SpdyOrHttpChooser;
|
||||
import org.eclipse.jetty.npn.NextProtoNego;
|
||||
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import java.util.logging.Logger;
|
||||
@ -41,8 +40,8 @@ public class SpdyOrHttpHandler extends SpdyOrHttpChooser {
|
||||
|
||||
@Override
|
||||
protected SelectedProtocol getProtocol(SSLEngine engine) {
|
||||
SpdyServerProvider provider = (SpdyServerProvider) NextProtoNego.get(engine);
|
||||
SelectedProtocol selectedProtocol = provider.getSelectedProtocol();
|
||||
String[] protocol = engine.getSession().getProtocol().split(":");
|
||||
SelectedProtocol selectedProtocol = SelectedProtocol.protocol(protocol[1]);
|
||||
|
||||
logger.info("Selected Protocol is " + selectedProtocol);
|
||||
return selectedProtocol;
|
||||
|
@ -21,10 +21,12 @@ import io.netty.channel.ChannelOption;
|
||||
import io.netty.channel.EventLoopGroup;
|
||||
import io.netty.channel.nio.NioEventLoopGroup;
|
||||
import io.netty.channel.socket.nio.NioServerSocketChannel;
|
||||
import io.netty.handler.codec.spdy.SpdyOrHttpChooser.SelectedProtocol;
|
||||
import io.netty.handler.ssl.SslContext;
|
||||
import io.netty.handler.ssl.SslProvider;
|
||||
import io.netty.handler.ssl.util.SelfSignedCertificate;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
/**
|
||||
* A SPDY Server that responds to a GET request with a Hello World.
|
||||
* <p>
|
||||
@ -72,7 +74,6 @@ public class SpdyServer {
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
checkForNpnSupport();
|
||||
int port;
|
||||
if (args.length > 0) {
|
||||
port = Integer.parseInt(args[0]);
|
||||
@ -86,21 +87,13 @@ public class SpdyServer {
|
||||
|
||||
// Configure SSL.
|
||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||
SslContext sslCtx = SslContext.newServerContext(SslProvider.JDK, ssc.certificate(), ssc.privateKey());
|
||||
SslContext sslCtx = SslContext.newServerContext(
|
||||
ssc.certificate(), ssc.privateKey(), null, null,
|
||||
Arrays.asList(
|
||||
SelectedProtocol.SPDY_3_1.protocolName(),
|
||||
SelectedProtocol.HTTP_1_1.protocolName()),
|
||||
0, 0);
|
||||
|
||||
new SpdyServer(sslCtx, port).run();
|
||||
}
|
||||
|
||||
private static void checkForNpnSupport() {
|
||||
try {
|
||||
Class.forName("sun.security.ssl.NextProtoNegoExtension");
|
||||
} catch (ClassNotFoundException ignored) {
|
||||
System.err.println();
|
||||
System.err.println("Could not locate Next Protocol Negotiation (NPN) implementation.");
|
||||
System.err.println("The NPN jar should have been made available when building the examples with maven.");
|
||||
System.err.println("Please check that your JDK is among those supported by Jetty-NPN:");
|
||||
System.err.println("http://wiki.eclipse.org/Jetty/Feature/NPN#Versions");
|
||||
System.err.println();
|
||||
throw new IllegalStateException("Could not locate NPN implementation. See console err for details.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -23,6 +23,7 @@ import io.netty.channel.SimpleChannelInboundHandler;
|
||||
import io.netty.handler.codec.http.DefaultFullHttpResponse;
|
||||
import io.netty.handler.codec.http.FullHttpResponse;
|
||||
import io.netty.handler.codec.http.HttpRequest;
|
||||
import io.netty.handler.ssl.SslHandler;
|
||||
import io.netty.util.CharsetUtil;
|
||||
|
||||
import java.util.Date;
|
||||
@ -43,6 +44,8 @@ public class SpdyServerHandler extends SimpleChannelInboundHandler<Object> {
|
||||
|
||||
@Override
|
||||
public void messageReceived(ChannelHandlerContext ctx, Object msg) throws Exception {
|
||||
SslHandler h = ctx.pipeline().get(SslHandler.class);
|
||||
System.err.println(h.engine().getSession().getProtocol());
|
||||
if (msg instanceof HttpRequest) {
|
||||
HttpRequest req = (HttpRequest) msg;
|
||||
|
||||
|
@ -19,10 +19,6 @@ import io.netty.channel.ChannelInitializer;
|
||||
import io.netty.channel.ChannelPipeline;
|
||||
import io.netty.channel.socket.SocketChannel;
|
||||
import io.netty.handler.ssl.SslContext;
|
||||
import io.netty.handler.ssl.SslHandler;
|
||||
import org.eclipse.jetty.npn.NextProtoNego;
|
||||
|
||||
import javax.net.ssl.SSLEngine;
|
||||
|
||||
/**
|
||||
* Sets up the Netty pipeline
|
||||
@ -38,15 +34,7 @@ public class SpdyServerInitializer extends ChannelInitializer<SocketChannel> {
|
||||
@Override
|
||||
public void initChannel(SocketChannel ch) throws Exception {
|
||||
ChannelPipeline p = ch.pipeline();
|
||||
|
||||
SslHandler sslHandler = sslCtx.newHandler(ch.alloc());
|
||||
SSLEngine engine = sslHandler.engine();
|
||||
p.addLast("ssl", sslHandler);
|
||||
|
||||
// Setup NextProtoNego with our server provider
|
||||
NextProtoNego.put(engine, new SpdyServerProvider());
|
||||
NextProtoNego.debug = true;
|
||||
|
||||
p.addLast("ssl", sslCtx.newHandler(ch.alloc()));
|
||||
// Negotiates with the browser if SPDY or HTTP is going to be used
|
||||
p.addLast("handler", new SpdyOrHttpHandler());
|
||||
}
|
||||
|
@ -1,63 +0,0 @@
|
||||
/*
|
||||
* Copyright 2014 The Netty Project
|
||||
*
|
||||
* The Netty Project licenses this file to you under the Apache License,
|
||||
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at:
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package io.netty.example.spdy.server;
|
||||
|
||||
import io.netty.handler.codec.spdy.SpdyOrHttpChooser;
|
||||
import org.eclipse.jetty.npn.NextProtoNego.ServerProvider;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* The Jetty project provides an implementation of the Transport Layer Security (TLS) extension for Next
|
||||
* Protocol Negotiation (NPN) for OpenJDK 7 or greater. NPN allows the application layer to negotiate which
|
||||
* protocol to use over the secure connection.
|
||||
* <p>
|
||||
* This NPN service provider negotiates using SPDY.
|
||||
* <p>
|
||||
* To enable NPN support, start the JVM with: {@code java -Xbootclasspath/p:<path_to_npn_boot_jar> ...}. The
|
||||
* "path_to_npn_boot_jar" is the path on the file system for the NPN Boot Jar file which can be downloaded from
|
||||
* Maven at coordinates org.mortbay.jetty.npn:npn-boot. Different versions applies to different OpenJDK versions.
|
||||
*
|
||||
* @see <a href="http://www.eclipse.org/jetty/documentation/current/npn-chapter.html">Jetty documentation</a>
|
||||
*/
|
||||
public class SpdyServerProvider implements ServerProvider {
|
||||
|
||||
private String selectedProtocol;
|
||||
|
||||
@Override
|
||||
public void unsupported() {
|
||||
// if unsupported, default to http/1.1
|
||||
selectedProtocol = "http/1.1";
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> protocols() {
|
||||
return Arrays.asList("spdy/3.1", "http/1.1");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void protocolSelected(String protocol) {
|
||||
selectedProtocol = protocol;
|
||||
}
|
||||
|
||||
public SpdyOrHttpChooser.SelectedProtocol getSelectedProtocol() {
|
||||
if (selectedProtocol == null) {
|
||||
return SpdyOrHttpChooser.SelectedProtocol.UNKNOWN;
|
||||
}
|
||||
return SpdyOrHttpChooser.SelectedProtocol.protocol(selectedProtocol);
|
||||
}
|
||||
}
|
@ -55,6 +55,17 @@
|
||||
<artifactId>bcpkix-jdk15on</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.eclipse.jetty.npn</groupId>
|
||||
<artifactId>npn-api</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.mortbay.jetty.npn</groupId>
|
||||
<artifactId>npn-boot</artifactId>
|
||||
<scope>provided</scope>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
||||
|
||||
|
@ -20,6 +20,7 @@ import io.netty.buffer.ByteBuf;
|
||||
import io.netty.buffer.ByteBufInputStream;
|
||||
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import javax.net.ssl.SSLException;
|
||||
import javax.net.ssl.SSLSessionContext;
|
||||
import javax.net.ssl.TrustManager;
|
||||
@ -38,6 +39,7 @@ import java.util.List;
|
||||
public final class JdkSslClientContext extends JdkSslContext {
|
||||
|
||||
private final SSLContext ctx;
|
||||
private final ApplicationProtocolSelector nextProtocolSelector;
|
||||
|
||||
/**
|
||||
* Creates a new instance.
|
||||
@ -105,10 +107,12 @@ public final class JdkSslClientContext extends JdkSslContext {
|
||||
|
||||
super(ciphers);
|
||||
|
||||
if (nextProtocolSelector != null) {
|
||||
if (nextProtocolSelector != null && !JettyNpnSslEngine.isAvailable()) {
|
||||
throw new SSLException("NPN/ALPN unsupported: " + nextProtocolSelector);
|
||||
}
|
||||
|
||||
this.nextProtocolSelector = nextProtocolSelector;
|
||||
|
||||
try {
|
||||
if (certChainFile == null) {
|
||||
ctx = SSLContext.getInstance(PROTOCOL);
|
||||
@ -166,7 +170,7 @@ public final class JdkSslClientContext extends JdkSslContext {
|
||||
|
||||
@Override
|
||||
public ApplicationProtocolSelector nextProtocolSelector() {
|
||||
return null;
|
||||
return nextProtocolSelector;
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -178,4 +182,13 @@ public final class JdkSslClientContext extends JdkSslContext {
|
||||
public SSLContext context() {
|
||||
return ctx;
|
||||
}
|
||||
|
||||
@Override
|
||||
SSLEngine wrapEngine(SSLEngine engine) {
|
||||
if (nextProtocolSelector == null) {
|
||||
return engine;
|
||||
} else {
|
||||
return new JettyNpnSslEngine(engine, nextProtocolSelector);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -153,7 +153,7 @@ public abstract class JdkSslContext extends SslContext {
|
||||
engine.setEnabledCipherSuites(cipherSuites);
|
||||
engine.setEnabledProtocols(PROTOCOLS);
|
||||
engine.setUseClientMode(isClient());
|
||||
return engine;
|
||||
return wrapEngine(engine);
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -162,9 +162,11 @@ public abstract class JdkSslContext extends SslContext {
|
||||
engine.setEnabledCipherSuites(cipherSuites);
|
||||
engine.setEnabledProtocols(PROTOCOLS);
|
||||
engine.setUseClientMode(isClient());
|
||||
return engine;
|
||||
return wrapEngine(engine);
|
||||
}
|
||||
|
||||
abstract SSLEngine wrapEngine(SSLEngine engine);
|
||||
|
||||
private static String[] toCipherSuiteArray(Iterable<String> ciphers) {
|
||||
if (ciphers == null) {
|
||||
return DEFAULT_CIPHERS.toArray(new String[DEFAULT_CIPHERS.size()]);
|
||||
|
@ -21,6 +21,7 @@ import io.netty.buffer.ByteBufInputStream;
|
||||
|
||||
import javax.net.ssl.KeyManagerFactory;
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import javax.net.ssl.SSLException;
|
||||
import javax.net.ssl.SSLSessionContext;
|
||||
import java.io.File;
|
||||
@ -42,6 +43,7 @@ import java.util.List;
|
||||
public final class JdkSslServerContext extends JdkSslContext {
|
||||
|
||||
private final SSLContext ctx;
|
||||
private final List<String> nextProtocols;
|
||||
|
||||
/**
|
||||
* Creates a new instance.
|
||||
@ -100,7 +102,21 @@ public final class JdkSslServerContext extends JdkSslContext {
|
||||
}
|
||||
|
||||
if (nextProtocols != null && nextProtocols.iterator().hasNext()) {
|
||||
throw new SSLException("NPN/ALPN unsupported: " + nextProtocols);
|
||||
if (!JettyNpnSslEngine.isAvailable()) {
|
||||
throw new SSLException("NPN/ALPN unsupported: " + nextProtocols);
|
||||
}
|
||||
|
||||
List<String> list = new ArrayList<String>();
|
||||
for (String p: nextProtocols) {
|
||||
if (p == null) {
|
||||
break;
|
||||
}
|
||||
list.add(p);
|
||||
}
|
||||
|
||||
this.nextProtocols = Collections.unmodifiableList(list);
|
||||
} else {
|
||||
this.nextProtocols = Collections.emptyList();
|
||||
}
|
||||
|
||||
String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
|
||||
@ -173,11 +189,20 @@ public final class JdkSslServerContext extends JdkSslContext {
|
||||
|
||||
@Override
|
||||
public List<String> nextProtocols() {
|
||||
return Collections.emptyList();
|
||||
return nextProtocols;
|
||||
}
|
||||
|
||||
@Override
|
||||
public SSLContext context() {
|
||||
return ctx;
|
||||
}
|
||||
|
||||
@Override
|
||||
SSLEngine wrapEngine(SSLEngine engine) {
|
||||
if (nextProtocols.isEmpty()) {
|
||||
return engine;
|
||||
} else {
|
||||
return new JettyNpnSslEngine(engine, nextProtocols);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,286 @@
|
||||
/*
|
||||
* Copyright 2014 The Netty Project
|
||||
*
|
||||
* The Netty Project licenses this file to you under the Apache License,
|
||||
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at:
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package io.netty.handler.ssl;
|
||||
|
||||
import io.netty.util.internal.logging.InternalLogger;
|
||||
import io.netty.util.internal.logging.InternalLoggerFactory;
|
||||
import org.eclipse.jetty.npn.NextProtoNego;
|
||||
import org.eclipse.jetty.npn.NextProtoNego.ClientProvider;
|
||||
import org.eclipse.jetty.npn.NextProtoNego.ServerProvider;
|
||||
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import javax.net.ssl.SSLEngineResult;
|
||||
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
|
||||
import javax.net.ssl.SSLException;
|
||||
import javax.net.ssl.SSLParameters;
|
||||
import javax.net.ssl.SSLSession;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.util.List;
|
||||
|
||||
final class JettyNpnSslEngine extends SSLEngine {
|
||||
|
||||
private static final InternalLogger logger = InternalLoggerFactory.getInstance(JettyNpnSslEngine.class);
|
||||
|
||||
private static boolean available;
|
||||
|
||||
static boolean isAvailable() {
|
||||
updateAvailability();
|
||||
return available;
|
||||
}
|
||||
|
||||
private static void updateAvailability() {
|
||||
if (available) {
|
||||
return;
|
||||
}
|
||||
try {
|
||||
// Try to get the bootstrap class loader.
|
||||
ClassLoader bootloader = ClassLoader.getSystemClassLoader().getParent();
|
||||
if (bootloader == null) {
|
||||
// If failed, use the system class loader,
|
||||
// although it's not perfect to tell if NPN extension has been loaded.
|
||||
bootloader = ClassLoader.getSystemClassLoader();
|
||||
}
|
||||
Class.forName("sun.security.ssl.NextProtoNegoExtension", true, bootloader);
|
||||
available = true;
|
||||
} catch (Exception ignore) {
|
||||
// npn-boot was not loaded.
|
||||
}
|
||||
}
|
||||
|
||||
private final SSLEngine engine;
|
||||
private final JettyNpnSslSession session;
|
||||
|
||||
JettyNpnSslEngine(SSLEngine engine, final List<String> nextProtocols) {
|
||||
assert !nextProtocols.isEmpty();
|
||||
|
||||
this.engine = engine;
|
||||
session = new JettyNpnSslSession(engine);
|
||||
|
||||
NextProtoNego.put(engine, new ServerProvider() {
|
||||
@Override
|
||||
public void unsupported() {
|
||||
getSession().setApplicationProtocol(nextProtocols.get(nextProtocols.size() - 1));
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> protocols() {
|
||||
return nextProtocols;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void protocolSelected(String protocol) {
|
||||
getSession().setApplicationProtocol(protocol);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
JettyNpnSslEngine(SSLEngine engine, final ApplicationProtocolSelector nextProtocolSelector) {
|
||||
this.engine = engine;
|
||||
session = new JettyNpnSslSession(engine);
|
||||
|
||||
NextProtoNego.put(engine, new ClientProvider() {
|
||||
@Override
|
||||
public boolean supports() {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void unsupported() {
|
||||
session.setApplicationProtocol(null);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String selectProtocol(List<String> protocols) {
|
||||
String p = null;
|
||||
try {
|
||||
p = nextProtocolSelector.selectProtocol(protocols);
|
||||
} catch (Exception e) {
|
||||
logger.warn("Failed to select the next protocol:", e);
|
||||
}
|
||||
session.setApplicationProtocol(p);
|
||||
return p;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Override
|
||||
public JettyNpnSslSession getSession() {
|
||||
return session;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void closeInbound() throws SSLException {
|
||||
NextProtoNego.remove(engine);
|
||||
engine.closeInbound();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void closeOutbound() {
|
||||
NextProtoNego.remove(engine);
|
||||
engine.closeOutbound();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPeerHost() {
|
||||
return engine.getPeerHost();
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getPeerPort() {
|
||||
return engine.getPeerPort();
|
||||
}
|
||||
|
||||
@Override
|
||||
public SSLEngineResult wrap(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws SSLException {
|
||||
return engine.wrap(byteBuffer, byteBuffer2);
|
||||
}
|
||||
|
||||
@Override
|
||||
public SSLEngineResult wrap(ByteBuffer[] byteBuffers, ByteBuffer byteBuffer) throws SSLException {
|
||||
return engine.wrap(byteBuffers, byteBuffer);
|
||||
}
|
||||
|
||||
@Override
|
||||
public SSLEngineResult wrap(ByteBuffer[] byteBuffers, int i, int i2, ByteBuffer byteBuffer) throws SSLException {
|
||||
return engine.wrap(byteBuffers, i, i2, byteBuffer);
|
||||
}
|
||||
|
||||
@Override
|
||||
public SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws SSLException {
|
||||
return engine.unwrap(byteBuffer, byteBuffer2);
|
||||
}
|
||||
|
||||
@Override
|
||||
public SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBuffers) throws SSLException {
|
||||
return engine.unwrap(byteBuffer, byteBuffers);
|
||||
}
|
||||
|
||||
@Override
|
||||
public SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBuffers, int i, int i2) throws SSLException {
|
||||
return engine.unwrap(byteBuffer, byteBuffers, i, i2);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Runnable getDelegatedTask() {
|
||||
return engine.getDelegatedTask();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isInboundDone() {
|
||||
return engine.isInboundDone();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isOutboundDone() {
|
||||
return engine.isOutboundDone();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String[] getSupportedCipherSuites() {
|
||||
return engine.getSupportedCipherSuites();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String[] getEnabledCipherSuites() {
|
||||
return engine.getEnabledCipherSuites();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setEnabledCipherSuites(String[] strings) {
|
||||
engine.setEnabledCipherSuites(strings);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String[] getSupportedProtocols() {
|
||||
return engine.getSupportedProtocols();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String[] getEnabledProtocols() {
|
||||
return engine.getEnabledProtocols();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setEnabledProtocols(String[] strings) {
|
||||
engine.setEnabledProtocols(strings);
|
||||
}
|
||||
|
||||
@Override
|
||||
public SSLSession getHandshakeSession() {
|
||||
return engine.getHandshakeSession();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void beginHandshake() throws SSLException {
|
||||
engine.beginHandshake();
|
||||
}
|
||||
|
||||
@Override
|
||||
public HandshakeStatus getHandshakeStatus() {
|
||||
return engine.getHandshakeStatus();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setUseClientMode(boolean b) {
|
||||
engine.setUseClientMode(b);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean getUseClientMode() {
|
||||
return engine.getUseClientMode();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setNeedClientAuth(boolean b) {
|
||||
engine.setNeedClientAuth(b);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean getNeedClientAuth() {
|
||||
return engine.getNeedClientAuth();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setWantClientAuth(boolean b) {
|
||||
engine.setWantClientAuth(b);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean getWantClientAuth() {
|
||||
return engine.getWantClientAuth();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setEnableSessionCreation(boolean b) {
|
||||
engine.setEnableSessionCreation(b);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean getEnableSessionCreation() {
|
||||
return engine.getEnableSessionCreation();
|
||||
}
|
||||
|
||||
@Override
|
||||
public SSLParameters getSSLParameters() {
|
||||
return engine.getSSLParameters();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setSSLParameters(SSLParameters sslParameters) {
|
||||
engine.setSSLParameters(sslParameters);
|
||||
}
|
||||
}
|
@ -0,0 +1,167 @@
|
||||
/*
|
||||
* Copyright 2014 The Netty Project
|
||||
*
|
||||
* The Netty Project licenses this file to you under the Apache License,
|
||||
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at:
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package io.netty.handler.ssl;
|
||||
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import javax.net.ssl.SSLPeerUnverifiedException;
|
||||
import javax.net.ssl.SSLSession;
|
||||
import javax.net.ssl.SSLSessionContext;
|
||||
import javax.security.cert.X509Certificate;
|
||||
import java.security.Principal;
|
||||
import java.security.cert.Certificate;
|
||||
|
||||
final class JettyNpnSslSession implements SSLSession {
|
||||
|
||||
private final SSLEngine engine;
|
||||
private volatile String applicationProtocol;
|
||||
|
||||
JettyNpnSslSession(SSLEngine engine) {
|
||||
this.engine = engine;
|
||||
}
|
||||
|
||||
void setApplicationProtocol(String applicationProtocol) {
|
||||
this.applicationProtocol = applicationProtocol;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getProtocol() {
|
||||
final String protocol = unwrap().getProtocol();
|
||||
final String applicationProtocol = this.applicationProtocol;
|
||||
|
||||
if (applicationProtocol == null) {
|
||||
if (protocol != null) {
|
||||
return protocol.replace(':', '_');
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
final StringBuilder buf = new StringBuilder(32);
|
||||
if (protocol != null) {
|
||||
buf.append(protocol.replace(':', '_'));
|
||||
buf.append(':');
|
||||
} else {
|
||||
buf.append("null:");
|
||||
}
|
||||
buf.append(applicationProtocol);
|
||||
return buf.toString();
|
||||
}
|
||||
|
||||
private SSLSession unwrap() {
|
||||
return engine.getSession();
|
||||
}
|
||||
|
||||
@Override
|
||||
public byte[] getId() {
|
||||
return unwrap().getId();
|
||||
}
|
||||
|
||||
@Override
|
||||
public SSLSessionContext getSessionContext() {
|
||||
return unwrap().getSessionContext();
|
||||
}
|
||||
|
||||
@Override
|
||||
public long getCreationTime() {
|
||||
return unwrap().getCreationTime();
|
||||
}
|
||||
|
||||
@Override
|
||||
public long getLastAccessedTime() {
|
||||
return unwrap().getLastAccessedTime();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void invalidate() {
|
||||
unwrap().invalidate();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isValid() {
|
||||
return unwrap().isValid();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void putValue(String s, Object o) {
|
||||
unwrap().putValue(s, o);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object getValue(String s) {
|
||||
return unwrap().getValue(s);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeValue(String s) {
|
||||
unwrap().removeValue(s);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String[] getValueNames() {
|
||||
return unwrap().getValueNames();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
|
||||
return unwrap().getPeerCertificates();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Certificate[] getLocalCertificates() {
|
||||
return unwrap().getLocalCertificates();
|
||||
}
|
||||
|
||||
@Override
|
||||
public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
|
||||
return unwrap().getPeerCertificateChain();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
|
||||
return unwrap().getPeerPrincipal();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Principal getLocalPrincipal() {
|
||||
return unwrap().getLocalPrincipal();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getCipherSuite() {
|
||||
return unwrap().getCipherSuite();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPeerHost() {
|
||||
return unwrap().getPeerHost();
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getPeerPort() {
|
||||
return unwrap().getPeerPort();
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getPacketBufferSize() {
|
||||
return unwrap().getPacketBufferSize();
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getApplicationBufferSize() {
|
||||
return unwrap().getApplicationBufferSize();
|
||||
}
|
||||
}
|
@ -85,7 +85,7 @@ public final class OpenSslEngine extends SSLEngine {
|
||||
private volatile int destroyed;
|
||||
|
||||
private String cipher;
|
||||
private String protocol;
|
||||
private volatile String applicationProtocol;
|
||||
|
||||
// SSL Engine status variables
|
||||
private boolean isInboundDone;
|
||||
@ -95,6 +95,7 @@ public final class OpenSslEngine extends SSLEngine {
|
||||
private int lastPrimingReadResult;
|
||||
|
||||
private final ByteBufAllocator alloc;
|
||||
private final String fallbackApplicationProtocol;
|
||||
private SSLSession session;
|
||||
|
||||
/**
|
||||
@ -103,7 +104,7 @@ public final class OpenSslEngine extends SSLEngine {
|
||||
* @param sslCtx an OpenSSL {@code SSL_CTX} object
|
||||
* @param alloc the {@link ByteBufAllocator} that will be used by this engine
|
||||
*/
|
||||
public OpenSslEngine(long sslCtx, ByteBufAllocator alloc) {
|
||||
public OpenSslEngine(long sslCtx, ByteBufAllocator alloc, String fallbackApplicationProtocol) {
|
||||
OpenSsl.ensureAvailability();
|
||||
if (sslCtx == 0) {
|
||||
throw new NullPointerException("sslContext");
|
||||
@ -115,6 +116,7 @@ public final class OpenSslEngine extends SSLEngine {
|
||||
this.alloc = alloc;
|
||||
ssl = SSL.newSSL(sslCtx, true);
|
||||
networkBIO = SSL.makeNetworkBIO(ssl);
|
||||
this.fallbackApplicationProtocol = fallbackApplicationProtocol;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -708,7 +710,13 @@ public final class OpenSslEngine extends SSLEngine {
|
||||
|
||||
@Override
|
||||
public String getProtocol() {
|
||||
return protocol;
|
||||
// TODO: Figure out how to get the current protocol.
|
||||
String applicationProtocol = OpenSslEngine.this.applicationProtocol;
|
||||
if (applicationProtocol == null) {
|
||||
return "unknown";
|
||||
} else {
|
||||
return "unknown:" + applicationProtocol;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -796,7 +804,11 @@ public final class OpenSslEngine extends SSLEngine {
|
||||
if (SSL.isInInit(ssl) == 0) {
|
||||
handshakeFinished = true;
|
||||
cipher = SSL.getCipherForSSL(ssl);
|
||||
protocol = SSL.getNextProtoNegotiated(ssl);
|
||||
String applicationProtocol = SSL.getNextProtoNegotiated(ssl);
|
||||
if (applicationProtocol == null) {
|
||||
applicationProtocol = fallbackApplicationProtocol;
|
||||
}
|
||||
this.applicationProtocol = applicationProtocol;
|
||||
return FINISHED;
|
||||
}
|
||||
|
||||
|
@ -310,7 +310,11 @@ public final class OpenSslServerContext extends SslContext {
|
||||
*/
|
||||
@Override
|
||||
public SSLEngine newEngine(ByteBufAllocator alloc) {
|
||||
return new OpenSslEngine(ctx, alloc);
|
||||
if (unmodifiableNextProtocols.isEmpty()) {
|
||||
return new OpenSslEngine(ctx, alloc, null);
|
||||
} else {
|
||||
return new OpenSslEngine(ctx, alloc, unmodifiableNextProtocols.get(unmodifiableNextProtocols.size() - 1));
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -26,6 +26,7 @@ import javax.net.ssl.SSLException;
|
||||
import javax.net.ssl.TrustManager;
|
||||
import javax.net.ssl.TrustManagerFactory;
|
||||
import java.io.File;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
@ -373,6 +374,83 @@ public abstract class SslContext {
|
||||
ciphers, nextProtocolSelector, sessionCacheSize, sessionTimeout);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a simple client-side {@link ApplicationProtocolSelector} that selects the most preferred protocol
|
||||
* among the application protocols sent by the server. If there is no match, it chooses the least preferred one.
|
||||
*
|
||||
* @param nextProtocols the list of the supported client-side application protocols, in the order of preference
|
||||
* @return the new {@link ApplicationProtocolSelector}.
|
||||
* {@code null} if the specified {@code nextProtocols} does not contain any elements.
|
||||
*
|
||||
*/
|
||||
public static ApplicationProtocolSelector newApplicationProtocolSelector(String... nextProtocols) {
|
||||
if (nextProtocols == null) {
|
||||
throw new NullPointerException("nextProtocols");
|
||||
}
|
||||
|
||||
final List<String> list = new ArrayList<String>();
|
||||
for (String p: nextProtocols) {
|
||||
if (p == null) {
|
||||
break;
|
||||
}
|
||||
list.add(p);
|
||||
}
|
||||
|
||||
if (list.isEmpty()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return newApplicationProtocolSelector(list);
|
||||
}
|
||||
|
||||
private static ApplicationProtocolSelector newApplicationProtocolSelector(final List<String> list) {
|
||||
return new ApplicationProtocolSelector() {
|
||||
@Override
|
||||
public String selectProtocol(List<String> protocols) throws Exception {
|
||||
for (String p: list) {
|
||||
if (protocols.contains(p)) {
|
||||
return p;
|
||||
}
|
||||
}
|
||||
return list.get(list.size() - 1);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "ApplicationProtocolSelector(" + list + ')';
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a simple client-side {@link ApplicationProtocolSelector} that selects the most preferred protocol
|
||||
* among the application protocols sent by the server. If there is no match, it chooses the least preferred one.
|
||||
*
|
||||
* @param nextProtocols the list of the supported client-side application protocols, in the order of preference
|
||||
* @return the new {@link ApplicationProtocolSelector}.
|
||||
* {@code null} if the specified {@code nextProtocols} does not contain any elements.
|
||||
*
|
||||
*/
|
||||
public static ApplicationProtocolSelector newApplicationProtocolSelector(Iterable<String> nextProtocols) {
|
||||
if (nextProtocols == null) {
|
||||
throw new NullPointerException("nextProtocols");
|
||||
}
|
||||
|
||||
final List<String> list = new ArrayList<String>();
|
||||
for (String p: nextProtocols) {
|
||||
if (p == null) {
|
||||
break;
|
||||
}
|
||||
list.add(p);
|
||||
}
|
||||
|
||||
if (list.isEmpty()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return newApplicationProtocolSelector(list);
|
||||
}
|
||||
|
||||
SslContext() { }
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user