From e1cd29ceeac2ed83c4d921151c67034e2ea63a0f Mon Sep 17 00:00:00 2001 From: Tigran Mkrtchyan Date: Wed, 10 Apr 2019 17:26:53 +0200 Subject: [PATCH] ssl: introduce SSLEngineConfigurator#setSSLParameters SSLParameters is a class introduced in java6 which can take over SSLEngineConfigurator. As a first step, let allow applications to use SSLParameters to configure SSLEngineConfigurator. Update SSLEngineConfigurator to use it internally instead of bunch of class fields. Signed-off-by: Tigran Mkrtchyan --- .../org/glassfish/grizzly/sni/SNIConfig.java | 12 +- .../grizzly/ssl/SSLEngineConfigurator.java | 174 +++++++++--------- 2 files changed, 89 insertions(+), 97 deletions(-) diff --git a/extras/tls-sni/src/main/java/org/glassfish/grizzly/sni/SNIConfig.java b/extras/tls-sni/src/main/java/org/glassfish/grizzly/sni/SNIConfig.java index cb45b021ef..a8ac9babb5 100644 --- a/extras/tls-sni/src/main/java/org/glassfish/grizzly/sni/SNIConfig.java +++ b/extras/tls-sni/src/main/java/org/glassfish/grizzly/sni/SNIConfig.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014, 2020 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2014, 2023 Oracle and/or its affiliates. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0, which is available at @@ -99,16 +99,6 @@ public SSLEngineConfigurator copy() { return new NullSSLEngineConfigurator(); } - @Override - public SSLEngineConfigurator setProtocolConfigured(boolean isProtocolConfigured) { - throw new IllegalStateException("Immutable config"); - } - - @Override - public SSLEngineConfigurator setCipherConfigured(boolean isCipherConfigured) { - throw new IllegalStateException("Immutable config"); - } - @Override public SSLEngineConfigurator setEnabledProtocols(String[] enabledProtocols) { throw new IllegalStateException("Immutable config"); diff --git a/modules/grizzly/src/main/java/org/glassfish/grizzly/ssl/SSLEngineConfigurator.java b/modules/grizzly/src/main/java/org/glassfish/grizzly/ssl/SSLEngineConfigurator.java index f672d7ae42..26793ef792 100644 --- a/modules/grizzly/src/main/java/org/glassfish/grizzly/ssl/SSLEngineConfigurator.java +++ b/modules/grizzly/src/main/java/org/glassfish/grizzly/ssl/SSLEngineConfigurator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2020 Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2023 Oracle and/or its affiliates. All rights reserved. * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0, which is available at @@ -23,6 +23,7 @@ import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; import org.glassfish.grizzly.Grizzly; /** @@ -39,34 +40,15 @@ public class SSLEngineConfigurator implements SSLEngineFactory { protected volatile SSLContext sslContext; - /** - * The list of cipher suite - */ - protected String[] enabledCipherSuites = null; - /** - * the list of protocols - */ - protected String[] enabledProtocols = null; /** * Client mode when handshaking. */ protected boolean clientMode; + /** - * Require client Authentication. - */ - protected boolean needClientAuth; - /** - * True when requesting authentication. - */ - protected boolean wantClientAuth; - /** - * Has the enabled protocol configured. - */ - private boolean isProtocolConfigured = false; - /** - * Has the enabled Cipher configured. + * Parameters to configure {@link SSLEngine}. */ - private boolean isCipherConfigured = false; + private SSLParameters sslParameters; /** * Create SSL Engine configuration basing on passed {@link SSLContext}. @@ -94,8 +76,15 @@ public SSLEngineConfigurator(final SSLContext sslContext, final boolean clientMo this.sslContextConfiguration = null; this.sslContext = sslContext; this.clientMode = clientMode; - this.needClientAuth = needClientAuth; - this.wantClientAuth = wantClientAuth; + + this.sslParameters = sslContext.getDefaultSSLParameters(); + if (needClientAuth) { + sslParameters.setNeedClientAuth(true); + } + + if (wantClientAuth) { + sslParameters.setWantClientAuth(true); + } } /** @@ -125,23 +114,22 @@ public SSLEngineConfigurator(SSLContextConfigurator sslContextConfiguration, boo this.sslContextConfiguration = sslContextConfiguration; this.clientMode = clientMode; - this.needClientAuth = needClientAuth; - this.wantClientAuth = wantClientAuth; + + this.sslParameters = new SSLParameters(); + if (needClientAuth) { + sslParameters.setNeedClientAuth(true); + } + + if (wantClientAuth) { + sslParameters.setWantClientAuth(true); + } } public SSLEngineConfigurator(SSLEngineConfigurator pattern) { this.sslContextConfiguration = pattern.sslContextConfiguration; this.sslContext = pattern.sslContext; this.clientMode = pattern.clientMode; - this.needClientAuth = pattern.needClientAuth; - this.wantClientAuth = pattern.wantClientAuth; - - this.enabledCipherSuites = pattern.enabledCipherSuites != null ? Arrays.copyOf(pattern.enabledCipherSuites, pattern.enabledCipherSuites.length) : null; - - this.enabledProtocols = pattern.enabledProtocols != null ? Arrays.copyOf(pattern.enabledProtocols, pattern.enabledProtocols.length) : null; - - this.isCipherConfigured = pattern.isCipherConfigured; - this.isProtocolConfigured = pattern.isProtocolConfigured; + this.sslParameters = copy(pattern.sslParameters); } protected SSLEngineConfigurator() { @@ -192,29 +180,24 @@ public SSLEngine createSSLEngine(final String peerHost, final int peerPort) { * @return configured {@link SSLEngine}. */ public SSLEngine configure(final SSLEngine sslEngine) { + + SSLParameters params = copy(sslParameters); + + String[] enabledCipherSuites = params.getProtocols(); if (enabledCipherSuites != null) { - if (!isCipherConfigured) { - enabledCipherSuites = configureEnabledCiphers(sslEngine, enabledCipherSuites); - isCipherConfigured = true; - } - sslEngine.setEnabledCipherSuites(enabledCipherSuites); + enabledCipherSuites = configureEnabledCiphers(sslEngine, enabledCipherSuites); + params.setCipherSuites(enabledCipherSuites); } + String[] enabledProtocols = params.getProtocols(); if (enabledProtocols != null) { - if (!isProtocolConfigured) { - enabledProtocols = configureEnabledProtocols(sslEngine, enabledProtocols); - isProtocolConfigured = true; - } - sslEngine.setEnabledProtocols(enabledProtocols); + enabledProtocols = configureEnabledProtocols(sslEngine, + enabledProtocols); + params.setProtocols(enabledProtocols); } sslEngine.setUseClientMode(clientMode); - if (wantClientAuth) { - sslEngine.setWantClientAuth(wantClientAuth); - } - if (needClientAuth) { - sslEngine.setNeedClientAuth(needClientAuth); - } + sslEngine.setSSLParameters(sslParameters); return sslEngine; } @@ -242,29 +225,40 @@ public SSLEngineConfigurator setClientMode(boolean clientMode) { } public boolean isNeedClientAuth() { - return needClientAuth; + return sslParameters.getNeedClientAuth(); } public SSLEngineConfigurator setNeedClientAuth(boolean needClientAuth) { - this.needClientAuth = needClientAuth; + sslParameters.setNeedClientAuth(needClientAuth); return this; } public boolean isWantClientAuth() { - return wantClientAuth; + return sslParameters.getWantClientAuth(); } public SSLEngineConfigurator setWantClientAuth(boolean wantClientAuth) { - this.wantClientAuth = wantClientAuth; + sslParameters.setWantClientAuth(wantClientAuth); return this; } /** - * @return an array of enabled cipher suites. Modifications made on the array content won't be propagated to - * SSLEngineConfigurator + * Apply {@link SSLParameters} to this SSLEngineConfigurator. + * + * @param sslParameters + * @return this SSLEngineConfigurator + */ + public SSLEngineConfigurator setSSLParameters(SSLParameters sslParameters) { + this.sslParameters = copy(this.sslParameters); + return this; + } + + /** + * @return an array of enabled cipher suites. Modifications made on the array + * content won't be propagated to SSLEngineConfigurator */ public String[] getEnabledCipherSuites() { - return enabledCipherSuites != null ? Arrays.copyOf(enabledCipherSuites, enabledCipherSuites.length) : null; + return sslParameters.getCipherSuites(); } /** @@ -275,7 +269,7 @@ public String[] getEnabledCipherSuites() { * @return this SSLEngineConfigurator */ public SSLEngineConfigurator setEnabledCipherSuites(final String[] enabledCipherSuites) { - this.enabledCipherSuites = enabledCipherSuites != null ? Arrays.copyOf(enabledCipherSuites, enabledCipherSuites.length) : null; + sslParameters.setCipherSuites(enabledCipherSuites); return this; } @@ -284,7 +278,7 @@ public SSLEngineConfigurator setEnabledCipherSuites(final String[] enabledCipher * SSLEngineConfigurator */ public String[] getEnabledProtocols() { - return enabledProtocols != null ? Arrays.copyOf(enabledProtocols, enabledProtocols.length) : null; + return sslParameters.getProtocols(); } /** @@ -295,25 +289,7 @@ public String[] getEnabledProtocols() { * @return this SSLEngineConfigurator */ public SSLEngineConfigurator setEnabledProtocols(final String[] enabledProtocols) { - this.enabledProtocols = enabledProtocols != null ? Arrays.copyOf(enabledProtocols, enabledProtocols.length) : null; - return this; - } - - public boolean isCipherConfigured() { - return isCipherConfigured; - } - - public SSLEngineConfigurator setCipherConfigured(boolean isCipherConfigured) { - this.isCipherConfigured = isCipherConfigured; - return this; - } - - public boolean isProtocolConfigured() { - return isProtocolConfigured; - } - - public SSLEngineConfigurator setProtocolConfigured(boolean isProtocolConfigured) { - this.isProtocolConfigured = isProtocolConfigured; + sslParameters.setProtocols(enabledProtocols); return this; } @@ -400,12 +376,12 @@ public String toString() { final StringBuilder sb = new StringBuilder(); sb.append("SSLEngineConfigurator"); sb.append("{clientMode=").append(clientMode); - sb.append(", enabledCipherSuites=").append(enabledCipherSuites == null ? "null" : Arrays.asList(enabledCipherSuites).toString()); - sb.append(", enabledProtocols=").append(enabledProtocols == null ? "null" : Arrays.asList(enabledProtocols).toString()); - sb.append(", needClientAuth=").append(needClientAuth); - sb.append(", wantClientAuth=").append(wantClientAuth); - sb.append(", isProtocolConfigured=").append(isProtocolConfigured); - sb.append(", isCipherConfigured=").append(isCipherConfigured); + sb.append(", enabledCipherSuites=") + .append(sslParameters.getCipherSuites() == null ? "null" : Arrays.toString(sslParameters.getCipherSuites())); + sb.append(", enabledProtocols=") + .append(sslParameters.getProtocols() == null ? "null" : Arrays.toString(sslParameters.getProtocols())); + sb.append(", needClientAuth=").append(sslParameters.getNeedClientAuth()); + sb.append(", wantClientAuth=").append(sslParameters.getWantClientAuth()); sb.append('}'); return sb.toString(); } @@ -413,4 +389,30 @@ public String toString() { public SSLEngineConfigurator copy() { return new SSLEngineConfigurator(this); } + + private SSLParameters copy(SSLParameters src) { + SSLParameters dest = new SSLParameters(); + + dest.setCipherSuites(src.getCipherSuites()); + dest.setProtocols(src.getProtocols()); + + if (src.getNeedClientAuth()) { + dest.setNeedClientAuth(src.getNeedClientAuth()); + } + + if (src.getWantClientAuth()) { + dest.setWantClientAuth(src.getWantClientAuth()); + } + + dest.setAlgorithmConstraints(src.getAlgorithmConstraints()); + dest.setApplicationProtocols(src.getApplicationProtocols()); + dest.setEnableRetransmissions(src.getEnableRetransmissions()); + dest.setEndpointIdentificationAlgorithm(src.getEndpointIdentificationAlgorithm()); + dest.setMaximumPacketSize(src.getMaximumPacketSize()); + dest.setSNIMatchers(src.getSNIMatchers()); + dest.setServerNames(src.getServerNames()); + dest.setUseCipherSuitesOrder(src.getUseCipherSuitesOrder()); + + return dest; + } }