protonj2-client/src/main/java/org/apache/qpid/protonj2/client/transport/netty4/SslSupport.java [111:233]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - final SSLEngine sslEngine; if (isOpenSSLPossible(options)) { SslContext sslContext = createOpenSslContext(options); sslEngine = createOpenSslEngine(allocator, host, port, sslContext, options); } else { SSLContext sslContext = options.sslContextOverride(); if (sslContext == null) { sslContext = createJdkSslContext(options); } sslEngine = createJdkSslEngine(host, port, sslContext, options); } return new SslHandler(sslEngine); } //----- JDK SSL Support Methods ------------------------------------------// /** * Create a new SSLContext using the options specific in the given TransportOptions * instance. * * @param options * the configured options used to create the SSLContext. * * @return a new SSLContext instance. * * @throws Exception if an error occurs while creating the context. */ public static SSLContext createJdkSslContext(SslOptions options) throws Exception { try { String contextProtocol = options.contextProtocol(); LOG.trace("Getting SSLContext instance using protocol: {}", contextProtocol); SSLContext context = SSLContext.getInstance(contextProtocol); KeyManager[] keyMgrs = loadKeyManagers(options); TrustManager[] trustManagers = loadTrustManagers(options); context.init(keyMgrs, trustManagers, new SecureRandom()); return context; } catch (Exception e) { LOG.error("Failed to create SSLContext: {}", e, e); throw e; } } /** * Create a new JDK SSLEngine instance in client mode from the given SSLContext and * TransportOptions instances. * * @param host * the host name or IP address that this transport connects to. * @param port * the port on the given host that this transport connects to. * @param context * the SSLContext to use when creating the engine. * @param options * the TransportOptions to use to configure the new SSLEngine. * * @return a new SSLEngine instance in client mode. * * @throws Exception if an error occurs while creating the new SSLEngine. */ public static SSLEngine createJdkSslEngine(String host, int port, SSLContext context, SslOptions options) throws Exception { SSLEngine engine = null; if (host == null || host.isEmpty()) { engine = context.createSSLEngine(); } else { engine = context.createSSLEngine(host, port); } engine.setEnabledProtocols(buildEnabledProtocols(engine, options)); engine.setEnabledCipherSuites(buildEnabledCipherSuites(engine, options)); engine.setUseClientMode(true); if (options.verifyHost()) { SSLParameters sslParameters = engine.getSSLParameters(); sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); engine.setSSLParameters(sslParameters); } return engine; } //----- OpenSSL Support Methods ------------------------------------------// /** * Create a new Netty SslContext using the options specific in the given TransportOptions * instance. * * @param options * the configured options used to create the SslContext. * * @return a new SslContext instance. * * @throws Exception if an error occurs while creating the context. */ public static SslContext createOpenSslContext(SslOptions options) throws Exception { try { String contextProtocol = options.contextProtocol(); LOG.trace("Getting SslContext instance using protocol: {}", contextProtocol); KeyManagerFactory keyManagerFactory = loadKeyManagerFactory(options, SslProvider.OPENSSL); TrustManagerFactory trustManagerFactory = loadTrustManagerFactory(options); SslContextBuilder builder = SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL); // TODO - There is oddly no way in Netty right now to get the set of supported protocols // when creating the SslContext or really even when creating the SSLEngine. Seems // like an oversight, for now we call it with TLSv1.2 so it looks like we did something. if (options.contextProtocol().equals(SslOptions.DEFAULT_CONTEXT_PROTOCOL)) { builder.protocols("TLSv1.2"); } else { builder.protocols(options.contextProtocol()); } builder.keyManager(keyManagerFactory); builder.trustManager(trustManagerFactory); return builder.build(); } catch (Exception e) { LOG.error("Failed to create SslContext: {}", e, e); throw e; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - protonj2-client/src/main/java/org/apache/qpid/protonj2/client/transport/netty5/SslSupport.java [111:233]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - final SSLEngine sslEngine; if (isOpenSSLPossible(options)) { SslContext sslContext = createOpenSslContext(options); sslEngine = createOpenSslEngine(allocator, host, port, sslContext, options); } else { SSLContext sslContext = options.sslContextOverride(); if (sslContext == null) { sslContext = createJdkSslContext(options); } sslEngine = createJdkSslEngine(host, port, sslContext, options); } return new SslHandler(sslEngine); } //----- JDK SSL Support Methods ------------------------------------------// /** * Create a new SSLContext using the options specific in the given TransportOptions * instance. * * @param options * the configured options used to create the SSLContext. * * @return a new SSLContext instance. * * @throws Exception if an error occurs while creating the context. */ public static SSLContext createJdkSslContext(SslOptions options) throws Exception { try { String contextProtocol = options.contextProtocol(); LOG.trace("Getting SSLContext instance using protocol: {}", contextProtocol); SSLContext context = SSLContext.getInstance(contextProtocol); KeyManager[] keyMgrs = loadKeyManagers(options); TrustManager[] trustManagers = loadTrustManagers(options); context.init(keyMgrs, trustManagers, new SecureRandom()); return context; } catch (Exception e) { LOG.error("Failed to create SSLContext: {}", e, e); throw e; } } /** * Create a new JDK SSLEngine instance in client mode from the given SSLContext and * TransportOptions instances. * * @param host * the host name or IP address that this transport connects to. * @param port * the port on the given host that this transport connects to. * @param context * the SSLContext to use when creating the engine. * @param options * the TransportOptions to use to configure the new SSLEngine. * * @return a new SSLEngine instance in client mode. * * @throws Exception if an error occurs while creating the new SSLEngine. */ public static SSLEngine createJdkSslEngine(String host, int port, SSLContext context, SslOptions options) throws Exception { SSLEngine engine = null; if (host == null || host.isEmpty()) { engine = context.createSSLEngine(); } else { engine = context.createSSLEngine(host, port); } engine.setEnabledProtocols(buildEnabledProtocols(engine, options)); engine.setEnabledCipherSuites(buildEnabledCipherSuites(engine, options)); engine.setUseClientMode(true); if (options.verifyHost()) { SSLParameters sslParameters = engine.getSSLParameters(); sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); engine.setSSLParameters(sslParameters); } return engine; } //----- OpenSSL Support Methods ------------------------------------------// /** * Create a new Netty SslContext using the options specific in the given TransportOptions * instance. * * @param options * the configured options used to create the SslContext. * * @return a new SslContext instance. * * @throws Exception if an error occurs while creating the context. */ public static SslContext createOpenSslContext(SslOptions options) throws Exception { try { String contextProtocol = options.contextProtocol(); LOG.trace("Getting SslContext instance using protocol: {}", contextProtocol); KeyManagerFactory keyManagerFactory = loadKeyManagerFactory(options, SslProvider.OPENSSL); TrustManagerFactory trustManagerFactory = loadTrustManagerFactory(options); SslContextBuilder builder = SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL); // TODO - There is oddly no way in Netty right now to get the set of supported protocols // when creating the SslContext or really even when creating the SSLEngine. Seems // like an oversight, for now we call it with TLSv1.2 so it looks like we did something. if (options.contextProtocol().equals(SslOptions.DEFAULT_CONTEXT_PROTOCOL)) { builder.protocols("TLSv1.2"); } else { builder.protocols(options.contextProtocol()); } builder.keyManager(keyManagerFactory); builder.trustManager(trustManagerFactory); return builder.build(); } catch (Exception e) { LOG.error("Failed to create SslContext: {}", e, e); throw e; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -