1 /*
2 * Copyright 2018 The Netty Project
3 *
4 * The Netty Project licenses this file to you under the Apache License,
5 * version 2.0 (the "License"); you may not use this file except in compliance
6 * with the License. You may obtain a copy of the License at:
7 *
8 * https://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 * License for the specific language governing permissions and limitations
14 * under the License.
15 */
16 package io.netty.handler.ssl;
17
18 import io.netty.util.internal.EmptyArrays;
19 import io.netty.util.internal.SuppressJava6Requirement;
20
21 import javax.net.ssl.ExtendedSSLSession;
22 import javax.net.ssl.SSLException;
23 import javax.net.ssl.SSLPeerUnverifiedException;
24 import javax.net.ssl.SSLSessionBindingEvent;
25 import javax.net.ssl.SSLSessionBindingListener;
26 import javax.security.cert.X509Certificate;
27 import java.security.Principal;
28 import java.security.cert.Certificate;
29 import java.util.Collections;
30 import java.util.List;
31 import java.util.Map;
32
33 /**
34 * Delegates all operations to a wrapped {@link OpenSslSession} except the methods defined by {@link ExtendedSSLSession}
35 * itself.
36 */
37 @SuppressJava6Requirement(reason = "Usage guarded by java version check")
38 abstract class ExtendedOpenSslSession extends ExtendedSSLSession implements OpenSslSession {
39
40 // TODO: use OpenSSL API to actually fetch the real data but for now just do what Conscrypt does:
41 // https://github.com/google/conscrypt/blob/1.2.0/common/
42 // src/main/java/org/conscrypt/Java7ExtendedSSLSession.java#L32
43 private static final String[] LOCAL_SUPPORTED_SIGNATURE_ALGORITHMS = {
44 "SHA512withRSA", "SHA512withECDSA", "SHA384withRSA", "SHA384withECDSA", "SHA256withRSA",
45 "SHA256withECDSA", "SHA224withRSA", "SHA224withECDSA", "SHA1withRSA", "SHA1withECDSA",
46 "RSASSA-PSS",
47 };
48
49 private final OpenSslSession wrapped;
50
51 ExtendedOpenSslSession(OpenSslSession wrapped) {
52 this.wrapped = wrapped;
53 }
54
55 // Use rawtypes an unchecked override to be able to also work on java7.
56 @Override
57 @SuppressWarnings({ "unchecked", "rawtypes" })
58 public abstract List getRequestedServerNames();
59
60 // Do not mark as override so we can compile on java8.
61 public List<byte[]> getStatusResponses() {
62 // Just return an empty list for now until we support it as otherwise we will fail in java9
63 // because of their sun.security.ssl.X509TrustManagerImpl class.
64 return Collections.emptyList();
65 }
66
67 @Override
68 public void prepareHandshake() {
69 wrapped.prepareHandshake();
70 }
71
72 @Override
73 public Map<String, Object> keyValueStorage() {
74 return wrapped.keyValueStorage();
75 }
76
77 @Override
78 public OpenSslSessionId sessionId() {
79 return wrapped.sessionId();
80 }
81
82 @Override
83 public void setSessionDetails(long creationTime, long lastAccessedTime, OpenSslSessionId id,
84 Map<String, Object> keyValueStorage) {
85 wrapped.setSessionDetails(creationTime, lastAccessedTime, id, keyValueStorage);
86 }
87
88 @Override
89 public final void setLocalCertificate(Certificate[] localCertificate) {
90 wrapped.setLocalCertificate(localCertificate);
91 }
92
93 @Override
94 public String[] getPeerSupportedSignatureAlgorithms() {
95 return EmptyArrays.EMPTY_STRINGS;
96 }
97
98 @Override
99 public final void tryExpandApplicationBufferSize(int packetLengthDataOnly) {
100 wrapped.tryExpandApplicationBufferSize(packetLengthDataOnly);
101 }
102
103 @Override
104 public final String[] getLocalSupportedSignatureAlgorithms() {
105 return LOCAL_SUPPORTED_SIGNATURE_ALGORITHMS.clone();
106 }
107
108 @Override
109 public final byte[] getId() {
110 return wrapped.getId();
111 }
112
113 @Override
114 public final OpenSslSessionContext getSessionContext() {
115 return wrapped.getSessionContext();
116 }
117
118 @Override
119 public final long getCreationTime() {
120 return wrapped.getCreationTime();
121 }
122
123 @Override
124 public final long getLastAccessedTime() {
125 return wrapped.getLastAccessedTime();
126 }
127
128 @Override
129 public void setLastAccessedTime(long time) {
130 wrapped.setLastAccessedTime(time);
131 }
132
133 @Override
134 public final void invalidate() {
135 wrapped.invalidate();
136 }
137
138 @Override
139 public final boolean isValid() {
140 return wrapped.isValid();
141 }
142
143 @Override
144 public final void putValue(String name, Object value) {
145 if (value instanceof SSLSessionBindingListener) {
146 // Decorate the value if needed so we submit the correct SSLSession instance
147 value = new SSLSessionBindingListenerDecorator((SSLSessionBindingListener) value);
148 }
149 wrapped.putValue(name, value);
150 }
151
152 @Override
153 public final Object getValue(String s) {
154 Object value = wrapped.getValue(s);
155 if (value instanceof SSLSessionBindingListenerDecorator) {
156 // Unwrap as needed so we return the original value
157 return ((SSLSessionBindingListenerDecorator) value).delegate;
158 }
159 return value;
160 }
161
162 @Override
163 public final void removeValue(String s) {
164 wrapped.removeValue(s);
165 }
166
167 @Override
168 public final String[] getValueNames() {
169 return wrapped.getValueNames();
170 }
171
172 @Override
173 public final Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
174 return wrapped.getPeerCertificates();
175 }
176
177 @Override
178 public final Certificate[] getLocalCertificates() {
179 return wrapped.getLocalCertificates();
180 }
181
182 @Override
183 public final X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
184 return wrapped.getPeerCertificateChain();
185 }
186
187 @Override
188 public final Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
189 return wrapped.getPeerPrincipal();
190 }
191
192 @Override
193 public final Principal getLocalPrincipal() {
194 return wrapped.getLocalPrincipal();
195 }
196
197 @Override
198 public final String getCipherSuite() {
199 return wrapped.getCipherSuite();
200 }
201
202 @Override
203 public String getProtocol() {
204 return wrapped.getProtocol();
205 }
206
207 @Override
208 public final String getPeerHost() {
209 return wrapped.getPeerHost();
210 }
211
212 @Override
213 public final int getPeerPort() {
214 return wrapped.getPeerPort();
215 }
216
217 @Override
218 public final int getPacketBufferSize() {
219 return wrapped.getPacketBufferSize();
220 }
221
222 @Override
223 public final int getApplicationBufferSize() {
224 return wrapped.getApplicationBufferSize();
225 }
226
227 private final class SSLSessionBindingListenerDecorator implements SSLSessionBindingListener {
228
229 final SSLSessionBindingListener delegate;
230
231 SSLSessionBindingListenerDecorator(SSLSessionBindingListener delegate) {
232 this.delegate = delegate;
233 }
234
235 @Override
236 public void valueBound(SSLSessionBindingEvent event) {
237 delegate.valueBound(new SSLSessionBindingEvent(ExtendedOpenSslSession.this, event.getName()));
238 }
239
240 @Override
241 public void valueUnbound(SSLSessionBindingEvent event) {
242 delegate.valueUnbound(new SSLSessionBindingEvent(ExtendedOpenSslSession.this, event.getName()));
243 }
244 }
245
246 @Override
247 public void handshakeFinished(byte[] id, String cipher, String protocol, byte[] peerCertificate,
248 byte[][] peerCertificateChain, long creationTime, long timeout) throws SSLException {
249 wrapped.handshakeFinished(id, cipher, protocol, peerCertificate, peerCertificateChain, creationTime, timeout);
250 }
251
252 @Override
253 public boolean equals(Object o) {
254 return wrapped.equals(o);
255 }
256
257 @Override
258 public int hashCode() {
259 return wrapped.hashCode();
260 }
261
262 @Override
263 public String toString() {
264 return "ExtendedOpenSslSession{" +
265 "wrapped=" + wrapped +
266 '}';
267 }
268 }
以上源码来自: 即时通讯网 - 即时通讯开发者社区!