1 /*
2 * Copyright 2014 The Netty Project
3 *
4 * The Netty Project licenses this file to you under the Apache License,
5 * version 2.0 (the "License"); you may not use this file except in compliance
6 * with the License. You may obtain a copy of the License at:
7 *
8 * https://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 * License for the specific language governing permissions and limitations
14 * under the License.
15 */
16
17 package io.netty.handler.ssl;
18
19 import java.security.KeyStore;
20 import java.security.Provider;
21 import javax.net.ssl.KeyManager;
22 import javax.net.ssl.KeyManagerFactory;
23 import javax.net.ssl.SSLContext;
24 import javax.net.ssl.SSLException;
25 import javax.net.ssl.SSLSessionContext;
26 import javax.net.ssl.TrustManager;
27 import javax.net.ssl.TrustManagerFactory;
28 import java.io.File;
29 import java.security.PrivateKey;
30 import java.security.cert.X509Certificate;
31
32 /**
33 * A client-side {@link SslContext} which uses JDK's SSL/TLS implementation.
34 *
35 * @deprecated Use {@link SslContextBuilder} to create {@link JdkSslContext} instances and only
36 * use {@link JdkSslContext} in your code.
37 */
38 @Deprecated
39 public final class JdkSslClientContext extends JdkSslContext {
40
41 /**
42 * Creates a new instance.
43 *
44 * @deprecated use {@link SslContextBuilder}
45 */
46 @Deprecated
47 public JdkSslClientContext() throws SSLException {
48 this(null, null);
49 }
50
51 /**
52 * Creates a new instance.
53 *
54 * @param certChainFile an X.509 certificate chain file in PEM format.
55 * {@code null} to use the system default
56 * @deprecated use {@link SslContextBuilder}
57 */
58 @Deprecated
59 public JdkSslClientContext(File certChainFile) throws SSLException {
60 this(certChainFile, null);
61 }
62
63 /**
64 * Creates a new instance.
65 *
66 * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
67 * that verifies the certificates sent from servers.
68 * {@code null} to use the default.
69 * @deprecated use {@link SslContextBuilder}
70 */
71 @Deprecated
72 public JdkSslClientContext(TrustManagerFactory trustManagerFactory) throws SSLException {
73 this(null, trustManagerFactory);
74 }
75
76 /**
77 * Creates a new instance.
78 *
79 * @param certChainFile an X.509 certificate chain file in PEM format.
80 * {@code null} to use the system default
81 * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
82 * that verifies the certificates sent from servers.
83 * {@code null} to use the default.
84 * @deprecated use {@link SslContextBuilder}
85 */
86 @Deprecated
87 public JdkSslClientContext(File certChainFile, TrustManagerFactory trustManagerFactory) throws SSLException {
88 this(certChainFile, trustManagerFactory, null, IdentityCipherSuiteFilter.INSTANCE,
89 JdkDefaultApplicationProtocolNegotiator.INSTANCE, 0, 0);
90 }
91
92 /**
93 * Creates a new instance.
94 *
95 * @param certChainFile an X.509 certificate chain file in PEM format.
96 * {@code null} to use the system default
97 * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
98 * that verifies the certificates sent from servers.
99 * {@code null} to use the default.
100 * @param ciphers the cipher suites to enable, in the order of preference.
101 * {@code null} to use the default cipher suites.
102 * @param nextProtocols the application layer protocols to accept, in the order of preference.
103 * {@code null} to disable TLS NPN/ALPN extension.
104 * @param sessionCacheSize the size of the cache used for storing SSL session objects.
105 * {@code 0} to use the default value.
106 * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
107 * {@code 0} to use the default value.
108 * @deprecated use {@link SslContextBuilder}
109 */
110 @Deprecated
111 public JdkSslClientContext(
112 File certChainFile, TrustManagerFactory trustManagerFactory,
113 Iterable<String> ciphers, Iterable<String> nextProtocols,
114 long sessionCacheSize, long sessionTimeout) throws SSLException {
115 this(certChainFile, trustManagerFactory, ciphers, IdentityCipherSuiteFilter.INSTANCE,
116 toNegotiator(toApplicationProtocolConfig(nextProtocols), false), sessionCacheSize, sessionTimeout);
117 }
118
119 /**
120 * Creates a new instance.
121 *
122 * @param certChainFile an X.509 certificate chain file in PEM format.
123 * {@code null} to use the system default
124 * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
125 * that verifies the certificates sent from servers.
126 * {@code null} to use the default.
127 * @param ciphers the cipher suites to enable, in the order of preference.
128 * {@code null} to use the default cipher suites.
129 * @param cipherFilter a filter to apply over the supplied list of ciphers
130 * @param apn Provides a means to configure parameters related to application protocol negotiation.
131 * @param sessionCacheSize the size of the cache used for storing SSL session objects.
132 * {@code 0} to use the default value.
133 * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
134 * {@code 0} to use the default value.
135 * @deprecated use {@link SslContextBuilder}
136 */
137 @Deprecated
138 public JdkSslClientContext(
139 File certChainFile, TrustManagerFactory trustManagerFactory,
140 Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
141 long sessionCacheSize, long sessionTimeout) throws SSLException {
142 this(certChainFile, trustManagerFactory, ciphers, cipherFilter,
143 toNegotiator(apn, false), sessionCacheSize, sessionTimeout);
144 }
145
146 /**
147 * Creates a new instance.
148 *
149 * @param certChainFile an X.509 certificate chain file in PEM format.
150 * {@code null} to use the system default
151 * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
152 * that verifies the certificates sent from servers.
153 * {@code null} to use the default.
154 * @param ciphers the cipher suites to enable, in the order of preference.
155 * {@code null} to use the default cipher suites.
156 * @param cipherFilter a filter to apply over the supplied list of ciphers
157 * @param apn Application Protocol Negotiator object.
158 * @param sessionCacheSize the size of the cache used for storing SSL session objects.
159 * {@code 0} to use the default value.
160 * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
161 * {@code 0} to use the default value.
162 * @deprecated use {@link SslContextBuilder}
163 */
164 @Deprecated
165 public JdkSslClientContext(
166 File certChainFile, TrustManagerFactory trustManagerFactory,
167 Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn,
168 long sessionCacheSize, long sessionTimeout) throws SSLException {
169 this(null, certChainFile, trustManagerFactory, ciphers, cipherFilter, apn, sessionCacheSize, sessionTimeout);
170 }
171
172 JdkSslClientContext(Provider provider,
173 File trustCertCollectionFile, TrustManagerFactory trustManagerFactory,
174 Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn,
175 long sessionCacheSize, long sessionTimeout) throws SSLException {
176 super(newSSLContext(provider, toX509CertificatesInternal(trustCertCollectionFile),
177 trustManagerFactory, null, null,
178 null, null, sessionCacheSize, sessionTimeout, KeyStore.getDefaultType()), true,
179 ciphers, cipherFilter, apn, ClientAuth.NONE, null, false);
180 }
181
182 /**
183 * Creates a new instance.
184 * @param trustCertCollectionFile an X.509 certificate collection file in PEM format.
185 * {@code null} to use the system default
186 * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
187 * that verifies the certificates sent from servers.
188 * {@code null} to use the default or the results of parsing
189 * {@code trustCertCollectionFile}
190 * @param keyCertChainFile an X.509 certificate chain file in PEM format.
191 * This provides the public key for mutual authentication.
192 * {@code null} to use the system default
193 * @param keyFile a PKCS#8 private key file in PEM format.
194 * This provides the private key for mutual authentication.
195 * {@code null} for no mutual authentication.
196 * @param keyPassword the password of the {@code keyFile}.
197 * {@code null} if it's not password-protected.
198 * Ignored if {@code keyFile} is {@code null}.
199 * @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s
200 * that is used to encrypt data being sent to servers.
201 * {@code null} to use the default or the results of parsing
202 * {@code keyCertChainFile} and {@code keyFile}.
203 * @param ciphers the cipher suites to enable, in the order of preference.
204 * {@code null} to use the default cipher suites.
205 * @param cipherFilter a filter to apply over the supplied list of ciphers
206 * @param apn Provides a means to configure parameters related to application protocol negotiation.
207 * @param sessionCacheSize the size of the cache used for storing SSL session objects.
208 * {@code 0} to use the default value.
209 * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
210 * {@code 0} to use the default value.
211 * @deprecated use {@link SslContextBuilder}
212 */
213 @Deprecated
214 public JdkSslClientContext(File trustCertCollectionFile, TrustManagerFactory trustManagerFactory,
215 File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
216 Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
217 long sessionCacheSize, long sessionTimeout) throws SSLException {
218 this(trustCertCollectionFile, trustManagerFactory, keyCertChainFile, keyFile, keyPassword, keyManagerFactory,
219 ciphers, cipherFilter, toNegotiator(apn, false), sessionCacheSize, sessionTimeout);
220 }
221
222 /**
223 * Creates a new instance.
224 * @param trustCertCollectionFile an X.509 certificate collection file in PEM format.
225 * {@code null} to use the system default
226 * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s
227 * that verifies the certificates sent from servers.
228 * {@code null} to use the default or the results of parsing
229 * {@code trustCertCollectionFile}
230 * @param keyCertChainFile an X.509 certificate chain file in PEM format.
231 * This provides the public key for mutual authentication.
232 * {@code null} to use the system default
233 * @param keyFile a PKCS#8 private key file in PEM format.
234 * This provides the private key for mutual authentication.
235 * {@code null} for no mutual authentication.
236 * @param keyPassword the password of the {@code keyFile}.
237 * {@code null} if it's not password-protected.
238 * Ignored if {@code keyFile} is {@code null}.
239 * @param keyManagerFactory the {@link KeyManagerFactory} that provides the {@link KeyManager}s
240 * that is used to encrypt data being sent to servers.
241 * {@code null} to use the default or the results of parsing
242 * {@code keyCertChainFile} and {@code keyFile}.
243 * @param ciphers the cipher suites to enable, in the order of preference.
244 * {@code null} to use the default cipher suites.
245 * @param cipherFilter a filter to apply over the supplied list of ciphers
246 * @param apn Application Protocol Negotiator object.
247 * @param sessionCacheSize the size of the cache used for storing SSL session objects.
248 * {@code 0} to use the default value.
249 * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
250 * {@code 0} to use the default value.
251 * @deprecated use {@link SslContextBuilder}
252 */
253 @Deprecated
254 public JdkSslClientContext(File trustCertCollectionFile, TrustManagerFactory trustManagerFactory,
255 File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory,
256 Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn,
257 long sessionCacheSize, long sessionTimeout) throws SSLException {
258 super(newSSLContext(null, toX509CertificatesInternal(
259 trustCertCollectionFile), trustManagerFactory,
260 toX509CertificatesInternal(keyCertChainFile), toPrivateKeyInternal(keyFile, keyPassword),
261 keyPassword, keyManagerFactory, sessionCacheSize, sessionTimeout, KeyStore.getDefaultType()), true,
262 ciphers, cipherFilter, apn, ClientAuth.NONE, null, false);
263 }
264
265 JdkSslClientContext(Provider sslContextProvider,
266 X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
267 X509Certificate[] keyCertChain, PrivateKey key, String keyPassword,
268 KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter,
269 ApplicationProtocolConfig apn, String[] protocols, long sessionCacheSize, long sessionTimeout,
270 String keyStoreType)
271 throws SSLException {
272 super(newSSLContext(sslContextProvider, trustCertCollection, trustManagerFactory,
273 keyCertChain, key, keyPassword, keyManagerFactory, sessionCacheSize,
274 sessionTimeout, keyStoreType),
275 true, ciphers, cipherFilter, toNegotiator(apn, false), ClientAuth.NONE, protocols, false);
276 }
277
278 private static SSLContext newSSLContext(Provider sslContextProvider,
279 X509Certificate[] trustCertCollection,
280 TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain,
281 PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
282 long sessionCacheSize, long sessionTimeout,
283 String keyStore) throws SSLException {
284 try {
285 if (trustCertCollection != null) {
286 trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory, keyStore);
287 }
288 if (keyCertChain != null) {
289 keyManagerFactory = buildKeyManagerFactory(keyCertChain, null,
290 key, keyPassword, keyManagerFactory, keyStore);
291 }
292 SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL)
293 : SSLContext.getInstance(PROTOCOL, sslContextProvider);
294 ctx.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(),
295 trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(),
296 null);
297
298 SSLSessionContext sessCtx = ctx.getClientSessionContext();
299 if (sessionCacheSize > 0) {
300 sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
301 }
302 if (sessionTimeout > 0) {
303 sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
304 }
305 return ctx;
306 } catch (Exception e) {
307 if (e instanceof SSLException) {
308 throw (SSLException) e;
309 }
310 throw new SSLException("failed to initialize the client-side SSL context", e);
311 }
312 }
313 }
以上源码来自: 即时通讯网 - 即时通讯开发者社区!