package cc.blynk.utils;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import javax.net.ssl.SSLException;
import java.io.File;
import java.security.cert.CertificateException;
/**
* The Blynk Project.
* Created by Dmitriy Dumanskiy.
* Created on 28.09.15.
*/
public class SslUtil {
private final static Logger log = LogManager.getLogger(SslUtil.class);
public static SslContext initSslContext(String serverCertPath, String serverKeyPath, String serverPass,
SslProvider sslProvider, boolean printWarn) {
try {
File serverCert = new File(serverCertPath);
File serverKey = new File(serverKeyPath);
if (!serverCert.exists() || !serverKey.exists()) {
if (printWarn) {
log.warn("ATTENTION. Server certificate paths (cert : '{}', key : '{}') not valid. Using embedded server certs and one way ssl. This is not secure. Please replace it with your own certs.",
serverCert.getAbsolutePath(), serverKey.getAbsolutePath());
}
return build(sslProvider);
}
return build(serverCert, serverKey, serverPass, sslProvider);
} catch (CertificateException | SSLException | IllegalArgumentException e) {
log.error("Error initializing ssl context. Reason : {}", e.getMessage());
throw new RuntimeException(e.getMessage());
}
}
public static SslProvider fetchSslProvider(ServerProperties props) {
return props.getBoolProperty("enable.native.openssl") ? SslProvider.OPENSSL : SslProvider.JDK;
}
public static SslContext build(SslProvider sslProvider) throws CertificateException, SSLException {
SelfSignedCertificate ssc = new SelfSignedCertificate();
return SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(sslProvider)
.build();
}
public static SslContext build(File serverCert, File serverKey, String serverPass, SslProvider sslProvider) throws SSLException {
if (serverPass == null || serverPass.isEmpty()) {
return SslContextBuilder.forServer(serverCert, serverKey)
.sslProvider(sslProvider)
.build();
} else {
return SslContextBuilder.forServer(serverCert, serverKey, serverPass)
.sslProvider(sslProvider)
.build();
}
}
public static SslContext build(File serverCert, File serverKey, String serverPass, SslProvider sslProvider, File clientCert) throws SSLException {
log.info("Creating SSL context for cert '{}', key '{}', key pass '{}'",
serverCert.getAbsolutePath(), serverKey.getAbsoluteFile(), serverPass);
if (serverPass == null || serverPass.isEmpty()) {
return SslContextBuilder.forServer(serverCert, serverKey)
.sslProvider(sslProvider)
.trustManager(clientCert)
.build();
} else {
return SslContextBuilder.forServer(serverCert, serverKey, serverPass)
.sslProvider(sslProvider)
.trustManager(clientCert)
.build();
}
}
}