ServerSSLSetupHandler.java example

Explorer
wso2-synapse-master
- modules
/*
 *  Licensed to the Apache Software Foundation (ASF) under one
 *  or more contributor license agreements.  See the NOTICE file
 *  distributed with this work for additional information
 *  regarding copyright ownership.  The ASF licenses this file
 *  to you under the Apache License, Version 2.0 (the
 *  "License"); you may not use this file except in compliance
 *  with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing,
 *  software distributed under the License is distributed on an
 *   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 *  KIND, either express or implied.  See the License for the
 *  specific language governing permissions and limitations
 *  under the License.
 */
package org.apache.synapse.transport.http.conn;

import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;

import org.apache.http.nio.reactor.IOSession;
import org.apache.http.nio.reactor.ssl.SSLSetupHandler;
import org.apache.synapse.transport.certificatevalidation.CertificateVerificationException;
import org.apache.synapse.transport.certificatevalidation.RevocationVerificationManager;

import java.net.InetSocketAddress;
import java.net.SocketAddress;

public class ServerSSLSetupHandler implements SSLSetupHandler {
    
    private final SSLClientAuth clientAuth;
    /** Enabled SSL handshake protocols (e.g. SSLv3, TLSv1) */
    private final String[] httpsProtocols;
    private RevocationVerificationManager verificationManager;

    public ServerSSLSetupHandler(final SSLClientAuth clientAuth, final String[] httpsProtocols,
                                 final RevocationVerificationManager verificationManager) {
        this.clientAuth = clientAuth;
        this.httpsProtocols = httpsProtocols;
        this.verificationManager = verificationManager;
    }

    public void initalize(
        final SSLEngine sslengine) throws SSLException {
        if (clientAuth != null) {
            switch (clientAuth) {
            case OPTIONAL:
                sslengine.setWantClientAuth(true);
                break;
            case REQUIRED:
                sslengine.setNeedClientAuth(true);
            }
        }
        // set handshake protocols if they are specified in transport
        // configuration.
        if (httpsProtocols != null) {
            sslengine.setEnabledProtocols(httpsProtocols);
        }

    }

    public void verify(
            final IOSession iosession,
            final SSLSession sslsession) throws SSLException {
        SocketAddress remoteAddress = iosession.getRemoteAddress();
        String address;
        if (remoteAddress instanceof InetSocketAddress) {
            address = ((InetSocketAddress) remoteAddress).getHostName();
        } else {
            address = remoteAddress.toString();
        }

        if (verificationManager != null) {
            try {
                verificationManager.verifyRevocationStatus(sslsession.getPeerCertificateChain());
            } catch (CertificateVerificationException e) {
                throw new SSLException("Certificate Chain Validation failed for host : " + address, e);
            }
        }

    }

}