/*
* Copyright (C) 2012-2016 Facebook, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.facebook.nifty.ssl;
import com.google.common.base.Throwables;
import org.jboss.netty.handler.ssl.SslContext;
import org.jboss.netty.handler.ssl.SslHandler;
import javax.net.ssl.SSLException;
import java.io.File;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
public class SslClientConfiguration {
public static class Builder {
Iterable<String> ciphers;
File caFile;
long sessionCacheSize = 10000;
long sessionTimeoutSeconds = 86400;
SslContext clientContext;
public Builder ciphers(Iterable<String> ciphers) {
this.ciphers = ciphers;
return this;
}
public Builder caFile(File caFile) {
this.caFile = caFile;
return this;
}
public Builder sessionCacheSize(long sessionCacheSize) {
this.sessionCacheSize = sessionCacheSize;
return this;
}
public Builder sessionTimeoutSeconds(long sessionTimeoutSeconds) {
this.sessionTimeoutSeconds = sessionTimeoutSeconds;
return this;
}
/**
* Overrides the SslContext with one explicitly provided by the caller. If this is not null, the other
* builder parameters will be ignored. Currently only used for testing and may be removed in the future,
* once we have netty support for client-side certs.
*
* @param clientContext the client context.
* @return a reference to this builder.
*/
public Builder sslContext(SslContext clientContext) {
this.clientContext = clientContext;
return this;
}
public SslClientConfiguration build() {
return new SslClientConfiguration(this);
}
}
private SslContext clientContext;
public SslClientConfiguration(Builder builder) {
if (builder.clientContext == null) {
try {
clientContext =
SslContext.newClientContext(
null,
null,
builder.caFile,
null,
builder.ciphers,
null,
builder.sessionCacheSize,
builder.sessionTimeoutSeconds);
} catch (SSLException e) {
Throwables.propagate(e);
}
} else {
clientContext = builder.clientContext;
}
}
public SslHandler createHandler() throws Exception {
return clientContext.newHandler();
}
public SslHandler createHandler(SocketAddress address) throws Exception {
if (!(address instanceof InetSocketAddress)) {
return createHandler();
}
InetSocketAddress netAddress = (InetSocketAddress) address;
String host = netAddress.getHostString();
if (host == null) {
return createHandler();
}
return clientContext.newHandler(host, netAddress.getPort());
}
}