OpenSslSessionHelper.java

/*
 * Copyright (C) 2012-2016 Facebook, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.facebook.nifty.ssl;

import org.apache.tomcat.jni.SSL;
import org.jboss.netty.handler.ssl.OpenSslEngine;

import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.security.cert.CertificateException;
import javax.security.cert.X509Certificate;
import java.lang.reflect.Field;

/**
 * This class provides a method to extract properties of the SSL session
 * from an engine.
 * Netty's OpenSSL engine class does not implement getSession() fully, thus
 * we have to extract the properties that we need ourselves.
 */
public class OpenSslSessionHelper {
    private static Field sslField;

    static {
        try {
            sslField = OpenSslEngine.class.getDeclaredField("ssl");
            sslField.setAccessible(true);
        }
        catch (Throwable t) {
            // Ignore.
        }
    }

    public static SslSession getSession(SSLEngine sslEngine) throws SSLException {
        if (!(sslEngine instanceof OpenSslEngine)) {
            throw new IllegalArgumentException("ssl engine not openssl engine");
        }
        OpenSslEngine engine = (OpenSslEngine) sslEngine;
        if (sslField == null) {
            throw new SSLException("SSL field is null");
        }
        try {
            long sslPtr = (long) sslField.get(engine);
            if (sslPtr == 0) {
                throw new SSLException("SSL not initialized");
            }
            String alpn = SSL.getAlpnSelected(sslPtr);
            String npn = SSL.getNextProtoNegotiated(sslPtr);

            String version = SSL.getVersion(sslPtr);
            String cipher = SSL.getCipherForSSL(sslPtr);
            long establishedTime = SSL.getTime(sslPtr);

            // TODO: return the entire chain.
            // tc-native thinks that the chain is null, so we supply only the
            // leaf cert.
            byte[] cert = SSL.getPeerCertificate(sslPtr);
            X509Certificate certificate = null;
            if (cert != null) {
                certificate = X509Certificate.getInstance(cert);
            }
            return new SslSession(alpn, npn, version, cipher, establishedTime, certificate);
        }
        catch (IllegalAccessException e) {
            throw new SSLException(e);
        }
        catch (CertificateException e) {
            throw new SSLException(e);
        }
    }
}