Merge pull request eclipse-ee4j#2054 from kofemann/ssl-param

ssl: introduce SSLEngineConfigurator#setSSLParameters

extras/tls-sni/src/main/java/org/glassfish/grizzly/sni/SNIConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2020 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2023 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -99,16 +99,6 @@ public SSLEngineConfigurator copy() {
             return new NullSSLEngineConfigurator();
         }
 
-        @Override
-        public SSLEngineConfigurator setProtocolConfigured(boolean isProtocolConfigured) {
-            throw new IllegalStateException("Immutable config");
-        }
-
-        @Override
-        public SSLEngineConfigurator setCipherConfigured(boolean isCipherConfigured) {
-            throw new IllegalStateException("Immutable config");
-        }
-
         @Override
         public SSLEngineConfigurator setEnabledProtocols(String[] enabledProtocols) {
             throw new IllegalStateException("Immutable config");

modules/grizzly/src/main/java/org/glassfish/grizzly/ssl/SSLEngineConfigurator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2020 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2023 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -23,6 +23,7 @@
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 
+import javax.net.ssl.SSLParameters;
 import org.glassfish.grizzly.Grizzly;
 
 /**
@@ -39,34 +40,15 @@ public class SSLEngineConfigurator implements SSLEngineFactory {
 
     protected volatile SSLContext sslContext;
 
-    /**
-     * The list of cipher suite
-     */
-    protected String[] enabledCipherSuites = null;
-    /**
-     * the list of protocols
-     */
-    protected String[] enabledProtocols = null;
     /**
      * Client mode when handshaking.
      */
     protected boolean clientMode;
+
     /**
-     * Require client Authentication.
-     */
-    protected boolean needClientAuth;
-    /**
-     * True when requesting authentication.
-     */
-    protected boolean wantClientAuth;
-    /**
-     * Has the enabled protocol configured.
-     */
-    private boolean isProtocolConfigured = false;
-    /**
-     * Has the enabled Cipher configured.
+     * Parameters to configure {@link SSLEngine}.
      */
-    private boolean isCipherConfigured = false;
+    private SSLParameters sslParameters;
 
     /**
      * Create SSL Engine configuration basing on passed {@link SSLContext}.
@@ -94,8 +76,15 @@ public SSLEngineConfigurator(final SSLContext sslContext, final boolean clientMo
         this.sslContextConfiguration = null;
         this.sslContext = sslContext;
         this.clientMode = clientMode;
-        this.needClientAuth = needClientAuth;
-        this.wantClientAuth = wantClientAuth;
+
+        this.sslParameters = sslContext.getDefaultSSLParameters();
+        if (needClientAuth) {
+            sslParameters.setNeedClientAuth(true);
+        }
+
+        if (wantClientAuth) {
+            sslParameters.setWantClientAuth(true);
+        }
     }
 
     /**
@@ -125,23 +114,22 @@ public SSLEngineConfigurator(SSLContextConfigurator sslContextConfiguration, boo
 
         this.sslContextConfiguration = sslContextConfiguration;
         this.clientMode = clientMode;
-        this.needClientAuth = needClientAuth;
-        this.wantClientAuth = wantClientAuth;
+
+        this.sslParameters = new SSLParameters();
+        if (needClientAuth) {
+            sslParameters.setNeedClientAuth(true);
+        }
+
+        if (wantClientAuth) {
+            sslParameters.setWantClientAuth(true);
+        }
     }
 
     public SSLEngineConfigurator(SSLEngineConfigurator pattern) {
         this.sslContextConfiguration = pattern.sslContextConfiguration;
         this.sslContext = pattern.sslContext;
         this.clientMode = pattern.clientMode;
-        this.needClientAuth = pattern.needClientAuth;
-        this.wantClientAuth = pattern.wantClientAuth;
-
-        this.enabledCipherSuites = pattern.enabledCipherSuites != null ? Arrays.copyOf(pattern.enabledCipherSuites, pattern.enabledCipherSuites.length) : null;
-
-        this.enabledProtocols = pattern.enabledProtocols != null ? Arrays.copyOf(pattern.enabledProtocols, pattern.enabledProtocols.length) : null;
-
-        this.isCipherConfigured = pattern.isCipherConfigured;
-        this.isProtocolConfigured = pattern.isProtocolConfigured;
+        this.sslParameters = copy(pattern.sslParameters);
     }
 
     protected SSLEngineConfigurator() {
@@ -192,29 +180,24 @@ public SSLEngine createSSLEngine(final String peerHost, final int peerPort) {
      * @return configured {@link SSLEngine}.
      */
     public SSLEngine configure(final SSLEngine sslEngine) {
+
+        SSLParameters params = copy(sslParameters);
+
+        String[] enabledCipherSuites = params.getProtocols();
         if (enabledCipherSuites != null) {
-            if (!isCipherConfigured) {
-                enabledCipherSuites = configureEnabledCiphers(sslEngine, enabledCipherSuites);
-                isCipherConfigured = true;
-            }
-            sslEngine.setEnabledCipherSuites(enabledCipherSuites);
+            enabledCipherSuites = configureEnabledCiphers(sslEngine, enabledCipherSuites);
+            params.setCipherSuites(enabledCipherSuites);
         }
 
+        String[] enabledProtocols = params.getProtocols();
         if (enabledProtocols != null) {
-            if (!isProtocolConfigured) {
-                enabledProtocols = configureEnabledProtocols(sslEngine, enabledProtocols);
-                isProtocolConfigured = true;
-            }
-            sslEngine.setEnabledProtocols(enabledProtocols);
+            enabledProtocols = configureEnabledProtocols(sslEngine,
+                            enabledProtocols);
+            params.setProtocols(enabledProtocols);
         }
 
         sslEngine.setUseClientMode(clientMode);
-        if (wantClientAuth) {
-            sslEngine.setWantClientAuth(wantClientAuth);
-        }
-        if (needClientAuth) {
-            sslEngine.setNeedClientAuth(needClientAuth);
-        }
+        sslEngine.setSSLParameters(sslParameters);
 
         return sslEngine;
     }
@@ -242,29 +225,40 @@ public SSLEngineConfigurator setClientMode(boolean clientMode) {
     }
 
     public boolean isNeedClientAuth() {
-        return needClientAuth;
+        return sslParameters.getNeedClientAuth();
     }
 
     public SSLEngineConfigurator setNeedClientAuth(boolean needClientAuth) {
-        this.needClientAuth = needClientAuth;
+        sslParameters.setNeedClientAuth(needClientAuth);
         return this;
     }
 
     public boolean isWantClientAuth() {
-        return wantClientAuth;
+        return sslParameters.getWantClientAuth();
     }
 
     public SSLEngineConfigurator setWantClientAuth(boolean wantClientAuth) {
-        this.wantClientAuth = wantClientAuth;
+        sslParameters.setWantClientAuth(wantClientAuth);
         return this;
     }
 
     /**
-     * @return an array of enabled cipher suites. Modifications made on the array content won't be propagated to
-     * SSLEngineConfigurator
+     * Apply {@link SSLParameters} to this SSLEngineConfigurator.
+     *
+     * @param sslParameters
+     * @return this SSLEngineConfigurator
+     */
+    public SSLEngineConfigurator setSSLParameters(SSLParameters sslParameters) {
+        this.sslParameters = copy(this.sslParameters);
+        return this;
+    }
+
+    /**
+     * @return an array of enabled cipher suites. Modifications made on the array
+     *      content won't be propagated to SSLEngineConfigurator
      */
     public String[] getEnabledCipherSuites() {
-        return enabledCipherSuites != null ? Arrays.copyOf(enabledCipherSuites, enabledCipherSuites.length) : null;
+        return sslParameters.getCipherSuites();
     }
 
     /**
@@ -275,7 +269,7 @@ public String[] getEnabledCipherSuites() {
      * @return this SSLEngineConfigurator
      */
     public SSLEngineConfigurator setEnabledCipherSuites(final String[] enabledCipherSuites) {
-        this.enabledCipherSuites = enabledCipherSuites != null ? Arrays.copyOf(enabledCipherSuites, enabledCipherSuites.length) : null;
+        sslParameters.setCipherSuites(enabledCipherSuites);
         return this;
     }
 
@@ -284,7 +278,7 @@ public SSLEngineConfigurator setEnabledCipherSuites(final String[] enabledCipher
      * SSLEngineConfigurator
      */
     public String[] getEnabledProtocols() {
-        return enabledProtocols != null ? Arrays.copyOf(enabledProtocols, enabledProtocols.length) : null;
+        return sslParameters.getProtocols();
     }
 
     /**
@@ -295,25 +289,7 @@ public String[] getEnabledProtocols() {
      * @return this SSLEngineConfigurator
      */
     public SSLEngineConfigurator setEnabledProtocols(final String[] enabledProtocols) {
-        this.enabledProtocols = enabledProtocols != null ? Arrays.copyOf(enabledProtocols, enabledProtocols.length) : null;
-        return this;
-    }
-
-    public boolean isCipherConfigured() {
-        return isCipherConfigured;
-    }
-
-    public SSLEngineConfigurator setCipherConfigured(boolean isCipherConfigured) {
-        this.isCipherConfigured = isCipherConfigured;
-        return this;
-    }
-
-    public boolean isProtocolConfigured() {
-        return isProtocolConfigured;
-    }
-
-    public SSLEngineConfigurator setProtocolConfigured(boolean isProtocolConfigured) {
-        this.isProtocolConfigured = isProtocolConfigured;
+        sslParameters.setProtocols(enabledProtocols);
         return this;
     }
 
@@ -400,17 +376,43 @@ public String toString() {
         final StringBuilder sb = new StringBuilder();
         sb.append("SSLEngineConfigurator");
         sb.append("{clientMode=").append(clientMode);
-        sb.append(", enabledCipherSuites=").append(enabledCipherSuites == null ? "null" : Arrays.asList(enabledCipherSuites).toString());
-        sb.append(", enabledProtocols=").append(enabledProtocols == null ? "null" : Arrays.asList(enabledProtocols).toString());
-        sb.append(", needClientAuth=").append(needClientAuth);
-        sb.append(", wantClientAuth=").append(wantClientAuth);
-        sb.append(", isProtocolConfigured=").append(isProtocolConfigured);
-        sb.append(", isCipherConfigured=").append(isCipherConfigured);
+        sb.append(", enabledCipherSuites=")
+            .append(sslParameters.getCipherSuites() == null ? "null" : Arrays.toString(sslParameters.getCipherSuites()));
+        sb.append(", enabledProtocols=")
+            .append(sslParameters.getProtocols() == null ? "null" : Arrays.toString(sslParameters.getProtocols()));
+        sb.append(", needClientAuth=").append(sslParameters.getNeedClientAuth());
+        sb.append(", wantClientAuth=").append(sslParameters.getWantClientAuth());
         sb.append('}');
         return sb.toString();
     }
 
     public SSLEngineConfigurator copy() {
         return new SSLEngineConfigurator(this);
     }
+
+    private SSLParameters copy(SSLParameters src) {
+        SSLParameters dest = new SSLParameters();
+
+        dest.setCipherSuites(src.getCipherSuites());
+        dest.setProtocols(src.getProtocols());
+
+        if (src.getNeedClientAuth()) {
+            dest.setNeedClientAuth(src.getNeedClientAuth());
+        }
+
+        if (src.getWantClientAuth()) {
+            dest.setWantClientAuth(src.getWantClientAuth());
+        }
+
+        dest.setAlgorithmConstraints(src.getAlgorithmConstraints());
+        dest.setApplicationProtocols(src.getApplicationProtocols());
+        dest.setEnableRetransmissions(src.getEnableRetransmissions());
+        dest.setEndpointIdentificationAlgorithm(src.getEndpointIdentificationAlgorithm());
+        dest.setMaximumPacketSize(src.getMaximumPacketSize());
+        dest.setSNIMatchers(src.getSNIMatchers());
+        dest.setServerNames(src.getServerNames());
+        dest.setUseCipherSuitesOrder(src.getUseCipherSuitesOrder());
+
+        return dest;
+    }
 }