Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
41 changed files
with
986 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 46 additions & 0 deletions
46
auth/client/src/main/java/org/wildfly/security/auth/client/DynamicSSLContextImpl.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| package org.wildfly.security.auth.client; | ||
|
|
||
| import org.kohsuke.MetaInfServices; | ||
| import org.wildfly.security.dynamic.ssl.DynamicSSLContextSPI; | ||
|
|
||
| import javax.net.ssl.SSLContext; | ||
| import java.net.URI; | ||
| import java.security.AccessController; | ||
| import java.security.GeneralSecurityException; | ||
| import java.security.NoSuchAlgorithmException; | ||
| import java.security.PrivilegedAction; | ||
| import java.util.List; | ||
|
|
||
| @MetaInfServices(value = DynamicSSLContextSPI.class) | ||
| public class DynamicSSLContextImpl implements DynamicSSLContextSPI { | ||
|
|
||
| private final AuthenticationContextConfigurationClient AUTH_CONTEXT_CLIENT = | ||
| AccessController.doPrivileged((PrivilegedAction<AuthenticationContextConfigurationClient>) AuthenticationContextConfigurationClient::new); | ||
| private AuthenticationContext authenticationContext = AuthenticationContext.captureCurrent(); | ||
| private SSLContext configuredDefaultSSLContext; | ||
| private List<SSLContext> configuredSSLContexts; | ||
|
|
||
| public DynamicSSLContextImpl() throws NoSuchAlgorithmException { | ||
| this.configuredSSLContexts = AUTH_CONTEXT_CLIENT.getConfiguredSSLContexts(authenticationContext); | ||
| this.configuredDefaultSSLContext = AUTH_CONTEXT_CLIENT.getDefaultSSLContext(authenticationContext); | ||
| } | ||
|
|
||
| @Override | ||
| public SSLContext getConfiguredDefault() { | ||
| return this.configuredDefaultSSLContext; | ||
| } | ||
|
|
||
| @Override | ||
| public List<SSLContext> getConfiguredSSLContexts() { | ||
| return this.configuredSSLContexts; | ||
| } | ||
|
|
||
| @Override | ||
| public SSLContext getSSLContext(URI uri) { | ||
| try { | ||
| return AUTH_CONTEXT_CLIENT.getSSLContext(uri, authenticationContext); | ||
| } catch (GeneralSecurityException e) { | ||
| throw new IllegalArgumentException(e); | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <project xmlns="http://maven.apache.org/POM/4.0.0" | ||
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
| <parent> | ||
| <groupId>org.wildfly.security</groupId> | ||
| <artifactId>wildfly-elytron-parent</artifactId> | ||
| <version>1.11.4.CR1-SNAPSHOT</version> | ||
| </parent> | ||
|
|
||
| <modelVersion>4.0.0</modelVersion> | ||
|
|
||
| <artifactId>wildfly-elytron-dynamic-ssl</artifactId> | ||
|
|
||
| <name>WildFly Elytron - Dynamic SSL</name> | ||
| <description>WildFly Security Dynamic SSL Implementation</description> | ||
| </project> |
11 changes: 11 additions & 0 deletions
11
dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContext.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| package org.wildfly.security.dynamic.ssl; | ||
|
|
||
| import javax.net.ssl.SSLContext; | ||
| import java.security.NoSuchAlgorithmException; | ||
|
|
||
| public final class DynamicSSLContext extends SSLContext { | ||
|
|
||
| public DynamicSSLContext() throws NoSuchAlgorithmException { | ||
| super(new DynamicSSLContextSpiImpl(SSLContext.getDefault()), SSLContext.getDefault().getProvider(), SSLContext.getDefault().getProtocol()); | ||
| } | ||
| } |
20 changes: 20 additions & 0 deletions
20
dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| package org.wildfly.security.dynamic.ssl; | ||
|
|
||
| public class DynamicSSLContextException extends Exception { | ||
| private static final long serialVersionUID = 894798122053539237L; | ||
|
|
||
| public DynamicSSLContextException() { | ||
| } | ||
|
|
||
| public DynamicSSLContextException(String msg) { | ||
| super(msg); | ||
| } | ||
|
|
||
| public DynamicSSLContextException(String message, Throwable cause) { | ||
| super(message, cause); | ||
| } | ||
|
|
||
| public DynamicSSLContextException(Throwable cause) { | ||
| super(cause); | ||
| } | ||
| } |
12 changes: 12 additions & 0 deletions
12
dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextSPI.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| package org.wildfly.security.dynamic.ssl; | ||
|
|
||
| import javax.net.ssl.SSLContext; | ||
| import java.net.URI; | ||
| import java.util.List; | ||
|
|
||
| public interface DynamicSSLContextSPI { | ||
|
|
||
| SSLContext getConfiguredDefault(); | ||
| List<SSLContext> getConfiguredSSLContexts(); | ||
| SSLContext getSSLContext(URI uri) throws DynamicSSLContextException; | ||
| } |
97 changes: 97 additions & 0 deletions
97
dynamic-ssl/src/main/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextSpiImpl.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,97 @@ | ||
| package org.wildfly.security.dynamic.ssl; | ||
|
|
||
| import javax.net.ssl.KeyManager; | ||
| import javax.net.ssl.SSLContext; | ||
| import javax.net.ssl.SSLContextSpi; | ||
| import javax.net.ssl.SSLEngine; | ||
| import javax.net.ssl.SSLParameters; | ||
| import javax.net.ssl.SSLServerSocketFactory; | ||
| import javax.net.ssl.SSLSessionContext; | ||
| import javax.net.ssl.SSLSocketFactory; | ||
| import javax.net.ssl.TrustManager; | ||
| import java.net.URI; | ||
| import java.net.URISyntaxException; | ||
| import java.security.NoSuchAlgorithmException; | ||
| import java.security.SecureRandom; | ||
| import java.util.Iterator; | ||
| import java.util.ServiceLoader; | ||
|
|
||
| final class DynamicSSLContextSpiImpl extends SSLContextSpi { | ||
|
|
||
| private final DynamicSSLContextSPI dynamicSSLContextImpl; | ||
| private final SSLContext configuredDefaultSSLContext; | ||
| private volatile SSLSocketFactory sslSocketFactory; | ||
|
|
||
| DynamicSSLContextSpiImpl(SSLContext fallbackSslContext) throws NoSuchAlgorithmException { | ||
| SSLContext configuredDefaultSSLContextTemp; | ||
| Iterator<DynamicSSLContextSPI> dynamicSSLContextSPIIterator = ServiceLoader.load(DynamicSSLContextSPI.class).iterator(); | ||
| if (dynamicSSLContextSPIIterator.hasNext()) { | ||
| dynamicSSLContextImpl = dynamicSSLContextSPIIterator.next(); | ||
| configuredDefaultSSLContextTemp = dynamicSSLContextImpl.getConfiguredDefault() == null ? SSLContext.getDefault() : dynamicSSLContextImpl.getConfiguredDefault(); | ||
| } else { | ||
| dynamicSSLContextImpl = null; | ||
| configuredDefaultSSLContextTemp = fallbackSslContext; | ||
| } | ||
| this.configuredDefaultSSLContext = configuredDefaultSSLContextTemp; | ||
| } | ||
|
|
||
| @Override | ||
| protected void engineInit(KeyManager[] keyManagers, TrustManager[] trustManagers, SecureRandom secureRandom) { | ||
| // ignore | ||
| } | ||
|
|
||
| @Override | ||
| protected SSLSocketFactory engineGetSocketFactory() { | ||
| if (dynamicSSLContextImpl == null) { | ||
| return configuredDefaultSSLContext.getSocketFactory(); | ||
| } | ||
| if (sslSocketFactory == null) { | ||
| synchronized (this) { | ||
| if (sslSocketFactory == null) { | ||
| sslSocketFactory = new DynamicSslSocketFactory(configuredDefaultSSLContext.getSocketFactory(), dynamicSSLContextImpl); | ||
| } | ||
| } | ||
| } | ||
| return sslSocketFactory; | ||
| } | ||
|
|
||
| @Override | ||
| protected SSLServerSocketFactory engineGetServerSocketFactory() { | ||
| return this.configuredDefaultSSLContext.getServerSocketFactory(); | ||
| } | ||
|
|
||
| @Override | ||
| protected SSLEngine engineCreateSSLEngine() { | ||
| return this.configuredDefaultSSLContext.createSSLEngine(); | ||
| } | ||
|
|
||
| @Override | ||
| protected SSLEngine engineCreateSSLEngine(String host, int port) throws IllegalStateException { | ||
| if (dynamicSSLContextImpl == null) { | ||
| return configuredDefaultSSLContext.createSSLEngine(host, port); | ||
| } | ||
| try { | ||
| SSLContext sslContext = dynamicSSLContextImpl | ||
| .getSSLContext(new URI(null, null, host, port, null, null, null)); | ||
| return sslContext == null ? configuredDefaultSSLContext.createSSLEngine(host, port) : sslContext.createSSLEngine(host, port); | ||
| } catch (URISyntaxException | DynamicSSLContextException e) { | ||
| throw new IllegalStateException(e); | ||
| } | ||
| } | ||
|
|
||
| @Override | ||
| protected SSLSessionContext engineGetServerSessionContext() { | ||
| throw new UnsupportedOperationException("Dynamic SSLContext does not support sessions"); | ||
| } | ||
|
|
||
| @Override | ||
| protected SSLSessionContext engineGetClientSessionContext() { | ||
| throw new UnsupportedOperationException("Dynamic SSLContext does not support sessions"); | ||
|
|
||
| } | ||
|
|
||
| @Override | ||
| protected SSLParameters engineGetSupportedSSLParameters() { | ||
| return this.configuredDefaultSSLContext.getSupportedSSLParameters(); | ||
| } | ||
| } |
Oops, something went wrong.