Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSL improvements #4468

Merged
merged 26 commits into from
Sep 14, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/main/java/io/vertx/core/Vertx.java
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@
* Please see the user manual for more detailed usage information.
*
* @author <a href="http://tfox.org">Tim Fox</a>
* @author <a href="mailto:julien@julienviet.com">Julien Viet</a>
*/
@VertxGen
public interface Vertx extends Measured {
Expand Down
22 changes: 11 additions & 11 deletions src/main/java/io/vertx/core/http/impl/HttpClientImpl.java
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import io.vertx.core.impl.VertxInternal;
import io.vertx.core.impl.future.PromiseInternal;
import io.vertx.core.net.*;
import io.vertx.core.net.impl.NetClientBuilder;
import io.vertx.core.net.impl.NetClientImpl;
import io.vertx.core.net.impl.ProxyFilter;
import io.vertx.core.net.impl.pool.ConnectionManager;
Expand Down Expand Up @@ -146,17 +147,16 @@ public HttpClientImpl(VertxInternal vertx, HttpClientOptions options, CloseFutur
throw new IllegalStateException("Cannot have pipelining with no keep alive");
}
this.proxyFilter = options.getNonProxyHosts() != null ? ProxyFilter.nonProxyHosts(options.getNonProxyHosts()) : ProxyFilter.DEFAULT_PROXY_FILTER;
this.netClient = new NetClientImpl(
vertx,
metrics,
new NetClientOptions(options)
.setHostnameVerificationAlgorithm(options.isVerifyHost() ? "HTTPS": "")
.setProxyOptions(null)
.setApplicationLayerProtocols(alpnVersions
.stream()
.map(HttpVersion::alpnName)
.collect(Collectors.toList())),
closeFuture);
this.netClient = (NetClientImpl) new NetClientBuilder(vertx, new NetClientOptions(options)
.setHostnameVerificationAlgorithm(options.isVerifyHost() ? "HTTPS": "")
.setProxyOptions(null)
.setApplicationLayerProtocols(alpnVersions
.stream()
.map(HttpVersion::alpnName)
.collect(Collectors.toList())))
.metrics(metrics)
.closeFuture(closeFuture)
.build();
webSocketCM = webSocketConnectionManager();
httpCM = httpConnectionManager();
if (options.getPoolCleanerPeriod() > 0 && (options.getKeepAliveTimeout() > 0L || options.getHttp2KeepAliveTimeout() > 0L)) {
Expand Down
12 changes: 5 additions & 7 deletions src/main/java/io/vertx/core/http/impl/HttpServerImpl.java
Original file line number Diff line number Diff line change
Expand Up @@ -200,13 +200,11 @@ protected Handler<Channel> childHandler(ContextInternal context, SocketAddress a

@Override
protected SSLHelper createSSLHelper() {
return super.createSSLHelper()
.setApplicationProtocols(options
.getAlpnVersions()
.stream()
.map(HttpVersion::alpnName)
.collect(Collectors.toList())
);
return new SSLHelper(options, options
.getAlpnVersions()
.stream()
.map(HttpVersion::alpnName)
.collect(Collectors.toList()));
}

@Override
Expand Down
11 changes: 3 additions & 8 deletions src/main/java/io/vertx/core/http/impl/HttpServerWorker.java
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
*/
package io.vertx.core.http.impl;

import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.Unpooled;
import io.netty.channel.*;
import io.netty.handler.codec.compression.CompressionOptions;
Expand All @@ -19,6 +20,7 @@
import io.netty.handler.codec.http.HttpContentDecompressor;
import io.netty.handler.logging.LoggingHandler;
import io.netty.handler.ssl.SniHandler;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.stream.ChunkedWriteHandler;
import io.netty.handler.timeout.IdleState;
Expand Down Expand Up @@ -134,14 +136,7 @@ public void handle(Channel ch) {
private void configurePipeline(Channel ch) {
ChannelPipeline pipeline = ch.pipeline();
if (sslHelper.isSSL()) {
if (options.isSni()) {
SniHandler sniHandler = new SniHandler(sslHelper.serverNameMapper(vertx));
pipeline.addLast(sniHandler);
} else {
SslHandler handler = new SslHandler(sslHelper.createEngine(vertx));
handler.setHandshakeTimeout(sslHelper.getSslHandshakeTimeout(), sslHelper.getSslHandshakeTimeoutUnit());
pipeline.addLast("ssl", handler);
}
pipeline.addLast("ssl", sslHelper.createHandler(vertx));
ChannelPromise p = ch.newPromise();
pipeline.addLast("handshaker", new SslHandshakeCompletionHandler(p));
p.addListener(future -> {
Expand Down
14 changes: 5 additions & 9 deletions src/main/java/io/vertx/core/impl/VertxImpl.java
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
import io.vertx.core.eventbus.impl.clustered.ClusteredEventBus;
import io.vertx.core.file.FileSystem;
import io.vertx.core.impl.btc.BlockedThreadChecker;
import io.vertx.core.net.impl.NetClientBuilder;
import io.vertx.core.spi.file.FileResolver;
import io.vertx.core.file.impl.FileSystemImpl;
import io.vertx.core.file.impl.WindowsFileSystem;
Expand Down Expand Up @@ -296,19 +297,14 @@ public NetServer createNetServer(NetServerOptions options) {
return new NetServerImpl(this, options);
}

@Override
public NetClient createNetClient(NetClientOptions options, CloseFuture closeFuture) {
NetClientImpl client = new NetClientImpl(this, options, closeFuture);
closeFuture.add(client);
return client;
}

public NetClient createNetClient(NetClientOptions options) {
CloseFuture closeFuture = new CloseFuture(log);
NetClient client = createNetClient(options, closeFuture);
CloseFuture fut = resolveCloseFuture();
fut.add(closeFuture);
return client;
NetClientBuilder builder = new NetClientBuilder(this, options);
builder.metrics(metricsSPI() != null ? metricsSPI().createNetClientMetrics(options) : null);
builder.closeFuture(closeFuture);
return builder.build();
}

@Override
Expand Down
12 changes: 2 additions & 10 deletions src/main/java/io/vertx/core/impl/VertxInternal.java
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@
import io.vertx.core.http.impl.HttpServerImpl;
import io.vertx.core.impl.btc.BlockedThreadChecker;
import io.vertx.core.impl.future.PromiseInternal;
import io.vertx.core.net.NetClient;
import io.vertx.core.net.NetClientOptions;
import io.vertx.core.net.impl.NetClientBuilder;
import io.vertx.core.net.impl.NetServerImpl;
import io.vertx.core.net.impl.ServerID;
import io.vertx.core.net.impl.TCPServerBase;
Expand All @@ -46,6 +46,7 @@
* developers creating vert.x applications
*
* @author <a href="http://tfox.org">Tim Fox</a>
* @author <a href="mailto:julien@julienviet.com">Julien Viet</a>
*/
public interface VertxInternal extends Vertx {

Expand Down Expand Up @@ -85,15 +86,6 @@ public interface VertxInternal extends Vertx {

Transport transport();

/**
* Create a TCP/SSL client using the specified options and close future
*
* @param options the options to use
* @param closeFuture the close future
* @return the client
*/
NetClient createNetClient(NetClientOptions options, CloseFuture closeFuture);

/**
* Create a HTTP/HTTPS client using the specified options and close future
*
Expand Down
5 changes: 0 additions & 5 deletions src/main/java/io/vertx/core/impl/VertxWrapper.java
Original file line number Diff line number Diff line change
Expand Up @@ -414,11 +414,6 @@ public Transport transport() {
return delegate.transport();
}

@Override
public NetClient createNetClient(NetClientOptions options, CloseFuture closeFuture) {
return delegate.createNetClient(options, closeFuture);
}

@Override
public HttpClient createHttpClient(HttpClientOptions options, CloseFuture closeFuture) {
return delegate.createHttpClient(options, closeFuture);
Expand Down
9 changes: 8 additions & 1 deletion src/main/java/io/vertx/core/net/JdkSSLEngineOptions.java
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,12 @@

package io.vertx.core.net;

import io.netty.handler.ssl.SslProvider;
import io.vertx.codegen.annotations.DataObject;
import io.vertx.core.json.JsonObject;
import io.vertx.core.spi.tls.DefaultSslContextFactory;
import io.vertx.core.spi.tls.SslContextFactory;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;

/**
Expand Down Expand Up @@ -70,4 +72,9 @@ public JsonObject toJson() {
public JdkSSLEngineOptions copy() {
return new JdkSSLEngineOptions();
}

@Override
public SslContextFactory sslContextFactory() {
return new DefaultSslContextFactory(SslProvider.JDK, false);
}
}
8 changes: 8 additions & 0 deletions src/main/java/io/vertx/core/net/OpenSSLEngineOptions.java
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,11 @@
package io.vertx.core.net;

import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslProvider;
import io.vertx.codegen.annotations.DataObject;
import io.vertx.core.json.JsonObject;
import io.vertx.core.spi.tls.DefaultSslContextFactory;
import io.vertx.core.spi.tls.SslContextFactory;

/**
* Configures a {@link TCPSSLOptions} to use OpenSsl.
Expand Down Expand Up @@ -86,4 +89,9 @@ public JsonObject toJson() {
public OpenSSLEngineOptions copy() {
return new OpenSSLEngineOptions(this);
}

@Override
public SslContextFactory sslContextFactory() {
return new DefaultSslContextFactory(SslProvider.OPENSSL, sessionCacheEnabled);
}
}
7 changes: 7 additions & 0 deletions src/main/java/io/vertx/core/net/SSLEngineOptions.java
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@

package io.vertx.core.net;

import io.vertx.core.spi.tls.SslContextFactory;

/**
* The SSL engine implementation to use in a Vert.x server or client.
*
Expand All @@ -20,4 +22,9 @@ public abstract class SSLEngineOptions {

public abstract SSLEngineOptions copy();

/**
* @return a {@link SslContextFactory} that will be used to produce the Netty {@code SslContext}
*/
public abstract SslContextFactory sslContextFactory();

}
5 changes: 3 additions & 2 deletions src/main/java/io/vertx/core/net/impl/ChannelProvider.java
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,10 @@
package io.vertx.core.net.impl;

import io.netty.bootstrap.Bootstrap;
import io.netty.buffer.ByteBufAllocator;
import io.netty.channel.*;
import io.netty.handler.proxy.*;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslHandshakeCompletionEvent;
import io.netty.resolver.NoopAddressResolverGroup;
Expand Down Expand Up @@ -107,8 +109,7 @@ private void connect(Handler<Channel> handler, SocketAddress remoteAddress, Sock

private void initSSL(Handler<Channel> handler, SocketAddress peerAddress, String serverName, boolean ssl, boolean useAlpn, Channel ch, Promise<Channel> channelHandler) {
if (ssl) {
SslHandler sslHandler = new SslHandler(sslHelper.createEngine(context.owner(), peerAddress, serverName, useAlpn));
sslHandler.setHandshakeTimeout(sslHelper.getSslHandshakeTimeout(), sslHelper.getSslHandshakeTimeoutUnit());
SslHandler sslHandler = sslHelper.createSslHandler(context.owner(), peerAddress, serverName, useAlpn);
ChannelPipeline pipeline = ch.pipeline();
pipeline.addLast("ssl", sslHandler);
pipeline.addLast(new ChannelInboundHandlerAdapter() {
Expand Down
49 changes: 49 additions & 0 deletions src/main/java/io/vertx/core/net/impl/NetClientBuilder.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
/*
* Copyright (c) 2011-2022 Contributors to the Eclipse Foundation
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
* which is available at https://www.apache.org/licenses/LICENSE-2.0.
*
* SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
*/
package io.vertx.core.net.impl;

import io.vertx.core.impl.CloseFuture;
import io.vertx.core.impl.VertxInternal;
import io.vertx.core.net.NetClient;
import io.vertx.core.net.NetClientOptions;
import io.vertx.core.spi.metrics.TCPMetrics;

/**
* A builder to configure NetClient plugins.
*/
public class NetClientBuilder {

private VertxInternal vertx;
private CloseFuture closeFuture;
private NetClientOptions options;
private TCPMetrics metrics;

public NetClientBuilder(VertxInternal vertx, NetClientOptions options) {
this.vertx = vertx;
this.options = options;
}

public NetClientBuilder closeFuture(CloseFuture closeFuture) {
this.closeFuture = closeFuture;
return this;
}

public NetClientBuilder metrics(TCPMetrics metrics) {
this.metrics = metrics;
return this;
}

public NetClient build() {
NetClientImpl client = new NetClientImpl(vertx, metrics, options, closeFuture);
closeFuture.add(client);
return client;
}
}
Loading