use of org.xnio.SslClientAuthMode in project undertow by undertow-io.
the class UndertowAcceptingSslChannel method accept.
public UndertowSslConnection accept() throws IOException {
final StreamConnection tcpConnection = tcpServer.accept();
if (tcpConnection == null) {
return null;
}
try {
final InetSocketAddress peerAddress = tcpConnection.getPeerAddress(InetSocketAddress.class);
final SSLEngine engine = ssl.getSslContext().createSSLEngine(getHostNameNoResolve(peerAddress), peerAddress.getPort());
final boolean clientMode = useClientMode != 0;
engine.setUseClientMode(clientMode);
if (!clientMode) {
final SslClientAuthMode clientAuthMode = UndertowAcceptingSslChannel.this.clientAuthMode;
if (clientAuthMode != null)
switch(clientAuthMode) {
case NOT_REQUESTED:
engine.setNeedClientAuth(false);
engine.setWantClientAuth(false);
break;
case REQUESTED:
engine.setWantClientAuth(true);
break;
case REQUIRED:
engine.setNeedClientAuth(true);
break;
default:
throw new IllegalStateException();
}
}
engine.setEnableSessionCreation(enableSessionCreation != 0);
final String[] cipherSuites = UndertowAcceptingSslChannel.this.cipherSuites;
if (cipherSuites != null) {
final Set<String> supported = new HashSet<>(Arrays.asList(engine.getSupportedCipherSuites()));
final List<String> finalList = new ArrayList<>();
for (String name : cipherSuites) {
if (supported.contains(name)) {
finalList.add(name);
}
}
engine.setEnabledCipherSuites(finalList.toArray(new String[finalList.size()]));
}
final String[] protocols = UndertowAcceptingSslChannel.this.protocols;
if (protocols != null) {
final Set<String> supported = new HashSet<>(Arrays.asList(engine.getSupportedProtocols()));
final List<String> finalList = new ArrayList<>();
for (String name : protocols) {
if (supported.contains(name)) {
finalList.add(name);
}
}
engine.setEnabledProtocols(finalList.toArray(new String[finalList.size()]));
}
return accept(tcpConnection, engine);
} catch (IOException | RuntimeException e) {
IoUtils.safeClose(tcpConnection);
UndertowLogger.REQUEST_LOGGER.failedToAcceptSSLRequest(e);
return null;
}
}
use of org.xnio.SslClientAuthMode in project undertow by undertow-io.
the class ConnectionSSLSessionInfo method renegotiateNoRequest.
public void renegotiateNoRequest(HttpServerExchange exchange, SslClientAuthMode newAuthMode) throws IOException {
AbstractServerConnection.ConduitState oldState = serverConnection.resetChannel();
try {
SslClientAuthMode sslClientAuthMode = channel.getOption(Options.SSL_CLIENT_AUTH_MODE);
if (sslClientAuthMode == SslClientAuthMode.NOT_REQUESTED) {
SslHandshakeWaiter waiter = new SslHandshakeWaiter();
channel.getHandshakeSetter().set(waiter);
//we use requested, to place nicely with other auth modes
channel.setOption(Options.SSL_CLIENT_AUTH_MODE, newAuthMode);
channel.getSslSession().invalidate();
channel.startHandshake();
serverConnection.getOriginalSinkConduit().flush();
ByteBuffer buff = ByteBuffer.wrap(new byte[1]);
long end = System.currentTimeMillis() + MAX_RENEGOTIATION_WAIT;
while (!waiter.isDone() && serverConnection.isOpen() && System.currentTimeMillis() < end) {
int read = serverConnection.getSourceChannel().read(buff);
if (read != 0) {
throw new SSLPeerUnverifiedException("");
}
if (!waiter.isDone()) {
serverConnection.getSourceChannel().awaitReadable(end - System.currentTimeMillis(), TimeUnit.MILLISECONDS);
}
}
if (!waiter.isDone()) {
if (serverConnection.isOpen()) {
IoUtils.safeClose(serverConnection);
throw UndertowMessages.MESSAGES.rengotiationTimedOut();
} else {
IoUtils.safeClose(serverConnection);
throw UndertowMessages.MESSAGES.rengotiationFailed();
}
}
}
} finally {
if (oldState != null) {
serverConnection.restoreChannel(oldState);
}
}
}
Aggregations