Refactor and unify client/server code in SslChannelProvider/SslContextProvider

vietj · vietj · commit 5e1cae2cc786 · 2024-02-06T15:16:57.000+01:00
diff --git a/src/main/java/io/vertx/core/net/impl/SslChannelProvider.java b/src/main/java/io/vertx/core/net/impl/SslChannelProvider.java
@@ -27,8 +27,6 @@
 import java.util.concurrent.Executor;
 import java.util.concurrent.TimeUnit;
 
-import static io.vertx.core.net.impl.SslContextProvider.createTrustAllTrustManager;
-
 /**
  * Provider for {@link SslHandler} and {@link SniHandler}.
  * <br/>
@@ -60,40 +58,34 @@ public SslContextProvider sslContextProvider() {
   }
 
   public SslContext sslClientContext(String serverName, boolean useAlpn, boolean trustAll) {
+    try {
+      return sslContext(serverName, useAlpn, false, trustAll);
+    } catch (Exception e) {
+      throw new VertxException(e);
+    }
+  }
+
+  public SslContext sslContext(String serverName, boolean useAlpn, boolean server, boolean trustAll) throws Exception {
     int idx = idx(useAlpn);
     if (serverName == null) {
       if (sslContexts[idx] == null) {
-        SslContext context = sslContextProvider.createClientContext(useAlpn, trustAll);
+        SslContext context = sslContextProvider.createContext(server, null, null, null, useAlpn, trustAll);
         sslContexts[idx] = context;
       }
       return sslContexts[idx];
     } else {
-      KeyManagerFactory kmf;
-      try {
-        kmf = sslContextProvider.resolveKeyManagerFactory(serverName);
-      } catch (Exception e) {
-        throw new VertxException(e);
-      }
-      TrustManager[] trustManagers;
-      if (trustAll) {
-        trustManagers = new TrustManager[] { createTrustAllTrustManager() };
-      } else {
-        try {
-          trustManagers = sslContextProvider.resolveTrustManagers(serverName);
-        } catch (Exception e) {
-          throw new VertxException(e);
-        }
-      }
-      return sslContextMaps[idx].computeIfAbsent(serverName, s -> sslContextProvider.createClientContext(kmf, trustManagers, s, useAlpn));
+      KeyManagerFactory kmf = sslContextProvider.resolveKeyManagerFactory(serverName);
+      TrustManager[] trustManagers = trustAll ? null : sslContextProvider.resolveTrustManagers(serverName);
+      return sslContextMaps[idx].computeIfAbsent(serverName, s -> sslContextProvider.createContext(server, kmf, trustManagers, s, useAlpn, trustAll));
     }
   }
 
   public SslContext sslServerContext(boolean useAlpn) {
-    int idx = idx(useAlpn);
-    if (sslContexts[idx] == null) {
-      sslContexts[idx] = sslContextProvider.createServerContext(useAlpn);
+    try {
+      return sslContext(null, useAlpn, true, false);
+    } catch (Exception e) {
+      throw new VertxException(e);
     }
-    return sslContexts[idx];
   }
 
   /**
@@ -104,27 +96,14 @@ public SslContext sslServerContext(boolean useAlpn) {
   public AsyncMapping<? super String, ? extends SslContext> serverNameMapping(boolean useAlpn) {
     return (AsyncMapping<String, SslContext>) (serverName, promise) -> {
       workerPool.execute(() -> {
-        if (serverName == null) {
-          promise.setSuccess(sslServerContext(useAlpn));
-        } else {
-          KeyManagerFactory kmf;
-          try {
-            kmf = sslContextProvider.resolveKeyManagerFactory(serverName);
-          } catch (Exception e) {
-            promise.setFailure(e);
-            return;
-          }
-          TrustManager[] trustManagers;
-          try {
-            trustManagers = sslContextProvider.resolveTrustManagers(serverName);
-          } catch (Exception e) {
-            promise.setFailure(e);
-            return;
-          }
-          int idx = idx(useAlpn);
-          SslContext sslContext = sslContextMaps[idx].computeIfAbsent(serverName, s -> sslContextProvider.createServerContext(kmf, trustManagers, s, useAlpn));
-          promise.setSuccess(sslContext);
+        SslContext sslContext;
+        try {
+          sslContext = sslContext(serverName, useAlpn, true, false);
+        } catch (Exception e) {
+          promise.setFailure(e);
+          return;
         }
+        promise.setSuccess(sslContext);
       });
       return promise;
     };
diff --git a/src/main/java/io/vertx/core/net/impl/SslContextProvider.java b/src/main/java/io/vertx/core/net/impl/SslContextProvider.java
@@ -66,16 +66,29 @@ public SslContextProvider(ClientAuth clientAuth,
     this.crls = crls;
   }
 
-  public VertxSslContext createClientContext(
-    boolean useAlpn,
-    boolean trustAll) {
-    TrustManager[] trustManagers = null;
+  public VertxSslContext createContext(boolean server,
+                                       KeyManagerFactory keyManagerFactory,
+                                       TrustManager[] trustManagers,
+                                       String serverName,
+                                       boolean useAlpn,
+                                       boolean trustAll) {
+    if (keyManagerFactory == null) {
+      keyManagerFactory = defaultKeyManagerFactory();
+    }
     if (trustAll) {
-      trustManagers = new TrustManager[] { createTrustAllTrustManager() };
-    } else if (trustManagerFactory != null) {
-      trustManagers = trustManagerFactory.getTrustManagers();
+      trustManagers = SslContextProvider.createTrustAllManager();
+    } else if (trustManagers == null) {
+      trustManagers = defaultTrustManagers();
     }
-    return createClientContext(keyManagerFactory, trustManagers, null, useAlpn);
+    if (server) {
+      return createServerContext(keyManagerFactory, trustManagers, serverName, useAlpn);
+    } else {
+      return createClientContext(keyManagerFactory, trustManagers, serverName, useAlpn);
+    }
+  }
+
+  public VertxSslContext createContext(boolean server, boolean useAlpn) {
+    return createContext(server, defaultKeyManagerFactory(), defaultTrustManagers(), null, useAlpn, false);
   }
 
   public VertxSslContext createClientContext(
@@ -108,10 +121,6 @@ protected void initEngine(SSLEngine engine) {
     }
   }
 
-  public VertxSslContext createServerContext(boolean useAlpn) {
-    return createServerContext(keyManagerFactory, trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null, null, useAlpn);
-  }
-
   public VertxSslContext createServerContext(KeyManagerFactory keyManagerFactory,
                                         TrustManager[] trustManagers,
                                         String serverName,
@@ -152,6 +161,18 @@ public KeyManagerFactory loadKeyManagerFactory(String serverName) throws Excepti
     return null;
   }
 
+  public TrustManager[] defaultTrustManagers() {
+    return trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null;
+  }
+
+  public TrustManagerFactory defaultTrustManagerFactory() {
+    return trustManagerFactory;
+  }
+
+  public KeyManagerFactory defaultKeyManagerFactory() {
+    return keyManagerFactory;
+  }
+
   /**
    * Resolve the {@link KeyManagerFactory} for the {@code serverName}, when a factory cannot be resolved, the default
    * factory is returned.
@@ -242,22 +263,24 @@ public X509Certificate[] getAcceptedIssuers() {
     return trustMgrs;
   }
 
-  // Create a TrustManager which trusts everything
-  static TrustManager createTrustAllTrustManager() {
-    return new X509TrustManager() {
-      @Override
-      public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
-      }
+  private static final TrustManager TRUST_ALL_MANAGER = new X509TrustManager() {
+    @Override
+    public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+    }
 
-      @Override
-      public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
-      }
+    @Override
+    public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+    }
 
-      @Override
-      public X509Certificate[] getAcceptedIssuers() {
-        return new X509Certificate[0];
-      }
-    };
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+      return new X509Certificate[0];
+    }
+  };
+
+  // Create a TrustManager which trusts everything
+  private static TrustManager[] createTrustAllManager() {
+    return new TrustManager[] { TRUST_ALL_MANAGER };
   }
 
   public void configureEngine(SSLEngine engine, Set<String> enabledProtocols, String serverName, boolean client) {
diff --git a/src/test/java/io/vertx/core/net/impl/SSLHelperTest.java b/src/test/java/io/vertx/core/net/impl/SSLHelperTest.java
@@ -45,7 +45,7 @@ public void testUseJdkCiphersWhenNotSpecified() throws Exception {
     helper
       .buildContextProvider(new SSLOptions().setKeyCertOptions(Cert.CLIENT_JKS.get()).setTrustOptions(Trust.SERVER_JKS.get()), null, ClientAuth.NONE, null, false, (ContextInternal) vertx.getOrCreateContext())
       .onComplete(onSuccess(provider -> {
-        SslContext ctx = provider.createClientContext(false, false);
+        SslContext ctx = provider.createContext(false, false);
         assertEquals(new HashSet<>(Arrays.asList(expected)), new HashSet<>(ctx.cipherSuites()));
         testComplete();
     }));
@@ -57,7 +57,7 @@ public void testUseOpenSSLCiphersWhenNotSpecified() throws Exception {
     Set<String> expected = OpenSsl.availableOpenSslCipherSuites();
     SSLHelper helper = new SSLHelper(new OpenSSLEngineOptions());
     helper.buildContextProvider(new SSLOptions().setKeyCertOptions(Cert.CLIENT_PEM.get()).setTrustOptions(Trust.SERVER_PEM.get()), null, ClientAuth.NONE, null, false, (ContextInternal) vertx.getOrCreateContext()).onComplete(onSuccess(provider -> {
-      SslContext ctx = provider.createClientContext(false, false);
+      SslContext ctx = provider.createContext(false, false);
       assertEquals(expected, new HashSet<>(ctx.cipherSuites()));
       testComplete();
     }));
@@ -91,7 +91,7 @@ private void testOpenSslServerSessionContext(boolean testDefault){
     defaultHelper
       .buildContextProvider(sslOptions, null, ClientAuth.NONE, null, false, (ContextInternal) vertx.getOrCreateContext())
       .onComplete(onSuccess(provider -> {
-        SslContext ctx = provider.createServerContext(false);
+        SslContext ctx = provider.createContext(true, false);
 
         SSLSessionContext sslSessionContext = ctx.sessionContext();
         assertTrue(sslSessionContext instanceof OpenSslServerSessionContext);
@@ -201,6 +201,6 @@ private void testTLSVersions(SSLOptions options, Consumer<SSLEngine> check) {
   }
 
   public SSLEngine createEngine(SslContextProvider provider) {
-    return provider.createClientContext(false, false).newEngine(ByteBufAllocator.DEFAULT);
+    return provider.createContext(false, false).newEngine(ByteBufAllocator.DEFAULT);
   }
 }
diff --git a/src/test/java/io/vertx/it/SSLEngineTest.java b/src/test/java/io/vertx/it/SSLEngineTest.java
@@ -99,7 +99,7 @@ private void doTest(SSLEngineOptions engine,
       }
     }
     SslContextProvider provider = ((HttpServerImpl)server).sslContextProvider();
-    SslContext ctx = provider.createClientContext(false, false);
+    SslContext ctx = provider.createContext(false, false);
     switch (expectedSslContext != null ? expectedSslContext : "jdk") {
       case "jdk":
         assertTrue(ctx.sessionContext().getClass().getName().equals("sun.security.ssl.SSLSessionContextImpl"));

Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@ private void doTest(SSLEngineOptions engine,`
`99`	`99`	`}`
`100`	`100`	`}`
`101`	`101`	`SslContextProvider provider = ((HttpServerImpl)server).sslContextProvider();`
`102`		`- SslContext ctx = provider.createClientContext(false, false);`
	`102`	`+ SslContext ctx = provider.createContext(false, false);`
`103`	`103`	`switch (expectedSslContext != null ? expectedSslContext : "jdk") {`
`104`	`104`	`case "jdk":`
`105`	`105`	`assertTrue(ctx.sessionContext().getClass().getName().equals("sun.security.ssl.SSLSessionContextImpl"));`