johnou · February 5, 2020 11:18
diff --git a/DefaultSslEngineFactory.java b/DefaultSslEngineFactory.java
 /*
 * Copyright (c) 2015 AsyncHttpClient Project. All rights reserved.
 *
 * This program is licensed to you under the Apache License Version 2.0,
 * and you may not use this file except in compliance with the Apache License Version 2.0.
 * You may obtain a copy of the Apache License Version 2.0 at
 *     http://www.apache.org/licenses/LICENSE-2.0.
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the Apache License Version 2.0 is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
 */
 package org.asynchttpclient.netty.ssl;

 import io.netty.buffer.ByteBufAllocator;
 import io.netty.handler.ssl.IdentityCipherSuiteFilter;
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.SslProvider;
 import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
 import io.netty.util.ReferenceCountUtil;
 import org.asynchttpclient.AsyncHttpClientConfig;

 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLException;
 import java.util.Arrays;

 import static org.asynchttpclient.util.MiscUtils.isNonEmpty;

 public class DefaultSslEngineFactory extends SslEngineFactoryBase {

  private volatile SslContext sslContext;
  private volatile boolean allowReleaseSslContext;

  private SslContext buildSslContext(AsyncHttpClientConfig config) throws SSLException {
    allowReleaseSslContext = config.getSslContext() == null;
    if (allowReleaseSslContext) {
      SslContextBuilder sslContextBuilder = SslContextBuilder.forClient()
                                                             .sslProvider(config.isUseOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK)
                                                             .sessionCacheSize(config.getSslSessionCacheSize())
                                                             .sessionTimeout(config.getSslSessionTimeout());

      if (isNonEmpty(config.getEnabledProtocols())) {
        sslContextBuilder.protocols(config.getEnabledProtocols());
      }

      if (isNonEmpty(config.getEnabledCipherSuites())) {
        sslContextBuilder.ciphers(Arrays.asList(config.getEnabledCipherSuites()));
      } else if (!config.isFilterInsecureCipherSuites()) {
        sslContextBuilder.ciphers(null, IdentityCipherSuiteFilter.INSTANCE_DEFAULTING_TO_SUPPORTED_CIPHERS);
      }

      if (config.isUseInsecureTrustManager()) {
        sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
      }

      return configureSslContextBuilder(sslContextBuilder).build();
    } else {
      return config.getSslContext();
    }
  }

  @Override
  public SSLEngine newSslEngine(AsyncHttpClientConfig config, String peerHost, int peerPort) {
    SSLEngine sslEngine =
      config.isDisableHttpsEndpointIdentificationAlgorithm() ?
        sslContext.newEngine(ByteBufAllocator.DEFAULT) :
        sslContext.newEngine(ByteBufAllocator.DEFAULT, domain(peerHost), peerPort);
    configureSslEngine(sslEngine, config);
    return sslEngine;
  }

  @Override
  public void init(AsyncHttpClientConfig config) throws SSLException {
    sslContext = buildSslContext(config);
  }

  @Override
  public void destroy() {
    if (allowReleaseSslContext) {
      ReferenceCountUtil.release(sslContext);
    }
  }

  /**
   * The last step of configuring the SslContextBuilder used to create an SslContext when no context is provided in the {@link AsyncHttpClientConfig}. This defaults to no-op and
   * is intended to be overridden as needed.
   *
   * @param builder builder with normal configuration applied
   * @return builder to be used to build context (can be the same object as the input)
   */
  protected SslContextBuilder configureSslContextBuilder(SslContextBuilder builder) {
    // default to no op
    return builder;
  }
 }
	/*
	* Copyright (c) 2015 AsyncHttpClient Project. All rights reserved.
	*
	* This program is licensed to you under the Apache License Version 2.0,
	* and you may not use this file except in compliance with the Apache License Version 2.0.
	* You may obtain a copy of the Apache License Version 2.0 at
	* http://www.apache.org/licenses/LICENSE-2.0.
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the Apache License Version 2.0 is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
	*/
	package org.asynchttpclient.netty.ssl;

	import io.netty.buffer.ByteBufAllocator;
	import io.netty.handler.ssl.IdentityCipherSuiteFilter;
	import io.netty.handler.ssl.SslContext;
	import io.netty.handler.ssl.SslContextBuilder;
	import io.netty.handler.ssl.SslProvider;
	import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
	import io.netty.util.ReferenceCountUtil;
	import org.asynchttpclient.AsyncHttpClientConfig;

	import javax.net.ssl.SSLEngine;
	import javax.net.ssl.SSLException;
	import java.util.Arrays;

	import static org.asynchttpclient.util.MiscUtils.isNonEmpty;

	public class DefaultSslEngineFactory extends SslEngineFactoryBase {

	private volatile SslContext sslContext;
	private volatile boolean allowReleaseSslContext;

	private SslContext buildSslContext(AsyncHttpClientConfig config) throws SSLException {
	allowReleaseSslContext = config.getSslContext() == null;
	if (allowReleaseSslContext) {
	SslContextBuilder sslContextBuilder = SslContextBuilder.forClient()
	.sslProvider(config.isUseOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK)
	.sessionCacheSize(config.getSslSessionCacheSize())
	.sessionTimeout(config.getSslSessionTimeout());

	if (isNonEmpty(config.getEnabledProtocols())) {
	sslContextBuilder.protocols(config.getEnabledProtocols());
	}

	if (isNonEmpty(config.getEnabledCipherSuites())) {
	sslContextBuilder.ciphers(Arrays.asList(config.getEnabledCipherSuites()));
	} else if (!config.isFilterInsecureCipherSuites()) {
	sslContextBuilder.ciphers(null, IdentityCipherSuiteFilter.INSTANCE_DEFAULTING_TO_SUPPORTED_CIPHERS);
	}

	if (config.isUseInsecureTrustManager()) {
	sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
	}

	return configureSslContextBuilder(sslContextBuilder).build();
	} else {
	return config.getSslContext();
	}
	}

	@Override
	public SSLEngine newSslEngine(AsyncHttpClientConfig config, String peerHost, int peerPort) {
	SSLEngine sslEngine =
	config.isDisableHttpsEndpointIdentificationAlgorithm() ?
	sslContext.newEngine(ByteBufAllocator.DEFAULT) :
	sslContext.newEngine(ByteBufAllocator.DEFAULT, domain(peerHost), peerPort);
	configureSslEngine(sslEngine, config);
	return sslEngine;
	}

	@Override
	public void init(AsyncHttpClientConfig config) throws SSLException {
	sslContext = buildSslContext(config);
	}

	@Override
	public void destroy() {
	if (allowReleaseSslContext) {
	ReferenceCountUtil.release(sslContext);
	}
	}

	/**
	* The last step of configuring the SslContextBuilder used to create an SslContext when no context is provided in the {@link AsyncHttpClientConfig}. This defaults to no-op and
	* is intended to be overridden as needed.
	*
	* @param builder builder with normal configuration applied
	* @return builder to be used to build context (can be the same object as the input)
	*/
	protected SslContextBuilder configureSslContextBuilder(SslContextBuilder builder) {
	// default to no op
	return builder;
	}
	}