From 927a295add7a705ecc5396b64790800e62a9850f Mon Sep 17 00:00:00 2001 From: md_5 Date: Thu, 4 Jul 2013 11:48:09 +1000 Subject: [PATCH] Add SSL support --- .../java/net/md_5/bungee/http/HttpClient.java | 2 +- .../net/md_5/bungee/http/HttpInitializer.java | 14 +++++--- .../md_5/bungee/http/TrustingX509Manager.java | 32 +++++++++++++++++++ 3 files changed, 43 insertions(+), 5 deletions(-) create mode 100644 http/src/main/java/net/md_5/bungee/http/TrustingX509Manager.java diff --git a/http/src/main/java/net/md_5/bungee/http/HttpClient.java b/http/src/main/java/net/md_5/bungee/http/HttpClient.java index 5fe1fbbac..65d3c246c 100644 --- a/http/src/main/java/net/md_5/bungee/http/HttpClient.java +++ b/http/src/main/java/net/md_5/bungee/http/HttpClient.java @@ -66,6 +66,6 @@ public class HttpClient } }; - new Bootstrap().channel( NioSocketChannel.class ).group( eventLoop ).handler( new HttpInitializer( url, port, ssl ) ).remoteAddress( uri.getHost(), port ).connect().addListener( future ); + new Bootstrap().channel( NioSocketChannel.class ).group( eventLoop ).handler( new HttpInitializer( ssl ) ).remoteAddress( uri.getHost(), port ).connect().addListener( future ); } } diff --git a/http/src/main/java/net/md_5/bungee/http/HttpInitializer.java b/http/src/main/java/net/md_5/bungee/http/HttpInitializer.java index 2ff7e6edf..196791077 100644 --- a/http/src/main/java/net/md_5/bungee/http/HttpInitializer.java +++ b/http/src/main/java/net/md_5/bungee/http/HttpInitializer.java @@ -6,14 +6,13 @@ import io.netty.handler.codec.http.HttpClientCodec; import io.netty.handler.ssl.SslHandler; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; +import javax.net.ssl.TrustManager; import lombok.RequiredArgsConstructor; @RequiredArgsConstructor public class HttpInitializer extends ChannelInitializer { - private final String host; - private final int port; private final boolean ssl; @Override @@ -21,8 +20,15 @@ public class HttpInitializer extends ChannelInitializer { if ( ssl ) { - SSLContext context = SSLContext.getDefault(); - SSLEngine engine = context.createSSLEngine( host, port ); + SSLContext context = SSLContext.getInstance( "TLS" ); + context.init( null, new TrustManager[] + { + TrustingX509Manager.getInstance() + }, null ); + + SSLEngine engine = context.createSSLEngine(); + engine.setUseClientMode( true ); + ch.pipeline().addLast( "ssl", new SslHandler( engine ) ); } ch.pipeline().addLast( "http", new HttpClientCodec() ); diff --git a/http/src/main/java/net/md_5/bungee/http/TrustingX509Manager.java b/http/src/main/java/net/md_5/bungee/http/TrustingX509Manager.java new file mode 100644 index 000000000..d0dfa6549 --- /dev/null +++ b/http/src/main/java/net/md_5/bungee/http/TrustingX509Manager.java @@ -0,0 +1,32 @@ +package net.md_5.bungee.http; + +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import javax.net.ssl.X509TrustManager; +import lombok.AccessLevel; +import lombok.Getter; +import lombok.NoArgsConstructor; + +@NoArgsConstructor(access = AccessLevel.PRIVATE) +public class TrustingX509Manager implements X509TrustManager +{ + + @Getter + private static final X509TrustManager instance = new TrustingX509Manager(); + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException + { + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException + { + } + + @Override + public X509Certificate[] getAcceptedIssuers() + { + return new X509Certificate[ 0 ]; + } +}