Skip to content

Commit

Permalink
Fixes #5973 - Proxy client TLS authentication example.
Browse files Browse the repository at this point in the history
Examples, in form of test cases for a proxy that uses TLS client authentication
both towards the remote client and towards the server.

Signed-off-by: Simone Bordet <[email protected]>
  • Loading branch information
sbordet committed Feb 15, 2021
1 parent 75183e8 commit 7f867bf
Show file tree
Hide file tree
Showing 5 changed files with 577 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@
import org.eclipse.jetty.util.component.ContainerLifeCycle;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/**
* <p>A ClientConnectionFactory that creates client-side {@link SslConnection} instances.</p>
*/
public class SslClientConnectionFactory implements ClientConnectionFactory
{
public static final String SSL_CONTEXT_FACTORY_CONTEXT_KEY = "ssl.context.factory";
Expand Down Expand Up @@ -120,7 +123,10 @@ public org.eclipse.jetty.io.Connection newConnection(EndPoint endPoint, Map<Stri
{
String host = (String)context.get(SSL_PEER_HOST_CONTEXT_KEY);
int port = (Integer)context.get(SSL_PEER_PORT_CONTEXT_KEY);
SSLEngine engine = sslContextFactory.newSSLEngine(host, port);

SSLEngine engine = sslContextFactory instanceof SslEngineFactory
? ((SslEngineFactory)sslContextFactory).newSslEngine(host, port, context)
: sslContextFactory.newSSLEngine(host, port);
engine.setUseClientMode(true);
context.put(SSL_ENGINE_CONTEXT_KEY, engine);

Expand Down Expand Up @@ -155,6 +161,25 @@ public Connection customize(Connection connection, Map<String, Object> context)
return ClientConnectionFactory.super.customize(connection, context);
}

/**
* <p>A factory for {@link SSLEngine} objects.</p>
* <p>Typically implemented by {@link SslContextFactory.Client}
* to support more flexible creation of SSLEngine instances.</p>
*/
public interface SslEngineFactory
{
/**
* <p>Creates a new {@link SSLEngine} instance for the given peer host and port,
* and with the given context to help the creation of the SSLEngine.</p>
*
* @param host the peer host
* @param port the peer port
* @param context the {@link ClientConnectionFactory} context
* @return a new SSLEngine instance
*/
public SSLEngine newSslEngine(String host, int port, Map<String, Object> context);
}

private class HTTPSHandshakeListener implements SslHandshakeListener
{
private final Map<String, Object> context;
Expand Down
Loading

0 comments on commit 7f867bf

Please sign in to comment.