Skip to content

Commit 82fbcab

Browse files
mkurzmkurz
committed
Bring back SSLParametersConfig (clientAuth, protocols) used in Pekko HTTP < v2 and Akka HTTP <= v10.5
1 parent 2f618dd commit 82fbcab

File tree

1 file changed

+75
-2
lines changed
  • ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl

1 file changed

+75
-2
lines changed

ssl-config-core/src/main/scala/com/typesafe/sslconfig/ssl/Config.scala

Lines changed: 75 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -301,6 +301,34 @@ object SSLLooseConfig {
301301
def getInstance() = apply()
302302
}
303303

304+
/**
305+
* Carries values which will be later set on an [[javax.net.ssl.SSLParameters]] object.
306+
*
307+
* @param clientAuth see [[ClientAuth]] for detailed docs on ClientAuth modes
308+
*/
309+
final class SSLParametersConfig private[sslconfig] (
310+
val clientAuth: ClientAuth = ClientAuth.Default,
311+
val protocols: scala.collection.immutable.Seq[String] = Nil
312+
) {
313+
314+
def withClientAuth(value: com.typesafe.sslconfig.ssl.ClientAuth): SSLParametersConfig = copy(clientAuth = value)
315+
def withProtocols(value: scala.collection.immutable.Seq[String]): SSLParametersConfig = copy(protocols = value)
316+
317+
private def copy(
318+
clientAuth: com.typesafe.sslconfig.ssl.ClientAuth = clientAuth,
319+
protocols: scala.collection.immutable.Seq[String] = protocols
320+
): SSLParametersConfig = new SSLParametersConfig(clientAuth = clientAuth, protocols = protocols)
321+
322+
override def toString =
323+
s"""SSLParametersConfig(${clientAuth},${protocols})"""
324+
}
325+
object SSLParametersConfig {
326+
def apply() = new SSLParametersConfig()
327+
328+
/** Java API */
329+
def getInstance() = apply()
330+
}
331+
304332
/**
305333
* The SSL configuration.
306334
*
@@ -324,6 +352,7 @@ final class SSLConfigSettings private[sslconfig] (
324352
val revocationLists: Option[immutable.Seq[URL]] = None,
325353
val enabledCipherSuites: Option[immutable.Seq[String]] = None,
326354
val enabledProtocols: Option[immutable.Seq[String]] = Some(List("TLSv1.3", "TLSv1.2")),
355+
val sslParametersConfig: SSLParametersConfig = SSLParametersConfig(),
327356
val keyManagerConfig: KeyManagerConfig = KeyManagerConfig(),
328357
val trustManagerConfig: TrustManagerConfig = TrustManagerConfig(),
329358
val hostnameVerifierClass: Class[? <: HostnameVerifier] = classOf[NoopHostnameVerifier],
@@ -347,7 +376,9 @@ final class SSLConfigSettings private[sslconfig] (
347376
def withProtocol(value: String): SSLConfigSettings = copy(protocol = value)
348377
def withRevocationLists(value: Option[scala.collection.immutable.Seq[java.net.URL]]): SSLConfigSettings =
349378
copy(revocationLists = value)
350-
def withSecureRandom(value: Option[java.security.SecureRandom]): SSLConfigSettings = copy(secureRandom = value)
379+
def withSecureRandom(value: Option[java.security.SecureRandom]): SSLConfigSettings = copy(secureRandom = value)
380+
def withSslParametersConfig(value: com.typesafe.sslconfig.ssl.SSLParametersConfig): SSLConfigSettings =
381+
copy(sslParametersConfig = value)
351382
def withTrustManagerConfig(value: com.typesafe.sslconfig.ssl.TrustManagerConfig): SSLConfigSettings =
352383
copy(trustManagerConfig = value)
353384

@@ -363,6 +394,7 @@ final class SSLConfigSettings private[sslconfig] (
363394
protocol: String = protocol,
364395
revocationLists: Option[scala.collection.immutable.Seq[java.net.URL]] = revocationLists,
365396
secureRandom: Option[java.security.SecureRandom] = secureRandom,
397+
sslParametersConfig: com.typesafe.sslconfig.ssl.SSLParametersConfig = sslParametersConfig,
366398
trustManagerConfig: com.typesafe.sslconfig.ssl.TrustManagerConfig = trustManagerConfig
367399
): SSLConfigSettings = new SSLConfigSettings(
368400
checkRevocation = checkRevocation,
@@ -376,11 +408,12 @@ final class SSLConfigSettings private[sslconfig] (
376408
protocol = protocol,
377409
revocationLists = revocationLists,
378410
secureRandom = secureRandom,
411+
sslParametersConfig = sslParametersConfig,
379412
trustManagerConfig = trustManagerConfig
380413
)
381414

382415
override def toString =
383-
s"""SSLConfig(${checkRevocation},${debug},${default},${enabledCipherSuites},${enabledProtocols},${hostnameVerifierClass},${keyManagerConfig},${loose},${protocol},${revocationLists},${secureRandom},${trustManagerConfig})"""
416+
s"""SSLConfig(${checkRevocation},${debug},${default},${enabledCipherSuites},${enabledProtocols},${hostnameVerifierClass},${keyManagerConfig},${loose},${protocol},${revocationLists},${secureRandom},${sslParametersConfig},${trustManagerConfig})"""
384417
}
385418
object SSLConfigSettings {
386419
def apply() = new SSLConfigSettings()
@@ -440,6 +473,8 @@ class SSLConfigParser(c: EnrichedConfig, classLoader: ClassLoader, loggerFactory
440473

441474
val trustManagers = parseTrustManager(c.get[EnrichedConfig]("trustManager"))
442475

476+
val sslParametersConfig = parseSSLParameters(c.get[EnrichedConfig]("sslParameters"))
477+
443478
new SSLConfigSettings(
444479
default = default,
445480
protocol = protocol,
@@ -449,6 +484,7 @@ class SSLConfigParser(c: EnrichedConfig, classLoader: ClassLoader, loggerFactory
449484
enabledProtocols = protocols,
450485
keyManagerConfig = keyManagers,
451486
hostnameVerifierClass = hostnameVerifierClass,
487+
sslParametersConfig = sslParametersConfig,
452488
trustManagerConfig = trustManagers,
453489
secureRandom = None,
454490
debug = debug,
@@ -575,4 +611,41 @@ class SSLConfigParser(c: EnrichedConfig, classLoader: ClassLoader, loggerFactory
575611

576612
new TrustManagerConfig(algorithm, trustStoreInfos)
577613
}
614+
615+
def parseSSLParameters(config: EnrichedConfig): SSLParametersConfig = {
616+
// could instantiate SSLParameters directly, but seems less clean, here we only parse config
617+
618+
val clientAuth = config.getOptional[String]("clientAuth") match {
619+
case Some("none") => ClientAuth.None
620+
case Some("want") => ClientAuth.Want
621+
case Some("need") => ClientAuth.Need
622+
case None | Some(_) => ClientAuth.Default
623+
}
624+
625+
val protocols = config.getSeq[String]("protocols")
626+
627+
new SSLParametersConfig(clientAuth, protocols)
628+
}
629+
}
630+
631+
/**
632+
* An SSLEngine can either demand, allow or ignore its peer’s authentication
633+
* (via certificates), where `Need` will fail the handshake if the peer does
634+
* not provide valid credentials, `Want` allows the peer to send credentials
635+
* and verifies them if provided, and `None` disables peer certificate
636+
* verification.
637+
*
638+
* See the documentation for `SSLEngine::setWantClientAuth` for more information.
639+
*/
640+
sealed abstract class ClientAuth
641+
object ClientAuth {
642+
case object Default extends ClientAuth
643+
case object None extends ClientAuth
644+
case object Want extends ClientAuth
645+
case object Need extends ClientAuth
646+
647+
def none: ClientAuth = None
648+
def want: ClientAuth = Want
649+
def need: ClientAuth = Need
650+
def defaultAuth: ClientAuth = Default // since `default` is a Java keyword
578651
}

0 commit comments

Comments
 (0)