Add SSLSocketFactory backed by ServiceIdentityProvider

author: Bjørn Christian Seime <bjorncs@oath.com> 2018-08-14 17:18:30 +0200
committer: Bjørn Christian Seime <bjorncs@oath.com> 2018-08-14 17:24:01 +0200
commit: b5372449f984816354711268a0d2e9bd3b1fdaac (patch)
tree: 682f35f8c452ec27207d883694f4c32933b634bd /vespa-athenz
parent: f7f6a7a4d2129e27c3753c330f584dfc5e27f014 (diff)
1 files changed, 100 insertions, 0 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/ServiceIdentitySslSocketFactory.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/ServiceIdentitySslSocketFactory.java
new file mode 100644
index 00000000000..85432b77908
--- /dev/null
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/ServiceIdentitySslSocketFactory.java
@@ -0,0 +1,100 @@
+// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.athenz.identity;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.util.function.Supplier;
+
+/**
+ * A {@link SSLSocketFactory} that creates sockets through the {@link SSLContext} provided by {@link ServiceIdentityProvider}.
+ *
+ * Note: the implementation assumes that the set of default/supported cipher suites is static for a given {@link ServiceIdentityProvider} instance.
+ *
+ * @author bjorncs
+ */
+public class ServiceIdentitySslSocketFactory extends SSLSocketFactory {
+
+    private final Object monitor = new Object();
+    private final Supplier<SSLContext> sslContextSupplier;
+    private final String[] defaultCipherSuites;
+    private final String[] supportedCipherSuites;
+    private SSLContext sslContext;
+    private SSLSocketFactory sslSocketFactory;
+
+    public ServiceIdentitySslSocketFactory(ServiceIdentityProvider serviceIdentityProvider) {
+        this(serviceIdentityProvider::getIdentitySslContext);
+    }
+
+    public ServiceIdentitySslSocketFactory(Supplier<SSLContext> sslContextSupplier) {
+        super();
+        SSLContext sslContext = sslContextSupplier.get();
+        SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
+        this.sslContextSupplier = sslContextSupplier;
+        this.defaultCipherSuites = sslSocketFactory.getDefaultCipherSuites();
+        this.supportedCipherSuites = sslSocketFactory.getSupportedCipherSuites();
+        this.sslContext = sslContext;
+        this.sslSocketFactory = sslSocketFactory;
+    }
+
+    private SSLSocketFactory currentSslSocketFactory() {
+        SSLContext currentSslContext = sslContextSupplier.get();
+        synchronized (monitor) {
+            if (currentSslContext != sslContext) {
+                sslContext = currentSslContext;
+                sslSocketFactory = currentSslContext.getSocketFactory();
+            }
+            return sslSocketFactory;
+        }
+    }
+
+    @Override
+    public String[] getDefaultCipherSuites() {
+        return defaultCipherSuites;
+    }
+
+    @Override
+    public String[] getSupportedCipherSuites() {
+        return supportedCipherSuites;
+    }
+
+    @Override
+    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
+        return currentSslSocketFactory().createSocket(s, host, port, autoClose);
+    }
+
+    @Override
+    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
+        return currentSslSocketFactory().createSocket(host, port);
+    }
+
+    @Override
+    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
+        return currentSslSocketFactory().createSocket(host, port, localHost, localPort);
+    }
+
+    @Override
+    public Socket createSocket(InetAddress host, int port) throws IOException {
+        return currentSslSocketFactory().createSocket(host, port);
+    }
+
+    @Override
+    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
+        return currentSslSocketFactory().createSocket(address, port, localAddress, localPort);
+    }
+
+    @Override
+    public Socket createSocket(Socket s, InputStream consumed, boolean autoClose) throws IOException {
+        return currentSslSocketFactory().createSocket(s, consumed, autoClose);
+    }
+
+    @Override
+    public Socket createSocket() throws IOException {
+        return currentSslSocketFactory().createSocket();
+    }
+
+}
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-08-14 17:18:30 +0200
committer	Bjørn Christian Seime <bjorncs@oath.com>	2018-08-14 17:24:01 +0200
commit	b5372449f984816354711268a0d2e9bd3b1fdaac (patch)
tree	682f35f8c452ec27207d883694f4c32933b634bd /vespa-athenz
parent	f7f6a7a4d2129e27c3753c330f584dfc5e27f014 (diff)