WillemJiang closed pull request #573: [SCB-368] supports openssl engine for ssl 
communication
URL: https://github.com/apache/incubator-servicecomb-java-chassis/pull/573
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/foundations/foundation-ssl/pom.xml 
b/foundations/foundation-ssl/pom.xml
index c5f1faac8..92d99a0e1 100644
--- a/foundations/foundation-ssl/pom.xml
+++ b/foundations/foundation-ssl/pom.xml
@@ -39,6 +39,10 @@
                        <groupId>org.slf4j</groupId>
                        <artifactId>slf4j-api</artifactId>
                </dependency>
+               <dependency>
+                       <groupId>io.netty</groupId>
+                       <artifactId>netty-tcnative-boringssl-static</artifactId>
+               </dependency>           
                <dependency>
                        <groupId>org.slf4j</groupId>
                        <artifactId>slf4j-log4j12</artifactId>
diff --git 
a/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java
 
b/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java
index 716a2ae8b..012ad8073 100644
--- 
a/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java
+++ 
b/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java
@@ -44,6 +44,7 @@
       + "TLS_RSA_WITH_AES_128_GCM_SHA256";
 
   static {
+    DEFAULT_OPTION.setEngine("jdk");
     DEFAULT_OPTION.setProtocols("TLSv1.2");
     DEFAULT_OPTION.setCiphers(DEFAUL_CIPHERS);
     DEFAULT_OPTION.setAuthPeer(false);
@@ -61,6 +62,8 @@
     DEFAULT_OPTION.setCrl("revoke.crl");
   }
 
+  private String engine;
+
   private String protocols;
 
   private String ciphers;
@@ -93,6 +96,14 @@
 
   private String sslCustomClass;
 
+  public String getEngine() {
+    return engine;
+  }
+
+  public void setEngine(String engine) {
+    this.engine = engine;
+  }
+
   public void setProtocols(String protocols) {
     this.protocols = protocols;
   }
@@ -295,6 +306,10 @@ private static boolean 
getBooleanProperty(ConcurrentCompositeConfiguration confi
 
   public static SSLOption buildFromYaml(String tag, 
ConcurrentCompositeConfiguration configSource) {
     SSLOption option = new SSLOption();
+    option.engine = getStringProperty(configSource,
+        DEFAULT_OPTION.getEngine(),
+        "ssl." + tag + ".engine",
+        "ssl.engine");
     option.protocols =
         getStringProperty(configSource,
             DEFAULT_OPTION.getProtocols(),
diff --git 
a/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java
 
b/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java
index 1099e94a2..a7a351a4c 100644
--- 
a/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java
+++ 
b/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java
@@ -29,6 +29,7 @@
 import io.vertx.core.net.ClientOptionsBase;
 import io.vertx.core.net.JksOptions;
 import io.vertx.core.net.NetServerOptions;
+import io.vertx.core.net.OpenSSLEngineOptions;
 import io.vertx.core.net.PfxOptions;
 import io.vertx.core.net.TCPSSLOptions;
 
@@ -86,6 +87,12 @@ public static ClientOptionsBase 
buildClientOptionsBase(SSLOption sslOption, SSLC
   private static TCPSSLOptions buildTCPSSLOptions(SSLOption sslOption, 
SSLCustom sslCustom,
       TCPSSLOptions tcpClientOptions) {
     tcpClientOptions.setSsl(true);
+
+    if (sslOption.getEngine().equalsIgnoreCase("openssl")) {
+      OpenSSLEngineOptions options = new OpenSSLEngineOptions();
+      options.setSessionCacheEnabled(true);
+      tcpClientOptions.setOpenSslEngineOptions(new OpenSSLEngineOptions());
+    }
     if (isFileExists(sslCustom.getFullPath(sslOption.getKeyStore()))) {
       if (STORE_PKCS12.equalsIgnoreCase(sslOption.getKeyStoreType())) {
         PfxOptions keyPfxOptions = new PfxOptions();
diff --git 
a/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java
 
b/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java
index ad82d6280..33ef44538 100644
--- 
a/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java
+++ 
b/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java
@@ -63,6 +63,7 @@ public void testbuildHttpClientOptions_sslKey_noFactory() {
   public static class SSLOptionFactoryForTest implements SSLOptionFactory {
     static SSLOption sslOption = new SSLOption();
     static {
+      sslOption.setEngine("openssl");          
       sslOption.setProtocols("");
       sslOption.setCiphers(SSLOption.DEFAUL_CIPHERS);
       sslOption.setCheckCNHost(true);
diff --git a/java-chassis-dependencies/pom.xml 
b/java-chassis-dependencies/pom.xml
index 6cccdaae5..3846dd716 100644
--- a/java-chassis-dependencies/pom.xml
+++ b/java-chassis-dependencies/pom.xml
@@ -46,6 +46,7 @@
     <protostuff.version>1.5.2</protostuff.version>
     <swagger.version>1.5.12</swagger.version>
     <netty.version>4.1.17.Final</netty.version>
+    <tcnetty.version>2.0.7.Final</tcnetty.version>
     <main.basedir>${basedir}/../..</main.basedir>
     <narayana.version>5.3.2.Final</narayana.version>
     <cxf.version>3.1.6</cxf.version>
@@ -241,6 +242,11 @@
         <artifactId>netty-transport</artifactId>
         <version>${netty.version}</version>
       </dependency>
+      <dependency>
+        <groupId>io.netty</groupId>
+        <artifactId>netty-tcnative-boringssl-static</artifactId>
+        <version>${tcnetty.version}</version>
+      </dependency>      
       <dependency>
         <groupId>org.powermock</groupId>
         <artifactId>powermock-api-mockito</artifactId>


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to