This is an automated email from the ASF dual-hosted git repository. ningjiang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-java-chassis.git
The following commit(s) were added to refs/heads/master by this push: new 83ae473 [SCB-368] supports openssl engine for ssl communication (#573) 83ae473 is described below commit 83ae473e27889734d8cc0ecf428cd2538d26b1a4 Author: acsukesh <sukes...@huawei.com> AuthorDate: Wed Mar 7 16:02:45 2018 +0530 [SCB-368] supports openssl engine for ssl communication (#573) --- foundations/foundation-ssl/pom.xml | 4 ++++ .../org/apache/servicecomb/foundation/ssl/SSLOption.java | 15 +++++++++++++++ .../servicecomb/foundation/vertx/VertxTLSBuilder.java | 7 +++++++ .../servicecomb/foundation/vertx/TestVertxTLSBuilder.java | 1 + java-chassis-dependencies/pom.xml | 6 ++++++ 5 files changed, 33 insertions(+) diff --git a/foundations/foundation-ssl/pom.xml b/foundations/foundation-ssl/pom.xml index c5f1faa..92d99a0 100644 --- a/foundations/foundation-ssl/pom.xml +++ b/foundations/foundation-ssl/pom.xml @@ -40,6 +40,10 @@ <artifactId>slf4j-api</artifactId> </dependency> <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-tcnative-boringssl-static</artifactId> + </dependency> + <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <scope>test</scope> diff --git a/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java b/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java index 716a2ae..012ad80 100644 --- a/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java +++ b/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java @@ -44,6 +44,7 @@ public final class SSLOption { + "TLS_RSA_WITH_AES_128_GCM_SHA256"; static { + DEFAULT_OPTION.setEngine("jdk"); DEFAULT_OPTION.setProtocols("TLSv1.2"); DEFAULT_OPTION.setCiphers(DEFAUL_CIPHERS); DEFAULT_OPTION.setAuthPeer(false); @@ -61,6 +62,8 @@ public final class SSLOption { DEFAULT_OPTION.setCrl("revoke.crl"); } + private String engine; + private String protocols; private String ciphers; @@ -93,6 +96,14 @@ public final class SSLOption { private String sslCustomClass; + public String getEngine() { + return engine; + } + + public void setEngine(String engine) { + this.engine = engine; + } + public void setProtocols(String protocols) { this.protocols = protocols; } @@ -295,6 +306,10 @@ public final class SSLOption { public static SSLOption buildFromYaml(String tag, ConcurrentCompositeConfiguration configSource) { SSLOption option = new SSLOption(); + option.engine = getStringProperty(configSource, + DEFAULT_OPTION.getEngine(), + "ssl." + tag + ".engine", + "ssl.engine"); option.protocols = getStringProperty(configSource, DEFAULT_OPTION.getProtocols(), diff --git a/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java b/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java index 1099e94..a7a351a 100644 --- a/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java +++ b/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java @@ -29,6 +29,7 @@ import io.vertx.core.http.HttpClientOptions; import io.vertx.core.net.ClientOptionsBase; import io.vertx.core.net.JksOptions; import io.vertx.core.net.NetServerOptions; +import io.vertx.core.net.OpenSSLEngineOptions; import io.vertx.core.net.PfxOptions; import io.vertx.core.net.TCPSSLOptions; @@ -86,6 +87,12 @@ public final class VertxTLSBuilder { private static TCPSSLOptions buildTCPSSLOptions(SSLOption sslOption, SSLCustom sslCustom, TCPSSLOptions tcpClientOptions) { tcpClientOptions.setSsl(true); + + if (sslOption.getEngine().equalsIgnoreCase("openssl")) { + OpenSSLEngineOptions options = new OpenSSLEngineOptions(); + options.setSessionCacheEnabled(true); + tcpClientOptions.setOpenSslEngineOptions(new OpenSSLEngineOptions()); + } if (isFileExists(sslCustom.getFullPath(sslOption.getKeyStore()))) { if (STORE_PKCS12.equalsIgnoreCase(sslOption.getKeyStoreType())) { PfxOptions keyPfxOptions = new PfxOptions(); diff --git a/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java b/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java index ad82d62..33ef445 100644 --- a/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java +++ b/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java @@ -63,6 +63,7 @@ public class TestVertxTLSBuilder { public static class SSLOptionFactoryForTest implements SSLOptionFactory { static SSLOption sslOption = new SSLOption(); static { + sslOption.setEngine("openssl"); sslOption.setProtocols(""); sslOption.setCiphers(SSLOption.DEFAUL_CIPHERS); sslOption.setCheckCNHost(true); diff --git a/java-chassis-dependencies/pom.xml b/java-chassis-dependencies/pom.xml index 6cccdaa..3846dd7 100644 --- a/java-chassis-dependencies/pom.xml +++ b/java-chassis-dependencies/pom.xml @@ -46,6 +46,7 @@ <protostuff.version>1.5.2</protostuff.version> <swagger.version>1.5.12</swagger.version> <netty.version>4.1.17.Final</netty.version> + <tcnetty.version>2.0.7.Final</tcnetty.version> <main.basedir>${basedir}/../..</main.basedir> <narayana.version>5.3.2.Final</narayana.version> <cxf.version>3.1.6</cxf.version> @@ -242,6 +243,11 @@ <version>${netty.version}</version> </dependency> <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-tcnative-boringssl-static</artifactId> + <version>${tcnetty.version}</version> + </dependency> + <dependency> <groupId>org.powermock</groupId> <artifactId>powermock-api-mockito</artifactId> <version>1.6.2</version> -- To stop receiving notification emails like this one, please contact ningji...@apache.org.