Merge pull request TooTallNate#839 from BroHammie/sslEngineWebsocketFactory

marci4 · web-flow · commit 94bd7df36623 · 2019-01-22T20:39:28.000Z
SSLEngineWebSocketServerFactory allows more customization
diff --git a/src/main/example/SSLClientExample.java b/src/main/example/SSLClientExample.java
@@ -111,7 +111,9 @@ public static void main( String[] args ) throws Exception {
 		while ( true ) {
 			String line = reader.readLine();
 			if( line.equals( "close" ) ) {
-				chatclient.close();
+				chatclient.closeBlocking();
+			} else if ( line.equals( "open" ) ) {
+				chatclient.reconnect();
 			} else {
 				chatclient.send( line );
 			}
diff --git a/src/main/example/TwoWaySSLServerExample.java b/src/main/example/TwoWaySSLServerExample.java
@@ -0,0 +1,78 @@
+
+
+/*
+ * Copyright (c) 2010-2019 Nathan Rajlich
+ *
+ *  Permission is hereby granted, free of charge, to any person
+ *  obtaining a copy of this software and associated documentation
+ *  files (the "Software"), to deal in the Software without
+ *  restriction, including without limitation the rights to use,
+ *  copy, modify, merge, publish, distribute, sublicense, and/or sell
+ *  copies of the Software, and to permit persons to whom the
+ *  Software is furnished to do so, subject to the following
+ *  conditions:
+ *
+ *  The above copyright notice and this permission notice shall be
+ *  included in all copies or substantial portions of the Software.
+ *
+ *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ *  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ *  OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ *  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ *  HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ *  WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ *  FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ *  OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+import org.java_websocket.server.SSLParametersWebSocketServerFactory;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.TrustManagerFactory;
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+/**
+ * Copy of SSLServerExample except we use @link SSLEngineWebSocketServerFactory to customize clientMode/ClientAuth to force client to present a cert.
+ * Example of Two-way ssl/MutualAuthentication/ClientAuthentication
+ */
+public class TwoWaySSLServerExample {
+
+	/*
+	 * Keystore with certificate created like so (in JKS format):
+	 *
+	 *keytool -genkey -keyalg RSA -validity 3650 -keystore "keystore.jks" -storepass "storepassword" -keypass "keypassword" -alias "default" -dname "CN=127.0.0.1, OU=MyOrgUnit, O=MyOrg, L=MyCity, S=MyRegion, C=MyCountry"
+	 */
+	public static void main( String[] args ) throws Exception {
+		ChatServer chatserver = new ChatServer( 8887 ); // Firefox does allow multible ssl connection only via port 443 //tested on FF16
+
+		// load up the key store
+		String STORETYPE = "JKS";
+		String KEYSTORE = "keystore.jks";
+		String STOREPASSWORD = "storepassword";
+		String KEYPASSWORD = "keypassword";
+
+		KeyStore ks = KeyStore.getInstance( STORETYPE );
+		File kf = new File( KEYSTORE );
+		ks.load( new FileInputStream( kf ), STOREPASSWORD.toCharArray() );
+
+		KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" );
+		kmf.init( ks, KEYPASSWORD.toCharArray() );
+		TrustManagerFactory tmf = TrustManagerFactory.getInstance( "SunX509" );
+		tmf.init( ks );
+
+		SSLContext sslContext = SSLContext.getInstance( "TLS" );
+		sslContext.init( kmf.getKeyManagers(), tmf.getTrustManagers(), null );
+
+		SSLParameters sslParameters = new SSLParameters();
+		// This is all we need
+		sslParameters.setNeedClientAuth(true);
+		chatserver.setWebSocketFactory( new SSLParametersWebSocketServerFactory(sslContext, sslParameters));
+
+		chatserver.start();
+
+	}
+}
diff --git a/src/main/java/org/java_websocket/server/SSLParametersWebSocketServerFactory.java b/src/main/java/org/java_websocket/server/SSLParametersWebSocketServerFactory.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2010-2019 Nathan Rajlich
+ *
+ *  Permission is hereby granted, free of charge, to any person
+ *  obtaining a copy of this software and associated documentation
+ *  files (the "Software"), to deal in the Software without
+ *  restriction, including without limitation the rights to use,
+ *  copy, modify, merge, publish, distribute, sublicense, and/or sell
+ *  copies of the Software, and to permit persons to whom the
+ *  Software is furnished to do so, subject to the following
+ *  conditions:
+ *
+ *  The above copyright notice and this permission notice shall be
+ *  included in all copies or substantial portions of the Software.
+ *
+ *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ *  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ *  OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ *  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ *  HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ *  WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ *  FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ *  OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package org.java_websocket.server;
+
+import org.java_websocket.SSLSocketChannel2;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
+import java.io.IOException;
+import java.nio.channels.ByteChannel;
+import java.nio.channels.SelectionKey;
+import java.nio.channels.SocketChannel;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+/**
+ * WebSocketFactory that can be configured to only support specific protocols and cipher suites.
+ */
+public class SSLParametersWebSocketServerFactory extends DefaultSSLWebSocketServerFactory {
+
+  private final SSLParameters sslParameters;
+
+  /**
+   * New CustomSSLWebSocketServerFactory configured to only support given protocols and given cipher suites.
+   *
+   * @param sslContext          - can not be <code>null</code>
+   * @param sslParameters       - can not be <code>null</code>
+   */
+  public SSLParametersWebSocketServerFactory(SSLContext sslContext, SSLParameters sslParameters) {
+    this(sslContext, Executors.newSingleThreadScheduledExecutor(), sslParameters);
+  }
+
+  /**
+   * New CustomSSLWebSocketServerFactory configured to only support given protocols and given cipher suites.
+   *
+   * @param sslContext          - can not be <code>null</code>
+   * @param executerService     - can not be <code>null</code>
+   * @param sslParameters       - can not be <code>null</code>
+   */
+  public SSLParametersWebSocketServerFactory(SSLContext sslContext, ExecutorService executerService, SSLParameters sslParameters) {
+    super(sslContext, executerService);
+    if (sslParameters == null) {
+      throw new IllegalArgumentException();
+    }
+    this.sslParameters = sslParameters;
+  }
+
+  @Override
+  public ByteChannel wrapChannel(SocketChannel channel, SelectionKey key) throws IOException {
+    SSLEngine e = sslcontext.createSSLEngine();
+    e.setUseClientMode(false);
+    e.setSSLParameters(sslParameters);
+    return new SSLSocketChannel2(channel, e, exec, key);
+  }
+}
diff --git a/src/test/java/org/java_websocket/server/SSLParametersWebSocketServerFactoryTest.java b/src/test/java/org/java_websocket/server/SSLParametersWebSocketServerFactoryTest.java
@@ -0,0 +1,131 @@
+package org.java_websocket.server;
+
+import org.java_websocket.WebSocket;
+import org.java_websocket.WebSocketAdapter;
+import org.java_websocket.WebSocketImpl;
+import org.java_websocket.drafts.Draft;
+import org.java_websocket.drafts.Draft_6455;
+import org.java_websocket.handshake.Handshakedata;
+import org.junit.Test;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLParameters;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.nio.ByteBuffer;
+import java.nio.channels.ByteChannel;
+import java.nio.channels.NotYetConnectedException;
+import java.nio.channels.SocketChannel;
+import java.security.NoSuchAlgorithmException;
+import java.util.Collections;
+import java.util.concurrent.Executors;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.fail;
+
+public class SSLParametersWebSocketServerFactoryTest {
+
+    @Test
+    public void testConstructor() throws NoSuchAlgorithmException {
+        try {
+            new SSLParametersWebSocketServerFactory(null, null);
+            fail("IllegalArgumentException should be thrown");
+        } catch (IllegalArgumentException e) {
+            // Good
+        }
+        try {
+            new SSLParametersWebSocketServerFactory(SSLContext.getDefault(), null);
+            fail("IllegalArgumentException should be thrown");
+        } catch (IllegalArgumentException e) {
+        }
+        try {
+            new SSLParametersWebSocketServerFactory(SSLContext.getDefault(), new SSLParameters());
+        } catch (IllegalArgumentException e) {
+            fail("IllegalArgumentException should not be thrown");
+        }
+        try {
+            new SSLParametersWebSocketServerFactory(SSLContext.getDefault(), Executors.newCachedThreadPool(), new SSLParameters());
+        } catch (IllegalArgumentException e) {
+            fail("IllegalArgumentException should not be thrown");
+        }
+    }
+    @Test
+    public void testCreateWebSocket() throws NoSuchAlgorithmException {
+        SSLParametersWebSocketServerFactory webSocketServerFactory = new SSLParametersWebSocketServerFactory(SSLContext.getDefault(), new SSLParameters());
+        CustomWebSocketAdapter webSocketAdapter = new CustomWebSocketAdapter();
+        WebSocketImpl webSocketImpl = webSocketServerFactory.createWebSocket(webSocketAdapter, new Draft_6455());
+        assertNotNull("webSocketImpl != null", webSocketImpl);
+        webSocketImpl = webSocketServerFactory.createWebSocket(webSocketAdapter, Collections.<Draft>singletonList(new Draft_6455()));
+        assertNotNull("webSocketImpl != null", webSocketImpl);
+    }
+
+    @Test
+    public void testWrapChannel() throws IOException, NoSuchAlgorithmException {
+        SSLParametersWebSocketServerFactory webSocketServerFactory = new SSLParametersWebSocketServerFactory(SSLContext.getDefault(), new SSLParameters());
+        SocketChannel channel =  SocketChannel.open();
+        try {
+            ByteChannel result = webSocketServerFactory.wrapChannel(channel, null);
+        } catch (NotYetConnectedException e) {
+            //We do not really connect
+        }
+        channel.close();
+    }
+
+    @Test
+    public void testClose() {
+        DefaultWebSocketServerFactory webSocketServerFactory = new DefaultWebSocketServerFactory();
+        webSocketServerFactory.close();
+    }
+
+    private static class CustomWebSocketAdapter extends WebSocketAdapter {
+        @Override
+        public void onWebsocketMessage(WebSocket conn, String message) {
+
+        }
+
+        @Override
+        public void onWebsocketMessage(WebSocket conn, ByteBuffer blob) {
+
+        }
+
+        @Override
+        public void onWebsocketOpen(WebSocket conn, Handshakedata d) {
+
+        }
+
+        @Override
+        public void onWebsocketClose(WebSocket ws, int code, String reason, boolean remote) {
+
+        }
+
+        @Override
+        public void onWebsocketClosing(WebSocket ws, int code, String reason, boolean remote) {
+
+        }
+
+        @Override
+        public void onWebsocketCloseInitiated(WebSocket ws, int code, String reason) {
+
+        }
+
+        @Override
+        public void onWebsocketError(WebSocket conn, Exception ex) {
+
+        }
+
+        @Override
+        public void onWriteDemand(WebSocket conn) {
+
+        }
+
+        @Override
+        public InetSocketAddress getLocalSocketAddress(WebSocket conn) {
+            return null;
+        }
+
+        @Override
+        public InetSocketAddress getRemoteSocketAddress(WebSocket conn) {
+            return null;
+        }
+    }
+}
