You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicecomb.apache.org by ni...@apache.org on 2018/03/07 10:32:47 UTC
[incubator-servicecomb-java-chassis] branch master updated:
[SCB-368] supports openssl engine for ssl communication (#573)
This is an automated email from the ASF dual-hosted git repository.
ningjiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-java-chassis.git
The following commit(s) were added to refs/heads/master by this push:
new 83ae473 [SCB-368] supports openssl engine for ssl communication (#573)
83ae473 is described below
commit 83ae473e27889734d8cc0ecf428cd2538d26b1a4
Author: acsukesh <su...@huawei.com>
AuthorDate: Wed Mar 7 16:02:45 2018 +0530
[SCB-368] supports openssl engine for ssl communication (#573)
---
foundations/foundation-ssl/pom.xml | 4 ++++
.../org/apache/servicecomb/foundation/ssl/SSLOption.java | 15 +++++++++++++++
.../servicecomb/foundation/vertx/VertxTLSBuilder.java | 7 +++++++
.../servicecomb/foundation/vertx/TestVertxTLSBuilder.java | 1 +
java-chassis-dependencies/pom.xml | 6 ++++++
5 files changed, 33 insertions(+)
diff --git a/foundations/foundation-ssl/pom.xml b/foundations/foundation-ssl/pom.xml
index c5f1faa..92d99a0 100644
--- a/foundations/foundation-ssl/pom.xml
+++ b/foundations/foundation-ssl/pom.xml
@@ -40,6 +40,10 @@
<artifactId>slf4j-api</artifactId>
</dependency>
<dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-tcnative-boringssl-static</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<scope>test</scope>
diff --git a/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java b/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java
index 716a2ae..012ad80 100644
--- a/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java
+++ b/foundations/foundation-ssl/src/main/java/org/apache/servicecomb/foundation/ssl/SSLOption.java
@@ -44,6 +44,7 @@ public final class SSLOption {
+ "TLS_RSA_WITH_AES_128_GCM_SHA256";
static {
+ DEFAULT_OPTION.setEngine("jdk");
DEFAULT_OPTION.setProtocols("TLSv1.2");
DEFAULT_OPTION.setCiphers(DEFAUL_CIPHERS);
DEFAULT_OPTION.setAuthPeer(false);
@@ -61,6 +62,8 @@ public final class SSLOption {
DEFAULT_OPTION.setCrl("revoke.crl");
}
+ private String engine;
+
private String protocols;
private String ciphers;
@@ -93,6 +96,14 @@ public final class SSLOption {
private String sslCustomClass;
+ public String getEngine() {
+ return engine;
+ }
+
+ public void setEngine(String engine) {
+ this.engine = engine;
+ }
+
public void setProtocols(String protocols) {
this.protocols = protocols;
}
@@ -295,6 +306,10 @@ public final class SSLOption {
public static SSLOption buildFromYaml(String tag, ConcurrentCompositeConfiguration configSource) {
SSLOption option = new SSLOption();
+ option.engine = getStringProperty(configSource,
+ DEFAULT_OPTION.getEngine(),
+ "ssl." + tag + ".engine",
+ "ssl.engine");
option.protocols =
getStringProperty(configSource,
DEFAULT_OPTION.getProtocols(),
diff --git a/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java b/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java
index 1099e94..a7a351a 100644
--- a/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java
+++ b/foundations/foundation-vertx/src/main/java/org/apache/servicecomb/foundation/vertx/VertxTLSBuilder.java
@@ -29,6 +29,7 @@ import io.vertx.core.http.HttpClientOptions;
import io.vertx.core.net.ClientOptionsBase;
import io.vertx.core.net.JksOptions;
import io.vertx.core.net.NetServerOptions;
+import io.vertx.core.net.OpenSSLEngineOptions;
import io.vertx.core.net.PfxOptions;
import io.vertx.core.net.TCPSSLOptions;
@@ -86,6 +87,12 @@ public final class VertxTLSBuilder {
private static TCPSSLOptions buildTCPSSLOptions(SSLOption sslOption, SSLCustom sslCustom,
TCPSSLOptions tcpClientOptions) {
tcpClientOptions.setSsl(true);
+
+ if (sslOption.getEngine().equalsIgnoreCase("openssl")) {
+ OpenSSLEngineOptions options = new OpenSSLEngineOptions();
+ options.setSessionCacheEnabled(true);
+ tcpClientOptions.setOpenSslEngineOptions(new OpenSSLEngineOptions());
+ }
if (isFileExists(sslCustom.getFullPath(sslOption.getKeyStore()))) {
if (STORE_PKCS12.equalsIgnoreCase(sslOption.getKeyStoreType())) {
PfxOptions keyPfxOptions = new PfxOptions();
diff --git a/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java b/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java
index ad82d62..33ef445 100644
--- a/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java
+++ b/foundations/foundation-vertx/src/test/java/org/apache/servicecomb/foundation/vertx/TestVertxTLSBuilder.java
@@ -63,6 +63,7 @@ public class TestVertxTLSBuilder {
public static class SSLOptionFactoryForTest implements SSLOptionFactory {
static SSLOption sslOption = new SSLOption();
static {
+ sslOption.setEngine("openssl");
sslOption.setProtocols("");
sslOption.setCiphers(SSLOption.DEFAUL_CIPHERS);
sslOption.setCheckCNHost(true);
diff --git a/java-chassis-dependencies/pom.xml b/java-chassis-dependencies/pom.xml
index 6cccdaa..3846dd7 100644
--- a/java-chassis-dependencies/pom.xml
+++ b/java-chassis-dependencies/pom.xml
@@ -46,6 +46,7 @@
<protostuff.version>1.5.2</protostuff.version>
<swagger.version>1.5.12</swagger.version>
<netty.version>4.1.17.Final</netty.version>
+ <tcnetty.version>2.0.7.Final</tcnetty.version>
<main.basedir>${basedir}/../..</main.basedir>
<narayana.version>5.3.2.Final</narayana.version>
<cxf.version>3.1.6</cxf.version>
@@ -242,6 +243,11 @@
<version>${netty.version}</version>
</dependency>
<dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-tcnative-boringssl-static</artifactId>
+ <version>${tcnetty.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-mockito</artifactId>
<version>1.6.2</version>
--
To stop receiving notification emails like this one, please contact
ningjiang@apache.org.