use HandshakeCertificates in TlsEndpoint

Author: pull-vert

core/src/main/java/jayo/internal/RealTlsEndpoint.java

@@ -11,26 +11,26 @@
 package jayo.internal;
 
 import jayo.*;
+import jayo.internal.tls.RealClientTlsEndpoint;
+import jayo.internal.tls.RealServerTlsEndpoint;
 import jayo.tls.Handshake;
 import jayo.tls.JayoTlsException;
 import jayo.tls.JayoTlsHandshakeCallbackException;
 import jayo.tls.TlsEndpoint;
 import org.jspecify.annotations.NonNull;
 import org.jspecify.annotations.Nullable;
 
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.*;
 import javax.net.ssl.SSLEngineResult.HandshakeStatus;
 import javax.net.ssl.SSLEngineResult.Status;
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLSession;
 import java.io.Serial;
 import java.nio.ByteBuffer;
 import java.util.Arrays;
 import java.util.Objects;
 import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReentrantLock;
 import java.util.function.Consumer;
+import java.util.function.Function;
 
 import static java.lang.System.Logger.Level.DEBUG;
 import static java.lang.System.Logger.Level.TRACE;
@@ -70,17 +70,17 @@ public final class RealTlsEndpoint {
     /**
      * Whether an IOException was received from the underlying endpoint or from the {@link SSLEngine}.
      */
-    volatile boolean invalid = false;
+    private volatile boolean invalid = false;
 
     /**
      * Whether a close_notify was already sent.
      */
-    volatile boolean shutdownSent = false;
+    private volatile boolean shutdownSent = false;
 
     /**
      * Whether a close_notify was already received.
      */
-    volatile boolean shutdownReceived = false;
+    private volatile boolean shutdownReceived = false;
 
     /**
      * Decrypted data from encryptedReader
@@ -101,7 +101,7 @@ public final class RealTlsEndpoint {
 
     private int remainingBytesToRead;
 
-    RealTlsEndpoint(
+    public RealTlsEndpoint(
             final @NonNull Endpoint encryptedEndpoint,
             final @NonNull SSLEngine engine,
             final @NonNull Consumer<@NonNull SSLSession> sessionInitCallback,
@@ -125,14 +125,14 @@ public final class RealTlsEndpoint {
     }
 
     @NonNull
-    Handshake getHandshake() {
+    public Handshake getHandshake() {
         // on-demand Handshake creation, only if user calls it
         return Handshake.get(engine.getSession());
     }
 
     // read
 
-    long readAtMostTo(final @NonNull Buffer writer, final long byteCount) {
+    public long readAtMostTo(final @NonNull Buffer writer, final long byteCount) {
         Objects.requireNonNull(writer);
         if (byteCount < 0L) {
             throw new IllegalArgumentException("byteCount < 0: " + byteCount);
@@ -210,6 +210,7 @@ private void readAndUnwrap() throws TlsEOFException {
                 }
             }
             if (result.getStatus() == Status.CLOSED) {
+                System.out.println(this + " status closed, shutdown received");
                 shutdownReceived = true;
                 return;
             }
@@ -345,7 +346,7 @@ private int callReadFromReader() throws TlsEOFException {
 
     // write
 
-    void write(final @NonNull Buffer reader, final long byteCount) {
+    public void write(final @NonNull Buffer reader, final long byteCount) {
         Objects.requireNonNull(reader);
         checkOffsetAndCount(reader.bytesAvailable(), 0L, byteCount);
 
@@ -628,6 +629,25 @@ public boolean shutdown() {
         }
     }
 
+    public boolean shutdownReceived() {
+        readLock.lock();
+        try {
+            writeLock.lock();
+            try {
+                System.out.println(this + " Shutdown received : " + shutdownReceived);
+                return shutdownReceived;
+            } finally {
+                writeLock.unlock();
+            }
+        } finally {
+            readLock.unlock();
+        }
+    }
+
+    public boolean shutdownSent() {
+        return shutdownSent;
+    }
+
     private void freeBuffer() {
         decryptedBuffer.clear();
     }
@@ -668,13 +688,21 @@ public Throwable fillInStackTrace() {
      * The base class for builders of {@link TlsEndpoint}.
      */
     public static sealed abstract class Builder<T extends TlsEndpoint.Builder<T>> implements TlsEndpoint.Builder<T>
-            permits ClientTlsEndpoint.Builder, ServerTlsEndpoint.Builder {
+            permits RealClientTlsEndpoint.Builder, RealServerTlsEndpoint.Builder {
+        protected @Nullable Function<@NonNull SSLContext, @NonNull SSLEngine> sslEngineFactory = null;
         // @formatter:off
-        @NonNull Consumer<@NonNull SSLSession> sessionInitCallback = session -> {};
+        protected @NonNull Consumer<@NonNull SSLSession> sessionInitCallback = session -> {};
         // @formatter:on
-        boolean waitForCloseConfirmation = false;
+        protected boolean waitForCloseConfirmation = false;
 
-        abstract @NonNull T getThis();
+        protected abstract @NonNull T getThis();
+
+        @Override
+        public @NonNull T engineFactory(
+                final @NonNull Function<@NonNull SSLContext, @NonNull SSLEngine> sslEngineFactory) {
+            this.sslEngineFactory = Objects.requireNonNull(sslEngineFactory);
+            return getThis();
+        }
 
         @Override
         public final @NonNull T sessionInitCallback(final @NonNull Consumer<@NonNull SSLSession> sessionInitCallback) {

core/src/main/java/jayo/internal/ClientTlsEndpoint.java renamed to core/src/main/java/jayo/internal/tls/RealClientTlsEndpoint.java

@@ -8,40 +8,64 @@
  * Licensed under the MIT License
  */
 
-package jayo.internal;
+package jayo.internal.tls;
 
 import jayo.*;
-import jayo.tls.Handshake;
-import jayo.tls.TlsEndpoint;
+import jayo.internal.RealTlsEndpoint;
+import jayo.tls.*;
 import org.jspecify.annotations.NonNull;
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLSession;
-import java.security.NoSuchAlgorithmException;
 import java.util.Objects;
 import java.util.function.Consumer;
+import java.util.function.Function;
+
+import static java.lang.System.Logger.Level.DEBUG;
+import static java.lang.System.Logger.Level.TRACE;
 
 /**
  * A client-side {@link TlsEndpoint}.
  */
-public final class ClientTlsEndpoint implements TlsEndpoint {
+public final class RealClientTlsEndpoint implements ClientTlsEndpoint {
+    private static final System.Logger LOGGER = System.getLogger("jayo.tls.ClientTlsEndpoint");
+
     private final @NonNull Endpoint encryptedEndpoint;
+    private final @NonNull ClientHandshakeCertificates handshakeCertificates;
     private final @NonNull RealTlsEndpoint impl;
 
     private Reader reader = null;
     private Writer writer = null;
 
-    private ClientTlsEndpoint(
+    private RealClientTlsEndpoint(
             final @NonNull Endpoint encryptedEndpoint,
-            final @NonNull SSLEngine engine,
+            final @NonNull ClientHandshakeCertificates handshakeCertificates,
+            final @NonNull Function<@NonNull SSLContext, @NonNull SSLEngine> engineFactory,
             final @NonNull Consumer<@NonNull SSLSession> sessionInitCallback,
             final boolean waitForCloseConfirmation) {
         assert encryptedEndpoint != null;
+        assert handshakeCertificates != null;
+        assert engineFactory != null;
         assert sessionInitCallback != null;
-        assert engine != null;
 
         this.encryptedEndpoint = encryptedEndpoint;
+        this.handshakeCertificates = handshakeCertificates;
+
+        final var context = ((RealHandshakeCertificates) handshakeCertificates).sslContext();
+        // call client code
+        final SSLEngine engine;
+        try {
+            engine = engineFactory.apply(context);
+        } catch (Exception e) {
+            if (LOGGER.isLoggable(TRACE)) {
+                LOGGER.log(TRACE, "Client threw exception in SSLEngine factory.", e);
+            } else if (LOGGER.isLoggable(DEBUG)) {
+                LOGGER.log(DEBUG, "Client threw exception in SSLEngine factory: {0}.",
+                        e.getMessage());
+            }
+            throw new JayoTlsHandshakeCallbackException("SSLEngine creation callback failed", e);
+        }
 
         impl = new RealTlsEndpoint(
                 encryptedEndpoint,
@@ -83,81 +107,78 @@ public boolean shutdown() {
 
     @Override
     public boolean shutdownReceived() {
-        return impl.shutdownReceived;
+        return impl.shutdownReceived();
     }
 
     @Override
     public boolean shutdownSent() {
-        return impl.shutdownSent;
+        return impl.shutdownSent();
     }
 
     @Override
     public void close() {
         impl.close();
     }
 
+    @Override
+    public @NonNull ClientHandshakeCertificates getHandshakeCertificates() {
+        return handshakeCertificates;
+    }
+
+    private static @NonNull SSLEngine defaultSSLEngineFactory(final @NonNull SSLContext sslContext) {
+        assert sslContext != null;
+        SSLEngine engine = sslContext.createSSLEngine();
+        engine.setUseClientMode(true);
+        return engine;
+    }
+
     /**
-     * Builder of {@link ClientTlsEndpoint}
+     * Builder of {@link RealClientTlsEndpoint}
      */
-    public static final class Builder extends RealTlsEndpoint.Builder<ClientBuilder> implements ClientBuilder {
-        private final @NonNull SSLEngine engine;
-
-        public Builder() {
-            // todo change this!
-            try {
-                engine = SSLContext.getDefault().createSSLEngine();
-            } catch (NoSuchAlgorithmException e) {
-                throw new RuntimeException(e);
-            }
-            engine.setUseClientMode(true);
-        }
-
-        public Builder(final @NonNull SSLContext sslContext) {
-            assert sslContext != null;
+    public static final class Builder extends RealTlsEndpoint.Builder<ClientTlsEndpoint.Builder>
+            implements ClientTlsEndpoint.Builder {
+        private final @NonNull ClientHandshakeCertificates handshakeCertificates;
 
-            engine = sslContext.createSSLEngine();
-            engine.setUseClientMode(true);
-        }
 
-        public Builder(final @NonNull SSLEngine engine) {
-            assert engine != null;
+        public Builder(final @NonNull ClientHandshakeCertificates handshakeCertificates) {
+            assert handshakeCertificates != null;
 
-            this.engine = engine;
+            this.handshakeCertificates = handshakeCertificates;
         }
 
         /**
          * The private constructor used by {@link #clone()}.
          */
-        private Builder(final @NonNull SSLEngine engine,
+        private Builder(final @NonNull ClientHandshakeCertificates handshakeCertificates,
                         final @NonNull Consumer<@NonNull SSLSession> sessionInitCallback,
                         final boolean waitForCloseConfirmation) {
-            assert engine != null;
+            assert handshakeCertificates != null;
             assert sessionInitCallback != null;
 
-            this.engine = engine;
+            this.handshakeCertificates = handshakeCertificates;
             this.sessionInitCallback = sessionInitCallback;
             this.waitForCloseConfirmation = waitForCloseConfirmation;
         }
 
         @Override
-        @NonNull
-        Builder getThis() {
+        protected @NonNull Builder getThis() {
             return this;
         }
 
         @Override
-        public @NonNull TlsEndpoint build(final @NonNull Endpoint encryptedEndpoint) {
+        public @NonNull ClientTlsEndpoint build(final @NonNull Endpoint encryptedEndpoint) {
             Objects.requireNonNull(encryptedEndpoint);
-            return new ClientTlsEndpoint(
+            return new RealClientTlsEndpoint(
                     encryptedEndpoint,
-                    engine,
+                    handshakeCertificates,
+                    (sslEngineFactory != null) ? sslEngineFactory : RealClientTlsEndpoint::defaultSSLEngineFactory,
                     sessionInitCallback,
                     waitForCloseConfirmation);
         }
 
         @Override
-        public @NonNull ClientBuilder clone() {
-            return new Builder(engine, sessionInitCallback, waitForCloseConfirmation);
+        public @NonNull Builder clone() {
+            return new Builder(handshakeCertificates, sessionInitCallback, waitForCloseConfirmation);
         }
     }