Commit a230e5838b8db0f42136e609020653183f60b0a6
1 parent
b3dc4414
Use single SSL context for mqtt transport
Showing
1 changed file
with
13 additions
and
13 deletions
| @@ -68,16 +68,23 @@ public class MqttSslHandlerProvider { | @@ -68,16 +68,23 @@ public class MqttSslHandlerProvider { | ||
| 68 | @Autowired | 68 | @Autowired |
| 69 | private TransportService transportService; | 69 | private TransportService transportService; |
| 70 | 70 | ||
| 71 | - private SSLEngine sslEngine; | 71 | + private SSLContext sslContext; |
| 72 | 72 | ||
| 73 | public SslHandler getSslHandler() { | 73 | public SslHandler getSslHandler() { |
| 74 | - if (sslEngine == null) { | ||
| 75 | - sslEngine = createSslEngine(); | 74 | + if (sslContext == null) { |
| 75 | + sslContext = createSslContext(); | ||
| 76 | } | 76 | } |
| 77 | + SSLEngine sslEngine = sslContext.createSSLEngine(); | ||
| 78 | + sslEngine.setUseClientMode(false); | ||
| 79 | + sslEngine.setNeedClientAuth(false); | ||
| 80 | + sslEngine.setWantClientAuth(true); | ||
| 81 | + sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols()); | ||
| 82 | + sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites()); | ||
| 83 | + sslEngine.setEnableSessionCreation(true); | ||
| 77 | return new SslHandler(sslEngine); | 84 | return new SslHandler(sslEngine); |
| 78 | } | 85 | } |
| 79 | 86 | ||
| 80 | - private SSLEngine createSslEngine() { | 87 | + private SSLContext createSslContext() { |
| 81 | try { | 88 | try { |
| 82 | TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); | 89 | TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); |
| 83 | KeyStore trustStore = KeyStore.getInstance(keyStoreType); | 90 | KeyStore trustStore = KeyStore.getInstance(keyStoreType); |
| @@ -101,17 +108,10 @@ public class MqttSslHandlerProvider { | @@ -101,17 +108,10 @@ public class MqttSslHandlerProvider { | ||
| 101 | } | 108 | } |
| 102 | SSLContext sslContext = SSLContext.getInstance(sslProtocol); | 109 | SSLContext sslContext = SSLContext.getInstance(sslProtocol); |
| 103 | sslContext.init(km, tm, null); | 110 | sslContext.init(km, tm, null); |
| 104 | - SSLEngine sslEngine = sslContext.createSSLEngine(); | ||
| 105 | - sslEngine.setUseClientMode(false); | ||
| 106 | - sslEngine.setNeedClientAuth(false); | ||
| 107 | - sslEngine.setWantClientAuth(true); | ||
| 108 | - sslEngine.setEnabledProtocols(sslEngine.getSupportedProtocols()); | ||
| 109 | - sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites()); | ||
| 110 | - sslEngine.setEnableSessionCreation(true); | ||
| 111 | - return sslEngine; | 111 | + return sslContext; |
| 112 | } catch (Exception e) { | 112 | } catch (Exception e) { |
| 113 | log.error("Unable to set up SSL context. Reason: " + e.getMessage(), e); | 113 | log.error("Unable to set up SSL context. Reason: " + e.getMessage(), e); |
| 114 | - throw new RuntimeException("Failed to get SSL engine", e); | 114 | + throw new RuntimeException("Failed to get SSL context", e); |
| 115 | } | 115 | } |
| 116 | } | 116 | } |
| 117 | 117 |