Enable Server Name Indication Support - Initial / Reference commit

This is on a different branch than the [Python/Ruby SNI mods][1] just to make testing easier for myself. I.e. I had code that worked with the 2.3.3 driver where as the recent [Jackson changes][2] broke that. However, the underlying SNI changes will work with the Next branch. This includes some commented out printlns that ultimately need removing, but they were for my debugging and I don't want to forget that. Enabling SNI itself is easy, the tricky bit for me was modifying a test app to work with it. You have to use the SSLContext option similar to [here][3]. For testing I've just used a null sslContext: private static final String DEFAULT_SSL_PROTOCOL = "TLSv1.2"; ... Connection conn = null; Connection.Builder builder = r.connection(). hostname(host). port(port). authKey(authKey); final SSLContext sslContext = SSLContext.getInstance(DEFAULT_SSL_PROTOCOL); sslContext.init(null, null, null); conn = builder.sslContext(sslContext).connect(); [1]: https://github.com/atomicules/rethinkdb/commits/sni [2]: rethinkdb#6157 [3]: https://github.com/pires/rethinkdb-ssl-test/blob/master/src/main/java/com/github/pires/App.java#L70
atomicules · Dec 19, 2016 · 771f34d · 771f34d · atomicules · Dec 20, 2016
1 parent 9c21e9b
commit 771f34d
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/drivers/java/src/main/java/com/rethinkdb/net/SocketWrapper.java b/drivers/java/src/main/java/com/rethinkdb/net/SocketWrapper.java
@@ -3,7 +3,10 @@
 import com.rethinkdb.gen.exc.ReqlDriverError;
 
 import javax.net.SocketFactory;
+import javax.net.ssl.SNIHostName;
+import javax.net.ssl.SNIServerName;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
 import java.io.DataInputStream;
@@ -14,7 +17,9 @@
 import java.net.SocketAddress;
 import java.nio.ByteBuffer;
 import java.nio.ByteOrder;
+import java.util.ArrayList;
 import java.util.Optional;
+import java.util.List;
 
 public class SocketWrapper {
     // networking stuff
@@ -56,13 +61,23 @@ void connect(Handshake handshake) {
 
             // should we secure the connection?
             if (sslContext.isPresent()) {
+                // System.out.println("sslContext");
                 socketFactory = sslContext.get().getSocketFactory();
                 SSLSocketFactory sslSf = (SSLSocketFactory) socketFactory;
                 sslSocket = (SSLSocket) sslSf.createSocket(socket,
                         socket.getInetAddress().getHostAddress(),
                         socket.getPort(),
                         true);
 
+                // SNI support, Java 8 only
+                SNIHostName serverName = new SNIHostName(hostname);
+                List<SNIServerName> serverNames = new ArrayList<>(1);
+                serverNames.add(serverName);
+
+                SSLParameters params = sslSocket.getSSLParameters();
+                params.setServerNames(serverNames);
+                sslSocket.setSSLParameters(params);
+
                 // replace input/output streams
                 readStream = new DataInputStream(sslSocket.getInputStream());
                 writeStream = sslSocket.getOutputStream();
@@ -88,6 +103,7 @@ void connect(Handshake handshake) {
                 toWrite = handshake.nextMessage(serverMsg);
             }
         } catch (IOException e) {
+            // System.out.println(e);
             throw new ReqlDriverError("Connection timed out.", e);
         }
     }