Skip to content

Commit

Permalink
Fix #210 - Add an API for client-side TLS configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
markt-asf committed Dec 21, 2021
1 parent c61dc92 commit 595dfd1
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
import java.util.List;
import java.util.Map;

import javax.net.ssl.SSLContext;

/**
* The ClientEndpointConfig is a special kind of endpoint configuration object that contains web socket configuration
* information specific only to client endpoints. Developers deploying programmatic client endpoints can create
Expand Down Expand Up @@ -53,6 +55,18 @@ public interface ClientEndpointConfig extends EndpointConfig {
*/
List<Extension> getExtensions();

/**
* Return the SSLContext to be used to establish a WebSocket (wss) connection to the server. The SSLContext will
* have initialised. For insecure WebSocket (ws) connections, this will be {@code null}. If there is an existing
* connection to the server that uses the same SSLContext and that connection supports multiplexing WebSocket
* connections then the container may choose to re-use that connection rather than creating a new one. Containers
* may provide container specific configuration to control this behaviour.
*
* @return the SSLContext to use to establish a secure connection to the server or {@code null} if an insecure
* connection should be established
*/
SSLContext getSSLContext();

/**
* Return the custom configurator for this configuration. If the developer did not provide one, the platform default
* configurator is returned.
Expand Down Expand Up @@ -120,6 +134,7 @@ public final class Builder {
private List<Extension> extensions = Collections.emptyList();
private List<Class<? extends Encoder>> encoders = Collections.emptyList();
private List<Class<? extends Decoder>> decoders = Collections.emptyList();
private SSLContext sslContext = null;
private ClientEndpointConfig.Configurator clientEndpointConfigurator = new ClientEndpointConfig.Configurator() {

};
Expand All @@ -145,7 +160,7 @@ public static ClientEndpointConfig.Builder create() {
*/
public ClientEndpointConfig build() {
return new DefaultClientEndpointConfig(this.preferredSubprotocols, this.extensions, this.encoders,
this.decoders, this.clientEndpointConfigurator);
this.decoders, this.sslContext, this.clientEndpointConfigurator);
}

/**
Expand Down Expand Up @@ -206,6 +221,19 @@ public ClientEndpointConfig.Builder decoders(List<Class<? extends Decoder>> deco
return this;
}

/**
* Assign the SSLContext to be used when connection to the WebSocket server. If there is an existing connection
* to the server that uses the same SSLContext and that connection supports multiplexing WebSocket connections
* then the container may choose to re-use that connection rather than creating a new one. Containers may
* provide container specific configuration to control this behaviour.
*
* @param sslContext The SSLContext which must be initialised for secure WebSocket (wss) connections or
* {@code null} for insecure WebSocket (ws) connections.
* @return this builder instance
*/
public ClientEndpointConfig.Builder sslContext(SSLContext sslContext) {
this.sslContext = sslContext;
return this;
}
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
import java.util.List;
import java.util.Map;

import javax.net.ssl.SSLContext;

/**
* The DefaultClientEndpointConfig is a concrete implementation of a client configuration.
*
Expand All @@ -32,16 +34,18 @@ final class DefaultClientEndpointConfig implements ClientEndpointConfig {
private List<Extension> extensions;
private List<Class<? extends Encoder>> encoders;
private List<Class<? extends Decoder>> decoders;
private SSLContext sslContext;
private Map<String, Object> userProperties = new HashMap<>();
private ClientEndpointConfig.Configurator clientEndpointConfigurator;

DefaultClientEndpointConfig(List<String> preferredSubprotocols, List<Extension> extensions,
List<Class<? extends Encoder>> encoders, List<Class<? extends Decoder>> decoders,
ClientEndpointConfig.Configurator clientEndpointConfigurator) {
SSLContext sslContext, ClientEndpointConfig.Configurator clientEndpointConfigurator) {
this.preferredSubprotocols = Collections.unmodifiableList(preferredSubprotocols);
this.extensions = Collections.unmodifiableList(extensions);
this.encoders = Collections.unmodifiableList(encoders);
this.decoders = Collections.unmodifiableList(decoders);
this.sslContext = sslContext;
this.clientEndpointConfigurator = clientEndpointConfigurator;
}

Expand Down Expand Up @@ -87,6 +91,17 @@ public List<Class<? extends Decoder>> getDecoders() {
return this.decoders;
}

/**
* SSLContext to use to secure WebSocket (wss) connections or {@code null} for insecure Websocket (ws) connections.
* If there is an existing connection to the server that uses the same SSLContext and that connection supports
* multiplexing WebSocket connections then the container may choose to re-use that connection rather than creating a
* new one. Containers may provide container specific configuration to control this behaviour.
*/
@Override
public SSLContext getSSLContext() {
return this.sslContext;
}

/**
* Editable map of user properties.
*/
Expand Down
14 changes: 14 additions & 0 deletions spec/src/main/asciidoc/WebSocket.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -668,6 +668,17 @@ extensions to send, in order of preference, the extensions, including
parameters, that it would like to use in the opening handshake it
formulates [WSC-3.2.2-1].

[[sslcontext]]
==== SSLContext

The default client configuration uses the developer provided `SSLContext` to
establish a secure WebSocket (wss) connection or an insecure WebSocket (ws)
connection if the provided `SSLContext` is `null`. If there is an existing
connection to the server that uses the same SSLContext and that connection
supports multiplexing WebSocket connections then the container may choose to
re-use that connection rather than creating a new one. Containers may provide
container specific configuration to control this behaviour.

[[client-configuration-modification]]
==== Client Configuration Modification

Expand Down Expand Up @@ -1501,6 +1512,9 @@ subsequent changes to the MessageHandlers configured for the Session.
* https://github.com/eclipse-ee4j/websocket-api/issues/207[Issue 207]
Add a getter for the default platform configurator.

* https://github.com/eclipse-ee4j/websocket-api/issues/210[Issue 210]
Provide an API for client-side TLS configuration.

* https://github.com/eclipse-ee4j/websocket-api/issues/211[Issue 211]
Remove the restriction that, in a Jakarta web container environment, endpoints
can only registered during the deployment of the web application. Also add a new
Expand Down

0 comments on commit 595dfd1

Please sign in to comment.