Application Protocol Negotiation support for TLS

author Ruslan Kashapov <ruslan.kashapov@pantheon.tech>

Thu, 29 Feb 2024 06:40:48 +0000 (08:40 +0200)

committer Robert Varga <robert.varga@pantheon.tech>

Sun, 17 Mar 2024 14:59:11 +0000 (15:59 +0100)
author Ruslan Kashapov <ruslan.kashapov@pantheon.tech>
Thu, 29 Feb 2024 06:40:48 +0000 (08:40 +0200)
committer Robert Varga <robert.varga@pantheon.tech>
Sun, 17 Mar 2024 14:59:11 +0000 (15:59 +0100)
diff --git a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/SslHandlerFactory.java b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/SslHandlerFactory.java

index 97b724907594c71e3a7259d58e317ed6a2da1aa7..991d9d518bb23947763f51cd6001ca4eef60a453 100644 (file)
--- a/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/SslHandlerFactory.java
+++ b/transport/transport-tls/src/main/java/org/opendaylight/netconf/transport/tls/SslHandlerFactory.java
@@ -17,6 +17,7 @@ import static org.opendaylight.netconf.transport.tls.KeyStoreUtils.newKeyStore;
  import com.google.common.collect.ImmutableList;
  import com.google.common.collect.ImmutableMap;
  import io.netty.channel.Channel;
+import io.netty.handler.ssl.ApplicationProtocolConfig;
  import io.netty.handler.ssl.ClientAuth;
  import io.netty.handler.ssl.SslContext;
  import io.netty.handler.ssl.SslContextBuilder;
@@ -115,7 +116,12 @@ public abstract class SslHandlerFactory {
  
      protected static final @NonNull SslContext createSslContext(final @NonNull TlsClientGrouping clientParams)
              throws UnsupportedConfigurationException {
-        final var builder = SslContextBuilder.forClient();
+        return createSslContext(clientParams, null);
+    }
+
+    protected static final @NonNull SslContext createSslContext(final @NonNull TlsClientGrouping clientParams,
+            final @Nullable ApplicationProtocolConfig apn) throws UnsupportedConfigurationException {
+        final var builder = SslContextBuilder.forClient().applicationProtocolConfig(apn);
  
          final var clientIdentity = clientParams.getClientIdentity();
          if (clientIdentity != null) {
@@ -156,6 +162,11 @@ public abstract class SslHandlerFactory {
  
      protected static final @NonNull SslContext createSslContext(final @NonNull TlsServerGrouping serverParams)
              throws UnsupportedConfigurationException {
+        return createSslContext(serverParams, null);
+    }
+
+    protected static final @NonNull SslContext createSslContext(final @NonNull TlsServerGrouping serverParams,
+            final @Nullable ApplicationProtocolConfig apn) throws UnsupportedConfigurationException {
          final var serverIdentity = serverParams.getServerIdentity();
          if (serverIdentity == null) {
              throw new UnsupportedConfigurationException("Missing server identity");
@@ -198,7 +209,7 @@ public abstract class SslHandlerFactory {
              builder.clientAuth(ClientAuth.NONE);
          }
  
-        return buildSslContext(builder, serverParams.getHelloParams());
+        return buildSslContext(builder.applicationProtocolConfig(apn), serverParams.getHelloParams());
      }
  
      // FIXME: should be TrustManagerBuilder
author	Ruslan Kashapov <ruslan.kashapov@pantheon.tech>
	Thu, 29 Feb 2024 06:40:48 +0000 (08:40 +0200)
committer	Robert Varga <robert.varga@pantheon.tech>
	Sun, 17 Mar 2024 14:59:11 +0000 (15:59 +0100)