Make SslContext creation more flexible

Introduce the SslContextFactory interface, in use in the ConnectionFactory
to create SslContext instance based on the connection name.
The existing ConnectionFactory#useSslProtocol() methods still work
the same way (they end using a SslContextFactory that returns the
same SslContext, whatever the name of the connection is).
This introduces a breaking change in the FrameHandlerFactory
by adding a new connectionName parameter. It should impact many
users, as this is more an internal API.

Fixes #241

Author: acogoluegnes

src/main/java/com/rabbitmq/client/ConnectionFactory.java

@@ -94,7 +94,7 @@ public class ConnectionFactory implements Cloneable {
     private int handshakeTimeout                  = DEFAULT_HANDSHAKE_TIMEOUT;
     private int shutdownTimeout                   = DEFAULT_SHUTDOWN_TIMEOUT;
     private Map<String, Object> _clientProperties = AMQConnection.defaultClientProperties();
-    private SocketFactory factory                 = SocketFactory.getDefault();
+    private SocketFactory factory                 = null;
     private SaslConfig saslConfig                 = DefaultSaslConfig.PLAIN;
     private ExecutorService sharedExecutor;
     private ThreadFactory threadFactory           = Executors.defaultThreadFactory();
@@ -119,7 +119,7 @@ public class ConnectionFactory implements Cloneable {
     private FrameHandlerFactory frameHandlerFactory;
     private NioParams nioParams = new NioParams();
 
-    private SSLContext sslContext;
+    private SslContextFactory sslContextFactory;
 
     /**
      * Continuation timeout on RPC calls.
@@ -449,7 +449,8 @@ public SocketFactory getSocketFactory() {
      * Set the socket factory used to make connections with. Can be
      * used to enable SSL connections by passing in a
      * javax.net.ssl.SSLSocketFactory instance.
-     *
+     * Note this applies only to blocking IO, not to
+     * NIO, as the NIO API doesn't use the SocketFactory API.
      * @see #useSslProtocol
      */
     public void setSocketFactory(SocketFactory factory) {
@@ -556,7 +557,7 @@ public void setExceptionHandler(ExceptionHandler exceptionHandler) {
     }
 
     public boolean isSSL(){
-        return getSocketFactory() instanceof SSLSocketFactory;
+        return getSocketFactory() instanceof SSLSocketFactory || sslContextFactory != null;
     }
 
     /**
@@ -572,6 +573,10 @@ public void useSslProtocol()
     /**
      * Convenience method for setting up a SSL socket factory/engine, using
      * the supplied protocol and a very trusting TrustManager.
+     * The produced {@link SSLContext} instance will be shared by all
+     * the connections created by this connection factory. Use
+     * {@link #setSslContextFactory(SslContextFactory)} for more flexibility.
+     * @see #setSslContextFactory(SslContextFactory)
      */
     public void useSslProtocol(String protocol)
         throws NoSuchAlgorithmException, KeyManagementException
@@ -582,8 +587,11 @@ public void useSslProtocol(String protocol)
     /**
      * Convenience method for setting up an SSL socket factory/engine.
      * Pass in the SSL protocol to use, e.g. "TLSv1" or "TLSv1.2".
-     *
+     * The produced {@link SSLContext} instance will be shared with all
+     * the connections created by this connection factory. Use
+     * {@link #setSslContextFactory(SslContextFactory)} for more flexibility.
      * @param protocol SSL protocol to use.
+     * @see #setSslContextFactory(SslContextFactory)
      */
     public void useSslProtocol(String protocol, TrustManager trustManager)
         throws NoSuchAlgorithmException, KeyManagementException
@@ -596,12 +604,15 @@ public void useSslProtocol(String protocol, TrustManager trustManager)
     /**
      * Convenience method for setting up an SSL socket factory/engine.
      * Pass in an initialized SSLContext.
-     *
+     * The {@link SSLContext} instance will be shared with all
+     * the connections created by this connection factory. Use
+     * {@link #setSslContextFactory(SslContextFactory)} for more flexibility.
      * @param context An initialized SSLContext
+     * @see #setSslContextFactory(SslContextFactory)
      */
     public void useSslProtocol(SSLContext context) {
+        this.sslContextFactory = name -> context;
         setSocketFactory(context.getSocketFactory());
-        this.sslContext = context;
     }
 
     public static String computeDefaultTlsProcotol(String[] supportedProtocols) {
@@ -667,11 +678,11 @@ protected synchronized FrameHandlerFactory createFrameHandlerFactory() throws IO
                 if(this.nioParams.getNioExecutor() == null && this.nioParams.getThreadFactory() == null) {
                     this.nioParams.setThreadFactory(getThreadFactory());
                 }
-                this.frameHandlerFactory = new SocketChannelFrameHandlerFactory(connectionTimeout, nioParams, isSSL(), sslContext);
+                this.frameHandlerFactory = new SocketChannelFrameHandlerFactory(connectionTimeout, nioParams, isSSL(), sslContextFactory);
             }
             return this.frameHandlerFactory;
         } else {
-            return new SocketFrameHandlerFactory(connectionTimeout, factory, socketConf, isSSL(), this.shutdownExecutor);
+            return new SocketFrameHandlerFactory(connectionTimeout, factory, socketConf, isSSL(), this.shutdownExecutor, sslContextFactory);
         }
 
     }
@@ -915,7 +926,7 @@ public Connection newConnection(ExecutorService executor, AddressResolver addres
             Exception lastException = null;
             for (Address addr : addrs) {
                 try {
-                    FrameHandler handler = fhFactory.create(addr);
+                    FrameHandler handler = fhFactory.create(addr, clientProvidedName);
                     AMQConnection conn = createConnection(params, handler, metricsCollector);
                     conn.start();
                     this.metricsCollector.newConnection(conn);
@@ -1124,4 +1135,20 @@ public void setChannelRpcTimeout(int channelRpcTimeout) {
     public int getChannelRpcTimeout() {
         return channelRpcTimeout;
     }
+
+    /**
+     * The factory to create SSL contexts.
+     * This provides more flexibility to create {@link SSLContext}s
+     * for different connections than sharing the {@link SSLContext}
+     * with all the connections produced by the connection factory
+     * (which is the case with the {@link #useSslProtocol()} methods).
+     * This way, different connections with a different certificate
+     * for each of them is a possible scenario.
+     * @param sslContextFactory
+     * @see #useSslProtocol(SSLContext)
+     * @since 5.0.0
+     */
+    public void setSslContextFactory(SslContextFactory sslContextFactory) {
+        this.sslContextFactory = sslContextFactory;
+    }
 }

src/main/java/com/rabbitmq/client/SslContextFactory.java

@@ -0,0 +1,37 @@
+// Copyright (c) 2017-Present Pivotal Software, Inc.  All rights reserved.
+//
+// This software, the RabbitMQ Java client library, is triple-licensed under the
+// Mozilla Public License 1.1 ("MPL"), the GNU General Public License version 2
+// ("GPL") and the Apache License version 2 ("ASL"). For the MPL, please see
+// LICENSE-MPL-RabbitMQ. For the GPL, please see LICENSE-GPL2.  For the ASL,
+// please see LICENSE-APACHE2.
+//
+// This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND,
+// either express or implied. See the LICENSE file for specific language governing
+// rights and limitations of this software.
+//
+// If you have any questions regarding licensing, please contact us at
+// [email protected].
+
+package com.rabbitmq.client;
+
+import javax.net.ssl.SSLContext;
+
+/**
+ * A factory to create {@link SSLContext}s.
+ *
+ * @see ConnectionFactory#setSslContextFactory(SslContextFactory)
+ * @since 5.0.0
+ */
+public interface SslContextFactory {
+
+    /**
+     * Create a {@link SSLContext} for a given name.
+     * The name is typically the name of the connection.
+     * @param name name of the connection the SSLContext is used for
+     * @return the SSLContext for this name
+     * @see ConnectionFactory#newConnection(String)
+     */
+    SSLContext create(String name);
+
+}

src/main/java/com/rabbitmq/client/impl/FrameHandlerFactory.java

@@ -9,6 +9,6 @@
  */
 public interface FrameHandlerFactory {
 
-    FrameHandler create(Address addr) throws IOException;
+    FrameHandler create(Address addr, String connectionName) throws IOException;
 
 }

src/main/java/com/rabbitmq/client/impl/SocketFrameHandlerFactory.java

@@ -18,6 +18,7 @@
 import com.rabbitmq.client.Address;
 import com.rabbitmq.client.ConnectionFactory;
 import com.rabbitmq.client.SocketConfigurator;
+import com.rabbitmq.client.SslContextFactory;
 
 import javax.net.SocketFactory;
 import java.io.IOException;
@@ -29,23 +30,29 @@ public class SocketFrameHandlerFactory extends AbstractFrameHandlerFactory {
 
     private final SocketFactory factory;
     private final ExecutorService shutdownExecutor;
+    private final SslContextFactory sslContextFactory;
 
     public SocketFrameHandlerFactory(int connectionTimeout, SocketFactory factory, SocketConfigurator configurator, boolean ssl) {
         this(connectionTimeout, factory, configurator, ssl, null);
     }
 
     public SocketFrameHandlerFactory(int connectionTimeout, SocketFactory factory, SocketConfigurator configurator, boolean ssl, ExecutorService shutdownExecutor) {
+        this(connectionTimeout, factory, configurator, ssl, shutdownExecutor, null);
+    }
+
+    public SocketFrameHandlerFactory(int connectionTimeout, SocketFactory factory, SocketConfigurator configurator, boolean ssl, ExecutorService shutdownExecutor, SslContextFactory sslContextFactory) {
         super(connectionTimeout, configurator, ssl);
         this.factory = factory;
         this.shutdownExecutor = shutdownExecutor;
+        this.sslContextFactory = sslContextFactory;
     }
 
-    public FrameHandler create(Address addr) throws IOException {
+    public FrameHandler create(Address addr, String connectionName) throws IOException {
         String hostName = addr.getHost();
         int portNumber = ConnectionFactory.portOrDefault(addr.getPort(), ssl);
         Socket socket = null;
         try {
-            socket = factory.createSocket();
+            socket = createSocket(connectionName);
             configurator.configure(socket);
             socket.connect(new InetSocketAddress(hostName, portNumber),
                     connectionTimeout);
@@ -56,6 +63,19 @@ public FrameHandler create(Address addr) throws IOException {
         }
     }
 
+    protected Socket createSocket(String connectionName) throws IOException {
+        // SocketFactory takes precedence if specified
+        if (factory != null) {
+            return factory.createSocket();
+        } else {
+            if (ssl) {
+                return sslContextFactory.create(connectionName).getSocketFactory().createSocket();
+            } else {
+                return SocketFactory.getDefault().createSocket();
+            }
+        }
+    }
+
     public FrameHandler create(Socket sock) throws IOException
     {
         return new SocketFrameHandler(sock, this.shutdownExecutor);

src/main/java/com/rabbitmq/client/impl/nio/SocketChannelFrameHandlerFactory.java

@@ -17,6 +17,7 @@
 
 import com.rabbitmq.client.Address;
 import com.rabbitmq.client.ConnectionFactory;
+import com.rabbitmq.client.SslContextFactory;
 import com.rabbitmq.client.impl.AbstractFrameHandlerFactory;
 import com.rabbitmq.client.impl.FrameHandler;
 
@@ -40,34 +41,35 @@ public class SocketChannelFrameHandlerFactory extends AbstractFrameHandlerFactor
 
     final NioParams nioParams;
 
-    private final SSLContext sslContext;
+    private final SslContextFactory sslContextFactory;
 
     private final Lock stateLock = new ReentrantLock();
 
     private final AtomicLong globalConnectionCount = new AtomicLong();
 
     private final List<NioLoopContext> nioLoopContexts;
 
-    public SocketChannelFrameHandlerFactory(int connectionTimeout, NioParams nioParams, boolean ssl, SSLContext sslContext)
+    public SocketChannelFrameHandlerFactory(int connectionTimeout, NioParams nioParams, boolean ssl, SslContextFactory sslContextFactory)
         throws IOException {
         super(connectionTimeout, null, ssl);
         this.nioParams = new NioParams(nioParams);
-        this.sslContext = sslContext;
+        this.sslContextFactory = sslContextFactory;
         this.nioLoopContexts = new ArrayList<NioLoopContext>(this.nioParams.getNbIoThreads());
         for (int i = 0; i < this.nioParams.getNbIoThreads(); i++) {
             this.nioLoopContexts.add(new NioLoopContext(this, this.nioParams));
         }
     }
 
     @Override
-    public FrameHandler create(Address addr) throws IOException {
+    public FrameHandler create(Address addr, String connectionName) throws IOException {
         int portNumber = ConnectionFactory.portOrDefault(addr.getPort(), ssl);
 
         SSLEngine sslEngine = null;
         SocketChannel channel = null;
 
         try {
             if (ssl) {
+                SSLContext sslContext = sslContextFactory.create(connectionName);
                 sslEngine = sslContext.createSSLEngine(addr.getHost(), portNumber);
                 sslEngine.setUseClientMode(true);
             }

src/main/java/com/rabbitmq/client/impl/recovery/RecoveryAwareAMQConnectionFactory.java

@@ -24,6 +24,7 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import java.util.concurrent.TimeoutException;
 
 public class RecoveryAwareAMQConnectionFactory {
@@ -58,7 +59,7 @@ public RecoveryAwareAMQConnection newConnection() throws IOException, TimeoutExc
 
         for (Address addr : shuffled) {
             try {
-                FrameHandler frameHandler = factory.create(addr);
+                FrameHandler frameHandler = factory.create(addr, connectionName());
                 RecoveryAwareAMQConnection conn = createConnection(params, frameHandler, metricsCollector);
                 conn.start();
                 metricsCollector.newConnection(conn);
@@ -89,4 +90,14 @@ private static List<Address> shuffle(List<Address> addrs) {
     protected RecoveryAwareAMQConnection createConnection(ConnectionParams params, FrameHandler handler, MetricsCollector metricsCollector) {
         return new RecoveryAwareAMQConnection(params, handler, metricsCollector);
     }
+
+    private String connectionName() {
+        Map<String, Object> clientProperties = params.getClientProperties();
+        if (clientProperties == null) {
+            return null;
+        } else {
+            Object connectionName = clientProperties.get("connection_name");
+            return connectionName == null ? null : connectionName.toString();
+        }
+    }
 }

src/test/java/com/rabbitmq/client/test/ChannelRpcTimeoutIntegrationTest.java

@@ -87,7 +87,7 @@ public void tearDown() throws Exception {
     private FrameHandler createFrameHandler() throws IOException {
         SocketFrameHandlerFactory socketFrameHandlerFactory = new SocketFrameHandlerFactory(ConnectionFactory.DEFAULT_CONNECTION_TIMEOUT,
             SocketFactory.getDefault(), new DefaultSocketConfigurator(), false, null);
-        return socketFrameHandlerFactory.create(new Address("localhost"));
+        return socketFrameHandlerFactory.create(new Address("localhost"), null);
     }
 
     static class WaitingChannel extends ChannelN {

src/test/java/com/rabbitmq/client/test/ClientTests.java

@@ -49,6 +49,7 @@
     ConnectionFactoryTest.class,
     RecoveryAwareAMQConnectionFactoryTest.class,
     RpcTest.class,
+    SslContextFactoryTest.class,
     LambdaCallbackTest.class
 })
 public class ClientTests {