load sm context builder from class loader (#914)

* load sm context builder from class loader

* fix load cert by relative path failed bug

Author: ywy2090

build.gradle

@@ -35,7 +35,7 @@ ext {
 // integrationTest.mustRunAfter test
 allprojects {
     group = 'org.fisco-bcos.java-sdk'
-    version = '2.10.0'
+    version = '2.10.1-SNAPSHOT'
     apply plugin: 'maven'
     apply plugin: 'maven-publish'
     apply plugin: 'idea'

sdk-core/src/main/java/org/fisco/bcos/sdk/config/model/ConfigProperty.java

@@ -105,7 +105,7 @@ public static InputStream getConfigInputStream(String configFilePath) throws Con
         }
         InputStream inputStream = null;
         try {
-            configFilePath = configFilePath.replace("..", "");
+            // configFilePath = configFilePath.replace("..", "");
             inputStream = new FileInputStream(configFilePath);
             if (inputStream != null) {
                 return inputStream;

sdk-core/src/main/java/org/fisco/bcos/sdk/network/ConnectionManager.java

@@ -28,16 +28,11 @@
 import io.netty.channel.socket.SocketChannel;
 import io.netty.channel.socket.nio.NioSocketChannel;
 import io.netty.handler.codec.LengthFieldBasedFrameDecoder;
-import io.netty.handler.ssl.SMSslClientContextFactory;
 import io.netty.handler.ssl.SslContext;
-import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.SslHandler;
-import io.netty.handler.ssl.SslProvider;
 import io.netty.handler.timeout.IdleStateHandler;
 import io.netty.util.concurrent.Future;
-import java.io.IOException;
 import java.nio.channels.ClosedChannelException;
-import java.security.Security;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -70,6 +65,9 @@ public class ConnectionManager {
     private EventLoopGroup workerGroup;
     private Boolean running = false;
     private Bootstrap bootstrap = new Bootstrap();
+
+    private SslContextInitializer sslContextInitializer = new SslContextInitializer();
+
     private List<ChannelFuture> connChannelFuture = new ArrayList<ChannelFuture>();
     private ScheduledExecutorService reconnSchedule = new ScheduledThreadPoolExecutor(1);
     private int cryptoType;
@@ -228,85 +226,6 @@ public ChannelHandlerContext getConnectionCtx(String peer) {
         return availableConnections.get(peer);
     }
 
-    private SslContext initSslContext(ConfigOption configOption) throws NetworkException {
-        try {
-            Security.setProperty("jdk.disabled.namedCurves", "");
-            System.setProperty("jdk.sunec.disableNative", "false");
-
-            // Get file, file existence is already checked when check config file.
-            // Init SslContext
-            logger.info(" build ECDSA ssl context with configured certificates ");
-            SslContext sslCtx =
-                    SslContextBuilder.forClient()
-                            .trustManager(configOption.getCryptoMaterialConfig().getCaInputStream())
-                            .keyManager(
-                                    configOption.getCryptoMaterialConfig().getSdkCertInputStream(),
-                                    configOption
-                                            .getCryptoMaterialConfig()
-                                            .getSdkPrivateKeyInputStream())
-                            .sslProvider(SslProvider.OPENSSL)
-                            // .sslProvider(SslProvider.JDK)
-                            .build();
-            return sslCtx;
-        } catch (IOException e) {
-            logger.error(
-                    "initSslContext failed, caCert: {}, sslCert: {}, sslKey: {}, error: {}, e: {}",
-                    configOption.getCryptoMaterialConfig().getCaCertPath(),
-                    configOption.getCryptoMaterialConfig().getSdkCertPath(),
-                    configOption.getCryptoMaterialConfig().getSdkPrivateKeyPath(),
-                    e.getMessage(),
-                    e);
-            throw new NetworkException(
-                    "SSL context init failed, please make sure your cert and key files are properly configured. error info: "
-                            + e.getMessage(),
-                    NetworkException.INIT_CONTEXT_FAILED);
-        } catch (IllegalArgumentException e) {
-            logger.error("initSslContext failed, error: {}, e: {}", e.getMessage(), e);
-            throw new NetworkException(
-                    "SSL context init failed, error info: " + e.getMessage(),
-                    NetworkException.INIT_CONTEXT_FAILED);
-        }
-    }
-
-    private SslContext initSMSslContext(ConfigOption configOption) throws NetworkException {
-        try {
-            // Get file, file existence is already checked when check config file.
-            // Init SslContext
-            return SMSslClientContextFactory.build(
-                    configOption.getCryptoMaterialConfig().getCaInputStream(),
-                    configOption.getCryptoMaterialConfig().getEnSSLCertInputStream(),
-                    configOption.getCryptoMaterialConfig().getEnSSLPrivateKeyInputStream(),
-                    configOption.getCryptoMaterialConfig().getSdkCertInputStream(),
-                    configOption.getCryptoMaterialConfig().getSdkPrivateKeyInputStream());
-        } catch (Exception e) {
-            if (configOption.getCryptoMaterialConfig().getCryptoProvider().equalsIgnoreCase(HSM)) {
-                logger.error(
-                        "initSMSslContext failed, caCert:{}, sslCert: {}, sslKeyIndex: {}, enCert: {}, enSslKeyIndex: {}, error: {}, e: {}",
-                        configOption.getCryptoMaterialConfig().getCaCertPath(),
-                        configOption.getCryptoMaterialConfig().getSdkCertPath(),
-                        configOption.getCryptoMaterialConfig().getSslKeyIndex(),
-                        configOption.getCryptoMaterialConfig().getEnSSLCertPath(),
-                        configOption.getCryptoMaterialConfig().getEnSslKeyIndex(),
-                        e.getMessage(),
-                        e);
-            } else {
-                logger.error(
-                        "initSMSslContext failed, caCert:{}, sslCert: {}, sslKey: {}, enCert: {}, enSslKey: {}, error: {}, e: {}",
-                        configOption.getCryptoMaterialConfig().getCaCertPath(),
-                        configOption.getCryptoMaterialConfig().getSdkCertPath(),
-                        configOption.getCryptoMaterialConfig().getSdkPrivateKeyPath(),
-                        configOption.getCryptoMaterialConfig().getEnSSLCertPath(),
-                        configOption.getCryptoMaterialConfig().getEnSSLPrivateKeyPath(),
-                        e.getMessage(),
-                        e);
-            }
-            throw new NetworkException(
-                    "SSL context init failed, please make sure your cert and key files are properly configured. error info: "
-                            + e.getMessage(),
-                    e);
-        }
-    }
-
     private void initNetty(ConfigOption configOption) throws NetworkException {
         workerGroup = new NioEventLoopGroup();
         bootstrap.group(workerGroup);
@@ -324,8 +243,8 @@ private void initNetty(ConfigOption configOption) throws NetworkException {
         }
         sslContext =
                 (sslCryptoType == CryptoType.ECDSA_TYPE
-                        ? initSslContext(configOption)
-                        : initSMSslContext(configOption));
+                        ? sslContextInitializer.initSslContext(configOption)
+                        : sslContextInitializer.initSMSslContext(configOption));
         SslContext finalSslContext = sslContext;
         ChannelInitializer<SocketChannel> initializer =
                 new ChannelInitializer<SocketChannel>() {

sdk-core/src/main/java/org/fisco/bcos/sdk/network/SslContextInitializer.java

@@ -0,0 +1,142 @@
+package org.fisco.bcos.sdk.network;
+
+import static org.fisco.bcos.sdk.model.CryptoProviderType.HSM;
+
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.reflect.Method;
+import java.security.Security;
+import org.fisco.bcos.sdk.config.ConfigOption;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SslContextInitializer {
+
+    private static Logger logger = LoggerFactory.getLogger(SslContextInitializer.class);
+
+    private static boolean enableNettyOpenSSLProvider = false;
+
+    static {
+        String property = System.getProperty("fisco.netty.enable.openssl.provider");
+        if (property != null) {
+            enableNettyOpenSSLProvider = Boolean.valueOf(property);
+            logger.info("load `fisco.netty.enable.openssl.provider` value: {}", property);
+        }
+    }
+
+    public SslContext initSslContext(ConfigOption configOption) throws NetworkException {
+        try {
+            Security.setProperty("jdk.disabled.namedCurves", "");
+            System.setProperty("jdk.sunec.disableNative", "false");
+
+            // Get file, file existence is already checked when check config file.
+            // Init SslContext
+            logger.info(" build ECDSA ssl context with configured certificates ");
+
+            SslProvider sslProvider = SslProvider.JDK;
+            if (enableNettyOpenSSLProvider) {
+                sslProvider = SslProvider.OPENSSL;
+            }
+
+            logger.info("sslProvider: {}", sslProvider);
+
+            SslContext sslCtx =
+                    SslContextBuilder.forClient()
+                            .trustManager(configOption.getCryptoMaterialConfig().getCaInputStream())
+                            .keyManager(
+                                    configOption.getCryptoMaterialConfig().getSdkCertInputStream(),
+                                    configOption
+                                            .getCryptoMaterialConfig()
+                                            .getSdkPrivateKeyInputStream())
+                            // .sslProvider(SslProvider.OPENSSL)
+                            .sslProvider(sslProvider)
+                            .build();
+            return sslCtx;
+        } catch (IOException e) {
+            logger.error(
+                    "initSslContext failed, caCert: {}, sslCert: {}, sslKey: {}, error: {}, e: {}",
+                    configOption.getCryptoMaterialConfig().getCaCertPath(),
+                    configOption.getCryptoMaterialConfig().getSdkCertPath(),
+                    configOption.getCryptoMaterialConfig().getSdkPrivateKeyPath(),
+                    e.getMessage(),
+                    e);
+            throw new NetworkException(
+                    "SSL context init failed, please make sure your cert and key files are properly configured. error info: "
+                            + e.getMessage(),
+                    NetworkException.INIT_CONTEXT_FAILED);
+        } catch (IllegalArgumentException e) {
+            logger.error("initSslContext failed, error: {}, e: {}", e.getMessage(), e);
+            throw new NetworkException(
+                    "SSL context init failed, error info: " + e.getMessage(),
+                    NetworkException.INIT_CONTEXT_FAILED);
+        }
+    }
+
+    public SslContext initSMSslContext(ConfigOption configOption) throws NetworkException {
+        try {
+            // Get file, file existence is already checked when check config file.
+            InputStream caInputStream = configOption.getCryptoMaterialConfig().getCaInputStream();
+            InputStream enSSLCertInputStream =
+                    configOption.getCryptoMaterialConfig().getEnSSLCertInputStream();
+            InputStream enSSLPrivateKeyInputStream =
+                    configOption.getCryptoMaterialConfig().getEnSSLPrivateKeyInputStream();
+            InputStream sdkCertInputStream =
+                    configOption.getCryptoMaterialConfig().getSdkCertInputStream();
+            InputStream sdkPrivateKeyInputStream =
+                    configOption.getCryptoMaterialConfig().getSdkPrivateKeyInputStream();
+
+            String smContextFactoryClassName = "io.netty.handler.ssl.SMSslClientContextFactory";
+
+            Class<?> smContextFactoryClass = Class.forName(smContextFactoryClassName);
+            logger.info("加载类`{}`成功", smContextFactoryClassName);
+            Method buildMethod =
+                    smContextFactoryClass.getMethod(
+                            "build",
+                            InputStream.class,
+                            InputStream.class,
+                            InputStream.class,
+                            InputStream.class,
+                            InputStream.class);
+            SslContext sslContext =
+                    (SslContext)
+                            buildMethod.invoke(
+                                    null,
+                                    caInputStream,
+                                    enSSLCertInputStream,
+                                    enSSLPrivateKeyInputStream,
+                                    sdkCertInputStream,
+                                    sdkPrivateKeyInputStream);
+
+            return sslContext;
+        } catch (Exception e) {
+            if (configOption.getCryptoMaterialConfig().getCryptoProvider().equalsIgnoreCase(HSM)) {
+                logger.error(
+                        "initSMSslContext failed, caCert:{}, sslCert: {}, sslKeyIndex: {}, enCert: {}, enSslKeyIndex: {}, error: {}, e: {}",
+                        configOption.getCryptoMaterialConfig().getCaCertPath(),
+                        configOption.getCryptoMaterialConfig().getSdkCertPath(),
+                        configOption.getCryptoMaterialConfig().getSslKeyIndex(),
+                        configOption.getCryptoMaterialConfig().getEnSSLCertPath(),
+                        configOption.getCryptoMaterialConfig().getEnSslKeyIndex(),
+                        e.getMessage(),
+                        e);
+            } else {
+                logger.error(
+                        "initSMSslContext failed, caCert:{}, sslCert: {}, sslKey: {}, enCert: {}, enSslKey: {}, error: {}, e: {}",
+                        configOption.getCryptoMaterialConfig().getCaCertPath(),
+                        configOption.getCryptoMaterialConfig().getSdkCertPath(),
+                        configOption.getCryptoMaterialConfig().getSdkPrivateKeyPath(),
+                        configOption.getCryptoMaterialConfig().getEnSSLCertPath(),
+                        configOption.getCryptoMaterialConfig().getEnSSLPrivateKeyPath(),
+                        e.getMessage(),
+                        e);
+            }
+            throw new NetworkException(
+                    "SSL context init failed, please make sure your cert and key files are properly configured. error info: "
+                            + e.getMessage(),
+                    e);
+        }
+    }
+}