From ae1613a41a5adbf0e53ab555f300a16a9fe100bc Mon Sep 17 00:00:00 2001
From: "Marcelo Monteiro (tuxmonteiro)" <marcelotmonteiro@gmail.com>
Date: Fri, 18 Jan 2019 16:44:29 -0200
Subject: [PATCH] Add custom SSL ciphers support

---
 .../grou/groot/channel/ChannelManager.java    | 19 ++++++++-------
 .../{SslService.java => SslEngine.java}       | 17 +++++++++----
 .../groot/loader/RequestExecutorService.java  | 11 +++++----
 .../groot/test/properties/BaseProperty.java   | 14 +++++++++++
 .../groot/test/properties/SslProperty.java    | 24 +++++++++++++++++++
 5 files changed, 66 insertions(+), 19 deletions(-)
 rename src/main/java/com/globocom/grou/groot/channel/{SslService.java => SslEngine.java} (85%)
 create mode 100644 src/main/java/com/globocom/grou/groot/test/properties/SslProperty.java

diff --git a/src/main/java/com/globocom/grou/groot/channel/ChannelManager.java b/src/main/java/com/globocom/grou/groot/channel/ChannelManager.java
index 160df6a..9cd868e 100644
--- a/src/main/java/com/globocom/grou/groot/channel/ChannelManager.java
+++ b/src/main/java/com/globocom/grou/groot/channel/ChannelManager.java
@@ -30,6 +30,7 @@
 import io.netty.util.concurrent.ScheduledFuture;
 import java.net.URI;
 import java.util.AbstractMap.SimpleImmutableEntry;
+import java.util.List;
 import java.util.concurrent.CancellationException;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.Executors;
@@ -49,7 +50,8 @@ public class ChannelManager {
     private final long start;
     private final ScheduledExecutorService executor;
 
-    private SslService sslService = null;
+    private final SslEngine sslEngine = new SslEngine();
+    private List<String> ciphers = null;
     private MonitorService monitorService = null;
     private Bootstrap bootstrap = null;
     private EventLoopGroup group = null;
@@ -66,11 +68,6 @@ public ChannelManager() {
         executor = Executors.newSingleThreadScheduledExecutor();
     }
 
-    public ChannelManager setSslService(SslService sslService) {
-        this.sslService = sslService;
-        return this;
-    }
-
     public ChannelManager setMonitorService(MonitorService monitorService) {
         this.monitorService = monitorService;
         return this;
@@ -109,9 +106,13 @@ public ChannelManager setNumConn(int numConn) {
         return this;
     }
 
+    public ChannelManager setSslCiphers(List<String> ciphers) {
+        this.ciphers = ciphers;
+        return this;
+    }
+
     public ChannelManager check() throws IllegalArgumentException {
         if (monitorService == null ||
-            sslService == null ||
             numConn == 0 ||
             durationSec == 0 ||
             bootstrap == null ||
@@ -125,9 +126,9 @@ public ChannelManager check() throws IllegalArgumentException {
 
     private ChannelInitializer initializer(Proto proto) {
         if (proto == Proto.H2 || proto == Proto.H2C) {
-            return new Http2ClientInitializer(sslService.sslContext(proto.isSsl()), Integer.MAX_VALUE, monitorService);
+            return new Http2ClientInitializer(sslEngine.setCiphers(ciphers).sslContext(proto.isSsl()), Integer.MAX_VALUE, monitorService);
         }
-        return new Http1ClientInitializer(sslService.sslContext(proto.isSsl()), monitorService);
+        return new Http1ClientInitializer(sslEngine.setCiphers(ciphers).sslContext(proto.isSsl()), monitorService);
     }
 
     private SimpleImmutableEntry<Channel, ScheduledFuture> newChannel() throws Exception {
diff --git a/src/main/java/com/globocom/grou/groot/channel/SslService.java b/src/main/java/com/globocom/grou/groot/channel/SslEngine.java
similarity index 85%
rename from src/main/java/com/globocom/grou/groot/channel/SslService.java
rename to src/main/java/com/globocom/grou/groot/channel/SslEngine.java
index 5e57b67..8180966 100644
--- a/src/main/java/com/globocom/grou/groot/channel/SslService.java
+++ b/src/main/java/com/globocom/grou/groot/channel/SslEngine.java
@@ -28,15 +28,22 @@
 import io.netty.handler.ssl.SslProvider;
 import io.netty.handler.ssl.SupportedCipherSuiteFilter;
 import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+import java.util.List;
 import javax.net.ssl.SSLException;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.stereotype.Service;
 
-@Service
-public class SslService {
+public class SslEngine {
 
-    private static final Log LOGGER = LogFactory.getLog(SslService.class);
+    private static final Log LOGGER = LogFactory.getLog(SslEngine.class);
+    private static final List<String> DEFAULT_CIPHERS = Http2SecurityUtil.CIPHERS;
+
+    private List<String> ciphers = null;
+
+    public SslEngine setCiphers(List<String> ciphers) {
+        this.ciphers = ciphers;
+        return this;
+    }
 
     public SslContext sslContext(boolean ssl) {
         if (ssl) {
@@ -46,7 +53,7 @@ public SslContext sslContext(boolean ssl) {
                     .sslProvider(provider)
                     /* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification.
                      * Please refer to the HTTP/2 specification for cipher requirements. */
-                    .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
+                    .ciphers(ciphers == null ? DEFAULT_CIPHERS : ciphers, SupportedCipherSuiteFilter.INSTANCE)
                     .trustManager(InsecureTrustManagerFactory.INSTANCE)
                     .applicationProtocolConfig(new ApplicationProtocolConfig(
                         Protocol.ALPN,
diff --git a/src/main/java/com/globocom/grou/groot/loader/RequestExecutorService.java b/src/main/java/com/globocom/grou/groot/loader/RequestExecutorService.java
index f90341b..b641f03 100644
--- a/src/main/java/com/globocom/grou/groot/loader/RequestExecutorService.java
+++ b/src/main/java/com/globocom/grou/groot/loader/RequestExecutorService.java
@@ -20,11 +20,12 @@
 import com.globocom.grou.groot.channel.BootstrapBuilder;
 import com.globocom.grou.groot.channel.ChannelManager;
 import com.globocom.grou.groot.channel.RequestUtils;
-import com.globocom.grou.groot.channel.SslService;
 import com.globocom.grou.groot.monit.MonitorService;
 import com.globocom.grou.groot.test.properties.BaseProperty;
+import com.globocom.grou.groot.test.properties.SslProperty;
 import io.netty.bootstrap.Bootstrap;
 import io.netty.handler.codec.http.FullHttpRequest;
+import java.util.List;
 import java.util.Optional;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
@@ -38,12 +39,10 @@ public class RequestExecutorService {
 
     private static final Log LOGGER = LogFactory.getLog(RequestExecutorService.class);
 
-    private final SslService sslService;
     private final MonitorService monitorService;
 
     @Autowired
-    public RequestExecutorService(SslService sslService, MonitorService monitorService) {
-        this.sslService = sslService;
+    public RequestExecutorService(MonitorService monitorService) {
         this.monitorService = monitorService;
     }
 
@@ -52,6 +51,8 @@ public void submit(BaseProperty property) throws RuntimeException {
         int maxTestDuration = Integer.parseInt(SystemEnv.MAX_TEST_DURATION.getValue());
         int durationSec = getDurationSec(property, maxTestDuration);
         int fixedDelay = property.getFixedDelay();
+        SslProperty sslProperty = Optional.ofNullable(property.getSsl()).orElse(new SslProperty());
+        List<String> ciphers = sslProperty.getCiphers();
 
         String scheme = RequestUtils.extractScheme(property);
         if (scheme == null) {
@@ -66,7 +67,7 @@ public void submit(BaseProperty property) throws RuntimeException {
         final ChannelManager channelManager = new ChannelManager()
             .setBootstrap(bootstrap)
             .setMonitorService(monitorService)
-            .setSslService(sslService)
+            .setSslCiphers(ciphers)
             .setProto(proto)
             .setDurationSec(durationSec)
             .setFixedDelay(fixedDelay)
diff --git a/src/main/java/com/globocom/grou/groot/test/properties/BaseProperty.java b/src/main/java/com/globocom/grou/groot/test/properties/BaseProperty.java
index f238c72..86c15ac 100644
--- a/src/main/java/com/globocom/grou/groot/test/properties/BaseProperty.java
+++ b/src/main/java/com/globocom/grou/groot/test/properties/BaseProperty.java
@@ -63,6 +63,11 @@ public class BaseProperty implements Serializable {
      */
     private AuthProperty auth;
 
+    /**
+     * SSL properties.
+     */
+    private SslProperty ssl;
+
     /**
      * Body request
      */
@@ -229,6 +234,15 @@ public BaseProperty setAuth(AuthProperty auth) {
         return this;
     }
 
+    public SslProperty getSsl() {
+        return ssl;
+    }
+
+    public BaseProperty setSsl(SslProperty ssl) {
+        this.ssl = ssl;
+        return this;
+    }
+
     public String getBody() {
         return body;
     }
diff --git a/src/main/java/com/globocom/grou/groot/test/properties/SslProperty.java b/src/main/java/com/globocom/grou/groot/test/properties/SslProperty.java
new file mode 100644
index 0000000..16626b7
--- /dev/null
+++ b/src/main/java/com/globocom/grou/groot/test/properties/SslProperty.java
@@ -0,0 +1,24 @@
+package com.globocom.grou.groot.test.properties;
+
+import static com.fasterxml.jackson.annotation.JsonInclude.Include.NON_NULL;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+import java.io.Serializable;
+import java.util.List;
+
+@JsonInclude(NON_NULL)
+public class SslProperty implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    private List<String> ciphers;
+
+    public List<String> getCiphers() {
+        return ciphers;
+    }
+
+    public SslProperty setCiphers(List<String> ciphers) {
+        this.ciphers = ciphers;
+        return this;
+    }
+}