Change DefaultSslEngineFactory to lazily build its SslContext, which makes it feasible provide a subclass of DSEF via config that can customize the SslContext as it is built. Let SSLContext errors be detected early by adding init() to SslEngineFactory.

Author: Marshall Pierce

client/src/main/java/org/asynchttpclient/SslEngineFactory.java

@@ -14,6 +14,7 @@
 package org.asynchttpclient;
 
 import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
 
 public interface SslEngineFactory {
 
@@ -26,4 +27,16 @@ public interface SslEngineFactory {
      * @return new engine
      */
     SSLEngine newSslEngine(AsyncHttpClientConfig config, String peerHost, int peerPort);
+
+    /**
+     * Perform any necessary one-time configuration. This will be called just once before {@code newSslEngine} is called
+     * for the first time.
+     *
+     * @param config the client config
+     * @throws SSLException if initialization fails. If an exception is thrown, the instance will not be used as client
+     *                      creation will fail.
+     */
+    default void init(AsyncHttpClientConfig config) throws SSLException {
+        // no op
+    }
 }

client/src/main/java/org/asynchttpclient/netty/channel/ChannelManager.java

@@ -111,10 +111,11 @@ public class ChannelManager {
     public ChannelManager(final AsyncHttpClientConfig config, Timer nettyTimer) {
 
         this.config = config;
+        this.sslEngineFactory = config.getSslEngineFactory() != null ? config.getSslEngineFactory() : new DefaultSslEngineFactory();
         try {
-            this.sslEngineFactory = config.getSslEngineFactory() != null ? config.getSslEngineFactory() : new DefaultSslEngineFactory(config);
+            this.sslEngineFactory.init(config);
         } catch (SSLException e) {
-            throw new ExceptionInInitializerError(e);
+            throw new RuntimeException("Could not initialize sslEngineFactory", e);
         }
 
         ChannelPool channelPool = config.getChannelPool();

client/src/main/java/org/asynchttpclient/netty/ssl/DefaultSslEngineFactory.java

@@ -26,13 +26,9 @@
 
 public class DefaultSslEngineFactory extends SslEngineFactoryBase {
 
-    private final SslContext sslContext;
+    private volatile SslContext sslContext;
 
-    public DefaultSslEngineFactory(AsyncHttpClientConfig config) throws SSLException {
-        this.sslContext = getSslContext(config);
-    }
-
-    private SslContext getSslContext(AsyncHttpClientConfig config) throws SSLException {
+    private SslContext buildSslContext(AsyncHttpClientConfig config) throws SSLException {
         if (config.getSslContext() != null)
             return config.getSslContext();
 
@@ -44,7 +40,7 @@ private SslContext getSslContext(AsyncHttpClientConfig config) throws SSLExcepti
         if (config.isAcceptAnyCertificate())
             sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
 
-        return sslContextBuilder.build();
+        return configureSslContextBuilder(sslContextBuilder).build();
     }
 
     @Override
@@ -54,4 +50,22 @@ public SSLEngine newSslEngine(AsyncHttpClientConfig config, String peerHost, int
         configureSslEngine(sslEngine, config);
         return sslEngine;
     }
+
+    @Override
+    public void init(AsyncHttpClientConfig config) throws SSLException {
+        sslContext = buildSslContext(config);
+    }
+
+    /**
+     * The last step of configuring the SslContextBuilder used to create an SslContext when no context is provided in
+     * the {@link AsyncHttpClientConfig}. This defaults to no-op and is intended to be overridden as needed.
+     *
+     * @param builder builder with normal configuration applied
+     * @return builder to be used to build context (can be the same object as the input)
+     */
+    protected SslContextBuilder configureSslContextBuilder(SslContextBuilder builder) {
+        // default to no op
+        return builder;
+    }
+
 }