1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 package org.apache.hc.core5.http2.ssl;
29
30 import java.net.SocketAddress;
31
32 import javax.net.ssl.SSLContext;
33
34 import org.apache.hc.core5.concurrent.FutureCallback;
35 import org.apache.hc.core5.http.HttpHost;
36 import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
37 import org.apache.hc.core5.net.NamedEndpoint;
38 import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
39 import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
40 import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier;
41 import org.apache.hc.core5.reactor.ssl.TransportSecurityLayer;
42 import org.apache.hc.core5.ssl.SSLContexts;
43 import org.apache.hc.core5.util.Args;
44 import org.apache.hc.core5.util.Timeout;
45
46
47
48
49
50
51
52 public class ConscryptServerTlsStrategy implements TlsStrategy {
53
54 private final SSLContext sslContext;
55 @SuppressWarnings("deprecation")
56 private final org.apache.hc.core5.http.nio.ssl.SecurePortStrategy securePortStrategy;
57 private final SSLBufferMode sslBufferMode;
58 private final SSLSessionInitializer initializer;
59 private final SSLSessionVerifier verifier;
60
61
62
63
64 @Deprecated
65 public ConscryptServerTlsStrategy(
66 final SSLContext sslContext,
67 final org.apache.hc.core5.http.nio.ssl.SecurePortStrategy securePortStrategy,
68 final SSLBufferMode sslBufferMode,
69 final SSLSessionInitializer initializer,
70 final SSLSessionVerifier verifier) {
71 this.sslContext = Args.notNull(sslContext, "SSL context");
72 this.securePortStrategy = securePortStrategy;
73 this.sslBufferMode = sslBufferMode;
74 this.initializer = initializer;
75 this.verifier = verifier;
76 }
77
78
79
80
81 @Deprecated
82 public ConscryptServerTlsStrategy(
83 final SSLContext sslContext,
84 final org.apache.hc.core5.http.nio.ssl.SecurePortStrategy securePortStrategy,
85 final SSLSessionInitializer initializer,
86 final SSLSessionVerifier verifier) {
87 this(sslContext, securePortStrategy, null, initializer, verifier);
88 }
89
90
91
92
93 @Deprecated
94 public ConscryptServerTlsStrategy(
95 final SSLContext sslContext,
96 final org.apache.hc.core5.http.nio.ssl.SecurePortStrategy securePortStrategy,
97 final SSLSessionVerifier verifier) {
98 this(sslContext, securePortStrategy, null, null, verifier);
99 }
100
101
102
103
104 @Deprecated
105 public ConscryptServerTlsStrategy(final SSLContext sslContext,
106 final org.apache.hc.core5.http.nio.ssl.SecurePortStrategy securePortStrategy) {
107 this(sslContext, securePortStrategy, null, null, null);
108 }
109
110
111
112
113 @Deprecated
114 public ConscryptServerTlsStrategy(final SSLContext sslContext, final int... securePorts) {
115 this(sslContext, new org.apache.hc.core5.http.nio.ssl.FixedPortStrategy(securePorts));
116 }
117
118 public ConscryptServerTlsStrategy(
119 final SSLContext sslContext,
120 final SSLBufferMode sslBufferMode,
121 final SSLSessionInitializer initializer,
122 final SSLSessionVerifier verifier) {
123 this.sslContext = Args.notNull(sslContext, "SSL context");
124 this.sslBufferMode = sslBufferMode;
125 this.initializer = initializer;
126 this.verifier = verifier;
127 this.securePortStrategy = null;
128 }
129
130 public ConscryptServerTlsStrategy(
131 final SSLContext sslContext,
132 final SSLSessionInitializer initializer,
133 final SSLSessionVerifier verifier) {
134 this(sslContext, (SSLBufferMode) null, initializer, verifier);
135 }
136
137 public ConscryptServerTlsStrategy(final SSLContext sslContext, final SSLSessionVerifier verifier) {
138 this(sslContext, (SSLBufferMode) null, null, verifier);
139 }
140
141 public ConscryptServerTlsStrategy(final SSLContext sslContext) {
142 this(sslContext, (SSLBufferMode) null, null, null);
143 }
144
145
146
147
148
149
150 public ConscryptServerTlsStrategy() {
151 this(SSLContexts.createSystemDefault(), (SSLBufferMode) null, null, null);
152 }
153
154
155
156
157
158
159
160 public ConscryptServerTlsStrategy(final SSLSessionVerifier verifier) {
161 this(SSLContexts.createSystemDefault(), (SSLBufferMode) null, null, verifier);
162 }
163
164 private boolean isApplicable(final SocketAddress localAddress) {
165 return securePortStrategy == null || securePortStrategy.isSecure(localAddress);
166 }
167
168
169 @Override
170 public void upgrade(
171 final TransportSecurityLayer tlsSession,
172 final NamedEndpoint endpoint,
173 final Object attachment,
174 final Timeout handshakeTimeout,
175 final FutureCallback<TransportSecurityLayer> callback) {
176 tlsSession.startTls(
177 sslContext,
178 endpoint,
179 sslBufferMode,
180 ConscryptSupport.initialize(attachment, initializer),
181 ConscryptSupport.verify(verifier),
182 handshakeTimeout,
183 callback);
184 }
185
186
187
188
189 @Deprecated
190 @Override
191 public boolean upgrade(
192 final TransportSecurityLayer tlsSession,
193 final HttpHost host,
194 final SocketAddress localAddress,
195 final SocketAddress remoteAddress,
196 final Object attachment,
197 final Timeout handshakeTimeout) {
198 if (isApplicable(localAddress)) {
199 upgrade(tlsSession, host, attachment, handshakeTimeout, null);
200 return true;
201 }
202 return false;
203 }
204 }