1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 package org.apache.hc.core5.http.nio.ssl;
29
30 import java.net.SocketAddress;
31
32 import javax.net.ssl.SSLContext;
33 import javax.net.ssl.SSLParameters;
34
35 import org.apache.hc.core5.concurrent.FutureCallback;
36 import org.apache.hc.core5.http.HttpHost;
37 import org.apache.hc.core5.http.URIScheme;
38 import org.apache.hc.core5.net.NamedEndpoint;
39 import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
40 import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
41 import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier;
42 import org.apache.hc.core5.reactor.ssl.TransportSecurityLayer;
43 import org.apache.hc.core5.ssl.SSLContexts;
44 import org.apache.hc.core5.util.Args;
45 import org.apache.hc.core5.util.Timeout;
46
47
48
49
50
51
52
53 public class BasicClientTlsStrategy implements TlsStrategy {
54
55 private final SSLContext sslContext;
56 private final SSLBufferMode sslBufferMode;
57 private final SSLSessionInitializer initializer;
58 private final SSLSessionVerifier verifier;
59
60 public BasicClientTlsStrategy(
61 final SSLContext sslContext,
62 final SSLBufferMode sslBufferMode,
63 final SSLSessionInitializer initializer,
64 final SSLSessionVerifier verifier) {
65 this.sslContext = Args.notNull(sslContext, "SSL context");
66 this.sslBufferMode = sslBufferMode;
67 this.initializer = initializer;
68 this.verifier = verifier;
69 }
70
71 public BasicClientTlsStrategy(
72 final SSLContext sslContext,
73 final SSLSessionInitializer initializer,
74 final SSLSessionVerifier verifier) {
75 this(sslContext, null, initializer, verifier);
76 }
77
78 public BasicClientTlsStrategy(
79 final SSLContext sslContext,
80 final SSLSessionVerifier verifier) {
81 this(sslContext, null, null, verifier);
82 }
83
84 public BasicClientTlsStrategy(final SSLContext sslContext) {
85 this(sslContext, null, null, null);
86 }
87
88 public BasicClientTlsStrategy() {
89 this(SSLContexts.createSystemDefault());
90 }
91
92
93
94
95
96
97
98 public BasicClientTlsStrategy(final SSLSessionVerifier verifier) {
99 this(SSLContexts.createSystemDefault(), verifier);
100 }
101
102 @Override
103 public void upgrade(
104 final TransportSecurityLayer tlsSession,
105 final NamedEndpoint endpoint,
106 final Object attachment,
107 final Timeout handshakeTimeout,
108 final FutureCallback<TransportSecurityLayer> callback) {
109 tlsSession.startTls(
110 sslContext,
111 endpoint,
112 sslBufferMode,
113 (e, sslEngine) -> {
114 final SSLParameters sslParameters = sslEngine.getSSLParameters();
115 sslParameters.setEndpointIdentificationAlgorithm(URIScheme.HTTPS.id);
116 sslEngine.setSSLParameters(TlsSupport.enforceStrongSecurity(sslParameters));
117 if (initializer != null) {
118 initializer.initialize(e, sslEngine);
119 }
120 },
121 verifier,
122 handshakeTimeout,
123 callback);
124 }
125
126
127
128
129 @Deprecated
130 @Override
131 public boolean upgrade(
132 final TransportSecurityLayer tlsSession,
133 final HttpHost host,
134 final SocketAddress localAddress,
135 final SocketAddress remoteAddress,
136 final Object attachment,
137 final Timeout handshakeTimeout) {
138 final String scheme = host != null ? host.getSchemeName() : null;
139 if (URIScheme.HTTPS.same(scheme)) {
140 upgrade(tlsSession, host, attachment, handshakeTimeout, null);
141 return true;
142 }
143 return false;
144 }
145
146 }