View Javadoc
1   /*
2    * ====================================================================
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   * ====================================================================
20   *
21   * This software consists of voluntary contributions made by many
22   * individuals on behalf of the Apache Software Foundation.  For more
23   * information on the Apache Software Foundation, please see
24   * <http://www.apache.org/>.
25   *
26   */
27  
28  package org.apache.hc.core5.http.ssl;
29  
30  import java.util.ArrayList;
31  import java.util.List;
32  
33  import org.apache.hc.core5.annotation.Internal;
34  import org.apache.hc.core5.http.ParseException;
35  import org.apache.hc.core5.http.ProtocolVersion;
36  import org.apache.hc.core5.http.ProtocolVersionParser;
37  import org.apache.hc.core5.util.Tokenizer;
38  
39  /**
40   * Supported {@code TLS} protocol versions.
41   *
42   * @since 5.0
43   */
44  public enum TLS {
45  
46      V_1_0("TLSv1",   new ProtocolVersion("TLS", 1, 0)),
47      V_1_1("TLSv1.1", new ProtocolVersion("TLS", 1, 1)),
48      V_1_2("TLSv1.2", new ProtocolVersion("TLS", 1, 2)),
49      V_1_3("TLSv1.3", new ProtocolVersion("TLS", 1, 3));
50  
51      public final String id;
52      public final ProtocolVersion version;
53  
54      TLS(final String id, final ProtocolVersion version) {
55          this.id = id;
56          this.version = version;
57      }
58  
59      public boolean isSame(final ProtocolVersion protocolVersion) {
60          return version.equals(protocolVersion);
61      }
62  
63      public boolean isComparable(final ProtocolVersion protocolVersion) {
64          return version.isComparable(protocolVersion);
65      }
66  
67      /**
68       * Gets the ID.
69       * @return the ID.
70       *
71       * @since 5.2
72       */
73      public String getId() {
74          return id;
75      }
76  
77      /**
78       * Gets the version.
79       * @return the version.
80       *
81       * @since 5.2
82       */
83      public ProtocolVersion getVersion() {
84          return version;
85      }
86  
87      public boolean greaterEquals(final ProtocolVersion protocolVersion) {
88          return version.greaterEquals(protocolVersion);
89      }
90  
91      public boolean lessEquals(final ProtocolVersion protocolVersion) {
92          return version.lessEquals(protocolVersion);
93      }
94  
95      @Internal
96      public static ProtocolVersion parse(
97              final CharSequence buffer,
98              final Tokenizer.Cursor cursor,
99              final Tokenizer.Delimiter delimiterPredicate) throws ParseException {
100         final int lowerBound = cursor.getLowerBound();
101         final int upperBound = cursor.getUpperBound();
102 
103         int pos = cursor.getPos();
104         if (pos + 4 > cursor.getUpperBound()) {
105             throw new ParseException("Invalid TLS protocol version", buffer, lowerBound, upperBound, pos);
106         }
107         if (buffer.charAt(pos) != 'T' || buffer.charAt(pos + 1) != 'L' || buffer.charAt(pos + 2) != 'S'
108                 || buffer.charAt(pos + 3) != 'v') {
109             throw new ParseException("Invalid TLS protocol version", buffer, lowerBound, upperBound, pos);
110         }
111         pos = pos + 4;
112         cursor.updatePos(pos);
113         if (cursor.atEnd()) {
114             throw new ParseException("Invalid TLS version", buffer, lowerBound, upperBound, pos);
115         }
116         return ProtocolVersionParser.INSTANCE.parse("TLS", null, buffer, cursor, delimiterPredicate);
117     }
118 
119     public static ProtocolVersion parse(final String s) throws ParseException {
120         if (s == null) {
121             return null;
122         }
123         final Tokenizer.Cursor cursor = new Tokenizer.Cursor(0, s.length());
124         final ProtocolVersion protocolVersion = parse(s, cursor, null);
125         Tokenizer.INSTANCE.skipWhiteSpace(s, cursor);
126         if (!cursor.atEnd()) {
127             throw new ParseException("Invalid TLS protocol version; trailing content");
128         }
129         return protocolVersion;
130     }
131 
132     public static String[] excludeWeak(final String... protocols) {
133         if (protocols == null) {
134             return null;
135         }
136         final List<String> enabledProtocols = new ArrayList<>();
137         for (final String protocol : protocols) {
138             if (isSecure(protocol)) {
139                 enabledProtocols.add(protocol);
140             }
141         }
142         if (enabledProtocols.isEmpty()) {
143             enabledProtocols.add(V_1_2.id);
144         }
145         return enabledProtocols.toArray(new String[0]);
146     }
147 
148     /**
149      * Check if a given protocol is considered secure and is enabled by default.
150      *
151      * @return {@code true} if the given protocol is secure and enabled, otherwise return {@code
152      * false}.
153      * @since 5.2
154      */
155     public static boolean isSecure(final String protocol) {
156         return !protocol.startsWith("SSL") && !protocol.equals(V_1_0.id) && !protocol.equals(V_1_1.id);
157     }
158 
159 }