1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 package org.apache.hc.core5.http.ssl;
29
30 import java.util.ArrayList;
31 import java.util.List;
32
33 import org.apache.hc.core5.annotation.Internal;
34 import org.apache.hc.core5.http.ParseException;
35 import org.apache.hc.core5.http.ProtocolVersion;
36 import org.apache.hc.core5.http.ProtocolVersionParser;
37 import org.apache.hc.core5.util.Tokenizer;
38
39
40
41
42
43
44 public enum TLS {
45
46 V_1_0("TLSv1", new ProtocolVersion("TLS", 1, 0)),
47 V_1_1("TLSv1.1", new ProtocolVersion("TLS", 1, 1)),
48 V_1_2("TLSv1.2", new ProtocolVersion("TLS", 1, 2)),
49 V_1_3("TLSv1.3", new ProtocolVersion("TLS", 1, 3));
50
51 public final String id;
52 public final ProtocolVersion version;
53
54 TLS(final String id, final ProtocolVersion version) {
55 this.id = id;
56 this.version = version;
57 }
58
59 public boolean isSame(final ProtocolVersion protocolVersion) {
60 return version.equals(protocolVersion);
61 }
62
63 public boolean isComparable(final ProtocolVersion protocolVersion) {
64 return version.isComparable(protocolVersion);
65 }
66
67
68
69
70
71
72
73 public String getId() {
74 return id;
75 }
76
77
78
79
80
81
82
83 public ProtocolVersion getVersion() {
84 return version;
85 }
86
87 public boolean greaterEquals(final ProtocolVersion protocolVersion) {
88 return version.greaterEquals(protocolVersion);
89 }
90
91 public boolean lessEquals(final ProtocolVersion protocolVersion) {
92 return version.lessEquals(protocolVersion);
93 }
94
95 @Internal
96 public static ProtocolVersion parse(
97 final CharSequence buffer,
98 final Tokenizer.Cursor cursor,
99 final Tokenizer.Delimiter delimiterPredicate) throws ParseException {
100 final int lowerBound = cursor.getLowerBound();
101 final int upperBound = cursor.getUpperBound();
102
103 int pos = cursor.getPos();
104 if (pos + 4 > cursor.getUpperBound()) {
105 throw new ParseException("Invalid TLS protocol version", buffer, lowerBound, upperBound, pos);
106 }
107 if (buffer.charAt(pos) != 'T' || buffer.charAt(pos + 1) != 'L' || buffer.charAt(pos + 2) != 'S'
108 || buffer.charAt(pos + 3) != 'v') {
109 throw new ParseException("Invalid TLS protocol version", buffer, lowerBound, upperBound, pos);
110 }
111 pos = pos + 4;
112 cursor.updatePos(pos);
113 if (cursor.atEnd()) {
114 throw new ParseException("Invalid TLS version", buffer, lowerBound, upperBound, pos);
115 }
116 return ProtocolVersionParser.INSTANCE.parse("TLS", null, buffer, cursor, delimiterPredicate);
117 }
118
119 public static ProtocolVersion parse(final String s) throws ParseException {
120 if (s == null) {
121 return null;
122 }
123 final Tokenizer.Cursor cursor = new Tokenizer.Cursor(0, s.length());
124 final ProtocolVersion protocolVersion = parse(s, cursor, null);
125 Tokenizer.INSTANCE.skipWhiteSpace(s, cursor);
126 if (!cursor.atEnd()) {
127 throw new ParseException("Invalid TLS protocol version; trailing content");
128 }
129 return protocolVersion;
130 }
131
132 public static String[] excludeWeak(final String... protocols) {
133 if (protocols == null) {
134 return null;
135 }
136 final List<String> enabledProtocols = new ArrayList<>();
137 for (final String protocol : protocols) {
138 if (isSecure(protocol)) {
139 enabledProtocols.add(protocol);
140 }
141 }
142 if (enabledProtocols.isEmpty()) {
143 enabledProtocols.add(V_1_2.id);
144 }
145 return enabledProtocols.toArray(new String[0]);
146 }
147
148
149
150
151
152
153
154
155 public static boolean isSecure(final String protocol) {
156 return !protocol.startsWith("SSL") && !protocol.equals(V_1_0.id) && !protocol.equals(V_1_1.id);
157 }
158
159 }