View Javadoc
1   /*
2    * ====================================================================
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   * ====================================================================
20   *
21   * This software consists of voluntary contributions made by many
22   * individuals on behalf of the Apache Software Foundation.  For more
23   * information on the Apache Software Foundation, please see
24   * <http://www.apache.org/>.
25   *
26   */
27  
28  package org.apache.hc.core5.http2.ssl;
29  
30  import java.net.SocketAddress;
31  
32  import javax.net.ssl.SSLContext;
33  import javax.net.ssl.SSLParameters;
34  
35  import org.apache.hc.core5.concurrent.FutureCallback;
36  import org.apache.hc.core5.http.HttpHost;
37  import org.apache.hc.core5.http.URIScheme;
38  import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
39  import org.apache.hc.core5.net.NamedEndpoint;
40  import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
41  import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
42  import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier;
43  import org.apache.hc.core5.reactor.ssl.TransportSecurityLayer;
44  import org.apache.hc.core5.ssl.SSLContexts;
45  import org.apache.hc.core5.util.Args;
46  import org.apache.hc.core5.util.Timeout;
47  
48  /**
49   * Basic client-side implementation of {@link TlsStrategy} that upgrades to TLS for all endpoints
50   * with {@code HTTPS} scheme.
51   *
52   * @since 5.0
53   */
54  public class H2ClientTlsStrategy implements TlsStrategy {
55  
56      private final SSLContext sslContext;
57      private final SSLBufferMode sslBufferMode;
58      private final SSLSessionInitializer initializer;
59      private final SSLSessionVerifier verifier;
60  
61      public H2ClientTlsStrategy(
62              final SSLContext sslContext,
63              final SSLBufferMode sslBufferMode,
64              final SSLSessionInitializer initializer,
65              final SSLSessionVerifier verifier) {
66          this.sslContext = Args.notNull(sslContext, "SSL context");
67          this.sslBufferMode = sslBufferMode;
68          this.initializer = initializer;
69          this.verifier = verifier;
70      }
71  
72      public H2ClientTlsStrategy(
73              final SSLContext sslContext,
74              final SSLSessionInitializer initializer,
75              final SSLSessionVerifier verifier) {
76          this(sslContext, null, initializer, verifier);
77      }
78  
79      public H2ClientTlsStrategy(
80              final SSLContext sslContext,
81              final SSLSessionVerifier verifier) {
82          this(sslContext, null, null, verifier);
83      }
84  
85      public H2ClientTlsStrategy(final SSLContext sslContext) {
86          this(sslContext, null, null, null);
87      }
88  
89      public H2ClientTlsStrategy() {
90          this(SSLContexts.createSystemDefault());
91      }
92  
93      /**
94       * Constructor with the default SSL context based on system properties and custom {@link SSLSessionVerifier}.
95       * @param verifier the custom {@link SSLSessionVerifier}.
96       * @see SSLContext
97       * @since 5.2
98       */
99      public H2ClientTlsStrategy( final SSLSessionVerifier verifier) {
100         this(SSLContexts.createSystemDefault(), null, null, verifier);
101     }
102 
103     @Override
104     public void upgrade(
105             final TransportSecurityLayer tlsSession,
106             final NamedEndpoint endpoint,
107             final Object attachment,
108             final Timeout handshakeTimeout,
109             final FutureCallback<TransportSecurityLayer> callback) {
110         tlsSession.startTls(
111                 sslContext,
112                 endpoint,
113                 sslBufferMode,
114                 (e, sslEngine) -> {
115                     final SSLParameters sslParameters = sslEngine.getSSLParameters();
116                     sslParameters.setEndpointIdentificationAlgorithm(URIScheme.HTTPS.id);
117                     sslEngine.setSSLParameters(H2TlsSupport.enforceRequirements(attachment, sslParameters));
118                     if (initializer != null) {
119                         initializer.initialize(e, sslEngine);
120                     }
121                 },
122                 verifier,
123                 handshakeTimeout,
124                 callback);
125     }
126 
127     /**
128      * @deprecated use {@link #upgrade(TransportSecurityLayer, NamedEndpoint, Object, Timeout, FutureCallback)}
129      */
130     @Deprecated
131     @Override
132     public boolean upgrade(
133             final TransportSecurityLayer tlsSession,
134             final HttpHost host,
135             final SocketAddress localAddress,
136             final SocketAddress remoteAddress,
137             final Object attachment,
138             final Timeout handshakeTimeout) {
139         final String scheme = host != null ? host.getSchemeName() : null;
140         if (URIScheme.HTTPS.same(scheme)) {
141             upgrade(tlsSession, host, attachment, handshakeTimeout, null);
142             return true;
143         }
144         return false;
145     }
146 
147 }