1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 package org.apache.hc.core5.http2.ssl;
29
30 import javax.net.ssl.SSLParameters;
31
32 import org.apache.hc.core5.http.ssl.TLS;
33 import org.apache.hc.core5.http.ssl.TlsCiphers;
34 import org.apache.hc.core5.http2.HttpVersionPolicy;
35 import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
36 import org.apache.hc.core5.util.ReflectionUtils;
37
38
39
40
41
42
43 public final class H2TlsSupport {
44
45 public static void setEnableRetransmissions(final SSLParameters sslParameters, final boolean value) {
46 ReflectionUtils.callSetter(sslParameters, "EnableRetransmissions", Boolean.TYPE, value);
47 }
48
49
50
51
52 @Deprecated
53 public static void setApplicationProtocols(final SSLParameters sslParameters, final String[] values) {
54 ReflectionUtils.callSetter(sslParameters, "ApplicationProtocols", String[].class, values);
55 }
56
57 public static String[] selectApplicationProtocols(final Object attachment) {
58 final HttpVersionPolicy versionPolicy = attachment instanceof HttpVersionPolicy ?
59 (HttpVersionPolicy) attachment : HttpVersionPolicy.NEGOTIATE;
60 switch (versionPolicy) {
61 case FORCE_HTTP_1:
62 return new String[] { ApplicationProtocol.HTTP_1_1.id };
63 case FORCE_HTTP_2:
64 return new String[] { ApplicationProtocol.HTTP_2.id };
65 default:
66 return new String[] { ApplicationProtocol.HTTP_2.id, ApplicationProtocol.HTTP_1_1.id };
67 }
68 }
69
70
71
72
73 public static SSLParameters enforceRequirements(
74 final Object attachment,
75 final SSLParameters sslParameters) {
76 sslParameters.setProtocols(TLS.excludeWeak(sslParameters.getProtocols()));
77 sslParameters.setCipherSuites(TlsCiphers.excludeH2Blacklisted(sslParameters.getCipherSuites()));
78 setEnableRetransmissions(sslParameters, false);
79 sslParameters.setApplicationProtocols(selectApplicationProtocols(attachment));
80 return sslParameters;
81 }
82
83 public static SSLSessionInitializer enforceRequirements(
84 final Object attachment,
85 final SSLSessionInitializer initializer) {
86 return (endpoint, sslEngine) -> {
87 sslEngine.setSSLParameters(enforceRequirements(attachment, sslEngine.getSSLParameters()));
88 if (initializer != null) {
89 initializer.initialize(endpoint, sslEngine);
90 }
91 };
92 }
93
94 }