Apache
/
httpcomponents-client
mirror of https://github.com/apache/httpcomponents-client.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added builders for SSLConnectionSocketFactory and client TlsStrategy

This commit is contained in:
Oleg Kalnichevski 2018-10-21 12:08:28 +02:00
parent 1eab98760b
commit 309afeff07
24 changed files with 527 additions and 212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
httpclient5-testing/src/test/java/org/apache/hc/client5/testing/async/AbstractHttp1IntegrationTestBase.java
View File

@ -35,7 +35,7 @@ import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient;
import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.client5.testing.SSLTestContexts;
import org.apache.hc.core5.function.Decorator;
import org.apache.hc.core5.http.HttpHost;
@ -69,7 +69,7 @@ public abstract class AbstractHttp1IntegrationTestBase extends AbstractServerTes
@Override
protected void before() throws Throwable {
connManager = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(new H2TlsStrategy(SSLTestContexts.createClientSSLContext()))
.setTlsStrategy(new DefaultClientTlsStrategy(SSLTestContexts.createClientSSLContext()))
.build();
}

4
httpclient5-testing/src/test/java/org/apache/hc/client5/testing/async/TestHttp1Async.java
View File

@ -39,7 +39,7 @@ import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder;
import org.apache.hc.client5.http.impl.async.HttpAsyncClients;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.client5.testing.SSLTestContexts;
import org.apache.hc.core5.http.HeaderElements;
import org.apache.hc.core5.http.HttpHeaders;
@ -74,7 +74,7 @@ public class TestHttp1Async extends AbstractHttpAsyncFundamentalsTest<CloseableH
@Override
protected void before() throws Throwable {
connManager = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(new H2TlsStrategy(SSLTestContexts.createClientSSLContext()))
.setTlsStrategy(new DefaultClientTlsStrategy(SSLTestContexts.createClientSSLContext()))
.build();
}

4
httpclient5-testing/src/test/java/org/apache/hc/client5/testing/async/TestHttp1AsyncRedirects.java
View File

@ -43,7 +43,7 @@ import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.client5.testing.SSLTestContexts;
import org.apache.hc.core5.function.Supplier;
import org.apache.hc.core5.http.ContentType;
@ -95,7 +95,7 @@ public class TestHttp1AsyncRedirects extends AbstractHttpAsyncRedirectsTest<Clos
@Override
protected void before() throws Throwable {
connManager = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(new H2TlsStrategy(SSLTestContexts.createClientSSLContext()))
.setTlsStrategy(new DefaultClientTlsStrategy(SSLTestContexts.createClientSSLContext()))
.build();
}

4
httpclient5-testing/src/test/java/org/apache/hc/client5/testing/async/TestHttp1AsyncStatefulConnManagement.java
View File

@ -39,7 +39,7 @@ import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.client5.testing.SSLTestContexts;
import org.apache.hc.core5.function.Supplier;
import org.apache.hc.core5.http.ContentType;
@ -69,7 +69,7 @@ public class TestHttp1AsyncStatefulConnManagement extends AbstractIntegrationTes
@Override
protected void before() throws Throwable {
connManager = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(new H2TlsStrategy(SSLTestContexts.createClientSSLContext()))
.setTlsStrategy(new DefaultClientTlsStrategy(SSLTestContexts.createClientSSLContext()))
.build();
}

4
httpclient5-testing/src/test/java/org/apache/hc/client5/testing/async/TestHttp1ClientAuthentication.java
View File

@ -42,7 +42,7 @@ import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.client5.testing.BasicTestAuthenticator;
import org.apache.hc.client5.testing.SSLTestContexts;
import org.apache.hc.core5.function.Decorator;
@ -85,7 +85,7 @@ public class TestHttp1ClientAuthentication extends AbstractHttpAsyncClientAuthen
@Override
protected void before() throws Throwable {
connManager = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(new H2TlsStrategy(SSLTestContexts.createClientSSLContext()))
.setTlsStrategy(new DefaultClientTlsStrategy(SSLTestContexts.createClientSSLContext()))
.build();
}

4
httpclient5-testing/src/test/java/org/apache/hc/client5/testing/async/TestHttp2AsyncMinimal.java
View File

@ -31,7 +31,7 @@ import java.util.Collection;
import org.apache.hc.client5.http.impl.async.HttpAsyncClients;
import org.apache.hc.client5.http.impl.async.MinimalHttp2AsyncClient;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.client5.testing.SSLTestContexts;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.URIScheme;
@ -61,7 +61,7 @@ public class TestHttp2AsyncMinimal extends AbstractHttpAsyncFundamentalsTest<Min
.setSoTimeout(TIMEOUT)
.build();
return HttpAsyncClients.createHttp2Minimal(
H2Config.DEFAULT, ioReactorConfig, new H2TlsStrategy(SSLTestContexts.createClientSSLContext()));
H2Config.DEFAULT, ioReactorConfig, new DefaultClientTlsStrategy(SSLTestContexts.createClientSSLContext()));
}
@Override

4
httpclient5-testing/src/test/java/org/apache/hc/client5/testing/async/TestHttp2AsyncRedirect.java
View File

@ -32,7 +32,7 @@ import java.util.Collection;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient;
import org.apache.hc.client5.http.impl.async.Http2AsyncClientBuilder;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.client5.testing.SSLTestContexts;
import org.apache.hc.core5.http.HttpVersion;
import org.apache.hc.core5.http.URIScheme;
@ -68,7 +68,7 @@ public class TestHttp2AsyncRedirect extends AbstractHttpAsyncRedirectsTest<Close
.setConnectionTimeout(TIMEOUT)
.setConnectionRequestTimeout(TIMEOUT)
.build())
.setTlsStrategy(new H2TlsStrategy(SSLTestContexts.createClientSSLContext()));
.setTlsStrategy(new DefaultClientTlsStrategy(SSLTestContexts.createClientSSLContext()));
}
};

4
httpclient5-testing/src/test/java/org/apache/hc/client5/testing/async/TestHttp2ClientAuthentication.java
View File

@ -35,7 +35,7 @@ import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient;
import org.apache.hc.client5.http.impl.async.Http2AsyncClientBuilder;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.client5.testing.SSLTestContexts;
import org.apache.hc.core5.http.HttpVersion;
import org.apache.hc.core5.http.URIScheme;
@ -69,7 +69,7 @@ public class TestHttp2ClientAuthentication extends AbstractHttpAsyncClientAuthen
.setConnectionTimeout(TIMEOUT)
.setConnectionRequestTimeout(TIMEOUT)
.build())
.setTlsStrategy(new H2TlsStrategy(SSLTestContexts.createClientSSLContext()));
.setTlsStrategy(new DefaultClientTlsStrategy(SSLTestContexts.createClientSSLContext()));
}
};

4
httpclient5-testing/src/test/java/org/apache/hc/client5/testing/async/TestHttpAsyncMinimal.java
View File

@ -40,7 +40,7 @@ import org.apache.hc.client5.http.impl.async.MinimalHttpAsyncClient;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.client5.testing.SSLTestContexts;
import org.apache.hc.core5.http.ContentType;
import org.apache.hc.core5.http.HttpHost;
@ -84,7 +84,7 @@ public class TestHttpAsyncMinimal extends AbstractHttpAsyncFundamentalsTest<Mini
@Override
protected MinimalHttpAsyncClient createClient() throws Exception {
final PoolingAsyncClientConnectionManager connectionManager = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(new H2TlsStrategy(SSLTestContexts.createClientSSLContext()))
.setTlsStrategy(new DefaultClientTlsStrategy(SSLTestContexts.createClientSSLContext()))
.build();
final IOReactorConfig ioReactorConfig = IOReactorConfig.custom()
.setSoTimeout(TIMEOUT)

4
httpclient5-testing/src/test/java/org/apache/hc/client5/testing/external/CachingHttpAsyncClientCompatibilityTest.java vendored
View File

@ -48,7 +48,7 @@ import org.apache.hc.client5.http.impl.cache.CachingHttpAsyncClients;
import org.apache.hc.client5.http.impl.cache.HeapResourceFactory;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.core5.http.Header;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.HttpRequest;
@ -91,7 +91,7 @@ public class CachingHttpAsyncClientCompatibilityTest {
final SSLContext sslContext = SSLContexts.custom()
.loadTrustMaterial(getClass().getResource("/test-ca.keystore"), "nopassword".toCharArray()).build();
this.connManager = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(new H2TlsStrategy(sslContext))
.setTlsStrategy(new DefaultClientTlsStrategy(sslContext))
.build();
this.client = CachingHttpAsyncClients.custom()
.setCacheConfig(CacheConfig.custom()

4
httpclient5-testing/src/test/java/org/apache/hc/client5/testing/external/HttpAsyncClientCompatibilityTest.java vendored
View File

@ -46,7 +46,7 @@ import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.core5.http.HeaderElements;
import org.apache.hc.core5.http.HttpHeaders;
import org.apache.hc.core5.http.HttpHost;
@ -126,7 +126,7 @@ public class HttpAsyncClientCompatibilityTest {
final SSLContext sslContext = SSLContexts.custom()
.loadTrustMaterial(getClass().getResource("/test-ca.keystore"), "nopassword".toCharArray()).build();
this.connManager = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(new H2TlsStrategy(sslContext))
.setTlsStrategy(new DefaultClientTlsStrategy(sslContext))
.build();
this.client = HttpAsyncClients.custom()
.setVersionPolicy(this.protocolVersion == HttpVersion.HTTP_2 ? HttpVersionPolicy.FORCE_HTTP_2 : HttpVersionPolicy.FORCE_HTTP_1)

13
httpclient5-testing/src/test/java/org/apache/hc/client5/testing/sync/TestSSLSocketFactory.java
View File

@ -45,6 +45,7 @@ import javax.net.ssl.SSLSocket;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
import org.apache.hc.client5.http.ssl.TrustAllStrategy;
import org.apache.hc.client5.http.ssl.TrustSelfSignedStrategy;
import org.apache.hc.client5.testing.SSLTestContexts;
@ -128,12 +129,18 @@ public class TestSSLSocketFactory {
this.server.start();
final HttpContext context = new BasicHttpContext();
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLTestContexts.createClientSSLContext(), SSLConnectionSocketFactory.getDefaultHostnameVerifier());
final SSLConnectionSocketFactory socketFactory = SSLConnectionSocketFactoryBuilder.create()
.setSslContext(SSLTestContexts.createClientSSLContext())
.build();
try (final Socket socket = socketFactory.createSocket(context)) {
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
try (SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(TimeValue.ZERO_MILLISECONDS, socket, target, remoteAddress, null,
try (final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(
TimeValue.ZERO_MILLISECONDS,
socket,
target,
remoteAddress,
null,
context)) {
final SSLSession sslsession = sslSocket.getSession();

26
httpclient5/src/examples/org/apache/hc/client5/http/examples/AsyncClientCustomSSL.java
View File

@ -43,7 +43,7 @@ import org.apache.hc.client5.http.impl.async.HttpAsyncClients;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
import org.apache.hc.core5.concurrent.FutureCallback;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
@ -72,18 +72,22 @@ public class AsyncClientCustomSSL {
})
.build();
final TlsStrategy tlsStrategy = new H2TlsStrategy(
sslcontext,
H2TlsStrategy.getDefaultHostnameVerifier()) {
final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create()
.setSslContext(sslcontext)
// IMPORTANT uncomment the following method when running Java 9 or older
// in order for ALPN support to work and avoid the illegal reflective
// access operation warning
/*
.setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
// IMPORTANT uncomment the following method when running Java 9 or older
// in order to avoid the illegal reflective access operation warning
// @Override
// protected TlsDetails createTlsDetails(final SSLEngine sslEngine) {
// return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
// }
@Override
public TlsDetails create(final SSLEngine sslEngine) {
return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
}
})
*/
.build();
};
final PoolingAsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(tlsStrategy)
.build();

28
httpclient5/src/examples/org/apache/hc/client5/http/examples/AsyncClientTlsAlpn.java
View File

@ -40,13 +40,12 @@ import org.apache.hc.client5.http.impl.async.HttpAsyncClients;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
import org.apache.hc.core5.concurrent.FutureCallback;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
import org.apache.hc.core5.http2.HttpVersionPolicy;
import org.apache.hc.core5.io.CloseMode;
import org.apache.hc.core5.ssl.SSLContexts;
/**
* This example demonstrates how to avoid the illegal reflective access operation warning
@ -55,18 +54,21 @@ import org.apache.hc.core5.ssl.SSLContexts;
public class AsyncClientTlsAlpn {
public final static void main(final String[] args) throws Exception {
final TlsStrategy tlsStrategy = new H2TlsStrategy(
SSLContexts.createSystemDefault(),
H2TlsStrategy.getDefaultHostnameVerifier()) {
final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create()
.useSystemProperties()
// IMPORTANT uncomment the following method when running Java 9 or older
// in order for ALPN support to work and avoid the illegal reflective
// access operation warning
/*
.setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
// IMPORTANT uncomment the following method when running Java 9 or older
// in order to avoid the illegal reflective access operation warning
// @Override
// protected TlsDetails createTlsDetails(final SSLEngine sslEngine) {
// return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
// }
};
@Override
public TlsDetails create(final SSLEngine sslEngine) {
return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
}
})
*/
.build();
final PoolingAsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(tlsStrategy)
.build();

13
httpclient5/src/examples/org/apache/hc/client5/http/examples/ClientCustomSSL.java
View File

@ -40,6 +40,8 @@ import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuil
import org.apache.hc.client5.http.io.HttpClientConnectionManager;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
import org.apache.hc.client5.http.ssl.TLS;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.ssl.SSLContexts;
import org.apache.hc.core5.ssl.TrustStrategy;
@ -66,13 +68,12 @@ public class ClientCustomSSL {
})
.build();
// Allow TLSv1.2 protocol only
final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext,
new String[] { "TLSv1.2" },
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
final SSLConnectionSocketFactory sslSocketFactory = SSLConnectionSocketFactoryBuilder.create()
.setSslContext(SSLContexts.createSystemDefault())
.setTlsVersions(TLS.V_1_2)
.build();
final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create()
.setSSLSocketFactory(sslsf)
.setSSLSocketFactory(sslSocketFactory)
.build();
try (CloseableHttpClient httpclient = HttpClients.custom()
.setConnectionManager(cm)

8
httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/Http2AsyncClientBuilder.java
View File

@ -45,9 +45,9 @@ import org.apache.hc.client5.http.SchemePortResolver;
import org.apache.hc.client5.http.SystemDefaultDnsResolver;
import org.apache.hc.client5.http.async.AsyncExecChainHandler;
import org.apache.hc.client5.http.auth.AuthSchemeProvider;
import org.apache.hc.client5.http.auth.AuthSchemes;
import org.apache.hc.client5.http.auth.CredentialsProvider;
import org.apache.hc.client5.http.auth.KerberosConfig;
import org.apache.hc.client5.http.auth.AuthSchemes;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.cookie.BasicCookieStore;
import org.apache.hc.client5.http.cookie.CookieSpecProvider;
@ -75,7 +75,7 @@ import org.apache.hc.client5.http.protocol.RequestDefaultHeaders;
import org.apache.hc.client5.http.protocol.RequestExpectContinue;
import org.apache.hc.client5.http.protocol.ResponseProcessCookies;
import org.apache.hc.client5.http.routing.HttpRoutePlanner;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.core5.annotation.Internal;
import org.apache.hc.core5.concurrent.DefaultThreadFactory;
import org.apache.hc.core5.function.Callback;
@ -795,9 +795,9 @@ public class Http2AsyncClientBuilder {
TlsStrategy tlsStrategyCopy = this.tlsStrategy;
if (tlsStrategyCopy == null) {
if (systemProperties) {
tlsStrategyCopy = H2TlsStrategy.getSystemDefault();
tlsStrategyCopy = DefaultClientTlsStrategy.getSystemDefault();
} else {
tlsStrategyCopy = H2TlsStrategy.getDefault();
tlsStrategyCopy = DefaultClientTlsStrategy.getDefault();
}
}

4
httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClients.java
View File

@ -33,7 +33,7 @@ import org.apache.hc.client5.http.SystemDefaultDnsResolver;
import org.apache.hc.client5.http.impl.DefaultSchemePortResolver;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.nio.AsyncClientConnectionManager;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.core5.concurrent.DefaultThreadFactory;
import org.apache.hc.core5.http.HttpException;
import org.apache.hc.core5.http.HttpRequest;
@ -286,7 +286,7 @@ public final class HttpAsyncClients {
public static MinimalHttp2AsyncClient createHttp2Minimal(
final H2Config h2Config,
final IOReactorConfig ioReactorConfig) {
return createHttp2Minimal(h2Config, ioReactorConfig, H2TlsStrategy.getDefault());
return createHttp2Minimal(h2Config, ioReactorConfig, DefaultClientTlsStrategy.getDefault());
}
/**

4
httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/PoolingAsyncClientConnectionManager.java
View File

@ -43,7 +43,7 @@ import org.apache.hc.client5.http.nio.AsyncClientConnectionManager;
import org.apache.hc.client5.http.nio.AsyncClientConnectionOperator;
import org.apache.hc.client5.http.nio.AsyncConnectionEndpoint;
import org.apache.hc.client5.http.nio.ManagedAsyncClientConnection;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.core5.annotation.Contract;
import org.apache.hc.core5.annotation.Internal;
import org.apache.hc.core5.annotation.ThreadingBehavior;
@ -116,7 +116,7 @@ public class PoolingAsyncClientConnectionManager implements AsyncClientConnectio
public PoolingAsyncClientConnectionManager() {
this(RegistryBuilder.<TlsStrategy>create()
.register("https", H2TlsStrategy.getDefault())
.register("https", DefaultClientTlsStrategy.getDefault())
.build());
}

18
httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/PoolingAsyncClientConnectionManagerBuilder.java
View File

@ -27,12 +27,9 @@
package org.apache.hc.client5.http.impl.nio;
import java.security.AccessController;
import java.security.PrivilegedAction;
import org.apache.hc.client5.http.DnsResolver;
import org.apache.hc.client5.http.SchemePortResolver;
import org.apache.hc.client5.http.ssl.H2TlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.core5.http.config.RegistryBuilder;
import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
import org.apache.hc.core5.pool.PoolConcurrencyPolicy;
@ -178,15 +175,12 @@ public class PoolingAsyncClientConnectionManagerBuilder {
final TlsStrategy tlsStrategyCopy;
if (tlsStrategy != null) {
tlsStrategyCopy = tlsStrategy;
} else if (systemProperties) {
tlsStrategyCopy = AccessController.doPrivileged(new PrivilegedAction<TlsStrategy>() {
@Override
public TlsStrategy run() {
return H2TlsStrategy.getSystemDefault();
}
});
} else {
tlsStrategyCopy = H2TlsStrategy.getDefault();
if (systemProperties) {
tlsStrategyCopy = DefaultClientTlsStrategy.getSystemDefault();
} else {
tlsStrategyCopy = DefaultClientTlsStrategy.getDefault();
}
}
final PoolingAsyncClientConnectionManager poolingmgr = new PoolingAsyncClientConnectionManager(
RegistryBuilder.<TlsStrategy>create()

176
httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ClientTlsStrategyBuilder.java Normal file
View File

@ -0,0 +1,176 @@
/*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.hc.client5.http.ssl;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.apache.hc.core5.function.Factory;
import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
import org.apache.hc.core5.reactor.ssl.TlsDetails;
import org.apache.hc.core5.ssl.SSLContexts;
/**
* Builder for client {@link TlsStrategy} instances.
* <p>
* When a particular component is not explicitly set this class will
* use its default implementation. System properties will be taken
* into account when configuring the default implementations when
* {@link #useSystemProperties()} method is called prior to calling
* {@link #build()}.
* </p>
* <ul>
* <li>ssl.TrustManagerFactory.algorithm</li>
* <li>javax.net.ssl.trustStoreType</li>
* <li>javax.net.ssl.trustStore</li>
* <li>javax.net.ssl.trustStoreProvider</li>
* <li>javax.net.ssl.trustStorePassword</li>
* <li>ssl.KeyManagerFactory.algorithm</li>
* <li>javax.net.ssl.keyStoreType</li>
* <li>javax.net.ssl.keyStore</li>
* <li>javax.net.ssl.keyStoreProvider</li>
* <li>javax.net.ssl.keyStorePassword</li>
* <li>https.protocols</li>
* <li>https.cipherSuites</li>
* </ul>
*
* @since 5.0
*/
public class ClientTlsStrategyBuilder {
public static ClientTlsStrategyBuilder create() {
return new ClientTlsStrategyBuilder();
}
private SSLContext sslContext;
private String[] tlsVersions;
private String[] ciphers;
private SSLBufferMode sslBufferMode;
private HostnameVerifier hostnameVerifier;
private Factory<SSLEngine, TlsDetails> tlsDetailsFactory;
private boolean systemProperties;
/**
* Assigns {@link SSLContext} instance.
*/
public ClientTlsStrategyBuilder setSslContext(final SSLContext sslContext) {
this.sslContext = sslContext;
return this;
}
/**
* Assigns enabled {@code TLS} versions.
*/
public final ClientTlsStrategyBuilder setTlsVersions(final String... tlslVersions) {
this.tlsVersions = tlslVersions;
return this;
}
/**
* Assigns enabled {@code TLS} versions.
*/
public final ClientTlsStrategyBuilder setTlsVersions(final TLS... tlslVersions) {
this.tlsVersions = new String[tlslVersions.length];
for (int i = 0; i < tlslVersions.length; i++) {
this.tlsVersions[i] = tlslVersions[i].ident;
}
return this;
}
/**
* Assigns enabled ciphers.
*/
public final ClientTlsStrategyBuilder setCiphers(final String... ciphers) {
this.ciphers = ciphers;
return this;
}
/**
* Assigns {@link SSLBufferMode} value.
*/
public ClientTlsStrategyBuilder setSslBufferMode(final SSLBufferMode sslBufferMode) {
this.sslBufferMode = sslBufferMode;
return this;
}
/**
* Assigns {@link HostnameVerifier} instance.
*/
public ClientTlsStrategyBuilder setHostnameVerifier(final HostnameVerifier hostnameVerifier) {
this.hostnameVerifier = hostnameVerifier;
return this;
}
/**
* Assigns {@link TlsDetails} {@link Factory} instance.
*/
public ClientTlsStrategyBuilder setTlsDetailsFactory(final Factory<SSLEngine, TlsDetails> tlsDetailsFactory) {
this.tlsDetailsFactory = tlsDetailsFactory;
return this;
}
/**
* Use system properties when creating and configuring default
* implementations.
*/
public final ClientTlsStrategyBuilder useSystemProperties() {
this.systemProperties = true;
return this;
}
public TlsStrategy build() {
final SSLContext sslContextCopy;
if (sslContext != null) {
sslContextCopy = sslContext;
} else {
sslContextCopy = systemProperties ? SSLContexts.createSystemDefault() : SSLContexts.createDefault();
}
final String[] tlsVersionsCopy;
if (tlsVersions != null) {
tlsVersionsCopy = tlsVersions;
} else {
tlsVersionsCopy = systemProperties ? HttpsSupport.getSystemProtocols() : null;
}
final String[] ciphersCopy;
if (ciphers != null) {
ciphersCopy = ciphers;
} else {
ciphersCopy = systemProperties ? HttpsSupport.getSystemCipherSuits() : null;
}
return new DefaultClientTlsStrategy(
sslContextCopy,
tlsVersionsCopy,
ciphersCopy,
sslBufferMode != null ? sslBufferMode : SSLBufferMode.STATIC,
hostnameVerifier != null ? hostnameVerifier : HttpsSupport.getDefaultHostnameVerifier(),
tlsDetailsFactory);
}
}

74
httpclient5/src/main/java/org/apache/hc/client5/http/ssl/H2TlsStrategy.java → httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultClientTlsStrategy.java
View File

@ -28,8 +28,6 @@
package org.apache.hc.client5.http.ssl;
import java.net.SocketAddress;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
import javax.net.ssl.HostnameVerifier;
@ -38,9 +36,9 @@ import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import org.apache.hc.client5.http.psl.PublicSuffixMatcherLoader;
import org.apache.hc.core5.annotation.Contract;
import org.apache.hc.core5.annotation.ThreadingBehavior;
import org.apache.hc.core5.function.Factory;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
import org.apache.hc.core5.http2.ssl.H2TlsSupport;
@ -52,50 +50,30 @@ import org.apache.hc.core5.reactor.ssl.TlsDetails;
import org.apache.hc.core5.reactor.ssl.TransportSecurityLayer;
import org.apache.hc.core5.ssl.SSLContexts;
import org.apache.hc.core5.util.Args;
import org.apache.hc.core5.util.TextUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Default SSL upgrade strategy for non-blocking connections.
* Default SSL upgrade strategy for non-blocking client connections.
*
* @since 5.0
*/
@Contract(threading = ThreadingBehavior.STATELESS)
public class H2TlsStrategy implements TlsStrategy {
private static String[] split(final String s) {
if (TextUtils.isBlank(s)) {
return null;
}
return s.split(" *, *");
}
private static String getProperty(final String key) {
return AccessController.doPrivileged(new PrivilegedAction<String>() {
@Override
public String run() {
return System.getProperty(key);
}
});
}
public static HostnameVerifier getDefaultHostnameVerifier() {
return new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault());
}
public class DefaultClientTlsStrategy implements TlsStrategy {
public static TlsStrategy getDefault() {
return new H2TlsStrategy(
return new DefaultClientTlsStrategy(
SSLContexts.createDefault(),
getDefaultHostnameVerifier());
HttpsSupport.getDefaultHostnameVerifier());
}
public static TlsStrategy getSystemDefault() {
return new H2TlsStrategy(
return new DefaultClientTlsStrategy(
SSLContexts.createSystemDefault(),
split(getProperty("https.protocols")),
split(getProperty("https.cipherSuites")),
HttpsSupport.getSystemProtocols(),
HttpsSupport.getSystemCipherSuits(),
SSLBufferMode.STATIC,
getDefaultHostnameVerifier());
HttpsSupport.getDefaultHostnameVerifier());
}
private final Logger log = LoggerFactory.getLogger(getClass());
@ -105,31 +83,43 @@ public class H2TlsStrategy implements TlsStrategy {
private final String[] supportedCipherSuites;
private final SSLBufferMode sslBufferManagement;
private final HostnameVerifier hostnameVerifier;
private final Factory<SSLEngine, TlsDetails> tlsDetailsFactory;
private final TlsSessionValidator tlsSessionValidator;
public H2TlsStrategy(
public DefaultClientTlsStrategy(
final SSLContext sslContext,
final String[] supportedProtocols,
final String[] supportedCipherSuites,
final SSLBufferMode sslBufferManagement,
final HostnameVerifier hostnameVerifier) {
final HostnameVerifier hostnameVerifier,
final Factory<SSLEngine, TlsDetails> tlsDetailsFactory) {
super();
this.sslContext = Args.notNull(sslContext, "SSL context");
this.supportedProtocols = supportedProtocols;
this.supportedCipherSuites = supportedCipherSuites;
this.sslBufferManagement = sslBufferManagement != null ? sslBufferManagement : SSLBufferMode.STATIC;
this.hostnameVerifier = hostnameVerifier != null ? hostnameVerifier : getDefaultHostnameVerifier();
this.hostnameVerifier = hostnameVerifier != null ? hostnameVerifier : HttpsSupport.getDefaultHostnameVerifier();
this.tlsDetailsFactory = tlsDetailsFactory;
this.tlsSessionValidator = new TlsSessionValidator(log);
}
public H2TlsStrategy(
final SSLContext sslcontext,
public DefaultClientTlsStrategy(
final SSLContext sslContext,
final String[] supportedProtocols,
final String[] supportedCipherSuites,
final SSLBufferMode sslBufferManagement,
final HostnameVerifier hostnameVerifier) {
this(sslcontext, null, null, SSLBufferMode.STATIC, hostnameVerifier);
this(sslContext, supportedProtocols, supportedCipherSuites, sslBufferManagement, hostnameVerifier, null);
}
public H2TlsStrategy(final SSLContext sslcontext) {
this(sslcontext, getDefaultHostnameVerifier());
public DefaultClientTlsStrategy(
final SSLContext sslcontext,
final HostnameVerifier hostnameVerifier) {
this(sslcontext, null, null, SSLBufferMode.STATIC, hostnameVerifier, null);
}
public DefaultClientTlsStrategy(final SSLContext sslcontext) {
this(sslcontext, HttpsSupport.getDefaultHostnameVerifier());
}
@Override
@ -162,17 +152,13 @@ public class H2TlsStrategy implements TlsStrategy {
@Override
public TlsDetails verify(final NamedEndpoint endpoint, final SSLEngine sslEngine) throws SSLException {
verifySession(host.getHostName(), sslEngine.getSession());
return createTlsDetails(sslEngine);
return tlsDetailsFactory != null ? tlsDetailsFactory.create(sslEngine) : null;
}
});
return true;
}
protected TlsDetails createTlsDetails(final SSLEngine sslEngine) {
return null;
}
protected void initializeEngine(final SSLEngine sslEngine) {
}

75
httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpsSupport.java Normal file
View File

@ -0,0 +1,75 @@
/*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.hc.client5.http.ssl;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.net.ssl.HostnameVerifier;
import org.apache.hc.client5.http.psl.PublicSuffixMatcherLoader;
import org.apache.hc.core5.util.TextUtils;
/**
* HTTPS configuration support methods.
*
* @since 5.0
*/
public final class HttpsSupport {
private static String[] split(final String s) {
if (TextUtils.isBlank(s)) {
return null;
}
return s.split(" *, *");
}
private static String getProperty(final String key) {
return AccessController.doPrivileged(new PrivilegedAction<String>() {
@Override
public String run() {
return System.getProperty(key);
}
});
}
public static String[] getSystemProtocols() {
return split(getProperty("https.protocols"));
}
public static String[] getSystemCipherSuits() {
return split(getProperty("https.cipherSuites"));
}
public static HostnameVerifier getDefaultHostnameVerifier() {
return new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault());
}
}

100
httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactory.java
View File

@ -43,7 +43,6 @@ import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.apache.hc.client5.http.psl.PublicSuffixMatcherLoader;
import org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory;
import org.apache.hc.core5.annotation.Contract;
import org.apache.hc.core5.annotation.ThreadingBehavior;
@ -53,7 +52,6 @@ import org.apache.hc.core5.io.Closer;
import org.apache.hc.core5.ssl.SSLContexts;
import org.apache.hc.core5.ssl.SSLInitializationException;
import org.apache.hc.core5.util.Args;
import org.apache.hc.core5.util.TextUtils;
import org.apache.hc.core5.util.TimeValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -63,91 +61,14 @@ import org.slf4j.LoggerFactory;
* <p>
* SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of
* trusted certificates and to authenticate to the HTTPS server using a private key.
* <p>
* SSLSocketFactory will enable server authentication when supplied with
* a {@link java.security.KeyStore trust-store} file containing one or several trusted certificates. The client
* secure socket will reject the connection during the SSL session handshake if the target HTTPS
* server attempts to authenticate itself with a non-trusted certificate.
* <p>
* Use JDK keytool utility to import a trusted certificate and generate a trust-store file:
* <pre>
* keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
* </pre>
* <p>
* In special cases the standard trust verification process can be bypassed by using a custom
* {@link org.apache.hc.core5.ssl.TrustStrategy}. This interface is primarily intended for allowing self-signed
* certificates to be accepted as trusted without having to add them to the trust-store file.
* <p>
* SSLSocketFactory will enable client authentication when supplied with
* a {@link java.security.KeyStore key-store} file containing a private key/public certificate
* pair. The client secure socket will use the private key to authenticate
* itself to the target HTTPS server during the SSL session handshake if
* requested to do so by the server.
* The target HTTPS server will in its turn verify the certificate presented
* by the client in order to establish client's authenticity.
* <p>
* Use the following sequence of actions to generate a key-store file
* </p>
* <ul>
* <li>
* <p>
* Use JDK keytool utility to generate a new key
* </p>
* <pre>keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore</pre>
* <p>
* For simplicity use the same password for the key as that of the key-store
* </p>
* </li>
* <li>
* <p>
* Issue a certificate signing request (CSR)
* </p>
* <pre>keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore</pre>
* </li>
* <li>
* <p>
* Send the certificate request to the trusted Certificate Authority for signature.
* One may choose to act as her own CA and sign the certificate request using a PKI
* tool, such as OpenSSL.
* </p>
* </li>
* <li>
* <p>
* Import the trusted CA root certificate
* </p>
* <pre>keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore</pre>
* </li>
* <li>
* <p>
* Import the PKCS#7 file containing the complete certificate chain
* </p>
* <pre>keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore</pre>
* </li>
* <li>
* <p>
* Verify the content of the resultant keystore file
* </p>
* <pre>keytool -list -v -keystore my.keystore</pre>
* </li>
* </ul>
*
* @since 4.3
*/
@Contract(threading = ThreadingBehavior.STATELESS)
public class SSLConnectionSocketFactory implements LayeredConnectionSocketFactory {
public static final String TLS = "TLS";
public static final String SSL = "SSL";
private final Logger log = LoggerFactory.getLogger(getClass());
/**
* @since 4.4
*/
public static HostnameVerifier getDefaultHostnameVerifier() {
return new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault());
}
/**
* Obtains default SSL socket factory with an SSL context based on the standard JSSE
* trust material ({@code cacerts} file in the security properties directory).
@ -156,14 +77,7 @@ public class SSLConnectionSocketFactory implements LayeredConnectionSocketFactor
* @return default SSL socket factory
*/
public static SSLConnectionSocketFactory getSocketFactory() throws SSLInitializationException {
return new SSLConnectionSocketFactory(SSLContexts.createDefault(), getDefaultHostnameVerifier());
}
private static String[] split(final String s) {
if (TextUtils.isBlank(s)) {
return null;
}
return s.split(" *, *");
return new SSLConnectionSocketFactory(SSLContexts.createDefault(), HttpsSupport.getDefaultHostnameVerifier());
}
/**
@ -176,10 +90,10 @@ public class SSLConnectionSocketFactory implements LayeredConnectionSocketFactor
*/
public static SSLConnectionSocketFactory getSystemSocketFactory() throws SSLInitializationException {
return new SSLConnectionSocketFactory(
(javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault(),
split(System.getProperty("https.protocols")),
split(System.getProperty("https.cipherSuites")),
getDefaultHostnameVerifier());
(javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault(),
HttpsSupport.getSystemProtocols(),
HttpsSupport.getSystemCipherSuits(),
HttpsSupport.getDefaultHostnameVerifier());
}
private final javax.net.ssl.SSLSocketFactory socketfactory;
@ -189,7 +103,7 @@ public class SSLConnectionSocketFactory implements LayeredConnectionSocketFactor
private final TlsSessionValidator tlsSessionValidator;
public SSLConnectionSocketFactory(final SSLContext sslContext) {
this(sslContext, getDefaultHostnameVerifier());
this(sslContext, HttpsSupport.getDefaultHostnameVerifier());
}
/**
@ -233,7 +147,7 @@ public class SSLConnectionSocketFactory implements LayeredConnectionSocketFactor
this.socketfactory = Args.notNull(socketfactory, "SSL socket factory");
this.supportedProtocols = supportedProtocols;
this.supportedCipherSuites = supportedCipherSuites;
this.hostnameVerifier = hostnameVerifier != null ? hostnameVerifier : getDefaultHostnameVerifier();
this.hostnameVerifier = hostnameVerifier != null ? hostnameVerifier : HttpsSupport.getDefaultHostnameVerifier();
this.tlsSessionValidator = new TlsSessionValidator(log);
}

156
httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactoryBuilder.java Normal file
View File

@ -0,0 +1,156 @@
/*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.hc.client5.http.ssl;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import org.apache.hc.core5.ssl.SSLContexts;
/**
* Builder for {@link SSLConnectionSocketFactory} instances.
* <p>
* When a particular component is not explicitly set this class will
* use its default implementation. System properties will be taken
* into account when configuring the default implementations when
* {@link #useSystemProperties()} method is called prior to calling
* {@link #build()}.
* </p>
* <ul>
* <li>ssl.TrustManagerFactory.algorithm</li>
* <li>javax.net.ssl.trustStoreType</li>
* <li>javax.net.ssl.trustStore</li>
* <li>javax.net.ssl.trustStoreProvider</li>
* <li>javax.net.ssl.trustStorePassword</li>
* <li>ssl.KeyManagerFactory.algorithm</li>
* <li>javax.net.ssl.keyStoreType</li>
* <li>javax.net.ssl.keyStore</li>
* <li>javax.net.ssl.keyStoreProvider</li>
* <li>javax.net.ssl.keyStorePassword</li>
* <li>https.protocols</li>
* <li>https.cipherSuites</li>
* </ul>
*
* @since 5.0
*/
public class SSLConnectionSocketFactoryBuilder {
public static SSLConnectionSocketFactoryBuilder create() {
return new SSLConnectionSocketFactoryBuilder();
}
private SSLContext sslContext;
private String[] tlsVersions;
private String[] ciphers;
private HostnameVerifier hostnameVerifier;
private boolean systemProperties;
/**
* Assigns {@link SSLContext} instance.
*/
public SSLConnectionSocketFactoryBuilder setSslContext(final SSLContext sslContext) {
this.sslContext = sslContext;
return this;
}
/**
* Assigns enabled {@code TLS} versions.
*/
public final SSLConnectionSocketFactoryBuilder setTlsVersions(final String... tlslVersions) {
this.tlsVersions = tlslVersions;
return this;
}
/**
* Assigns enabled {@code TLS} versions.
*/
public final SSLConnectionSocketFactoryBuilder setTlsVersions(final TLS... tlslVersions) {
this.tlsVersions = new String[tlslVersions.length];
for (int i = 0; i < tlslVersions.length; i++) {
this.tlsVersions[i] = tlslVersions[i].ident;
}
return this;
}
/**
* Assigns enabled ciphers.
*/
public final SSLConnectionSocketFactoryBuilder setCiphers(final String... ciphers) {
this.ciphers = ciphers;
return this;
}
/**
* Assigns {@link HostnameVerifier} instance.
*/
public SSLConnectionSocketFactoryBuilder setHostnameVerifier(final HostnameVerifier hostnameVerifier) {
this.hostnameVerifier = hostnameVerifier;
return this;
}
/**
* Use system properties when creating and configuring default
* implementations.
*/
public final SSLConnectionSocketFactoryBuilder useSystemProperties() {
this.systemProperties = true;
return this;
}
public SSLConnectionSocketFactory build() {
final javax.net.ssl.SSLSocketFactory socketfactory;
if (sslContext != null) {
socketfactory = sslContext.getSocketFactory();
} else {
if (systemProperties) {
socketfactory = (javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault();
} else {
socketfactory = SSLContexts.createDefault().getSocketFactory();
}
}
final String[] tlsVersionsCopy;
if (tlsVersions != null) {
tlsVersionsCopy = tlsVersions;
} else {
tlsVersionsCopy = systemProperties ? HttpsSupport.getSystemProtocols() : null;
}
final String[] ciphersCopy;
if (ciphers != null) {
ciphersCopy = ciphers;
} else {
ciphersCopy = systemProperties ? HttpsSupport.getSystemCipherSuits() : null;
}
return new SSLConnectionSocketFactory(
socketfactory,
tlsVersionsCopy,
ciphersCopy,
hostnameVerifier != null ? hostnameVerifier : HttpsSupport.getDefaultHostnameVerifier());
}
}