Apache/httpcomponents-client
1
0
Fork 0
mirror of https://github.com/apache/httpcomponents-client.git synced 2025-02-16 15:07:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

HTTPCLIENT-2182: access to SSLSession attributes via reflection disallowed as of Java 16. Core TLS functions now use new Java 1.8 API introduced by 8u251 update

Browse Source
This commit is contained in:
Oleg Kalnichevski 2021-10-13 11:44:33 +02:00
parent b10d43f2bb
commit 8b73f6b83c
4 changed files with 20 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ClientTlsStrategyBuilder.java
View File

@ -30,7 +30,6 @@
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import org.apache.hc.core5.function.Factory;
import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
@ -38,7 +37,6 @@
import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
import org.apache.hc.core5.reactor.ssl.TlsDetails;
import org.apache.hc.core5.ssl.SSLContexts;
import org.apache.hc.core5.util.ReflectionUtils;
/**
* Builder for client {@link TlsStrategy} instances.
@ -77,6 +75,10 @@ public static ClientTlsStrategyBuilder create() {
private String[] ciphers;
private SSLBufferMode sslBufferMode;
private HostnameVerifier hostnameVerifier;
/**
* @deprecated To be removed.
*/
@Deprecated
private Factory<SSLEngine, TlsDetails> tlsDetailsFactory;
private boolean systemProperties;
@ -133,7 +135,10 @@ public ClientTlsStrategyBuilder setHostnameVerifier(final HostnameVerifier hostn
/**
* Assigns {@link TlsDetails} {@link Factory} instance.
*
* @deprecated Do not use.
*/
@Deprecated
public ClientTlsStrategyBuilder setTlsDetailsFactory(final Factory<SSLEngine, TlsDetails> tlsDetailsFactory) {
this.tlsDetailsFactory = tlsDetailsFactory;
return this;
@ -148,6 +153,7 @@ public final ClientTlsStrategyBuilder useSystemProperties() {
return this;
}
@SuppressWarnings("deprecation")
public TlsStrategy build() {
final SSLContext sslContextCopy;
if (sslContext != null) {
@ -167,24 +173,13 @@ public TlsStrategy build() {
} else {
ciphersCopy = systemProperties ? HttpsSupport.getSystemCipherSuits() : null;
}
final Factory<SSLEngine, TlsDetails> tlsDetailsFactoryCopy;
if (tlsDetailsFactory != null) {
tlsDetailsFactoryCopy = tlsDetailsFactory;
} else {
tlsDetailsFactoryCopy = sslEngine -> {
final SSLSession sslSession = sslEngine.getSession();
final String applicationProtocol = ReflectionUtils.callGetter(sslEngine,
"ApplicationProtocol", String.class);
return new TlsDetails(sslSession, applicationProtocol);
};
}
return new DefaultClientTlsStrategy(
sslContextCopy,
tlsVersionsCopy,
ciphersCopy,
sslBufferMode != null ? sslBufferMode : SSLBufferMode.STATIC,
hostnameVerifier != null ? hostnameVerifier : HttpsSupport.getDefaultHostnameVerifier(),
tlsDetailsFactoryCopy);
tlsDetailsFactory);
}
}

14
httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultClientTlsStrategy.java
View File

@ -63,8 +63,16 @@ public static TlsStrategy getSystemDefault() {
HttpsSupport.getDefaultHostnameVerifier());
}
private final Factory<SSLEngine, TlsDetails> tlsDetailsFactory;
/**
* @deprecated To be removed.
*/
@Deprecated
private Factory<SSLEngine, TlsDetails> tlsDetailsFactory;
/**
* @deprecated Use {@link DefaultClientTlsStrategy#DefaultClientTlsStrategy(SSLContext, String[], String[], SSLBufferMode, HostnameVerifier)}
*/
@Deprecated
public DefaultClientTlsStrategy(
final SSLContext sslContext,
final String[] supportedProtocols,
@ -82,13 +90,13 @@ public DefaultClientTlsStrategy(
final String[] supportedCipherSuites,
final SSLBufferMode sslBufferManagement,
final HostnameVerifier hostnameVerifier) {
this(sslContext, supportedProtocols, supportedCipherSuites, sslBufferManagement, hostnameVerifier, null);
super(sslContext, supportedProtocols, supportedCipherSuites, sslBufferManagement, hostnameVerifier);
}
public DefaultClientTlsStrategy(
final SSLContext sslcontext,
final HostnameVerifier hostnameVerifier) {
this(sslcontext, null, null, SSLBufferMode.STATIC, hostnameVerifier, null);
this(sslcontext, null, null, SSLBufferMode.STATIC, hostnameVerifier);
}
public DefaultClientTlsStrategy(final SSLContext sslcontext) {

12
httpclient5/src/test/java/org/apache/hc/client5/http/examples/AsyncClientCustomSSL.java
View File

@ -66,18 +66,6 @@ public static void main(final String[] args) throws Exception {
.build();
final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create()
.setSslContext(sslcontext)
// IMPORTANT uncomment the following method when running Java 9 or older
// in order for ALPN support to work and avoid the illegal reflective
// access operation warning
/*
.setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
@Override
public TlsDetails create(final SSLEngine sslEngine) {
return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
}
})
*/
.build();
final PoolingAsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create()

125
httpclient5/src/test/java/org/apache/hc/client5/http/examples/AsyncClientTlsAlpn.java
View File

@ -1,125 +0,0 @@
/*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.hc.client5.http.examples;
import java.util.concurrent.Future;
import javax.net.ssl.SSLSession;
import org.apache.hc.client5.http.async.methods.SimpleHttpRequest;
import org.apache.hc.client5.http.async.methods.SimpleHttpResponse;
import org.apache.hc.client5.http.async.methods.SimpleRequestBuilder;
import org.apache.hc.client5.http.async.methods.SimpleRequestProducer;
import org.apache.hc.client5.http.async.methods.SimpleResponseConsumer;
import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient;
import org.apache.hc.client5.http.impl.async.HttpAsyncClients;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
import org.apache.hc.core5.concurrent.FutureCallback;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.message.StatusLine;
import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
import org.apache.hc.core5.io.CloseMode;
/**
* This example demonstrates how to avoid the illegal reflective access operation warning
* when running with Oracle JRE 9 or newer.
*/
public class AsyncClientTlsAlpn {
public final static void main(final String[] args) throws Exception {
final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create()
.useSystemProperties()
// IMPORTANT uncomment the following method when running Java 9 or older
// in order for ALPN support to work and avoid the illegal reflective
// access operation warning
/*
.setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
@Override
public TlsDetails create(final SSLEngine sslEngine) {
return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
}
})
*/
.build();
final PoolingAsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(tlsStrategy)
.build();
try (final CloseableHttpAsyncClient client = HttpAsyncClients.custom()
.setConnectionManager(cm)
.build()) {
client.start();
final HttpHost target = new HttpHost("https", "nghttp2.org");
final HttpClientContext clientContext = HttpClientContext.create();
final SimpleHttpRequest request = SimpleRequestBuilder.get()
.setHttpHost(target)
.setPath("/httpbin/")
.build();
System.out.println("Executing request " + request);
final Future<SimpleHttpResponse> future = client.execute(
SimpleRequestProducer.create(request),
SimpleResponseConsumer.create(),
clientContext,
new FutureCallback<SimpleHttpResponse>() {
@Override
public void completed(final SimpleHttpResponse response) {
System.out.println(request + "->" + new StatusLine(response));
final SSLSession sslSession = clientContext.getSSLSession();
if (sslSession != null) {
System.out.println("SSL protocol " + sslSession.getProtocol());
System.out.println("SSL cipher suite " + sslSession.getCipherSuite());
}
System.out.println(response.getBody());
}
@Override
public void failed(final Exception ex) {
System.out.println(request + "->" + ex);
}
@Override
public void cancelled() {
System.out.println(request + " cancelled");
}
});
future.get();
System.out.println("Shutting down");
client.close(CloseMode.GRACEFUL);
}
}
}