View Javadoc
1   /*
2    * ====================================================================
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   * ====================================================================
20   *
21   * This software consists of voluntary contributions made by many
22   * individuals on behalf of the Apache Software Foundation.  For more
23   * information on the Apache Software Foundation, please see
24   * <http://www.apache.org/>.
25   *
26   */
27  
28  package org.apache.hc.client5.http.ssl;
29  
30  import javax.net.ssl.HostnameVerifier;
31  import javax.net.ssl.SSLContext;
32  import javax.net.ssl.SSLEngine;
33  import javax.net.ssl.SSLSession;
34  
35  import org.apache.hc.core5.function.Factory;
36  import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
37  import org.apache.hc.core5.http.ssl.TLS;
38  import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
39  import org.apache.hc.core5.reactor.ssl.TlsDetails;
40  import org.apache.hc.core5.ssl.SSLContexts;
41  import org.apache.hc.core5.util.ReflectionUtils;
42  
43  /**
44   * Builder for client {@link TlsStrategy} instances.
45   * <p>
46   * When a particular component is not explicitly set this class will
47   * use its default implementation. System properties will be taken
48   * into account when configuring the default implementations when
49   * {@link #useSystemProperties()} method is called prior to calling
50   * {@link #build()}.
51   * </p>
52   * <ul>
53   *  <li>ssl.TrustManagerFactory.algorithm</li>
54   *  <li>javax.net.ssl.trustStoreType</li>
55   *  <li>javax.net.ssl.trustStore</li>
56   *  <li>javax.net.ssl.trustStoreProvider</li>
57   *  <li>javax.net.ssl.trustStorePassword</li>
58   *  <li>ssl.KeyManagerFactory.algorithm</li>
59   *  <li>javax.net.ssl.keyStoreType</li>
60   *  <li>javax.net.ssl.keyStore</li>
61   *  <li>javax.net.ssl.keyStoreProvider</li>
62   *  <li>javax.net.ssl.keyStorePassword</li>
63   *  <li>https.protocols</li>
64   *  <li>https.cipherSuites</li>
65   * </ul>
66   *
67   * @since 5.0
68   */
69  public class ClientTlsStrategyBuilder {
70  
71      public static ClientTlsStrategyBuilder create() {
72          return new ClientTlsStrategyBuilder();
73      }
74  
75      private SSLContext sslContext;
76      private String[] tlsVersions;
77      private String[] ciphers;
78      private SSLBufferMode sslBufferMode;
79      private HostnameVerifier hostnameVerifier;
80      private Factory<SSLEngine, TlsDetails> tlsDetailsFactory;
81      private boolean systemProperties;
82  
83      /**
84       * Assigns {@link SSLContext} instance.
85       */
86      public ClientTlsStrategyBuilder setSslContext(final SSLContext sslContext) {
87          this.sslContext = sslContext;
88          return this;
89      }
90  
91      /**
92       * Assigns enabled {@code TLS} versions.
93       */
94      public final ClientTlsStrategyBuilder setTlsVersions(final String... tlslVersions) {
95          this.tlsVersions = tlslVersions;
96          return this;
97      }
98  
99      /**
100      * Assigns enabled {@code TLS} versions.
101      */
102     public final ClientTlsStrategyBuilder setTlsVersions(final TLS... tlslVersions) {
103         this.tlsVersions = new String[tlslVersions.length];
104         for (int i = 0; i < tlslVersions.length; i++) {
105             this.tlsVersions[i] = tlslVersions[i].id;
106         }
107         return this;
108     }
109 
110     /**
111      * Assigns enabled ciphers.
112      */
113     public final ClientTlsStrategyBuilder setCiphers(final String... ciphers) {
114         this.ciphers = ciphers;
115         return this;
116     }
117 
118     /**
119      * Assigns {@link SSLBufferMode} value.
120      */
121     public ClientTlsStrategyBuilder setSslBufferMode(final SSLBufferMode sslBufferMode) {
122         this.sslBufferMode = sslBufferMode;
123         return this;
124     }
125 
126     /**
127      * Assigns {@link HostnameVerifier} instance.
128      */
129     public ClientTlsStrategyBuilder setHostnameVerifier(final HostnameVerifier hostnameVerifier) {
130         this.hostnameVerifier = hostnameVerifier;
131         return this;
132     }
133 
134     /**
135      * Assigns {@link TlsDetails} {@link Factory} instance.
136      */
137     public ClientTlsStrategyBuilder setTlsDetailsFactory(final Factory<SSLEngine, TlsDetails> tlsDetailsFactory) {
138         this.tlsDetailsFactory = tlsDetailsFactory;
139         return this;
140     }
141 
142     /**
143      * Use system properties when creating and configuring default
144      * implementations.
145      */
146     public final ClientTlsStrategyBuilder useSystemProperties() {
147         this.systemProperties = true;
148         return this;
149     }
150 
151     public TlsStrategy build() {
152         final SSLContext sslContextCopy;
153         if (sslContext != null) {
154             sslContextCopy = sslContext;
155         } else {
156             sslContextCopy = systemProperties ? SSLContexts.createSystemDefault() : SSLContexts.createDefault();
157         }
158         final String[] tlsVersionsCopy;
159         if (tlsVersions != null) {
160             tlsVersionsCopy = tlsVersions;
161         } else {
162             tlsVersionsCopy = systemProperties ? HttpsSupport.getSystemProtocols() : null;
163         }
164         final String[] ciphersCopy;
165         if (ciphers != null) {
166             ciphersCopy = ciphers;
167         } else {
168             ciphersCopy = systemProperties ? HttpsSupport.getSystemCipherSuits() : null;
169         }
170         final Factory<SSLEngine, TlsDetails> tlsDetailsFactoryCopy;
171         if (tlsDetailsFactory != null) {
172             tlsDetailsFactoryCopy = tlsDetailsFactory;
173         } else {
174             tlsDetailsFactoryCopy = new Factory<SSLEngine, TlsDetails>() {
175                 @Override
176                 public TlsDetails create(final SSLEngine sslEngine) {
177                     final SSLSession sslSession = sslEngine.getSession();
178                     final String applicationProtocol = ReflectionUtils.callGetter(sslEngine,
179                         "ApplicationProtocol", String.class);
180                     return new TlsDetails(sslSession, applicationProtocol);
181                 }
182             };
183         }
184         return new DefaultClientTlsStrategy(
185                 sslContextCopy,
186                 tlsVersionsCopy,
187                 ciphersCopy,
188                 sslBufferMode != null ? sslBufferMode : SSLBufferMode.STATIC,
189                 hostnameVerifier != null ? hostnameVerifier : HttpsSupport.getDefaultHostnameVerifier(),
190                 tlsDetailsFactoryCopy);
191     }
192 
193 }