1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 package org.apache.hc.core5.http2.ssl;
29
30 import java.net.SocketAddress;
31
32 import javax.net.ssl.SSLContext;
33
34 import org.apache.hc.core5.http.HttpHost;
35 import org.apache.hc.core5.http.nio.ssl.FixedPortStrategy;
36 import org.apache.hc.core5.http.nio.ssl.SecurePortStrategy;
37 import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
38 import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
39 import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
40 import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier;
41 import org.apache.hc.core5.reactor.ssl.TransportSecurityLayer;
42 import org.apache.hc.core5.util.Args;
43 import org.apache.hc.core5.util.Timeout;
44
45
46
47
48
49
50
51 public class ConscryptServerTlsStrategy implements TlsStrategy {
52
53 private final SSLContext sslContext;
54 private final SecurePortStrategy securePortStrategy;
55 private final SSLBufferMode sslBufferMode;
56 private final SSLSessionInitializer initializer;
57 private final SSLSessionVerifier verifier;
58
59 public ConscryptServerTlsStrategy(
60 final SSLContext sslContext,
61 final SecurePortStrategy securePortStrategy,
62 final SSLBufferMode sslBufferMode,
63 final SSLSessionInitializer initializer,
64 final SSLSessionVerifier verifier) {
65 this.sslContext = Args.notNull(sslContext, "SSL context");
66 this.securePortStrategy = securePortStrategy;
67 this.sslBufferMode = sslBufferMode;
68 this.initializer = initializer;
69 this.verifier = verifier;
70 }
71
72 public ConscryptServerTlsStrategy(
73 final SSLContext sslContext,
74 final SecurePortStrategy securePortStrategy,
75 final SSLSessionInitializer initializer,
76 final SSLSessionVerifier verifier) {
77 this(sslContext, securePortStrategy, null, initializer, verifier);
78 }
79
80 public ConscryptServerTlsStrategy(
81 final SSLContext sslContext,
82 final SecurePortStrategy securePortStrategy,
83 final SSLSessionVerifier verifier) {
84 this(sslContext, securePortStrategy, null, null, verifier);
85 }
86
87 public ConscryptServerTlsStrategy(final SSLContext sslContext, final SecurePortStrategy securePortStrategy) {
88 this(sslContext, securePortStrategy, null, null, null);
89 }
90
91 public ConscryptServerTlsStrategy(final SSLContext sslContext, final int... securePorts) {
92 this(sslContext, new FixedPortStrategy(securePorts));
93 }
94
95 @Override
96 public boolean upgrade(
97 final TransportSecurityLayer tlsSession,
98 final HttpHost host,
99 final SocketAddress localAddress,
100 final SocketAddress remoteAddress,
101 final Object attachment,
102 final Timeout handshakeTimeout) {
103 if (securePortStrategy != null && securePortStrategy.isSecure(localAddress)) {
104 tlsSession.startTls(
105 sslContext,
106 host,
107 sslBufferMode,
108 ConscryptSupport.initialize(attachment, initializer),
109 ConscryptSupport.verify(verifier),
110 handshakeTimeout);
111 return true;
112 }
113 return false;
114 }
115
116 }