1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 package org.apache.hc.core5.http2.ssl;
29
30 import java.net.SocketAddress;
31
32 import javax.net.ssl.SSLContext;
33
34 import org.apache.hc.core5.http.HttpHost;
35 import org.apache.hc.core5.http.nio.ssl.FixedPortStrategy;
36 import org.apache.hc.core5.http.nio.ssl.SecurePortStrategy;
37 import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
38 import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
39 import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
40 import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier;
41 import org.apache.hc.core5.reactor.ssl.TransportSecurityLayer;
42 import org.apache.hc.core5.util.Args;
43 import org.apache.hc.core5.util.Timeout;
44
45
46
47
48
49
50
51 public class ConscryptServerTlsStrategy implements TlsStrategy {
52
53 private final SSLContext sslContext;
54 @SuppressWarnings("deprecation")
55 private final SecurePortStrategy securePortStrategy;
56 private final SSLBufferMode sslBufferMode;
57 private final SSLSessionInitializer initializer;
58 private final SSLSessionVerifier verifier;
59
60
61
62
63 @Deprecated
64 public ConscryptServerTlsStrategy(
65 final SSLContext sslContext,
66 final SecurePortStrategy securePortStrategy,
67 final SSLBufferMode sslBufferMode,
68 final SSLSessionInitializer initializer,
69 final SSLSessionVerifier verifier) {
70 this.sslContext = Args.notNull(sslContext, "SSL context");
71 this.securePortStrategy = securePortStrategy;
72 this.sslBufferMode = sslBufferMode;
73 this.initializer = initializer;
74 this.verifier = verifier;
75 }
76
77
78
79
80 @Deprecated
81 public ConscryptServerTlsStrategy(
82 final SSLContext sslContext,
83 final SecurePortStrategy securePortStrategy,
84 final SSLSessionInitializer initializer,
85 final SSLSessionVerifier verifier) {
86 this(sslContext, securePortStrategy, null, initializer, verifier);
87 }
88
89
90
91
92 @Deprecated
93 public ConscryptServerTlsStrategy(
94 final SSLContext sslContext,
95 final SecurePortStrategy securePortStrategy,
96 final SSLSessionVerifier verifier) {
97 this(sslContext, securePortStrategy, null, null, verifier);
98 }
99
100
101
102
103 @Deprecated
104 public ConscryptServerTlsStrategy(final SSLContext sslContext, final SecurePortStrategy securePortStrategy) {
105 this(sslContext, securePortStrategy, null, null, null);
106 }
107
108
109
110
111 @Deprecated
112 public ConscryptServerTlsStrategy(final SSLContext sslContext, final int... securePorts) {
113 this(sslContext, new FixedPortStrategy(securePorts));
114 }
115
116 public ConscryptServerTlsStrategy(
117 final SSLContext sslContext,
118 final SSLBufferMode sslBufferMode,
119 final SSLSessionInitializer initializer,
120 final SSLSessionVerifier verifier) {
121 this.sslContext = Args.notNull(sslContext, "SSL context");
122 this.sslBufferMode = sslBufferMode;
123 this.initializer = initializer;
124 this.verifier = verifier;
125 this.securePortStrategy = null;
126 }
127
128 public ConscryptServerTlsStrategy(
129 final SSLContext sslContext,
130 final SSLSessionInitializer initializer,
131 final SSLSessionVerifier verifier) {
132 this(sslContext, (SSLBufferMode) null, initializer, verifier);
133 }
134
135 public ConscryptServerTlsStrategy(final SSLContext sslContext, final SSLSessionVerifier verifier) {
136 this(sslContext, (SSLBufferMode) null, null, verifier);
137 }
138
139 public ConscryptServerTlsStrategy(final SSLContext sslContext) {
140 this(sslContext, (SSLBufferMode) null, null, null);
141 }
142
143 private boolean isApplicable(final SocketAddress localAddress) {
144 return securePortStrategy == null || securePortStrategy.isSecure(localAddress);
145 }
146
147 @Override
148 public boolean upgrade(
149 final TransportSecurityLayer tlsSession,
150 final HttpHost host,
151 final SocketAddress localAddress,
152 final SocketAddress remoteAddress,
153 final Object attachment,
154 final Timeout handshakeTimeout) {
155 if (isApplicable(localAddress)) {
156 tlsSession.startTls(
157 sslContext,
158 host,
159 sslBufferMode,
160 ConscryptSupport.initialize(attachment, initializer),
161 ConscryptSupport.verify(verifier),
162 handshakeTimeout);
163 return true;
164 }
165 return false;
166 }
167
168 }