1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 package org.apache.hc.core5.http2.ssl;
29
30 import java.net.SocketAddress;
31
32 import javax.net.ssl.SSLContext;
33
34 import org.apache.hc.core5.http.HttpHost;
35 import org.apache.hc.core5.http.nio.ssl.FixedPortStrategy;
36 import org.apache.hc.core5.http.nio.ssl.SecurePortStrategy;
37 import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
38 import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
39 import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
40 import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier;
41 import org.apache.hc.core5.reactor.ssl.TransportSecurityLayer;
42 import org.apache.hc.core5.ssl.SSLContexts;
43 import org.apache.hc.core5.util.Args;
44 import org.apache.hc.core5.util.Timeout;
45
46
47
48
49
50
51
52 public class H2ServerTlsStrategy implements TlsStrategy {
53
54 private final SSLContext sslContext;
55 @SuppressWarnings("deprecation")
56 private final SecurePortStrategy securePortStrategy;
57 private final SSLBufferMode sslBufferMode;
58 private final SSLSessionInitializer initializer;
59 private final SSLSessionVerifier verifier;
60
61
62
63
64 @Deprecated
65 public H2ServerTlsStrategy(
66 final SSLContext sslContext,
67 final SecurePortStrategy securePortStrategy,
68 final SSLBufferMode sslBufferMode,
69 final SSLSessionInitializer initializer,
70 final SSLSessionVerifier verifier) {
71 this.sslContext = Args.notNull(sslContext, "SSL context");
72 this.securePortStrategy = securePortStrategy;
73 this.sslBufferMode = sslBufferMode;
74 this.initializer = initializer;
75 this.verifier = verifier;
76 }
77
78
79
80
81 @Deprecated
82 public H2ServerTlsStrategy(
83 final SSLContext sslContext,
84 final SecurePortStrategy securePortStrategy,
85 final SSLSessionInitializer initializer,
86 final SSLSessionVerifier verifier) {
87 this(sslContext, securePortStrategy, null, initializer, verifier);
88 }
89
90
91
92
93 @Deprecated
94 public H2ServerTlsStrategy(
95 final SSLContext sslContext,
96 final SecurePortStrategy securePortStrategy,
97 final SSLSessionVerifier verifier) {
98 this(sslContext, securePortStrategy, null, null, verifier);
99 }
100
101
102
103
104 @Deprecated
105 public H2ServerTlsStrategy(final SSLContext sslContext, final SecurePortStrategy securePortStrategy) {
106 this(sslContext, securePortStrategy, null, null, null);
107 }
108
109
110
111
112 @Deprecated
113 public H2ServerTlsStrategy(final int... securePorts) {
114 this(SSLContexts.createSystemDefault(), new FixedPortStrategy(securePorts));
115 }
116
117 public H2ServerTlsStrategy(
118 final SSLContext sslContext,
119 final SSLBufferMode sslBufferMode,
120 final SSLSessionInitializer initializer,
121 final SSLSessionVerifier verifier) {
122 this.sslContext = Args.notNull(sslContext, "SSL context");
123 this.sslBufferMode = sslBufferMode;
124 this.initializer = initializer;
125 this.verifier = verifier;
126 this.securePortStrategy = null;
127 }
128
129 public H2ServerTlsStrategy(
130 final SSLContext sslContext,
131 final SSLSessionInitializer initializer,
132 final SSLSessionVerifier verifier) {
133 this(sslContext, (SSLBufferMode) null, initializer, verifier);
134 }
135
136 public H2ServerTlsStrategy(final SSLContext sslContext, final SSLSessionVerifier verifier) {
137 this(sslContext, (SSLBufferMode) null, null, verifier);
138 }
139
140 public H2ServerTlsStrategy(final SSLContext sslContext) {
141 this(sslContext, (SSLBufferMode) null, null, null);
142 }
143
144 public H2ServerTlsStrategy() {
145 this(SSLContexts.createSystemDefault());
146 }
147
148 private boolean isApplicable(final SocketAddress localAddress) {
149 return securePortStrategy == null || securePortStrategy.isSecure(localAddress);
150 }
151
152 @Override
153 public boolean upgrade(
154 final TransportSecurityLayer tlsSession,
155 final HttpHost host,
156 final SocketAddress localAddress,
157 final SocketAddress remoteAddress,
158 final Object attachment,
159 final Timeout handshakeTimeout) {
160 if (isApplicable(localAddress)) {
161 tlsSession.startTls(
162 sslContext,
163 host,
164 sslBufferMode,
165 H2TlsSupport.enforceRequirements(attachment, initializer),
166 verifier,
167 handshakeTimeout);
168 return true;
169 }
170 return false;
171 }
172
173 }