1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 package org.apache.hc.core5.http2.ssl;
29
30 import javax.net.ssl.SSLEngine;
31 import javax.net.ssl.SSLParameters;
32
33 import org.apache.hc.core5.http.ssl.TLS;
34 import org.apache.hc.core5.http.ssl.TlsCiphers;
35 import org.apache.hc.core5.http2.HttpVersionPolicy;
36 import org.apache.hc.core5.net.NamedEndpoint;
37 import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
38 import org.apache.hc.core5.util.ReflectionUtils;
39
40
41
42
43
44
45 public final class H2TlsSupport {
46
47 public static void setEnableRetransmissions(final SSLParameters sslParameters, final boolean value) {
48 ReflectionUtils.callSetter(sslParameters, "EnableRetransmissions", Boolean.TYPE, value);
49 }
50
51 public static void setApplicationProtocols(final SSLParameters sslParameters, final String[] values) {
52 ReflectionUtils.callSetter(sslParameters, "ApplicationProtocols", String[].class, values);
53 }
54
55 public static String[] selectApplicationProtocols(final Object attachment) {
56 final HttpVersionPolicyttp2/HttpVersionPolicy.html#HttpVersionPolicy">HttpVersionPolicy versionPolicy = attachment instanceof HttpVersionPolicy ?
57 (HttpVersionPolicy) attachment : HttpVersionPolicy.NEGOTIATE;
58 switch (versionPolicy) {
59 case FORCE_HTTP_1:
60 return new String[] { ApplicationProtocol.HTTP_1_1.id };
61 case FORCE_HTTP_2:
62 return new String[] { ApplicationProtocol.HTTP_2.id };
63 default:
64 return new String[] { ApplicationProtocol.HTTP_2.id, ApplicationProtocol.HTTP_1_1.id };
65 }
66 }
67
68 public static SSLSessionInitializer enforceRequirements(
69 final Object attachment,
70 final SSLSessionInitializer initializer) {
71 return new SSLSessionInitializer() {
72
73 @Override
74 public void initialize(final NamedEndpoint endpoint, final SSLEngine sslEngine) {
75 final SSLParameters sslParameters = sslEngine.getSSLParameters();
76 sslParameters.setProtocols(TLS.excludeWeak(sslParameters.getProtocols()));
77 sslParameters.setCipherSuites(TlsCiphers.excludeH2Blacklisted(sslParameters.getCipherSuites()));
78 setEnableRetransmissions(sslParameters, false);
79 setApplicationProtocols(sslParameters, selectApplicationProtocols(attachment));
80 sslEngine.setSSLParameters(sslParameters);
81 if (initializer != null) {
82 initializer.initialize(endpoint, sslEngine);
83 }
84 }
85
86 };
87 }
88
89 }