View Javadoc
1   /*
2    * ====================================================================
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   * ====================================================================
20   *
21   * This software consists of voluntary contributions made by many
22   * individuals on behalf of the Apache Software Foundation.  For more
23   * information on the Apache Software Foundation, please see
24   * <http://www.apache.org/>.
25   *
26   */
27  
28  package org.apache.hc.core5.http2.ssl;
29  
30  import java.net.SocketAddress;
31  
32  import javax.net.ssl.SSLContext;
33  
34  import org.apache.hc.core5.http.HttpHost;
35  import org.apache.hc.core5.http.nio.ssl.FixedPortStrategy;
36  import org.apache.hc.core5.http.nio.ssl.SecurePortStrategy;
37  import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
38  import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
39  import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
40  import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier;
41  import org.apache.hc.core5.reactor.ssl.TransportSecurityLayer;
42  import org.apache.hc.core5.ssl.SSLContexts;
43  import org.apache.hc.core5.util.Args;
44  import org.apache.hc.core5.util.Timeout;
45  
46  /**
47   * Basic side-side implementation of {@link TlsStrategy} that upgrades to TLS for endpoints
48   * with the specified local ports.
49   *
50   * @since 5.0
51   */
52  public class H2ServerTlsStrategy implements TlsStrategy {
53  
54      private final SSLContext sslContext;
55      @SuppressWarnings("deprecation")
56      private final SecurePortStrategy securePortStrategy;
57      private final SSLBufferMode sslBufferMode;
58      private final SSLSessionInitializer initializer;
59      private final SSLSessionVerifier verifier;
60  
61      /**
62       * @deprecated Use {@link H2ServerTlsStrategy#H2ServerTlsStrategy(SSLContext, SSLBufferMode, SSLSessionInitializer, SSLSessionVerifier)}
63       */
64      @Deprecated
65      public H2ServerTlsStrategy(
66              final SSLContext sslContext,
67              final SecurePortStrategy securePortStrategy,
68              final SSLBufferMode sslBufferMode,
69              final SSLSessionInitializer initializer,
70              final SSLSessionVerifier verifier) {
71          this.sslContext = Args.notNull(sslContext, "SSL context");
72          this.securePortStrategy = securePortStrategy;
73          this.sslBufferMode = sslBufferMode;
74          this.initializer = initializer;
75          this.verifier = verifier;
76      }
77  
78      /**
79       * @deprecated Use {@link H2ServerTlsStrategy#H2ServerTlsStrategy(SSLContext, SSLSessionInitializer, SSLSessionVerifier)}
80       */
81      @Deprecated
82      public H2ServerTlsStrategy(
83              final SSLContext sslContext,
84              final SecurePortStrategy securePortStrategy,
85              final SSLSessionInitializer initializer,
86              final SSLSessionVerifier verifier) {
87          this(sslContext, securePortStrategy, null, initializer, verifier);
88      }
89  
90      /**
91       * @deprecated Use {@link H2ServerTlsStrategy#H2ServerTlsStrategy(SSLContext, SSLSessionVerifier)}
92       */
93      @Deprecated
94      public H2ServerTlsStrategy(
95              final SSLContext sslContext,
96              final SecurePortStrategy securePortStrategy,
97              final SSLSessionVerifier verifier) {
98          this(sslContext, securePortStrategy, null, null, verifier);
99      }
100 
101     /**
102      * @deprecated Use {@link H2ServerTlsStrategy#H2ServerTlsStrategy(SSLContext)}
103      */
104     @Deprecated
105     public H2ServerTlsStrategy(final SSLContext sslContext, final SecurePortStrategy securePortStrategy) {
106         this(sslContext, securePortStrategy, null, null, null);
107     }
108 
109     /**
110      * @deprecated Use {@link H2ServerTlsStrategy#H2ServerTlsStrategy()}
111      */
112     @Deprecated
113     public H2ServerTlsStrategy(final int... securePorts) {
114         this(SSLContexts.createSystemDefault(), new FixedPortStrategy(securePorts));
115     }
116 
117     public H2ServerTlsStrategy(
118             final SSLContext sslContext,
119             final SSLBufferMode sslBufferMode,
120             final SSLSessionInitializer initializer,
121             final SSLSessionVerifier verifier) {
122         this.sslContext = Args.notNull(sslContext, "SSL context");
123         this.sslBufferMode = sslBufferMode;
124         this.initializer = initializer;
125         this.verifier = verifier;
126         this.securePortStrategy = null;
127     }
128 
129     public H2ServerTlsStrategy(
130             final SSLContext sslContext,
131             final SSLSessionInitializer initializer,
132             final SSLSessionVerifier verifier) {
133         this(sslContext, (SSLBufferMode) null, initializer, verifier);
134     }
135 
136     public H2ServerTlsStrategy(final SSLContext sslContext, final SSLSessionVerifier verifier) {
137         this(sslContext, (SSLBufferMode) null, null, verifier);
138     }
139 
140     public H2ServerTlsStrategy(final SSLContext sslContext) {
141         this(sslContext, (SSLBufferMode) null, null, null);
142     }
143 
144     public H2ServerTlsStrategy() {
145         this(SSLContexts.createSystemDefault());
146     }
147 
148     private boolean isApplicable(final SocketAddress localAddress) {
149         return securePortStrategy == null || securePortStrategy.isSecure(localAddress);
150     }
151 
152     @Override
153     public boolean upgrade(
154             final TransportSecurityLayer tlsSession,
155             final HttpHost host,
156             final SocketAddress localAddress,
157             final SocketAddress remoteAddress,
158             final Object attachment,
159             final Timeout handshakeTimeout) {
160         if (isApplicable(localAddress)) {
161             tlsSession.startTls(
162                     sslContext,
163                     host,
164                     sslBufferMode,
165                     H2TlsSupport.enforceRequirements(attachment, initializer),
166                     verifier,
167                     handshakeTimeout);
168             return true;
169         }
170         return false;
171     }
172 
173 }