View Javadoc
1   /*
2    * ====================================================================
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   * ====================================================================
20   *
21   * This software consists of voluntary contributions made by many
22   * individuals on behalf of the Apache Software Foundation.  For more
23   * information on the Apache Software Foundation, please see
24   * <http://www.apache.org/>.
25   *
26   */
27  
28  package org.apache.hc.core5.http2.ssl;
29  
30  import java.net.SocketAddress;
31  
32  import javax.net.ssl.SSLContext;
33  
34  import org.apache.hc.core5.concurrent.FutureCallback;
35  import org.apache.hc.core5.http.HttpHost;
36  import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
37  import org.apache.hc.core5.net.NamedEndpoint;
38  import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
39  import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
40  import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier;
41  import org.apache.hc.core5.reactor.ssl.TransportSecurityLayer;
42  import org.apache.hc.core5.ssl.SSLContexts;
43  import org.apache.hc.core5.util.Args;
44  import org.apache.hc.core5.util.Timeout;
45  
46  /**
47   * Basic side-side implementation of {@link TlsStrategy} that upgrades to TLS for endpoints
48   * with the specified local ports.
49   *
50   * @since 5.0
51   */
52  public class H2ServerTlsStrategy implements TlsStrategy {
53  
54      private final SSLContext sslContext;
55      @SuppressWarnings("deprecation")
56      private final org.apache.hc.core5.http.nio.ssl.SecurePortStrategy securePortStrategy;
57      private final SSLBufferMode sslBufferMode;
58      private final SSLSessionInitializer initializer;
59      private final SSLSessionVerifier verifier;
60  
61      /**
62       * @deprecated Use {@link H2ServerTlsStrategy#H2ServerTlsStrategy(SSLContext, SSLBufferMode, SSLSessionInitializer, SSLSessionVerifier)}
63       */
64      @Deprecated
65      public H2ServerTlsStrategy(
66              final SSLContext sslContext,
67              final org.apache.hc.core5.http.nio.ssl.SecurePortStrategy securePortStrategy,
68              final SSLBufferMode sslBufferMode,
69              final SSLSessionInitializer initializer,
70              final SSLSessionVerifier verifier) {
71          this.sslContext = Args.notNull(sslContext, "SSL context");
72          this.securePortStrategy = securePortStrategy;
73          this.sslBufferMode = sslBufferMode;
74          this.initializer = initializer;
75          this.verifier = verifier;
76      }
77  
78      /**
79       * @deprecated Use {@link H2ServerTlsStrategy#H2ServerTlsStrategy(SSLContext, SSLSessionInitializer, SSLSessionVerifier)}
80       */
81      @Deprecated
82      public H2ServerTlsStrategy(
83              final SSLContext sslContext,
84              final org.apache.hc.core5.http.nio.ssl.SecurePortStrategy securePortStrategy,
85              final SSLSessionInitializer initializer,
86              final SSLSessionVerifier verifier) {
87          this(sslContext, securePortStrategy, null, initializer, verifier);
88      }
89  
90      /**
91       * @deprecated Use {@link H2ServerTlsStrategy#H2ServerTlsStrategy(SSLContext, SSLSessionVerifier)}
92       */
93      @Deprecated
94      public H2ServerTlsStrategy(
95              final SSLContext sslContext,
96              final org.apache.hc.core5.http.nio.ssl.SecurePortStrategy securePortStrategy,
97              final SSLSessionVerifier verifier) {
98          this(sslContext, securePortStrategy, null, null, verifier);
99      }
100 
101     /**
102      * @deprecated Use {@link H2ServerTlsStrategy#H2ServerTlsStrategy(SSLContext)}
103      */
104     @Deprecated
105     public H2ServerTlsStrategy(final SSLContext sslContext,
106                                final org.apache.hc.core5.http.nio.ssl.SecurePortStrategy securePortStrategy) {
107         this(sslContext, securePortStrategy, null, null, null);
108     }
109 
110     /**
111      * @deprecated Use {@link H2ServerTlsStrategy#H2ServerTlsStrategy()}
112      */
113     @Deprecated
114     public H2ServerTlsStrategy(final int... securePorts) {
115         this(SSLContexts.createSystemDefault(), new org.apache.hc.core5.http.nio.ssl.FixedPortStrategy(securePorts));
116     }
117 
118     public H2ServerTlsStrategy(
119             final SSLContext sslContext,
120             final SSLBufferMode sslBufferMode,
121             final SSLSessionInitializer initializer,
122             final SSLSessionVerifier verifier) {
123         this.sslContext = Args.notNull(sslContext, "SSL context");
124         this.sslBufferMode = sslBufferMode;
125         this.initializer = initializer;
126         this.verifier = verifier;
127         this.securePortStrategy = null;
128     }
129 
130     public H2ServerTlsStrategy(
131             final SSLContext sslContext,
132             final SSLSessionInitializer initializer,
133             final SSLSessionVerifier verifier) {
134         this(sslContext, (SSLBufferMode) null, initializer, verifier);
135     }
136 
137     public H2ServerTlsStrategy(final SSLContext sslContext, final SSLSessionVerifier verifier) {
138         this(sslContext, (SSLBufferMode) null, null, verifier);
139     }
140 
141     public H2ServerTlsStrategy(final SSLContext sslContext) {
142         this(sslContext, (SSLBufferMode) null, null, null);
143     }
144 
145     public H2ServerTlsStrategy() {
146         this(SSLContexts.createSystemDefault());
147     }
148 
149     private boolean isApplicable(final SocketAddress localAddress) {
150         return securePortStrategy == null || securePortStrategy.isSecure(localAddress);
151     }
152 
153     @Override
154     public void upgrade(
155             final TransportSecurityLayer tlsSession,
156             final NamedEndpoint endpoint,
157             final Object attachment,
158             final Timeout handshakeTimeout,
159             final FutureCallback<TransportSecurityLayer> callback) {
160         tlsSession.startTls(
161                 sslContext,
162                 endpoint,
163                 sslBufferMode,
164                 H2TlsSupport.enforceRequirements(attachment, initializer),
165                 verifier,
166                 handshakeTimeout,
167                 callback);
168     }
169 
170     /**
171      * @deprecated use {@link #upgrade(TransportSecurityLayer, NamedEndpoint, Object, Timeout, FutureCallback)}
172      */
173     @Deprecated
174     @Override
175     public boolean upgrade(
176             final TransportSecurityLayer tlsSession,
177             final HttpHost host,
178             final SocketAddress localAddress,
179             final SocketAddress remoteAddress,
180             final Object attachment,
181             final Timeout handshakeTimeout) {
182         if (isApplicable(localAddress)) {
183             upgrade(tlsSession, host, attachment, handshakeTimeout, null);
184             return true;
185         }
186         return false;
187     }
188 }